Merge remote-tracking branch 'upstream-restricted/pr/503' into development-restricted-proposed
diff --git a/.gitignore b/.gitignore
index fee2a31..0f95b4c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,20 @@
+# Random seed file created by test scripts and sample programs
+seedfile
+
+# CMake build artifacts:
CMakeCache.txt
CMakeFiles
CTestTestfile.cmake
cmake_install.cmake
Testing
+# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
+*.dir/
+# MSVC files generated by CMake:
+/*.sln
+/*.vcxproj
+/*.filters
+
+# Test coverage build artifacts:
Coverage
*.gcno
*.gcda
@@ -10,16 +22,33 @@
# generated by scripts/memory.sh
massif-*
-# MSVC files generated by CMake:
-/*.sln
-/*.vcxproj
-/*.filters
-
# MSVC build artifacts:
*.exe
*.pdb
*.ilk
*.lib
+# Python build artifacts:
+*.pyc
+
# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
*.dir/
+
+# Visual Studio artifacts
+/visualc/VS2010/.localhistory/
+/visualc/VS2010/.vs/
+/visualc/VS2010/Debug/
+/visualc/VS2010/Release/
+/visualc/VS2010/*.vcxproj.filters
+/visualc/VS2010/*.vcxproj.user
+
+# Generated documentation:
+/apidoc
+
+# Editor navigation files:
+/GPATH
+/GRTAGS
+/GSYMS
+/GTAGS
+/TAGS
+/tags
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..33ccb13
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,4 @@
+[submodule "crypto"]
+ path = crypto
+ url = https://github.com/ARMmbed/mbed-crypto
+ branch = development
diff --git a/.globalrc b/.globalrc
new file mode 100644
index 0000000..01b2ea5
--- /dev/null
+++ b/.globalrc
@@ -0,0 +1,3 @@
+default:\
+ :langmap=c\:.c.h.function:\
+
diff --git a/.pylintrc b/.pylintrc
new file mode 100644
index 0000000..037717e
--- /dev/null
+++ b/.pylintrc
@@ -0,0 +1,52 @@
+[BASIC]
+# We're ok with short funtion argument names.
+# [invalid-name]
+argument-rgx=[a-z_][a-z0-9_]*$
+
+# Allow filter and map.
+# [bad-builtin]
+bad-functions=input
+
+# We prefer docstrings, but we don't require them on all functions.
+# Require them only on long functions (for some value of long).
+# [missing-docstring]
+docstring-min-length=10
+
+# Allow longer methods than the default.
+# [invalid-name]
+method-rgx=[a-z_][a-z0-9_]{2,35}$
+
+# Allow module names containing a dash (but no underscore or uppercase letter).
+# They are whole programs, not meant to be included by another module.
+# [invalid-name]
+module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+)|[a-z][-0-9a-z]+)$
+
+# Some functions don't need docstrings.
+# [missing-docstring]
+no-docstring-rgx=(run_)?main$
+
+# We're ok with short local or global variable names.
+# [invalid-name]
+variable-rgx=[a-z_][a-z0-9_]*$
+
+[DESIGN]
+# Allow more than the default 7 attributes.
+# [too-many-instance-attributes]
+max-attributes=15
+
+[FORMAT]
+# Allow longer modules than the default recommended maximum.
+# [too-many-lines]
+max-module-lines=2000
+
+[MESSAGES CONTROL]
+disable=
+
+[REPORTS]
+# Don't diplay statistics. Just the facts.
+reports=no
+
+[VARIABLES]
+# Allow unused variables if their name starts with an underscore.
+# [unused-argument]
+dummy-variables-rgx=_.*
diff --git a/.travis.yml b/.travis.yml
index 4d23652..c45d408 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -4,6 +4,13 @@
- gcc
sudo: false
cache: ccache
+
+# blocklist
+branches:
+ except:
+ - development-psa
+ - coverity_scan
+
script:
- tests/scripts/recursion.pl library/*.c
- tests/scripts/check-generated-files.sh
@@ -24,7 +31,8 @@
- tests/scripts/travis-log-failure.sh
env:
global:
- secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k="
+ - SEED=1
+ - secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k="
addons:
apt:
@@ -34,7 +42,7 @@
coverity_scan:
project:
name: "ARMmbed/mbedtls"
- notification_email: p.j.bakker@polarssl.org
+ notification_email: simon.butcher@arm.com
build_command_prepend:
build_command: make
branch_pattern: coverity_scan
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4dbe76e..67ec7cc 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -5,6 +5,8 @@
project("mbed TLS" C)
endif()
+set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
+
option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library." OFF)
option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF)
@@ -12,6 +14,9 @@
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
+# export the submodule flag so that crypto knows it's being built as a submodule
+set( USE_CRYPTO_SUBMODULE ON )
+
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}")
string(REGEX MATCH "IAR" CMAKE_COMPILER_IS_IAR "${CMAKE_C_COMPILER_ID}")
@@ -36,9 +41,27 @@
"${NULL_ENTROPY_WARN_L3}"
"${WARNING_BORDER}")
+set(CTR_DRBG_128_BIT_KEY_WARN_L1 "**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n")
+set(CTR_DRBG_128_BIT_KEY_WARN_L2 "**** Using 128-bit keys for CTR_DRBG limits the security of generated\n")
+set(CTR_DRBG_128_BIT_KEY_WARN_L3 "**** keys and operations that use random values generated to 128-bit security\n")
+
+set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}"
+ "${CTR_DRBG_128_BIT_KEY_WARN_L1}"
+ "${CTR_DRBG_128_BIT_KEY_WARN_L2}"
+ "${CTR_DRBG_128_BIT_KEY_WARN_L3}"
+ "${WARNING_BORDER}")
+
+find_package(PythonInterp)
find_package(Perl)
if(PERL_FOUND)
+ # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
+ execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ RESULT_VARIABLE result)
+ if(${result} EQUAL 0)
+ message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING})
+ endif()
+
# If NULL Entropy is configured, display an appropriate warning
execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY
RESULT_VARIABLE result)
@@ -69,8 +92,14 @@
# to the corresponding path in the source directory.
function(link_to_source base_name)
# Get OS dependent path to use in `execute_process`
- file(TO_NATIVE_PATH "${CMAKE_CURRENT_BINARY_DIR}/${base_name}" link)
- file(TO_NATIVE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}" target)
+ if (CMAKE_HOST_WIN32)
+ #mklink is an internal command of cmd.exe it can only work with \
+ string(REPLACE "/" "\\" link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
+ string(REPLACE "/" "\\" target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
+ else()
+ set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
+ set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
+ endif()
if (NOT EXISTS ${link})
if (CMAKE_HOST_UNIX)
@@ -100,7 +129,10 @@
# note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION
execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
OUTPUT_VARIABLE GCC_VERSION)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings")
+ if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla")
+ endif()
if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op")
endif()
@@ -117,7 +149,7 @@
endif(CMAKE_COMPILER_IS_GNU)
if(CMAKE_COMPILER_IS_CLANG)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla")
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
@@ -149,8 +181,6 @@
set(LIB_INSTALL_DIR lib)
endif()
-include_directories(include/)
-
if(ENABLE_ZLIB_SUPPORT)
find_package(ZLIB)
@@ -161,6 +191,8 @@
add_subdirectory(library)
add_subdirectory(include)
+add_subdirectory(crypto/library)
+add_subdirectory(crypto/include)
if(ENABLE_PROGRAMS)
add_subdirectory(programs)
@@ -174,6 +206,7 @@
enable_testing()
add_subdirectory(tests)
+ add_subdirectory(crypto/tests)
# additional convenience targets for Unix only
if(UNIX)
@@ -204,13 +237,13 @@
COMMAND mv DartConfiguration.tcl.bak DartConfiguration.tcl
)
endif(UNIX)
-endif()
-# Make scripts needed for testing available in an out-of-source build.
-if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
- link_to_source(scripts)
- # Copy (don't link) DartConfiguration.tcl, needed for memcheck, to
- # keep things simple with the sed commands in the memcheck target.
- configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl
- ${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY)
+ # Make scripts needed for testing available in an out-of-source build.
+ if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
+ link_to_source(scripts)
+ # Copy (don't link) DartConfiguration.tcl, needed for memcheck, to
+ # keep things simple with the sed commands in the memcheck target.
+ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl
+ ${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY)
+ endif()
endif()
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 3433ed0..18851db 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -50,15 +50,15 @@
2. All bug fixes that correct a defect that is also present in an LTS branch must be backported to that LTS branch. If a bug fix introduces a change to the API such as a new function, the fix should be reworked to avoid the API change. API changes without very strong justification are unlikely to be accepted.
- 3. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be addtional test cases or quality improvements such as changes to build or test scripts.
+ 3. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be additional test cases or quality improvements such as changes to build or test scripts.
It would be highly appreciated if contributions are backported to LTS branches in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development) by contributors.
Currently maintained LTS branches are:
-1. [mbedtls-2.1](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.1)
+1. [mbedtls-2.7](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.7)
-2. [mbedtls-2.7](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.7)
+1. [mbedtls-2.16](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16)
Tests
diff --git a/ChangeLog b/ChangeLog
index bed180d..5032be6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,6 @@
mbed TLS ChangeLog (Sorted per branch, date)
-= mbed TLS 2.x.x branch released xxxx-xx-xx
+= mbed TLS x.x.x branch released xxxx-xx-xx
Security
* When writing a private EC key, use a constant size for the private
@@ -9,6 +9,526 @@
about 1 bit of information on average and could cause the value to be
1 byte too large for the output buffer.
+Features
+ * Add the Any Policy certificate policy oid, as defined in
+ rfc 5280 section 4.2.1.4.
+ * It is now possible to use NIST key wrap mode via the mbedtls_cipher API.
+ Contributed by Jack Lloyd and Fortanix Inc.
+ * Add the Wi-SUN Field Area Network (FAN) device extended key usage.
+ * Add the oid certificate policy x509 extension.
+ * It is now possible to perform RSA PKCS v1.5 signatures with RIPEMD-160 digest.
+ Contributed by Jack Lloyd and Fortanix Inc.
+ * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
+ and the used tls-prf.
+ * Add public API for tls-prf function, according to requested enum.
+ * Add support for parsing otherName entries in the Subject Alternative Name
+ X.509 certificate extension, specifically type hardware module name,
+ as defined in RFC 4108 section 5.
+ * Add support for parsing certificate policies extension, as defined in
+ RFC 5280 section 4.2.1.4. Currently, only the "Any Policy" policy is
+ supported.
+ * List all SAN types in the subject_alt_names field of the certificate.
+ Resolves #459.
+ * Add support for draft-05 of the Connection ID extension, as specified
+ in https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05.
+ The Connection ID extension allows to keep DTLS connections beyond the
+ lifetime of the underlying transport by adding a connection identifier
+ to the DTLS record header. This identifier can be used to associated an
+ incoming record with the correct connection data even after the peer has
+ changed its IP or port. The feature is enabled at compile-time by setting
+ MBEDTLS_SSL_DTLS_CONNECTION_ID (disabled by default), and at run-time
+ through the new APIs mbedtls_ssl_conf_cid() and mbedtls_ssl_set_cid().
+
+API Changes
+ * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
+ and the used tls-prf.
+ * Add public API for tls-prf function, according to requested enum.
+ * Add DER-encoded test CRTs to library/certs.c, allowing
+ the example programs ssl_server2 and ssl_client2 to be run
+ if MBEDTLS_FS_IO and MBEDTLS_PEM_PARSE_C are unset. Fixes #2254.
+ * The HAVEGE state type now uses uint32_t elements instead of int.
+
+Bugfix
+ * Fix private key DER output in the key_app_writer example. File contents
+ were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
+ Christian Walther in #2239.
+ * Fix potential memory leak in X.509 self test. Found and fixed by
+ Junhwan Park, #2106.
+ * Reduce stack usage of hkdf tests. Fixes #2195.
+ * Fix 1-byte buffer overflow in mbedtls_mpi_write_string() when
+ used with negative inputs. Found by Guido Vranken in #2404. Credit to
+ OSS-Fuzz.
+ * Fix bugs in the AEAD test suite which would be exposed by ciphers which
+ either used both encrypt and decrypt key schedules, or which perform padding.
+ GCM and CCM were not affected. Fixed by Jack Lloyd.
+ * Fix incorrect default port number in ssl_mail_client example's usage.
+ Found and fixed by irwir. #2337
+ * Add psa_util.h to test/cpp_dummy_build to fix build_default_make_gcc_and_cxx.
+ Fixed by Peter Kolbus (Garmin). #2579
+ * Add missing parentheses around parameters in the definition of the
+ public macro MBEDTLS_X509_ID_FLAG. This could lead to invalid evaluation
+ in case operators binding less strongly than subtraction were used
+ for the parameter.
+ * Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl
+ sni entry parameter. Reported by inestlerode in #560.
+ * Set the next sequence of the subject_alt_name to NULL when deleting
+ sequence on failure. Found and fix suggested by Philippe Antoine.
+ Credit to OSS-Fuzz.
+ * Fix missing bounds checks in X.509 parsing functions that could
+ lead to successful parsing of ill-formed X.509 CRTs. Fixes #2437.
+ * Fix multiple X.509 functions previously returning ASN.1 low-level error
+ codes to always wrap these codes into X.509 high level error codes before
+ returning. Fixes #2431.
+ * Fix to allow building test suites with any warning that detects unused
+ functions. Fixes #1628.
+ * Fix typo in net_would_block(). Fixes #528 reported by github-monoculture.
+ * Remove redundant include file in timing.c. Fixes #2640 reported by irwir.
+ * Fix build failure when building with mingw on Windows by including
+ stdarg.h where needed. Fixes #2656.
+ * Fix Visual Studio Release x64 build configuration by inheriting
+ PlatformToolset from the project configuration. Fixes #1430 reported by
+ irwir.
+ * Enable Suite B with subset of ECP curves. Make sure the code compiles even
+ if some curves are not defined. Fixes #1591 reported by dbedev.
+ * Fix misuse of signed arithmetic in the HAVEGE module. #2598
+ * Avoid use of statically sized stack buffers for certificate writing.
+ This previously limited the maximum size of DER encoded certificates
+ in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631.
+ * Fix partial zeroing in x509_get_other_name. Found and fixed by ekse, #2716.
+
+Changes
+ * Server's RSA certificate in certs.c was SHA-1 signed. In the default
+ mbedTLS configuration only SHA-2 signed certificates are accepted.
+ This certificate is used in the demo server programs, which lead the
+ client programs to fail at the peer's certificate verification
+ due to an unacceptable hash signature. The certificate has been
+ updated to one that is SHA-256 signed. Fix contributed by
+ Illya Gerasymchuk.
+ * Return from various debugging routines immediately if the
+ provided SSL context is unset.
+ * Remove dead code from bignum.c in the default configuration.
+ Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
+ * Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh.
+ Contributed by Peter Kolbus (Garmin).
+ * Change wording in the `mbedtls_ssl_conf_max_frag_len()`'s documentation to
+ improve clarity. Fixes #2258.
+ * Replace multiple uses of MD2 by SHA-256 in X.509 test suite. Fixes #821.
+ * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h
+ suggests). #2671
+ * Make `make clean` clean all programs always. Fixes #1862.
+ * Add a Dockerfile and helper scripts (all-in-docker.sh, basic-in-docker.sh,
+ docker-env.sh) to simplify running test suites on a Linux host. Contributed
+ by Peter Kolbus (Garmin).
+ * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
+ Ashley Duncan in #2609.
+ * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
+ test runs without variability. Contributed by Philippe Antoine (Catena
+ cyber) in #2681.
+ * Extended .gitignore to ignore Visual Studio artifacts. Fixed by ConfusedSushi.
+ * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
+ Ashley Duncan in #2609.
+ * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
+ test runs without variability. Contributed by Philippe Antoine (Catena
+ cyber) in #2681.
+ * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
+ Ashley Duncan in #2609.
+ * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
+ test runs without variability. Contributed by Philippe Antoine (Catena
+ cyber) in #2681.
+ * Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz.
+ Contributed by Philippe Antoine (Catena cyber).
+
+= mbed TLS 2.17.0 branch released 2019-03-19
+
+Features
+ * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`
+ which allows copy-less parsing of DER encoded X.509 CRTs,
+ at the cost of additional lifetime constraints on the input
+ buffer, but at the benefit of reduced RAM consumption.
+ * Add a new function mbedtls_asn1_write_named_bitstring() to write ASN.1
+ named bitstring in DER as required by RFC 5280 Appendix B.
+ * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
+ from the default list (enabled by default). See
+ https://sweet32.info/SWEET32_CCS16.pdf.
+
+API Changes
+ * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`.
+ See the Features section for more information.
+ * Allow to opt in to the removal the API mbedtls_ssl_get_peer_cert()
+ for the benefit of saving RAM, by disabling the new compile-time
+ option MBEDTLS_SSL_KEEP_PEER_CERTIFICATE (enabled by default for
+ API stability). Disabling this option makes mbedtls_ssl_get_peer_cert()
+ always return NULL, and removes the peer_cert field from the
+ mbedtls_ssl_session structure which otherwise stores the peer's
+ certificate.
+
+Security
+ * Make mbedtls_ecdh_get_params return an error if the second key
+ belongs to a different group from the first. Before, if an application
+ passed keys that belonged to different group, the first key's data was
+ interpreted according to the second group, which could lead to either
+ an error or a meaningless output from mbedtls_ecdh_get_params. In the
+ latter case, this could expose at most 5 bits of the private key.
+
+Bugfix
+ * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined
+ when MBEDTLS_ECP_ALT is defined. Reported by jwhui. Fixes #2242.
+ * Run the AD too long test only if MBEDTLS_CCM_ALT is not defined.
+ Raised as a comment in #1996.
+ * Reduce the stack consumption of mbedtls_mpi_fill_random() which could
+ previously lead to a stack overflow on constrained targets.
+ * Add `MBEDTLS_SELF_TEST` for the mbedtls_self_test functions
+ in the header files, which missed the precompilation check. #971
+ * Fix returning the value 1 when mbedtls_ecdsa_genkey failed.
+ * Remove a duplicate #include in a sample program. Fixed by Masashi Honma #2326.
+ * Remove the mbedtls namespacing from the header file, to fix a "file not found"
+ build error. Fixed by Haijun Gu #2319.
+ * Fix signed-to-unsigned integer conversion warning
+ in X.509 module. Fixes #2212.
+ * Reduce stack usage of `mpi_write_hlp()` by eliminating recursion.
+ Fixes #2190.
+ * Fix false failure in all.sh when backup files exist in include/mbedtls
+ (e.g. config.h.bak). Fixed by Peter Kolbus (Garmin) #2407.
+ * Ensure that unused bits are zero when writing ASN.1 bitstrings when using
+ mbedtls_asn1_write_bitstring().
+ * Fix issue when writing the named bitstrings in KeyUsage and NsCertType
+ extensions in CSRs and CRTs that caused these bitstrings to not be encoded
+ correctly as trailing zeroes were not accounted for as unused bits in the
+ leading content octet. Fixes #1610.
+
+Changes
+ * Reduce RAM consumption during session renegotiation by not storing
+ the peer CRT chain and session ticket twice.
+ * Include configuration file in all header files that use configuration,
+ instead of relying on other header files that they include.
+ Inserted as an enhancement for #1371
+ * Add support for alternative CSR headers, as used by Microsoft and defined
+ in RFC 7468. Found by Michael Ernst. Fixes #767.
+ * Correct many misspellings. Fixed by MisterDA #2371.
+ * Provide an abstraction of vsnprintf to allow alternative implementations
+ for platforms that don't provide it. Based on contributions by Joris Aerts
+ and Nathaniel Wesley Filardo.
+ * Fix clobber list in MIPS assembly for large integer multiplication.
+ Previously, this could lead to functionally incorrect assembly being
+ produced by some optimizing compilers, showing up as failures in
+ e.g. RSA or ECC signature operations. Reported in #1722, fix suggested
+ by Aurelien Jarno and submitted by Jeffrey Martin.
+ * Reduce the complexity of the timing tests. They were assuming more than the
+ underlying OS actually guarantees.
+ * Fix configuration queries in ssl-opt.h. #2030
+ * Ensure that ssl-opt.h can be run in OS X. #2029
+ * Re-enable certain interoperability tests in ssl-opt.sh which had previously
+ been disabled for lack of a sufficiently recent version of GnuTLS on the CI.
+ * Ciphersuites based on 3DES now have the lowest priority by default when
+ they are enabled.
+
+= mbed TLS 2.16.0 branch released 2018-12-21
+
+Features
+ * Add a new config.h option of MBEDTLS_CHECK_PARAMS that enables validation
+ of parameters in the API. This allows detection of obvious misuses of the
+ API, such as passing NULL pointers. The API of existing functions hasn't
+ changed, but requirements on parameters have been made more explicit in
+ the documentation. See the corresponding API documentation for each
+ function to see for which parameter values it is defined. This feature is
+ disabled by default. See its API documentation in config.h for additional
+ steps you have to take when enabling it.
+
+API Changes
+ * The following functions in the random generator modules have been
+ deprecated and replaced as shown below. The new functions change
+ the return type from void to int to allow returning error codes when
+ using MBEDTLS_<MODULE>_ALT for the underlying AES or message digest
+ primitive. Fixes #1798.
+ mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret()
+ mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret()
+ * Extend ECDH interface to enable alternative implementations.
+ * Deprecate error codes of the form MBEDTLS_ERR_xxx_INVALID_KEY_LENGTH for
+ ARIA, CAMELLIA and Blowfish. These error codes will be replaced by
+ the more generic per-module error codes MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
+ * Additional parameter validation checks have been added for the following
+ modules - AES, ARIA, Blowfish, CAMELLIA, CCM, GCM, DHM, ECP, ECDSA, ECDH,
+ ECJPAKE, SHA, Chacha20 and Poly1305, cipher, pk, RSA, and MPI.
+ Where modules have had parameter validation added, existing parameter
+ checks may have changed. Some modules, such as Chacha20 had existing
+ parameter validation whereas other modules had little. This has now been
+ changed so that the same level of validation is present in all modules, and
+ that it is now optional with the MBEDTLS_CHECK_PARAMS flag which by default
+ is off. That means that checks which were previously present by default
+ will no longer be.
+
+New deprecations
+ * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update
+ in favor of functions that can return an error code.
+
+Bugfix
+ * Fix for Clang, which was reporting a warning for the bignum.c inline
+ assembly for AMD64 targets creating string literals greater than those
+ permitted by the ISO C99 standard. Found by Aaron Jones. Fixes #482.
+ * Fix runtime error in `mbedtls_platform_entropy_poll()` when run
+ through qemu user emulation. Reported and fix suggested by randombit
+ in #1212. Fixes #1212.
+ * Fix an unsafe bounds check when restoring an SSL session from a ticket.
+ This could lead to a buffer overflow, but only in case ticket authentication
+ was broken. Reported and fix suggested by Guido Vranken in #659.
+ * Add explicit integer to enumeration type casts to example program
+ programs/pkey/gen_key which previously led to compilation failure
+ on some toolchains. Reported by phoenixmcallister. Fixes #2170.
+ * Fix double initialization of ECC hardware that made some accelerators
+ hang.
+ * Clarify documentation of mbedtls_ssl_set_own_cert() regarding the absence
+ of check for certificate/key matching. Reported by Attila Molnar, #507.
+
+ = mbed TLS 2.15.1 branch released 2018-11-30
+
+ Changes
+ * Update the Mbed Crypto submodule to version 0.1.0b2.
+
+ = mbed TLS 2.15.0 branch released 2018-11-23
+
+ Features
+ * Add an experimental build option, USE_CRYPTO_SUBMODULE, to enable use of
+ Mbed Crypto as the source of the cryptography implementation.
+ * Add an experimental configuration option, MBEDTLS_PSA_CRYPTO_C, to enable
+ the PSA Crypto API from Mbed Crypto when additionally used with the
+ USE_CRYPTO_SUBMODULE build option.
+
+ Changes
+ * Add unit tests for AES-GCM when called through mbedtls_cipher_auth_xxx()
+ from the cipher abstraction layer. Fixes #2198.
+
+= mbed TLS 2.14.1 branch released 2018-11-30
+
+Security
+ * Fix timing variations and memory access variations in RSA PKCS#1 v1.5
+ decryption that could lead to a Bleichenbacher-style padding oracle
+ attack. In TLS, this affects servers that accept ciphersuites based on
+ RSA decryption (i.e. ciphersuites whose name contains RSA but not
+ (EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute), Robert Gillham
+ (University of Adelaide), Daniel Genkin (University of Michigan),
+ Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom
+ (University of Adelaide, Data61). The attack is described in more detail
+ in the paper available here: http://cat.eyalro.net/cat.pdf CVE-2018-19608
+ * In mbedtls_mpi_write_binary(), don't leak the exact size of the number
+ via branching and memory access patterns. An attacker who could submit
+ a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing
+ of the decryption and not its result could nonetheless decrypt RSA
+ plaintexts and forge RSA signatures. Other asymmetric algorithms may
+ have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham,
+ Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom.
+ * Wipe sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG
+ modules.
+
+API Changes
+ * The new functions mbedtls_ctr_drbg_update_ret() and
+ mbedtls_hmac_drbg_update_ret() are similar to mbedtls_ctr_drbg_update()
+ and mbedtls_hmac_drbg_update() respectively, but the new functions
+ report errors whereas the old functions return void. We recommend that
+ applications use the new functions.
+
+= mbed TLS 2.14.0 branch released 2018-11-19
+
+Security
+ * Fix overly strict DN comparison when looking for CRLs belonging to a
+ particular CA. This previously led to ignoring CRLs when the CRL's issuer
+ name and the CA's subject name differed in their string encoding (e.g.,
+ one using PrintableString and the other UTF8String) or in the choice of
+ upper and lower case. Reported by Henrik Andersson of Bosch GmbH in issue
+ #1784.
+ * Fix a flawed bounds check in server PSK hint parsing. In case the
+ incoming message buffer was placed within the first 64KiB of address
+ space and a PSK-(EC)DHE ciphersuite was used, this allowed an attacker
+ to trigger a memory access up to 64KiB beyond the incoming message buffer,
+ potentially leading to an application crash or information disclosure.
+ * Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The
+ previous settings for the number of rounds made it practical for an
+ adversary to construct non-primes that would be erroneously accepted as
+ primes with high probability. This does not have an impact on the
+ security of TLS, but can matter in other contexts with numbers chosen
+ potentially by an adversary that should be prime and can be validated.
+ For example, the number of rounds was enough to securely generate RSA key
+ pairs or Diffie-Hellman parameters, but was insufficient to validate
+ Diffie-Hellman parameters properly.
+ See "Prime and Prejudice" by by Martin R. Albrecht and Jake Massimo and
+ Kenneth G. Paterson and Juraj Somorovsky.
+
+Features
+ * Add support for temporarily suspending expensive ECC computations after
+ some configurable amount of operations. This is intended to be used in
+ constrained, single-threaded systems where ECC is time consuming and can
+ block other operations until they complete. This is disabled by default,
+ but can be enabled by MBEDTLS_ECP_RESTARTABLE at compile time and
+ configured by mbedtls_ecp_set_max_ops() at runtime. It applies to the new
+ xxx_restartable functions in ECP, ECDSA, PK and X.509 (CRL not supported
+ yet), and to existing functions in ECDH and SSL (currently only
+ implemented client-side, for ECDHE-ECDSA ciphersuites in TLS 1.2,
+ including client authentication).
+ * Add support for Arm CPU DSP extensions to accelerate asymmetric key
+ operations. On CPUs where the extensions are available, they can accelerate
+ MPI multiplications used in ECC and RSA cryptography. Contributed by
+ Aurelien Jarno.
+ * Extend RSASSA-PSS signature to allow a smaller salt size. Previously, PSS
+ signature always used a salt with the same length as the hash, and returned
+ an error if this was not possible. Now the salt size may be up to two bytes
+ shorter. This allows the library to support all hash and signature sizes
+ that comply with FIPS 186-4, including SHA-512 with a 1024-bit key.
+ * Add support for 128-bit keys in CTR_DRBG. Note that using keys shorter
+ than 256 bits limits the security of generated material to 128 bits.
+
+API Changes
+ * Add a common error code of `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` for
+ a feature that is not supported by underlying alternative
+ implementations implementing cryptographic primitives. This is useful for
+ hardware accelerators that don't implement all options or features.
+
+New deprecations
+ * All module specific errors following the form
+ MBEDTLS_ERR_XXX_FEATURE_UNAVAILABLE that indicate a feature is not
+ supported are deprecated and are now replaced by the new equivalent
+ platform error.
+ * All module specific generic hardware acceleration errors following the
+ form MBEDTLS_ERR_XXX_HW_ACCEL_FAILED that are deprecated and are replaced
+ by the equivalent plaform error.
+ * Deprecate the function mbedtls_mpi_is_prime() in favor of
+ mbedtls_mpi_is_prime_ext() which allows specifying the number of
+ Miller-Rabin rounds.
+
+Bugfix
+ * Fix wrong order of freeing in programs/ssl/ssl_server2 example
+ application leading to a memory leak in case both
+ MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE are set.
+ Fixes #2069.
+ * Fix a bug in the update function for SSL ticket keys which previously
+ invalidated keys of a lifetime of less than a 1s. Fixes #1968.
+ * Fix failure in hmac_drbg in the benchmark sample application, when
+ MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095
+ * Fix a bug in the record decryption routine ssl_decrypt_buf()
+ which lead to accepting properly authenticated but improperly
+ padded records in case of CBC ciphersuites using Encrypt-then-MAC.
+ * Fix memory leak and freeing without initialization in the example
+ program programs/x509/cert_write. Fixes #1422.
+ * Ignore IV in mbedtls_cipher_set_iv() when the cipher mode is
+ MBEDTLS_MODE_ECB. Found by ezdevelop. Fixes #1091.
+ * Zeroize memory used for buffering or reassembling handshake messages
+ after use.
+ * Use `mbedtls_platform_zeroize()` instead of `memset()` for zeroization
+ of sensitive data in the example programs aescrypt2 and crypt_and_hash.
+ * Change the default string format used for various X.509 DN attributes to
+ UTF8String. Previously, the use of the PrintableString format led to
+ wildcards and non-ASCII characters being unusable in some DN attributes.
+ Reported by raprepo in #1860 and by kevinpt in #468. Fix contributed by
+ Thomas-Dee.
+ * Fix compilation failure for configurations which use compile time
+ replacements of standard calloc/free functions through the macros
+ MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO.
+ Reported by ole-de and ddhome2006. Fixes #882, #1642 and #1706.
+
+Changes
+ * Removed support for Yotta as a build tool.
+ * Add tests for session resumption in DTLS.
+ * Close a test gap in (D)TLS between the client side and the server side:
+ test the handling of large packets and small packets on the client side
+ in the same way as on the server side.
+ * Change the dtls_client and dtls_server samples to work by default over
+ IPv6 and optionally by a build option over IPv4.
+ * Change the use of Windows threading to use Microsoft Visual C++ runtime
+ calls, rather than Win32 API calls directly. This is necessary to avoid
+ conflict with C runtime usage. Found and fixed by irwir.
+ * Remember the string format of X.509 DN attributes when replicating
+ X.509 DNs. Previously, DN attributes were always written in their default
+ string format (mostly PrintableString), which could lead to CRTs being
+ created which used PrintableStrings in the issuer field even though the
+ signing CA used UTF8Strings in its subject field; while X.509 compliant,
+ such CRTs were rejected in some applications, e.g. some versions of
+ Firefox, curl and GnuTLS. Reported in #1033 by Moschn. Fix contributed by
+ Thomas-Dee.
+ * Improve documentation of mbedtls_ssl_get_verify_result().
+ Fixes #517 reported by github-monoculture.
+ * Add MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR flag to mbedtls_mpi_gen_prime() and
+ use it to reduce error probability in RSA key generation to levels mandated
+ by FIPS-186-4.
+
+= mbed TLS 2.13.1 branch released 2018-09-06
+
+API Changes
+ * Extend the platform module with an abstraction mbedtls_platform_gmtime_r()
+ whose implementation should behave as a thread-safe version of gmtime().
+ This allows users to configure such an implementation at compile time when
+ the target system cannot be deduced automatically, by setting the option
+ MBEDTLS_PLATFORM_GMTIME_R_ALT. At this stage Mbed TLS is only able to
+ automatically select implementations for Windows and POSIX C libraries.
+
+Bugfix
+ * Fix build failures on platforms where only gmtime() is available but
+ neither gmtime_r() nor gmtime_s() are present. Fixes #1907.
+
+= mbed TLS 2.13.0 branch released 2018-08-31
+
+Security
+ * Fix an issue in the X.509 module which could lead to a buffer overread
+ during certificate extensions parsing. In case of receiving malformed
+ input (extensions length field equal to 0), an illegal read of one byte
+ beyond the input buffer is made. Found and analyzed by Nathan Crandall.
+
+Features
+ * Add support for fragmentation of outgoing DTLS handshake messages. This
+ is controlled by the maximum fragment length as set locally or negotiated
+ with the peer, as well as by a new per-connection MTU option, set using
+ mbedtls_ssl_set_mtu().
+ * Add support for auto-adjustment of MTU to a safe value during the
+ handshake when flights do not get through (RFC 6347, section 4.1.1.1,
+ last paragraph).
+ * Add support for packing multiple records within a single datagram,
+ enabled by default.
+ * Add support for buffering out-of-order handshake messages in DTLS.
+ The maximum amount of RAM used for this can be controlled by the
+ compile-time constant MBEDTLS_SSL_DTLS_MAX_BUFFERING defined
+ in mbedtls/config.h.
+
+API Changes
+ * Add function mbedtls_ssl_set_datagram_packing() to configure
+ the use of datagram packing (enabled by default).
+
+Bugfix
+ * Fix a potential memory leak in mbedtls_ssl_setup() function. An allocation
+ failure in the function could lead to other buffers being leaked.
+ * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
+ MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890
+ * Fix a memory leak in ecp_mul_comb() if ecp_precompute_comb() fails.
+ Fix contributed by Espressif Systems.
+ * Add ecc extensions only if an ecc based ciphersuite is used.
+ This improves compliance to RFC 4492, and as a result, solves
+ interoperability issues with BouncyCastle. Raised by milenamil in #1157.
+ * Replace printf with mbedtls_printf in the ARIA module. Found by
+ TrinityTonic in #1908.
+ * Fix potential use-after-free in mbedtls_ssl_get_max_frag_len()
+ and mbedtls_ssl_get_record_expansion() after a session reset. Fixes #1941.
+ * Fix a bug that caused SSL/TLS clients to incorrectly abort the handshake
+ with TLS versions 1.1 and earlier when the server requested authentication
+ without providing a list of CAs. This was due to an overly strict bounds
+ check in parsing the CertificateRequest message,
+ introduced in Mbed TLS 2.12.0. Fixes #1954.
+ * Fix a miscalculation of the maximum record expansion in
+ mbedtls_ssl_get_record_expansion() in case of ChachaPoly ciphersuites,
+ or CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913, #1914.
+ * Fix undefined shifts with negative values in certificates parsing
+ (found by Catena cyber using oss-fuzz)
+ * Fix memory leak and free without initialization in pk_encrypt
+ and pk_decrypt example programs. Reported by Brace Stout. Fixes #1128.
+ * Remove redundant else statement. Raised by irwir. Fixes #1776.
+
+Changes
+ * Copy headers preserving timestamps when doing a "make install".
+ Contributed by xueruini.
+ * Allow the forward declaration of public structs. Contributed by Dawid
+ Drozd. Fixes #1215 raised by randombit.
+ * Improve compatibility with some alternative CCM implementations by using
+ CCM test vectors from RAM.
+ * Add support for buffering of out-of-order handshake messages.
+ * Add warnings to the documentation of the HKDF module to reduce the risk
+ of misusing the mbedtls_hkdf_extract() and mbedtls_hkdf_expand()
+ functions. Fixes #1775. Reported by Brian J. Murray.
+
= mbed TLS 2.12.0 branch released 2018-07-25
Security
@@ -29,7 +549,7 @@
1.2, that allowed a local attacker, able to execute code on the local
machine as well as manipulate network packets, to partially recover the
plaintext of messages under some conditions by using a cache attack
- targetting an internal MD/SHA buffer. With TLS or if
+ targeting an internal MD/SHA buffer. With TLS or if
mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only worked if
the same secret (for example a HTTP Cookie) has been repeatedly sent over
connections manipulated by the attacker. Connections using GCM or CCM
@@ -915,7 +1435,7 @@
* Fix potential build failures related to the 'apidoc' target, introduced
in the previous patch release. Found by Robert Scheck. #390 #391
* Fix issue in Makefile that prevented building using armar. #386
- * Fix memory leak that occured only when ECJPAKE was enabled and ECDHE and
+ * Fix memory leak that occurred only when ECJPAKE was enabled and ECDHE and
ECDSA was disabled in config.h . The leak didn't occur by default.
* Fix an issue that caused valid certificates to be rejected whenever an
expired or not yet valid certificate was parsed before a valid certificate
@@ -1157,7 +1677,7 @@
You now need to link to all of them if you use TLS for example.
* All public identifiers moved to the mbedtls_* or MBEDTLS_* namespace.
Some names have been further changed to make them more consistent.
- Migration helpers scripts/rename.pl and include/mbedlts/compat-1.3.h are
+ Migration helpers scripts/rename.pl and include/mbedtls/compat-1.3.h are
provided. Full list of renamings in scripts/data_files/rename-1.3-2.0.txt
* Renamings of fields inside structures, not covered by the previous list:
mbedtls_cipher_info_t.key_length -> key_bitlen
@@ -1212,7 +1732,7 @@
* net_accept() gained new arguments for the size of the client_ip buffer.
* In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now
return void.
- * ecdsa_write_signature() gained an addtional md_alg argument and
+ * ecdsa_write_signature() gained an additional md_alg argument and
ecdsa_write_signature_det() was deprecated.
* pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA.
* Last argument of x509_crt_check_key_usage() and
@@ -2747,7 +3267,7 @@
not swapped on PadLock; also fixed compilation on older versions
of gcc (bug reported by David Barrett)
* Correctly handle the case in padlock_xcryptcbc() when input or
- ouput data is non-aligned by falling back to the software
+ output data is non-aligned by falling back to the software
implementation, as VIA Nehemiah cannot handle non-aligned buffers
* Fixed a memory leak in x509parse_crt() which was reported by Greg
Robson-Garth; some x509write.c fixes by Pascal Vizeli, thanks to
diff --git a/Makefile b/Makefile
index a0fcb2b..e898975 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,5 @@
-
+# export the submodule flag so that crypto knows it's being built as a submodule
+export USE_CRYPTO_SUBMODULE=1
DESTDIR=/usr/local
PREFIX=mbedtls_
@@ -19,16 +20,20 @@
tests: lib
$(MAKE) -C tests
+ $(MAKE) CRYPTO_INCLUDES:="-I../../include -I../include" -C crypto/tests
ifndef WINDOWS
install: no_test
mkdir -p $(DESTDIR)/include/mbedtls
- cp -r include/mbedtls $(DESTDIR)/include
+ cp -rp include/mbedtls $(DESTDIR)/include
mkdir -p $(DESTDIR)/lib
cp -RP library/libmbedtls.* $(DESTDIR)/lib
cp -RP library/libmbedx509.* $(DESTDIR)/lib
- cp -RP library/libmbedcrypto.* $(DESTDIR)/lib
+
+ mkdir -p $(DESTDIR)/include/psa
+ cp -rp crypto/include/psa $(DESTDIR)/include
+ cp -RP crypto/library/libmbedcrypto.* $(DESTDIR)/lib
mkdir -p $(DESTDIR)/bin
for p in programs/*/* ; do \
@@ -44,6 +49,8 @@
rm -f $(DESTDIR)/lib/libmbedtls.*
rm -f $(DESTDIR)/lib/libmbedx509.*
rm -f $(DESTDIR)/lib/libmbedcrypto.*
+ $(MAKE) -C crypto uninstall
+
for p in programs/*/* ; do \
if [ -x $$p ] && [ ! -d $$p ] ; \
@@ -61,9 +68,21 @@
NULL_ENTROPY_WARNING=\n$(WARNING_BORDER)$(NULL_ENTROPY_WARN_L1)$(NULL_ENTROPY_WARN_L2)$(NULL_ENTROPY_WARN_L3)$(WARNING_BORDER)
+WARNING_BORDER_LONG =**********************************************************************************\n
+CTR_DRBG_128_BIT_KEY_WARN_L1=**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined! ****\n
+CTR_DRBG_128_BIT_KEY_WARN_L2=**** Using 128-bit keys for CTR_DRBG limits the security of generated ****\n
+CTR_DRBG_128_BIT_KEY_WARN_L3=**** keys and operations that use random values generated to 128-bit security ****\n
+
+CTR_DRBG_128_BIT_KEY_WARNING=\n$(WARNING_BORDER_LONG)$(CTR_DRBG_128_BIT_KEY_WARN_L1)$(CTR_DRBG_128_BIT_KEY_WARN_L2)$(CTR_DRBG_128_BIT_KEY_WARN_L3)$(WARNING_BORDER_LONG)
+
# Post build steps
post_build:
ifndef WINDOWS
+
+ # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
+ -scripts/config.pl get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \
+ echo '$(CTR_DRBG_128_BIT_KEY_WARNING)'
+
# If NULL Entropy is configured, display an appropriate warning
-scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \
echo '$(NULL_ENTROPY_WARNING)'
@@ -73,12 +92,14 @@
$(MAKE) -C library clean
$(MAKE) -C programs clean
$(MAKE) -C tests clean
+ $(MAKE) -C crypto clean
ifndef WINDOWS
find . \( -name \*.gcno -o -name \*.gcda -o -name \*.info \) -exec rm {} +
endif
check: lib tests
$(MAKE) -C tests check
+ $(MAKE) CRYPTO_INCLUDES:="-I../../include -I../include" -C crypto/tests check
test: check
@@ -108,3 +129,12 @@
apidoc_clean:
rm -rf apidoc
endif
+
+## Editor navigation files
+C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function)
+tags: $(C_SOURCE_FILES)
+ ctags -o $@ $(C_SOURCE_FILES)
+TAGS: $(C_SOURCE_FILES)
+ etags -o $@ $(C_SOURCE_FILES)
+GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES)
+ ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc
diff --git a/README.md b/README.md
index 6345848..83b3234 100644
--- a/README.md
+++ b/README.md
@@ -11,46 +11,32 @@
Compiling
---------
-There are currently four active build systems used within Mbed TLS releases:
+There are currently three active build systems used within Mbed TLS releases:
-- yotta
- GNU Make
- CMake
- Microsoft Visual Studio (Microsoft Visual Studio 2010 or later)
The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically.
-Yotta, as a build system, is slightly different from the other build systems:
-
-- it provides a minimalistic configuration file by default
-- depending on the yotta target, features of Mbed OS may be used in examples and tests
-
The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls.
-### Yotta
+### Getting files form git: the Crypto submodule
-[yotta](http://yottabuild.org) is a package manager and build system developed by Mbed, and is the build system of Mbed OS 16.03. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing).
+The Mbed Crypto library now has its own git repository, which the Mbed TLS build systems are using as a git submodule in order to build libmbedcrypto as a subproject of Mbed TLS. When cloning the Mbed TLS repository, you need to make sure you're getting the submodule as well:
-Once yotta is installed, you can use it to download the latest version of Mbed TLS from the yotta registry with:
+ git clone --recursive https://github.com/ARMmbed/mbedtls.git
- yotta install mbedtls
+Alternatively, if you already have an existing clone of the Mbed TLS
+repository, you can initialise and update the submodule with:
-and build it with:
+ git submodule update --init crypto
- yotta build
+After these steps, your clone is now ready for building the libraries as detailed in the following sections.
-If, on the other hand, you already have a copy of Mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll first need to generate the yotta module by running:
+Note that building libmbedcrypto as a subproject of Mbed TLS does not enable the PSA-specific tests and utility programs. To use these programs, build Mbed Crypto as a standalone project.
- yotta/create-module.sh
-
-This should be executed from the root Mbed TLS project directory. This will create the yotta module in the `yotta/module` directory within it. You can then change to that directory and build as usual:
-
- cd yotta/module
- yotta build
-
-In any case, you'll probably want to set the yotta target before building unless it has already been set globally. For more information on using yotta, please consult the [yotta documentation](http://docs.yottabuild.org/).
-
-For more details on the yotta/Mbed OS edition of Mbed TLS, including example programs, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md).
+Please note that for now, Mbed TLS can only use versions of libmbedcrypto that were built as a subproject of Mbed TLS, not versions that were built standalone from the Mbed Crypto repository. This restriction will be removed in the future.
### Make
@@ -66,7 +52,7 @@
make check
-The tests need Perl to be built and run. If you don't have Perl installed, you can skip building the tests with:
+The tests need Python to be built and Perl to be run. If you don't have one of them installed, you can skip building the tests with:
make no_test
@@ -78,7 +64,7 @@
Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; compiler warning options may be overridden separately using `WARNING_CFLAGS`. Some directory-specific options (for example, `-I` directives) are still preserved.
-Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -W`), so it you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overriden from the command line.
+Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -Wextra`), so if you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overridden from the command line.
Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue.
@@ -96,7 +82,7 @@
make test
-The test suites need Perl to be built. If you don't have Perl installed, you'll want to disable the test suites with:
+The test suites need Python to be built and Perl to be executed. If you don't have one of these installed, you'll want to disable the test suites with:
cmake -DENABLE_TESTING=Off /path/to/mbedtls_source
@@ -160,21 +146,27 @@
your value of CFLAGS doesn't override the content provided by cmake (depending
on the build mode as seen above), it's merely prepended to it.
+#### Mbed TLS as a subproject
+
+Mbed TLS, like Mbed Crypto, supports being built as a CMake subproject. One can
+use `add_subdirectory()` from a parent CMake project to include Mbed TLS as a
+subproject.
+
### Microsoft Visual Studio
The build files for Microsoft Visual Studio are generated for Visual Studio 2010.
-The solution file `mbedTLS.sln` contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need a perl environment as well. However, the selftest program in `programs/test/` is still available.
+The solution file `mbedTLS.sln` contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need Python and perl environments as well. However, the selftest program in `programs/test/` is still available.
Example programs
----------------
-We've included example programs for a lot of different features and uses in `programs/`. Most programs only focus on a single feature or usage scenario, so keep that in mind when copying parts of the code.
+We've included example programs for a lot of different features and uses in [`programs/`](programs/README.md). Most programs only focus on a single feature or usage scenario, so keep that in mind when copying parts of the code.
Tests
-----
-Mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function.
+Mbed TLS includes an elaborate test suite in `tests/` that initially requires Python to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function.
For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available:
@@ -189,6 +181,7 @@
We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`
+
Porting Mbed TLS
----------------
diff --git a/circle.yml b/circle.yml
deleted file mode 100644
index eaed02a..0000000
--- a/circle.yml
+++ /dev/null
@@ -1,44 +0,0 @@
-# Purpose:
-# - To test and prove that a new commit in the mbed TLS repository builds
-# and integrates with mbed-os properly.
-# AND
-# - To test and prove that the current development head of mbed TLS builds
-# and integrates with the current mbed-os master branch.
-#
-# The script fetches all the prerequisites and builds the mbed TLS 'tls-client'
-# example. This script is triggered by every commit and once each night and the
-# exact behaviour depends on how it was triggered:
-# - If it is a nightly build then it builds the mbed TLS development head with
-# mbed-os master.
-# - If it was triggered by the commit, then it builds the example with mbed TLS
-# at that commit and mbed-os at the commit pointed by mbed-os.lib in the
-# example repository.
-
-test:
- override:
- - cd ../mbed-os-example-tls/tls-client/ && mbed compile -m K64F -t GCC_ARM -c
-
-dependencies:
- pre:
- # Install gcc-arm
- - cd .. && wget "https://launchpad.net/gcc-arm-embedded/4.9/4.9-2015-q3-update/+download/gcc-arm-none-eabi-4_9-2015q3-20150921-linux.tar.bz2"
- - cd .. && tar -xvjf gcc-arm-none-eabi-4_9-2015q3-20150921-linux.tar.bz2
- - ln -s ../gcc-arm-none-eabi-4_9-2015q3/bin/* ../bin/
- # Install mbed-cli
- - cd ../ && git clone https://github.com/ARMmbed/mbed-cli.git
- - cd ../mbed-cli && sudo -H pip install -e .
- # Get the sample application
- - cd ../ && git clone git@github.com:ARMmbed/mbed-os-example-tls.git
- # Get mbed-os
- - cd ../mbed-os-example-tls/tls-client && mbed deploy
- # Update mbed-os to master only if it is a nightly build
- - >
- if [ -n "${RUN_NIGHTLY_BUILD}" ]; then
- cd ../mbed-os-example-tls/tls-client/mbed-os/ && mbed update master;
- fi
- # Import mbedtls current revision
- - ln -s ../../../../../../../mbedtls/ ../mbed-os-example-tls/tls-client/mbed-os/features/mbedtls/importer/TARGET_IGNORE/mbedtls
- - cd ../mbed-os-example-tls/tls-client/mbed-os/features/mbedtls/importer/ && make
- override:
- # Install the missing python packages
- - cd ../mbed-os-example-tls/tls-client/mbed-os/ && sudo -H pip install -r requirements.txt
diff --git a/crypto b/crypto
new file mode 160000
index 0000000..b6229e3
--- /dev/null
+++ b/crypto
@@ -0,0 +1 @@
+Subproject commit b6229e304e69e672dec653700467c696d32d19ae
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index f695dd2..4eff836 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -24,7 +24,7 @@
*/
/**
- * @mainpage mbed TLS v2.12.0 source code documentation
+ * @mainpage mbed TLS v2.17.0 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 317eb0d..ce58d6b 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v2.12.0"
+PROJECT_NAME = "mbed TLS v2.17.0"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
@@ -664,7 +664,7 @@
# directories like "/usr/src/myproject". Separate the files or directories
# with spaces.
-INPUT = ..
+INPUT = ../include input
# This tag can be used to specify the character encoding of the source files
# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
@@ -696,7 +696,7 @@
# Note that relative paths are relative to the directory from which doxygen is
# run.
-EXCLUDE = ../configs ../yotta/module
+EXCLUDE =
# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
# directories that are symbolic links (a Unix file system feature) are excluded
diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
index 1b581a5..c2f2bd4 100644
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -11,6 +11,6 @@
endif(INSTALL_MBEDTLS_HEADERS)
# Make config.h available in an out-of-source build. ssl-opt.sh requires it.
-if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
+if (ENABLE_TESTING AND NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
link_to_source(mbedtls)
endif()
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index f6603d5..94e7282 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -60,7 +60,11 @@
/* Error codes in range 0x0021-0x0025 */
#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 /**< Invalid input data. */
+
+/* MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE is deprecated and should not be used. */
#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available. For example, an unsupported AES key size. */
+
+/* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
@@ -79,7 +83,7 @@
/**
* \brief The AES context-type definition.
*/
-typedef struct
+typedef struct mbedtls_aes_context
{
int nr; /*!< The number of rounds. */
uint32_t *rk; /*!< AES round keys. */
@@ -98,7 +102,7 @@
/**
* \brief The AES XTS context-type definition.
*/
-typedef struct
+typedef struct mbedtls_aes_xts_context
{
mbedtls_aes_context crypt; /*!< The AES context to use for AES block
encryption or decryption. */
@@ -117,7 +121,7 @@
* It must be the first API called before using
* the context.
*
- * \param ctx The AES context to initialize.
+ * \param ctx The AES context to initialize. This must not be \c NULL.
*/
void mbedtls_aes_init( mbedtls_aes_context *ctx );
@@ -125,6 +129,8 @@
* \brief This function releases and clears the specified AES context.
*
* \param ctx The AES context to clear.
+ * If this is \c NULL, this function does nothing.
+ * Otherwise, the context must have been at least initialized.
*/
void mbedtls_aes_free( mbedtls_aes_context *ctx );
@@ -135,7 +141,7 @@
* It must be the first API called before using
* the context.
*
- * \param ctx The AES XTS context to initialize.
+ * \param ctx The AES XTS context to initialize. This must not be \c NULL.
*/
void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx );
@@ -143,6 +149,8 @@
* \brief This function releases and clears the specified AES XTS context.
*
* \param ctx The AES XTS context to clear.
+ * If this is \c NULL, this function does nothing.
+ * Otherwise, the context must have been at least initialized.
*/
void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
#endif /* MBEDTLS_CIPHER_MODE_XTS */
@@ -151,7 +159,9 @@
* \brief This function sets the encryption key.
*
* \param ctx The AES context to which the key should be bound.
+ * It must be initialized.
* \param key The encryption key.
+ * This must be a readable buffer of size \p keybits bits.
* \param keybits The size of data passed in bits. Valid options are:
* <ul><li>128 bits</li>
* <li>192 bits</li>
@@ -167,7 +177,9 @@
* \brief This function sets the decryption key.
*
* \param ctx The AES context to which the key should be bound.
+ * It must be initialized.
* \param key The decryption key.
+ * This must be a readable buffer of size \p keybits bits.
* \param keybits The size of data passed. Valid options are:
* <ul><li>128 bits</li>
* <li>192 bits</li>
@@ -185,8 +197,10 @@
* sets the encryption key.
*
* \param ctx The AES XTS context to which the key should be bound.
+ * It must be initialized.
* \param key The encryption key. This is comprised of the XTS key1
* concatenated with the XTS key2.
+ * This must be a readable buffer of size \p keybits bits.
* \param keybits The size of \p key passed in bits. Valid options are:
* <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
* <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
@@ -203,8 +217,10 @@
* sets the decryption key.
*
* \param ctx The AES XTS context to which the key should be bound.
+ * It must be initialized.
* \param key The decryption key. This is comprised of the XTS key1
* concatenated with the XTS key2.
+ * This must be a readable buffer of size \p keybits bits.
* \param keybits The size of \p key passed in bits. Valid options are:
* <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
* <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
@@ -230,10 +246,13 @@
* call to this API with the same context.
*
* \param ctx The AES context to use for encryption or decryption.
+ * It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT.
- * \param input The 16-Byte buffer holding the input data.
- * \param output The 16-Byte buffer holding the output data.
+ * \param input The buffer holding the input data.
+ * It must be readable and at least \c 16 Bytes long.
+ * \param output The buffer where the output data will be written.
+ * It must be writeable and at least \c 16 Bytes long.
* \return \c 0 on success.
*/
@@ -256,8 +275,8 @@
* mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
* before the first call to this API with the same context.
*
- * \note This function operates on aligned blocks, that is, the input size
- * must be a multiple of the AES block size of 16 Bytes.
+ * \note This function operates on full blocks, that is, the input size
+ * must be a multiple of the AES block size of \c 16 Bytes.
*
* \note Upon exit, the content of the IV is updated so that you can
* call the same function again on the next
@@ -268,13 +287,17 @@
*
*
* \param ctx The AES context to use for encryption or decryption.
+ * It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT.
* \param length The length of the input data in Bytes. This must be a
- * multiple of the block size (16 Bytes).
+ * multiple of the block size (\c 16 Bytes).
* \param iv Initialization vector (updated after use).
+ * It must be a readable and writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data.
+ * It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data.
+ * It must be writeable and of size \p length Bytes.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
@@ -302,9 +325,10 @@
* returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
*
* \param ctx The AES XTS context to use for AES XTS operations.
+ * It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT.
- * \param length The length of a data unit in bytes. This can be any
+ * \param length The length of a data unit in Bytes. This can be any
* length between 16 bytes and 2^24 bytes inclusive
* (between 1 and 2^20 block cipher blocks).
* \param data_unit The address of the data unit encoded as an array of 16
@@ -312,15 +336,15 @@
* is typically the index of the block device sector that
* contains the data.
* \param input The buffer holding the input data (which is an entire
- * data unit). This function reads \p length bytes from \p
+ * data unit). This function reads \p length Bytes from \p
* input.
* \param output The buffer holding the output data (which is an entire
- * data unit). This function writes \p length bytes to \p
+ * data unit). This function writes \p length Bytes to \p
* output.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
- * smaller than an AES block in size (16 bytes) or if \p
+ * smaller than an AES block in size (16 Bytes) or if \p
* length is larger than 2^20 blocks (16 MiB).
*/
int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
@@ -356,13 +380,18 @@
*
*
* \param ctx The AES context to use for encryption or decryption.
+ * It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT.
- * \param length The length of the input data.
+ * \param length The length of the input data in Bytes.
* \param iv_off The offset in IV (updated after use).
+ * It must point to a valid \c size_t.
* \param iv The initialization vector (updated after use).
+ * It must be a readable and writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data.
+ * It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data.
+ * It must be writeable and of size \p length Bytes.
*
* \return \c 0 on success.
*/
@@ -397,12 +426,16 @@
*
*
* \param ctx The AES context to use for encryption or decryption.
+ * It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT
* \param length The length of the input data.
* \param iv The initialization vector (updated after use).
+ * It must be a readable and writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data.
+ * It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data.
+ * It must be writeable and of size \p length Bytes.
*
* \return \c 0 on success.
*/
@@ -447,11 +480,16 @@
* will compromise security.
*
* \param ctx The AES context to use for encryption or decryption.
+ * It must be initialized and bound to a key.
* \param length The length of the input data.
* \param iv_off The offset in IV (updated after use).
+ * It must point to a valid \c size_t.
* \param iv The initialization vector (updated after use).
+ * It must be a readable and writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data.
+ * It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data.
+ * It must be writeable and of size \p length Bytes.
*
* \return \c 0 on success.
*/
@@ -523,15 +561,21 @@
* securely discarded as soon as it's no longer needed.
*
* \param ctx The AES context to use for encryption or decryption.
+ * It must be initialized and bound to a key.
* \param length The length of the input data.
* \param nc_off The offset in the current \p stream_block, for
* resuming within the current cipher stream. The
* offset pointer should be 0 at the start of a stream.
+ * It must point to a valid \c size_t.
* \param nonce_counter The 128-bit nonce and counter.
+ * It must be a readable-writeable buffer of \c 16 Bytes.
* \param stream_block The saved stream block for resuming. This is
* overwritten by the function.
+ * It must be a readable-writeable buffer of \c 16 Bytes.
* \param input The buffer holding the input data.
+ * It must be readable and of size \p length Bytes.
* \param output The buffer holding the output data.
+ * It must be writeable and of size \p length Bytes.
*
* \return \c 0 on success.
*/
@@ -584,7 +628,7 @@
* \brief Deprecated internal AES block encryption function
* without return value.
*
- * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0.
+ * \deprecated Superseded by mbedtls_internal_aes_encrypt()
*
* \param ctx The AES context to use for encryption.
* \param input Plaintext block.
@@ -598,7 +642,7 @@
* \brief Deprecated internal AES block decryption function
* without return value.
*
- * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0.
+ * \deprecated Superseded by mbedtls_internal_aes_decrypt()
*
* \param ctx The AES context to use for decryption.
* \param input Ciphertext block.
@@ -611,6 +655,8 @@
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+
+#if defined(MBEDTLS_SELF_TEST)
/**
* \brief Checkup routine.
*
@@ -619,6 +665,8 @@
*/
int mbedtls_aes_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/aesni.h b/include/mbedtls/aesni.h
index 746baa0..a4ca012 100644
--- a/include/mbedtls/aesni.h
+++ b/include/mbedtls/aesni.h
@@ -2,6 +2,9 @@
* \file aesni.h
*
* \brief AES-NI for hardware AES acceleration on some Intel processors
+ *
+ * \warning These functions are only for internal use by other library
+ * functions; you must not call them directly.
*/
/*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
@@ -24,6 +27,12 @@
#ifndef MBEDTLS_AESNI_H
#define MBEDTLS_AESNI_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "aes.h"
#define MBEDTLS_AESNI_AES 0x02000000u
@@ -42,7 +51,10 @@
#endif
/**
- * \brief AES-NI features detection routine
+ * \brief Internal function to detect the AES-NI feature in CPUs.
+ *
+ * \note This function is only for internal use by other library
+ * functions; you must not call it directly.
*
* \param what The feature to detect
* (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL)
@@ -52,7 +64,10 @@
int mbedtls_aesni_has_support( unsigned int what );
/**
- * \brief AES-NI AES-ECB block en(de)cryption
+ * \brief Internal AES-NI AES-ECB block encryption and decryption
+ *
+ * \note This function is only for internal use by other library
+ * functions; you must not call it directly.
*
* \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
@@ -62,12 +77,15 @@
* \return 0 on success (cannot fail)
*/
int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] );
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16] );
/**
- * \brief GCM multiplication: c = a * b in GF(2^128)
+ * \brief Internal GCM multiplication: c = a * b in GF(2^128)
+ *
+ * \note This function is only for internal use by other library
+ * functions; you must not call it directly.
*
* \param c Result
* \param a First operand
@@ -77,21 +95,29 @@
* elements of GF(2^128) as per the GCM spec.
*/
void mbedtls_aesni_gcm_mult( unsigned char c[16],
- const unsigned char a[16],
- const unsigned char b[16] );
+ const unsigned char a[16],
+ const unsigned char b[16] );
/**
- * \brief Compute decryption round keys from encryption round keys
+ * \brief Internal round key inversion. This function computes
+ * decryption round keys from the encryption round keys.
+ *
+ * \note This function is only for internal use by other library
+ * functions; you must not call it directly.
*
* \param invkey Round keys for the equivalent inverse cipher
* \param fwdkey Original round keys (for encryption)
* \param nr Number of rounds (that is, number of round keys minus one)
*/
void mbedtls_aesni_inverse_key( unsigned char *invkey,
- const unsigned char *fwdkey, int nr );
+ const unsigned char *fwdkey,
+ int nr );
/**
- * \brief Perform key expansion (for encryption)
+ * \brief Internal key expansion for encryption
+ *
+ * \note This function is only for internal use by other library
+ * functions; you must not call it directly.
*
* \param rk Destination buffer where the round keys are written
* \param key Encryption key
@@ -100,8 +126,8 @@
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
*/
int mbedtls_aesni_setkey_enc( unsigned char *rk,
- const unsigned char *key,
- size_t bits );
+ const unsigned char *key,
+ size_t bits );
#ifdef __cplusplus
}
diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h
index f11fc5b..fb044d5 100644
--- a/include/mbedtls/arc4.h
+++ b/include/mbedtls/arc4.h
@@ -36,6 +36,7 @@
#include <stddef.h>
+/* MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED -0x0019 /**< ARC4 hardware accelerator failed. */
#ifdef __cplusplus
@@ -53,7 +54,7 @@
* security risk. We recommend considering stronger ciphers instead.
*
*/
-typedef struct
+typedef struct mbedtls_arc4_context
{
int x; /*!< permutation index */
int y; /*!< permutation index */
@@ -122,6 +123,8 @@
int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
unsigned char *output );
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief Checkup routine
*
@@ -134,6 +137,8 @@
*/
int mbedtls_arc4_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index bae0621..1e8956e 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -39,6 +39,8 @@
#include <stddef.h>
#include <stdint.h>
+#include "platform_util.h"
+
#define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */
#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */
@@ -46,9 +48,18 @@
#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */
#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
-#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH -0x005C /**< Invalid key length. */
-#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005C )
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+#define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C /**< Bad input data. */
+
+#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */
+
+/* MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE is deprecated and should not be used.
+ */
#define MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE -0x005A /**< Feature not available. For example, an unsupported ARIA key size. */
+
+/* MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED -0x0058 /**< ARIA hardware accelerator failed. */
#if !defined(MBEDTLS_ARIA_ALT)
@@ -62,7 +73,7 @@
/**
* \brief The ARIA context-type definition.
*/
-typedef struct
+typedef struct mbedtls_aria_context
{
unsigned char nr; /*!< The number of rounds (12, 14 or 16) */
/*! The ARIA round keys. */
@@ -80,14 +91,16 @@
* It must be the first API called before using
* the context.
*
- * \param ctx The ARIA context to initialize.
+ * \param ctx The ARIA context to initialize. This must not be \c NULL.
*/
void mbedtls_aria_init( mbedtls_aria_context *ctx );
/**
* \brief This function releases and clears the specified ARIA context.
*
- * \param ctx The ARIA context to clear.
+ * \param ctx The ARIA context to clear. This may be \c NULL, in which
+ * case this function returns immediately. If it is not \c NULL,
+ * it must point to an initialized ARIA context.
*/
void mbedtls_aria_free( mbedtls_aria_context *ctx );
@@ -95,14 +108,16 @@
* \brief This function sets the encryption key.
*
* \param ctx The ARIA context to which the key should be bound.
- * \param key The encryption key.
- * \param keybits The size of data passed in bits. Valid options are:
+ * This must be initialized.
+ * \param key The encryption key. This must be a readable buffer
+ * of size \p keybits Bits.
+ * \param keybits The size of \p key in Bits. Valid options are:
* <ul><li>128 bits</li>
* <li>192 bits</li>
* <li>256 bits</li></ul>
*
- * \return \c 0 on success or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH
- * on failure.
+ * \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
const unsigned char *key,
@@ -112,13 +127,16 @@
* \brief This function sets the decryption key.
*
* \param ctx The ARIA context to which the key should be bound.
- * \param key The decryption key.
+ * This must be initialized.
+ * \param key The decryption key. This must be a readable buffer
+ * of size \p keybits Bits.
* \param keybits The size of data passed. Valid options are:
* <ul><li>128 bits</li>
* <li>192 bits</li>
* <li>256 bits</li></ul>
*
- * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH on failure.
+ * \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
const unsigned char *key,
@@ -137,10 +155,12 @@
* call to this API with the same context.
*
* \param ctx The ARIA context to use for encryption or decryption.
+ * This must be initialized and bound to a key.
* \param input The 16-Byte buffer holding the input data.
* \param output The 16-Byte buffer holding the output data.
* \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
@@ -172,16 +192,21 @@
*
*
* \param ctx The ARIA context to use for encryption or decryption.
- * \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or
- * #MBEDTLS_ARIA_DECRYPT.
+ * This must be initialized and bound to a key.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_ARIA_ENCRYPT for encryption, or
+ * #MBEDTLS_ARIA_DECRYPT for decryption.
* \param length The length of the input data in Bytes. This must be a
* multiple of the block size (16 Bytes).
* \param iv Initialization vector (updated after use).
- * \param input The buffer holding the input data.
- * \param output The buffer holding the output data.
+ * This must be a readable buffer of size 16 Bytes.
+ * \param input The buffer holding the input data. This must
+ * be a readable buffer of length \p length Bytes.
+ * \param output The buffer holding the output data. This must
+ * be a writable buffer of length \p length Bytes.
*
- * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH
- * on failure.
+ * \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
int mode,
@@ -216,15 +241,22 @@
*
*
* \param ctx The ARIA context to use for encryption or decryption.
- * \param mode The ARIA operation: #MBEDTLS_ARIA_ENCRYPT or
- * #MBEDTLS_ARIA_DECRYPT.
- * \param length The length of the input data.
+ * This must be initialized and bound to a key.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_ARIA_ENCRYPT for encryption, or
+ * #MBEDTLS_ARIA_DECRYPT for decryption.
+ * \param length The length of the input data \p input in Bytes.
* \param iv_off The offset in IV (updated after use).
+ * This must not be larger than 15.
* \param iv The initialization vector (updated after use).
- * \param input The buffer holding the input data.
- * \param output The buffer holding the output data.
+ * This must be a readable buffer of size 16 Bytes.
+ * \param input The buffer holding the input data. This must
+ * be a readable buffer of length \p length Bytes.
+ * \param output The buffer holding the output data. This must
+ * be a writable buffer of length \p length Bytes.
*
* \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
int mode,
@@ -294,17 +326,24 @@
* securely discarded as soon as it's no longer needed.
*
* \param ctx The ARIA context to use for encryption or decryption.
- * \param length The length of the input data.
- * \param nc_off The offset in the current \p stream_block, for
- * resuming within the current cipher stream. The
- * offset pointer should be 0 at the start of a stream.
- * \param nonce_counter The 128-bit nonce and counter.
- * \param stream_block The saved stream block for resuming. This is
- * overwritten by the function.
- * \param input The buffer holding the input data.
- * \param output The buffer holding the output data.
+ * This must be initialized and bound to a key.
+ * \param length The length of the input data \p input in Bytes.
+ * \param nc_off The offset in Bytes in the current \p stream_block,
+ * for resuming within the current cipher stream. The
+ * offset pointer should be \c 0 at the start of a
+ * stream. This must not be larger than \c 15 Bytes.
+ * \param nonce_counter The 128-bit nonce and counter. This must point to
+ * a read/write buffer of length \c 16 bytes.
+ * \param stream_block The saved stream block for resuming. This must
+ * point to a read/write buffer of length \c 16 bytes.
+ * This is overwritten by the function.
+ * \param input The buffer holding the input data. This must
+ * be a readable buffer of length \p length Bytes.
+ * \param output The buffer holding the output data. This must
+ * be a writable buffer of length \p length Bytes.
*
- * \return \c 0 on success.
+ * \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
size_t length,
diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h
index f76fc80..8aa01b4 100644
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@@ -24,193 +24,303 @@
#ifndef MBEDTLS_ASN1_WRITE_H
#define MBEDTLS_ASN1_WRITE_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "asn1.h"
-#define MBEDTLS_ASN1_CHK_ADD(g, f) do { if( ( ret = f ) < 0 ) return( ret ); else \
- g += ret; } while( 0 )
+#define MBEDTLS_ASN1_CHK_ADD(g, f) \
+ do \
+ { \
+ if( ( ret = (f) ) < 0 ) \
+ return( ret ); \
+ else \
+ (g) += ret; \
+ } while( 0 )
#ifdef __cplusplus
extern "C" {
#endif
/**
- * \brief Write a length field in ASN.1 format
- * Note: function works backwards in data buffer
+ * \brief Write a length field in ASN.1 format.
*
- * \param p reference to current position pointer
- * \param start start of the buffer (for bounds-checking)
- * \param len the length to write
+ * \note This function works backwards in data buffer.
*
- * \return the length written or a negative error code
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ * \param len The length value to write.
+ *
+ * \return The number of bytes written to \p p on success.
+ * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
-
+int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start,
+ size_t len );
/**
- * \brief Write a ASN.1 tag in ASN.1 format
- * Note: function works backwards in data buffer
+ * \brief Write an ASN.1 tag in ASN.1 format.
*
- * \param p reference to current position pointer
- * \param start start of the buffer (for bounds-checking)
- * \param tag the tag to write
+ * \note This function works backwards in data buffer.
*
- * \return the length written or a negative error code
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ * \param tag The tag to write.
+ *
+ * \return The number of bytes written to \p p on success.
+ * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start,
- unsigned char tag );
+ unsigned char tag );
/**
- * \brief Write raw buffer data
- * Note: function works backwards in data buffer
+ * \brief Write raw buffer data.
*
- * \param p reference to current position pointer
- * \param start start of the buffer (for bounds-checking)
- * \param buf data buffer to write
- * \param size length of the data buffer
+ * \note This function works backwards in data buffer.
*
- * \return the length written or a negative error code
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ * \param buf The data buffer to write.
+ * \param size The length of the data buffer.
+ *
+ * \return The number of bytes written to \p p on success.
+ * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
- const unsigned char *buf, size_t size );
+ const unsigned char *buf, size_t size );
#if defined(MBEDTLS_BIGNUM_C)
/**
- * \brief Write a big number (MBEDTLS_ASN1_INTEGER) in ASN.1 format
- * Note: function works backwards in data buffer
+ * \brief Write a arbitrary-precision number (#MBEDTLS_ASN1_INTEGER)
+ * in ASN.1 format.
*
- * \param p reference to current position pointer
- * \param start start of the buffer (for bounds-checking)
- * \param X the MPI to write
+ * \note This function works backwards in data buffer.
*
- * \return the length written or a negative error code
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ * \param X The MPI to write.
+ *
+ * \return The number of bytes written to \p p on success.
+ * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X );
+int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start,
+ const mbedtls_mpi *X );
#endif /* MBEDTLS_BIGNUM_C */
/**
- * \brief Write a NULL tag (MBEDTLS_ASN1_NULL) with zero data in ASN.1 format
- * Note: function works backwards in data buffer
+ * \brief Write a NULL tag (#MBEDTLS_ASN1_NULL) with zero data
+ * in ASN.1 format.
*
- * \param p reference to current position pointer
- * \param start start of the buffer (for bounds-checking)
+ * \note This function works backwards in data buffer.
*
- * \return the length written or a negative error code
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ *
+ * \return The number of bytes written to \p p on success.
+ * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start );
/**
- * \brief Write an OID tag (MBEDTLS_ASN1_OID) and data in ASN.1 format
- * Note: function works backwards in data buffer
+ * \brief Write an OID tag (#MBEDTLS_ASN1_OID) and data
+ * in ASN.1 format.
*
- * \param p reference to current position pointer
- * \param start start of the buffer (for bounds-checking)
- * \param oid the OID to write
- * \param oid_len length of the OID
+ * \note This function works backwards in data buffer.
*
- * \return the length written or a negative error code
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ * \param oid The OID to write.
+ * \param oid_len The length of the OID.
+ *
+ * \return The number of bytes written to \p p on success.
+ * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
- const char *oid, size_t oid_len );
+ const char *oid, size_t oid_len );
/**
- * \brief Write an AlgorithmIdentifier sequence in ASN.1 format
- * Note: function works backwards in data buffer
+ * \brief Write an AlgorithmIdentifier sequence in ASN.1 format.
*
- * \param p reference to current position pointer
- * \param start start of the buffer (for bounds-checking)
- * \param oid the OID of the algorithm
- * \param oid_len length of the OID
- * \param par_len length of parameters, which must be already written.
+ * \note This function works backwards in data buffer.
+ *
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ * \param oid The OID of the algorithm to write.
+ * \param oid_len The length of the algorithm's OID.
+ * \param par_len The length of the parameters, which must be already written.
* If 0, NULL parameters are added
*
- * \return the length written or a negative error code
+ * \return The number of bytes written to \p p on success.
+ * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
- const char *oid, size_t oid_len,
- size_t par_len );
+int mbedtls_asn1_write_algorithm_identifier( unsigned char **p,
+ unsigned char *start,
+ const char *oid, size_t oid_len,
+ size_t par_len );
/**
- * \brief Write a boolean tag (MBEDTLS_ASN1_BOOLEAN) and value in ASN.1 format
- * Note: function works backwards in data buffer
+ * \brief Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value
+ * in ASN.1 format.
*
- * \param p reference to current position pointer
- * \param start start of the buffer (for bounds-checking)
- * \param boolean 0 or 1
+ * \note This function works backwards in data buffer.
*
- * \return the length written or a negative error code
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ * \param boolean The boolean value to write, either \c 0 or \c 1.
+ *
+ * \return The number of bytes written to \p p on success.
+ * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean );
+int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start,
+ int boolean );
/**
- * \brief Write an int tag (MBEDTLS_ASN1_INTEGER) and value in ASN.1 format
- * Note: function works backwards in data buffer
+ * \brief Write an int tag (#MBEDTLS_ASN1_INTEGER) and value
+ * in ASN.1 format.
*
- * \param p reference to current position pointer
- * \param start start of the buffer (for bounds-checking)
- * \param val the integer value
+ * \note This function works backwards in data buffer.
*
- * \return the length written or a negative error code
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ * \param val The integer value to write.
+ *
+ * \return The number of bytes written to \p p on success.
+ * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val );
/**
- * \brief Write a printable string tag (MBEDTLS_ASN1_PRINTABLE_STRING) and
- * value in ASN.1 format
- * Note: function works backwards in data buffer
+ * \brief Write a string in ASN.1 format using a specific
+ * string encoding tag.
+
+ * \note This function works backwards in data buffer.
*
- * \param p reference to current position pointer
- * \param start start of the buffer (for bounds-checking)
- * \param text the text to write
- * \param text_len length of the text
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ * \param tag The string encoding tag to write, e.g.
+ * #MBEDTLS_ASN1_UTF8_STRING.
+ * \param text The string to write.
+ * \param text_len The length of \p text in bytes (which might
+ * be strictly larger than the number of characters).
*
- * \return the length written or a negative error code
+ * \return The number of bytes written to \p p on success.
+ * \return A negative error code on failure.
*/
-int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start,
- const char *text, size_t text_len );
+int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start,
+ int tag, const char *text,
+ size_t text_len );
/**
- * \brief Write an IA5 string tag (MBEDTLS_ASN1_IA5_STRING) and
- * value in ASN.1 format
- * Note: function works backwards in data buffer
+ * \brief Write a string in ASN.1 format using the PrintableString
+ * string encoding tag (#MBEDTLS_ASN1_PRINTABLE_STRING).
*
- * \param p reference to current position pointer
- * \param start start of the buffer (for bounds-checking)
- * \param text the text to write
- * \param text_len length of the text
+ * \note This function works backwards in data buffer.
*
- * \return the length written or a negative error code
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ * \param text The string to write.
+ * \param text_len The length of \p text in bytes (which might
+ * be strictly larger than the number of characters).
+ *
+ * \return The number of bytes written to \p p on success.
+ * \return A negative error code on failure.
+ */
+int mbedtls_asn1_write_printable_string( unsigned char **p,
+ unsigned char *start,
+ const char *text, size_t text_len );
+
+/**
+ * \brief Write a UTF8 string in ASN.1 format using the UTF8String
+ * string encoding tag (#MBEDTLS_ASN1_PRINTABLE_STRING).
+ *
+ * \note This function works backwards in data buffer.
+ *
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ * \param text The string to write.
+ * \param text_len The length of \p text in bytes (which might
+ * be strictly larger than the number of characters).
+ *
+ * \return The number of bytes written to \p p on success.
+ * \return A negative error code on failure.
+ */
+int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start,
+ const char *text, size_t text_len );
+
+/**
+ * \brief Write a string in ASN.1 format using the IA5String
+ * string encoding tag (#MBEDTLS_ASN1_IA5_STRING).
+ *
+ * \note This function works backwards in data buffer.
+ *
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ * \param text The string to write.
+ * \param text_len The length of \p text in bytes (which might
+ * be strictly larger than the number of characters).
+ *
+ * \return The number of bytes written to \p p on success.
+ * \return A negative error code on failure.
*/
int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
- const char *text, size_t text_len );
+ const char *text, size_t text_len );
/**
- * \brief Write a bitstring tag (MBEDTLS_ASN1_BIT_STRING) and
- * value in ASN.1 format
- * Note: function works backwards in data buffer
+ * \brief Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and
+ * value in ASN.1 format.
*
- * \param p reference to current position pointer
- * \param start start of the buffer (for bounds-checking)
- * \param buf the bitstring
- * \param bits the total number of bits in the bitstring
+ * \note This function works backwards in data buffer.
*
- * \return the length written or a negative error code
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ * \param buf The bitstring to write.
+ * \param bits The total number of bits in the bitstring.
+ *
+ * \return The number of bytes written to \p p on success.
+ * \return A negative error code on failure.
*/
int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
- const unsigned char *buf, size_t bits );
+ const unsigned char *buf, size_t bits );
/**
- * \brief Write an octet string tag (MBEDTLS_ASN1_OCTET_STRING) and
- * value in ASN.1 format
- * Note: function works backwards in data buffer
+ * \brief This function writes a named bitstring tag
+ * (#MBEDTLS_ASN1_BIT_STRING) and value in ASN.1 format.
*
- * \param p reference to current position pointer
- * \param start start of the buffer (for bounds-checking)
- * \param buf data buffer to write
- * \param size length of the data buffer
+ * As stated in RFC 5280 Appendix B, trailing zeroes are
+ * omitted when encoding named bitstrings in DER.
*
- * \return the length written or a negative error code
+ * \note This function works backwards within the data buffer.
+ *
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer which is used for bounds-checking.
+ * \param buf The bitstring to write.
+ * \param bits The total number of bits in the bitstring.
+ *
+ * \return The number of bytes written to \p p on success.
+ * \return A negative error code on failure.
+ */
+int mbedtls_asn1_write_named_bitstring( unsigned char **p,
+ unsigned char *start,
+ const unsigned char *buf,
+ size_t bits );
+
+/**
+ * \brief Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING)
+ * and value in ASN.1 format.
+ *
+ * \note This function works backwards in data buffer.
+ *
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ * \param buf The buffer holding the data to write.
+ * \param size The length of the data buffer \p buf.
+ *
+ * \return The number of bytes written to \p p on success.
+ * \return A negative error code on failure.
*/
int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
- const unsigned char *buf, size_t size );
+ const unsigned char *buf, size_t size );
/**
* \brief Create or find a specific named_data entry for writing in a
@@ -218,15 +328,16 @@
* a new entry is added to the head of the list.
* Warning: Destructive behaviour for the val data!
*
- * \param list Pointer to the location of the head of the list to seek
- * through (will be updated in case of a new entry)
- * \param oid The OID to look for
- * \param oid_len Size of the OID
- * \param val Data to store (can be NULL if you want to fill it by hand)
- * \param val_len Minimum length of the data buffer needed
+ * \param list The pointer to the location of the head of the list to seek
+ * through (will be updated in case of a new entry).
+ * \param oid The OID to look for.
+ * \param oid_len The size of the OID.
+ * \param val The data to store (can be \c NULL if you want to fill
+ * it by hand).
+ * \param val_len The minimum length of the data buffer needed.
*
- * \return NULL if if there was a memory allocation error, or a pointer
- * to the new / existing entry.
+ * \return A pointer to the new / existing entry on success.
+ * \return \c NULL if if there was a memory allocation error.
*/
mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list,
const char *oid, size_t oid_len,
diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h
index 7a64f52..0d02416 100644
--- a/include/mbedtls/base64.h
+++ b/include/mbedtls/base64.h
@@ -24,6 +24,12 @@
#ifndef MBEDTLS_BASE64_H
#define MBEDTLS_BASE64_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include <stddef.h>
#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A /**< Output buffer too small. */
@@ -75,6 +81,7 @@
int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
const unsigned char *src, size_t slen );
+#if defined(MBEDTLS_SELF_TEST)
/**
* \brief Checkup routine
*
@@ -82,6 +89,8 @@
*/
int mbedtls_base64_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 31383b1..a04a145 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -46,7 +46,12 @@
#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E /**< The input arguments are not acceptable. */
#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 /**< Memory allocation failed. */
-#define MBEDTLS_MPI_CHK(f) do { if( ( ret = f ) != 0 ) goto cleanup; } while( 0 )
+#define MBEDTLS_MPI_CHK(f) \
+ do \
+ { \
+ if( ( ret = (f) ) != 0 ) \
+ goto cleanup; \
+ } while( 0 )
/*
* Maximum size MPIs are allowed to grow to in number of limbs.
@@ -177,7 +182,7 @@
/**
* \brief MPI structure
*/
-typedef struct
+typedef struct mbedtls_mpi
{
int s; /*!< integer sign */
size_t n; /*!< total # of limbs */
@@ -186,96 +191,115 @@
mbedtls_mpi;
/**
- * \brief Initialize one MPI (make internal references valid)
- * This just makes it ready to be set or freed,
+ * \brief Initialize an MPI context.
+ *
+ * This makes the MPI ready to be set or freed,
* but does not define a value for the MPI.
*
- * \param X One MPI to initialize.
+ * \param X The MPI context to initialize. This must not be \c NULL.
*/
void mbedtls_mpi_init( mbedtls_mpi *X );
/**
- * \brief Unallocate one MPI
+ * \brief This function frees the components of an MPI context.
*
- * \param X One MPI to unallocate.
+ * \param X The MPI context to be cleared. This may be \c NULL,
+ * in which case this function is a no-op. If it is
+ * not \c NULL, it must point to an initialized MPI.
*/
void mbedtls_mpi_free( mbedtls_mpi *X );
/**
- * \brief Enlarge to the specified number of limbs
+ * \brief Enlarge an MPI to the specified number of limbs.
*
- * This function does nothing if the MPI is already large enough.
+ * \note This function does nothing if the MPI is
+ * already large enough.
*
- * \param X MPI to grow
- * \param nblimbs The target number of limbs
+ * \param X The MPI to grow. It must be initialized.
+ * \param nblimbs The target number of limbs.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return Another negative error code on other kinds of failure.
*/
int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
/**
- * \brief Resize down, keeping at least the specified number of limbs
+ * \brief This function resizes an MPI downwards, keeping at least the
+ * specified number of limbs.
*
* If \c X is smaller than \c nblimbs, it is resized up
* instead.
*
- * \param X MPI to shrink
- * \param nblimbs The minimum number of limbs to keep
+ * \param X The MPI to shrink. This must point to an initialized MPI.
+ * \param nblimbs The minimum number of limbs to keep.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
* (this can only happen when resizing up).
+ * \return Another negative error code on other kinds of failure.
*/
int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
/**
- * \brief Copy the contents of Y into X
+ * \brief Make a copy of an MPI.
*
- * \param X Destination MPI. It is enlarged if necessary.
- * \param Y Source MPI.
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param Y The source MPI. This must point to an initialized MPI.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \note The limb-buffer in the destination MPI is enlarged
+ * if necessary to hold the value in the source MPI.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return Another negative error code on other kinds of failure.
*/
int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );
/**
- * \brief Swap the contents of X and Y
+ * \brief Swap the contents of two MPIs.
*
- * \param X First MPI value
- * \param Y Second MPI value
+ * \param X The first MPI. It must be initialized.
+ * \param Y The second MPI. It must be initialized.
*/
void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
/**
- * \brief Safe conditional assignement X = Y if assign is 1
+ * \brief Perform a safe conditional copy of MPI which doesn't
+ * reveal whether the condition was true or not.
*
- * \param X MPI to conditionally assign to
- * \param Y Value to be assigned
- * \param assign 1: perform the assignment, 0: keep X's original value
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ * \param X The MPI to conditionally assign to. This must point
+ * to an initialized MPI.
+ * \param Y The MPI to be assigned from. This must point to an
+ * initialized MPI.
+ * \param assign The condition deciding whether to perform the
+ * assignment or not. Possible values:
+ * * \c 1: Perform the assignment `X = Y`.
+ * * \c 0: Keep the original value of \p X.
*
* \note This function is equivalent to
- * if( assign ) mbedtls_mpi_copy( X, Y );
+ * `if( assign ) mbedtls_mpi_copy( X, Y );`
* except that it avoids leaking any information about whether
* the assignment was done or not (the above code may leak
* information through branch prediction and/or memory access
* patterns analysis).
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return Another negative error code on other kinds of failure.
*/
int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign );
/**
- * \brief Safe conditional swap X <-> Y if swap is 1
+ * \brief Perform a safe conditional swap which doesn't
+ * reveal whether the condition was true or not.
*
- * \param X First mbedtls_mpi value
- * \param Y Second mbedtls_mpi value
- * \param assign 1: perform the swap, 0: keep X and Y's original values
- *
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ * \param X The first MPI. This must be initialized.
+ * \param Y The second MPI. This must be initialized.
+ * \param assign The condition deciding whether to perform
+ * the swap or not. Possible values:
+ * * \c 1: Swap the values of \p X and \p Y.
+ * * \c 0: Keep the original values of \p X and \p Y.
*
* \note This function is equivalent to
* if( assign ) mbedtls_mpi_swap( X, Y );
@@ -283,415 +307,546 @@
* the assignment was done or not (the above code may leak
* information through branch prediction and/or memory access
* patterns analysis).
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return Another negative error code on other kinds of failure.
+ *
*/
int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign );
/**
- * \brief Set value from integer
+ * \brief Store integer value in MPI.
*
- * \param X MPI to set
- * \param z Value to use
+ * \param X The MPI to set. This must be initialized.
+ * \param z The value to use.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return Another negative error code on other kinds of failure.
*/
int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );
/**
- * \brief Get a specific bit from X
+ * \brief Get a specific bit from an MPI.
*
- * \param X MPI to use
- * \param pos Zero-based index of the bit in X
+ * \param X The MPI to query. This must be initialized.
+ * \param pos Zero-based index of the bit to query.
*
- * \return Either a 0 or a 1
+ * \return \c 0 or \c 1 on success, depending on whether bit \c pos
+ * of \c X is unset or set.
+ * \return A negative error code on failure.
*/
int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );
/**
- * \brief Set a bit of X to a specific value of 0 or 1
+ * \brief Modify a specific bit in an MPI.
*
- * \note Will grow X if necessary to set a bit to 1 in a not yet
- * existing limb. Will not grow if bit should be set to 0
+ * \note This function will grow the target MPI if necessary to set a
+ * bit to \c 1 in a not yet existing limb. It will not grow if
+ * the bit should be set to \c 0.
*
- * \param X MPI to use
- * \param pos Zero-based index of the bit in X
- * \param val The value to set the bit to (0 or 1)
+ * \param X The MPI to modify. This must be initialized.
+ * \param pos Zero-based index of the bit to modify.
+ * \param val The desired value of bit \c pos: \c 0 or \c 1.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return Another negative error code on other kinds of failure.
*/
int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );
/**
- * \brief Return the number of zero-bits before the least significant
- * '1' bit
+ * \brief Return the number of bits of value \c 0 before the
+ * least significant bit of value \c 1.
*
- * Note: Thus also the zero-based index of the least significant '1' bit
+ * \note This is the same as the zero-based index of
+ * the least significant bit of value \c 1.
*
- * \param X MPI to use
+ * \param X The MPI to query.
+ *
+ * \return The number of bits of value \c 0 before the least significant
+ * bit of value \c 1 in \p X.
*/
size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );
/**
* \brief Return the number of bits up to and including the most
- * significant '1' bit'
+ * significant bit of value \c 1.
*
- * Note: Thus also the one-based index of the most significant '1' bit
+ * * \note This is same as the one-based index of the most
+ * significant bit of value \c 1.
*
- * \param X MPI to use
+ * \param X The MPI to query. This must point to an initialized MPI.
+ *
+ * \return The number of bits up to and including the most
+ * significant bit of value \c 1.
*/
size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X );
/**
- * \brief Return the total size in bytes
+ * \brief Return the total size of an MPI value in bytes.
*
- * \param X MPI to use
+ * \param X The MPI to use. This must point to an initialized MPI.
+ *
+ * \note The value returned by this function may be less than
+ * the number of bytes used to store \p X internally.
+ * This happens if and only if there are trailing bytes
+ * of value zero.
+ *
+ * \return The least number of bytes capable of storing
+ * the absolute value of \p X.
*/
size_t mbedtls_mpi_size( const mbedtls_mpi *X );
/**
- * \brief Import from an ASCII string
+ * \brief Import an MPI from an ASCII string.
*
- * \param X Destination MPI
- * \param radix Input numeric base
- * \param s Null-terminated string buffer
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param radix The numeric base of the input string.
+ * \param s Null-terminated string buffer.
*
- * \return 0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );
/**
- * \brief Export into an ASCII string
+ * \brief Export an MPI to an ASCII string.
*
- * \param X Source MPI
- * \param radix Output numeric base
- * \param buf Buffer to write the string to
- * \param buflen Length of buf
- * \param olen Length of the string written, including final NUL byte
+ * \param X The source MPI. This must point to an initialized MPI.
+ * \param radix The numeric base of the output string.
+ * \param buf The buffer to write the string to. This must be writable
+ * buffer of length \p buflen Bytes.
+ * \param buflen The available size in Bytes of \p buf.
+ * \param olen The address at which to store the length of the string
+ * written, including the final \c NULL byte. This must
+ * not be \c NULL.
*
- * \return 0 if successful, or a MBEDTLS_ERR_MPI_XXX error code.
- * *olen is always updated to reflect the amount
- * of data that has (or would have) been written.
+ * \note You can call this function with `buflen == 0` to obtain the
+ * minimum required buffer size in `*olen`.
*
- * \note Call this function with buflen = 0 to obtain the
- * minimum required buffer size in *olen.
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the target buffer \p buf
+ * is too small to hold the value of \p X in the desired base.
+ * In this case, `*olen` is nonetheless updated to contain the
+ * size of \p buf required for a successful call.
+ * \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
char *buf, size_t buflen, size_t *olen );
#if defined(MBEDTLS_FS_IO)
/**
- * \brief Read MPI from a line in an opened file
+ * \brief Read an MPI from a line in an opened file.
*
- * \param X Destination MPI
- * \param radix Input numeric base
- * \param fin Input file handle
- *
- * \return 0 if successful, MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if
- * the file read buffer is too small or a
- * MBEDTLS_ERR_MPI_XXX error code
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param radix The numeric base of the string representation used
+ * in the source line.
+ * \param fin The input file handle to use. This must not be \c NULL.
*
* \note On success, this function advances the file stream
* to the end of the current line or to EOF.
*
- * The function returns 0 on an empty line.
+ * The function returns \c 0 on an empty line.
*
* Leading whitespaces are ignored, as is a
- * '0x' prefix for radix 16.
+ * '0x' prefix for radix \c 16.
*
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the file read buffer
+ * is too small.
+ * \return Another negative error code on failure.
*/
int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );
/**
- * \brief Write X into an opened file, or stdout if fout is NULL
+ * \brief Export an MPI into an opened file.
*
- * \param p Prefix, can be NULL
- * \param X Source MPI
- * \param radix Output numeric base
- * \param fout Output file handle (can be NULL)
+ * \param p A string prefix to emit prior to the MPI data.
+ * For example, this might be a label, or "0x" when
+ * printing in base \c 16. This may be \c NULL if no prefix
+ * is needed.
+ * \param X The source MPI. This must point to an initialized MPI.
+ * \param radix The numeric base to be used in the emitted string.
+ * \param fout The output file handle. This may be \c NULL, in which case
+ * the output is written to \c stdout.
*
- * \return 0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
- *
- * \note Set fout == NULL to print X on the console.
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
-int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout );
+int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X,
+ int radix, FILE *fout );
#endif /* MBEDTLS_FS_IO */
/**
- * \brief Import X from unsigned binary data, big endian
+ * \brief Import an MPI from unsigned big endian binary data.
*
- * \param X Destination MPI
- * \param buf Input buffer
- * \param buflen Input buffer size
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param buf The input buffer. This must be a readable buffer of length
+ * \p buflen Bytes.
+ * \param buflen The length of the input buffer \p p in Bytes.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen );
+int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf,
+ size_t buflen );
+
+/**
+ * \brief Import X from unsigned binary data, little endian
+ *
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param buf The input buffer. This must be a readable buffer of length
+ * \p buflen Bytes.
+ * \param buflen The length of the input buffer \p p in Bytes.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return Another negative error code on different kinds of failure.
+ */
+int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
+ const unsigned char *buf, size_t buflen );
/**
* \brief Export X into unsigned binary data, big endian.
* Always fills the whole buffer, which will start with zeros
* if the number is smaller.
*
- * \param X Source MPI
- * \param buf Output buffer
- * \param buflen Output buffer size
+ * \param X The source MPI. This must point to an initialized MPI.
+ * \param buf The output buffer. This must be a writable buffer of length
+ * \p buflen Bytes.
+ * \param buflen The size of the output buffer \p buf in Bytes.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
+ * large enough to hold the value of \p X.
+ * \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen );
+int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf,
+ size_t buflen );
/**
- * \brief Left-shift: X <<= count
+ * \brief Export X into unsigned binary data, little endian.
+ * Always fills the whole buffer, which will end with zeros
+ * if the number is smaller.
*
- * \param X MPI to shift
- * \param count Amount to shift
+ * \param X The source MPI. This must point to an initialized MPI.
+ * \param buf The output buffer. This must be a writable buffer of length
+ * \p buflen Bytes.
+ * \param buflen The size of the output buffer \p buf in Bytes.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
+ * large enough to hold the value of \p X.
+ * \return Another negative error code on different kinds of failure.
+ */
+int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,
+ unsigned char *buf, size_t buflen );
+
+/**
+ * \brief Perform a left-shift on an MPI: X <<= count
+ *
+ * \param X The MPI to shift. This must point to an initialized MPI.
+ * \param count The number of bits to shift by.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );
/**
- * \brief Right-shift: X >>= count
+ * \brief Perform a right-shift on an MPI: X >>= count
*
- * \param X MPI to shift
- * \param count Amount to shift
+ * \param X The MPI to shift. This must point to an initialized MPI.
+ * \param count The number of bits to shift by.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );
/**
- * \brief Compare unsigned values
+ * \brief Compare the absolute values of two MPIs.
*
- * \param X Left-hand MPI
- * \param Y Right-hand MPI
+ * \param X The left-hand MPI. This must point to an initialized MPI.
+ * \param Y The right-hand MPI. This must point to an initialized MPI.
*
- * \return 1 if |X| is greater than |Y|,
- * -1 if |X| is lesser than |Y| or
- * 0 if |X| is equal to |Y|
+ * \return \c 1 if `|X|` is greater than `|Y|`.
+ * \return \c -1 if `|X|` is lesser than `|Y|`.
+ * \return \c 0 if `|X|` is equal to `|Y|`.
*/
int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
/**
- * \brief Compare signed values
+ * \brief Compare two MPIs.
*
- * \param X Left-hand MPI
- * \param Y Right-hand MPI
+ * \param X The left-hand MPI. This must point to an initialized MPI.
+ * \param Y The right-hand MPI. This must point to an initialized MPI.
*
- * \return 1 if X is greater than Y,
- * -1 if X is lesser than Y or
- * 0 if X is equal to Y
+ * \return \c 1 if \p X is greater than \p Y.
+ * \return \c -1 if \p X is lesser than \p Y.
+ * \return \c 0 if \p X is equal to \p Y.
*/
int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
/**
- * \brief Compare signed values
+ * \brief Compare an MPI with an integer.
*
- * \param X Left-hand MPI
- * \param z The integer value to compare to
+ * \param X The left-hand MPI. This must point to an initialized MPI.
+ * \param z The integer value to compare \p X to.
*
- * \return 1 if X is greater than z,
- * -1 if X is lesser than z or
- * 0 if X is equal to z
+ * \return \c 1 if \p X is greater than \p z.
+ * \return \c -1 if \p X is lesser than \p z.
+ * \return \c 0 if \p X is equal to \p z.
*/
int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );
/**
- * \brief Unsigned addition: X = |A| + |B|
+ * \brief Perform an unsigned addition of MPIs: X = |A| + |B|
*
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param B Right-hand MPI
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param A The first summand. This must point to an initialized MPI.
+ * \param B The second summand. This must point to an initialized MPI.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
+ const mbedtls_mpi *B );
/**
- * \brief Unsigned subtraction: X = |A| - |B|
+ * \brief Perform an unsigned subtraction of MPIs: X = |A| - |B|
*
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param B Right-hand MPI
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param A The minuend. This must point to an initialized MPI.
+ * \param B The subtrahend. This must point to an initialized MPI.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B is greater than A
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is greater than \p A.
+ * \return Another negative error code on different kinds of failure.
+ *
*/
-int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
+ const mbedtls_mpi *B );
/**
- * \brief Signed addition: X = A + B
+ * \brief Perform a signed addition of MPIs: X = A + B
*
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param B Right-hand MPI
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param A The first summand. This must point to an initialized MPI.
+ * \param B The second summand. This must point to an initialized MPI.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
+ const mbedtls_mpi *B );
/**
- * \brief Signed subtraction: X = A - B
+ * \brief Perform a signed subtraction of MPIs: X = A - B
*
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param B Right-hand MPI
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param A The minuend. This must point to an initialized MPI.
+ * \param B The subtrahend. This must point to an initialized MPI.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
+ const mbedtls_mpi *B );
/**
- * \brief Signed addition: X = A + b
+ * \brief Perform a signed addition of an MPI and an integer: X = A + b
*
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param b The integer value to add
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param A The first summand. This must point to an initialized MPI.
+ * \param b The second summand.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A,
+ mbedtls_mpi_sint b );
/**
- * \brief Signed subtraction: X = A - b
+ * \brief Perform a signed subtraction of an MPI and an integer:
+ * X = A - b
*
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param b The integer value to subtract
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param A The minuend. This must point to an initialized MPI.
+ * \param b The subtrahend.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A,
+ mbedtls_mpi_sint b );
/**
- * \brief Baseline multiplication: X = A * B
+ * \brief Perform a multiplication of two MPIs: X = A * B
*
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param B Right-hand MPI
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param A The first factor. This must point to an initialized MPI.
+ * \param B The second factor. This must point to an initialized MPI.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return Another negative error code on different kinds of failure.
+ *
*/
-int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
+ const mbedtls_mpi *B );
/**
- * \brief Baseline multiplication: X = A * b
+ * \brief Perform a multiplication of an MPI with an unsigned integer:
+ * X = A * b
*
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param b The unsigned integer value to multiply with
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param A The first factor. This must point to an initialized MPI.
+ * \param b The second factor.
*
- * \note b is unsigned
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return Another negative error code on different kinds of failure.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
*/
-int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b );
+int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A,
+ mbedtls_mpi_uint b );
/**
- * \brief Division by mbedtls_mpi: A = Q * B + R
+ * \brief Perform a division with remainder of two MPIs:
+ * A = Q * B + R
*
- * \param Q Destination MPI for the quotient
- * \param R Destination MPI for the rest value
- * \param A Left-hand MPI
- * \param B Right-hand MPI
+ * \param Q The destination MPI for the quotient.
+ * This may be \c NULL if the value of the
+ * quotient is not needed.
+ * \param R The destination MPI for the remainder value.
+ * This may be \c NULL if the value of the
+ * remainder is not needed.
+ * \param A The dividend. This must point to an initialized MPi.
+ * \param B The divisor. This must point to an initialized MPI.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0
- *
- * \note Either Q or R can be NULL.
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
+ * \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
+int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
+ const mbedtls_mpi *B );
/**
- * \brief Division by int: A = Q * b + R
+ * \brief Perform a division with remainder of an MPI by an integer:
+ * A = Q * b + R
*
- * \param Q Destination MPI for the quotient
- * \param R Destination MPI for the rest value
- * \param A Left-hand MPI
- * \param b Integer to divide by
+ * \param Q The destination MPI for the quotient.
+ * This may be \c NULL if the value of the
+ * quotient is not needed.
+ * \param R The destination MPI for the remainder value.
+ * This may be \c NULL if the value of the
+ * remainder is not needed.
+ * \param A The dividend. This must point to an initialized MPi.
+ * \param b The divisor.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0
- *
- * \note Either Q or R can be NULL.
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
+ * \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
+ mbedtls_mpi_sint b );
/**
- * \brief Modulo: R = A mod B
+ * \brief Perform a modular reduction. R = A mod B
*
- * \param R Destination MPI for the rest value
- * \param A Left-hand MPI
- * \param B Right-hand MPI
+ * \param R The destination MPI for the residue value.
+ * This must point to an initialized MPI.
+ * \param A The MPI to compute the residue of.
+ * This must point to an initialized MPI.
+ * \param B The base of the modular reduction.
+ * This must point to an initialized MPI.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0,
- * MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B < 0
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
+ * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is negative.
+ * \return Another negative error code on different kinds of failure.
+ *
*/
-int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
+int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A,
+ const mbedtls_mpi *B );
/**
- * \brief Modulo: r = A mod b
+ * \brief Perform a modular reduction with respect to an integer.
+ * r = A mod b
*
- * \param r Destination mbedtls_mpi_uint
- * \param A Left-hand MPI
- * \param b Integer to divide by
+ * \param r The address at which to store the residue.
+ * This must not be \c NULL.
+ * \param A The MPI to compute the residue of.
+ * This must point to an initialized MPi.
+ * \param b The integer base of the modular reduction.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0,
- * MBEDTLS_ERR_MPI_NEGATIVE_VALUE if b < 0
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
+ * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative.
+ * \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A,
+ mbedtls_mpi_sint b );
/**
- * \brief Sliding-window exponentiation: X = A^E mod N
+ * \brief Perform a sliding-window exponentiation: X = A^E mod N
*
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param E Exponent MPI
- * \param N Modular MPI
- * \param _RR Speed-up MPI used for recalculations
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param A The base of the exponentiation.
+ * This must point to an initialized MPI.
+ * \param E The exponent MPI. This must point to an initialized MPI.
+ * \param N The base for the modular reduction. This must point to an
+ * initialized MPI.
+ * \param _RR A helper MPI depending solely on \p N which can be used to
+ * speed-up multiple modular exponentiations for the same value
+ * of \p N. This may be \c NULL. If it is not \c NULL, it must
+ * point to an initialized MPI. If it hasn't been used after
+ * the call to mbedtls_mpi_init(), this function will compute
+ * the helper value and store it in \p _RR for reuse on
+ * subsequent calls to this function. Otherwise, the function
+ * will assume that \p _RR holds the helper value set by a
+ * previous call to mbedtls_mpi_exp_mod(), and reuse it.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is negative or even or
- * if E is negative
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \c N is negative or
+ * even, or if \c E is negative.
+ * \return Another negative error code on different kinds of failures.
*
- * \note _RR is used to avoid re-computing R*R mod N across
- * multiple calls, which speeds up things a bit. It can
- * be set to NULL if the extra performance is unneeded.
*/
-int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR );
+int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
+ const mbedtls_mpi *E, const mbedtls_mpi *N,
+ mbedtls_mpi *_RR );
/**
- * \brief Fill an MPI X with size bytes of random
+ * \brief Fill an MPI with a number of random bytes.
*
- * \param X Destination MPI
- * \param size Size in bytes
- * \param f_rng RNG function
- * \param p_rng RNG parameter
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param size The number of random bytes to generate.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
+ * \param p_rng The RNG parameter to be passed to \p f_rng. This may be
+ * \c NULL if \p f_rng doesn't need a context argument.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return Another negative error code on failure.
*
- * \note The bytes obtained from the PRNG are interpreted
+ * \note The bytes obtained from the RNG are interpreted
* as a big-endian representation of an MPI; this can
* be relevant in applications like deterministic ECDSA.
*/
@@ -700,64 +855,135 @@
void *p_rng );
/**
- * \brief Greatest common divisor: G = gcd(A, B)
+ * \brief Compute the greatest common divisor: G = gcd(A, B)
*
- * \param G Destination MPI
- * \param A Left-hand MPI
- * \param B Right-hand MPI
+ * \param G The destination MPI. This must point to an initialized MPI.
+ * \param A The first operand. This must point to an initialized MPI.
+ * \param B The second operand. This must point to an initialized MPI.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return Another negative error code on different kinds of failure.
*/
-int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B );
+int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A,
+ const mbedtls_mpi *B );
/**
- * \brief Modular inverse: X = A^-1 mod N
+ * \brief Compute the modular inverse: X = A^-1 mod N
*
- * \param X Destination MPI
- * \param A Left-hand MPI
- * \param N Right-hand MPI
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param A The MPI to calculate the modular inverse of. This must point
+ * to an initialized MPI.
+ * \param N The base of the modular inversion. This must point to an
+ * initialized MPI.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is <= 1,
- MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N.
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p N is less than
+ * or equal to one.
+ * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse
+ * with respect to \p N.
*/
-int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N );
+int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
+ const mbedtls_mpi *N );
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+/**
+ * \brief Perform a Miller-Rabin primality test with error
+ * probability of 2<sup>-80</sup>.
+ *
+ * \deprecated Superseded by mbedtls_mpi_is_prime_ext() which allows
+ * specifying the number of Miller-Rabin rounds.
+ *
+ * \param X The MPI to check for primality.
+ * This must point to an initialized MPI.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
+ * \param p_rng The RNG parameter to be passed to \p f_rng.
+ * This may be \c NULL if \p f_rng doesn't use a
+ * context parameter.
+ *
+ * \return \c 0 if successful, i.e. \p X is probably prime.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
+ * \return Another negative error code on other kinds of failure.
+ */
+MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+#undef MBEDTLS_DEPRECATED
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
/**
- * \brief Miller-Rabin primality test
+ * \brief Miller-Rabin primality test.
*
- * \param X MPI to check
- * \param f_rng RNG function
- * \param p_rng RNG parameter
+ * \warning If \p X is potentially generated by an adversary, for example
+ * when validating cryptographic parameters that you didn't
+ * generate yourself and that are supposed to be prime, then
+ * \p rounds should be at least the half of the security
+ * strength of the cryptographic algorithm. On the other hand,
+ * if \p X is chosen uniformly or non-adversially (as is the
+ * case when mbedtls_mpi_gen_prime calls this function), then
+ * \p rounds can be much lower.
*
- * \return 0 if successful (probably prime),
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if X is not prime
+ * \param X The MPI to check for primality.
+ * This must point to an initialized MPI.
+ * \param rounds The number of bases to perform the Miller-Rabin primality
+ * test for. The probability of returning 0 on a composite is
+ * at most 2<sup>-2*\p rounds</sup>.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
+ * \param p_rng The RNG parameter to be passed to \p f_rng.
+ * This may be \c NULL if \p f_rng doesn't use
+ * a context parameter.
+ *
+ * \return \c 0 if successful, i.e. \p X is probably prime.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
+ * \return Another negative error code on other kinds of failure.
*/
-int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+/**
+ * \brief Flags for mbedtls_mpi_gen_prime()
+ *
+ * Each of these flags is a constraint on the result X returned by
+ * mbedtls_mpi_gen_prime().
+ */
+typedef enum {
+ MBEDTLS_MPI_GEN_PRIME_FLAG_DH = 0x0001, /**< (X-1)/2 is prime too */
+ MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR = 0x0002, /**< lower error rate from 2<sup>-80</sup> to 2<sup>-128</sup> */
+} mbedtls_mpi_gen_prime_flag_t;
/**
- * \brief Prime number generation
+ * \brief Generate a prime number.
*
- * \param X Destination MPI
- * \param nbits Required size of X in bits
- * ( 3 <= nbits <= MBEDTLS_MPI_MAX_BITS )
- * \param dh_flag If 1, then (X-1)/2 will be prime too
- * \param f_rng RNG function
- * \param p_rng RNG parameter
+ * \param X The destination MPI to store the generated prime in.
+ * This must point to an initialized MPi.
+ * \param nbits The required size of the destination MPI in bits.
+ * This must be between \c 3 and #MBEDTLS_MPI_MAX_BITS.
+ * \param flags A mask of flags of type #mbedtls_mpi_gen_prime_flag_t.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
+ * \param p_rng The RNG parameter to be passed to \p f_rng.
+ * This may be \c NULL if \p f_rng doesn't use
+ * a context parameter.
*
- * \return 0 if successful (probably prime),
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
+ * \return \c 0 if successful, in which case \p X holds a
+ * probably prime number.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between
+ * \c 3 and #MBEDTLS_MPI_MAX_BITS.
*/
-int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
+int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief Checkup routine
*
@@ -765,6 +991,8 @@
*/
int mbedtls_mpi_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h
index 985faa4..f01573d 100644
--- a/include/mbedtls/blowfish.h
+++ b/include/mbedtls/blowfish.h
@@ -33,6 +33,8 @@
#include <stddef.h>
#include <stdint.h>
+#include "platform_util.h"
+
#define MBEDTLS_BLOWFISH_ENCRYPT 1
#define MBEDTLS_BLOWFISH_DECRYPT 0
#define MBEDTLS_BLOWFISH_MAX_KEY_BITS 448
@@ -40,9 +42,16 @@
#define MBEDTLS_BLOWFISH_ROUNDS 16 /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
#define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */
-#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 )
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+#define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 /**< Bad input data. */
+
+#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
+
+/* MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED is deprecated and should not be used.
+ */
#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */
-#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
#ifdef __cplusplus
extern "C" {
@@ -55,7 +64,7 @@
/**
* \brief Blowfish context structure
*/
-typedef struct
+typedef struct mbedtls_blowfish_context
{
uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
uint32_t S[4][256]; /*!< key dependent S-boxes */
@@ -67,40 +76,53 @@
#endif /* MBEDTLS_BLOWFISH_ALT */
/**
- * \brief Initialize Blowfish context
+ * \brief Initialize a Blowfish context.
*
- * \param ctx Blowfish context to be initialized
+ * \param ctx The Blowfish context to be initialized.
+ * This must not be \c NULL.
*/
void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx );
/**
- * \brief Clear Blowfish context
+ * \brief Clear a Blowfish context.
*
- * \param ctx Blowfish context to be cleared
+ * \param ctx The Blowfish context to be cleared.
+ * This may be \c NULL, in which case this function
+ * returns immediately. If it is not \c NULL, it must
+ * point to an initialized Blowfish context.
*/
void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx );
/**
- * \brief Blowfish key schedule
+ * \brief Perform a Blowfish key schedule operation.
*
- * \param ctx Blowfish context to be initialized
- * \param key encryption key
- * \param keybits must be between 32 and 448 bits
+ * \param ctx The Blowfish context to perform the key schedule on.
+ * \param key The encryption key. This must be a readable buffer of
+ * length \p keybits Bits.
+ * \param keybits The length of \p key in Bits. This must be between
+ * \c 32 and \c 448 and a multiple of \c 8.
*
- * \return 0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
unsigned int keybits );
/**
- * \brief Blowfish-ECB block encryption/decryption
+ * \brief Perform a Blowfish-ECB block encryption/decryption operation.
*
- * \param ctx Blowfish context
- * \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
- * \param input 8-byte input block
- * \param output 8-byte output block
+ * \param ctx The Blowfish context to use. This must be initialized
+ * and bound to a key.
+ * \param mode The mode of operation. Possible values are
+ * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
+ * #MBEDTLS_BLOWFISH_DECRYPT for decryption.
+ * \param input The input block. This must be a readable buffer
+ * of size \c 8 Bytes.
+ * \param output The output block. This must be a writable buffer
+ * of size \c 8 Bytes.
*
- * \return 0 if successful
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
int mode,
@@ -109,9 +131,7 @@
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
- * \brief Blowfish-CBC buffer encryption/decryption
- * Length should be a multiple of the block
- * size (8 bytes)
+ * \brief Perform a Blowfish-CBC buffer encryption/decryption operation.
*
* \note Upon exit, the content of the IV is updated so that you can
* call the function same function again on the following
@@ -121,15 +141,22 @@
* IV, you should either save it manually or use the cipher
* module instead.
*
- * \param ctx Blowfish context
- * \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
- * \param length length of the input data
- * \param iv initialization vector (updated after use)
- * \param input buffer holding the input data
- * \param output buffer holding the output data
+ * \param ctx The Blowfish context to use. This must be initialized
+ * and bound to a key.
+ * \param mode The mode of operation. Possible values are
+ * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
+ * #MBEDTLS_BLOWFISH_DECRYPT for decryption.
+ * \param length The length of the input data in Bytes. This must be
+ * multiple of \c 8.
+ * \param iv The initialization vector. This must be a read/write buffer
+ * of length \c 8 Bytes. It is updated by this function.
+ * \param input The input data. This must be a readable buffer of length
+ * \p length Bytes.
+ * \param output The output data. This must be a writable buffer of length
+ * \p length Bytes.
*
- * \return 0 if successful, or
- * MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
int mode,
@@ -141,7 +168,7 @@
#if defined(MBEDTLS_CIPHER_MODE_CFB)
/**
- * \brief Blowfish CFB buffer encryption/decryption.
+ * \brief Perform a Blowfish CFB buffer encryption/decryption operation.
*
* \note Upon exit, the content of the IV is updated so that you can
* call the function same function again on the following
@@ -151,15 +178,25 @@
* IV, you should either save it manually or use the cipher
* module instead.
*
- * \param ctx Blowfish context
- * \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
- * \param length length of the input data
- * \param iv_off offset in IV (updated after use)
- * \param iv initialization vector (updated after use)
- * \param input buffer holding the input data
- * \param output buffer holding the output data
+ * \param ctx The Blowfish context to use. This must be initialized
+ * and bound to a key.
+ * \param mode The mode of operation. Possible values are
+ * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
+ * #MBEDTLS_BLOWFISH_DECRYPT for decryption.
+ * \param length The length of the input data in Bytes.
+ * \param iv_off The offset in the initialiation vector.
+ * The value pointed to must be smaller than \c 8 Bytes.
+ * It is updated by this function to support the aforementioned
+ * streaming usage.
+ * \param iv The initialization vector. This must be a read/write buffer
+ * of size \c 8 Bytes. It is updated after use.
+ * \param input The input data. This must be a readable buffer of length
+ * \p length Bytes.
+ * \param output The output data. This must be a writable buffer of length
+ * \p length Bytes.
*
- * \return 0 if successful
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
int mode,
@@ -172,7 +209,7 @@
#if defined(MBEDTLS_CIPHER_MODE_CTR)
/**
- * \brief Blowfish-CTR buffer encryption/decryption
+ * \brief Perform a Blowfish-CTR buffer encryption/decryption operation.
*
* \warning You must never reuse a nonce value with the same key. Doing so
* would void the encryption for the two messages encrypted with
@@ -215,18 +252,24 @@
* content must not be written to insecure storage and should be
* securely discarded as soon as it's no longer needed.
*
- * \param ctx Blowfish context
- * \param length The length of the data
+ * \param ctx The Blowfish context to use. This must be initialized
+ * and bound to a key.
+ * \param length The length of the input data in Bytes.
* \param nc_off The offset in the current stream_block (for resuming
- * within current cipher stream). The offset pointer to
- * should be 0 at the start of a stream.
- * \param nonce_counter The 64-bit nonce and counter.
- * \param stream_block The saved stream-block for resuming. Is overwritten
- * by the function.
- * \param input The input data stream
- * \param output The output data stream
+ * within current cipher stream). The offset pointer
+ * should be \c 0 at the start of a stream and must be
+ * smaller than \c 8. It is updated by this function.
+ * \param nonce_counter The 64-bit nonce and counter. This must point to a
+ * read/write buffer of length \c 8 Bytes.
+ * \param stream_block The saved stream-block for resuming. This must point to
+ * a read/write buffer of length \c 8 Bytes.
+ * \param input The input data. This must be a readable buffer of
+ * length \p length Bytes.
+ * \param output The output data. This must be a writable buffer of
+ * length \p length Bytes.
*
- * \return 0 if successful
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
size_t length,
diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index b587317..c33bd8d 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -38,6 +38,12 @@
#ifndef MBEDTLS_BN_MUL_H
#define MBEDTLS_BN_MUL_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "bignum.h"
#if defined(MBEDTLS_HAVE_ASM)
@@ -170,19 +176,19 @@
#define MULADDC_INIT \
asm( \
- "xorq %%r8, %%r8 \n\t"
+ "xorq %%r8, %%r8\n"
#define MULADDC_CORE \
- "movq (%%rsi), %%rax \n\t" \
- "mulq %%rbx \n\t" \
- "addq $8, %%rsi \n\t" \
- "addq %%rcx, %%rax \n\t" \
- "movq %%r8, %%rcx \n\t" \
- "adcq $0, %%rdx \n\t" \
- "nop \n\t" \
- "addq %%rax, (%%rdi) \n\t" \
- "adcq %%rdx, %%rcx \n\t" \
- "addq $8, %%rdi \n\t"
+ "movq (%%rsi), %%rax\n" \
+ "mulq %%rbx\n" \
+ "addq $8, %%rsi\n" \
+ "addq %%rcx, %%rax\n" \
+ "movq %%r8, %%rcx\n" \
+ "adcq $0, %%rdx\n" \
+ "nop \n" \
+ "addq %%rax, (%%rdi)\n" \
+ "adcq %%rdx, %%rcx\n" \
+ "addq $8, %%rdi\n"
#define MULADDC_STOP \
: "+c" (c), "+D" (d), "+S" (s) \
@@ -565,9 +571,8 @@
#endif /* TriCore */
/*
- * gcc -O0 by default uses r7 for the frame pointer, so it complains about our
- * use of r7 below, unless -fomit-frame-pointer is passed. Unfortunately,
- * passing that option is not easy when building with yotta.
+ * Note, gcc -O0 by default uses r7 for the frame pointer, so it complains about
+ * our use of r7 below, unless -fomit-frame-pointer is passed.
*
* On the other hand, -fomit-frame-pointer is implied by any -Ox options with
* x !=0, which we can detect using __OPTIMIZE__ (which is also defined by
@@ -637,6 +642,23 @@
"r6", "r7", "r8", "r9", "cc" \
);
+#elif defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1)
+
+#define MULADDC_INIT \
+ asm(
+
+#define MULADDC_CORE \
+ "ldr r0, [%0], #4 \n\t" \
+ "ldr r1, [%1] \n\t" \
+ "umaal r1, %2, %3, r0 \n\t" \
+ "str r1, [%1], #4 \n\t"
+
+#define MULADDC_STOP \
+ : "=r" (s), "=r" (d), "=r" (c) \
+ : "r" (b), "0" (s), "1" (d), "2" (c) \
+ : "r0", "r1", "memory" \
+ );
+
#else
#define MULADDC_INIT \
@@ -734,7 +756,7 @@
"sw $10, %2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
- : "$9", "$10", "$11", "$12", "$13", "$14", "$15" \
+ : "$9", "$10", "$11", "$12", "$13", "$14", "$15", "lo", "hi" \
);
#endif /* MIPS */
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index 7e4721a..3eeb663 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -33,11 +33,20 @@
#include <stddef.h>
#include <stdint.h>
+#include "platform_util.h"
+
#define MBEDTLS_CAMELLIA_ENCRYPT 1
#define MBEDTLS_CAMELLIA_DECRYPT 0
-#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< Invalid key length. */
-#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0024 )
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 /**< Bad input data. */
+
+#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
+
+/* MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED is deprecated and should not be used.
+ */
#define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */
#ifdef __cplusplus
@@ -51,7 +60,7 @@
/**
* \brief CAMELLIA context structure
*/
-typedef struct
+typedef struct mbedtls_camellia_context
{
int nr; /*!< number of rounds */
uint32_t rk[68]; /*!< CAMELLIA round keys */
@@ -63,52 +72,68 @@
#endif /* MBEDTLS_CAMELLIA_ALT */
/**
- * \brief Initialize CAMELLIA context
+ * \brief Initialize a CAMELLIA context.
*
- * \param ctx CAMELLIA context to be initialized
+ * \param ctx The CAMELLIA context to be initialized.
+ * This must not be \c NULL.
*/
void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
/**
- * \brief Clear CAMELLIA context
+ * \brief Clear a CAMELLIA context.
*
- * \param ctx CAMELLIA context to be cleared
+ * \param ctx The CAMELLIA context to be cleared. This may be \c NULL,
+ * in which case this function returns immediately. If it is not
+ * \c NULL, it must be initialized.
*/
void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
/**
- * \brief CAMELLIA key schedule (encryption)
+ * \brief Perform a CAMELLIA key schedule operation for encryption.
*
- * \param ctx CAMELLIA context to be initialized
- * \param key encryption key
- * \param keybits must be 128, 192 or 256
+ * \param ctx The CAMELLIA context to use. This must be initialized.
+ * \param key The encryption key to use. This must be a readable buffer
+ * of size \p keybits Bits.
+ * \param keybits The length of \p key in Bits. This must be either \c 128,
+ * \c 192 or \c 256.
*
- * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
-int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
- unsigned int keybits );
+int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits );
/**
- * \brief CAMELLIA key schedule (decryption)
+ * \brief Perform a CAMELLIA key schedule operation for decryption.
*
- * \param ctx CAMELLIA context to be initialized
- * \param key decryption key
- * \param keybits must be 128, 192 or 256
+ * \param ctx The CAMELLIA context to use. This must be initialized.
+ * \param key The decryption key. This must be a readable buffer
+ * of size \p keybits Bits.
+ * \param keybits The length of \p key in Bits. This must be either \c 128,
+ * \c 192 or \c 256.
*
- * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
-int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
- unsigned int keybits );
+int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits );
/**
- * \brief CAMELLIA-ECB block encryption/decryption
+ * \brief Perform a CAMELLIA-ECB block encryption/decryption operation.
*
- * \param ctx CAMELLIA context
- * \param mode MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
- * \param input 16-byte input block
- * \param output 16-byte output block
+ * \param ctx The CAMELLIA context to use. This must be initialized
+ * and bound to a key.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
+ * \param input The input block. This must be a readable buffer
+ * of size \c 16 Bytes.
+ * \param output The output block. This must be a writable buffer
+ * of size \c 16 Bytes.
*
- * \return 0 if successful
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
int mode,
@@ -117,9 +142,7 @@
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
- * \brief CAMELLIA-CBC buffer encryption/decryption
- * Length should be a multiple of the block
- * size (16 bytes)
+ * \brief Perform a CAMELLIA-CBC buffer encryption/decryption operation.
*
* \note Upon exit, the content of the IV is updated so that you can
* call the function same function again on the following
@@ -129,15 +152,22 @@
* IV, you should either save it manually or use the cipher
* module instead.
*
- * \param ctx CAMELLIA context
- * \param mode MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
- * \param length length of the input data
- * \param iv initialization vector (updated after use)
- * \param input buffer holding the input data
- * \param output buffer holding the output data
+ * \param ctx The CAMELLIA context to use. This must be initialized
+ * and bound to a key.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
+ * \param length The length in Bytes of the input data \p input.
+ * This must be a multiple of \c 16 Bytes.
+ * \param iv The initialization vector. This must be a read/write buffer
+ * of length \c 16 Bytes. It is updated to allow streaming
+ * use as explained above.
+ * \param input The buffer holding the input data. This must point to a
+ * readable buffer of length \p length Bytes.
+ * \param output The buffer holding the output data. This must point to a
+ * writable buffer of length \p length Bytes.
*
- * \return 0 if successful, or
- * MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
int mode,
@@ -149,11 +179,14 @@
#if defined(MBEDTLS_CIPHER_MODE_CFB)
/**
- * \brief CAMELLIA-CFB128 buffer encryption/decryption
+ * \brief Perform a CAMELLIA-CFB128 buffer encryption/decryption
+ * operation.
*
- * Note: Due to the nature of CFB you should use the same key schedule for
- * both encryption and decryption. So a context initialized with
- * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT.
+ * \note Due to the nature of CFB mode, you should use the same
+ * key for both encryption and decryption. In particular, calls
+ * to this function should be preceded by a key-schedule via
+ * mbedtls_camellia_setkey_enc() regardless of whether \p mode
+ * is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
*
* \note Upon exit, the content of the IV is updated so that you can
* call the function same function again on the following
@@ -163,16 +196,24 @@
* IV, you should either save it manually or use the cipher
* module instead.
*
- * \param ctx CAMELLIA context
- * \param mode MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
- * \param length length of the input data
- * \param iv_off offset in IV (updated after use)
- * \param iv initialization vector (updated after use)
- * \param input buffer holding the input data
- * \param output buffer holding the output data
+ * \param ctx The CAMELLIA context to use. This must be initialized
+ * and bound to a key.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
+ * \param length The length of the input data \p input. Any value is allowed.
+ * \param iv_off The current offset in the IV. This must be smaller
+ * than \c 16 Bytes. It is updated after this call to allow
+ * the aforementioned streaming usage.
+ * \param iv The initialization vector. This must be a read/write buffer
+ * of length \c 16 Bytes. It is updated after this call to
+ * allow the aforementioned streaming usage.
+ * \param input The buffer holding the input data. This must be a readable
+ * buffer of size \p length Bytes.
+ * \param output The buffer to hold the output data. This must be a writable
+ * buffer of length \p length Bytes.
*
- * \return 0 if successful, or
- * MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
int mode,
@@ -185,11 +226,13 @@
#if defined(MBEDTLS_CIPHER_MODE_CTR)
/**
- * \brief CAMELLIA-CTR buffer encryption/decryption
+ * \brief Perform a CAMELLIA-CTR buffer encryption/decryption operation.
*
- * Note: Due to the nature of CTR you should use the same key schedule for
- * both encryption and decryption. So a context initialized with
- * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT.
+ * *note Due to the nature of CTR mode, you should use the same
+ * key for both encryption and decryption. In particular, calls
+ * to this function should be preceded by a key-schedule via
+ * mbedtls_camellia_setkey_enc() regardless of whether \p mode
+ * is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
*
* \warning You must never reuse a nonce value with the same key. Doing so
* would void the encryption for the two messages encrypted with
@@ -212,41 +255,49 @@
* per-message nonce, handled by yourself, and the second one
* updated by this function internally.
*
- * For example, you might reserve the first 12 bytes for the
- * per-message nonce, and the last 4 bytes for internal use. In that
- * case, before calling this function on a new message you need to
- * set the first 12 bytes of \p nonce_counter to your chosen nonce
- * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
- * stream_block to be ignored). That way, you can encrypt at most
- * 2**96 messages of up to 2**32 blocks each with the same key.
+ * For example, you might reserve the first \c 12 Bytes for the
+ * per-message nonce, and the last \c 4 Bytes for internal use.
+ * In that case, before calling this function on a new message you
+ * need to set the first \c 12 Bytes of \p nonce_counter to your
+ * chosen nonce value, the last four to \c 0, and \p nc_off to \c 0
+ * (which will cause \p stream_block to be ignored). That way, you
+ * can encrypt at most \c 2**96 messages of up to \c 2**32 blocks
+ * each with the same key.
*
* The per-message nonce (or information sufficient to reconstruct
- * it) needs to be communicated with the ciphertext and must be unique.
- * The recommended way to ensure uniqueness is to use a message
- * counter. An alternative is to generate random nonces, but this
- * limits the number of messages that can be securely encrypted:
- * for example, with 96-bit random nonces, you should not encrypt
- * more than 2**32 messages with the same key.
+ * it) needs to be communicated with the ciphertext and must be
+ * unique. The recommended way to ensure uniqueness is to use a
+ * message counter. An alternative is to generate random nonces,
+ * but this limits the number of messages that can be securely
+ * encrypted: for example, with 96-bit random nonces, you should
+ * not encrypt more than 2**32 messages with the same key.
*
* Note that for both stategies, sizes are measured in blocks and
- * that a CAMELLIA block is 16 bytes.
+ * that a CAMELLIA block is \c 16 Bytes.
*
* \warning Upon return, \p stream_block contains sensitive data. Its
* content must not be written to insecure storage and should be
* securely discarded as soon as it's no longer needed.
*
- * \param ctx CAMELLIA context
- * \param length The length of the data
- * \param nc_off The offset in the current stream_block (for resuming
+ * \param ctx The CAMELLIA context to use. This must be initialized
+ * and bound to a key.
+ * \param length The length of the input data \p input in Bytes.
+ * Any value is allowed.
+ * \param nc_off The offset in the current \p stream_block (for resuming
* within current cipher stream). The offset pointer to
- * should be 0 at the start of a stream.
- * \param nonce_counter The 128-bit nonce and counter.
- * \param stream_block The saved stream-block for resuming. Is overwritten
- * by the function.
- * \param input The input data stream
- * \param output The output data stream
+ * should be \c 0 at the start of a stream. It is updated
+ * at the end of this call.
+ * \param nonce_counter The 128-bit nonce and counter. This must be a read/write
+ * buffer of length \c 16 Bytes.
+ * \param stream_block The saved stream-block for resuming. This must be a
+ * read/write buffer of length \c 16 Bytes.
+ * \param input The input data stream. This must be a readable buffer of
+ * size \p length Bytes.
+ * \param output The output data stream. This must be a writable buffer
+ * of size \p length Bytes.
*
- * \return 0 if successful
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
size_t length,
@@ -257,6 +308,8 @@
unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_CTR */
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief Checkup routine
*
@@ -264,6 +317,8 @@
*/
int mbedtls_camellia_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 5d727e7..f03e3b5 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -49,12 +49,19 @@
#ifndef MBEDTLS_CCM_H
#define MBEDTLS_CCM_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "cipher.h"
#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to the function. */
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
-#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */
+/* MBEDTLS_ERR_CCM_HW_ACCEL_FAILED is deprecated and should not be used. */
+#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */
#ifdef __cplusplus
extern "C" {
@@ -68,7 +75,8 @@
* \brief The CCM context-type definition. The CCM context is passed
* to the APIs called.
*/
-typedef struct {
+typedef struct mbedtls_ccm_context
+{
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
}
mbedtls_ccm_context;
@@ -82,7 +90,7 @@
* to make references valid, and prepare the context
* for mbedtls_ccm_setkey() or mbedtls_ccm_free().
*
- * \param ctx The CCM context to initialize.
+ * \param ctx The CCM context to initialize. This must not be \c NULL.
*/
void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
@@ -90,9 +98,10 @@
* \brief This function initializes the CCM context set in the
* \p ctx parameter and sets the encryption key.
*
- * \param ctx The CCM context to initialize.
+ * \param ctx The CCM context to initialize. This must be an initialized
+ * context.
* \param cipher The 128-bit block cipher to use.
- * \param key The encryption key.
+ * \param key The encryption key. This must not be \c NULL.
* \param keybits The key size in bits. This must be acceptable by the cipher.
*
* \return \c 0 on success.
@@ -107,7 +116,8 @@
* \brief This function releases and clears the specified CCM context
* and underlying cipher sub-context.
*
- * \param ctx The CCM context to clear.
+ * \param ctx The CCM context to clear. If this is \c NULL, the function
+ * has no effect. Otherwise, this must be initialized.
*/
void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
@@ -120,19 +130,27 @@
* \p tag = \p output + \p length, and make sure that the
* output buffer is at least \p length + \p tag_len wide.
*
- * \param ctx The CCM context to use for encryption.
+ * \param ctx The CCM context to use for encryption. This must be
+ * initialized and bound to a key.
* \param length The length of the input data in Bytes.
- * \param iv Initialization vector (nonce).
+ * \param iv The initialization vector (nonce). This must be a readable
+ * buffer of at least \p iv_len Bytes.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
- * \param add The additional data field.
+ * \param add The additional data field. If \p add_len is greater than
+ * zero, \p add must be a readable buffer of at least that
+ * length.
* \param add_len The length of additional data in Bytes.
- * Must be less than 2^16 - 2^8.
- * \param input The buffer holding the input data.
- * \param output The buffer holding the output data.
- * Must be at least \p length Bytes wide.
- * \param tag The buffer holding the authentication field.
+ * This must be less than `2^16 - 2^8`.
+ * \param input The buffer holding the input data. If \p length is greater
+ * than zero, \p input must be a readable buffer of at least
+ * that length.
+ * \param output The buffer holding the output data. If \p length is greater
+ * than zero, \p output must be a writable buffer of at least
+ * that length.
+ * \param tag The buffer holding the authentication field. This must be a
+ * readable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the authentication field to generate in Bytes:
* 4, 6, 8, 10, 12, 14 or 16.
*
@@ -158,23 +176,30 @@
* the tag length has to be encoded into the \p iv passed to
* this function.
*
- * \param ctx The CCM context to use for encryption.
+ * \param ctx The CCM context to use for encryption. This must be
+ * initialized and bound to a key.
* \param length The length of the input data in Bytes.
- * \param iv Initialization vector (nonce).
+ * \param iv The initialization vector (nonce). This must be a readable
+ * buffer of at least \p iv_len Bytes.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
- * \param add The additional data field.
+ * \param add The additional data field. This must be a readable buffer of
+ * at least \p add_len Bytes.
* \param add_len The length of additional data in Bytes.
- * Must be less than 2^16 - 2^8.
- * \param input The buffer holding the input data.
- * \param output The buffer holding the output data.
- * Must be at least \p length Bytes wide.
- * \param tag The buffer holding the authentication field.
+ * This must be less than 2^16 - 2^8.
+ * \param input The buffer holding the input data. If \p length is greater
+ * than zero, \p input must be a readable buffer of at least
+ * that length.
+ * \param output The buffer holding the output data. If \p length is greater
+ * than zero, \p output must be a writable buffer of at least
+ * that length.
+ * \param tag The buffer holding the authentication field. This must be a
+ * readable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the authentication field to generate in Bytes:
* 0, 4, 6, 8, 10, 12, 14 or 16.
*
- * \warning Passing 0 as \p tag_len means that the message is no
+ * \warning Passing \c 0 as \p tag_len means that the message is no
* longer authenticated.
*
* \return \c 0 on success.
@@ -190,20 +215,27 @@
* \brief This function performs a CCM authenticated decryption of a
* buffer.
*
- * \param ctx The CCM context to use for decryption.
+ * \param ctx The CCM context to use for decryption. This must be
+ * initialized and bound to a key.
* \param length The length of the input data in Bytes.
- * \param iv Initialization vector (nonce).
+ * \param iv The initialization vector (nonce). This must be a readable
+ * buffer of at least \p iv_len Bytes.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
- * \param add The additional data field.
+ * \param add The additional data field. This must be a readable buffer
+ * of at least that \p add_len Bytes..
* \param add_len The length of additional data in Bytes.
- * Must be less than 2^16 - 2^8.
- * \param input The buffer holding the input data.
- * \param output The buffer holding the output data.
- * Must be at least \p length Bytes wide.
- * \param tag The buffer holding the authentication field.
- * \param tag_len The length of the authentication field in Bytes.
+ * This must be less than 2^16 - 2^8.
+ * \param input The buffer holding the input data. If \p length is greater
+ * than zero, \p input must be a readable buffer of at least
+ * that length.
+ * \param output The buffer holding the output data. If \p length is greater
+ * than zero, \p output must be a writable buffer of at least
+ * that length.
+ * \param tag The buffer holding the authentication field. This must be a
+ * readable buffer of at least \p tag_len Bytes.
+ * \param tag_len The length of the authentication field to generate in Bytes:
* 4, 6, 8, 10, 12, 14 or 16.
*
* \return \c 0 on success. This indicates that the message is authentic.
@@ -225,23 +257,30 @@
* this function as \p tag_len. (\p tag needs to be adjusted
* accordingly.)
*
- * \param ctx The CCM context to use for decryption.
+ * \param ctx The CCM context to use for decryption. This must be
+ * initialized and bound to a key.
* \param length The length of the input data in Bytes.
- * \param iv Initialization vector (nonce).
+ * \param iv The initialization vector (nonce). This must be a readable
+ * buffer of at least \p iv_len Bytes.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
- * \param add The additional data field.
+ * \param add The additional data field. This must be a readable buffer of
+ * at least that \p add_len Bytes.
* \param add_len The length of additional data in Bytes.
- * Must be less than 2^16 - 2^8.
- * \param input The buffer holding the input data.
- * \param output The buffer holding the output data.
- * Must be at least \p length Bytes wide.
- * \param tag The buffer holding the authentication field.
+ * This must be less than 2^16 - 2^8.
+ * \param input The buffer holding the input data. If \p length is greater
+ * than zero, \p input must be a readable buffer of at least
+ * that length.
+ * \param output The buffer holding the output data. If \p length is greater
+ * than zero, \p output must be a writable buffer of at least
+ * that length.
+ * \param tag The buffer holding the authentication field. This must be a
+ * readable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the authentication field in Bytes.
* 0, 4, 6, 8, 10, 12, 14 or 16.
*
- * \warning Passing 0 as \p tag_len means that the message is no
+ * \warning Passing \c 0 as \p tag_len means that the message is nos
* longer authenticated.
*
* \return \c 0 on success.
diff --git a/include/mbedtls/certs.h b/include/mbedtls/certs.h
index 8dab7b5..179ebbb 100644
--- a/include/mbedtls/certs.h
+++ b/include/mbedtls/certs.h
@@ -24,74 +24,226 @@
#ifndef MBEDTLS_CERTS_H
#define MBEDTLS_CERTS_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
+/* List of all PEM-encoded CA certificates, terminated by NULL;
+ * PEM encoded if MBEDTLS_PEM_PARSE_C is enabled, DER encoded
+ * otherwise. */
+extern const char * mbedtls_test_cas[];
+extern const size_t mbedtls_test_cas_len[];
+
+/* List of all DER-encoded CA certificates, terminated by NULL */
+extern const unsigned char * mbedtls_test_cas_der[];
+extern const size_t mbedtls_test_cas_der_len[];
+
#if defined(MBEDTLS_PEM_PARSE_C)
/* Concatenation of all CA certificates in PEM format if available */
extern const char mbedtls_test_cas_pem[];
extern const size_t mbedtls_test_cas_pem_len;
-#endif
-
-/* List of all CA certificates, terminated by NULL */
-extern const char * mbedtls_test_cas[];
-extern const size_t mbedtls_test_cas_len[];
+#endif /* MBEDTLS_PEM_PARSE_C */
/*
- * Convenience for users who just want a certificate:
- * RSA by default, or ECDSA if RSA is not available
+ * CA test certificates
*/
-extern const char * mbedtls_test_ca_crt;
-extern const size_t mbedtls_test_ca_crt_len;
-extern const char * mbedtls_test_ca_key;
-extern const size_t mbedtls_test_ca_key_len;
-extern const char * mbedtls_test_ca_pwd;
-extern const size_t mbedtls_test_ca_pwd_len;
-extern const char * mbedtls_test_srv_crt;
-extern const size_t mbedtls_test_srv_crt_len;
-extern const char * mbedtls_test_srv_key;
-extern const size_t mbedtls_test_srv_key_len;
-extern const char * mbedtls_test_cli_crt;
-extern const size_t mbedtls_test_cli_crt_len;
-extern const char * mbedtls_test_cli_key;
-extern const size_t mbedtls_test_cli_key_len;
-#if defined(MBEDTLS_ECDSA_C)
-extern const char mbedtls_test_ca_crt_ec[];
+extern const char mbedtls_test_ca_crt_ec_pem[];
+extern const char mbedtls_test_ca_key_ec_pem[];
+extern const char mbedtls_test_ca_pwd_ec_pem[];
+extern const char mbedtls_test_ca_key_rsa_pem[];
+extern const char mbedtls_test_ca_pwd_rsa_pem[];
+extern const char mbedtls_test_ca_crt_rsa_sha1_pem[];
+extern const char mbedtls_test_ca_crt_rsa_sha256_pem[];
+
+extern const unsigned char mbedtls_test_ca_crt_ec_der[];
+extern const unsigned char mbedtls_test_ca_key_ec_der[];
+extern const unsigned char mbedtls_test_ca_key_rsa_der[];
+extern const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[];
+extern const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[];
+
+extern const size_t mbedtls_test_ca_crt_ec_pem_len;
+extern const size_t mbedtls_test_ca_key_ec_pem_len;
+extern const size_t mbedtls_test_ca_pwd_ec_pem_len;
+extern const size_t mbedtls_test_ca_key_rsa_pem_len;
+extern const size_t mbedtls_test_ca_pwd_rsa_pem_len;
+extern const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len;
+extern const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len;
+
+extern const size_t mbedtls_test_ca_crt_ec_der_len;
+extern const size_t mbedtls_test_ca_key_ec_der_len;
+extern const size_t mbedtls_test_ca_pwd_ec_der_len;
+extern const size_t mbedtls_test_ca_key_rsa_der_len;
+extern const size_t mbedtls_test_ca_pwd_rsa_der_len;
+extern const size_t mbedtls_test_ca_crt_rsa_sha1_der_len;
+extern const size_t mbedtls_test_ca_crt_rsa_sha256_der_len;
+
+/* Config-dependent dispatch between PEM and DER encoding
+ * (PEM if enabled, otherwise DER) */
+
+extern const char mbedtls_test_ca_crt_ec[];
+extern const char mbedtls_test_ca_key_ec[];
+extern const char mbedtls_test_ca_pwd_ec[];
+extern const char mbedtls_test_ca_key_rsa[];
+extern const char mbedtls_test_ca_pwd_rsa[];
+extern const char mbedtls_test_ca_crt_rsa_sha1[];
+extern const char mbedtls_test_ca_crt_rsa_sha256[];
+
extern const size_t mbedtls_test_ca_crt_ec_len;
-extern const char mbedtls_test_ca_key_ec[];
extern const size_t mbedtls_test_ca_key_ec_len;
-extern const char mbedtls_test_ca_pwd_ec[];
extern const size_t mbedtls_test_ca_pwd_ec_len;
-extern const char mbedtls_test_srv_crt_ec[];
-extern const size_t mbedtls_test_srv_crt_ec_len;
-extern const char mbedtls_test_srv_key_ec[];
-extern const size_t mbedtls_test_srv_key_ec_len;
-extern const char mbedtls_test_cli_crt_ec[];
-extern const size_t mbedtls_test_cli_crt_ec_len;
-extern const char mbedtls_test_cli_key_ec[];
-extern const size_t mbedtls_test_cli_key_ec_len;
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-extern const char mbedtls_test_ca_crt_rsa[];
-extern const size_t mbedtls_test_ca_crt_rsa_len;
-extern const char mbedtls_test_ca_key_rsa[];
extern const size_t mbedtls_test_ca_key_rsa_len;
-extern const char mbedtls_test_ca_pwd_rsa[];
extern const size_t mbedtls_test_ca_pwd_rsa_len;
-extern const char mbedtls_test_srv_crt_rsa[];
-extern const size_t mbedtls_test_srv_crt_rsa_len;
-extern const char mbedtls_test_srv_key_rsa[];
+extern const size_t mbedtls_test_ca_crt_rsa_sha1_len;
+extern const size_t mbedtls_test_ca_crt_rsa_sha256_len;
+
+/* Config-dependent dispatch between SHA-1 and SHA-256
+ * (SHA-256 if enabled, otherwise SHA-1) */
+
+extern const char mbedtls_test_ca_crt_rsa[];
+extern const size_t mbedtls_test_ca_crt_rsa_len;
+
+/* Config-dependent dispatch between EC and RSA
+ * (RSA if enabled, otherwise EC) */
+
+extern const char * mbedtls_test_ca_crt;
+extern const char * mbedtls_test_ca_key;
+extern const char * mbedtls_test_ca_pwd;
+extern const size_t mbedtls_test_ca_crt_len;
+extern const size_t mbedtls_test_ca_key_len;
+extern const size_t mbedtls_test_ca_pwd_len;
+
+/*
+ * Server test certificates
+ */
+
+extern const char mbedtls_test_srv_crt_ec_pem[];
+extern const char mbedtls_test_srv_key_ec_pem[];
+extern const char mbedtls_test_srv_pwd_ec_pem[];
+extern const char mbedtls_test_srv_key_rsa_pem[];
+extern const char mbedtls_test_srv_pwd_rsa_pem[];
+extern const char mbedtls_test_srv_crt_rsa_sha1_pem[];
+extern const char mbedtls_test_srv_crt_rsa_sha256_pem[];
+
+extern const unsigned char mbedtls_test_srv_crt_ec_der[];
+extern const unsigned char mbedtls_test_srv_key_ec_der[];
+extern const unsigned char mbedtls_test_srv_key_rsa_der[];
+extern const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[];
+extern const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[];
+
+extern const size_t mbedtls_test_srv_crt_ec_pem_len;
+extern const size_t mbedtls_test_srv_key_ec_pem_len;
+extern const size_t mbedtls_test_srv_pwd_ec_pem_len;
+extern const size_t mbedtls_test_srv_key_rsa_pem_len;
+extern const size_t mbedtls_test_srv_pwd_rsa_pem_len;
+extern const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len;
+extern const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len;
+
+extern const size_t mbedtls_test_srv_crt_ec_der_len;
+extern const size_t mbedtls_test_srv_key_ec_der_len;
+extern const size_t mbedtls_test_srv_pwd_ec_der_len;
+extern const size_t mbedtls_test_srv_key_rsa_der_len;
+extern const size_t mbedtls_test_srv_pwd_rsa_der_len;
+extern const size_t mbedtls_test_srv_crt_rsa_sha1_der_len;
+extern const size_t mbedtls_test_srv_crt_rsa_sha256_der_len;
+
+/* Config-dependent dispatch between PEM and DER encoding
+ * (PEM if enabled, otherwise DER) */
+
+extern const char mbedtls_test_srv_crt_ec[];
+extern const char mbedtls_test_srv_key_ec[];
+extern const char mbedtls_test_srv_pwd_ec[];
+extern const char mbedtls_test_srv_key_rsa[];
+extern const char mbedtls_test_srv_pwd_rsa[];
+extern const char mbedtls_test_srv_crt_rsa_sha1[];
+extern const char mbedtls_test_srv_crt_rsa_sha256[];
+
+extern const size_t mbedtls_test_srv_crt_ec_len;
+extern const size_t mbedtls_test_srv_key_ec_len;
+extern const size_t mbedtls_test_srv_pwd_ec_len;
extern const size_t mbedtls_test_srv_key_rsa_len;
-extern const char mbedtls_test_cli_crt_rsa[];
-extern const size_t mbedtls_test_cli_crt_rsa_len;
-extern const char mbedtls_test_cli_key_rsa[];
+extern const size_t mbedtls_test_srv_pwd_rsa_len;
+extern const size_t mbedtls_test_srv_crt_rsa_sha1_len;
+extern const size_t mbedtls_test_srv_crt_rsa_sha256_len;
+
+/* Config-dependent dispatch between SHA-1 and SHA-256
+ * (SHA-256 if enabled, otherwise SHA-1) */
+
+extern const char mbedtls_test_srv_crt_rsa[];
+extern const size_t mbedtls_test_srv_crt_rsa_len;
+
+/* Config-dependent dispatch between EC and RSA
+ * (RSA if enabled, otherwise EC) */
+
+extern const char * mbedtls_test_srv_crt;
+extern const char * mbedtls_test_srv_key;
+extern const char * mbedtls_test_srv_pwd;
+extern const size_t mbedtls_test_srv_crt_len;
+extern const size_t mbedtls_test_srv_key_len;
+extern const size_t mbedtls_test_srv_pwd_len;
+
+/*
+ * Client test certificates
+ */
+
+extern const char mbedtls_test_cli_crt_ec_pem[];
+extern const char mbedtls_test_cli_key_ec_pem[];
+extern const char mbedtls_test_cli_pwd_ec_pem[];
+extern const char mbedtls_test_cli_key_rsa_pem[];
+extern const char mbedtls_test_cli_pwd_rsa_pem[];
+extern const char mbedtls_test_cli_crt_rsa_pem[];
+
+extern const unsigned char mbedtls_test_cli_crt_ec_der[];
+extern const unsigned char mbedtls_test_cli_key_ec_der[];
+extern const unsigned char mbedtls_test_cli_key_rsa_der[];
+extern const unsigned char mbedtls_test_cli_crt_rsa_der[];
+
+extern const size_t mbedtls_test_cli_crt_ec_pem_len;
+extern const size_t mbedtls_test_cli_key_ec_pem_len;
+extern const size_t mbedtls_test_cli_pwd_ec_pem_len;
+extern const size_t mbedtls_test_cli_key_rsa_pem_len;
+extern const size_t mbedtls_test_cli_pwd_rsa_pem_len;
+extern const size_t mbedtls_test_cli_crt_rsa_pem_len;
+
+extern const size_t mbedtls_test_cli_crt_ec_der_len;
+extern const size_t mbedtls_test_cli_key_ec_der_len;
+extern const size_t mbedtls_test_cli_key_rsa_der_len;
+extern const size_t mbedtls_test_cli_crt_rsa_der_len;
+
+/* Config-dependent dispatch between PEM and DER encoding
+ * (PEM if enabled, otherwise DER) */
+
+extern const char mbedtls_test_cli_crt_ec[];
+extern const char mbedtls_test_cli_key_ec[];
+extern const char mbedtls_test_cli_pwd_ec[];
+extern const char mbedtls_test_cli_key_rsa[];
+extern const char mbedtls_test_cli_pwd_rsa[];
+extern const char mbedtls_test_cli_crt_rsa[];
+
+extern const size_t mbedtls_test_cli_crt_ec_len;
+extern const size_t mbedtls_test_cli_key_ec_len;
+extern const size_t mbedtls_test_cli_pwd_ec_len;
extern const size_t mbedtls_test_cli_key_rsa_len;
-#endif
+extern const size_t mbedtls_test_cli_pwd_rsa_len;
+extern const size_t mbedtls_test_cli_crt_rsa_len;
+
+/* Config-dependent dispatch between EC and RSA
+ * (RSA if enabled, otherwise EC) */
+
+extern const char * mbedtls_test_cli_crt;
+extern const char * mbedtls_test_cli_key;
+extern const char * mbedtls_test_cli_pwd;
+extern const size_t mbedtls_test_cli_crt_len;
+extern const size_t mbedtls_test_cli_key_len;
+extern const size_t mbedtls_test_cli_pwd_len;
#ifdef __cplusplus
}
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index 47bd7d3..2ae5e6e 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -43,7 +43,13 @@
#include <stddef.h>
#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x0051 /**< Invalid input parameter(s). */
+
+/* MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE is deprecated and should not be
+ * used. */
#define MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE -0x0053 /**< Feature not available. For example, s part of the API is not implemented. */
+
+/* MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED is deprecated and should not be used.
+ */
#define MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED -0x0055 /**< Chacha20 hardware accelerator failed. */
#ifdef __cplusplus
@@ -52,7 +58,7 @@
#if !defined(MBEDTLS_CHACHA20_ALT)
-typedef struct
+typedef struct mbedtls_chacha20_context
{
uint32_t state[16]; /*! The state (before round operations). */
uint8_t keystream8[64]; /*! Leftover keystream bytes. */
@@ -77,13 +83,18 @@
* \c mbedtls_chacha20_free().
*
* \param ctx The ChaCha20 context to initialize.
+ * This must not be \c NULL.
*/
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
/**
- * \brief This function releases and clears the specified ChaCha20 context.
+ * \brief This function releases and clears the specified
+ * ChaCha20 context.
*
- * \param ctx The ChaCha20 context to clear.
+ * \param ctx The ChaCha20 context to clear. This may be \c NULL,
+ * in which case this function is a no-op. If it is not
+ * \c NULL, it must point to an initialized context.
+ *
*/
void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
@@ -96,7 +107,9 @@
* \c mbedtls_chacha_update().
*
* \param ctx The ChaCha20 context to which the key should be bound.
- * \param key The encryption/decryption key. Must be 32 bytes in length.
+ * It must be initialized.
+ * \param key The encryption/decryption key. This must be \c 32 Bytes
+ * in length.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL.
@@ -115,8 +128,9 @@
* messages encrypted with the same nonce and key.
*
* \param ctx The ChaCha20 context to which the nonce should be bound.
- * \param nonce The nonce. Must be 12 bytes in size.
- * \param counter The initial counter value. This is usually 0.
+ * It must be initialized and bound to a key.
+ * \param nonce The nonce. This must be \c 12 Bytes in size.
+ * \param counter The initial counter value. This is usually \c 0.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is
@@ -144,16 +158,16 @@
* key and nonce.
*
* \param ctx The ChaCha20 context to use for encryption or decryption.
- * \param size The length of the input data in bytes.
+ * It must be initialized and bound to a key and nonce.
+ * \param size The length of the input data in Bytes.
* \param input The buffer holding the input data.
- * This pointer can be NULL if size == 0.
+ * This pointer can be \c NULL if `size == 0`.
* \param output The buffer holding the output data.
- * Must be able to hold \p size bytes.
- * This pointer can be NULL if size == 0.
+ * This must be able to hold \p size Bytes.
+ * This pointer can be \c NULL if `size == 0`.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if the ctx, input, or
- * output pointers are NULL.
+ * \return A negative error code on failure.
*/
int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
size_t size,
@@ -174,19 +188,19 @@
* \note The \p input and \p output pointers must either be equal or
* point to non-overlapping buffers.
*
- * \param key The encryption/decryption key. Must be 32 bytes in length.
- * \param nonce The nonce. Must be 12 bytes in size.
- * \param counter The initial counter value. This is usually 0.
- * \param size The length of the input data in bytes.
+ * \param key The encryption/decryption key.
+ * This must be \c 32 Bytes in length.
+ * \param nonce The nonce. This must be \c 12 Bytes in size.
+ * \param counter The initial counter value. This is usually \c 0.
+ * \param size The length of the input data in Bytes.
* \param input The buffer holding the input data.
- * This pointer can be NULL if size == 0.
+ * This pointer can be \c NULL if `size == 0`.
* \param output The buffer holding the output data.
- * Must be able to hold \p size bytes.
- * This pointer can be NULL if size == 0.
+ * This must be able to hold \p size Bytes.
+ * This pointer can be \c NULL if `size == 0`.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if key, nonce, input,
- * or output is NULL.
+ * \return A negative error code on failure.
*/
int mbedtls_chacha20_crypt( const unsigned char key[32],
const unsigned char nonce[12],
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index 42b2b23..49e615d 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -60,7 +60,7 @@
#include "chacha20.h"
-typedef struct
+typedef struct mbedtls_chachapoly_context
{
mbedtls_chacha20_context chacha20_ctx; /**< The ChaCha20 context. */
mbedtls_poly1305_context poly1305_ctx; /**< The Poly1305 context. */
@@ -115,27 +115,29 @@
* all previous outputs of \c mbedtls_chachapoly_update(),
* otherwise you can now safely use the plaintext.
*
- * \param ctx The ChachaPoly context to initialize.
+ * \param ctx The ChachaPoly context to initialize. Must not be \c NULL.
*/
void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx );
/**
- * \brief This function releases and clears the specified ChaCha20-Poly1305 context.
+ * \brief This function releases and clears the specified
+ * ChaCha20-Poly1305 context.
*
- * \param ctx The ChachaPoly context to clear.
+ * \param ctx The ChachaPoly context to clear. This may be \c NULL, in which
+ * case this function is a no-op.
*/
void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx );
/**
- * \brief This function sets the ChaCha20-Poly1305 symmetric encryption key.
+ * \brief This function sets the ChaCha20-Poly1305
+ * symmetric encryption key.
*
* \param ctx The ChaCha20-Poly1305 context to which the key should be
- * bound.
- * \param key The 256-bit (32 bytes) key.
+ * bound. This must be initialized.
+ * \param key The \c 256 Bit (\c 32 Bytes) key.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- * if \p ctx or \p key are NULL.
+ * \return A negative error code on failure.
*/
int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
const unsigned char key[32] );
@@ -155,14 +157,15 @@
* \warning Decryption with the piecewise API is discouraged, see the
* warning on \c mbedtls_chachapoly_init().
*
- * \param ctx The ChaCha20-Poly1305 context.
- * \param nonce The nonce/IV to use for the message. Must be 12 bytes.
+ * \param ctx The ChaCha20-Poly1305 context. This must be initialized
+ * and bound to a key.
+ * \param nonce The nonce/IV to use for the message.
+ * This must be a redable buffer of length \c 12 Bytes.
* \param mode The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
* #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- * if \p ctx or \p mac are NULL.
+ * \return A negative error code on failure.
*/
int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
const unsigned char nonce[12],
@@ -193,11 +196,12 @@
* \warning Decryption with the piecewise API is discouraged, see the
* warning on \c mbedtls_chachapoly_init().
*
- * \param ctx The ChaCha20-Poly1305 context to use.
- * \param aad_len The length (in bytes) of the AAD. The length has no
+ * \param ctx The ChaCha20-Poly1305 context. This must be initialized
+ * and bound to a key.
+ * \param aad_len The length in Bytes of the AAD. The length has no
* restrictions.
* \param aad Buffer containing the AAD.
- * This pointer can be NULL if aad_len == 0.
+ * This pointer can be \c NULL if `aad_len == 0`.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
@@ -227,20 +231,19 @@
* \warning Decryption with the piecewise API is discouraged, see the
* warning on \c mbedtls_chachapoly_init().
*
- * \param ctx The ChaCha20-Poly1305 context to use.
+ * \param ctx The ChaCha20-Poly1305 context to use. This must be initialized.
* \param len The length (in bytes) of the data to encrypt or decrypt.
* \param input The buffer containing the data to encrypt or decrypt.
- * This pointer can be NULL if len == 0.
- * \param output The buffer to where the encrypted or decrypted data is written.
- * Must be able to hold \p len bytes.
- * This pointer can be NULL if len == 0.
+ * This pointer can be \c NULL if `len == 0`.
+ * \param output The buffer to where the encrypted or decrypted data is
+ * written. This must be able to hold \p len bytes.
+ * This pointer can be \c NULL if `len == 0`.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- * if \p ctx, \p input, or \p output are NULL.
* \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
* if the operation has not been started or has been
* finished.
+ * \return Another negative error code on other kinds of failure.
*/
int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
size_t len,
@@ -251,18 +254,17 @@
* \brief This function finished the ChaCha20-Poly1305 operation and
* generates the MAC (authentication tag).
*
- * \param ctx The ChaCha20-Poly1305 context to use.
+ * \param ctx The ChaCha20-Poly1305 context to use. This must be initialized.
* \param mac The buffer to where the 128-bit (16 bytes) MAC is written.
*
* \warning Decryption with the piecewise API is discouraged, see the
* warning on \c mbedtls_chachapoly_init().
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- * if \p ctx or \p mac are NULL.
* \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
* if the operation has not been started or has been
* finished.
+ * \return Another negative error code on other kinds of failure.
*/
int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
unsigned char mac[16] );
@@ -280,20 +282,21 @@
* and key.
*
* \param ctx The ChaCha20-Poly1305 context to use (holds the key).
+ * This must be initialized.
* \param length The length (in bytes) of the data to encrypt or decrypt.
* \param nonce The 96-bit (12 bytes) nonce/IV to use.
- * \param aad The buffer containing the additional authenticated data (AAD).
- * This pointer can be NULL if aad_len == 0.
+ * \param aad The buffer containing the additional authenticated
+ * data (AAD). This pointer can be \c NULL if `aad_len == 0`.
* \param aad_len The length (in bytes) of the AAD data to process.
* \param input The buffer containing the data to encrypt or decrypt.
- * This pointer can be NULL if ilen == 0.
- * \param output The buffer to where the encrypted or decrypted data is written.
- * This pointer can be NULL if ilen == 0.
- * \param tag The buffer to where the computed 128-bit (16 bytes) MAC is written.
+ * This pointer can be \c NULL if `ilen == 0`.
+ * \param output The buffer to where the encrypted or decrypted data
+ * is written. This pointer can be \c NULL if `ilen == 0`.
+ * \param tag The buffer to where the computed 128-bit (16 bytes) MAC
+ * is written. This must not be \c NULL.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- * if one or more of the required parameters are NULL.
+ * \return A negative error code on failure.
*/
int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
size_t length,
@@ -312,22 +315,22 @@
* \c mbedtls_chachapoly_setkey().
*
* \param ctx The ChaCha20-Poly1305 context to use (holds the key).
- * \param length The length (in bytes) of the data to decrypt.
- * \param nonce The 96-bit (12 bytes) nonce/IV to use.
+ * \param length The length (in Bytes) of the data to decrypt.
+ * \param nonce The \c 96 Bit (\c 12 bytes) nonce/IV to use.
* \param aad The buffer containing the additional authenticated data (AAD).
- * This pointer can be NULL if aad_len == 0.
+ * This pointer can be \c NULL if `aad_len == 0`.
* \param aad_len The length (in bytes) of the AAD data to process.
* \param tag The buffer holding the authentication tag.
+ * This must be a readable buffer of length \c 16 Bytes.
* \param input The buffer containing the data to decrypt.
- * This pointer can be NULL if ilen == 0.
+ * This pointer can be \c NULL if `ilen == 0`.
* \param output The buffer to where the decrypted data is written.
- * This pointer can be NULL if ilen == 0.
+ * This pointer can be \c NULL if `ilen == 0`.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- * if one or more of the required parameters are NULL.
* \return #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
* if the data was not authentic.
+ * \return Another negative error code on other kinds of failure.
*/
int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
size_t length,
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 9e6bb8a..dfadcc5 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -50,6 +50,11 @@
!defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
#endif
+
+#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
+ !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
+#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
+#endif
#endif /* _WIN32 */
#if defined(TARGET_LIKE_MBED) && \
@@ -108,11 +113,28 @@
#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_ECP_RESTARTABLE) && \
+ ( defined(MBEDTLS_USE_PSA_CRYPTO) || \
+ defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \
+ defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \
+ defined(MBEDTLS_ECDSA_SIGN_ALT) || \
+ defined(MBEDTLS_ECDSA_VERIFY_ALT) || \
+ defined(MBEDTLS_ECDSA_GENKEY_ALT) || \
+ defined(MBEDTLS_ECP_INTERNAL_ALT) || \
+ defined(MBEDTLS_ECP_ALT) )
+#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation"
+#endif
+
+#if defined(MBEDTLS_ECP_RESTARTABLE) && \
+ ! defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+#error "MBEDTLS_ECP_RESTARTABLE defined, but not MBEDTLS_ECDH_LEGACY_CONTEXT"
+#endif
+
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
+#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
!defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
@@ -123,10 +145,16 @@
!defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) ) )
+ !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) )
#error "MBEDTLS_ECP_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
+#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
+#endif
+
#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \
!defined(MBEDTLS_SHA256_C))
#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
@@ -259,6 +287,14 @@
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && \
+ !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
+ ( !defined(MBEDTLS_SHA256_C) && \
+ !defined(MBEDTLS_SHA512_C) && \
+ !defined(MBEDTLS_SHA1_C) )
+#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C"
+#endif
+
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
@@ -486,6 +522,37 @@
#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
#endif
+#if defined(MBEDTLS_PSA_CRYPTO_C) && \
+ !( defined(MBEDTLS_CTR_DRBG_C) && \
+ defined(MBEDTLS_ENTROPY_C) )
+#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_SPM) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
+ ! defined(MBEDTLS_PSA_CRYPTO_C)
+#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
+ !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
+ defined(MBEDTLS_ENTROPY_NV_SEED) )
+#error "MBEDTLS_PSA_INJECT_ENTROPY defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
+ !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
+#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources"
+#endif
+
+#if defined(MBEDTLS_PSA_ITS_FILE_C) && \
+ !defined(MBEDTLS_FS_IO)
+#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_OID_C) )
#error "MBEDTLS_RSA_C defined, but not all prerequisites"
@@ -576,6 +643,23 @@
#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
+ ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
+#error "MBEDTLS_SSL_DTLS_CONNECTION_ID defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
+ defined(MBEDTLS_SSL_CID_IN_LEN_MAX) && \
+ MBEDTLS_SSL_CID_IN_LEN_MAX > 255
+#error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
+ defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) && \
+ MBEDTLS_SSL_CID_OUT_LEN_MAX > 255
+#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
+#endif
+
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \
( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT defined, but not all prerequisites"
@@ -628,6 +712,10 @@
#endif
#undef MBEDTLS_THREADING_IMPL
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
#endif
@@ -676,7 +764,7 @@
/*
* Avoid warning from -pedantic. This is a convenient place for this
* workaround since this is included by every single file before the
- * #if defined(MBEDTLS_xxx_C) that results in emtpy translation units.
+ * #if defined(MBEDTLS_xxx_C) that results in empty translation units.
*/
typedef int mbedtls_iso_c_forbids_empty_translation_units;
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index ea0ce98..ea00703 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -36,6 +36,7 @@
#endif
#include <stddef.h>
+#include "platform_util.h"
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
#define MBEDTLS_CIPHER_MODE_AEAD
@@ -45,7 +46,8 @@
#define MBEDTLS_CIPHER_MODE_WITH_PADDING
#endif
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
+ defined(MBEDTLS_CHACHA20_C)
#define MBEDTLS_CIPHER_MODE_STREAM
#endif
@@ -61,6 +63,8 @@
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */
#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid. For example, because it was freed. */
+
+/* MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400 /**< Cipher hardware accelerator failed. */
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length. */
@@ -172,21 +176,29 @@
MBEDTLS_CIPHER_AES_256_XTS, /**< AES 256-bit cipher in XTS block mode. */
MBEDTLS_CIPHER_CHACHA20, /**< ChaCha20 stream cipher. */
MBEDTLS_CIPHER_CHACHA20_POLY1305, /**< ChaCha20-Poly1305 AEAD cipher. */
+ MBEDTLS_CIPHER_AES_128_KW, /**< AES cipher with 128-bit NIST KW mode. */
+ MBEDTLS_CIPHER_AES_192_KW, /**< AES cipher with 192-bit NIST KW mode. */
+ MBEDTLS_CIPHER_AES_256_KW, /**< AES cipher with 256-bit NIST KW mode. */
+ MBEDTLS_CIPHER_AES_128_KWP, /**< AES cipher with 128-bit NIST KWP mode. */
+ MBEDTLS_CIPHER_AES_192_KWP, /**< AES cipher with 192-bit NIST KWP mode. */
+ MBEDTLS_CIPHER_AES_256_KWP, /**< AES cipher with 256-bit NIST KWP mode. */
} mbedtls_cipher_type_t;
/** Supported cipher modes. */
typedef enum {
- MBEDTLS_MODE_NONE = 0, /**< None. */
- MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */
- MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */
- MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */
- MBEDTLS_MODE_OFB, /**< The OFB cipher mode. */
- MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */
- MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
- MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
- MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
- MBEDTLS_MODE_XTS, /**< The XTS cipher mode. */
+ MBEDTLS_MODE_NONE = 0, /**< None. */
+ MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */
+ MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */
+ MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */
+ MBEDTLS_MODE_OFB, /**< The OFB cipher mode. */
+ MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */
+ MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
+ MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
+ MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
+ MBEDTLS_MODE_XTS, /**< The XTS cipher mode. */
MBEDTLS_MODE_CHACHAPOLY, /**< The ChaCha-Poly cipher mode. */
+ MBEDTLS_MODE_KW, /**< The SP800-38F KW mode */
+ MBEDTLS_MODE_KWP, /**< The SP800-38F KWP mode */
} mbedtls_cipher_mode_t;
/** Supported cipher padding types. */
@@ -235,7 +247,8 @@
* Cipher information. Allows calling cipher functions
* in a generic way.
*/
-typedef struct {
+typedef struct mbedtls_cipher_info_t
+{
/** Full cipher identifier. For example,
* MBEDTLS_CIPHER_AES_256_CBC.
*/
@@ -276,7 +289,8 @@
/**
* Generic cipher context.
*/
-typedef struct {
+typedef struct mbedtls_cipher_context_t
+{
/** Information about the associated cipher. */
const mbedtls_cipher_info_t *cipher_info;
@@ -316,14 +330,32 @@
/** CMAC-specific context. */
mbedtls_cmac_context_t *cmac_ctx;
#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /** Indicates whether the cipher operations should be performed
+ * by Mbed TLS' own crypto library or an external implementation
+ * of the PSA Crypto API.
+ * This is unset if the cipher context was established through
+ * mbedtls_cipher_setup(), and set if it was established through
+ * mbedtls_cipher_setup_psa().
+ */
+ unsigned char psa_enabled;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
} mbedtls_cipher_context_t;
/**
- * \brief This function retrieves the list of ciphers supported by the generic
- * cipher module.
+ * \brief This function retrieves the list of ciphers supported
+ * by the generic cipher module.
*
- * \return A statically-allocated array of ciphers. The last entry
- * is zero.
+ * For any cipher identifier in the returned list, you can
+ * obtain the corresponding generic cipher information structure
+ * via mbedtls_cipher_info_from_type(), which can then be used
+ * to prepare a cipher context via mbedtls_cipher_setup().
+ *
+ *
+ * \return A statically-allocated array of cipher identifiers
+ * of type cipher_type_t. The last entry is zero.
*/
const int *mbedtls_cipher_list( void );
@@ -331,11 +363,12 @@
* \brief This function retrieves the cipher-information
* structure associated with the given cipher name.
*
- * \param cipher_name Name of the cipher to search for.
+ * \param cipher_name Name of the cipher to search for. This must not be
+ * \c NULL.
*
* \return The cipher information structure associated with the
* given \p cipher_name.
- * \return NULL if the associated cipher information is not found.
+ * \return \c NULL if the associated cipher information is not found.
*/
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
@@ -347,7 +380,7 @@
*
* \return The cipher information structure associated with the
* given \p cipher_type.
- * \return NULL if the associated cipher information is not found.
+ * \return \c NULL if the associated cipher information is not found.
*/
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
@@ -363,7 +396,7 @@
*
* \return The cipher information structure associated with the
* given \p cipher_id.
- * \return NULL if the associated cipher information is not found.
+ * \return \c NULL if the associated cipher information is not found.
*/
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
int key_bitlen,
@@ -371,6 +404,8 @@
/**
* \brief This function initializes a \p cipher_context as NONE.
+ *
+ * \param ctx The context to be initialized. This must not be \c NULL.
*/
void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
@@ -378,16 +413,19 @@
* \brief This function frees and clears the cipher-specific
* context of \p ctx. Freeing \p ctx itself remains the
* responsibility of the caller.
+ *
+ * \param ctx The context to be freed. If this is \c NULL, the
+ * function has no effect, otherwise this must point to an
+ * initialized context.
*/
void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
/**
- * \brief This function initializes and fills the cipher-context
- * structure with the appropriate values. It also clears
- * the structure.
+ * \brief This function initializes a cipher context for
+ * use with the given cipher primitive.
*
- * \param ctx The context to initialize. May not be NULL.
+ * \param ctx The context to initialize. This must be initialized.
* \param cipher_info The cipher to use.
*
* \return \c 0 on success.
@@ -400,19 +438,49 @@
* In future versions, the caller will be required to call
* mbedtls_cipher_init() on the structure first.
*/
-int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info );
+int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
+ const mbedtls_cipher_info_t *cipher_info );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/**
+ * \brief This function initializes a cipher context for
+ * PSA-based use with the given cipher primitive.
+ *
+ * \note See #MBEDTLS_USE_PSA_CRYPTO for information on PSA.
+ *
+ * \param ctx The context to initialize. May not be \c NULL.
+ * \param cipher_info The cipher to use.
+ * \param taglen For AEAD ciphers, the length in bytes of the
+ * authentication tag to use. Subsequent uses of
+ * mbedtls_cipher_auth_encrypt() or
+ * mbedtls_cipher_auth_decrypt() must provide
+ * the same tag length.
+ * For non-AEAD ciphers, the value must be \c 0.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+ * parameter-verification failure.
+ * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
+ * cipher-specific context fails.
+ */
+int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
+ const mbedtls_cipher_info_t *cipher_info,
+ size_t taglen );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/**
* \brief This function returns the block size of the given cipher.
*
- * \param ctx The context of the cipher. Must be initialized.
+ * \param ctx The context of the cipher. This must be initialized.
*
- * \return The size of the blocks of the cipher.
- * \return 0 if \p ctx has not been initialized.
+ * \return The block size of the underlying cipher.
+ * \return \c 0 if \p ctx has not been initialized.
*/
-static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx )
+static inline unsigned int mbedtls_cipher_get_block_size(
+ const mbedtls_cipher_context_t *ctx )
{
- if( NULL == ctx || NULL == ctx->cipher_info )
+ MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
+ if( ctx->cipher_info == NULL )
return 0;
return ctx->cipher_info->block_size;
@@ -422,14 +490,16 @@
* \brief This function returns the mode of operation for
* the cipher. For example, MBEDTLS_MODE_CBC.
*
- * \param ctx The context of the cipher. Must be initialized.
+ * \param ctx The context of the cipher. This must be initialized.
*
* \return The mode of operation.
* \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
*/
-static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx )
+static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
+ const mbedtls_cipher_context_t *ctx )
{
- if( NULL == ctx || NULL == ctx->cipher_info )
+ MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
+ if( ctx->cipher_info == NULL )
return MBEDTLS_MODE_NONE;
return ctx->cipher_info->mode;
@@ -439,15 +509,17 @@
* \brief This function returns the size of the IV or nonce
* of the cipher, in Bytes.
*
- * \param ctx The context of the cipher. Must be initialized.
+ * \param ctx The context of the cipher. This must be initialized.
*
* \return The recommended IV size if no IV has been set.
* \return \c 0 for ciphers not using an IV or a nonce.
* \return The actual size if an IV has been set.
*/
-static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx )
+static inline int mbedtls_cipher_get_iv_size(
+ const mbedtls_cipher_context_t *ctx )
{
- if( NULL == ctx || NULL == ctx->cipher_info )
+ MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
+ if( ctx->cipher_info == NULL )
return 0;
if( ctx->iv_size != 0 )
@@ -459,14 +531,17 @@
/**
* \brief This function returns the type of the given cipher.
*
- * \param ctx The context of the cipher. Must be initialized.
+ * \param ctx The context of the cipher. This must be initialized.
*
* \return The type of the cipher.
* \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
*/
-static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx )
+static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
+ const mbedtls_cipher_context_t *ctx )
{
- if( NULL == ctx || NULL == ctx->cipher_info )
+ MBEDTLS_INTERNAL_VALIDATE_RET(
+ ctx != NULL, MBEDTLS_CIPHER_NONE );
+ if( ctx->cipher_info == NULL )
return MBEDTLS_CIPHER_NONE;
return ctx->cipher_info->type;
@@ -476,14 +551,16 @@
* \brief This function returns the name of the given cipher
* as a string.
*
- * \param ctx The context of the cipher. Must be initialized.
+ * \param ctx The context of the cipher. This must be initialized.
*
* \return The name of the cipher.
* \return NULL if \p ctx has not been not initialized.
*/
-static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx )
+static inline const char *mbedtls_cipher_get_name(
+ const mbedtls_cipher_context_t *ctx )
{
- if( NULL == ctx || NULL == ctx->cipher_info )
+ MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
+ if( ctx->cipher_info == NULL )
return 0;
return ctx->cipher_info->name;
@@ -492,15 +569,18 @@
/**
* \brief This function returns the key length of the cipher.
*
- * \param ctx The context of the cipher. Must be initialized.
+ * \param ctx The context of the cipher. This must be initialized.
*
* \return The key length of the cipher in bits.
* \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
* initialized.
*/
-static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx )
+static inline int mbedtls_cipher_get_key_bitlen(
+ const mbedtls_cipher_context_t *ctx )
{
- if( NULL == ctx || NULL == ctx->cipher_info )
+ MBEDTLS_INTERNAL_VALIDATE_RET(
+ ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
+ if( ctx->cipher_info == NULL )
return MBEDTLS_KEY_LENGTH_NONE;
return (int) ctx->cipher_info->key_bitlen;
@@ -509,14 +589,17 @@
/**
* \brief This function returns the operation of the given cipher.
*
- * \param ctx The context of the cipher. Must be initialized.
+ * \param ctx The context of the cipher. This must be initialized.
*
* \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
* \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
*/
-static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx )
+static inline mbedtls_operation_t mbedtls_cipher_get_operation(
+ const mbedtls_cipher_context_t *ctx )
{
- if( NULL == ctx || NULL == ctx->cipher_info )
+ MBEDTLS_INTERNAL_VALIDATE_RET(
+ ctx != NULL, MBEDTLS_OPERATION_NONE );
+ if( ctx->cipher_info == NULL )
return MBEDTLS_OPERATION_NONE;
return ctx->operation;
@@ -525,11 +608,11 @@
/**
* \brief This function sets the key to use with the given context.
*
- * \param ctx The generic cipher context. May not be NULL. Must have
- * been initialized using mbedtls_cipher_info_from_type()
- * or mbedtls_cipher_info_from_string().
- * \param key The key to use.
- * \param key_bitlen The key length to use, in bits.
+ * \param ctx The generic cipher context. This must be initialized and
+ * bound to a cipher information structure.
+ * \param key The key to use. This must be a readable buffer of at
+ * least \p key_bitlen Bits.
+ * \param key_bitlen The key length to use, in Bits.
* \param operation The operation that the key will be used for:
* #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
*
@@ -538,8 +621,10 @@
* parameter-verification failure.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
- int key_bitlen, const mbedtls_operation_t operation );
+int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
+ const unsigned char *key,
+ int key_bitlen,
+ const mbedtls_operation_t operation );
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/**
@@ -548,7 +633,8 @@
*
* The default passing mode is PKCS7 padding.
*
- * \param ctx The generic cipher context.
+ * \param ctx The generic cipher context. This must be initialized and
+ * bound to a cipher information structure.
* \param mode The padding mode.
*
* \return \c 0 on success.
@@ -557,7 +643,8 @@
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
* does not support padding.
*/
-int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode );
+int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
+ mbedtls_cipher_padding_t mode );
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
/**
@@ -567,8 +654,10 @@
* \note Some ciphers do not use IVs nor nonce. For these
* ciphers, this function has no effect.
*
- * \param ctx The generic cipher context.
- * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
+ * \param ctx The generic cipher context. This must be initialized and
+ * bound to a cipher information structure.
+ * \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This
+ * must be a readable buffer of at least \p iv_len Bytes.
* \param iv_len The IV length for ciphers with variable-size IV.
* This parameter is discarded by ciphers with fixed-size IV.
*
@@ -577,12 +666,13 @@
* parameter-verification failure.
*/
int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len );
+ const unsigned char *iv,
+ size_t iv_len );
/**
* \brief This function resets the cipher state.
*
- * \param ctx The generic cipher context.
+ * \param ctx The generic cipher context. This must be initialized.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
@@ -594,11 +684,13 @@
/**
* \brief This function adds additional data for AEAD ciphers.
* Currently supported with GCM and ChaCha20+Poly1305.
- * Must be called exactly once, after mbedtls_cipher_reset().
+ * This must be called exactly once, after
+ * mbedtls_cipher_reset().
*
- * \param ctx The generic cipher context.
- * \param ad The additional data to use.
- * \param ad_len the Length of \p ad.
+ * \param ctx The generic cipher context. This must be initialized.
+ * \param ad The additional data to use. This must be a readable
+ * buffer of at least \p ad_len Bytes.
+ * \param ad_len The length of \p ad in Bytes.
*
* \return \c 0 on success.
* \return A specific error code on failure.
@@ -622,14 +714,17 @@
* mbedtls_cipher_finish(), must have \p ilen as a
* multiple of the block size of the cipher.
*
- * \param ctx The generic cipher context.
- * \param input The buffer holding the input data.
+ * \param ctx The generic cipher context. This must be initialized and
+ * bound to a key.
+ * \param input The buffer holding the input data. This must be a
+ * readable buffer of at least \p ilen Bytes.
* \param ilen The length of the input data.
- * \param output The buffer for the output data. Must be able to hold at
- * least \p ilen + block_size. Must not be the same buffer
- * as input.
+ * \param output The buffer for the output data. This must be able to
+ * hold at least `ilen + block_size`. This must not be the
+ * same buffer as \p input.
* \param olen The length of the output data, to be updated with the
- * actual number of Bytes written.
+ * actual number of Bytes written. This must not be
+ * \c NULL.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
@@ -638,8 +733,10 @@
* unsupported mode for a cipher.
* \return A cipher-specific error code on failure.
*/
-int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
- size_t ilen, unsigned char *output, size_t *olen );
+int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx,
+ const unsigned char *input,
+ size_t ilen, unsigned char *output,
+ size_t *olen );
/**
* \brief The generic cipher finalization function. If data still
@@ -647,9 +744,12 @@
* contained in it is padded to the size of
* the last block, and written to the \p output buffer.
*
- * \param ctx The generic cipher context.
- * \param output The buffer to write data to. Needs block_size available.
+ * \param ctx The generic cipher context. This must be initialized and
+ * bound to a key.
+ * \param output The buffer to write data to. This needs to be a writable
+ * buffer of at least \p block_size Bytes.
* \param olen The length of the data written to the \p output buffer.
+ * This may not be \c NULL.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
@@ -667,10 +767,14 @@
/**
* \brief This function writes a tag for AEAD ciphers.
* Currently supported with GCM and ChaCha20+Poly1305.
- * Must be called after mbedtls_cipher_finish().
+ * This must be called after mbedtls_cipher_finish().
*
- * \param ctx The generic cipher context.
- * \param tag The buffer to write the tag to.
+ * \param ctx The generic cipher context. This must be initialized,
+ * bound to a key, and have just completed a cipher
+ * operation through mbedtls_cipher_finish() the tag for
+ * which should be written.
+ * \param tag The buffer to write the tag to. This must be a writable
+ * buffer of at least \p tag_len Bytes.
* \param tag_len The length of the tag to write.
*
* \return \c 0 on success.
@@ -682,10 +786,11 @@
/**
* \brief This function checks the tag for AEAD ciphers.
* Currently supported with GCM and ChaCha20+Poly1305.
- * Must be called after mbedtls_cipher_finish().
+ * This must be called after mbedtls_cipher_finish().
*
- * \param ctx The generic cipher context.
- * \param tag The buffer holding the tag.
+ * \param ctx The generic cipher context. This must be initialized.
+ * \param tag The buffer holding the tag. This must be a readable
+ * buffer of at least \p tag_len Bytes.
* \param tag_len The length of the tag to check.
*
* \return \c 0 on success.
@@ -699,18 +804,22 @@
* \brief The generic all-in-one encryption/decryption function,
* for all ciphers except AEAD constructs.
*
- * \param ctx The generic cipher context.
+ * \param ctx The generic cipher context. This must be initialized.
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
+ * This must be a readable buffer of at least \p iv_len
+ * Bytes.
* \param iv_len The IV length for ciphers with variable-size IV.
* This parameter is discarded by ciphers with fixed-size
* IV.
- * \param input The buffer holding the input data.
- * \param ilen The length of the input data.
- * \param output The buffer for the output data. Must be able to hold at
- * least \p ilen + block_size. Must not be the same buffer
- * as input.
+ * \param input The buffer holding the input data. This must be a
+ * readable buffer of at least \p ilen Bytes.
+ * \param ilen The length of the input data in Bytes.
+ * \param output The buffer for the output data. This must be able to
+ * hold at least `ilen + block_size`. This must not be the
+ * same buffer as \p input.
* \param olen The length of the output data, to be updated with the
- * actual number of Bytes written.
+ * actual number of Bytes written. This must not be
+ * \c NULL.
*
* \note Some ciphers do not use IVs nor nonce. For these
* ciphers, use \p iv = NULL and \p iv_len = 0.
@@ -733,19 +842,26 @@
/**
* \brief The generic autenticated encryption (AEAD) function.
*
- * \param ctx The generic cipher context.
+ * \param ctx The generic cipher context. This must be initialized and
+ * bound to a key.
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
+ * This must be a readable buffer of at least \p iv_len
+ * Bytes.
* \param iv_len The IV length for ciphers with variable-size IV.
* This parameter is discarded by ciphers with fixed-size IV.
- * \param ad The additional data to authenticate.
+ * \param ad The additional data to authenticate. This must be a
+ * readable buffer of at least \p ad_len Bytes.
* \param ad_len The length of \p ad.
- * \param input The buffer holding the input data.
+ * \param input The buffer holding the input data. This must be a
+ * readable buffer of at least \p ilen Bytes.
* \param ilen The length of the input data.
- * \param output The buffer for the output data.
- * Must be able to hold at least \p ilen.
+ * \param output The buffer for the output data. This must be able to
+ * hold at least \p ilen Bytes.
* \param olen The length of the output data, to be updated with the
- * actual number of Bytes written.
- * \param tag The buffer for the authentication tag.
+ * actual number of Bytes written. This must not be
+ * \c NULL.
+ * \param tag The buffer for the authentication tag. This must be a
+ * writable buffer of at least \p tag_len Bytes.
* \param tag_len The desired length of the authentication tag.
*
* \return \c 0 on success.
@@ -767,19 +883,26 @@
* is zeroed out to prevent the unauthentic plaintext being
* used, making this interface safer.
*
- * \param ctx The generic cipher context.
+ * \param ctx The generic cipher context. This must be initialized and
+ * and bound to a key.
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
+ * This must be a readable buffer of at least \p iv_len
+ * Bytes.
* \param iv_len The IV length for ciphers with variable-size IV.
* This parameter is discarded by ciphers with fixed-size IV.
- * \param ad The additional data to be authenticated.
+ * \param ad The additional data to be authenticated. This must be a
+ * readable buffer of at least \p ad_len Bytes.
* \param ad_len The length of \p ad.
- * \param input The buffer holding the input data.
+ * \param input The buffer holding the input data. This must be a
+ * readable buffer of at least \p ilen Bytes.
* \param ilen The length of the input data.
* \param output The buffer for the output data.
- * Must be able to hold at least \p ilen.
+ * This must be able to hold at least \p ilen Bytes.
* \param olen The length of the output data, to be updated with the
- * actual number of Bytes written.
- * \param tag The buffer holding the authentication tag.
+ * actual number of Bytes written. This must not be
+ * \c NULL.
+ * \param tag The buffer holding the authentication tag. This must be
+ * a readable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the authentication tag.
*
* \return \c 0 on success.
diff --git a/include/mbedtls/cipher_internal.h b/include/mbedtls/cipher_internal.h
index c6def0b..d711339 100644
--- a/include/mbedtls/cipher_internal.h
+++ b/include/mbedtls/cipher_internal.h
@@ -34,6 +34,10 @@
#include "cipher.h"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -114,6 +118,30 @@
const mbedtls_cipher_info_t *info;
} mbedtls_cipher_definition_t;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+typedef enum
+{
+ MBEDTLS_CIPHER_PSA_KEY_UNSET = 0,
+ MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts which */
+ /* use raw key material internally imported */
+ /* into a allocated key slot, and which */
+ /* hence need to destroy that key slot */
+ /* when they are no longer needed. */
+ MBEDTLS_CIPHER_PSA_KEY_NOT_OWNED, /* Used for PSA-based cipher contexts */
+ /* which use a key from a key slot */
+ /* provided by the user, and which */
+ /* hence should not be destroyed when */
+ /* the context is no longer needed. */
+} mbedtls_cipher_psa_key_ownership;
+
+typedef struct
+{
+ psa_algorithm_t alg;
+ psa_key_handle_t slot;
+ mbedtls_cipher_psa_key_ownership slot_state;
+} mbedtls_cipher_context_psa;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];
extern int mbedtls_cipher_supported[];
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index a4fd552..9d42b3f 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -28,12 +28,19 @@
#ifndef MBEDTLS_CMAC_H
#define MBEDTLS_CMAC_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "cipher.h"
#ifdef __cplusplus
extern "C" {
#endif
+/* MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED -0x007A /**< CMAC hardware accelerator failed. */
#define MBEDTLS_AES_BLOCK_SIZE 16
diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h
index 213b691..a58b4724 100644
--- a/include/mbedtls/compat-1.3.h
+++ b/include/mbedtls/compat-1.3.h
@@ -25,6 +25,12 @@
* This file is part of mbed TLS (https://tls.mbed.org)
*/
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 70820be..529c07f 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -137,12 +137,21 @@
/**
* \def MBEDTLS_HAVE_TIME_DATE
*
- * System has time.h and time(), gmtime() and the clock is correct.
- * The time needs to be correct (not necesarily very accurate, but at least
+ * System has time.h, time(), and an implementation for
+ * mbedtls_platform_gmtime_r() (see below).
+ * The time needs to be correct (not necessarily very accurate, but at least
* the date should be correct). This is used to verify the validity period of
* X.509 certificates.
*
* Comment if your system does not have a correct clock.
+ *
+ * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
+ * behaves similarly to the gmtime_r() function from the C standard. Refer to
+ * the documentation for mbedtls_platform_gmtime_r() for more information.
+ *
+ * \note It is possible to configure an implementation for
+ * mbedtls_platform_gmtime_r() at compile-time by using the macro
+ * MBEDTLS_PLATFORM_GMTIME_R_ALT.
*/
#define MBEDTLS_HAVE_TIME_DATE
@@ -217,6 +226,7 @@
//#define MBEDTLS_PLATFORM_FPRINTF_ALT
//#define MBEDTLS_PLATFORM_PRINTF_ALT
//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
//#define MBEDTLS_PLATFORM_NV_SEED_ALT
//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
@@ -247,6 +257,72 @@
*/
//#define MBEDTLS_DEPRECATED_REMOVED
+/**
+ * \def MBEDTLS_CHECK_PARAMS
+ *
+ * This configuration option controls whether the library validates more of
+ * the parameters passed to it.
+ *
+ * When this flag is not defined, the library only attempts to validate an
+ * input parameter if: (1) they may come from the outside world (such as the
+ * network, the filesystem, etc.) or (2) not validating them could result in
+ * internal memory errors such as overflowing a buffer controlled by the
+ * library. On the other hand, it doesn't attempt to validate parameters whose
+ * values are fully controlled by the application (such as pointers).
+ *
+ * When this flag is defined, the library additionally attempts to validate
+ * parameters that are fully controlled by the application, and should always
+ * be valid if the application code is fully correct and trusted.
+ *
+ * For example, when a function accepts as input a pointer to a buffer that may
+ * contain untrusted data, and its documentation mentions that this pointer
+ * must not be NULL:
+ * - The pointer is checked to be non-NULL only if this option is enabled.
+ * - The content of the buffer is always validated.
+ *
+ * When this flag is defined, if a library function receives a parameter that
+ * is invalid:
+ * 1. The function will invoke the macro MBEDTLS_PARAM_FAILED().
+ * 2. If MBEDTLS_PARAM_FAILED() did not terminate the program, the function
+ * will immediately return. If the function returns an Mbed TLS error code,
+ * the error code in this case is MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
+ *
+ * When defining this flag, you also need to arrange a definition for
+ * MBEDTLS_PARAM_FAILED(). You can do this by any of the following methods:
+ * - By default, the library defines MBEDTLS_PARAM_FAILED() to call a
+ * function mbedtls_param_failed(), but the library does not define this
+ * function. If you do not make any other arrangements, you must provide
+ * the function mbedtls_param_failed() in your application.
+ * See `platform_util.h` for its prototype.
+ * - If you enable the macro #MBEDTLS_CHECK_PARAMS_ASSERT, then the
+ * library defines #MBEDTLS_PARAM_FAILED(\c cond) to be `assert(cond)`.
+ * You can still supply an alternative definition of
+ * MBEDTLS_PARAM_FAILED(), which may call `assert`.
+ * - If you define a macro MBEDTLS_PARAM_FAILED() before including `config.h`
+ * or you uncomment the definition of MBEDTLS_PARAM_FAILED() in `config.h`,
+ * the library will call the macro that you defined and will not supply
+ * its own version. Note that if MBEDTLS_PARAM_FAILED() calls `assert`,
+ * you need to enable #MBEDTLS_CHECK_PARAMS_ASSERT so that library source
+ * files include `<assert.h>`.
+ *
+ * Uncomment to enable validation of application-controlled parameters.
+ */
+//#define MBEDTLS_CHECK_PARAMS
+
+/**
+ * \def MBEDTLS_CHECK_PARAMS_ASSERT
+ *
+ * Allow MBEDTLS_PARAM_FAILED() to call `assert`, and make it default to
+ * `assert`. This macro is only used if #MBEDTLS_CHECK_PARAMS is defined.
+ *
+ * If this macro is not defined, then MBEDTLS_PARAM_FAILED() defaults to
+ * calling a function mbedtls_param_failed(). See the documentation of
+ * #MBEDTLS_CHECK_PARAMS for details.
+ *
+ * Uncomment to allow MBEDTLS_PARAM_FAILED() to call `assert`.
+ */
+//#define MBEDTLS_CHECK_PARAMS_ASSERT
+
/* \} name SECTION: System support */
/**
@@ -350,7 +426,7 @@
* \note Because of a signature change, the core AES encryption and decryption routines are
* currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
* respectively. When setting up alternative implementations, these functions should
- * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
+ * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
* must stay untouched.
*
* \note If you use the AES_xxx_ALT macros, then is is recommended to also set
@@ -405,11 +481,11 @@
* unsigned char mbedtls_internal_ecp_grp_capable(
* const mbedtls_ecp_group *grp )
* int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
- * void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp )
+ * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
* The mbedtls_internal_ecp_grp_capable function should return 1 if the
* replacement functions implement arithmetic for the given group and 0
* otherwise.
- * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are
+ * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
* called before and after each point operation and provide an opportunity to
* implement optimized set up and tear down instructions.
*
@@ -636,6 +712,26 @@
#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
/**
+ * \def MBEDTLS_REMOVE_3DES_CIPHERSUITES
+ *
+ * Remove 3DES ciphersuites by default in SSL / TLS.
+ * This flag removes the ciphersuites based on 3DES from the default list as
+ * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible
+ * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including
+ * them explicitly.
+ *
+ * A man-in-the-browser attacker can recover authentication tokens sent through
+ * a TLS connection using a 3DES based cipher suite (see "On the Practical
+ * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan
+ * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls
+ * in your threat model or you are unsure, then you should keep this option
+ * enabled to remove 3DES based cipher suites.
+ *
+ * Comment this macro to keep 3DES in the default ciphersuite list.
+ */
+#define MBEDTLS_REMOVE_3DES_CIPHERSUITES
+
+/**
* \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
*
* MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
@@ -669,6 +765,59 @@
#define MBEDTLS_ECP_NIST_OPTIM
/**
+ * \def MBEDTLS_ECP_RESTARTABLE
+ *
+ * Enable "non-blocking" ECC operations that can return early and be resumed.
+ *
+ * This allows various functions to pause by returning
+ * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module,
+ * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in
+ * order to further progress and eventually complete their operation. This is
+ * controlled through mbedtls_ecp_set_max_ops() which limits the maximum
+ * number of ECC operations a function may perform before pausing; see
+ * mbedtls_ecp_set_max_ops() for more information.
+ *
+ * This is useful in non-threaded environments if you want to avoid blocking
+ * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
+ *
+ * Uncomment this macro to enable restartable ECC computations.
+ *
+ * \note This option only works with the default software implementation of
+ * elliptic curve functionality. It is incompatible with
+ * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT
+ * and MBEDTLS_ECDH_LEGACY_CONTEXT.
+ */
+//#define MBEDTLS_ECP_RESTARTABLE
+
+/**
+ * \def MBEDTLS_ECDH_LEGACY_CONTEXT
+ *
+ * Use a backward compatible ECDH context.
+ *
+ * Mbed TLS supports two formats for ECDH contexts (#mbedtls_ecdh_context
+ * defined in `ecdh.h`). For most applications, the choice of format makes
+ * no difference, since all library functions can work with either format,
+ * except that the new format is incompatible with MBEDTLS_ECP_RESTARTABLE.
+
+ * The new format used when this option is disabled is smaller
+ * (56 bytes on a 32-bit platform). In future versions of the library, it
+ * will support alternative implementations of ECDH operations.
+ * The new format is incompatible with applications that access
+ * context fields directly and with restartable ECP operations.
+ *
+ * Define this macro if you enable MBEDTLS_ECP_RESTARTABLE or if you
+ * want to access ECDH context fields directly. Otherwise you should
+ * comment out this macro definition.
+ *
+ * This option has no effect if #MBEDTLS_ECDH_C is not enabled.
+ *
+ * \note This configuration option is experimental. Future versions of the
+ * library may modify the way the ECDH context layout is configured
+ * and may modify the layout of the new context type.
+ */
+#define MBEDTLS_ECDH_LEGACY_CONTEXT
+
+/**
* \def MBEDTLS_ECDSA_DETERMINISTIC
*
* Enable deterministic ECDSA (RFC 6979).
@@ -1127,6 +1276,33 @@
#define MBEDTLS_PKCS1_V21
/**
+ * \def MBEDTLS_PSA_CRYPTO_SPM
+ *
+ * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
+ * Partition Manager) integration which separates the code into two parts: a
+ * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
+ * Environment).
+ *
+ * Module: library/psa_crypto.c
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ */
+//#define MBEDTLS_PSA_CRYPTO_SPM
+
+/**
+ * \def MBEDTLS_PSA_INJECT_ENTROPY
+ *
+ * Enable support for entropy injection at first boot. This feature is
+ * required on systems that do not have a built-in entropy source (TRNG).
+ * This feature is currently not supported on systems that have a built-in
+ * entropy source.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED
+ *
+ */
+//#define MBEDTLS_PSA_INJECT_ENTROPY
+
+/**
* \def MBEDTLS_RSA_NO_CRT
*
* Do not use the Chinese Remainder Theorem
@@ -1175,6 +1351,34 @@
#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
/**
+ * \def MBEDTLS_SSL_DTLS_CONNECTION_ID
+ *
+ * Enable support for the DTLS Connection ID extension
+ * (version draft-ietf-tls-dtls-connection-id-05,
+ * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
+ * which allows to identify DTLS connections across changes
+ * in the underlying transport.
+ *
+ * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
+ * `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`.
+ * See the corresponding documentation for more information.
+ *
+ * \warning The Connection ID extension is still in draft state.
+ * We make no stability promises for the availability
+ * or the shape of the API controlled by this option.
+ *
+ * The maximum lengths of outgoing and incoming CIDs can be configured
+ * through the options
+ * - MBEDTLS_SSL_CID_OUT_LEN_MAX
+ * - MBEDTLS_SSL_CID_IN_LEN_MAX.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Uncomment to enable the Connection ID extension.
+ */
+//#define MBEDTLS_SSL_DTLS_CONNECTION_ID
+
+/**
* \def MBEDTLS_SSL_ASYNC_PRIVATE
*
* Enable asynchronous external private key operations in SSL. This allows
@@ -1255,6 +1459,28 @@
#define MBEDTLS_SSL_FALLBACK_SCSV
/**
+ * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+ *
+ * This option controls the availability of the API mbedtls_ssl_get_peer_cert()
+ * giving access to the peer's certificate after completion of the handshake.
+ *
+ * Unless you need mbedtls_ssl_peer_cert() in your application, it is
+ * recommended to disable this option for reduced RAM usage.
+ *
+ * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still
+ * defined, but always returns \c NULL.
+ *
+ * \note This option has no influence on the protection against the
+ * triple handshake attack. Even if it is disabled, Mbed TLS will
+ * still ensure that certificates do not change during renegotiation,
+ * for exaple by keeping a hash of the peer's certificate.
+ *
+ * Comment this macro to disable storing the peer's certificate
+ * after the handshake.
+ */
+#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+
+/**
* \def MBEDTLS_SSL_HW_RECORD_ACCEL
*
* Enable hooking functions in SSL module for hardware acceleration of
@@ -1279,7 +1505,7 @@
/**
* \def MBEDTLS_SSL_RENEGOTIATION
*
- * Disable support for TLS renegotiation.
+ * Enable support for TLS renegotiation.
*
* The two main uses of renegotiation are (1) refresh keys on long-lived
* connections and (2) client authentication after the initial handshake.
@@ -1463,7 +1689,7 @@
* \def MBEDTLS_SSL_SESSION_TICKETS
*
* Enable support for RFC 5077 session tickets in SSL.
- * Client-side, provides full support for session tickets (maintainance of a
+ * Client-side, provides full support for session tickets (maintenance of a
* session store remains the responsibility of the application, though).
* Server-side, you also need to provide callbacks for writing and parsing
* tickets, including authenticated encryption and key management. Example
@@ -1550,6 +1776,33 @@
//#define MBEDTLS_THREADING_PTHREAD
/**
+ * \def MBEDTLS_USE_PSA_CRYPTO
+ *
+ * Make the X.509 and TLS library use PSA for cryptographic operations, and
+ * enable new APIs for using keys handled by PSA Crypto.
+ *
+ * \note Development of this option is currently in progress, and parts
+ * of the X.509 and TLS modules are not ported to PSA yet. However, these parts
+ * will still continue to work as usual, so enabling this option should not
+ * break backwards compatibility.
+ *
+ * \warning The PSA Crypto API is in beta stage. While you're welcome to
+ * experiment using it, incompatible API changes are still possible, and some
+ * parts may not have reached the same quality as the rest of Mbed TLS yet.
+ *
+ * \warning This option enables new Mbed TLS APIs that are dependent on the
+ * PSA Crypto API, so can't come with the same stability guarantees as the
+ * rest of the Mbed TLS APIs. You're welcome to experiment with them, but for
+ * now, access to these APIs is opt-in (via enabling the present option), in
+ * order to clearly differentiate them from the stable Mbed TLS APIs.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C.
+ *
+ * Uncomment this to enable internal use of PSA Crypto and new associated APIs.
+ */
+//#define MBEDTLS_USE_PSA_CRYPTO
+
+/**
* \def MBEDTLS_VERSION_FEATURES
*
* Allow run-time checking of compile-time enabled features. Thus allowing users
@@ -1585,6 +1838,25 @@
//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
/**
+ * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+ *
+ * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()`
+ * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure
+ * the set of trusted certificates through a callback instead of a linked
+ * list.
+ *
+ * This is useful for example in environments where a large number of trusted
+ * certificates is present and storing them in a linked list isn't efficient
+ * enough, or when the set of trusted certificates changes frequently.
+ *
+ * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and
+ * `mbedtls_ssl_conf_ca_cb()` for more information.
+ *
+ * Uncomment to enable trusted certificate callbacks.
+ */
+//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+
+/**
* \def MBEDTLS_X509_CHECK_KEY_USAGE
*
* Enable verification of the keyUsage extension (CA and leaf certificates).
@@ -1629,7 +1901,7 @@
*
* \warning TLS-level compression MAY REDUCE SECURITY! See for example the
* CRIME attack. Before enabling this option, you should examine with care if
- * CRIME or similar exploits may be a applicable to your use case.
+ * CRIME or similar exploits may be applicable to your use case.
*
* \note Currently compression can't be used with DTLS.
*
@@ -2018,14 +2290,16 @@
/**
* \def MBEDTLS_CTR_DRBG_C
*
- * Enable the CTR_DRBG AES-256-based random generator.
+ * Enable the CTR_DRBG AES-based random generator.
+ * The CTR_DRBG generator uses AES-256 by default.
+ * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below.
*
* Module: library/ctr_drbg.c
* Caller:
*
* Requires: MBEDTLS_AES_C
*
- * This module provides the CTR_DRBG AES-256 random number generator.
+ * This module provides the CTR_DRBG AES random number generator.
*/
#define MBEDTLS_CTR_DRBG_C
@@ -2556,6 +2830,48 @@
#define MBEDTLS_POLY1305_C
/**
+ * \def MBEDTLS_PSA_CRYPTO_C
+ *
+ * Enable the Platform Security Architecture cryptography API.
+ *
+ * \warning The PSA Crypto API is still beta status. While you're welcome to
+ * experiment using it, incompatible API changes are still possible, and some
+ * parts may not have reached the same quality as the rest of Mbed TLS yet.
+ *
+ * Module: crypto/library/psa_crypto.c
+ *
+ * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
+ *
+ */
+#define MBEDTLS_PSA_CRYPTO_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
+ *
+ * Enable the Platform Security Architecture persistent key storage.
+ *
+ * Module: crypto/library/psa_crypto_storage.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C,
+ * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
+ * the PSA ITS interface
+ */
+//#define MBEDTLS_PSA_CRYPTO_STORAGE_C
+
+/**
+ * \def MBEDTLS_PSA_ITS_FILE_C
+ *
+ * Enable the emulation of the Platform Security Architecture
+ * Internal Trusted Storage (PSA ITS) over files.
+ *
+ * Module: crypto/library/psa_its_file.c
+ *
+ * Requires: MBEDTLS_FS_IO
+ *
+ */
+//#define MBEDTLS_PSA_ITS_FILE_C
+
+/**
* \def MBEDTLS_RIPEMD160_C
*
* Enable the RIPEMD-160 hash algorithm.
@@ -2910,6 +3226,7 @@
//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
+//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY /**< Use 128-bit key for CTR_DRBG - may reduce security (see ctr_drbg.h) */
/* HMAC_DRBG options */
//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
@@ -2938,7 +3255,7 @@
//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
-/* Note: your snprintf must correclty zero-terminate the buffer! */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */
@@ -2955,11 +3272,48 @@
//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
-/* Note: your snprintf must correclty zero-terminate the buffer! */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
+/**
+ * \brief This macro is invoked by the library when an invalid parameter
+ * is detected that is only checked with #MBEDTLS_CHECK_PARAMS
+ * (see the documentation of that option for context).
+ *
+ * When you leave this undefined here, the library provides
+ * a default definition. If the macro #MBEDTLS_CHECK_PARAMS_ASSERT
+ * is defined, the default definition is `assert(cond)`,
+ * otherwise the default definition calls a function
+ * mbedtls_param_failed(). This function is declared in
+ * `platform_util.h` for the benefit of the library, but
+ * you need to define in your application.
+ *
+ * When you define this here, this replaces the default
+ * definition in platform_util.h (which no longer declares the
+ * function mbedtls_param_failed()) and it is your responsibility
+ * to make sure this macro expands to something suitable (in
+ * particular, that all the necessary declarations are visible
+ * from within the library - you can ensure that by providing
+ * them in this file next to the macro definition).
+ * If you define this macro to call `assert`, also define
+ * #MBEDTLS_CHECK_PARAMS_ASSERT so that library source files
+ * include `<assert.h>`.
+ *
+ * Note that you may define this macro to expand to nothing, in
+ * which case you don't have to worry about declarations or
+ * definitions. However, you will then be notified about invalid
+ * parameters only in non-void functions, and void function will
+ * just silently return early on invalid parameters, which
+ * partially negates the benefits of enabling
+ * #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
+ *
+ * \param cond The expression that should evaluate to true, but doesn't.
+ */
+//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
+
/* SSL Cache options */
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
@@ -2968,31 +3322,96 @@
/** \def MBEDTLS_SSL_MAX_CONTENT_LEN
*
- * Maximum fragment length in bytes.
+ * Maximum length (in bytes) of incoming and outgoing plaintext fragments.
*
- * Determines the size of both the incoming and outgoing TLS I/O buffers.
+ * This determines the size of both the incoming and outgoing TLS I/O buffers
+ * in such a way that both are capable of holding the specified amount of
+ * plaintext data, regardless of the protection mechanism used.
*
- * Uncommenting MBEDTLS_SSL_IN_CONTENT_LEN and/or MBEDTLS_SSL_OUT_CONTENT_LEN
- * will override this length by setting maximum incoming and/or outgoing
- * fragment length, respectively.
+ * To configure incoming and outgoing I/O buffers separately, use
+ * #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN,
+ * which overwrite the value set by this option.
+ *
+ * \note When using a value less than the default of 16KB on the client, it is
+ * recommended to use the Maximum Fragment Length (MFL) extension to
+ * inform the server about this limitation. On the server, there
+ * is no supported, standardized way of informing the client about
+ * restriction on the maximum size of incoming messages, and unless
+ * the limitation has been communicated by other means, it is recommended
+ * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
+ * while keeping the default value of 16KB for the incoming buffer.
+ *
+ * Uncomment to set the maximum plaintext size of both
+ * incoming and outgoing I/O buffers.
*/
//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384
/** \def MBEDTLS_SSL_IN_CONTENT_LEN
*
- * Maximum incoming fragment length in bytes.
+ * Maximum length (in bytes) of incoming plaintext fragments.
*
- * Uncomment to set the size of the inward TLS buffer independently of the
- * outward buffer.
+ * This determines the size of the incoming TLS I/O buffer in such a way
+ * that it is capable of holding the specified amount of plaintext data,
+ * regardless of the protection mechanism used.
+ *
+ * If this option is undefined, it inherits its value from
+ * #MBEDTLS_SSL_MAX_CONTENT_LEN.
+ *
+ * \note When using a value less than the default of 16KB on the client, it is
+ * recommended to use the Maximum Fragment Length (MFL) extension to
+ * inform the server about this limitation. On the server, there
+ * is no supported, standardized way of informing the client about
+ * restriction on the maximum size of incoming messages, and unless
+ * the limitation has been communicated by other means, it is recommended
+ * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
+ * while keeping the default value of 16KB for the incoming buffer.
+ *
+ * Uncomment to set the maximum plaintext size of the incoming I/O buffer
+ * independently of the outgoing I/O buffer.
*/
//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
+/** \def MBEDTLS_SSL_CID_IN_LEN_MAX
+ *
+ * The maximum length of CIDs used for incoming DTLS messages.
+ *
+ */
+//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
+
+/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX
+ *
+ * The maximum length of CIDs used for outgoing DTLS messages.
+ *
+ */
+//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
+
+/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY
+ *
+ * This option controls the use of record plaintext padding
+ * when using the Connection ID extension in DTLS 1.2.
+ *
+ * The padding will always be chosen so that the length of the
+ * padded plaintext is a multiple of the value of this option.
+ *
+ * Note: A value of \c 1 means that no padding will be used
+ * for outgoing records.
+ *
+ * Note: On systems lacking division instructions,
+ * a power of two should be preferred.
+ *
+ */
+//#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
+
/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
*
- * Maximum outgoing fragment length in bytes.
+ * Maximum length (in bytes) of outgoing plaintext fragments.
*
- * Uncomment to set the size of the outward TLS buffer independently of the
- * inward buffer.
+ * This determines the size of the outgoing TLS I/O buffer in such a way
+ * that it is capable of holding the specified amount of plaintext data,
+ * regardless of the protection mechanism used.
+ *
+ * If this option undefined, it inherits its value from
+ * #MBEDTLS_SSL_MAX_CONTENT_LEN.
*
* It is possible to save RAM by setting a smaller outward buffer, while keeping
* the default inward 16384 byte buffer to conform to the TLS specification.
@@ -3002,14 +3421,28 @@
* The specific size requirement depends on the configured ciphers and any
* certificate data which is sent during the handshake.
*
- * For absolute minimum RAM usage, it's best to enable
- * MBEDTLS_SSL_MAX_FRAGMENT_LENGTH and reduce MBEDTLS_SSL_MAX_CONTENT_LEN. This
- * reduces both incoming and outgoing buffer sizes. However this is only
- * guaranteed if the other end of the connection also supports the TLS
- * max_fragment_len extension. Otherwise the connection may fail.
+ * Uncomment to set the maximum plaintext size of the outgoing I/O buffer
+ * independently of the incoming I/O buffer.
*/
//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
+/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
+ *
+ * Maximum number of heap-allocated bytes for the purpose of
+ * DTLS handshake message reassembly and future message buffering.
+ *
+ * This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN
+ * to account for a reassembled handshake message of maximum size,
+ * together with its reassembly bitmap.
+ *
+ * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
+ * should be sufficient for all practical situations as it allows
+ * to reassembly a large handshake message (such as a certificate)
+ * while buffering multiple smaller handshake messages.
+ *
+ */
+//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
+
//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
@@ -3083,25 +3516,33 @@
*/
//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
+/**
+ * Uncomment the macro to let Mbed TLS use your alternate implementation of
+ * mbedtls_platform_gmtime_r(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * gmtime() is not a thread-safe function as defined in the C standard. The
+ * library will try to use safer implementations of this function, such as
+ * gmtime_r() when available. However, if Mbed TLS cannot identify the target
+ * system, the implementation of mbedtls_platform_gmtime_r() will default to
+ * using the standard gmtime(). In this case, calls from the library to
+ * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
+ * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
+ * library are also guarded with this mutex to avoid race conditions. However,
+ * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
+ * unconditionally use the implementation for mbedtls_platform_gmtime_r()
+ * supplied at compile time.
+ */
+//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
+
/* \} name SECTION: Customisation configuration options */
-/* Target and application specific configurations */
-//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "target_config.h"
-
-#if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE)
-#include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE
-#endif
-
-/*
+/* Target and application specific configurations
+ *
* Allow user to override any previous default.
*
- * Use two macro names for that, as:
- * - with yotta the prefix YOTTA_CFG_ is forced
- * - without yotta is looks weird to have a YOTTA prefix.
*/
-#if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE)
-#include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE
-#elif defined(MBEDTLS_USER_CONFIG_FILE)
+#if defined(MBEDTLS_USER_CONFIG_FILE)
#include MBEDTLS_USER_CONFIG_FILE
#endif
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index 3835d72..cc3df7b 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -8,8 +8,11 @@
* Recommendation for Random Number Generation Using Deterministic Random
* Bit Generators</em>.
*
- * The Mbed TLS implementation of CTR_DRBG uses AES-256 as the underlying
- * block cipher.
+ * The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128
+ * as the underlying block cipher.
+ *
+ * \warning Using 128-bit keys for CTR_DRBG limits the security of generated
+ * keys and operations that use random values generated to 128-bit security.
*/
/*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
@@ -33,6 +36,12 @@
#ifndef MBEDTLS_CTR_DRBG_H
#define MBEDTLS_CTR_DRBG_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "aes.h"
#if defined(MBEDTLS_THREADING_C)
@@ -45,7 +54,13 @@
#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read or write error in file. */
#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */
-#define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher. */
+
+#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
+#define MBEDTLS_CTR_DRBG_KEYSIZE 16 /**< The key size used by the cipher (compile-time choice: 128 bits). */
+#else
+#define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher (compile-time choice: 256 bits). */
+#endif
+
#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */
#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */
@@ -108,7 +123,7 @@
/**
* \brief The CTR_DRBG context structure.
*/
-typedef struct
+typedef struct mbedtls_ctr_drbg_context
{
unsigned char counter[16]; /*!< The counter (V). */
int reseed_counter; /*!< The reseed counter. */
@@ -230,18 +245,20 @@
/**
* \brief This function updates the state of the CTR_DRBG context.
*
- * \note If \p add_len is greater than
- * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first
- * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
- * The remaining Bytes are silently discarded.
- *
* \param ctx The CTR_DRBG context.
* \param additional The data to update the state with.
- * \param add_len Length of \p additional data.
+ * \param add_len Length of \p additional in bytes. This must be at
+ * most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
*
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if
+ * \p add_len is more than
+ * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
+ * \return An error from the underlying AES cipher on failure.
*/
-void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional, size_t add_len );
+int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t add_len );
/**
* \brief This function updates a CTR_DRBG instance with additional
@@ -281,6 +298,35 @@
int mbedtls_ctr_drbg_random( void *p_rng,
unsigned char *output, size_t output_len );
+
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+/**
+ * \brief This function updates the state of the CTR_DRBG context.
+ *
+ * \deprecated Superseded by mbedtls_ctr_drbg_update_ret()
+ * in 2.16.0.
+ *
+ * \note If \p add_len is greater than
+ * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first
+ * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
+ * The remaining Bytes are silently discarded.
+ *
+ * \param ctx The CTR_DRBG context.
+ * \param additional The data to update the state with.
+ * \param add_len Length of \p additional data.
+ */
+MBEDTLS_DEPRECATED void mbedtls_ctr_drbg_update(
+ mbedtls_ctr_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t add_len );
+#undef MBEDTLS_DEPRECATED
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+
#if defined(MBEDTLS_FS_IO)
/**
* \brief This function writes a seed file.
@@ -310,6 +356,8 @@
int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
#endif /* MBEDTLS_FS_IO */
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief The CTR_DRBG checkup routine.
*
@@ -318,6 +366,8 @@
*/
int mbedtls_ctr_drbg_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
/* Internal functions (do not call directly) */
int mbedtls_ctr_drbg_seed_entropy_len( mbedtls_ctr_drbg_context *,
int (*)(void *, unsigned char *, size_t), void *,
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index ef8db67..1020676 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -65,6 +65,11 @@
mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt )
#endif
+#if defined(MBEDTLS_ECDH_C)
+#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) \
+ mbedtls_debug_printf_ecdh( ssl, level, __FILE__, __LINE__, ecdh, attr )
+#endif
+
#else /* MBEDTLS_DEBUG_C */
#define MBEDTLS_SSL_DEBUG_MSG( level, args ) do { } while( 0 )
@@ -73,6 +78,7 @@
#define MBEDTLS_SSL_DEBUG_MPI( level, text, X ) do { } while( 0 )
#define MBEDTLS_SSL_DEBUG_ECP( level, text, X ) do { } while( 0 )
#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) do { } while( 0 )
#endif /* MBEDTLS_DEBUG_C */
@@ -221,9 +227,38 @@
const char *text, const mbedtls_x509_crt *crt );
#endif
+#if defined(MBEDTLS_ECDH_C)
+typedef enum
+{
+ MBEDTLS_DEBUG_ECDH_Q,
+ MBEDTLS_DEBUG_ECDH_QP,
+ MBEDTLS_DEBUG_ECDH_Z,
+} mbedtls_debug_ecdh_attr;
+
+/**
+ * \brief Print a field of the ECDH structure in the SSL context to the debug
+ * output. This function is always used through the
+ * MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file
+ * and line number parameters.
+ *
+ * \param ssl SSL context
+ * \param level error level of the debug message
+ * \param file file the error has occurred in
+ * \param line line number the error has occurred in
+ * \param ecdh the ECDH context
+ * \param attr the identifier of the attribute being output
+ *
+ * \attention This function is intended for INTERNAL usage within the
+ * library only.
+ */
+void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const mbedtls_ecdh_context *ecdh,
+ mbedtls_debug_ecdh_attr attr );
+#endif
+
#ifdef __cplusplus
}
#endif
#endif /* debug.h */
-
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 6eb7d03..54e6b78 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -42,6 +42,8 @@
#define MBEDTLS_DES_DECRYPT 0
#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< The data input has an invalid length. */
+
+/* MBEDTLS_ERR_DES_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_DES_HW_ACCEL_FAILED -0x0033 /**< DES hardware accelerator failed. */
#define MBEDTLS_DES_KEY_SIZE 8
@@ -61,7 +63,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
-typedef struct
+typedef struct mbedtls_des_context
{
uint32_t sk[32]; /*!< DES subkeys */
}
@@ -70,7 +72,7 @@
/**
* \brief Triple-DES context structure
*/
-typedef struct
+typedef struct mbedtls_des3_context
{
uint32_t sk[96]; /*!< 3DES subkeys */
}
@@ -336,6 +338,8 @@
void mbedtls_des_setkey( uint32_t SK[32],
const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief Checkup routine
*
@@ -343,6 +347,8 @@
*/
int mbedtls_des_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index 75317a8..2909f5f 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -84,7 +84,10 @@
#define MBEDTLS_ERR_DHM_INVALID_FORMAT -0x3380 /**< The ASN.1 data is not formatted correctly. */
#define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400 /**< Allocation of memory failed. */
#define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read or write of file failed. */
+
+/* MBEDTLS_ERR_DHM_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_DHM_HW_ACCEL_FAILED -0x3500 /**< DHM hardware accelerator failed. */
+
#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED -0x3580 /**< Setting the modulus and generator failed. */
#ifdef __cplusplus
@@ -96,7 +99,7 @@
/**
* \brief The DHM context structure.
*/
-typedef struct
+typedef struct mbedtls_dhm_context
{
size_t len; /*!< The size of \p P in Bytes. */
mbedtls_mpi P; /*!< The prime modulus. */
@@ -124,9 +127,15 @@
void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
/**
- * \brief This function parses the ServerKeyExchange parameters.
+ * \brief This function parses the DHM parameters in a
+ * TLS ServerKeyExchange handshake message
+ * (DHM modulus, generator, and public key).
*
- * \param ctx The DHM context.
+ * \note In a TLS handshake, this is the how the client
+ * sets up its DHM context from the server's public
+ * DHM key material.
+ *
+ * \param ctx The DHM context to use. This must be initialized.
* \param p On input, *p must be the start of the input buffer.
* On output, *p is updated to point to the end of the data
* that has been read. On success, this is the first byte
@@ -140,31 +149,37 @@
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
- unsigned char **p,
- const unsigned char *end );
+ unsigned char **p,
+ const unsigned char *end );
/**
- * \brief This function sets up and writes the ServerKeyExchange
- * parameters.
+ * \brief This function generates a DHM key pair and exports its
+ * public part together with the DHM parameters in the format
+ * used in a TLS ServerKeyExchange handshake message.
*
- * \note The destination buffer must be large enough to hold
- * the reduced binary presentation of the modulus, the generator
- * and the public key, each wrapped with a 2-byte length field.
- * It is the responsibility of the caller to ensure that enough
- * space is available. Refer to \c mbedtls_mpi_size to computing
- * the byte-size of an MPI.
- *
- * \note This function assumes that \c ctx->P and \c ctx->G
- * have already been properly set. For that, use
+ * \note This function assumes that the DHM parameters \c ctx->P
+ * and \c ctx->G have already been properly set. For that, use
* mbedtls_dhm_set_group() below in conjunction with
* mbedtls_mpi_read_binary() and mbedtls_mpi_read_string().
*
- * \param ctx The DHM context.
+ * \note In a TLS handshake, this is the how the server generates
+ * and exports its DHM key material.
+ *
+ * \param ctx The DHM context to use. This must be initialized
+ * and have the DHM parameters set. It may or may not
+ * already have imported the peer's public key.
* \param x_size The private key size in Bytes.
- * \param olen The number of characters written.
- * \param output The destination buffer.
- * \param f_rng The RNG function.
- * \param p_rng The RNG context.
+ * \param olen The address at which to store the number of Bytes
+ * written on success. This must not be \c NULL.
+ * \param output The destination buffer. This must be a writable buffer of
+ * sufficient size to hold the reduced binary presentation of
+ * the modulus, the generator and the public key, each wrapped
+ * with a 2-byte length field. It is the responsibility of the
+ * caller to ensure that enough space is available. Refer to
+ * mbedtls_mpi_size() to computing the byte-size of an MPI.
+ * \param f_rng The RNG function. Must not be \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be
+ * \c NULL if \p f_rng doesn't need a context parameter.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
@@ -177,12 +192,14 @@
/**
* \brief This function sets the prime modulus and generator.
*
- * \note This function can be used to set \p P, \p G
+ * \note This function can be used to set \c ctx->P, \c ctx->G
* in preparation for mbedtls_dhm_make_params().
*
- * \param ctx The DHM context.
- * \param P The MPI holding the DHM prime modulus.
- * \param G The MPI holding the DHM generator.
+ * \param ctx The DHM context to configure. This must be initialized.
+ * \param P The MPI holding the DHM prime modulus. This must be
+ * an initialized MPI.
+ * \param G The MPI holding the DHM generator. This must be an
+ * initialized MPI.
*
* \return \c 0 if successful.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
@@ -192,11 +209,17 @@
const mbedtls_mpi *G );
/**
- * \brief This function imports the public value of the peer, G^Y.
+ * \brief This function imports the raw public value of the peer.
*
- * \param ctx The DHM context.
- * \param input The input buffer containing the G^Y value of the peer.
- * \param ilen The size of the input buffer.
+ * \note In a TLS handshake, this is the how the server imports
+ * the Client's public DHM key.
+ *
+ * \param ctx The DHM context to use. This must be initialized and have
+ * its DHM parameters set, e.g. via mbedtls_dhm_set_group().
+ * It may or may not already have generated its own private key.
+ * \param input The input buffer containing the \c G^Y value of the peer.
+ * This must be a readable buffer of size \p ilen Bytes.
+ * \param ilen The size of the input buffer \p input in Bytes.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
@@ -205,21 +228,25 @@
const unsigned char *input, size_t ilen );
/**
- * \brief This function creates its own private key, \c X, and
- * exports \c G^X.
+ * \brief This function creates a DHM key pair and exports
+ * the raw public key in big-endian format.
*
* \note The destination buffer is always fully written
* so as to contain a big-endian representation of G^X mod P.
- * If it is larger than ctx->len, it is padded accordingly
+ * If it is larger than \c ctx->len, it is padded accordingly
* with zero-bytes at the beginning.
*
- * \param ctx The DHM context.
+ * \param ctx The DHM context to use. This must be initialized and
+ * have the DHM parameters set. It may or may not already
+ * have imported the peer's public key.
* \param x_size The private key size in Bytes.
- * \param output The destination buffer.
- * \param olen The length of the destination buffer. Must be at least
- * equal to ctx->len (the size of \c P).
- * \param f_rng The RNG function.
- * \param p_rng The RNG context.
+ * \param output The destination buffer. This must be a writable buffer of
+ * size \p olen Bytes.
+ * \param olen The length of the destination buffer. This must be at least
+ * equal to `ctx->len` (the size of \c P).
+ * \param f_rng The RNG function. This must not be \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
+ * if \p f_rng doesn't need a context argument.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
@@ -230,22 +257,27 @@
void *p_rng );
/**
- * \brief This function derives and exports the shared secret
- * \c (G^Y)^X mod \c P.
+ * \brief This function derives and exports the shared secret
+ * \c (G^Y)^X mod \c P.
*
- * \note If \p f_rng is not NULL, it is used to blind the input as
- * a countermeasure against timing attacks. Blinding is used
- * only if our private key \c X is re-used, and not used
- * otherwise. We recommend always passing a non-NULL
- * \p f_rng argument.
+ * \note If \p f_rng is not \c NULL, it is used to blind the input as
+ * a countermeasure against timing attacks. Blinding is used
+ * only if our private key \c X is re-used, and not used
+ * otherwise. We recommend always passing a non-NULL
+ * \p f_rng argument.
*
- * \param ctx The DHM context.
- * \param output The destination buffer.
- * \param output_size The size of the destination buffer. Must be at least
- * the size of ctx->len (the size of \c P).
+ * \param ctx The DHM context to use. This must be initialized
+ * and have its own private key generated and the peer's
+ * public key imported.
+ * \param output The buffer to write the generated shared key to. This
+ * must be a writable buffer of size \p output_size Bytes.
+ * \param output_size The size of the destination buffer. This must be at
+ * least the size of \c ctx->len (the size of \c P).
* \param olen On exit, holds the actual number of Bytes written.
- * \param f_rng The RNG function, for blinding purposes.
- * \param p_rng The RNG context.
+ * \param f_rng The RNG function, for blinding purposes. This may
+ * b \c NULL if blinding isn't needed.
+ * \param p_rng The RNG context. This may be \c NULL if \p f_rng
+ * doesn't need a context argument.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
@@ -256,9 +288,12 @@
void *p_rng );
/**
- * \brief This function frees and clears the components of a DHM context.
+ * \brief This function frees and clears the components
+ * of a DHM context.
*
- * \param ctx The DHM context to free and clear.
+ * \param ctx The DHM context to free and clear. This may be \c NULL,
+ * in which case this function is a no-op. If it is not \c NULL,
+ * it must point to an initialized DHM context.
*/
void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
@@ -267,17 +302,19 @@
/**
* \brief This function parses DHM parameters in PEM or DER format.
*
- * \param dhm The DHM context to initialize.
- * \param dhmin The input buffer.
- * \param dhminlen The size of the buffer, including the terminating null
- * Byte for PEM data.
+ * \param dhm The DHM context to import the DHM parameters into.
+ * This must be initialized.
+ * \param dhmin The input buffer. This must be a readable buffer of
+ * length \p dhminlen Bytes.
+ * \param dhminlen The size of the input buffer \p dhmin, including the
+ * terminating \c NULL Byte for PEM data.
*
* \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code
- * error code on failure.
+ * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error
+ * code on failure.
*/
int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
- size_t dhminlen );
+ size_t dhminlen );
#if defined(MBEDTLS_FS_IO)
/** \ingroup x509_module */
@@ -285,16 +322,20 @@
* \brief This function loads and parses DHM parameters from a file.
*
* \param dhm The DHM context to load the parameters to.
+ * This must be initialized.
* \param path The filename to read the DHM parameters from.
+ * This must not be \c NULL.
*
* \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code
- * error code on failure.
+ * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX
+ * error code on failure.
*/
int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
#endif /* MBEDTLS_FS_IO */
#endif /* MBEDTLS_ASN1_PARSE_C */
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief The DMH checkup routine.
*
@@ -303,6 +344,7 @@
*/
int mbedtls_dhm_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
}
#endif
@@ -350,15 +392,6 @@
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_constant_t;
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
- ( (mbedtls_deprecated_constant_t) ( VAL ) )
-#else
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
-#endif /* ! MBEDTLS_DEPRECATED_WARNING */
-
/**
* \warning The origin of the primes in RFC 5114 is not documented and
* their use therefore constitutes a security risk!
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index 5fdf55a..384c3dc 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -34,6 +34,12 @@
#ifndef MBEDTLS_ECDH_H
#define MBEDTLS_ECDH_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "ecp.h"
#ifdef __cplusplus
@@ -49,11 +55,49 @@
MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
} mbedtls_ecdh_side;
+#if !defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
/**
+ * Defines the ECDH implementation used.
+ *
+ * Later versions of the library may add new variants, therefore users should
+ * not make any assumptions about them.
+ */
+typedef enum
+{
+ MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */
+ MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */
+} mbedtls_ecdh_variant;
+
+/**
+ * The context used by the default ECDH implementation.
+ *
+ * Later versions might change the structure of this context, therefore users
+ * should not make any assumptions about the structure of
+ * mbedtls_ecdh_context_mbed.
+ */
+typedef struct mbedtls_ecdh_context_mbed
+{
+ mbedtls_ecp_group grp; /*!< The elliptic curve used. */
+ mbedtls_mpi d; /*!< The private key. */
+ mbedtls_ecp_point Q; /*!< The public key. */
+ mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */
+ mbedtls_mpi z; /*!< The shared secret. */
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
+#endif
+} mbedtls_ecdh_context_mbed;
+#endif
+
+/**
+ *
+ * \warning Performing multiple operations concurrently on the same
+ * ECDSA context is not supported; objects of this type
+ * should not be shared between multiple threads.
* \brief The ECDH context structure.
*/
-typedef struct
+typedef struct mbedtls_ecdh_context
{
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
mbedtls_ecp_group grp; /*!< The elliptic curve used. */
mbedtls_mpi d; /*!< The private key. */
mbedtls_ecp_point Q; /*!< The public key. */
@@ -63,6 +107,29 @@
mbedtls_ecp_point Vi; /*!< The blinding value. */
mbedtls_ecp_point Vf; /*!< The unblinding value. */
mbedtls_mpi _d; /*!< The previous \p d. */
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ int restart_enabled; /*!< The flag for restartable mode. */
+ mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+#else
+ uint8_t point_format; /*!< The format of point export in TLS messages
+ as defined in RFC 4492. */
+ mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */
+ mbedtls_ecdh_variant var; /*!< The ECDH implementation/structure used. */
+ union
+ {
+ mbedtls_ecdh_context_mbed mbed_ecdh;
+ } ctx; /*!< Implementation-specific context. The
+ context in use is specified by the \c var
+ field. */
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ uint8_t restart_enabled; /*!< The flag for restartable mode. Functions of
+ an alternative implementation not supporting
+ restartable mode must return
+ MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error
+ if this flag is set. */
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
}
mbedtls_ecdh_context;
@@ -76,16 +143,20 @@
*
* \see ecp.h
*
- * \param grp The ECP group.
+ * \param grp The ECP group to use. This must be initialized and have
+ * domain parameters loaded, for example through
+ * mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
* \param d The destination MPI (private key).
+ * This must be initialized.
* \param Q The destination point (public key).
- * \param f_rng The RNG function.
- * \param p_rng The RNG context.
+ * This must be initialized.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be
+ * \c NULL in case \p f_rng doesn't need a context argument.
*
* \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or
+ * \return Another \c MBEDTLS_ERR_ECP_XXX or
* \c MBEDTLS_MPI_XXX error code on failure.
- *
*/
int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -104,15 +175,25 @@
* countermeasures against side-channel attacks.
* For more information, see mbedtls_ecp_mul().
*
- * \param grp The ECP group.
+ * \param grp The ECP group to use. This must be initialized and have
+ * domain parameters loaded, for example through
+ * mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
* \param z The destination MPI (shared secret).
+ * This must be initialized.
* \param Q The public key from another party.
+ * This must be initialized.
* \param d Our secret exponent (private key).
- * \param f_rng The RNG function.
- * \param p_rng The RNG context.
+ * This must be initialized.
+ * \param f_rng The RNG function. This may be \c NULL if randomization
+ * of intermediate results during the ECP computations is
+ * not needed (discouraged). See the documentation of
+ * mbedtls_ecp_mul() for more.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be
+ * \c NULL if \p f_rng is \c NULL or doesn't need a
+ * context argument.
*
* \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX or
+ * \return Another \c MBEDTLS_ERR_ECP_XXX or
* \c MBEDTLS_MPI_XXX error code on failure.
*/
int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
@@ -123,39 +204,62 @@
/**
* \brief This function initializes an ECDH context.
*
- * \param ctx The ECDH context to initialize.
+ * \param ctx The ECDH context to initialize. This must not be \c NULL.
*/
void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
/**
- * \brief This function frees a context.
+ * \brief This function sets up the ECDH context with the information
+ * given.
*
- * \param ctx The context to free.
- */
-void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
-
-/**
- * \brief This function generates a public key and a TLS
- * ServerKeyExchange payload.
+ * This function should be called after mbedtls_ecdh_init() but
+ * before mbedtls_ecdh_make_params(). There is no need to call
+ * this function before mbedtls_ecdh_read_params().
*
* This is the first function used by a TLS server for ECDHE
* ciphersuites.
*
- * \note This function assumes that the ECP group (grp) of the
- * \p ctx context has already been properly set,
- * for example, using mbedtls_ecp_group_load().
+ * \param ctx The ECDH context to set up. This must be initialized.
+ * \param grp_id The group id of the group to set up the context for.
+ *
+ * \return \c 0 on success.
+ */
+int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx,
+ mbedtls_ecp_group_id grp_id );
+
+/**
+ * \brief This function frees a context.
+ *
+ * \param ctx The context to free. This may be \c NULL, in which
+ * case this function does nothing. If it is not \c NULL,
+ * it must point to an initialized ECDH context.
+ */
+void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
+
+/**
+ * \brief This function generates an EC key pair and exports its
+ * in the format used in a TLS ServerKeyExchange handshake
+ * message.
+ *
+ * This is the second function used by a TLS server for ECDHE
+ * ciphersuites. (It is called after mbedtls_ecdh_setup().)
*
* \see ecp.h
*
- * \param ctx The ECDH context.
- * \param olen The number of characters written.
- * \param buf The destination buffer.
- * \param blen The length of the destination buffer.
- * \param f_rng The RNG function.
- * \param p_rng The RNG context.
+ * \param ctx The ECDH context to use. This must be initialized
+ * and bound to a group, for example via mbedtls_ecdh_setup().
+ * \param olen The address at which to store the number of Bytes written.
+ * \param buf The destination buffer. This must be a writable buffer of
+ * length \p blen Bytes.
+ * \param blen The length of the destination buffer \p buf in Bytes.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be
+ * \c NULL in case \p f_rng doesn't need a context argument.
*
* \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * operations was reached: see \c mbedtls_ecp_set_max_ops().
+ * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
@@ -163,24 +267,32 @@
void *p_rng );
/**
- * \brief This function parses and processes a TLS ServerKeyExhange
- * payload.
+ * \brief This function parses the ECDHE parameters in a
+ * TLS ServerKeyExchange handshake message.
*
- * This is the first function used by a TLS client for ECDHE
- * ciphersuites.
+ * \note In a TLS handshake, this is the how the client
+ * sets up its ECDHE context from the server's public
+ * ECDHE key material.
*
* \see ecp.h
*
- * \param ctx The ECDH context.
- * \param buf The pointer to the start of the input buffer.
- * \param end The address for one Byte past the end of the buffer.
+ * \param ctx The ECDHE context to use. This must be initialized.
+ * \param buf On input, \c *buf must be the start of the input buffer.
+ * On output, \c *buf is updated to point to the end of the
+ * data that has been read. On success, this is the first byte
+ * past the end of the ServerKeyExchange parameters.
+ * On error, this is the point at which an error has been
+ * detected, which is usually not useful except to debug
+ * failures.
+ * \param end The end of the input buffer.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
*/
int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
- const unsigned char **buf, const unsigned char *end );
+ const unsigned char **buf,
+ const unsigned char *end );
/**
* \brief This function sets up an ECDH context from an EC key.
@@ -191,36 +303,45 @@
*
* \see ecp.h
*
- * \param ctx The ECDH context to set up.
- * \param key The EC key to use.
- * \param side Defines the source of the key: 1: Our key, or
- * 0: The key of the peer.
+ * \param ctx The ECDH context to set up. This must be initialized.
+ * \param key The EC key to use. This must be initialized.
+ * \param side Defines the source of the key. Possible values are:
+ * - #MBEDTLS_ECDH_OURS: The key is ours.
+ * - #MBEDTLS_ECDH_THEIRS: The key is that of the peer.
*
* \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
*/
-int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
- mbedtls_ecdh_side side );
+int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
+ const mbedtls_ecp_keypair *key,
+ mbedtls_ecdh_side side );
/**
- * \brief This function generates a public key and a TLS
- * ClientKeyExchange payload.
+ * \brief This function generates a public key and exports it
+ * as a TLS ClientKeyExchange payload.
*
* This is the second function used by a TLS client for ECDH(E)
* ciphersuites.
*
* \see ecp.h
*
- * \param ctx The ECDH context.
- * \param olen The number of Bytes written.
- * \param buf The destination buffer.
- * \param blen The size of the destination buffer.
- * \param f_rng The RNG function.
- * \param p_rng The RNG context.
+ * \param ctx The ECDH context to use. This must be initialized
+ * and bound to a group, the latter usually by
+ * mbedtls_ecdh_read_params().
+ * \param olen The address at which to store the number of Bytes written.
+ * This must not be \c NULL.
+ * \param buf The destination buffer. This must be a writable buffer
+ * of length \p blen Bytes.
+ * \param blen The size of the destination buffer \p buf in Bytes.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be
+ * \c NULL in case \p f_rng doesn't need a context argument.
*
* \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * operations was reached: see \c mbedtls_ecp_set_max_ops().
+ * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
@@ -228,23 +349,26 @@
void *p_rng );
/**
- * \brief This function parses and processes a TLS ClientKeyExchange
- * payload.
+ * \brief This function parses and processes the ECDHE payload of a
+ * TLS ClientKeyExchange message.
*
- * This is the second function used by a TLS server for ECDH(E)
- * ciphersuites.
+ * This is the third function used by a TLS server for ECDH(E)
+ * ciphersuites. (It is called after mbedtls_ecdh_setup() and
+ * mbedtls_ecdh_make_params().)
*
* \see ecp.h
*
- * \param ctx The ECDH context.
- * \param buf The start of the input buffer.
- * \param blen The length of the input buffer.
+ * \param ctx The ECDH context to use. This must be initialized
+ * and bound to a group, for example via mbedtls_ecdh_setup().
+ * \param buf The pointer to the ClientKeyExchange payload. This must
+ * be a readable buffer of length \p blen Bytes.
+ * \param blen The length of the input buffer \p buf in Bytes.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
- const unsigned char *buf, size_t blen );
+ const unsigned char *buf, size_t blen );
/**
* \brief This function derives and exports the shared secret.
@@ -257,22 +381,46 @@
* For more information, see mbedtls_ecp_mul().
*
* \see ecp.h
- *
- * \param ctx The ECDH context.
- * \param olen The number of Bytes written.
- * \param buf The destination buffer.
- * \param blen The length of the destination buffer.
- * \param f_rng The RNG function.
- * \param p_rng The RNG context.
+
+ * \param ctx The ECDH context to use. This must be initialized
+ * and have its own private key generated and the peer's
+ * public key imported.
+ * \param olen The address at which to store the total number of
+ * Bytes written on success. This must not be \c NULL.
+ * \param buf The buffer to write the generated shared key to. This
+ * must be a writable buffer of size \p blen Bytes.
+ * \param blen The length of the destination buffer \p buf in Bytes.
+ * \param f_rng The RNG function, for blinding purposes. This may
+ * b \c NULL if blinding isn't needed.
+ * \param p_rng The RNG context. This may be \c NULL if \p f_rng
+ * doesn't need a context argument.
*
* \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * operations was reached: see \c mbedtls_ecp_set_max_ops().
+ * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+/**
+ * \brief This function enables restartable EC computations for this
+ * context. (Default: disabled.)
+ *
+ * \see \c mbedtls_ecp_set_max_ops()
+ *
+ * \note It is not possible to safely disable restartable
+ * computations once enabled, except by free-ing the context,
+ * which cancels possible in-progress operations.
+ *
+ * \param ctx The ECDH context to use. This must be initialized.
+ */
+void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx );
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index ce1a03d..2943945 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -32,43 +32,105 @@
#ifndef MBEDTLS_ECDSA_H
#define MBEDTLS_ECDSA_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "ecp.h"
#include "md.h"
-/*
- * RFC-4492 page 20:
+/**
+ * \brief Maximum ECDSA signature size for a given curve bit size
*
+ * \param bits Curve size in bits
+ * \return Maximum signature size in bytes
+ *
+ * \note This macro returns a compile-time constant if its argument
+ * is one. It may evaluate its argument multiple times.
+ */
+/*
* Ecdsa-Sig-Value ::= SEQUENCE {
* r INTEGER,
* s INTEGER
* }
*
- * Size is at most
- * 1 (tag) + 1 (len) + 1 (initial 0) + ECP_MAX_BYTES for each of r and s,
- * twice that + 1 (tag) + 2 (len) for the sequence
- * (assuming ECP_MAX_BYTES is less than 126 for r and s,
- * and less than 124 (total len <= 255) for the sequence)
+ * For each of r and s, the value (V) may include an extra initial "0" bit.
*/
-#if MBEDTLS_ECP_MAX_BYTES > 124
-#error "MBEDTLS_ECP_MAX_BYTES bigger than expected, please fix MBEDTLS_ECDSA_MAX_LEN"
-#endif
-/** The maximal size of an ECDSA signature in Bytes. */
-#define MBEDTLS_ECDSA_MAX_LEN ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) )
+#define MBEDTLS_ECDSA_MAX_SIG_LEN( bits ) \
+ ( /*T,L of SEQUENCE*/ ( ( bits ) >= 61 * 8 ? 3 : 2 ) + \
+ /*T,L of r,s*/ 2 * ( ( ( bits ) >= 127 * 8 ? 3 : 2 ) + \
+ /*V of r,s*/ ( ( bits ) + 8 ) / 8 ) )
-/**
- * \brief The ECDSA context structure.
- */
-typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
+/** The maximal size of an ECDSA signature in Bytes. */
+#define MBEDTLS_ECDSA_MAX_LEN MBEDTLS_ECDSA_MAX_SIG_LEN( MBEDTLS_ECP_MAX_BITS )
#ifdef __cplusplus
extern "C" {
#endif
/**
+ * \brief The ECDSA context structure.
+ *
+ * \warning Performing multiple operations concurrently on the same
+ * ECDSA context is not supported; objects of this type
+ * should not be shared between multiple threads.
+ */
+typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+
+/**
+ * \brief Internal restart context for ecdsa_verify()
+ *
+ * \note Opaque struct, defined in ecdsa.c
+ */
+typedef struct mbedtls_ecdsa_restart_ver mbedtls_ecdsa_restart_ver_ctx;
+
+/**
+ * \brief Internal restart context for ecdsa_sign()
+ *
+ * \note Opaque struct, defined in ecdsa.c
+ */
+typedef struct mbedtls_ecdsa_restart_sig mbedtls_ecdsa_restart_sig_ctx;
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+/**
+ * \brief Internal restart context for ecdsa_sign_det()
+ *
+ * \note Opaque struct, defined in ecdsa.c
+ */
+typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
+#endif
+
+/**
+ * \brief General context for resuming ECDSA operations
+ */
+typedef struct
+{
+ mbedtls_ecp_restart_ctx ecp; /*!< base context for ECP restart and
+ shared administrative info */
+ mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */
+ mbedtls_ecdsa_restart_sig_ctx *sig; /*!< ecdsa_sign() sub-context */
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+ mbedtls_ecdsa_restart_det_ctx *det; /*!< ecdsa_sign_det() sub-context */
+#endif
+} mbedtls_ecdsa_restart_ctx;
+
+#else /* MBEDTLS_ECP_RESTARTABLE */
+
+/* Now we can declare functions that take a pointer to that */
+typedef void mbedtls_ecdsa_restart_ctx;
+
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+/**
* \brief This function computes the ECDSA signature of a
* previously-hashed message.
*
- * \note The deterministic version is usually preferred.
+ * \note The deterministic version implemented in
+ * mbedtls_ecdsa_sign_det() is usually preferred.
*
* \note If the bitlength of the message hash is larger than the
* bitlength of the group order, then the hash is truncated
@@ -78,14 +140,22 @@
*
* \see ecp.h
*
- * \param grp The ECP group.
- * \param r The first output integer.
- * \param s The second output integer.
- * \param d The private signing key.
- * \param buf The message hash.
- * \param blen The length of \p buf.
- * \param f_rng The RNG function.
- * \param p_rng The RNG context.
+ * \param grp The context for the elliptic curve to use.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ * \param r The MPI context in which to store the first part
+ * the signature. This must be initialized.
+ * \param s The MPI context in which to store the second part
+ * the signature. This must be initialized.
+ * \param d The private signing key. This must be initialized.
+ * \param buf The content to be signed. This is usually the hash of
+ * the original data to be signed. This must be a readable
+ * buffer of length \p blen Bytes. It may be \c NULL if
+ * \p blen is zero.
+ * \param blen The length of \p buf in Bytes.
+ * \param f_rng The RNG function. This must not be \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be
+ * \c NULL if \p f_rng doesn't need a context parameter.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX
@@ -112,21 +182,29 @@
*
* \see ecp.h
*
- * \param grp The ECP group.
- * \param r The first output integer.
- * \param s The second output integer.
- * \param d The private signing key.
- * \param buf The message hash.
- * \param blen The length of \p buf.
- * \param md_alg The MD algorithm used to hash the message.
+ * \param grp The context for the elliptic curve to use.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ * \param r The MPI context in which to store the first part
+ * the signature. This must be initialized.
+ * \param s The MPI context in which to store the second part
+ * the signature. This must be initialized.
+ * \param d The private signing key. This must be initialized
+ * and setup, for example through mbedtls_ecp_gen_privkey().
+ * \param buf The hashed content to be signed. This must be a readable
+ * buffer of length \p blen Bytes. It may be \c NULL if
+ * \p blen is zero.
+ * \param blen The length of \p buf in Bytes.
+ * \param md_alg The hash algorithm used to hash the original data.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
* error code on failure.
*/
-int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
- const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
- mbedtls_md_type_t md_alg );
+int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r,
+ mbedtls_mpi *s, const mbedtls_mpi *d,
+ const unsigned char *buf, size_t blen,
+ mbedtls_md_type_t md_alg );
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
/**
@@ -141,12 +219,19 @@
*
* \see ecp.h
*
- * \param grp The ECP group.
- * \param buf The message hash.
- * \param blen The length of \p buf.
- * \param Q The public key to use for verification.
+ * \param grp The ECP group to use.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ * \param buf The hashed content that was signed. This must be a readable
+ * buffer of length \p blen Bytes. It may be \c NULL if
+ * \p blen is zero.
+ * \param blen The length of \p buf in Bytes.
+ * \param Q The public key to use for verification. This must be
+ * initialized and setup.
* \param r The first integer of the signature.
+ * This must be initialized.
* \param s The second integer of the signature.
+ * This must be initialized.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature
@@ -155,8 +240,9 @@
* error code on failure for any other reason.
*/
int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
- const unsigned char *buf, size_t blen,
- const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s);
+ const unsigned char *buf, size_t blen,
+ const mbedtls_ecp_point *Q, const mbedtls_mpi *r,
+ const mbedtls_mpi *s);
/**
* \brief This function computes the ECDSA signature and writes it
@@ -173,11 +259,6 @@
* of the Digital Signature Algorithm (DSA) and Elliptic
* Curve Digital Signature Algorithm (ECDSA)</em>.
*
- * \note The \p sig buffer must be at least twice as large as the
- * size of the curve used, plus 9. For example, 73 Bytes if
- * a 256-bit curve is used. A buffer length of
- * #MBEDTLS_ECDSA_MAX_LEN is always safe.
- *
* \note If the bitlength of the message hash is larger than the
* bitlength of the group order, then the hash is truncated as
* defined in <em>Standards for Efficient Cryptography Group
@@ -186,25 +267,84 @@
*
* \see ecp.h
*
- * \param ctx The ECDSA context.
+ * \param ctx The ECDSA context to use. This must be initialized
+ * and have a group and private key bound to it, for example
+ * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
* \param md_alg The message digest that was used to hash the message.
- * \param hash The message hash.
- * \param hlen The length of the hash.
- * \param sig The buffer that holds the signature.
- * \param slen The length of the signature written.
- * \param f_rng The RNG function.
- * \param p_rng The RNG context.
+ * \param hash The message hash to be signed. This must be a readable
+ * buffer of length \p blen Bytes.
+ * \param hlen The length of the hash \p hash in Bytes.
+ * \param sig The buffer to which to write the signature. This must be a
+ * writable buffer of length at least twice as large as the
+ * size of the curve used, plus 9. For example, 73 Bytes if
+ * a 256-bit curve is used. A buffer length of
+ * #MBEDTLS_ECDSA_MAX_LEN is always safe.
+ * \param slen The address at which to store the actual length of
+ * the signature written. Must not be \c NULL.
+ * \param f_rng The RNG function. This must not be \c NULL if
+ * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
+ * it is unused and may be set to \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be
+ * \c NULL if \p f_rng is \c NULL or doesn't use a context.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
-int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
+int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
+ mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t *slen,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
+/**
+ * \brief This function computes the ECDSA signature and writes it
+ * to a buffer, in a restartable way.
+ *
+ * \see \c mbedtls_ecdsa_write_signature()
+ *
+ * \note This function is like \c mbedtls_ecdsa_write_signature()
+ * but it can return early and restart according to the limit
+ * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+ *
+ * \param ctx The ECDSA context to use. This must be initialized
+ * and have a group and private key bound to it, for example
+ * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
+ * \param md_alg The message digest that was used to hash the message.
+ * \param hash The message hash to be signed. This must be a readable
+ * buffer of length \p blen Bytes.
+ * \param hlen The length of the hash \p hash in Bytes.
+ * \param sig The buffer to which to write the signature. This must be a
+ * writable buffer of length at least twice as large as the
+ * size of the curve used, plus 9. For example, 73 Bytes if
+ * a 256-bit curve is used. A buffer length of
+ * #MBEDTLS_ECDSA_MAX_LEN is always safe.
+ * \param slen The address at which to store the actual length of
+ * the signature written. Must not be \c NULL.
+ * \param f_rng The RNG function. This must not be \c NULL if
+ * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
+ * it is unused and may be set to \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be
+ * \c NULL if \p f_rng is \c NULL or doesn't use a context.
+ * \param rs_ctx The restart context to use. This may be \c NULL to disable
+ * restarting. If it is not \c NULL, it must point to an
+ * initialized restart context.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * operations was reached: see \c mbedtls_ecp_set_max_ops().
+ * \return Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
+ * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
+ */
+int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hlen,
+ unsigned char *sig, size_t *slen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_ecdsa_restart_ctx *rs_ctx );
+
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
@@ -225,11 +365,6 @@
* \warning It is not thread-safe to use the same context in
* multiple threads.
*
- * \note The \p sig buffer must be at least twice as large as the
- * size of the curve used, plus 9. For example, 73 Bytes if a
- * 256-bit curve is used. A buffer length of
- * #MBEDTLS_ECDSA_MAX_LEN is always safe.
- *
* \note If the bitlength of the message hash is larger than the
* bitlength of the group order, then the hash is truncated as
* defined in <em>Standards for Efficient Cryptography Group
@@ -241,12 +376,20 @@
* \deprecated Superseded by mbedtls_ecdsa_write_signature() in
* Mbed TLS version 2.0 and later.
*
- * \param ctx The ECDSA context.
- * \param hash The message hash.
- * \param hlen The length of the hash.
- * \param sig The buffer that holds the signature.
- * \param slen The length of the signature written.
- * \param md_alg The MD algorithm used to hash the message.
+ * \param ctx The ECDSA context to use. This must be initialized
+ * and have a group and private key bound to it, for example
+ * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
+ * \param hash The message hash to be signed. This must be a readable
+ * buffer of length \p blen Bytes.
+ * \param hlen The length of the hash \p hash in Bytes.
+ * \param sig The buffer to which to write the signature. This must be a
+ * writable buffer of length at least twice as large as the
+ * size of the curve used, plus 9. For example, 73 Bytes if
+ * a 256-bit curve is used. A buffer length of
+ * #MBEDTLS_ECDSA_MAX_LEN is always safe.
+ * \param slen The address at which to store the actual length of
+ * the signature written. Must not be \c NULL.
+ * \param md_alg The message digest that was used to hash the message.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
@@ -271,11 +414,14 @@
*
* \see ecp.h
*
- * \param ctx The ECDSA context.
- * \param hash The message hash.
- * \param hlen The size of the hash.
- * \param sig The signature to read and verify.
- * \param slen The size of \p sig.
+ * \param ctx The ECDSA context to use. This must be initialized
+ * and have a group and public key bound to it.
+ * \param hash The message hash that was signed. This must be a readable
+ * buffer of length \p size Bytes.
+ * \param hlen The size of the hash \p hash.
+ * \param sig The signature to read and verify. This must be a readable
+ * buffer of length \p slen Bytes.
+ * \param slen The size of \p sig in Bytes.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
@@ -289,15 +435,53 @@
const unsigned char *sig, size_t slen );
/**
+ * \brief This function reads and verifies an ECDSA signature,
+ * in a restartable way.
+ *
+ * \see \c mbedtls_ecdsa_read_signature()
+ *
+ * \note This function is like \c mbedtls_ecdsa_read_signature()
+ * but it can return early and restart according to the limit
+ * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+ *
+ * \param ctx The ECDSA context to use. This must be initialized
+ * and have a group and public key bound to it.
+ * \param hash The message hash that was signed. This must be a readable
+ * buffer of length \p size Bytes.
+ * \param hlen The size of the hash \p hash.
+ * \param sig The signature to read and verify. This must be a readable
+ * buffer of length \p slen Bytes.
+ * \param slen The size of \p sig in Bytes.
+ * \param rs_ctx The restart context to use. This may be \c NULL to disable
+ * restarting. If it is not \c NULL, it must point to an
+ * initialized restart context.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
+ * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
+ * signature in \p sig, but its length is less than \p siglen.
+ * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * operations was reached: see \c mbedtls_ecp_set_max_ops().
+ * \return Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
+ * error code on failure for any other reason.
+ */
+int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
+ const unsigned char *hash, size_t hlen,
+ const unsigned char *sig, size_t slen,
+ mbedtls_ecdsa_restart_ctx *rs_ctx );
+
+/**
* \brief This function generates an ECDSA keypair on the given curve.
*
* \see ecp.h
*
* \param ctx The ECDSA context to store the keypair in.
+ * This must be initialized.
* \param gid The elliptic curve to use. One of the various
* \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
- * \param f_rng The RNG function.
- * \param p_rng The RNG context.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be
+ * \c NULL if \p f_rng doesn't need a context argument.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
@@ -306,32 +490,59 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/**
- * \brief This function sets an ECDSA context from an EC key pair.
+ * \brief This function sets up an ECDSA context from an EC key pair.
*
* \see ecp.h
*
- * \param ctx The ECDSA context to set.
- * \param key The EC key to use.
+ * \param ctx The ECDSA context to setup. This must be initialized.
+ * \param key The EC key to use. This must be initialized and hold
+ * a private-public key pair or a public key. In the former
+ * case, the ECDSA context may be used for signature creation
+ * and verification after this call. In the latter case, it
+ * may be used for signature verification.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
*/
-int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key );
+int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx,
+ const mbedtls_ecp_keypair *key );
/**
* \brief This function initializes an ECDSA context.
*
* \param ctx The ECDSA context to initialize.
+ * This must not be \c NULL.
*/
void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
/**
* \brief This function frees an ECDSA context.
*
- * \param ctx The ECDSA context to free.
+ * \param ctx The ECDSA context to free. This may be \c NULL,
+ * in which case this function does nothing. If it
+ * is not \c NULL, it must be initialized.
*/
void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+/**
+ * \brief Initialize a restart context.
+ *
+ * \param ctx The restart context to initialize.
+ * This must not be \c NULL.
+ */
+void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx );
+
+/**
+ * \brief Free the components of a restart context.
+ *
+ * \param ctx The restart context to free. This may be \c NULL,
+ * in which case this function does nothing. If it
+ * is not \c NULL, it must be initialized.
+ */
+void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx );
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index cc2b316..3d8d02a 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -40,6 +40,11 @@
* The payloads are serialized in a way suitable for use in TLS, but could
* also be use outside TLS.
*/
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
#include "ecp.h"
#include "md.h"
@@ -68,7 +73,7 @@
* convetion from the Thread v1.0 spec. Correspondance is indicated in the
* description as a pair C: client name, S: server name
*/
-typedef struct
+typedef struct mbedtls_ecjpake_context
{
const mbedtls_md_info_t *md_info; /**< Hash to use */
mbedtls_ecp_group grp; /**< Elliptic curve */
@@ -92,28 +97,33 @@
#endif /* MBEDTLS_ECJPAKE_ALT */
/**
- * \brief Initialize a context
- * (just makes it ready for setup() or free()).
+ * \brief Initialize an ECJPAKE context.
*
- * \param ctx context to initialize
+ * \param ctx The ECJPAKE context to initialize.
+ * This must not be \c NULL.
*/
void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
/**
- * \brief Set up a context for use
+ * \brief Set up an ECJPAKE context for use.
*
* \note Currently the only values for hash/curve allowed by the
- * standard are MBEDTLS_MD_SHA256/MBEDTLS_ECP_DP_SECP256R1.
+ * standard are #MBEDTLS_MD_SHA256/#MBEDTLS_ECP_DP_SECP256R1.
*
- * \param ctx context to set up
- * \param role Our role: client or server
- * \param hash hash function to use (MBEDTLS_MD_XXX)
- * \param curve elliptic curve identifier (MBEDTLS_ECP_DP_XXX)
- * \param secret pre-shared secret (passphrase)
- * \param len length of the shared secret
+ * \param ctx The ECJPAKE context to set up. This must be initialized.
+ * \param role The role of the caller. This must be either
+ * #MBEDTLS_ECJPAKE_CLIENT or #MBEDTLS_ECJPAKE_SERVER.
+ * \param hash The identifier of the hash function to use,
+ * for example #MBEDTLS_MD_SHA256.
+ * \param curve The identifier of the elliptic curve to use,
+ * for example #MBEDTLS_ECP_DP_SECP256R1.
+ * \param secret The pre-shared secret (passphrase). This must be
+ * a readable buffer of length \p len Bytes. It need
+ * only be valid for the duration of this call.
+ * \param len The length of the pre-shared secret \p secret.
*
- * \return 0 if successfull,
- * a negative error code otherwise
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
mbedtls_ecjpake_role role,
@@ -123,29 +133,34 @@
size_t len );
/**
- * \brief Check if a context is ready for use
+ * \brief Check if an ECJPAKE context is ready for use.
*
- * \param ctx Context to check
+ * \param ctx The ECJPAKE context to check. This must be
+ * initialized.
*
- * \return 0 if the context is ready for use,
- * MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise
+ * \return \c 0 if the context is ready for use.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise.
*/
int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx );
/**
* \brief Generate and write the first round message
* (TLS: contents of the Client/ServerHello extension,
- * excluding extension type and length bytes)
+ * excluding extension type and length bytes).
*
- * \param ctx Context to use
- * \param buf Buffer to write the contents to
- * \param len Buffer size
- * \param olen Will be updated with the number of bytes written
- * \param f_rng RNG function
- * \param p_rng RNG parameter
+ * \param ctx The ECJPAKE context to use. This must be
+ * initialized and set up.
+ * \param buf The buffer to write the contents to. This must be a
+ * writable buffer of length \p len Bytes.
+ * \param len The length of \p buf in Bytes.
+ * \param olen The address at which to store the total number
+ * of Bytes written to \p buf. This must not be \c NULL.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
+ * \param p_rng The RNG parameter to be passed to \p f_rng. This
+ * may be \c NULL if \p f_rng doesn't use a context.
*
- * \return 0 if successfull,
- * a negative error code otherwise
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
unsigned char *buf, size_t len, size_t *olen,
@@ -155,14 +170,16 @@
/**
* \brief Read and process the first round message
* (TLS: contents of the Client/ServerHello extension,
- * excluding extension type and length bytes)
+ * excluding extension type and length bytes).
*
- * \param ctx Context to use
- * \param buf Pointer to extension contents
- * \param len Extension length
+ * \param ctx The ECJPAKE context to use. This must be initialized
+ * and set up.
+ * \param buf The buffer holding the first round message. This must
+ * be a readable buffer of length \p len Bytes.
+ * \param len The length in Bytes of \p buf.
*
- * \return 0 if successfull,
- * a negative error code otherwise
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
const unsigned char *buf,
@@ -170,17 +187,21 @@
/**
* \brief Generate and write the second round message
- * (TLS: contents of the Client/ServerKeyExchange)
+ * (TLS: contents of the Client/ServerKeyExchange).
*
- * \param ctx Context to use
- * \param buf Buffer to write the contents to
- * \param len Buffer size
- * \param olen Will be updated with the number of bytes written
- * \param f_rng RNG function
- * \param p_rng RNG parameter
+ * \param ctx The ECJPAKE context to use. This must be initialized,
+ * set up, and already have performed round one.
+ * \param buf The buffer to write the round two contents to.
+ * This must be a writable buffer of length \p len Bytes.
+ * \param len The size of \p buf in Bytes.
+ * \param olen The address at which to store the total number of Bytes
+ * written to \p buf. This must not be \c NULL.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
+ * \param p_rng The RNG parameter to be passed to \p f_rng. This
+ * may be \c NULL if \p f_rng doesn't use a context.
*
- * \return 0 if successfull,
- * a negative error code otherwise
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
unsigned char *buf, size_t len, size_t *olen,
@@ -189,14 +210,16 @@
/**
* \brief Read and process the second round message
- * (TLS: contents of the Client/ServerKeyExchange)
+ * (TLS: contents of the Client/ServerKeyExchange).
*
- * \param ctx Context to use
- * \param buf Pointer to the message
- * \param len Message length
+ * \param ctx The ECJPAKE context to use. This must be initialized
+ * and set up and already have performed round one.
+ * \param buf The buffer holding the second round message. This must
+ * be a readable buffer of length \p len Bytes.
+ * \param len The length in Bytes of \p buf.
*
- * \return 0 if successfull,
- * a negative error code otherwise
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
const unsigned char *buf,
@@ -204,17 +227,21 @@
/**
* \brief Derive the shared secret
- * (TLS: Pre-Master Secret)
+ * (TLS: Pre-Master Secret).
*
- * \param ctx Context to use
- * \param buf Buffer to write the contents to
- * \param len Buffer size
- * \param olen Will be updated with the number of bytes written
- * \param f_rng RNG function
- * \param p_rng RNG parameter
+ * \param ctx The ECJPAKE context to use. This must be initialized,
+ * set up and have performed both round one and two.
+ * \param buf The buffer to write the derived secret to. This must
+ * be a writable buffer of length \p len Bytes.
+ * \param len The length of \p buf in Bytes.
+ * \param olen The address at which to store the total number of Bytes
+ * written to \p buf. This must not be \c NULL.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
+ * \param p_rng The RNG parameter to be passed to \p f_rng. This
+ * may be \c NULL if \p f_rng doesn't use a context.
*
- * \return 0 if successfull,
- * a negative error code otherwise
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
unsigned char *buf, size_t len, size_t *olen,
@@ -222,14 +249,15 @@
void *p_rng );
/**
- * \brief Free a context's content
+ * \brief This clears an ECJPAKE context and frees any
+ * embedded data structure.
*
- * \param ctx context to free
+ * \param ctx The ECJPAKE context to free. This may be \c NULL,
+ * in which case this function does nothing. If it is not
+ * \c NULL, it must point to an initialized ECJPAKE context.
*/
void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
-
-
#if defined(MBEDTLS_SELF_TEST)
/**
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 3a40798..0b2504e 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -36,6 +36,12 @@
#ifndef MBEDTLS_ECP_H
#define MBEDTLS_ECP_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "bignum.h"
/*
@@ -49,8 +55,12 @@
#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as ephemeral key, failed. */
#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */
#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< The buffer contains a valid signature followed by more data. */
+
+/* MBEDTLS_ERR_ECP_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< The ECP hardware accelerator failed. */
+#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 /**< Operation in progress, call again with the same parameters to continue. */
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -89,10 +99,20 @@
*/
#define MBEDTLS_ECP_DP_MAX 12
+/*
+ * Curve types
+ */
+typedef enum
+{
+ MBEDTLS_ECP_TYPE_NONE = 0,
+ MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */
+ MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */
+} mbedtls_ecp_curve_type;
+
/**
* Curve information, for use by other modules.
*/
-typedef struct
+typedef struct mbedtls_ecp_curve_info
{
mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */
uint16_t tls_id; /*!< The TLS NamedCurve identifier. */
@@ -111,7 +131,7 @@
* Otherwise, \p X and \p Y are its standard (affine)
* coordinates.
*/
-typedef struct
+typedef struct mbedtls_ecp_point
{
mbedtls_mpi X; /*!< The X coordinate of the ECP point. */
mbedtls_mpi Y; /*!< The Y coordinate of the ECP point. */
@@ -155,8 +175,12 @@
* additions or subtractions. Therefore, it is only an approximative modular
* reduction. It must return 0 on success and non-zero on failure.
*
+ * \note Alternative implementations must keep the group IDs distinct. If
+ * two group structures have the same ID, then they must be
+ * identical.
+ *
*/
-typedef struct
+typedef struct mbedtls_ecp_group
{
mbedtls_ecp_group_id id; /*!< An internal group identifier. */
mbedtls_mpi P; /*!< The prime modulus of the base field. */
@@ -243,6 +267,70 @@
#include "ecp_alt.h"
#endif /* MBEDTLS_ECP_ALT */
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+
+/**
+ * \brief Internal restart context for multiplication
+ *
+ * \note Opaque struct
+ */
+typedef struct mbedtls_ecp_restart_mul mbedtls_ecp_restart_mul_ctx;
+
+/**
+ * \brief Internal restart context for ecp_muladd()
+ *
+ * \note Opaque struct
+ */
+typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx;
+
+/**
+ * \brief General context for resuming ECC operations
+ */
+typedef struct
+{
+ unsigned ops_done; /*!< current ops count */
+ unsigned depth; /*!< call depth (0 = top-level) */
+ mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */
+ mbedtls_ecp_restart_muladd_ctx *ma; /*!< ecp_muladd() sub-context */
+} mbedtls_ecp_restart_ctx;
+
+/*
+ * Operation counts for restartable functions
+ */
+#define MBEDTLS_ECP_OPS_CHK 3 /*!< basic ops count for ecp_check_pubkey() */
+#define MBEDTLS_ECP_OPS_DBL 8 /*!< basic ops count for ecp_double_jac() */
+#define MBEDTLS_ECP_OPS_ADD 11 /*!< basic ops count for see ecp_add_mixed() */
+#define MBEDTLS_ECP_OPS_INV 120 /*!< empirical equivalent for mpi_mod_inv() */
+
+/**
+ * \brief Internal; for restartable functions in other modules.
+ * Check and update basic ops budget.
+ *
+ * \param grp Group structure
+ * \param rs_ctx Restart context
+ * \param ops Number of basic ops to do
+ *
+ * \return \c 0 if doing \p ops basic ops is still allowed,
+ * \return #MBEDTLS_ERR_ECP_IN_PROGRESS otherwise.
+ */
+int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
+ mbedtls_ecp_restart_ctx *rs_ctx,
+ unsigned ops );
+
+/* Utility macro for checking and updating ops budget */
+#define MBEDTLS_ECP_BUDGET( ops ) \
+ MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, rs_ctx, \
+ (unsigned) (ops) ) );
+
+#else /* MBEDTLS_ECP_RESTARTABLE */
+
+#define MBEDTLS_ECP_BUDGET( ops ) /* no-op; for compatibility */
+
+/* We want to declare restartable versions of existing functions anyway */
+typedef void mbedtls_ecp_restart_ctx;
+
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
/**
* \brief The ECP key-pair structure.
*
@@ -251,7 +339,7 @@
* \note Members are deliberately in the same order as in the
* ::mbedtls_ecdsa_context structure.
*/
-typedef struct
+typedef struct mbedtls_ecp_keypair
{
mbedtls_ecp_group grp; /*!< Elliptic curve and base point */
mbedtls_mpi d; /*!< our secret value */
@@ -270,6 +358,80 @@
*/
#define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< The named_curve of ECCurveType. */
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+/**
+ * \brief Set the maximum number of basic operations done in a row.
+ *
+ * If more operations are needed to complete a computation,
+ * #MBEDTLS_ERR_ECP_IN_PROGRESS will be returned by the
+ * function performing the computation. It is then the
+ * caller's responsibility to either call again with the same
+ * parameters until it returns 0 or an error code; or to free
+ * the restart context if the operation is to be aborted.
+ *
+ * It is strictly required that all input parameters and the
+ * restart context be the same on successive calls for the
+ * same operation, but output parameters need not be the
+ * same; they must not be used until the function finally
+ * returns 0.
+ *
+ * This only applies to functions whose documentation
+ * mentions they may return #MBEDTLS_ERR_ECP_IN_PROGRESS (or
+ * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS for functions in the
+ * SSL module). For functions that accept a "restart context"
+ * argument, passing NULL disables restart and makes the
+ * function equivalent to the function with the same name
+ * with \c _restartable removed. For functions in the ECDH
+ * module, restart is disabled unless the function accepts
+ * an "ECDH context" argument and
+ * mbedtls_ecdh_enable_restart() was previously called on
+ * that context. For function in the SSL module, restart is
+ * only enabled for specific sides and key exchanges
+ * (currently only for clients and ECDHE-ECDSA).
+ *
+ * \param max_ops Maximum number of basic operations done in a row.
+ * Default: 0 (unlimited).
+ * Lower (non-zero) values mean ECC functions will block for
+ * a lesser maximum amount of time.
+ *
+ * \note A "basic operation" is defined as a rough equivalent of a
+ * multiplication in GF(p) for the NIST P-256 curve.
+ * As an indication, with default settings, a scalar
+ * multiplication (full run of \c mbedtls_ecp_mul()) is:
+ * - about 3300 basic operations for P-256
+ * - about 9400 basic operations for P-384
+ *
+ * \note Very low values are not always respected: sometimes
+ * functions need to block for a minimum number of
+ * operations, and will do so even if max_ops is set to a
+ * lower value. That minimum depends on the curve size, and
+ * can be made lower by decreasing the value of
+ * \c MBEDTLS_ECP_WINDOW_SIZE. As an indication, here is the
+ * lowest effective value for various curves and values of
+ * that parameter (w for short):
+ * w=6 w=5 w=4 w=3 w=2
+ * P-256 208 208 160 136 124
+ * P-384 682 416 320 272 248
+ * P-521 1364 832 640 544 496
+ *
+ * \note This setting is currently ignored by Curve25519.
+ */
+void mbedtls_ecp_set_max_ops( unsigned max_ops );
+
+/**
+ * \brief Check if restart is enabled (max_ops != 0)
+ *
+ * \return \c 0 if \c max_ops == 0 (restart disabled)
+ * \return \c 1 otherwise (restart enabled)
+ */
+int mbedtls_ecp_restart_is_enabled( void );
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+/*
+ * Get the type of a curve
+ */
+mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp );
+
/**
* \brief This function retrieves the information defined in
* mbedtls_ecp_curve_info() for all supported curves in order
@@ -335,7 +497,7 @@
*
* \note After this function is called, domain parameters
* for various ECP groups can be loaded through the
- * mbedtls_ecp_load() or mbedtls_ecp_tls_read_group()
+ * mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()
* functions.
*/
void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
@@ -356,25 +518,51 @@
/**
* \brief This function frees the components of an ECP group.
- * \param grp The group to free.
+ *
+ * \param grp The group to free. This may be \c NULL, in which
+ * case this function returns immediately. If it is not
+ * \c NULL, it must point to an initialized ECP group.
*/
void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
/**
* \brief This function frees the components of a key pair.
- * \param key The key pair to free.
+ *
+ * \param key The key pair to free. This may be \c NULL, in which
+ * case this function returns immediately. If it is not
+ * \c NULL, it must point to an initialized ECP key pair.
*/
void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+/**
+ * \brief Initialize a restart context.
+ *
+ * \param ctx The restart context to initialize. This must
+ * not be \c NULL.
+ */
+void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx );
+
+/**
+ * \brief Free the components of a restart context.
+ *
+ * \param ctx The restart context to free. This may be \c NULL, in which
+ * case this function returns immediately. If it is not
+ * \c NULL, it must point to an initialized restart context.
+ */
+void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx );
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
/**
* \brief This function copies the contents of point \p Q into
* point \p P.
*
- * \param P The destination point.
- * \param Q The source point.
+ * \param P The destination point. This must be initialized.
+ * \param Q The source point. This must be initialized.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return Another negative error code for other kinds of failure.
*/
int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
@@ -382,31 +570,35 @@
* \brief This function copies the contents of group \p src into
* group \p dst.
*
- * \param dst The destination group.
- * \param src The source group.
+ * \param dst The destination group. This must be initialized.
+ * \param src The source group. This must be initialized.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src );
+int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst,
+ const mbedtls_ecp_group *src );
/**
- * \brief This function sets a point to zero.
+ * \brief This function sets a point to the point at infinity.
*
- * \param pt The point to set.
+ * \param pt The point to set. This must be initialized.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
/**
- * \brief This function checks if a point is zero.
+ * \brief This function checks if a point is the point at infinity.
*
- * \param pt The point to test.
+ * \param pt The point to test. This must be initialized.
*
* \return \c 1 if the point is zero.
* \return \c 0 if the point is non-zero.
+ * \return A negative error code on failure.
*/
int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
@@ -416,8 +608,8 @@
* \note This assumes that the points are normalized. Otherwise,
* they may compare as "not equal" even if they are.
*
- * \param P The first point to compare.
- * \param Q The second point to compare.
+ * \param P The first point to compare. This must be initialized.
+ * \param Q The second point to compare. This must be initialized.
*
* \return \c 0 if the points are equal.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.
@@ -429,7 +621,7 @@
* \brief This function imports a non-zero point from two ASCII
* strings.
*
- * \param P The destination point.
+ * \param P The destination point. This must be initialized.
* \param radix The numeric base of the input.
* \param x The first affine coordinate, as a null-terminated string.
* \param y The second affine coordinate, as a null-terminated string.
@@ -444,19 +636,31 @@
* \brief This function exports a point into unsigned binary data.
*
* \param grp The group to which the point should belong.
- * \param P The point to export.
- * \param format The point format. Should be an \c MBEDTLS_ECP_PF_XXX macro.
- * \param olen The length of the output.
- * \param buf The output buffer.
- * \param buflen The length of the output buffer.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ * \param P The point to export. This must be initialized.
+ * \param format The point format. This must be either
+ * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
+ * (For groups without these formats, this parameter is
+ * ignored. But it still has to be either of the above
+ * values.)
+ * \param olen The address at which to store the length of
+ * the output in Bytes. This must not be \c NULL.
+ * \param buf The output buffer. This must be a writable buffer
+ * of length \p buflen Bytes.
+ * \param buflen The length of the output buffer \p buf in Bytes.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA
- * or #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.
+ * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer
+ * is too small to hold the point.
+ * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
+ * or the export for the given group is not implemented.
+ * \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
- int format, size_t *olen,
- unsigned char *buf, size_t buflen );
+int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
+ const mbedtls_ecp_point *P,
+ int format, size_t *olen,
+ unsigned char *buf, size_t buflen );
/**
* \brief This function imports a point from unsigned binary data.
@@ -466,108 +670,158 @@
* for that.
*
* \param grp The group to which the point should belong.
- * \param P The point to import.
- * \param buf The input buffer.
- * \param ilen The length of the input.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ * \param P The destination context to import the point to.
+ * This must be initialized.
+ * \param buf The input buffer. This must be a readable buffer
+ * of length \p ilen Bytes.
+ * \param ilen The length of the input buffer \p buf in Bytes.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
- * is not implemented.
- *
+ * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the
+ * given group is not implemented.
*/
-int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
- const unsigned char *buf, size_t ilen );
+int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *P,
+ const unsigned char *buf, size_t ilen );
/**
* \brief This function imports a point from a TLS ECPoint record.
*
- * \note On function return, \p buf is updated to point to immediately
+ * \note On function return, \p *buf is updated to point immediately
* after the ECPoint record.
*
- * \param grp The ECP group used.
+ * \param grp The ECP group to use.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
* \param pt The destination point.
* \param buf The address of the pointer to the start of the input buffer.
* \param len The length of the buffer.
*
* \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure.
+ * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization
+ * failure.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
*/
-int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
- const unsigned char **buf, size_t len );
+int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *pt,
+ const unsigned char **buf, size_t len );
/**
- * \brief This function exports a point as a TLS ECPoint record.
+ * \brief This function exports a point as a TLS ECPoint record
+ * defined in RFC 4492, Section 5.4.
*
- * \param grp The ECP group used.
- * \param pt The point format to export to. The point format is an
- * \c MBEDTLS_ECP_PF_XXX constant.
- * \param format The export format.
- * \param olen The length of the data written.
- * \param buf The buffer to write to.
- * \param blen The length of the buffer.
+ * \param grp The ECP group to use.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ * \param pt The point to be exported. This must be initialized.
+ * \param format The point format to use. This must be either
+ * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
+ * \param olen The address at which to store the length in Bytes
+ * of the data written.
+ * \param buf The target buffer. This must be a writable buffer of
+ * length \p blen Bytes.
+ * \param blen The length of the target buffer \p buf in Bytes.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA or
- * #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
+ * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the target buffer
+ * is too small to hold the exported point.
+ * \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
- int format, size_t *olen,
- unsigned char *buf, size_t blen );
+int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp,
+ const mbedtls_ecp_point *pt,
+ int format, size_t *olen,
+ unsigned char *buf, size_t blen );
/**
- * \brief This function sets a group using standardized domain parameters.
+ * \brief This function sets up an ECP group context
+ * from a standardized set of domain parameters.
*
* \note The index should be a value of the NamedCurve enum,
* as defined in <em>RFC-4492: Elliptic Curve Cryptography
* (ECC) Cipher Suites for Transport Layer Security (TLS)</em>,
* usually in the form of an \c MBEDTLS_ECP_DP_XXX macro.
*
- * \param grp The destination group.
+ * \param grp The group context to setup. This must be initialized.
* \param id The identifier of the domain parameter set to load.
*
- * \return \c 0 on success,
- * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups.
-
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p id doesn't
+ * correspond to a known group.
+ * \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
/**
- * \brief This function sets a group from a TLS ECParameters record.
+ * \brief This function sets up an ECP group context from a TLS
+ * ECParameters record as defined in RFC 4492, Section 5.4.
*
- * \note \p buf is updated to point right after the ECParameters record
- * on exit.
+ * \note The read pointer \p buf is updated to point right after
+ * the ECParameters record on exit.
*
- * \param grp The destination group.
+ * \param grp The group context to setup. This must be initialized.
* \param buf The address of the pointer to the start of the input buffer.
- * \param len The length of the buffer.
+ * \param len The length of the input buffer \c *buf in Bytes.
*
* \return \c 0 on success.
- * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+ * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
+ * recognized.
+ * \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len );
+int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
+ const unsigned char **buf, size_t len );
/**
- * \brief This function writes the TLS ECParameters record for a group.
+ * \brief This function extracts an elliptic curve group ID from a
+ * TLS ECParameters record as defined in RFC 4492, Section 5.4.
*
- * \param grp The ECP group used.
- * \param olen The number of Bytes written.
- * \param buf The buffer to write to.
- * \param blen The length of the buffer.
+ * \note The read pointer \p buf is updated to point right after
+ * the ECParameters record on exit.
+ *
+ * \param grp The address at which to store the group id.
+ * This must not be \c NULL.
+ * \param buf The address of the pointer to the start of the input buffer.
+ * \param len The length of the input buffer \c *buf in Bytes.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+ * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
+ * recognized.
+ * \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
- unsigned char *buf, size_t blen );
+int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp,
+ const unsigned char **buf,
+ size_t len );
+/**
+ * \brief This function exports an elliptic curve as a TLS
+ * ECParameters record as defined in RFC 4492, Section 5.4.
+ *
+ * \param grp The ECP group to be exported.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ * \param olen The address at which to store the number of Bytes written.
+ * This must not be \c NULL.
+ * \param buf The buffer to write to. This must be a writable buffer
+ * of length \p blen Bytes.
+ * \param blen The length of the output buffer \p buf in Bytes.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output
+ * buffer is too small to hold the exported group.
+ * \return Another negative error code on other kinds of failure.
+ */
+int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp,
+ size_t *olen,
+ unsigned char *buf, size_t blen );
/**
- * \brief This function performs multiplication of a point by
- * an integer: \p R = \p m * \p P.
+ * \brief This function performs a scalar multiplication of a point
+ * by an integer: \p R = \p m * \p P.
*
* It is not thread-safe to use same group in multiple threads.
*
@@ -581,23 +835,63 @@
* targeting these results. We recommend always providing
* a non-NULL \p f_rng. The overhead is negligible.
*
- * \param grp The ECP group.
- * \param R The destination point.
- * \param m The integer by which to multiply.
- * \param P The point to multiply.
- * \param f_rng The RNG function.
- * \param p_rng The RNG context.
+ * \param grp The ECP group to use.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ * \param R The point in which to store the result of the calculation.
+ * This must be initialized.
+ * \param m The integer by which to multiply. This must be initialized.
+ * \param P The point to multiply. This must be initialized.
+ * \param f_rng The RNG function. This may be \c NULL if randomization
+ * of intermediate results isn't desired (discouraged).
+ * \param p_rng The RNG context to be passed to \p p_rng.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
* key, or \p P is not a valid public key.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/**
+ * \brief This function performs multiplication of a point by
+ * an integer: \p R = \p m * \p P in a restartable way.
+ *
+ * \see mbedtls_ecp_mul()
+ *
+ * \note This function does the same as \c mbedtls_ecp_mul(), but
+ * it can return early and restart according to the limit set
+ * with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+ *
+ * \param grp The ECP group to use.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ * \param R The point in which to store the result of the calculation.
+ * This must be initialized.
+ * \param m The integer by which to multiply. This must be initialized.
+ * \param P The point to multiply. This must be initialized.
+ * \param f_rng The RNG function. This may be \c NULL if randomization
+ * of intermediate results isn't desired (discouraged).
+ * \param p_rng The RNG context to be passed to \p p_rng.
+ * \param rs_ctx The restart context (NULL disables restart).
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
+ * key, or \p P is not a valid public key.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * operations was reached: see \c mbedtls_ecp_set_max_ops().
+ * \return Another negative error code on other kinds of failure.
+ */
+int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ mbedtls_ecp_restart_ctx *rs_ctx );
+
+/**
* \brief This function performs multiplication and addition of two
* points by integers: \p R = \p m * \p P + \p n * \p Q
*
@@ -606,24 +900,71 @@
* \note In contrast to mbedtls_ecp_mul(), this function does not
* guarantee a constant execution flow and timing.
*
- * \param grp The ECP group.
- * \param R The destination point.
+ * \param grp The ECP group to use.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ * \param R The point in which to store the result of the calculation.
+ * This must be initialized.
* \param m The integer by which to multiply \p P.
- * \param P The point to multiply by \p m.
+ * This must be initialized.
+ * \param P The point to multiply by \p m. This must be initialized.
* \param n The integer by which to multiply \p Q.
+ * This must be initialized.
* \param Q The point to be multiplied by \p n.
+ * This must be initialized.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
* valid private keys, or \p P or \p Q are not valid public
* keys.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
/**
+ * \brief This function performs multiplication and addition of two
+ * points by integers: \p R = \p m * \p P + \p n * \p Q in a
+ * restartable way.
+ *
+ * \see \c mbedtls_ecp_muladd()
+ *
+ * \note This function works the same as \c mbedtls_ecp_muladd(),
+ * but it can return early and restart according to the limit
+ * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+ *
+ * \param grp The ECP group to use.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ * \param R The point in which to store the result of the calculation.
+ * This must be initialized.
+ * \param m The integer by which to multiply \p P.
+ * This must be initialized.
+ * \param P The point to multiply by \p m. This must be initialized.
+ * \param n The integer by which to multiply \p Q.
+ * This must be initialized.
+ * \param Q The point to be multiplied by \p n.
+ * This must be initialized.
+ * \param rs_ctx The restart context (NULL disables restart).
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
+ * valid private keys, or \p P or \p Q are not valid public
+ * keys.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * operations was reached: see \c mbedtls_ecp_set_max_ops().
+ * \return Another negative error code on other kinds of failure.
+ */
+int mbedtls_ecp_muladd_restartable(
+ mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+ const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
+ mbedtls_ecp_restart_ctx *rs_ctx );
+
+/**
* \brief This function checks that a point is a valid public key
* on this curve.
*
@@ -640,30 +981,60 @@
* structures, such as ::mbedtls_ecdh_context or
* ::mbedtls_ecdsa_context.
*
- * \param grp The curve the point should lie on.
- * \param pt The point to check.
+ * \param grp The ECP group the point should belong to.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ * \param pt The point to check. This must be initialized.
*
* \return \c 0 if the point is a valid public key.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY on failure.
+ * \return #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not
+ * a valid public key for the given curve.
+ * \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt );
+int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
+ const mbedtls_ecp_point *pt );
/**
- * \brief This function checks that an \p mbedtls_mpi is a valid private
- * key for this curve.
+ * \brief This function checks that an \p mbedtls_mpi is a
+ * valid private key for this curve.
*
* \note This function uses bare components rather than an
* ::mbedtls_ecp_keypair structure to ease use with other
* structures, such as ::mbedtls_ecdh_context or
* ::mbedtls_ecdsa_context.
*
- * \param grp The group used.
- * \param d The integer to check.
+ * \param grp The ECP group the private key should belong to.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ * \param d The integer to check. This must be initialized.
*
* \return \c 0 if the point is a valid private key.
- * \return #MBEDTLS_ERR_ECP_INVALID_KEY on failure.
+ * \return #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not a valid
+ * private key for the given curve.
+ * \return Another negative error code on other kinds of failure.
*/
-int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );
+int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
+ const mbedtls_mpi *d );
+
+/**
+ * \brief This function generates a private key.
+ *
+ * \param grp The ECP group to generate a private key for.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ * \param d The destination MPI (secret part). This must be initialized.
+ * \param f_rng The RNG function. This must not be \c NULL.
+ * \param p_rng The RNG parameter to be passed to \p f_rng. This may be
+ * \c NULL if \p f_rng doesn't need a context argument.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+ * on failure.
+ */
+int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
+ mbedtls_mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
/**
* \brief This function generates a keypair with a configurable base
@@ -674,22 +1045,29 @@
* structures, such as ::mbedtls_ecdh_context or
* ::mbedtls_ecdsa_context.
*
- * \param grp The ECP group.
- * \param G The chosen base point.
+ * \param grp The ECP group to generate a key pair for.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ * \param G The base point to use. This must be initialized
+ * and belong to \p grp. It replaces the default base
+ * point \c grp->G used by mbedtls_ecp_gen_keypair().
* \param d The destination MPI (secret part).
+ * This must be initialized.
* \param Q The destination point (public part).
- * \param f_rng The RNG function.
- * \param p_rng The RNG context.
+ * This must be initialized.
+ * \param f_rng The RNG function. This must not be \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may
+ * be \c NULL if \p f_rng doesn't need a context argument.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
* on failure.
*/
int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *G,
- mbedtls_mpi *d, mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+ const mbedtls_ecp_point *G,
+ mbedtls_mpi *d, mbedtls_ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
/**
* \brief This function generates an ECP keypair.
@@ -699,51 +1077,82 @@
* structures, such as ::mbedtls_ecdh_context or
* ::mbedtls_ecdsa_context.
*
- * \param grp The ECP group.
+ * \param grp The ECP group to generate a key pair for.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
* \param d The destination MPI (secret part).
+ * This must be initialized.
* \param Q The destination point (public part).
- * \param f_rng The RNG function.
- * \param p_rng The RNG context.
+ * This must be initialized.
+ * \param f_rng The RNG function. This must not be \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may
+ * be \c NULL if \p f_rng doesn't need a context argument.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
* on failure.
*/
-int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng );
+int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d,
+ mbedtls_ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
/**
* \brief This function generates an ECP key.
*
* \param grp_id The ECP group identifier.
- * \param key The destination key.
- * \param f_rng The RNG function.
- * \param p_rng The RNG context.
+ * \param key The destination key. This must be initialized.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may
+ * be \c NULL if \p f_rng doesn't need a context argument.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
* on failure.
*/
int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
/**
+ * \brief This function reads an elliptic curve private key.
+ *
+ * \param grp_id The ECP group identifier.
+ * \param key The destination key.
+ * \param buf The the buffer containing the binary representation of the
+ * key. (Big endian integer for Weierstrass curves, byte
+ * string for Montgomery curves.)
+ * \param buflen The length of the buffer in bytes.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_INVALID_KEY error if the key is
+ * invalid.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+ * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
+ * the group is not implemented.
+ * \return Another negative error code on different kinds of failure.
+ */
+int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
+ const unsigned char *buf, size_t buflen );
+/**
* \brief This function checks that the keypair objects
* \p pub and \p prv have the same group and the
* same public point, and that the private key in
* \p prv is consistent with the public key.
*
- * \param pub The keypair structure holding the public key.
- * If it contains a private key, that part is ignored.
+ * \param pub The keypair structure holding the public key. This
+ * must be initialized. If it contains a private key, that
+ * part is ignored.
* \param prv The keypair structure holding the full keypair.
+ * This must be initialized.
*
* \return \c 0 on success, meaning that the keys are valid and match.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match.
* \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
* error code on calculation failure.
*/
-int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv );
+int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub,
+ const mbedtls_ecp_keypair *prv );
#if defined(MBEDTLS_SELF_TEST)
diff --git a/include/mbedtls/ecp_internal.h b/include/mbedtls/ecp_internal.h
index 1804069..7625ed4 100644
--- a/include/mbedtls/ecp_internal.h
+++ b/include/mbedtls/ecp_internal.h
@@ -61,6 +61,12 @@
#ifndef MBEDTLS_ECP_INTERNAL_H
#define MBEDTLS_ECP_INTERNAL_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
/**
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index a5cb05a..ca06dc3 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -107,7 +107,7 @@
/**
* \brief Entropy source state
*/
-typedef struct
+typedef struct mbedtls_entropy_source_state
{
mbedtls_entropy_f_source_ptr f_source; /**< The entropy source callback */
void * p_source; /**< The callback data pointer */
@@ -120,7 +120,7 @@
/**
* \brief Entropy context structure
*/
-typedef struct
+typedef struct mbedtls_entropy_context
{
int accumulator_started;
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 6b82d4f..765fd42 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -24,6 +24,12 @@
#ifndef MBEDTLS_ERROR_H
#define MBEDTLS_ERROR_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include <stddef.h>
/**
@@ -74,12 +80,13 @@
* MD4 1 0x002D-0x002D
* MD5 1 0x002F-0x002F
* RIPEMD160 1 0x0031-0x0031
- * SHA1 1 0x0035-0x0035
- * SHA256 1 0x0037-0x0037
- * SHA512 1 0x0039-0x0039
+ * SHA1 1 0x0035-0x0035 0x0073-0x0073
+ * SHA256 1 0x0037-0x0037 0x0074-0x0074
+ * SHA512 1 0x0039-0x0039 0x0075-0x0075
* CHACHA20 3 0x0051-0x0055
* POLY1305 3 0x0057-0x005B
* CHACHAPOLY 2 0x0054-0x0056
+ * PLATFORM 1 0x0070-0x0072
*
* High-level module nr (3 bits - 0x0...-0x7...)
* Name ID Nr of Errors
@@ -90,12 +97,12 @@
* DHM 3 11
* PK 3 15 (Started from top)
* RSA 4 11
- * ECP 4 9 (Started from top)
+ * ECP 4 10 (Started from top)
* MD 5 5
* HKDF 5 1 (Started from top)
- * CIPHER 6 8
- * SSL 6 22 (Started from top)
- * SSL 7 31
+ * CIPHER 6 8 (Started from 0x6080)
+ * SSL 6 24 (Started from top, plus 0x6000)
+ * SSL 7 32
*
* Module dependent error code (5 bits 0x.00.-0x.F8.)
*/
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index 87535ab..fd130ab 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -33,6 +33,12 @@
#ifndef MBEDTLS_GCM_H
#define MBEDTLS_GCM_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "cipher.h"
#include <stdint.h>
@@ -41,7 +47,10 @@
#define MBEDTLS_GCM_DECRYPT 0
#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */
+
+/* MBEDTLS_ERR_GCM_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 /**< GCM hardware accelerator failed. */
+
#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */
#ifdef __cplusplus
@@ -53,7 +62,8 @@
/**
* \brief The GCM context structure.
*/
-typedef struct {
+typedef struct mbedtls_gcm_context
+{
mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
uint64_t HL[16]; /*!< Precalculated HTable low. */
uint64_t HH[16]; /*!< Precalculated HTable high. */
@@ -81,7 +91,7 @@
* cipher, nor set the key. For this purpose, use
* mbedtls_gcm_setkey().
*
- * \param ctx The GCM context to initialize.
+ * \param ctx The GCM context to initialize. This must not be \c NULL.
*/
void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
@@ -89,9 +99,10 @@
* \brief This function associates a GCM context with a
* cipher algorithm and a key.
*
- * \param ctx The GCM context to initialize.
+ * \param ctx The GCM context. This must be initialized.
* \param cipher The 128-bit block cipher to use.
- * \param key The encryption key.
+ * \param key The encryption key. This must be a readable buffer of at
+ * least \p keybits bits.
* \param keybits The key size in bits. Valid options are:
* <ul><li>128 bits</li>
* <li>192 bits</li>
@@ -118,7 +129,8 @@
* authentic. You should use this function to perform encryption
* only. For decryption, use mbedtls_gcm_auth_decrypt() instead.
*
- * \param ctx The GCM context to use for encryption or decryption.
+ * \param ctx The GCM context to use for encryption or decryption. This
+ * must be initialized.
* \param mode The operation to perform:
* - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption.
* The ciphertext is written to \p output and the
@@ -132,22 +144,28 @@
* calling this function in decryption mode.
* \param length The length of the input data, which is equal to the length
* of the output data.
- * \param iv The initialization vector.
+ * \param iv The initialization vector. This must be a readable buffer of
+ * at least \p iv_len Bytes.
* \param iv_len The length of the IV.
- * \param add The buffer holding the additional data.
+ * \param add The buffer holding the additional data. This must be of at
+ * least that size in Bytes.
* \param add_len The length of the additional data.
- * \param input The buffer holding the input data. Its size is \b length.
- * \param output The buffer for holding the output data. It must have room
- * for \b length bytes.
+ * \param input The buffer holding the input data. If \p length is greater
+ * than zero, this must be a readable buffer of at least that
+ * size in Bytes.
+ * \param output The buffer for holding the output data. If \p length is greater
+ * than zero, this must be a writable buffer of at least that
+ * size in Bytes.
* \param tag_len The length of the tag to generate.
- * \param tag The buffer for holding the tag.
+ * \param tag The buffer for holding the tag. This must be a readable
+ * buffer of at least \p tag_len Bytes.
*
* \return \c 0 if the encryption or decryption was performed
* successfully. Note that in #MBEDTLS_GCM_DECRYPT mode,
* this does not indicate that the data is authentic.
- * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid.
- * \return #MBEDTLS_ERR_GCM_HW_ACCEL_FAILED or a cipher-specific
- * error code if the encryption or decryption failed.
+ * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
+ * not valid or a cipher-specific error code if the encryption
+ * or decryption failed.
*/
int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
int mode,
@@ -169,24 +187,30 @@
* input buffer. If the buffers overlap, the output buffer
* must trail at least 8 Bytes behind the input buffer.
*
- * \param ctx The GCM context.
+ * \param ctx The GCM context. This must be initialized.
* \param length The length of the ciphertext to decrypt, which is also
* the length of the decrypted plaintext.
- * \param iv The initialization vector.
+ * \param iv The initialization vector. This must be a readable buffer
+ * of at least \p iv_len Bytes.
* \param iv_len The length of the IV.
- * \param add The buffer holding the additional data.
+ * \param add The buffer holding the additional data. This must be of at
+ * least that size in Bytes.
* \param add_len The length of the additional data.
- * \param tag The buffer holding the tag to verify.
+ * \param tag The buffer holding the tag to verify. This must be a
+ * readable buffer of at least \p tag_len Bytes.
* \param tag_len The length of the tag to verify.
- * \param input The buffer holding the ciphertext. Its size is \b length.
- * \param output The buffer for holding the decrypted plaintext. It must
- * have room for \b length bytes.
+ * \param input The buffer holding the ciphertext. If \p length is greater
+ * than zero, this must be a readable buffer of at least that
+ * size.
+ * \param output The buffer for holding the decrypted plaintext. If \p length
+ * is greater than zero, this must be a writable buffer of at
+ * least that size.
*
* \return \c 0 if successful and authenticated.
* \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
- * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid.
- * \return #MBEDTLS_ERR_GCM_HW_ACCEL_FAILED or a cipher-specific
- * error code if the decryption failed.
+ * \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
+ * not valid or a cipher-specific error code if the decryption
+ * failed.
*/
int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
size_t length,
@@ -203,15 +227,16 @@
* \brief This function starts a GCM encryption or decryption
* operation.
*
- * \param ctx The GCM context.
+ * \param ctx The GCM context. This must be initialized.
* \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
* #MBEDTLS_GCM_DECRYPT.
- * \param iv The initialization vector.
+ * \param iv The initialization vector. This must be a readable buffer of
+ * at least \p iv_len Bytes.
* \param iv_len The length of the IV.
- * \param add The buffer holding the additional data, or NULL
- * if \p add_len is 0.
- * \param add_len The length of the additional data. If 0,
- * \p add is NULL.
+ * \param add The buffer holding the additional data, or \c NULL
+ * if \p add_len is \c 0.
+ * \param add_len The length of the additional data. If \c 0,
+ * \p add may be \c NULL.
*
* \return \c 0 on success.
*/
@@ -234,11 +259,15 @@
* input buffer. If the buffers overlap, the output buffer
* must trail at least 8 Bytes behind the input buffer.
*
- * \param ctx The GCM context.
+ * \param ctx The GCM context. This must be initialized.
* \param length The length of the input data. This must be a multiple of
* 16 except in the last call before mbedtls_gcm_finish().
- * \param input The buffer holding the input data.
- * \param output The buffer for holding the output data.
+ * \param input The buffer holding the input data. If \p length is greater
+ * than zero, this must be a readable buffer of at least that
+ * size in Bytes.
+ * \param output The buffer for holding the output data. If \p length is
+ * greater than zero, this must be a writable buffer of at
+ * least that size in Bytes.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
@@ -255,9 +284,11 @@
* It wraps up the GCM stream, and generates the
* tag. The tag can have a maximum length of 16 Bytes.
*
- * \param ctx The GCM context.
- * \param tag The buffer for holding the tag.
- * \param tag_len The length of the tag to generate. Must be at least four.
+ * \param ctx The GCM context. This must be initialized.
+ * \param tag The buffer for holding the tag. This must be a readable
+ * buffer of at least \p tag_len Bytes.
+ * \param tag_len The length of the tag to generate. This must be at least
+ * four.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
@@ -270,10 +301,13 @@
* \brief This function clears a GCM context and the underlying
* cipher sub-context.
*
- * \param ctx The GCM context to clear.
+ * \param ctx The GCM context to clear. If this is \c NULL, the call has
+ * no effect. Otherwise, this must be initialized.
*/
void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief The GCM checkup routine.
*
@@ -282,6 +316,8 @@
*/
int mbedtls_gcm_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/havege.h b/include/mbedtls/havege.h
index d4cb3ed..749257a 100644
--- a/include/mbedtls/havege.h
+++ b/include/mbedtls/havege.h
@@ -24,7 +24,14 @@
#ifndef MBEDTLS_HAVEGE_H
#define MBEDTLS_HAVEGE_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include <stddef.h>
+#include <stdint.h>
#define MBEDTLS_HAVEGE_COLLECT_SIZE 1024
@@ -35,11 +42,11 @@
/**
* \brief HAVEGE state structure
*/
-typedef struct
+typedef struct mbedtls_havege_state
{
- int PT1, PT2, offset[2];
- int pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
- int WALK[8192];
+ uint32_t PT1, PT2, offset[2];
+ uint32_t pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
+ uint32_t WALK[8192];
}
mbedtls_havege_state;
diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h
index 6833e72..40ee64e 100644
--- a/include/mbedtls/hkdf.h
+++ b/include/mbedtls/hkdf.h
@@ -27,6 +27,12 @@
#ifndef MBEDTLS_HKDF_H
#define MBEDTLS_HKDF_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "md.h"
/**
@@ -73,6 +79,11 @@
* \brief Take the input keying material \p ikm and extract from it a
* fixed-length pseudorandom key \p prk.
*
+ * \warning This function should only be used if the security of it has been
+ * studied and established in that particular context (eg. TLS 1.3
+ * key schedule). For standard HKDF security guarantees use
+ * \c mbedtls_hkdf instead.
+ *
* \param md A hash function; md.size denotes the length of the
* hash function output in bytes.
* \param salt An optional salt value (a non-secret random value);
@@ -97,10 +108,15 @@
* \brief Expand the supplied \p prk into several additional pseudorandom
* keys, which is the output of the HKDF.
*
+ * \warning This function should only be used if the security of it has been
+ * studied and established in that particular context (eg. TLS 1.3
+ * key schedule). For standard HKDF security guarantees use
+ * \c mbedtls_hkdf instead.
+ *
* \param md A hash function; md.size denotes the length of the hash
* function output in bytes.
- * \param prk A pseudorandom key of at least md.size bytes. \p prk is usually,
- * the output from the HKDF extract step.
+ * \param prk A pseudorandom key of at least md.size bytes. \p prk is
+ * usually the output from the HKDF extract step.
* \param prk_len The length in bytes of \p prk.
* \param info An optional context and application specific information
* string. This can be a zero-length string.
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 2608de8..f1289cb 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -24,6 +24,12 @@
#ifndef MBEDTLS_HMAC_DRBG_H
#define MBEDTLS_HMAC_DRBG_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "md.h"
#if defined(MBEDTLS_THREADING_C)
@@ -74,9 +80,9 @@
/**
* HMAC_DRBG context.
*/
-typedef struct
+typedef struct mbedtls_hmac_drbg_context
{
- /* Working state: the key K is not stored explicitely,
+ /* Working state: the key K is not stored explicitly,
* but is implied by the HMAC context */
mbedtls_md_context_t md_ctx; /*!< HMAC context (inc. K) */
unsigned char V[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
@@ -195,10 +201,13 @@
* \param additional Additional data to update state with, or NULL
* \param add_len Length of additional data, or 0
*
+ * \return \c 0 on success, or an error from the underlying
+ * hash calculation.
+ *
* \note Additional data is optional, pass NULL and 0 as second
* third argument if no additional data is being used.
*/
-void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
+int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
const unsigned char *additional, size_t add_len );
/**
@@ -257,6 +266,31 @@
*/
void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+/**
+ * \brief HMAC_DRBG update state
+ *
+ * \deprecated Superseded by mbedtls_hmac_drbg_update_ret()
+ * in 2.16.0.
+ *
+ * \param ctx HMAC_DRBG context
+ * \param additional Additional data to update state with, or NULL
+ * \param add_len Length of additional data, or 0
+ *
+ * \note Additional data is optional, pass NULL and 0 as second
+ * third argument if no additional data is being used.
+ */
+MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update(
+ mbedtls_hmac_drbg_context *ctx,
+ const unsigned char *additional, size_t add_len );
+#undef MBEDTLS_DEPRECATED
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+
#if defined(MBEDTLS_FS_IO)
/**
* \brief Write a seed file
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 6b6f5c5..69ab21f 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -39,6 +39,8 @@
#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */
#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */
#define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200 /**< Opening or reading of file failed. */
+
+/* MBEDTLS_ERR_MD_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_MD_HW_ACCEL_FAILED -0x5280 /**< MD hardware accelerator failed. */
#ifdef __cplusplus
@@ -72,6 +74,12 @@
#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */
#endif
+#if defined(MBEDTLS_SHA512_C)
+#define MBEDTLS_MD_MAX_BLOCK_SIZE 128
+#else
+#define MBEDTLS_MD_MAX_BLOCK_SIZE 64
+#endif
+
/**
* Opaque struct defined in md_internal.h.
*/
@@ -80,7 +88,8 @@
/**
* The generic message-digest context.
*/
-typedef struct {
+typedef struct mbedtls_md_context_t
+{
/** Information about the associated message digest. */
const mbedtls_md_info_t *md_info;
diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h
index 08e75b2..fe97cf0 100644
--- a/include/mbedtls/md2.h
+++ b/include/mbedtls/md2.h
@@ -37,6 +37,7 @@
#include <stddef.h>
+/* MBEDTLS_ERR_MD2_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */
#ifdef __cplusplus
@@ -55,7 +56,7 @@
* stronger message digests instead.
*
*/
-typedef struct
+typedef struct mbedtls_md2_context
{
unsigned char cksum[16]; /*!< checksum of the data block */
unsigned char state[48]; /*!< intermediate digest state */
@@ -282,6 +283,8 @@
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief Checkup routine
*
@@ -294,6 +297,8 @@
*/
int mbedtls_md2_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h
index 8ee4e5c..ce703c0 100644
--- a/include/mbedtls/md4.h
+++ b/include/mbedtls/md4.h
@@ -38,6 +38,7 @@
#include <stddef.h>
#include <stdint.h>
+/* MBEDTLS_ERR_MD4_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */
#ifdef __cplusplus
@@ -56,7 +57,7 @@
* stronger message digests instead.
*
*/
-typedef struct
+typedef struct mbedtls_md4_context
{
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[4]; /*!< intermediate digest state */
@@ -287,6 +288,8 @@
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief Checkup routine
*
@@ -299,6 +302,8 @@
*/
int mbedtls_md4_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h
index 43ead4b..6eed6cc 100644
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@@ -37,6 +37,7 @@
#include <stddef.h>
#include <stdint.h>
+/* MBEDTLS_ERR_MD5_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_MD5_HW_ACCEL_FAILED -0x002F /**< MD5 hardware accelerator failed */
#ifdef __cplusplus
@@ -55,7 +56,7 @@
* stronger message digests instead.
*
*/
-typedef struct
+typedef struct mbedtls_md5_context
{
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[4]; /*!< intermediate digest state */
@@ -287,6 +288,8 @@
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief Checkup routine
*
@@ -299,6 +302,8 @@
*/
int mbedtls_md5_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/net.h b/include/mbedtls/net.h
index 6c13b53..8cead58 100644
--- a/include/mbedtls/net.h
+++ b/include/mbedtls/net.h
@@ -23,6 +23,11 @@
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#include "net_sockets.h"
diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index 9f07eeb..4c7ef00 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -84,7 +84,7 @@
* (eg two file descriptors for combined IPv4 + IPv6 support, or additional
* structures for hand-made UDP demultiplexing).
*/
-typedef struct
+typedef struct mbedtls_net_context
{
int fd; /**< The underlying file descriptor */
}
diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h
index 5a0f656..3b67b59 100644
--- a/include/mbedtls/nist_kw.h
+++ b/include/mbedtls/nist_kw.h
@@ -37,6 +37,12 @@
#ifndef MBEDTLS_NIST_KW_H
#define MBEDTLS_NIST_KW_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "cipher.h"
#ifdef __cplusplus
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index f825548..17cdba7 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -43,13 +43,31 @@
#include "md.h"
#endif
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
-#include "x509.h"
-#endif
-
#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E /**< OID is not found. */
#define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B /**< output buffer is too small */
+/* This is for the benefit of X.509, but defined here in order to avoid
+ * having a "backwards" include of x.509.h here */
+/*
+ * X.509 extension types (internal, arbitrary values for bitsets)
+ */
+#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
+#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
+#define MBEDTLS_OID_X509_EXT_KEY_USAGE (1 << 2)
+#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES (1 << 3)
+#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS (1 << 4)
+#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME (1 << 5)
+#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME (1 << 6)
+#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
+#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS (1 << 8)
+#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS (1 << 9)
+#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS (1 << 10)
+#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE (1 << 11)
+#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
+#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
+#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL (1 << 14)
+#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16)
+
/*
* Top level OID tuples
*/
@@ -104,7 +122,8 @@
* { iso(1) identified-organization(3) dod(6) internet(1)
* security(5) mechanisms(5) pkix(7) }
*/
-#define MBEDTLS_OID_PKIX MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01\x05\x05\x07"
+#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01"
+#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07"
/*
* Arc for standard naming attributes
@@ -150,6 +169,11 @@
#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
/*
+ * Certificate policies
+ */
+#define MBEDTLS_OID_ANY_POLICY MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */
+
+/*
* Netscape certificate extensions
*/
#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01"
@@ -183,6 +207,16 @@
#define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
#define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
+/**
+ * Wi-SUN Alliance Field Area Network
+ * { iso(1) identified-organization(3) dod(6) internet(1)
+ * private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) }
+ */
+#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01"
+
+#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */
+#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */
+
/*
* PKCS definition OIDs
*/
@@ -228,6 +262,8 @@
#define MBEDTLS_OID_DIGEST_ALG_SHA512 MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
+#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */
+
#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
@@ -403,7 +439,8 @@
/**
* \brief Base OID descriptor structure
*/
-typedef struct {
+typedef struct mbedtls_oid_descriptor_t
+{
const char *asn1; /*!< OID ASN.1 representation */
size_t asn1_len; /*!< length of asn1 */
const char *name; /*!< official name (e.g. from RFC) */
@@ -423,7 +460,6 @@
*/
int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid );
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
/**
* \brief Translate an X.509 extension OID into local values
*
@@ -433,7 +469,6 @@
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
-#endif
/**
* \brief Translate an X.509 attribute type OID into the short name
@@ -560,6 +595,16 @@
int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
/**
+ * \brief Translate certificate policies OID into description
+ *
+ * \param oid OID to use
+ * \param desc place to store string pointer
+ *
+ * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const char **desc );
+
+/**
* \brief Translate md_type into hash algorithm OID
*
* \param md_alg message digest algorithm
diff --git a/include/mbedtls/padlock.h b/include/mbedtls/padlock.h
index 677936e..721a5d4 100644
--- a/include/mbedtls/padlock.h
+++ b/include/mbedtls/padlock.h
@@ -3,6 +3,9 @@
*
* \brief VIA PadLock ACE for HW encryption/decryption supported by some
* processors
+ *
+ * \warning These functions are only for internal use by other library
+ * functions; you must not call them directly.
*/
/*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
@@ -25,6 +28,12 @@
#ifndef MBEDTLS_PADLOCK_H
#define MBEDTLS_PADLOCK_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "aes.h"
#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */
@@ -50,14 +59,17 @@
#define MBEDTLS_PADLOCK_PHE 0x0C00
#define MBEDTLS_PADLOCK_PMM 0x3000
-#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) x & ~15))
+#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) (x) & ~15))
#ifdef __cplusplus
extern "C" {
#endif
/**
- * \brief PadLock detection routine
+ * \brief Internal PadLock detection routine
+ *
+ * \note This function is only for internal use by other library
+ * functions; you must not call it directly.
*
* \param feature The feature to detect
*
@@ -66,7 +78,10 @@
int mbedtls_padlock_has_support( int feature );
/**
- * \brief PadLock AES-ECB block en(de)cryption
+ * \brief Internal PadLock AES-ECB block en(de)cryption
+ *
+ * \note This function is only for internal use by other library
+ * functions; you must not call it directly.
*
* \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
@@ -76,12 +91,15 @@
* \return 0 if success, 1 if operation failed
*/
int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] );
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16] );
/**
- * \brief PadLock AES-CBC buffer en(de)cryption
+ * \brief Internal PadLock AES-CBC buffer en(de)cryption
+ *
+ * \note This function is only for internal use by other library
+ * functions; you must not call it directly.
*
* \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
@@ -93,11 +111,11 @@
* \return 0 if success, 1 if operation failed
*/
int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output );
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output );
#ifdef __cplusplus
}
diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h
index 2cf4c0a..b37f987 100644
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@@ -24,6 +24,12 @@
#ifndef MBEDTLS_PEM_H
#define MBEDTLS_PEM_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include <stddef.h>
/**
@@ -51,7 +57,7 @@
/**
* \brief PEM context structure
*/
-typedef struct
+typedef struct mbedtls_pem_context
{
unsigned char *buf; /*!< buffer for decoded data */
size_t buflen; /*!< length of the buffer */
@@ -106,17 +112,27 @@
* \brief Write a buffer of PEM information from a DER encoded
* buffer.
*
- * \param header header string to write
- * \param footer footer string to write
- * \param der_data DER data to write
- * \param der_len length of the DER data
- * \param buf buffer to write to
- * \param buf_len length of output buffer
- * \param olen total length written / required (if buf_len is not enough)
+ * \param header The header string to write.
+ * \param footer The footer string to write.
+ * \param der_data The DER data to encode.
+ * \param der_len The length of the DER data \p der_data in Bytes.
+ * \param buf The buffer to write to.
+ * \param buf_len The length of the output buffer \p buf in Bytes.
+ * \param olen The address at which to store the total length written
+ * or required (if \p buf_len is not enough).
*
- * \return 0 on success, or a specific PEM or BASE64 error code. On
- * MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL olen is the required
- * size.
+ * \note You may pass \c NULL for \p buf and \c 0 for \p buf_len
+ * to request the length of the resulting PEM buffer in
+ * `*olen`.
+ *
+ * \note This function may be called with overlapping \p der_data
+ * and \p buf buffers.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large
+ * enough to hold the PEM buffer. In this case, `*olen` holds
+ * the required minimum size of \p buf.
+ * \return Another PEM or BASE64 error code on other kinds of failure.
*/
int mbedtls_pem_write_buffer( const char *header, const char *footer,
const unsigned char *der_data, size_t der_len,
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index ee06b2f..f89faec 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -45,6 +45,10 @@
#include "ecdsa.h"
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#endif
+
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
@@ -64,6 +68,8 @@
#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */
#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */
#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The buffer contains a valid signature followed by more data. */
+
+/* MBEDTLS_ERR_PK_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 /**< PK hardware accelerator failed. */
#ifdef __cplusplus
@@ -81,13 +87,14 @@
MBEDTLS_PK_ECDSA,
MBEDTLS_PK_RSA_ALT,
MBEDTLS_PK_RSASSA_PSS,
+ MBEDTLS_PK_OPAQUE,
} mbedtls_pk_type_t;
/**
* \brief Options for RSASSA-PSS signature verification.
* See \c mbedtls_rsa_rsassa_pss_verify_ext()
*/
-typedef struct
+typedef struct mbedtls_pk_rsassa_pss_options
{
mbedtls_md_type_t mgf1_hash_id;
int expected_salt_len;
@@ -107,7 +114,7 @@
/**
* \brief Item to send to the debug module
*/
-typedef struct
+typedef struct mbedtls_pk_debug_item
{
mbedtls_pk_debug_type type;
const char *name;
@@ -125,12 +132,26 @@
/**
* \brief Public key container
*/
-typedef struct
+typedef struct mbedtls_pk_context
{
- const mbedtls_pk_info_t * pk_info; /**< Public key informations */
+ const mbedtls_pk_info_t * pk_info; /**< Public key information */
void * pk_ctx; /**< Underlying public key context */
} mbedtls_pk_context;
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+/**
+ * \brief Context for resuming operations
+ */
+typedef struct
+{
+ const mbedtls_pk_info_t * pk_info; /**< Public key information */
+ void * rs_ctx; /**< Underlying restart context */
+} mbedtls_pk_restart_ctx;
+#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
+/* Now we can declare functions that take a pointer to that */
+typedef void mbedtls_pk_restart_ctx;
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
+
#if defined(MBEDTLS_RSA_C)
/**
* Quick access to an RSA context inside a PK context.
@@ -181,20 +202,50 @@
const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
/**
- * \brief Initialize a mbedtls_pk_context (as NONE)
+ * \brief Initialize a #mbedtls_pk_context (as NONE).
+ *
+ * \param ctx The context to initialize.
+ * This must not be \c NULL.
*/
void mbedtls_pk_init( mbedtls_pk_context *ctx );
/**
- * \brief Free a mbedtls_pk_context
+ * \brief Free the components of a #mbedtls_pk_context.
+ *
+ * \param ctx The context to clear. It must have been initialized.
+ * If this is \c NULL, this function does nothing.
+ *
+ * \note For contexts that have been set up with
+ * mbedtls_pk_setup_opaque(), this does not free the underlying
+ * key slot and you still need to call psa_destroy_key()
+ * independently if you want to destroy that key.
*/
void mbedtls_pk_free( mbedtls_pk_context *ctx );
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+/**
+ * \brief Initialize a restart context
+ *
+ * \param ctx The context to initialize.
+ * This must not be \c NULL.
+ */
+void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx );
+
+/**
+ * \brief Free the components of a restart context
+ *
+ * \param ctx The context to clear. It must have been initialized.
+ * If this is \c NULL, this function does nothing.
+ */
+void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx );
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
+
/**
* \brief Initialize a PK context with the information given
* and allocates the type-specific PK subcontext.
*
- * \param ctx Context to initialize. Must be empty (type NONE).
+ * \param ctx Context to initialize. It must not have been set
+ * up yet (type #MBEDTLS_PK_NONE).
* \param info Information to use
*
* \return 0 on success,
@@ -206,11 +257,44 @@
*/
int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/**
+ * \brief Initialize a PK context to wrap a PSA key slot.
+ *
+ * \note This function replaces mbedtls_pk_setup() for contexts
+ * that wrap a (possibly opaque) PSA key slot instead of
+ * storing and manipulating the key material directly.
+ *
+ * \param ctx The context to initialize. It must be empty (type NONE).
+ * \param key The PSA key slot to wrap, which must hold an ECC key pair
+ * (see notes below).
+ *
+ * \note The wrapped key slot must remain valid as long as the
+ * wrapping PK context is in use, that is at least between
+ * the point this function is called and the point
+ * mbedtls_pk_free() is called on this context. The wrapped
+ * key slot might then be independently used or destroyed.
+ *
+ * \note This function is currently only available for ECC key
+ * pairs (that is, ECC keys containing private key material).
+ * Support for other key types may be added later.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input
+ * (context already used, invalid key slot).
+ * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an
+ * ECC key pair.
+ * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
+ */
+int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_handle_t key );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/**
* \brief Initialize an RSA-alt context
*
- * \param ctx Context to initialize. Must be empty (type NONE).
+ * \param ctx Context to initialize. It must not have been set
+ * up yet (type #MBEDTLS_PK_NONE).
* \param key RSA key pointer
* \param decrypt_func Decryption function
* \param sign_func Signing function
@@ -230,7 +314,7 @@
/**
* \brief Get the size in bits of the underlying key
*
- * \param ctx Context to use
+ * \param ctx The context to query. It must have been initialized.
*
* \return Key size in bits, or 0 on error
*/
@@ -238,7 +322,8 @@
/**
* \brief Get the length in bytes of the underlying key
- * \param ctx Context to use
+ *
+ * \param ctx The context to query. It must have been initialized.
*
* \return Key length in bytes, or 0 on error
*/
@@ -250,18 +335,21 @@
/**
* \brief Tell if a context can do the operation given by type
*
- * \param ctx Context to test
- * \param type Target type
+ * \param ctx The context to query. It must have been initialized.
+ * \param type The desired type.
*
- * \return 0 if context can't do the operations,
- * 1 otherwise.
+ * \return 1 if the context can do operations on the given type.
+ * \return 0 if the context cannot do the operations on the given
+ * type. This is always the case for a context that has
+ * been initialized but not set up, or that has been
+ * cleared with mbedtls_pk_free().
*/
int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
/**
* \brief Verify signature (including padding if relevant).
*
- * \param ctx PK context to use
+ * \param ctx The PK context to use. It must have been set up.
* \param md_alg Hash algorithm used (see notes)
* \param hash Hash of the message to sign
* \param hash_len Hash length or 0 (see notes)
@@ -287,12 +375,38 @@
const unsigned char *sig, size_t sig_len );
/**
+ * \brief Restartable version of \c mbedtls_pk_verify()
+ *
+ * \note Performs the same job as \c mbedtls_pk_verify(), but can
+ * return early and restart according to the limit set with
+ * \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
+ * operations. For RSA, same as \c mbedtls_pk_verify().
+ *
+ * \param ctx The PK context to use. It must have been set up.
+ * \param md_alg Hash algorithm used (see notes)
+ * \param hash Hash of the message to sign
+ * \param hash_len Hash length or 0 (see notes)
+ * \param sig Signature to verify
+ * \param sig_len Signature length
+ * \param rs_ctx Restart context (NULL to disable restart)
+ *
+ * \return See \c mbedtls_pk_verify(), or
+ * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * operations was reached: see \c mbedtls_ecp_set_max_ops().
+ */
+int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len,
+ mbedtls_pk_restart_ctx *rs_ctx );
+
+/**
* \brief Verify signature, with options.
* (Includes verification of the padding depending on type.)
*
* \param type Signature type (inc. possible padding type) to verify
* \param options Pointer to type-specific options, or NULL
- * \param ctx PK context to use
+ * \param ctx The PK context to use. It must have been set up.
* \param md_alg Hash algorithm used (see notes)
* \param hash Hash of the message to sign
* \param hash_len Hash length or 0 (see notes)
@@ -323,7 +437,8 @@
/**
* \brief Make signature, including padding if relevant.
*
- * \param ctx PK context to use - must hold a private key
+ * \param ctx The PK context to use. It must have been set up
+ * with a private key.
* \param md_alg Hash algorithm used (see notes)
* \param hash Hash of the message to sign
* \param hash_len Hash length or 0 (see notes)
@@ -343,6 +458,10 @@
*
* \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
* For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
+ *
+ * \note In order to ensure enough space for the signature, the
+ * \p sig buffer size must be of at least
+ * `max(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)` bytes.
*/
int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
@@ -350,9 +469,44 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/**
+ * \brief Restartable version of \c mbedtls_pk_sign()
+ *
+ * \note Performs the same job as \c mbedtls_pk_sign(), but can
+ * return early and restart according to the limit set with
+ * \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
+ * operations. For RSA, same as \c mbedtls_pk_sign().
+ *
+ * \note In order to ensure enough space for the signature, the
+ * \p sig buffer size must be of at least
+ * `max(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)` bytes.
+ *
+ * \param ctx The PK context to use. It must have been set up
+ * with a private key.
+ * \param md_alg Hash algorithm used (see notes)
+ * \param hash Hash of the message to sign
+ * \param hash_len Hash length or 0 (see notes)
+ * \param sig Place to write the signature
+ * \param sig_len Number of bytes written
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ * \param rs_ctx Restart context (NULL to disable restart)
+ *
+ * \return See \c mbedtls_pk_sign(), or
+ * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * operations was reached: see \c mbedtls_ecp_set_max_ops().
+ */
+int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ mbedtls_pk_restart_ctx *rs_ctx );
+
+/**
* \brief Decrypt message (including padding if relevant).
*
- * \param ctx PK context to use - must hold a private key
+ * \param ctx The PK context to use. It must have been set up
+ * with a private key.
* \param input Input to decrypt
* \param ilen Input size
* \param output Decrypted output
@@ -373,7 +527,7 @@
/**
* \brief Encrypt message (including padding if relevant).
*
- * \param ctx PK context to use
+ * \param ctx The PK context to use. It must have been set up.
* \param input Message to encrypt
* \param ilen Message size
* \param output Encrypted output
@@ -397,14 +551,18 @@
* \param pub Context holding a public key.
* \param prv Context holding a private (and public) key.
*
- * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
+ * \return \c 0 on success (keys were checked and match each other).
+ * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the keys could not
+ * be checked - in that case they may or may not match.
+ * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid.
+ * \return Another non-zero value if the keys do not match.
*/
int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv );
/**
* \brief Export debug information
*
- * \param ctx Context to use
+ * \param ctx The PK context to use. It must have been initialized.
* \param items Place to write debug items
*
* \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
@@ -414,7 +572,7 @@
/**
* \brief Access the type name
*
- * \param ctx Context to use
+ * \param ctx The PK context to use. It must have been initialized.
*
* \return Type name on success, or "invalid PK"
*/
@@ -423,9 +581,10 @@
/**
* \brief Get the key type
*
- * \param ctx Context to use
+ * \param ctx The PK context to use. It must have been initialized.
*
- * \return Type on success, or MBEDTLS_PK_NONE
+ * \return Type on success.
+ * \return #MBEDTLS_PK_NONE for a context that has not been set up.
*/
mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
@@ -434,12 +593,22 @@
/**
* \brief Parse a private key in PEM or DER format
*
- * \param ctx key to be initialized
- * \param key input buffer
- * \param keylen size of the buffer
- * (including the terminating null byte for PEM data)
- * \param pwd password for decryption (optional)
- * \param pwdlen size of the password
+ * \param ctx The PK context to fill. It must have been initialized
+ * but not set up.
+ * \param key Input buffer to parse.
+ * The buffer must contain the input exactly, with no
+ * extra trailing material. For PEM, the buffer must
+ * contain a null-terminated string.
+ * \param keylen Size of \b key in bytes.
+ * For PEM data, this includes the terminating null byte,
+ * so \p keylen must be equal to `strlen(key) + 1`.
+ * \param pwd Optional password for decryption.
+ * Pass \c NULL if expecting a non-encrypted key.
+ * Pass a string of \p pwdlen bytes if expecting an encrypted
+ * key; a non-encrypted key will also be accepted.
+ * The empty password is not supported.
+ * \param pwdlen Size of the password in bytes.
+ * Ignored if \p pwd is \c NULL.
*
* \note On entry, ctx must be empty, either freshly initialised
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
@@ -457,10 +626,15 @@
/**
* \brief Parse a public key in PEM or DER format
*
- * \param ctx key to be initialized
- * \param key input buffer
- * \param keylen size of the buffer
- * (including the terminating null byte for PEM data)
+ * \param ctx The PK context to fill. It must have been initialized
+ * but not set up.
+ * \param key Input buffer to parse.
+ * The buffer must contain the input exactly, with no
+ * extra trailing material. For PEM, the buffer must
+ * contain a null-terminated string.
+ * \param keylen Size of \b key in bytes.
+ * For PEM data, this includes the terminating null byte,
+ * so \p keylen must be equal to `strlen(key) + 1`.
*
* \note On entry, ctx must be empty, either freshly initialised
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
@@ -478,9 +652,14 @@
/**
* \brief Load and parse a private key
*
- * \param ctx key to be initialized
+ * \param ctx The PK context to fill. It must have been initialized
+ * but not set up.
* \param path filename to read the private key from
- * \param password password to decrypt the file (can be NULL)
+ * \param password Optional password to decrypt the file.
+ * Pass \c NULL if expecting a non-encrypted key.
+ * Pass a null-terminated string if expecting an encrypted
+ * key; a non-encrypted key will also be accepted.
+ * The empty password is not supported.
*
* \note On entry, ctx must be empty, either freshly initialised
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
@@ -497,7 +676,8 @@
/**
* \brief Load and parse a public key
*
- * \param ctx key to be initialized
+ * \param ctx The PK context to fill. It must have been initialized
+ * but not set up.
* \param path filename to read the public key from
*
* \note On entry, ctx must be empty, either freshly initialised
@@ -520,7 +700,7 @@
* return value to determine where you should start
* using the buffer
*
- * \param ctx private to write away
+ * \param ctx PK context which must contain a valid private key.
* \param buf buffer to write to
* \param size size of the buffer
*
@@ -535,7 +715,7 @@
* return value to determine where you should start
* using the buffer
*
- * \param ctx public key to write away
+ * \param ctx PK context which must contain a valid public or private key.
* \param buf buffer to write to
* \param size size of the buffer
*
@@ -548,9 +728,10 @@
/**
* \brief Write a public key to a PEM string
*
- * \param ctx public key to write away
- * \param buf buffer to write to
- * \param size size of the buffer
+ * \param ctx PK context which must contain a valid public or private key.
+ * \param buf Buffer to write to. The output includes a
+ * terminating null byte.
+ * \param size Size of the buffer in bytes.
*
* \return 0 if successful, or a specific error code
*/
@@ -559,9 +740,10 @@
/**
* \brief Write a private key to a PKCS#1 or SEC1 PEM string
*
- * \param ctx private to write away
- * \param buf buffer to write to
- * \param size size of the buffer
+ * \param ctx PK context which must contain a valid private key.
+ * \param buf Buffer to write to. The output includes a
+ * terminating null byte.
+ * \param size Size of the buffer in bytes.
*
* \return 0 if successful, or a specific error code
*/
@@ -580,7 +762,8 @@
*
* \param p the position in the ASN.1 data
* \param end end of the buffer
- * \param pk the key to fill
+ * \param pk The PK context to fill. It must have been initialized
+ * but not set up.
*
* \return 0 if successful, or a specific PK error code
*/
@@ -595,7 +778,7 @@
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
- * \param key public key to write away
+ * \param key PK context which must contain a valid public or private key.
*
* \return the length written or a negative error code
*/
@@ -611,6 +794,31 @@
int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/**
+ * \brief Turn an EC key into an Opaque one
+ *
+ * \warning This is a temporary utility function for tests. It might
+ * change or be removed at any time without notice.
+ *
+ * \note Only ECDSA keys are supported so far. Signing with the
+ * specified hash is the only allowed use of that key.
+ *
+ * \param pk Input: the EC key to transfer to a PSA key slot.
+ * Output: a PK context wrapping that PSA key slot.
+ * \param slot Output: the chosen slot for storing the key.
+ * It's the caller's responsibility to destroy that slot
+ * after calling mbedtls_pk_free() on the PK context.
+ * \param hash_alg The hash algorithm to allow for use with that key.
+ *
+ * \return \c 0 if successful.
+ * \return An Mbed TLS error code otherwise.
+ */
+int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
+ psa_key_handle_t *slot,
+ psa_algorithm_t hash_alg );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/pk_internal.h b/include/mbedtls/pk_internal.h
index 3dae0fc..fc9ba13 100644
--- a/include/mbedtls/pk_internal.h
+++ b/include/mbedtls/pk_internal.h
@@ -59,6 +59,21 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ /** Verify signature (restartable) */
+ int (*verify_rs_func)( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len,
+ void *rs_ctx );
+
+ /** Make signature (restartable) */
+ int (*sign_rs_func)( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng, void *rs_ctx );
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
+
/** Decrypt message */
int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
@@ -80,6 +95,14 @@
/** Free the given context */
void (*ctx_free_func)( void *ctx );
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ /** Allocate the restart context */
+ void * (*rs_alloc_func)( void );
+
+ /** Free the restart context */
+ void (*rs_free_func)( void *rs_ctx );
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
+
/** Interface with the debug module */
void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );
@@ -112,4 +135,8 @@
extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+extern const mbedtls_pk_info_t mbedtls_pk_opaque_info;
+#endif
+
#endif /* MBEDTLS_PK_WRAP_H */
diff --git a/include/mbedtls/pkcs11.h b/include/mbedtls/pkcs11.h
index bf65c55..02427dd 100644
--- a/include/mbedtls/pkcs11.h
+++ b/include/mbedtls/pkcs11.h
@@ -50,7 +50,8 @@
/**
* Context for PKCS #11 private keys.
*/
-typedef struct {
+typedef struct mbedtls_pkcs11_context
+{
pkcs11h_certificate_t pkcs11h_cert;
int len;
} mbedtls_pkcs11_context;
diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h
index a621ef5..d441357 100644
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@@ -24,6 +24,12 @@
#ifndef MBEDTLS_PKCS12_H
#define MBEDTLS_PKCS12_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "md.h"
#include "cipher.h"
#include "asn1.h"
@@ -46,6 +52,8 @@
extern "C" {
#endif
+#if defined(MBEDTLS_ASN1_PARSE_C)
+
/**
* \brief PKCS12 Password Based function (encryption / decryption)
* for pbeWithSHAAnd128BitRC4
@@ -87,6 +95,8 @@
const unsigned char *input, size_t len,
unsigned char *output );
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
/**
* \brief The PKCS#12 derivation function uses a password and a salt
* to produce pseudo-random bits for a particular "purpose".
diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h
index 9a3c9fd..c92185f 100644
--- a/include/mbedtls/pkcs5.h
+++ b/include/mbedtls/pkcs5.h
@@ -26,6 +26,12 @@
#ifndef MBEDTLS_PKCS5_H
#define MBEDTLS_PKCS5_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "asn1.h"
#include "md.h"
@@ -44,6 +50,8 @@
extern "C" {
#endif
+#if defined(MBEDTLS_ASN1_PARSE_C)
+
/**
* \brief PKCS#5 PBES2 function
*
@@ -62,6 +70,8 @@
const unsigned char *data, size_t datalen,
unsigned char *output );
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
/**
* \brief PKCS#5 PBKDF2 using HMAC
*
@@ -81,6 +91,8 @@
unsigned int iteration_count,
uint32_t key_length, unsigned char *output );
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief Checkup routine
*
@@ -88,6 +100,8 @@
*/
int mbedtls_pkcs5_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index 624cc64..363d6b3 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -43,6 +43,9 @@
#include "platform_time.h"
#endif
+#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070 /**< Hardware accelerator failed */
+#define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072 /**< The requested feature is not supported by the platform */
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -55,17 +58,33 @@
* \{
*/
+/* The older Microsoft Windows common runtime provides non-conforming
+ * implementations of some standard library functions, including snprintf
+ * and vsnprintf. This affects MSVC and MinGW builds.
+ */
+#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
+#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF
+#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF
+#endif
+
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
-#if defined(_WIN32)
+#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use. */
#else
#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< The default \c snprintf function to use. */
#endif
#endif
+#if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF)
+#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
+#define MBEDTLS_PLATFORM_STD_VSNPRINTF mbedtls_platform_win32_vsnprintf /**< The default \c vsnprintf function to use. */
+#else
+#define MBEDTLS_PLATFORM_STD_VSNPRINTF vsnprintf /**< The default \c vsnprintf function to use. */
+#endif
+#endif
#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< The default \c printf function to use. */
#endif
@@ -201,7 +220,7 @@
* - however it is acceptable to return -1 instead of the required length when
* the destination buffer is too short.
*/
-#if defined(_WIN32)
+#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
/* For Windows (inc. MSYS2), we provide our own fixed implementation */
int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
#endif
@@ -228,6 +247,42 @@
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
/*
+ * The function pointers for vsnprintf
+ *
+ * The vsnprintf implementation should conform to C99:
+ * - it *must* always correctly zero-terminate the buffer
+ * (except when n == 0, then it must leave the buffer untouched)
+ * - however it is acceptable to return -1 instead of the required length when
+ * the destination buffer is too short.
+ */
+#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
+#include <stdarg.h>
+/* For Older Windows (inc. MSYS2), we provide our own fixed implementation */
+int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg );
+#endif
+
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
+#include <stdarg.h>
+extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_list arg );
+
+/**
+ * \brief Set your own snprintf function pointer
+ *
+ * \param vsnprintf_func The \c vsnprintf function implementation
+ *
+ * \return \c 0
+ */
+int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
+ const char * format, va_list arg ) );
+#else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
+#define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO
+#else
+#define mbedtls_vsnprintf vsnprintf
+#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
+#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
+
+/*
* The function pointers for exit
*/
#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
@@ -315,7 +370,8 @@
* \note This structure may be used to assist platform-specific
* setup or teardown operations.
*/
-typedef struct {
+typedef struct mbedtls_platform_context
+{
char dummy; /**< A placeholder member, as empty structs are not portable. */
}
mbedtls_platform_context;
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 84f0732..09d0965 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -25,12 +25,115 @@
#ifndef MBEDTLS_PLATFORM_UTIL_H
#define MBEDTLS_PLATFORM_UTIL_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include <stddef.h>
+#if defined(MBEDTLS_HAVE_TIME_DATE)
+#include "platform_time.h"
+#include <time.h>
+#endif /* MBEDTLS_HAVE_TIME_DATE */
#ifdef __cplusplus
extern "C" {
#endif
+#if defined(MBEDTLS_CHECK_PARAMS)
+
+#if defined(MBEDTLS_CHECK_PARAMS_ASSERT)
+/* Allow the user to define MBEDTLS_PARAM_FAILED to something like assert
+ * (which is what our config.h suggests). */
+#include <assert.h>
+#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */
+
+#if defined(MBEDTLS_PARAM_FAILED)
+/** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h.
+ *
+ * This flag can be used to check whether it is safe to assume that
+ * MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed().
+ */
+#define MBEDTLS_PARAM_FAILED_ALT
+
+#elif defined(MBEDTLS_CHECK_PARAMS_ASSERT)
+#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
+#define MBEDTLS_PARAM_FAILED_ALT
+
+#else /* MBEDTLS_PARAM_FAILED */
+#define MBEDTLS_PARAM_FAILED( cond ) \
+ mbedtls_param_failed( #cond, __FILE__, __LINE__ )
+
+/**
+ * \brief User supplied callback function for parameter validation failure.
+ * See #MBEDTLS_CHECK_PARAMS for context.
+ *
+ * This function will be called unless an alternative treatement
+ * is defined through the #MBEDTLS_PARAM_FAILED macro.
+ *
+ * This function can return, and the operation will be aborted, or
+ * alternatively, through use of setjmp()/longjmp() can resume
+ * execution in the application code.
+ *
+ * \param failure_condition The assertion that didn't hold.
+ * \param file The file where the assertion failed.
+ * \param line The line in the file where the assertion failed.
+ */
+void mbedtls_param_failed( const char *failure_condition,
+ const char *file,
+ int line );
+#endif /* MBEDTLS_PARAM_FAILED */
+
+/* Internal macro meant to be called only from within the library. */
+#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) \
+ do { \
+ if( !(cond) ) \
+ { \
+ MBEDTLS_PARAM_FAILED( cond ); \
+ return( ret ); \
+ } \
+ } while( 0 )
+
+/* Internal macro meant to be called only from within the library. */
+#define MBEDTLS_INTERNAL_VALIDATE( cond ) \
+ do { \
+ if( !(cond) ) \
+ { \
+ MBEDTLS_PARAM_FAILED( cond ); \
+ return; \
+ } \
+ } while( 0 )
+
+#else /* MBEDTLS_CHECK_PARAMS */
+
+/* Internal macros meant to be called only from within the library. */
+#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 )
+#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 )
+
+#endif /* MBEDTLS_CHECK_PARAMS */
+
+/* Internal helper macros for deprecating API constants. */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here
+ * to avoid conflict with other headers which define and use
+ * it, too. We might want to move all these definitions here at
+ * some point for uniformity. */
+#define MBEDTLS_DEPRECATED __attribute__((deprecated))
+MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
+#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
+ ( (mbedtls_deprecated_string_constant_t) ( VAL ) )
+MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
+#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \
+ ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
+#undef MBEDTLS_DEPRECATED
+#else /* MBEDTLS_DEPRECATED_WARNING */
+#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
+#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
+#endif /* MBEDTLS_DEPRECATED_WARNING */
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
/**
* \brief Securely zeroize a buffer
*
@@ -55,6 +158,37 @@
*/
void mbedtls_platform_zeroize( void *buf, size_t len );
+#if defined(MBEDTLS_HAVE_TIME_DATE)
+/**
+ * \brief Platform-specific implementation of gmtime_r()
+ *
+ * The function is a thread-safe abstraction that behaves
+ * similarly to the gmtime_r() function from Unix/POSIX.
+ *
+ * Mbed TLS will try to identify the underlying platform and
+ * make use of an appropriate underlying implementation (e.g.
+ * gmtime_r() for POSIX and gmtime_s() for Windows). If this is
+ * not possible, then gmtime() will be used. In this case, calls
+ * from the library to gmtime() will be guarded by the mutex
+ * mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is
+ * enabled. It is recommended that calls from outside the library
+ * are also guarded by this mutex.
+ *
+ * If MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, then Mbed TLS will
+ * unconditionally use the alternative implementation for
+ * mbedtls_platform_gmtime_r() supplied by the user at compile time.
+ *
+ * \param tt Pointer to an object containing time (in seconds) since the
+ * epoch to be converted
+ * \param tm_buf Pointer to an object where the results will be stored
+ *
+ * \return Pointer to an object of type struct tm on success, otherwise
+ * NULL
+ */
+struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
+ struct tm *tm_buf );
+#endif /* MBEDTLS_HAVE_TIME_DATE */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index 54b50ab..f0ec44c 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -34,7 +34,7 @@
#define MBEDTLS_POLY1305_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
+#include "config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
@@ -43,7 +43,13 @@
#include <stddef.h>
#define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA -0x0057 /**< Invalid input parameter(s). */
+
+/* MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE is deprecated and should not be
+ * used. */
#define MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE -0x0059 /**< Feature not available. For example, s part of the API is not implemented. */
+
+/* MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED is deprecated and should not be used.
+ */
#define MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED -0x005B /**< Poly1305 hardware accelerator failed. */
#ifdef __cplusplus
@@ -52,7 +58,7 @@
#if !defined(MBEDTLS_POLY1305_ALT)
-typedef struct
+typedef struct mbedtls_poly1305_context
{
uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */
uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */
@@ -78,14 +84,18 @@
* \c mbedtls_poly1305_finish(), then finally
* \c mbedtls_poly1305_free().
*
- * \param ctx The Poly1305 context to initialize.
+ * \param ctx The Poly1305 context to initialize. This must
+ * not be \c NULL.
*/
void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx );
/**
- * \brief This function releases and clears the specified Poly1305 context.
+ * \brief This function releases and clears the specified
+ * Poly1305 context.
*
- * \param ctx The Poly1305 context to clear.
+ * \param ctx The Poly1305 context to clear. This may be \c NULL, in which
+ * case this function is a no-op. If it is not \c NULL, it must
+ * point to an initialized Poly1305 context.
*/
void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
@@ -96,11 +106,11 @@
* invocation of Poly1305.
*
* \param ctx The Poly1305 context to which the key should be bound.
- * \param key The buffer containing the 256-bit key.
+ * This must be initialized.
+ * \param key The buffer containing the \c 32 Byte (\c 256 Bit) key.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- * if ctx or key are NULL.
+ * \return A negative error code on failure.
*/
int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
const unsigned char key[32] );
@@ -114,13 +124,14 @@
* It can be called repeatedly to process a stream of data.
*
* \param ctx The Poly1305 context to use for the Poly1305 operation.
- * \param ilen The length of the input data (in bytes). Any value is accepted.
+ * This must be initialized and bound to a key.
+ * \param ilen The length of the input data in Bytes.
+ * Any value is accepted.
* \param input The buffer holding the input data.
- * This pointer can be NULL if ilen == 0.
+ * This pointer can be \c NULL if `ilen == 0`.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- * if ctx or input are NULL.
+ * \return A negative error code on failure.
*/
int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
const unsigned char *input,
@@ -131,12 +142,12 @@
* Authentication Code (MAC).
*
* \param ctx The Poly1305 context to use for the Poly1305 operation.
- * \param mac The buffer to where the MAC is written. Must be big enough
- * to hold the 16-byte MAC.
+ * This must be initialized and bound to a key.
+ * \param mac The buffer to where the MAC is written. This must
+ * be a writable buffer of length \c 16 Bytes.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- * if ctx or mac are NULL.
+ * \return A negative error code on failure.
*/
int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
unsigned char mac[16] );
@@ -148,16 +159,16 @@
* \warning The key must be unique and unpredictable for each
* invocation of Poly1305.
*
- * \param key The buffer containing the 256-bit key.
- * \param ilen The length of the input data (in bytes). Any value is accepted.
+ * \param key The buffer containing the \c 32 Byte (\c 256 Bit) key.
+ * \param ilen The length of the input data in Bytes.
+ * Any value is accepted.
* \param input The buffer holding the input data.
- * This pointer can be NULL if ilen == 0.
- * \param mac The buffer to where the MAC is written. Must be big enough
- * to hold the 16-byte MAC.
+ * This pointer can be \c NULL if `ilen == 0`.
+ * \param mac The buffer to where the MAC is written. This must be
+ * a writable buffer of length \c 16 Bytes.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- * if key, input, or mac are NULL.
+ * \return A negative error code on failure.
*/
int mbedtls_poly1305_mac( const unsigned char key[32],
const unsigned char *input,
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
new file mode 100644
index 0000000..b0c0428
--- /dev/null
+++ b/include/mbedtls/psa_util.h
@@ -0,0 +1,482 @@
+/**
+ * \file psa_util.h
+ *
+ * \brief Utility functions for the use of the PSA Crypto library.
+ *
+ * \warning This function is not part of the public API and may
+ * change at any time.
+ */
+/*
+ * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_PSA_UTIL_H
+#define MBEDTLS_PSA_UTIL_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+#include "psa/crypto.h"
+
+#include "ecp.h"
+#include "md.h"
+#include "pk.h"
+#include "oid.h"
+
+#include <string.h>
+
+/* Translations for symmetric crypto. */
+
+static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
+ mbedtls_cipher_type_t cipher )
+{
+ switch( cipher )
+ {
+ case MBEDTLS_CIPHER_AES_128_CCM:
+ case MBEDTLS_CIPHER_AES_192_CCM:
+ case MBEDTLS_CIPHER_AES_256_CCM:
+ case MBEDTLS_CIPHER_AES_128_GCM:
+ case MBEDTLS_CIPHER_AES_192_GCM:
+ case MBEDTLS_CIPHER_AES_256_GCM:
+ case MBEDTLS_CIPHER_AES_128_CBC:
+ case MBEDTLS_CIPHER_AES_192_CBC:
+ case MBEDTLS_CIPHER_AES_256_CBC:
+ return( PSA_KEY_TYPE_AES );
+
+ /* ARIA not yet supported in PSA. */
+ /* case MBEDTLS_CIPHER_ARIA_128_CCM:
+ case MBEDTLS_CIPHER_ARIA_192_CCM:
+ case MBEDTLS_CIPHER_ARIA_256_CCM:
+ case MBEDTLS_CIPHER_ARIA_128_GCM:
+ case MBEDTLS_CIPHER_ARIA_192_GCM:
+ case MBEDTLS_CIPHER_ARIA_256_GCM:
+ case MBEDTLS_CIPHER_ARIA_128_CBC:
+ case MBEDTLS_CIPHER_ARIA_192_CBC:
+ case MBEDTLS_CIPHER_ARIA_256_CBC:
+ return( PSA_KEY_TYPE_ARIA ); */
+
+ default:
+ return( 0 );
+ }
+}
+
+static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
+ mbedtls_cipher_mode_t mode, size_t taglen )
+{
+ switch( mode )
+ {
+ case MBEDTLS_MODE_GCM:
+ return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, taglen ) );
+ case MBEDTLS_MODE_CCM:
+ return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, taglen ) );
+ case MBEDTLS_MODE_CBC:
+ if( taglen == 0 )
+ return( PSA_ALG_CBC_NO_PADDING );
+ /* Intentional fallthrough for taglen != 0 */
+ /* fallthrough */
+ default:
+ return( 0 );
+ }
+}
+
+static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(
+ mbedtls_operation_t op )
+{
+ switch( op )
+ {
+ case MBEDTLS_ENCRYPT:
+ return( PSA_KEY_USAGE_ENCRYPT );
+ case MBEDTLS_DECRYPT:
+ return( PSA_KEY_USAGE_DECRYPT );
+ default:
+ return( 0 );
+ }
+}
+
+/* Translations for hashing. */
+
+static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg )
+{
+ switch( md_alg )
+ {
+#if defined(MBEDTLS_MD2_C)
+ case MBEDTLS_MD_MD2:
+ return( PSA_ALG_MD2 );
+#endif
+#if defined(MBEDTLS_MD4_C)
+ case MBEDTLS_MD_MD4:
+ return( PSA_ALG_MD4 );
+#endif
+#if defined(MBEDTLS_MD5_C)
+ case MBEDTLS_MD_MD5:
+ return( PSA_ALG_MD5 );
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ case MBEDTLS_MD_SHA1:
+ return( PSA_ALG_SHA_1 );
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_MD_SHA224:
+ return( PSA_ALG_SHA_224 );
+ case MBEDTLS_MD_SHA256:
+ return( PSA_ALG_SHA_256 );
+#endif
+#if defined(MBEDTLS_SHA512_C)
+ case MBEDTLS_MD_SHA384:
+ return( PSA_ALG_SHA_384 );
+ case MBEDTLS_MD_SHA512:
+ return( PSA_ALG_SHA_512 );
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+ case MBEDTLS_MD_RIPEMD160:
+ return( PSA_ALG_RIPEMD160 );
+#endif
+ case MBEDTLS_MD_NONE: /* Intentional fallthrough */
+ default:
+ return( 0 );
+ }
+}
+
+/* Translations for ECC. */
+
+static inline int mbedtls_psa_get_ecc_oid_from_id(
+ psa_ecc_curve_t curve, char const **oid, size_t *oid_len )
+{
+ switch( curve )
+ {
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+ case PSA_ECC_CURVE_SECP192R1:
+ *oid = MBEDTLS_OID_EC_GRP_SECP192R1;
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
+ return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+ case PSA_ECC_CURVE_SECP224R1:
+ *oid = MBEDTLS_OID_EC_GRP_SECP224R1;
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
+ return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+ case PSA_ECC_CURVE_SECP256R1:
+ *oid = MBEDTLS_OID_EC_GRP_SECP256R1;
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
+ return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+ case PSA_ECC_CURVE_SECP384R1:
+ *oid = MBEDTLS_OID_EC_GRP_SECP384R1;
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
+ return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+ case PSA_ECC_CURVE_SECP521R1:
+ *oid = MBEDTLS_OID_EC_GRP_SECP521R1;
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
+ return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+ case PSA_ECC_CURVE_SECP192K1:
+ *oid = MBEDTLS_OID_EC_GRP_SECP192K1;
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
+ return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+ case PSA_ECC_CURVE_SECP224K1:
+ *oid = MBEDTLS_OID_EC_GRP_SECP224K1;
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
+ return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+ case PSA_ECC_CURVE_SECP256K1:
+ *oid = MBEDTLS_OID_EC_GRP_SECP256K1;
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
+ return( 0 );
+#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+ case PSA_ECC_CURVE_BRAINPOOL_P256R1:
+ *oid = MBEDTLS_OID_EC_GRP_BP256R1;
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
+ return( 0 );
+#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+ case PSA_ECC_CURVE_BRAINPOOL_P384R1:
+ *oid = MBEDTLS_OID_EC_GRP_BP384R1;
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
+ return( 0 );
+#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+ case PSA_ECC_CURVE_BRAINPOOL_P512R1:
+ *oid = MBEDTLS_OID_EC_GRP_BP512R1;
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
+ return( 0 );
+#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
+ }
+
+ return( -1 );
+}
+
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
+
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
+#endif
+#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
+
+
+static inline psa_ecc_curve_t mbedtls_psa_translate_ecc_group( mbedtls_ecp_group_id grpid )
+{
+ switch( grpid )
+ {
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP192R1:
+ return( PSA_ECC_CURVE_SECP192R1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP224R1:
+ return( PSA_ECC_CURVE_SECP224R1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP256R1:
+ return( PSA_ECC_CURVE_SECP256R1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP384R1:
+ return( PSA_ECC_CURVE_SECP384R1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP521R1:
+ return( PSA_ECC_CURVE_SECP521R1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+ case MBEDTLS_ECP_DP_BP256R1:
+ return( PSA_ECC_CURVE_BRAINPOOL_P256R1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+ case MBEDTLS_ECP_DP_BP384R1:
+ return( PSA_ECC_CURVE_BRAINPOOL_P384R1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+ case MBEDTLS_ECP_DP_BP512R1:
+ return( PSA_ECC_CURVE_BRAINPOOL_P512R1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+ case MBEDTLS_ECP_DP_CURVE25519:
+ return( PSA_ECC_CURVE_CURVE25519 );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP192K1:
+ return( PSA_ECC_CURVE_SECP192K1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP224K1:
+ return( PSA_ECC_CURVE_SECP224K1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP256K1:
+ return( PSA_ECC_CURVE_SECP256K1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+ case MBEDTLS_ECP_DP_CURVE448:
+ return( PSA_ECC_CURVE_CURVE448 );
+#endif
+ default:
+ return( 0 );
+ }
+}
+
+
+#define MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( curve ) \
+ ( curve == PSA_ECC_CURVE_SECP192R1 ? 192 : \
+ curve == PSA_ECC_CURVE_SECP224R1 ? 224 : \
+ curve == PSA_ECC_CURVE_SECP256R1 ? 256 : \
+ curve == PSA_ECC_CURVE_SECP384R1 ? 384 : \
+ curve == PSA_ECC_CURVE_SECP521R1 ? 521 : \
+ curve == PSA_ECC_CURVE_SECP192K1 ? 192 : \
+ curve == PSA_ECC_CURVE_SECP224K1 ? 224 : \
+ curve == PSA_ECC_CURVE_SECP256K1 ? 256 : \
+ curve == PSA_ECC_CURVE_BRAINPOOL_P256R1 ? 256 : \
+ curve == PSA_ECC_CURVE_BRAINPOOL_P384R1 ? 384 : \
+ curve == PSA_ECC_CURVE_BRAINPOOL_P512R1 ? 512 : \
+ 0 )
+
+#define MBEDTLS_PSA_ECC_KEY_BYTES_OF_CURVE( curve ) \
+ ( ( MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( curve ) + 7 ) / 8 )
+
+/* Translations for PK layer */
+
+static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
+{
+ switch( status )
+ {
+ case PSA_SUCCESS:
+ return( 0 );
+ case PSA_ERROR_NOT_SUPPORTED:
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+ case PSA_ERROR_INSUFFICIENT_MEMORY:
+ return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+ case PSA_ERROR_INSUFFICIENT_ENTROPY:
+ return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+ case PSA_ERROR_BAD_STATE:
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ /* All other failures */
+ case PSA_ERROR_COMMUNICATION_FAILURE:
+ case PSA_ERROR_HARDWARE_FAILURE:
+ case PSA_ERROR_TAMPERING_DETECTED:
+ return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+ default: /* We return the same as for the 'other failures',
+ * but list them separately nonetheless to indicate
+ * which failure conditions we have considered. */
+ return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+ }
+}
+
+/* Translations for ECC */
+
+/* This function transforms an ECC group identifier from
+ * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
+ * into a PSA ECC group identifier. */
+static inline psa_ecc_curve_t mbedtls_psa_parse_tls_ecc_group(
+ uint16_t tls_ecc_grp_reg_id )
+{
+ /* The PSA identifiers are currently aligned with those from
+ * the TLS Supported Groups registry, so no conversion is necessary. */
+ return( (psa_ecc_curve_t) tls_ecc_grp_reg_id );
+}
+
+/* This function takes a buffer holding an EC public key
+ * exported through psa_export_public_key(), and converts
+ * it into an ECPoint structure to be put into a ClientKeyExchange
+ * message in an ECDHE exchange.
+ *
+ * Both the present and the foreseeable future format of EC public keys
+ * used by PSA have the ECPoint structure contained in the exported key
+ * as a subbuffer, and the function merely selects this subbuffer instead
+ * of making a copy.
+ */
+static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src,
+ size_t srclen,
+ unsigned char **dst,
+ size_t *dstlen )
+{
+ *dst = src;
+ *dstlen = srclen;
+ return( 0 );
+}
+
+/* This function takes a buffer holding an ECPoint structure
+ * (as contained in a TLS ServerKeyExchange message for ECDHE
+ * exchanges) and converts it into a format that the PSA key
+ * agreement API understands.
+ */
+static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( psa_ecc_curve_t curve,
+ unsigned char const *src,
+ size_t srclen,
+ unsigned char *dst,
+ size_t dstlen,
+ size_t *olen )
+{
+ ((void) curve);
+
+ if( srclen > dstlen )
+ return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+ memcpy( dst, src, srclen );
+ *olen = srclen;
+ return( 0 );
+}
+
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#endif /* MBEDTLS_PSA_UTIL_H */
diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h
index a0dac0c..b42f6d2 100644
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@@ -33,6 +33,8 @@
#include <stddef.h>
#include <stdint.h>
+/* MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED is deprecated and should not be used.
+ */
#define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */
#ifdef __cplusplus
@@ -46,7 +48,7 @@
/**
* \brief RIPEMD-160 context structure
*/
-typedef struct
+typedef struct mbedtls_ripemd160_context
{
uint32_t total[2]; /*!< number of bytes processed */
uint32_t state[5]; /*!< intermediate digest state */
@@ -217,6 +219,8 @@
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief Checkup routine
*
@@ -224,6 +228,8 @@
*/
int mbedtls_ripemd160_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 19eb2ee..610e804 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -55,7 +55,12 @@
#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */
#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */
#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */
+
+/* MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is deprecated and should not be used.
+ */
#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation does not offer the requested operation, for example, because of security violations or lack of functionality. */
+
+/* MBEDTLS_ERR_RSA_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_RSA_HW_ACCEL_FAILED -0x4580 /**< RSA hardware accelerator failed. */
/*
@@ -92,7 +97,7 @@
* is deprecated. All manipulation should instead be done through
* the public interface functions.
*/
-typedef struct
+typedef struct mbedtls_rsa_context
{
int ver; /*!< Always 0.*/
size_t len; /*!< The size of \p N in Bytes. */
@@ -145,23 +150,24 @@
* \note The choice of padding mode is strictly enforced for private key
* operations, since there might be security concerns in
* mixing padding modes. For public key operations it is
- * a default value, which can be overriden by calling specific
+ * a default value, which can be overridden by calling specific
* \c rsa_rsaes_xxx or \c rsa_rsassa_xxx functions.
*
* \note The hash selected in \p hash_id is always used for OEAP
* encryption. For PSS signatures, it is always used for
- * making signatures, but can be overriden for verifying them.
- * If set to #MBEDTLS_MD_NONE, it is always overriden.
+ * making signatures, but can be overridden for verifying them.
+ * If set to #MBEDTLS_MD_NONE, it is always overridden.
*
- * \param ctx The RSA context to initialize.
- * \param padding Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or
- * #MBEDTLS_RSA_PKCS_V21.
- * \param hash_id The hash identifier of #mbedtls_md_type_t type, if
- * \p padding is #MBEDTLS_RSA_PKCS_V21.
+ * \param ctx The RSA context to initialize. This must not be \c NULL.
+ * \param padding The padding mode to use. This must be either
+ * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
+ * \param hash_id The hash identifier of ::mbedtls_md_type_t type, if
+ * \p padding is #MBEDTLS_RSA_PKCS_V21. It is unused
+ * otherwise.
*/
void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
int padding,
- int hash_id);
+ int hash_id );
/**
* \brief This function imports a set of core parameters into an
@@ -183,11 +189,11 @@
* for the lifetime of the RSA context being set up.
*
* \param ctx The initialized RSA context to store the parameters in.
- * \param N The RSA modulus, or NULL.
- * \param P The first prime factor of \p N, or NULL.
- * \param Q The second prime factor of \p N, or NULL.
- * \param D The private exponent, or NULL.
- * \param E The public exponent, or NULL.
+ * \param N The RSA modulus. This may be \c NULL.
+ * \param P The first prime factor of \p N. This may be \c NULL.
+ * \param Q The second prime factor of \p N. This may be \c NULL.
+ * \param D The private exponent. This may be \c NULL.
+ * \param E The public exponent. This may be \c NULL.
*
* \return \c 0 on success.
* \return A non-zero error code on failure.
@@ -217,16 +223,16 @@
* for the lifetime of the RSA context being set up.
*
* \param ctx The initialized RSA context to store the parameters in.
- * \param N The RSA modulus, or NULL.
- * \param N_len The Byte length of \p N, ignored if \p N == NULL.
- * \param P The first prime factor of \p N, or NULL.
- * \param P_len The Byte length of \p P, ignored if \p P == NULL.
- * \param Q The second prime factor of \p N, or NULL.
- * \param Q_len The Byte length of \p Q, ignored if \p Q == NULL.
- * \param D The private exponent, or NULL.
- * \param D_len The Byte length of \p D, ignored if \p D == NULL.
- * \param E The public exponent, or NULL.
- * \param E_len The Byte length of \p E, ignored if \p E == NULL.
+ * \param N The RSA modulus. This may be \c NULL.
+ * \param N_len The Byte length of \p N; it is ignored if \p N == NULL.
+ * \param P The first prime factor of \p N. This may be \c NULL.
+ * \param P_len The Byte length of \p P; it ns ignored if \p P == NULL.
+ * \param Q The second prime factor of \p N. This may be \c NULL.
+ * \param Q_len The Byte length of \p Q; it is ignored if \p Q == NULL.
+ * \param D The private exponent. This may be \c NULL.
+ * \param D_len The Byte length of \p D; it is ignored if \p D == NULL.
+ * \param E The public exponent. This may be \c NULL.
+ * \param E_len The Byte length of \p E; it is ignored if \p E == NULL.
*
* \return \c 0 on success.
* \return A non-zero error code on failure.
@@ -281,7 +287,7 @@
* zero Bytes.
*
* Possible reasons for returning
- * #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:<ul>
+ * #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:<ul>
* <li>An alternative RSA implementation is in use, which
* stores the key externally, and either cannot or should
* not export it into RAM.</li>
@@ -294,14 +300,19 @@
* the RSA context stays intact and remains usable.
*
* \param ctx The initialized RSA context.
- * \param N The MPI to hold the RSA modulus, or NULL.
- * \param P The MPI to hold the first prime factor of \p N, or NULL.
- * \param Q The MPI to hold the second prime factor of \p N, or NULL.
- * \param D The MPI to hold the private exponent, or NULL.
- * \param E The MPI to hold the public exponent, or NULL.
+ * \param N The MPI to hold the RSA modulus.
+ * This may be \c NULL if this field need not be exported.
+ * \param P The MPI to hold the first prime factor of \p N.
+ * This may be \c NULL if this field need not be exported.
+ * \param Q The MPI to hold the second prime factor of \p N.
+ * This may be \c NULL if this field need not be exported.
+ * \param D The MPI to hold the private exponent.
+ * This may be \c NULL if this field need not be exported.
+ * \param E The MPI to hold the public exponent.
+ * This may be \c NULL if this field need not be exported.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the
+ * \return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
* requested parameters cannot be done due to missing
* functionality or because of security policies.
* \return A non-zero return code on any other failure.
@@ -321,7 +332,7 @@
* zero Bytes.
*
* Possible reasons for returning
- * #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:<ul>
+ * #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:<ul>
* <li>An alternative RSA implementation is in use, which
* stores the key externally, and either cannot or should
* not export it into RAM.</li>
@@ -336,21 +347,24 @@
* buffer pointers are NULL.
*
* \param ctx The initialized RSA context.
- * \param N The Byte array to store the RSA modulus, or NULL.
+ * \param N The Byte array to store the RSA modulus,
+ * or \c NULL if this field need not be exported.
* \param N_len The size of the buffer for the modulus.
- * \param P The Byte array to hold the first prime factor of \p N, or
- * NULL.
+ * \param P The Byte array to hold the first prime factor of \p N,
+ * or \c NULL if this field need not be exported.
* \param P_len The size of the buffer for the first prime factor.
- * \param Q The Byte array to hold the second prime factor of \p N, or
- * NULL.
+ * \param Q The Byte array to hold the second prime factor of \p N,
+ * or \c NULL if this field need not be exported.
* \param Q_len The size of the buffer for the second prime factor.
- * \param D The Byte array to hold the private exponent, or NULL.
+ * \param D The Byte array to hold the private exponent,
+ * or \c NULL if this field need not be exported.
* \param D_len The size of the buffer for the private exponent.
- * \param E The Byte array to hold the public exponent, or NULL.
+ * \param E The Byte array to hold the public exponent,
+ * or \c NULL if this field need not be exported.
* \param E_len The size of the buffer for the public exponent.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the
+ * \return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
* requested parameters cannot be done due to missing
* functionality or because of security policies.
* \return A non-zero return code on any other failure.
@@ -370,9 +384,12 @@
* mbedtls_rsa_deduce_opt().
*
* \param ctx The initialized RSA context.
- * \param DP The MPI to hold D modulo P-1, or NULL.
- * \param DQ The MPI to hold D modulo Q-1, or NULL.
- * \param QP The MPI to hold modular inverse of Q modulo P, or NULL.
+ * \param DP The MPI to hold \c D modulo `P-1`,
+ * or \c NULL if it need not be exported.
+ * \param DQ The MPI to hold \c D modulo `Q-1`,
+ * or \c NULL if it need not be exported.
+ * \param QP The MPI to hold modular inverse of \c Q modulo \c P,
+ * or \c NULL if it need not be exported.
*
* \return \c 0 on success.
* \return A non-zero error code on failure.
@@ -385,13 +402,13 @@
* \brief This function sets padding for an already initialized RSA
* context. See mbedtls_rsa_init() for details.
*
- * \param ctx The RSA context to be set.
- * \param padding Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or
- * #MBEDTLS_RSA_PKCS_V21.
+ * \param ctx The initialized RSA context to be configured.
+ * \param padding The padding mode to use. This must be either
+ * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
* \param hash_id The #MBEDTLS_RSA_PKCS_V21 hash identifier.
*/
void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
- int hash_id);
+ int hash_id );
/**
* \brief This function retrieves the length of RSA modulus in Bytes.
@@ -409,11 +426,14 @@
* \note mbedtls_rsa_init() must be called before this function,
* to set up the RSA context.
*
- * \param ctx The RSA context used to hold the key.
- * \param f_rng The RNG function.
- * \param p_rng The RNG context.
+ * \param ctx The initialized RSA context used to hold the key.
+ * \param f_rng The RNG function to be used for key generation.
+ * This must not be \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng.
+ * This may be \c NULL if \p f_rng doesn't need a context.
* \param nbits The size of the public key in bits.
- * \param exponent The public exponent. For example, 65537.
+ * \param exponent The public exponent to use. For example, \c 65537.
+ * This must be odd and greater than \c 1.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -431,7 +451,7 @@
* enough information is present to perform an RSA public key
* operation using mbedtls_rsa_public().
*
- * \param ctx The RSA context to check.
+ * \param ctx The initialized RSA context to check.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -470,7 +490,7 @@
* parameters, which goes beyond what is effectively checkable
* by the library.</li></ul>
*
- * \param ctx The RSA context to check.
+ * \param ctx The initialized RSA context to check.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -482,8 +502,8 @@
*
* It checks each of the contexts, and makes sure they match.
*
- * \param pub The RSA context holding the public key.
- * \param prv The RSA context holding the private key.
+ * \param pub The initialized RSA context holding the public key.
+ * \param prv The initialized RSA context holding the private key.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -494,18 +514,19 @@
/**
* \brief This function performs an RSA public key operation.
*
+ * \param ctx The initialized RSA context to use.
+ * \param input The input buffer. This must be a readable buffer
+ * of length \c ctx->len Bytes. For example, \c 256 Bytes
+ * for an 2048-bit RSA modulus.
+ * \param output The output buffer. This must be a writable buffer
+ * of length \c ctx->len Bytes. For example, \c 256 Bytes
+ * for an 2048-bit RSA modulus.
+ *
* \note This function does not handle message padding.
*
* \note Make sure to set \p input[0] = 0 or ensure that
* input is smaller than \p N.
*
- * \note The input and output buffers must be large
- * enough. For example, 128 Bytes if RSA-1024 is used.
- *
- * \param ctx The RSA context.
- * \param input The input buffer.
- * \param output The output buffer.
- *
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
@@ -516,9 +537,6 @@
/**
* \brief This function performs an RSA private key operation.
*
- * \note The input and output buffers must be large
- * enough. For example, 128 Bytes if RSA-1024 is used.
- *
* \note Blinding is used if and only if a PRNG is provided.
*
* \note If blinding is used, both the base of exponentation
@@ -530,11 +548,18 @@
* Future versions of the library may enforce the presence
* of a PRNG.
*
- * \param ctx The RSA context.
- * \param f_rng The RNG function. Needed for blinding.
- * \param p_rng The RNG context.
- * \param input The input buffer.
- * \param output The output buffer.
+ * \param ctx The initialized RSA context to use.
+ * \param f_rng The RNG function, used for blinding. It is discouraged
+ * and deprecated to pass \c NULL here, in which case
+ * blinding will be omitted.
+ * \param p_rng The RNG context to pass to \p f_rng. This may be \c NULL
+ * if \p f_rng is \c NULL or if \p f_rng doesn't need a context.
+ * \param input The input buffer. This must be a readable buffer
+ * of length \c ctx->len Bytes. For example, \c 256 Bytes
+ * for an 2048-bit RSA modulus.
+ * \param output The output buffer. This must be a writable buffer
+ * of length \c ctx->len Bytes. For example, \c 256 Bytes
+ * for an 2048-bit RSA modulus.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -553,9 +578,6 @@
* It is the generic wrapper for performing a PKCS#1 encryption
* operation using the \p mode from the context.
*
- * \note The input and output buffers must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
* are likely to remove the \p mode argument and have it
@@ -563,16 +585,27 @@
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
+ * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
- * \param ctx The RSA context.
- * \param f_rng The RNG function. Needed for padding, PKCS#1 v2.1
- * encoding, and #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG context.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param ilen The length of the plaintext.
- * \param input The buffer holding the data to encrypt.
- * \param output The buffer used to hold the ciphertext.
+ * \param ctx The initialized RSA context to use.
+ * \param f_rng The RNG to use. It is mandatory for PKCS#1 v2.1 padding
+ * encoding, and for PKCS#1 v1.5 padding encoding when used
+ * with \p mode set to #MBEDTLS_RSA_PUBLIC. For PKCS#1 v1.5
+ * padding encoding and \p mode set to #MBEDTLS_RSA_PRIVATE,
+ * it is used for blinding and should be provided in this
+ * case; see mbedtls_rsa_private() for more.
+ * \param p_rng The RNG context to be passed to \p f_rng. May be
+ * \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't
+ * need a context argument.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
+ * \param ilen The length of the plaintext in Bytes.
+ * \param input The input data to encrypt. This must be a readable
+ * buffer of size \p ilen Bytes. It may be \c NULL if
+ * `ilen == 0`.
+ * \param output The output buffer. This must be a writable buffer
+ * of length \c ctx->len Bytes. For example, \c 256 Bytes
+ * for an 2048-bit RSA modulus.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -588,9 +621,6 @@
* \brief This function performs a PKCS#1 v1.5 encryption operation
* (RSAES-PKCS1-v1_5-ENCRYPT).
*
- * \note The output buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
* are likely to remove the \p mode argument and have it
@@ -598,16 +628,25 @@
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
+ * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
- * \param ctx The RSA context.
- * \param f_rng The RNG function. Needed for padding and
- * #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG context.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param ilen The length of the plaintext.
- * \param input The buffer holding the data to encrypt.
- * \param output The buffer used to hold the ciphertext.
+ * \param ctx The initialized RSA context to use.
+ * \param f_rng The RNG function to use. It is needed for padding generation
+ * if \p mode is #MBEDTLS_RSA_PUBLIC. If \p mode is
+ * #MBEDTLS_RSA_PRIVATE (discouraged), it is used for
+ * blinding and should be provided; see mbedtls_rsa_private().
+ * \param p_rng The RNG context to be passed to \p f_rng. This may
+ * be \c NULL if \p f_rng is \c NULL or if \p f_rng
+ * doesn't need a context argument.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
+ * \param ilen The length of the plaintext in Bytes.
+ * \param input The input data to encrypt. This must be a readable
+ * buffer of size \p ilen Bytes. It may be \c NULL if
+ * `ilen == 0`.
+ * \param output The output buffer. This must be a writable buffer
+ * of length \c ctx->len Bytes. For example, \c 256 Bytes
+ * for an 2048-bit RSA modulus.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -633,18 +672,26 @@
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
+ * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
- * \param ctx The RSA context.
- * \param f_rng The RNG function. Needed for padding and PKCS#1 v2.1
- * encoding and #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG context.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx The initnialized RSA context to use.
+ * \param f_rng The RNG function to use. This is needed for padding
+ * generation and must be provided.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may
+ * be \c NULL if \p f_rng doesn't need a context argument.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
* \param label The buffer holding the custom label to use.
- * \param label_len The length of the label.
- * \param ilen The length of the plaintext.
- * \param input The buffer holding the data to encrypt.
- * \param output The buffer used to hold the ciphertext.
+ * This must be a readable buffer of length \p label_len
+ * Bytes. It may be \c NULL if \p label_len is \c 0.
+ * \param label_len The length of the label in Bytes.
+ * \param ilen The length of the plaintext buffer \p input in Bytes.
+ * \param input The input data to encrypt. This must be a readable
+ * buffer of size \p ilen Bytes. It may be \c NULL if
+ * `ilen == 0`.
+ * \param output The output buffer. This must be a writable buffer
+ * of length \c ctx->len Bytes. For example, \c 256 Bytes
+ * for an 2048-bit RSA modulus.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -672,9 +719,6 @@
* hold the decryption of the particular ciphertext provided,
* the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
- * \note The input buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
* are likely to remove the \p mode argument and have it
@@ -682,16 +726,25 @@
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
+ * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
- * \param ctx The RSA context.
- * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG context.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param olen The length of the plaintext.
- * \param input The buffer holding the encrypted data.
- * \param output The buffer used to hold the plaintext.
- * \param output_max_len The maximum length of the output buffer.
+ * \param ctx The initialized RSA context to use.
+ * \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
+ * this is used for blinding and should be provided; see
+ * mbedtls_rsa_private() for more. If \p mode is
+ * #MBEDTLS_RSA_PUBLIC, it is ignored.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be
+ * \c NULL if \p f_rng is \c NULL or doesn't need a context.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
+ * \param olen The address at which to store the length of
+ * the plaintext. This must not be \c NULL.
+ * \param input The ciphertext buffer. This must be a readable buffer
+ * of length \c ctx->len Bytes. For example, \c 256 Bytes
+ * for an 2048-bit RSA modulus.
+ * \param output The buffer used to hold the plaintext. This must
+ * be a writable buffer of length \p output_max_len Bytes.
+ * \param output_max_len The length in Bytes of the output buffer \p output.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -715,9 +768,6 @@
* hold the decryption of the particular ciphertext provided,
* the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
- * \note The input buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
* are likely to remove the \p mode argument and have it
@@ -725,16 +775,25 @@
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
+ * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
- * \param ctx The RSA context.
- * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG context.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param olen The length of the plaintext.
- * \param input The buffer holding the encrypted data.
- * \param output The buffer to hold the plaintext.
- * \param output_max_len The maximum length of the output buffer.
+ * \param ctx The initialized RSA context to use.
+ * \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
+ * this is used for blinding and should be provided; see
+ * mbedtls_rsa_private() for more. If \p mode is
+ * #MBEDTLS_RSA_PUBLIC, it is ignored.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be
+ * \c NULL if \p f_rng is \c NULL or doesn't need a context.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
+ * \param olen The address at which to store the length of
+ * the plaintext. This must not be \c NULL.
+ * \param input The ciphertext buffer. This must be a readable buffer
+ * of length \c ctx->len Bytes. For example, \c 256 Bytes
+ * for an 2048-bit RSA modulus.
+ * \param output The buffer used to hold the plaintext. This must
+ * be a writable buffer of length \p output_max_len Bytes.
+ * \param output_max_len The length in Bytes of the output buffer \p output.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -760,9 +819,6 @@
* ciphertext provided, the function returns
* #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
*
- * \note The input buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
* are likely to remove the \p mode argument and have it
@@ -770,18 +826,29 @@
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
+ * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
- * \param ctx The RSA context.
- * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG context.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx The initialized RSA context to use.
+ * \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
+ * this is used for blinding and should be provided; see
+ * mbedtls_rsa_private() for more. If \p mode is
+ * #MBEDTLS_RSA_PUBLIC, it is ignored.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be
+ * \c NULL if \p f_rng is \c NULL or doesn't need a context.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
* \param label The buffer holding the custom label to use.
- * \param label_len The length of the label.
- * \param olen The length of the plaintext.
- * \param input The buffer holding the encrypted data.
- * \param output The buffer to hold the plaintext.
- * \param output_max_len The maximum length of the output buffer.
+ * This must be a readable buffer of length \p label_len
+ * Bytes. It may be \c NULL if \p label_len is \c 0.
+ * \param label_len The length of the label in Bytes.
+ * \param olen The address at which to store the length of
+ * the plaintext. This must not be \c NULL.
+ * \param input The ciphertext buffer. This must be a readable buffer
+ * of length \c ctx->len Bytes. For example, \c 256 Bytes
+ * for an 2048-bit RSA modulus.
+ * \param output The buffer used to hold the plaintext. This must
+ * be a writable buffer of length \p output_max_len Bytes.
+ * \param output_max_len The length in Bytes of the output buffer \p output.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -817,18 +884,31 @@
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
+ * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
- * \param ctx The RSA context.
- * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for
- * #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG context.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx The initialized RSA context to use.
+ * \param f_rng The RNG function to use. If the padding mode is PKCS#1 v2.1,
+ * this must be provided. If the padding mode is PKCS#1 v1.5 and
+ * \p mode is #MBEDTLS_RSA_PRIVATE, it is used for blinding
+ * and should be provided; see mbedtls_rsa_private() for more
+ * more. It is ignored otherwise.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
+ * if \p f_rng is \c NULL or doesn't need a context argument.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash The buffer holding the message digest.
- * \param sig The buffer to hold the ciphertext.
+ * \param hashlen The length of the message digest.
+ * Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash The buffer holding the message digest or raw data.
+ * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
+ * buffer of length \p hashlen Bytes. If \p md_alg is not
+ * #MBEDTLS_MD_NONE, it must be a readable buffer of length
+ * the size of the hash corresponding to \p md_alg.
+ * \param sig The buffer to hold the signature. This must be a writable
+ * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+ * for an 2048-bit RSA modulus. A buffer length of
+ * #MBEDTLS_MPI_MAX_SIZE is always safe.
*
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -846,9 +926,6 @@
* \brief This function performs a PKCS#1 v1.5 signature
* operation (RSASSA-PKCS1-v1_5-SIGN).
*
- * \note The \p sig buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
* are likely to remove the \p mode argument and have it
@@ -856,17 +933,30 @@
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
+ * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
- * \param ctx The RSA context.
- * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG context.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx The initialized RSA context to use.
+ * \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
+ * this is used for blinding and should be provided; see
+ * mbedtls_rsa_private() for more. If \p mode is
+ * #MBEDTLS_RSA_PUBLIC, it is ignored.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
+ * if \p f_rng is \c NULL or doesn't need a context argument.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash The buffer holding the message digest.
- * \param sig The buffer to hold the ciphertext.
+ * \param hashlen The length of the message digest.
+ * Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash The buffer holding the message digest or raw data.
+ * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
+ * buffer of length \p hashlen Bytes. If \p md_alg is not
+ * #MBEDTLS_MD_NONE, it must be a readable buffer of length
+ * the size of the hash corresponding to \p md_alg.
+ * \param sig The buffer to hold the signature. This must be a writable
+ * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+ * for an 2048-bit RSA modulus. A buffer length of
+ * #MBEDTLS_MPI_MAX_SIZE is always safe.
*
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -884,9 +974,6 @@
* \brief This function performs a PKCS#1 v2.1 PSS signature
* operation (RSASSA-PSS-SIGN).
*
- * \note The \p sig buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
* \note The \p hash_id in the RSA context is the one used for the
* encoding. \p md_alg in the function call is the type of hash
* that is encoded. According to <em>RFC-3447: Public-Key
@@ -894,6 +981,16 @@
* Specifications</em> it is advised to keep both hashes the
* same.
*
+ * \note This function always uses the maximum possible salt size,
+ * up to the length of the payload hash. This choice of salt
+ * size complies with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1
+ * v2.2) §9.1.1 step 3. Furthermore this function enforces a
+ * minimum salt size which is the hash size minus 2 bytes. If
+ * this minimum size is too large given the key size (the salt
+ * size, plus the hash size, plus 2 bytes must be no more than
+ * the key size in bytes), this function returns
+ * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
+ *
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
* are likely to remove the \p mode argument and have it
@@ -901,18 +998,27 @@
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
+ * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
- * \param ctx The RSA context.
- * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for
- * #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG context.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx The initialized RSA context to use.
+ * \param f_rng The RNG function. It must not be \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
+ * if \p f_rng doesn't need a context argument.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash The buffer holding the message digest.
- * \param sig The buffer to hold the ciphertext.
+ * \param hashlen The length of the message digest.
+ * Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash The buffer holding the message digest or raw data.
+ * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
+ * buffer of length \p hashlen Bytes. If \p md_alg is not
+ * #MBEDTLS_MD_NONE, it must be a readable buffer of length
+ * the size of the hash corresponding to \p md_alg.
+ * \param sig The buffer to hold the signature. This must be a writable
+ * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+ * for an 2048-bit RSA modulus. A buffer length of
+ * #MBEDTLS_MPI_MAX_SIZE is always safe.
*
* \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -933,9 +1039,6 @@
* This is the generic wrapper for performing a PKCS#1
* verification using the mode from the context.
*
- * \note The \p sig buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
* \note For PKCS#1 v2.1 encoding, see comments on
* mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
* \p hash_id.
@@ -947,17 +1050,28 @@
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
+ * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
- * \param ctx The RSA public key context.
- * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG context.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx The initialized RSA public key context to use.
+ * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
+ * this is used for blinding and should be provided; see
+ * mbedtls_rsa_private() for more. Otherwise, it is ignored.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be
+ * \c NULL if \p f_rng is \c NULL or doesn't need a context.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash The buffer holding the message digest.
- * \param sig The buffer holding the ciphertext.
+ * \param hashlen The length of the message digest.
+ * This is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash The buffer holding the message digest or raw data.
+ * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
+ * buffer of length \p hashlen Bytes. If \p md_alg is not
+ * #MBEDTLS_MD_NONE, it must be a readable buffer of length
+ * the size of the hash corresponding to \p md_alg.
+ * \param sig The buffer holding the signature. This must be a readable
+ * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+ * for an 2048-bit RSA modulus.
*
* \return \c 0 if the verify operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -975,9 +1089,6 @@
* \brief This function performs a PKCS#1 v1.5 verification
* operation (RSASSA-PKCS1-v1_5-VERIFY).
*
- * \note The \p sig buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
* are likely to remove the \p mode argument and have it
@@ -985,17 +1096,28 @@
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
+ * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
- * \param ctx The RSA public key context.
- * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG context.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx The initialized RSA public key context to use.
+ * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
+ * this is used for blinding and should be provided; see
+ * mbedtls_rsa_private() for more. Otherwise, it is ignored.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be
+ * \c NULL if \p f_rng is \c NULL or doesn't need a context.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash The buffer holding the message digest.
- * \param sig The buffer holding the ciphertext.
+ * \param hashlen The length of the message digest.
+ * This is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash The buffer holding the message digest or raw data.
+ * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
+ * buffer of length \p hashlen Bytes. If \p md_alg is not
+ * #MBEDTLS_MD_NONE, it must be a readable buffer of length
+ * the size of the hash corresponding to \p md_alg.
+ * \param sig The buffer holding the signature. This must be a readable
+ * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+ * for an 2048-bit RSA modulus.
*
* \return \c 0 if the verify operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -1016,9 +1138,6 @@
* The hash function for the MGF mask generating function
* is that specified in the RSA context.
*
- * \note The \p sig buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
* \note The \p hash_id in the RSA context is the one used for the
* verification. \p md_alg in the function call is the type of
* hash that is verified. According to <em>RFC-3447: Public-Key
@@ -1034,17 +1153,28 @@
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
+ * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
- * \param ctx The RSA public key context.
- * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG context.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx The initialized RSA public key context to use.
+ * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
+ * this is used for blinding and should be provided; see
+ * mbedtls_rsa_private() for more. Otherwise, it is ignored.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be
+ * \c NULL if \p f_rng is \c NULL or doesn't need a context.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash The buffer holding the message digest.
- * \param sig The buffer holding the ciphertext.
+ * \param hashlen The length of the message digest.
+ * This is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash The buffer holding the message digest or raw data.
+ * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
+ * buffer of length \p hashlen Bytes. If \p md_alg is not
+ * #MBEDTLS_MD_NONE, it must be a readable buffer of length
+ * the size of the hash corresponding to \p md_alg.
+ * \param sig The buffer holding the signature. This must be a readable
+ * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+ * for an 2048-bit RSA modulus.
*
* \return \c 0 if the verify operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -1070,19 +1200,29 @@
*
* \note The \p hash_id in the RSA context is ignored.
*
- * \param ctx The RSA public key context.
- * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG context.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ctx The initialized RSA public key context to use.
+ * \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
+ * this is used for blinding and should be provided; see
+ * mbedtls_rsa_private() for more. Otherwise, it is ignored.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be
+ * \c NULL if \p f_rng is \c NULL or doesn't need a context.
+ * \param mode The mode of operation. This must be either
+ * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest. Only used if \p md_alg is
- * #MBEDTLS_MD_NONE.
- * \param hash The buffer holding the message digest.
- * \param mgf1_hash_id The message digest used for mask generation.
- * \param expected_salt_len The length of the salt used in padding. Use
- * #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
- * \param sig The buffer holding the ciphertext.
+ * \param hashlen The length of the message digest.
+ * This is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash The buffer holding the message digest or raw data.
+ * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
+ * buffer of length \p hashlen Bytes. If \p md_alg is not
+ * #MBEDTLS_MD_NONE, it must be a readable buffer of length
+ * the size of the hash corresponding to \p md_alg.
+ * \param mgf1_hash_id The message digest used for mask generation.
+ * \param expected_salt_len The length of the salt used in padding. Use
+ * #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
+ * \param sig The buffer holding the signature. This must be a readable
+ * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+ * for an 2048-bit RSA modulus.
*
* \return \c 0 if the verify operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -1101,8 +1241,8 @@
/**
* \brief This function copies the components of an RSA context.
*
- * \param dst The destination context.
- * \param src The source context.
+ * \param dst The destination context. This must be initialized.
+ * \param src The source context. This must be initialized.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
@@ -1112,10 +1252,14 @@
/**
* \brief This function frees the components of an RSA key.
*
- * \param ctx The RSA Context to free.
+ * \param ctx The RSA context to free. May be \c NULL, in which case
+ * this function is a no-op. If it is not \c NULL, it must
+ * point to an initialized RSA context.
*/
void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief The RSA checkup routine.
*
@@ -1124,6 +1268,8 @@
*/
int mbedtls_rsa_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h
index 65a124c..bb6ecf0 100644
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@@ -40,7 +40,9 @@
#include <stddef.h>
#include <stdint.h>
+/* MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */
+#define MBEDTLS_ERR_SHA1_BAD_INPUT_DATA -0x0073 /**< SHA-1 input data was malformed. */
#ifdef __cplusplus
extern "C" {
@@ -58,7 +60,7 @@
* stronger message digests instead.
*
*/
-typedef struct
+typedef struct mbedtls_sha1_context
{
uint32_t total[2]; /*!< The number of Bytes processed. */
uint32_t state[5]; /*!< The intermediate digest state. */
@@ -78,6 +80,7 @@
* stronger message digests instead.
*
* \param ctx The SHA-1 context to initialize.
+ * This must not be \c NULL.
*
*/
void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
@@ -89,7 +92,10 @@
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
- * \param ctx The SHA-1 context to clear.
+ * \param ctx The SHA-1 context to clear. This may be \c NULL,
+ * in which case this function does nothing. If it is
+ * not \c NULL, it must point to an initialized
+ * SHA-1 context.
*
*/
void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
@@ -101,8 +107,8 @@
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
- * \param dst The SHA-1 context to clone to.
- * \param src The SHA-1 context to clone from.
+ * \param dst The SHA-1 context to clone to. This must be initialized.
+ * \param src The SHA-1 context to clone from. This must be initialized.
*
*/
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
@@ -115,9 +121,10 @@
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
- * \param ctx The SHA-1 context to initialize.
+ * \param ctx The SHA-1 context to initialize. This must be initialized.
*
* \return \c 0 on success.
+ * \return A negative error code on failure.
*
*/
int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
@@ -130,11 +137,14 @@
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
- * \param ctx The SHA-1 context.
+ * \param ctx The SHA-1 context. This must be initialized
+ * and have a hash operation started.
* \param input The buffer holding the input data.
- * \param ilen The length of the input data.
+ * This must be a readable buffer of length \p ilen Bytes.
+ * \param ilen The length of the input data \p input in Bytes.
*
* \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
const unsigned char *input,
@@ -148,10 +158,13 @@
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
- * \param ctx The SHA-1 context.
- * \param output The SHA-1 checksum result.
+ * \param ctx The SHA-1 context to use. This must be initialized and
+ * have a hash operation started.
+ * \param output The SHA-1 checksum result. This must be a writable
+ * buffer of length \c 20 Bytes.
*
* \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
unsigned char output[20] );
@@ -163,10 +176,12 @@
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
- * \param ctx The SHA-1 context.
- * \param data The data block being processed.
+ * \param ctx The SHA-1 context to use. This must be initialized.
+ * \param data The data block being processed. This must be a
+ * readable buffer of length \c 64 Bytes.
*
* \return \c 0 on success.
+ * \return A negative error code on failure.
*
*/
int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
@@ -187,7 +202,7 @@
*
* \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0.
*
- * \param ctx The SHA-1 context to initialize.
+ * \param ctx The SHA-1 context to initialize. This must be initialized.
*
*/
MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
@@ -202,9 +217,11 @@
*
* \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0.
*
- * \param ctx The SHA-1 context.
+ * \param ctx The SHA-1 context. This must be initialized and
+ * have a hash operation started.
* \param input The buffer holding the input data.
- * \param ilen The length of the input data.
+ * This must be a readable buffer of length \p ilen Bytes.
+ * \param ilen The length of the input data \p input in Bytes.
*
*/
MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
@@ -221,9 +238,10 @@
*
* \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0.
*
- * \param ctx The SHA-1 context.
+ * \param ctx The SHA-1 context. This must be initialized and
+ * have a hash operation started.
* \param output The SHA-1 checksum result.
- *
+ * This must be a writable buffer of length \c 20 Bytes.
*/
MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
unsigned char output[20] );
@@ -237,8 +255,9 @@
*
* \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0.
*
- * \param ctx The SHA-1 context.
+ * \param ctx The SHA-1 context. This must be initialized.
* \param data The data block being processed.
+ * This must be a readable buffer of length \c 64 bytes.
*
*/
MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
@@ -261,10 +280,13 @@
* stronger message digests instead.
*
* \param input The buffer holding the input data.
- * \param ilen The length of the input data.
+ * This must be a readable buffer of length \p ilen Bytes.
+ * \param ilen The length of the input data \p input in Bytes.
* \param output The SHA-1 checksum result.
+ * This must be a writable buffer of length \c 20 Bytes.
*
* \return \c 0 on success.
+ * \return A negative error code on failure.
*
*/
int mbedtls_sha1_ret( const unsigned char *input,
@@ -293,8 +315,10 @@
* \deprecated Superseded by mbedtls_sha1_ret() in 2.7.0
*
* \param input The buffer holding the input data.
- * \param ilen The length of the input data.
- * \param output The SHA-1 checksum result.
+ * This must be a readable buffer of length \p ilen Bytes.
+ * \param ilen The length of the input data \p input in Bytes.
+ * \param output The SHA-1 checksum result. This must be a writable
+ * buffer of size \c 20 Bytes.
*
*/
MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
@@ -304,6 +328,8 @@
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief The SHA-1 checkup routine.
*
@@ -317,6 +343,8 @@
*/
int mbedtls_sha1_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index adf31a8..d647398 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -36,7 +36,9 @@
#include <stddef.h>
#include <stdint.h>
+/* MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */
+#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074 /**< SHA-256 input data was malformed. */
#ifdef __cplusplus
extern "C" {
@@ -53,7 +55,7 @@
* checksum calculations. The choice between these two is
* made in the call to mbedtls_sha256_starts_ret().
*/
-typedef struct
+typedef struct mbedtls_sha256_context
{
uint32_t total[2]; /*!< The number of Bytes processed. */
uint32_t state[8]; /*!< The intermediate digest state. */
@@ -70,22 +72,24 @@
/**
* \brief This function initializes a SHA-256 context.
*
- * \param ctx The SHA-256 context to initialize.
+ * \param ctx The SHA-256 context to initialize. This must not be \c NULL.
*/
void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
/**
* \brief This function clears a SHA-256 context.
*
- * \param ctx The SHA-256 context to clear.
+ * \param ctx The SHA-256 context to clear. This may be \c NULL, in which
+ * case this function returns immediately. If it is not \c NULL,
+ * it must point to an initialized SHA-256 context.
*/
void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
/**
* \brief This function clones the state of a SHA-256 context.
*
- * \param dst The destination context.
- * \param src The context to clone.
+ * \param dst The destination context. This must be initialized.
+ * \param src The context to clone. This must be initialized.
*/
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
const mbedtls_sha256_context *src );
@@ -94,11 +98,12 @@
* \brief This function starts a SHA-224 or SHA-256 checksum
* calculation.
*
- * \param ctx The context to initialize.
- * \param is224 Determines which function to use:
- * 0: Use SHA-256, or 1: Use SHA-224.
+ * \param ctx The context to use. This must be initialized.
+ * \param is224 This determines which function to use. This must be
+ * either \c 0 for SHA-256, or \c 1 for SHA-224.
*
* \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 );
@@ -106,11 +111,14 @@
* \brief This function feeds an input buffer into an ongoing
* SHA-256 checksum calculation.
*
- * \param ctx The SHA-256 context.
- * \param input The buffer holding the data.
- * \param ilen The length of the input data.
+ * \param ctx The SHA-256 context. This must be initialized
+ * and have a hash operation started.
+ * \param input The buffer holding the data. This must be a readable
+ * buffer of length \p ilen Bytes.
+ * \param ilen The length of the input data in Bytes.
*
* \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
const unsigned char *input,
@@ -120,10 +128,13 @@
* \brief This function finishes the SHA-256 operation, and writes
* the result to the output buffer.
*
- * \param ctx The SHA-256 context.
+ * \param ctx The SHA-256 context. This must be initialized
+ * and have a hash operation started.
* \param output The SHA-224 or SHA-256 checksum result.
+ * This must be a writable buffer of length \c 32 Bytes.
*
* \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
unsigned char output[32] );
@@ -133,10 +144,12 @@
* the ongoing SHA-256 computation. This function is for
* internal use only.
*
- * \param ctx The SHA-256 context.
- * \param data The buffer holding one block of data.
+ * \param ctx The SHA-256 context. This must be initialized.
+ * \param data The buffer holding one block of data. This must
+ * be a readable buffer of length \c 64 Bytes.
*
* \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
const unsigned char data[64] );
@@ -151,12 +164,11 @@
* \brief This function starts a SHA-224 or SHA-256 checksum
* calculation.
*
- *
* \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0.
*
- * \param ctx The context to initialize.
- * \param is224 Determines which function to use:
- * 0: Use SHA-256, or 1: Use SHA-224.
+ * \param ctx The context to use. This must be initialized.
+ * \param is224 Determines which function to use. This must be
+ * either \c 0 for SHA-256, or \c 1 for SHA-224.
*/
MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
int is224 );
@@ -167,9 +179,11 @@
*
* \deprecated Superseded by mbedtls_sha256_update_ret() in 2.7.0.
*
- * \param ctx The SHA-256 context to initialize.
- * \param input The buffer holding the data.
- * \param ilen The length of the input data.
+ * \param ctx The SHA-256 context to use. This must be
+ * initialized and have a hash operation started.
+ * \param input The buffer holding the data. This must be a readable
+ * buffer of length \p ilen Bytes.
+ * \param ilen The length of the input data in Bytes.
*/
MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
const unsigned char *input,
@@ -181,8 +195,10 @@
*
* \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0.
*
- * \param ctx The SHA-256 context.
- * \param output The SHA-224 or SHA-256 checksum result.
+ * \param ctx The SHA-256 context. This must be initialized and
+ * have a hash operation started.
+ * \param output The SHA-224 or SHA-256 checksum result. This must be
+ * a writable buffer of length \c 32 Bytes.
*/
MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
unsigned char output[32] );
@@ -194,8 +210,9 @@
*
* \deprecated Superseded by mbedtls_internal_sha256_process() in 2.7.0.
*
- * \param ctx The SHA-256 context.
- * \param data The buffer holding one block of data.
+ * \param ctx The SHA-256 context. This must be initialized.
+ * \param data The buffer holding one block of data. This must be
+ * a readable buffer of size \c 64 Bytes.
*/
MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
const unsigned char data[64] );
@@ -213,11 +230,13 @@
* The SHA-256 result is calculated as
* output = SHA-256(input buffer).
*
- * \param input The buffer holding the input data.
- * \param ilen The length of the input data.
- * \param output The SHA-224 or SHA-256 checksum result.
- * \param is224 Determines which function to use:
- * 0: Use SHA-256, or 1: Use SHA-224.
+ * \param input The buffer holding the data. This must be a readable
+ * buffer of length \p ilen Bytes.
+ * \param ilen The length of the input data in Bytes.
+ * \param output The SHA-224 or SHA-256 checksum result. This must
+ * be a writable buffer of length \c 32 Bytes.
+ * \param is224 Determines which function to use. This must be
+ * either \c 0 for SHA-256, or \c 1 for SHA-224.
*/
int mbedtls_sha256_ret( const unsigned char *input,
size_t ilen,
@@ -243,11 +262,13 @@
*
* \deprecated Superseded by mbedtls_sha256_ret() in 2.7.0.
*
- * \param input The buffer holding the data.
- * \param ilen The length of the input data.
- * \param output The SHA-224 or SHA-256 checksum result.
- * \param is224 Determines which function to use:
- * 0: Use SHA-256, or 1: Use SHA-224.
+ * \param input The buffer holding the data. This must be a readable
+ * buffer of length \p ilen Bytes.
+ * \param ilen The length of the input data in Bytes.
+ * \param output The SHA-224 or SHA-256 checksum result. This must be
+ * a writable buffer of length \c 32 Bytes.
+ * \param is224 Determines which function to use. This must be either
+ * \c 0 for SHA-256, or \c 1 for SHA-224.
*/
MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
size_t ilen,
@@ -257,6 +278,8 @@
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief The SHA-224 and SHA-256 checkup routine.
*
@@ -265,6 +288,8 @@
*/
int mbedtls_sha256_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
index 5bb83f4..c06ceed 100644
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@@ -35,7 +35,9 @@
#include <stddef.h>
#include <stdint.h>
+/* MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */
+#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075 /**< SHA-512 input data was malformed. */
#ifdef __cplusplus
extern "C" {
@@ -52,7 +54,7 @@
* checksum calculations. The choice between these two is
* made in the call to mbedtls_sha512_starts_ret().
*/
-typedef struct
+typedef struct mbedtls_sha512_context
{
uint64_t total[2]; /*!< The number of Bytes processed. */
uint64_t state[8]; /*!< The intermediate digest state. */
@@ -69,22 +71,26 @@
/**
* \brief This function initializes a SHA-512 context.
*
- * \param ctx The SHA-512 context to initialize.
+ * \param ctx The SHA-512 context to initialize. This must
+ * not be \c NULL.
*/
void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
/**
* \brief This function clears a SHA-512 context.
*
- * \param ctx The SHA-512 context to clear.
+ * \param ctx The SHA-512 context to clear. This may be \c NULL,
+ * in which case this function does nothing. If it
+ * is not \c NULL, it must point to an initialized
+ * SHA-512 context.
*/
void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
/**
* \brief This function clones the state of a SHA-512 context.
*
- * \param dst The destination context.
- * \param src The context to clone.
+ * \param dst The destination context. This must be initialized.
+ * \param src The context to clone. This must be initialized.
*/
void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
const mbedtls_sha512_context *src );
@@ -93,11 +99,12 @@
* \brief This function starts a SHA-384 or SHA-512 checksum
* calculation.
*
- * \param ctx The SHA-512 context to initialize.
- * \param is384 Determines which function to use:
- * 0: Use SHA-512, or 1: Use SHA-384.
+ * \param ctx The SHA-512 context to use. This must be initialized.
+ * \param is384 Determines which function to use. This must be
+ * either \c for SHA-512, or \c 1 for SHA-384.
*
* \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 );
@@ -105,11 +112,14 @@
* \brief This function feeds an input buffer into an ongoing
* SHA-512 checksum calculation.
*
- * \param ctx The SHA-512 context.
- * \param input The buffer holding the input data.
- * \param ilen The length of the input data.
+ * \param ctx The SHA-512 context. This must be initialized
+ * and have a hash operation started.
+ * \param input The buffer holding the input data. This must
+ * be a readable buffer of length \p ilen Bytes.
+ * \param ilen The length of the input data in Bytes.
*
* \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
const unsigned char *input,
@@ -120,10 +130,13 @@
* the result to the output buffer. This function is for
* internal use only.
*
- * \param ctx The SHA-512 context.
+ * \param ctx The SHA-512 context. This must be initialized
+ * and have a hash operation started.
* \param output The SHA-384 or SHA-512 checksum result.
+ * This must be a writable buffer of length \c 64 Bytes.
*
* \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
unsigned char output[64] );
@@ -132,10 +145,12 @@
* \brief This function processes a single data block within
* the ongoing SHA-512 computation.
*
- * \param ctx The SHA-512 context.
- * \param data The buffer holding one block of data.
+ * \param ctx The SHA-512 context. This must be initialized.
+ * \param data The buffer holding one block of data. This
+ * must be a readable buffer of length \c 128 Bytes.
*
* \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
const unsigned char data[128] );
@@ -151,9 +166,9 @@
*
* \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.7.0
*
- * \param ctx The SHA-512 context to initialize.
- * \param is384 Determines which function to use:
- * 0: Use SHA-512, or 1: Use SHA-384.
+ * \param ctx The SHA-512 context to use. This must be initialized.
+ * \param is384 Determines which function to use. This must be either
+ * \c 0 for SHA-512 or \c 1 for SHA-384.
*/
MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
int is384 );
@@ -164,9 +179,11 @@
*
* \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0.
*
- * \param ctx The SHA-512 context.
- * \param input The buffer holding the data.
- * \param ilen The length of the input data.
+ * \param ctx The SHA-512 context. This must be initialized
+ * and have a hash operation started.
+ * \param input The buffer holding the data. This must be a readable
+ * buffer of length \p ilen Bytes.
+ * \param ilen The length of the input data in Bytes.
*/
MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
const unsigned char *input,
@@ -178,8 +195,10 @@
*
* \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0.
*
- * \param ctx The SHA-512 context.
- * \param output The SHA-384 or SHA-512 checksum result.
+ * \param ctx The SHA-512 context. This must be initialized
+ * and have a hash operation started.
+ * \param output The SHA-384 or SHA-512 checksum result. This must
+ * be a writable buffer of size \c 64 Bytes.
*/
MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
unsigned char output[64] );
@@ -191,8 +210,9 @@
*
* \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0.
*
- * \param ctx The SHA-512 context.
- * \param data The buffer holding one block of data.
+ * \param ctx The SHA-512 context. This must be initialized.
+ * \param data The buffer holding one block of data. This must be
+ * a readable buffer of length \c 128 Bytes.
*/
MBEDTLS_DEPRECATED void mbedtls_sha512_process(
mbedtls_sha512_context *ctx,
@@ -211,13 +231,16 @@
* The SHA-512 result is calculated as
* output = SHA-512(input buffer).
*
- * \param input The buffer holding the input data.
- * \param ilen The length of the input data.
+ * \param input The buffer holding the input data. This must be
+ * a readable buffer of length \p ilen Bytes.
+ * \param ilen The length of the input data in Bytes.
* \param output The SHA-384 or SHA-512 checksum result.
- * \param is384 Determines which function to use:
- * 0: Use SHA-512, or 1: Use SHA-384.
+ * This must be a writable buffer of length \c 64 Bytes.
+ * \param is384 Determines which function to use. This must be either
+ * \c 0 for SHA-512, or \c 1 for SHA-384.
*
* \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_sha512_ret( const unsigned char *input,
size_t ilen,
@@ -230,6 +253,7 @@
#else
#define MBEDTLS_DEPRECATED
#endif
+
/**
* \brief This function calculates the SHA-512 or SHA-384
* checksum of a buffer.
@@ -242,11 +266,13 @@
*
* \deprecated Superseded by mbedtls_sha512_ret() in 2.7.0
*
- * \param input The buffer holding the data.
- * \param ilen The length of the input data.
- * \param output The SHA-384 or SHA-512 checksum result.
- * \param is384 Determines which function to use:
- * 0: Use SHA-512, or 1: Use SHA-384.
+ * \param input The buffer holding the data. This must be a
+ * readable buffer of length \p ilen Bytes.
+ * \param ilen The length of the input data in Bytes.
+ * \param output The SHA-384 or SHA-512 checksum result. This must
+ * be a writable buffer of length \c 64 Bytes.
+ * \param is384 Determines which function to use. This must be either
+ * \c 0 for SHA-512, or \c 1 for SHA-384.
*/
MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
size_t ilen,
@@ -255,6 +281,9 @@
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief The SHA-384 or SHA-512 checkup routine.
*
@@ -262,6 +291,7 @@
* \return \c 1 on failure.
*/
int mbedtls_sha512_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
}
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 2d511a8..5f9862b 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -65,6 +65,10 @@
#include "platform_time.h"
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
/*
* SSL Error codes
*/
@@ -121,6 +125,9 @@
#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */
#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */
#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 /**< The asynchronous operation is not completed yet. */
+#define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 /**< Internal-only message signaling that a message arrived early. */
+#define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000 /**< An encrypted DTLS-frame with an unexpected CID was received. */
+#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 /**< A cryptographic operation is in progress. Try again later. */
/*
* Various constants
@@ -154,6 +161,9 @@
#define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
#define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
+#define MBEDTLS_SSL_CID_DISABLED 0
+#define MBEDTLS_SSL_CID_ENABLED 1
+
#define MBEDTLS_SSL_ETM_DISABLED 0
#define MBEDTLS_SSL_ETM_ENABLED 1
@@ -242,6 +252,29 @@
#define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
#endif
+/*
+ * Maximum number of heap-allocated bytes for the purpose of
+ * DTLS handshake message reassembly and future message buffering.
+ */
+#if !defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING)
+#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
+#endif
+
+/*
+ * Maximum length of CIDs for incoming and outgoing messages.
+ */
+#if !defined(MBEDTLS_SSL_CID_IN_LEN_MAX)
+#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
+#endif
+
+#if !defined(MBEDTLS_SSL_CID_OUT_LEN_MAX)
+#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
+#endif
+
+#if !defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY)
+#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
+#endif
+
/* \} name SECTION: Module settings */
/*
@@ -289,6 +322,7 @@
#define MBEDTLS_SSL_MSG_ALERT 21
#define MBEDTLS_SSL_MSG_HANDSHAKE 22
#define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
+#define MBEDTLS_SSL_MSG_CID 25
#define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
#define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
@@ -358,6 +392,11 @@
#define MBEDTLS_TLS_EXT_SESSION_TICKET 35
+/* The value of the CID extension is still TBD as of
+ * draft-ietf-tls-dtls-connection-id-05
+ * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) */
+#define MBEDTLS_TLS_EXT_CID 254 /* TBD */
+
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
@@ -436,6 +475,18 @@
}
mbedtls_ssl_states;
+/*
+ * The tls_prf function types.
+ */
+typedef enum
+{
+ MBEDTLS_SSL_TLS_PRF_NONE,
+ MBEDTLS_SSL_TLS_PRF_SSL3,
+ MBEDTLS_SSL_TLS_PRF_TLS1,
+ MBEDTLS_SSL_TLS_PRF_SHA384,
+ MBEDTLS_SSL_TLS_PRF_SHA256
+}
+mbedtls_tls_prf_types;
/**
* \brief Callback type: send data on the network.
*
@@ -773,6 +824,25 @@
typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && \
+ !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+#define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48
+#if defined(MBEDTLS_SHA256_C)
+#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
+#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32
+#elif defined(MBEDTLS_SHA512_C)
+#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384
+#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 48
+#elif defined(MBEDTLS_SHA1_C)
+#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1
+#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 20
+#else
+/* This is already checked in check_config.h, but be sure. */
+#error "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT."
+#endif
+#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED &&
+ !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
/*
* This structure is used for storing current session data.
*/
@@ -788,7 +858,15 @@
unsigned char master[48]; /*!< the master secret */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+ /*! The digest of the peer's end-CRT. This must be kept to detect CRT
+ * changes during renegotiation, mitigating the triple handshake attack. */
+ unsigned char *peer_cert_digest;
+ size_t peer_cert_digest_len;
+ mbedtls_md_type_t peer_cert_digest_type;
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
uint32_t verify_result; /*!< verification result */
@@ -879,14 +957,27 @@
/** Callback to export key block and master secret */
int (*f_export_keys)( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t );
+ /** Callback to export key block, master secret,
+ * tls_prf and random bytes. Should replace f_export_keys */
+ int (*f_export_keys_ext)( void *, const unsigned char *,
+ const unsigned char *, size_t, size_t, size_t,
+ unsigned char[32], unsigned char[32], mbedtls_tls_prf_types );
void *p_export_keys; /*!< context for key export callback */
#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ size_t cid_len; /*!< The length of CIDs for incoming DTLS records. */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */
mbedtls_x509_crt *ca_chain; /*!< trusted CAs */
mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ mbedtls_x509_crt_ca_cb_t f_ca_cb;
+ void *p_ca_cb;
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -913,19 +1004,37 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
- unsigned char *psk; /*!< pre-shared key. This field should
- only be set via
- mbedtls_ssl_conf_psk() */
- size_t psk_len; /*!< length of the pre-shared key. This
- field should only be set via
- mbedtls_ssl_conf_psk() */
- unsigned char *psk_identity; /*!< identity for PSK negotiation. This
- field should only be set via
- mbedtls_ssl_conf_psk() */
- size_t psk_identity_len;/*!< length of identity. This field should
- only be set via
- mbedtls_ssl_conf_psk() */
-#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_handle_t psk_opaque; /*!< PSA key slot holding opaque PSK.
+ * This field should only be set via
+ * mbedtls_ssl_conf_psk_opaque().
+ * If either no PSK or a raw PSK have
+ * been configured, this has value \c 0. */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ unsigned char *psk; /*!< The raw pre-shared key. This field should
+ * only be set via mbedtls_ssl_conf_psk().
+ * If either no PSK or an opaque PSK
+ * have been configured, this has value NULL. */
+ size_t psk_len; /*!< The length of the raw pre-shared key.
+ * This field should only be set via
+ * mbedtls_ssl_conf_psk().
+ * Its value is non-zero if and only if
+ * \c psk is not \c NULL. */
+
+ unsigned char *psk_identity; /*!< The PSK identity for PSK negotiation.
+ * This field should only be set via
+ * mbedtls_ssl_conf_psk().
+ * This is set if and only if either
+ * \c psk or \c psk_opaque are set. */
+ size_t psk_identity_len;/*!< The length of PSK identity.
+ * This field should only be set via
+ * mbedtls_ssl_conf_psk().
+ * Its value is non-zero if and only if
+ * \c psk is not \c NULL or \c psk_opaque
+ * is not \c 0. */
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
#if defined(MBEDTLS_SSL_ALPN)
const char **alpn_list; /*!< ordered list of protocols */
@@ -1006,6 +1115,11 @@
unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in
Certificate Request messages? */
#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS
+ * record with unexpected CID
+ * should lead to failure. */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
};
@@ -1022,13 +1136,19 @@
int renego_records_seen; /*!< Records since renego request, or with DTLS,
number of retransmissions of request if
renego_max_records is < 0 */
-#endif
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
unsigned badmac_seen; /*!< records with a bad MAC received */
+#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ /** Callback to customize X.509 certificate chain verification */
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
+ void *p_vrfy; /*!< context for X.509 verify callback */
#endif
mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
@@ -1073,6 +1193,10 @@
TLS: maintained by us
DTLS: read from peer */
unsigned char *in_hdr; /*!< start of record header */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ unsigned char *in_cid; /*!< The start of the CID;
+ * (the end is marked by in_len). */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
unsigned char *in_len; /*!< two-bytes message length field */
unsigned char *in_iv; /*!< ivlen-byte IV */
unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */
@@ -1085,11 +1209,11 @@
uint16_t in_epoch; /*!< DTLS epoch for incoming records */
size_t next_record_offset; /*!< offset of the next record in datagram
(equal to in_left if none) */
-#endif
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
uint64_t in_window_top; /*!< last validated record seq_num */
uint64_t in_window; /*!< bitmask for replay detection */
-#endif
+#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
size_t in_hslen; /*!< current handshake message length,
including the handshake header */
@@ -1098,12 +1222,21 @@
int keep_current_message; /*!< drop or reuse current message
on next call to record layer? */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ uint8_t disable_datagram_packing; /*!< Disable packing multiple records
+ * within a single datagram. */
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
/*
* Record layer (outgoing data)
*/
unsigned char *out_buf; /*!< output buffer */
unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
unsigned char *out_hdr; /*!< start of record header */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ unsigned char *out_cid; /*!< The start of the CID;
+ * (the end is marked by in_len). */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
unsigned char *out_len; /*!< two-bytes message length field */
unsigned char *out_iv; /*!< ivlen-byte IV */
unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */
@@ -1112,12 +1245,18 @@
size_t out_msglen; /*!< record header: message length */
size_t out_left; /*!< amount of data not yet written */
+ unsigned char cur_out_ctr[8]; /*!< Outgoing record sequence number. */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ uint16_t mtu; /*!< path mtu, used to fragment outgoing messages */
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
#if defined(MBEDTLS_ZLIB_SUPPORT)
unsigned char *compress_buf; /*!< zlib data buffer */
-#endif
+#endif /* MBEDTLS_ZLIB_SUPPORT */
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
signed char split_done; /*!< current record already splitted? */
-#endif
+#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
/*
* PKI layer
@@ -1130,11 +1269,11 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
char *hostname; /*!< expected peer CN for verification
(and SNI if available) */
-#endif
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ALPN)
const char *alpn_chosen; /*!< negotiated protocol */
-#endif
+#endif /* MBEDTLS_SSL_ALPN */
/*
* Information for DTLS hello verify
@@ -1142,7 +1281,7 @@
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
unsigned char *cli_id; /*!< transport-level ID of the client */
size_t cli_id_len; /*!< length of cli_id */
-#endif
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
/*
* Secure renegotiation
@@ -1154,7 +1293,22 @@
size_t verify_data_len; /*!< length of verify data stored */
char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
-#endif
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* CID configuration to use in subsequent handshakes. */
+
+ /*! The next incoming CID, chosen by the user and applying to
+ * all subsequent handshakes. This may be different from the
+ * CID currently used in case the user has re-configured the CID
+ * after an initial handshake. */
+ unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
+ uint8_t own_cid_len; /*!< The length of \c own_cid. */
+ uint8_t negotiate_cid; /*!< This indicates whether the CID extension should
+ * be negotiated in the next handshake or not.
+ * Possible values are #MBEDTLS_SSL_CID_ENABLED
+ * and #MBEDTLS_SSL_CID_DISABLED. */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
};
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
@@ -1296,13 +1450,17 @@
/**
* \brief Set the verification callback (Optional).
*
- * If set, the verify callback is called for each
- * certificate in the chain. For implementation
- * information, please see \c mbedtls_x509_crt_verify()
+ * If set, the provided verify callback is called for each
+ * certificate in the peer's CRT chain, including the trusted
+ * root. For more information, please see the documentation of
+ * \c mbedtls_x509_crt_verify().
*
- * \param conf SSL configuration
- * \param f_vrfy verification function
- * \param p_vrfy verification parameter
+ * \note For per context callbacks and contexts, please use
+ * mbedtls_ssl_set_verify() instead.
+ *
+ * \param conf The SSL configuration to use.
+ * \param f_vrfy The verification callback to use during CRT verification.
+ * \param p_vrfy The opaque context to be passed to the callback.
*/
void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
@@ -1374,6 +1532,212 @@
mbedtls_ssl_recv_t *f_recv,
mbedtls_ssl_recv_timeout_t *f_recv_timeout );
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+
+
+/**
+ * \brief Configure the use of the Connection ID (CID)
+ * extension in the next handshake.
+ *
+ * Reference: draft-ietf-tls-dtls-connection-id-05
+ * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
+ *
+ * The DTLS CID extension allows the reliable association of
+ * DTLS records to DTLS connections across changes in the
+ * underlying transport (changed IP and Port metadata) by
+ * adding explicit connection identifiers (CIDs) to the
+ * headers of encrypted DTLS records. The desired CIDs are
+ * configured by the application layer and are exchanged in
+ * new `ClientHello` / `ServerHello` extensions during the
+ * handshake, where each side indicates the CID it wants the
+ * peer to use when writing encrypted messages. The CIDs are
+ * put to use once records get encrypted: the stack discards
+ * any incoming records that don't include the configured CID
+ * in their header, and adds the peer's requested CID to the
+ * headers of outgoing messages.
+ *
+ * This API enables or disables the use of the CID extension
+ * in the next handshake and sets the value of the CID to
+ * be used for incoming messages.
+ *
+ * \param ssl The SSL context to configure. This must be initialized.
+ * \param enable This value determines whether the CID extension should
+ * be used or not. Possible values are:
+ * - MBEDTLS_SSL_CID_ENABLED to enable the use of the CID.
+ * - MBEDTLS_SSL_CID_DISABLED (default) to disable the use
+ * of the CID.
+ * \param own_cid The address of the readable buffer holding the CID we want
+ * the peer to use when sending encrypted messages to us.
+ * This may be \c NULL if \p own_cid_len is \c 0.
+ * This parameter is unused if \p enabled is set to
+ * MBEDTLS_SSL_CID_DISABLED.
+ * \param own_cid_len The length of \p own_cid.
+ * This parameter is unused if \p enabled is set to
+ * MBEDTLS_SSL_CID_DISABLED.
+ *
+ * \note The value of \p own_cid_len must match the value of the
+ * \c len parameter passed to mbedtls_ssl_conf_cid()
+ * when configuring the ::mbedtls_ssl_config that \p ssl
+ * is bound to.
+ *
+ * \note This CID configuration applies to subsequent handshakes
+ * performed on the SSL context \p ssl, but does not trigger
+ * one. You still have to call `mbedtls_ssl_handshake()`
+ * (for the initial handshake) or `mbedtls_ssl_renegotiate()`
+ * (for a renegotiation handshake) explicitly after a
+ * successful call to this function to run the handshake.
+ *
+ * \note This call cannot guarantee that the use of the CID
+ * will be successfully negotiated in the next handshake,
+ * because the peer might not support it. Specifically:
+ * - On the Client, enabling the use of the CID through
+ * this call implies that the `ClientHello` in the next
+ * handshake will include the CID extension, thereby
+ * offering the use of the CID to the server. Only if
+ * the `ServerHello` contains the CID extension, too,
+ * the CID extension will actually be put to use.
+ * - On the Server, enabling the use of the CID through
+ * this call implies that that the server will look for
+ * the CID extension in a `ClientHello` from the client,
+ * and, if present, reply with a CID extension in its
+ * `ServerHello`.
+ *
+ * \note To check whether the use of the CID was negotiated
+ * after the subsequent handshake has completed, please
+ * use the API mbedtls_ssl_get_peer_cid().
+ *
+ * \warning If the use of the CID extension is enabled in this call
+ * and the subsequent handshake negotiates its use, Mbed TLS
+ * will silently drop every packet whose CID does not match
+ * the CID configured in \p own_cid. It is the responsibility
+ * of the user to adapt the underlying transport to take care
+ * of CID-based demultiplexing before handing datagrams to
+ * Mbed TLS.
+ *
+ * \return \c 0 on success. In this case, the CID configuration
+ * applies to the next handshake.
+ * \return A negative error code on failure.
+ */
+int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
+ int enable,
+ unsigned char const *own_cid,
+ size_t own_cid_len );
+
+/**
+ * \brief Get information about the use of the CID extension
+ * in the current connection.
+ *
+ * \param ssl The SSL context to query.
+ * \param enabled The address at which to store whether the CID extension
+ * is currently in use or not. If the CID is in use,
+ * `*enabled` is set to MBEDTLS_SSL_CID_ENABLED;
+ * otherwise, it is set to MBEDTLS_SSL_CID_DISABLED.
+ * \param peer_cid The address of the buffer in which to store the CID
+ * chosen by the peer (if the CID extension is used).
+ * This may be \c NULL in case the value of peer CID
+ * isn't needed. If it is not \c NULL, \p peer_cid_len
+ * must not be \c NULL.
+ * \param peer_cid_len The address at which to store the size of the CID
+ * chosen by the peer (if the CID extension is used).
+ * This is also the number of Bytes in \p peer_cid that
+ * have been written.
+ * This may be \c NULL in case the length of the peer CID
+ * isn't needed. If it is \c NULL, \p peer_cid must be
+ * \c NULL, too.
+ *
+ * \note This applies to the state of the CID negotiated in
+ * the last complete handshake. If a handshake is in
+ * progress, this function will attempt to complete
+ * the handshake first.
+ *
+ * \note If CID extensions have been exchanged but both client
+ * and server chose to use an empty CID, this function
+ * sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED
+ * (the rationale for this is that the resulting
+ * communication is the same as if the CID extensions
+ * hadn't been used).
+ *
+ * \return \c 0 on success.
+ * \return A negative error code on failure.
+ */
+int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
+ int *enabled,
+ unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],
+ size_t *peer_cid_len );
+
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+/**
+ * \brief Set the Maximum Tranport Unit (MTU).
+ * Special value: 0 means unset (no limit).
+ * This represents the maximum size of a datagram payload
+ * handled by the transport layer (usually UDP) as determined
+ * by the network link and stack. In practice, this controls
+ * the maximum size datagram the DTLS layer will pass to the
+ * \c f_send() callback set using \c mbedtls_ssl_set_bio().
+ *
+ * \note The limit on datagram size is converted to a limit on
+ * record payload by subtracting the current overhead of
+ * encapsulation and encryption/authentication if any.
+ *
+ * \note This can be called at any point during the connection, for
+ * example when a Path Maximum Transfer Unit (PMTU)
+ * estimate becomes available from other sources,
+ * such as lower (or higher) protocol layers.
+ *
+ * \note This setting only controls the size of the packets we send,
+ * and does not restrict the size of the datagrams we're
+ * willing to receive. Client-side, you can request the
+ * server to use smaller records with \c
+ * mbedtls_ssl_conf_max_frag_len().
+ *
+ * \note If both a MTU and a maximum fragment length have been
+ * configured (or negotiated with the peer), the resulting
+ * lower limit on record payload (see first note) is used.
+ *
+ * \note This can only be used to decrease the maximum size
+ * of datagrams (hence records, see first note) sent. It
+ * cannot be used to increase the maximum size of records over
+ * the limit set by #MBEDTLS_SSL_OUT_CONTENT_LEN.
+ *
+ * \note Values lower than the current record layer expansion will
+ * result in an error when trying to send data.
+ *
+ * \note Using record compression together with a non-zero MTU value
+ * will result in an error when trying to send data.
+ *
+ * \param ssl SSL context
+ * \param mtu Value of the path MTU in bytes
+ */
+void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu );
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * \brief Set a connection-specific verification callback (optional).
+ *
+ * If set, the provided verify callback is called for each
+ * certificate in the peer's CRT chain, including the trusted
+ * root. For more information, please see the documentation of
+ * \c mbedtls_x509_crt_verify().
+ *
+ * \note This call is analogous to mbedtls_ssl_conf_verify() but
+ * binds the verification callback and context to an SSL context
+ * as opposed to an SSL configuration.
+ * If mbedtls_ssl_conf_verify() and mbedtls_ssl_set_verify()
+ * are both used, mbedtls_ssl_set_verify() takes precedence.
+ *
+ * \param ssl The SSL context to use.
+ * \param f_vrfy The verification callback to use during CRT verification.
+ * \param p_vrfy The opaque context to be passed to the callback.
+ */
+void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
/**
* \brief Set the timeout period for mbedtls_ssl_read()
* (Default: no timeout.)
@@ -1470,6 +1834,41 @@
size_t maclen,
size_t keylen,
size_t ivlen );
+
+/**
+ * \brief Callback type: Export key block, master secret,
+ * handshake randbytes and the tls_prf function
+ * used to derive keys.
+ *
+ * \note This is required for certain uses of TLS, e.g. EAP-TLS
+ * (RFC 5216) and Thread. The key pointers are ephemeral and
+ * therefore must not be stored. The master secret and keys
+ * should not be used directly except as an input to a key
+ * derivation function.
+ *
+ * \param p_expkey Context for the callback.
+ * \param ms Pointer to master secret (fixed length: 48 bytes).
+ * \param kb Pointer to key block, see RFC 5246 section 6.3.
+ * (variable length: 2 * maclen + 2 * keylen + 2 * ivlen).
+ * \param maclen MAC length.
+ * \param keylen Key length.
+ * \param ivlen IV length.
+ * \param client_random The client random bytes.
+ * \param server_random The server random bytes.
+ * \param tls_prf_type The tls_prf enum type.
+ *
+ * \return 0 if successful, or
+ * a specific MBEDTLS_ERR_XXX code.
+ */
+typedef int mbedtls_ssl_export_keys_ext_t( void *p_expkey,
+ const unsigned char *ms,
+ const unsigned char *kb,
+ size_t maclen,
+ size_t keylen,
+ size_t ivlen,
+ unsigned char client_random[32],
+ unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type );
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
/**
@@ -1535,6 +1934,20 @@
void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
mbedtls_ssl_export_keys_t *f_export_keys,
void *p_export_keys );
+
+/**
+ * \brief Configure extended key export callback.
+ * (Default: none.)
+ *
+ * \note See \c mbedtls_ssl_export_keys_ext_t.
+ *
+ * \param conf SSL configuration context
+ * \param f_export_keys_ext Callback for exporting keys
+ * \param p_export_keys Context for the callback
+ */
+void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf,
+ mbedtls_ssl_export_keys_ext_t *f_export_keys_ext,
+ void *p_export_keys );
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -1757,6 +2170,38 @@
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
+
+/**
+ * \brief Allow or disallow packing of multiple handshake records
+ * within a single datagram.
+ *
+ * \param ssl The SSL context to configure.
+ * \param allow_packing This determines whether datagram packing may
+ * be used or not. A value of \c 0 means that every
+ * record will be sent in a separate datagram; a
+ * value of \c 1 means that, if space permits,
+ * multiple handshake messages (including CCS) belonging to
+ * a single flight may be packed within a single datagram.
+ *
+ * \note This is enabled by default and should only be disabled
+ * for test purposes, or if datagram packing causes
+ * interoperability issues with peers that don't support it.
+ *
+ * \note Allowing datagram packing reduces the network load since
+ * there's less overhead if multiple messages share the same
+ * datagram. Also, it increases the handshake efficiency
+ * since messages belonging to a single datagram will not
+ * be reordered in transit, and so future message buffering
+ * or flight retransmission (if no buffering is used) as
+ * means to deal with reordering are needed less frequently.
+ *
+ * \note Application records are not affected by this option and
+ * are currently always sent in separate datagrams.
+ *
+ */
+void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
+ unsigned allow_packing );
+
/**
* \brief Set retransmit timeout values for the DTLS handshake.
* (DTLS only, no effect on TLS.)
@@ -1871,6 +2316,45 @@
void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
const int *ciphersuites );
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
+#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1
+/**
+ * \brief Specify the length of Connection IDs for incoming
+ * encrypted DTLS records, as well as the behaviour
+ * on unexpected CIDs.
+ *
+ * By default, the CID length is set to \c 0,
+ * and unexpected CIDs are silently ignored.
+ *
+ * \param conf The SSL configuration to modify.
+ * \param len The length in Bytes of the CID fields in encrypted
+ * DTLS records using the CID mechanism. This must
+ * not be larger than #MBEDTLS_SSL_CID_OUT_LEN_MAX.
+ * \param ignore_other_cids This determines the stack's behaviour when
+ * receiving a record with an unexpected CID.
+ * Possible values are:
+ * - #MBEDTLS_SSL_UNEXPECTED_CID_IGNORE
+ * In this case, the record is silently ignored.
+ * - #MBEDTLS_SSL_UNEXPECTED_CID_FAIL
+ * In this case, the stack fails with the specific
+ * error code #MBEDTLS_ERR_SSL_UNEXPECTED_CID.
+ *
+ * \note The CID specification allows implementations to either
+ * use a common length for all incoming connection IDs or
+ * allow variable-length incoming IDs. Mbed TLS currently
+ * requires a common length for all connections sharing the
+ * same SSL configuration; this allows simpler parsing of
+ * record headers.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len
+ * is too large.
+ */
+int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len,
+ int ignore_other_cids );
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
/**
* \brief Set the list of allowed ciphersuites and the
* preference order for a specific version of the protocol.
@@ -1923,6 +2407,63 @@
mbedtls_x509_crt *ca_chain,
mbedtls_x509_crl *ca_crl );
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+/**
+ * \brief Set the trusted certificate callback.
+ *
+ * This API allows to register the set of trusted certificates
+ * through a callback, instead of a linked list as configured
+ * by mbedtls_ssl_conf_ca_chain().
+ *
+ * This is useful for example in contexts where a large number
+ * of CAs are used, and the inefficiency of maintaining them
+ * in a linked list cannot be tolerated. It is also useful when
+ * the set of trusted CAs needs to be modified frequently.
+ *
+ * See the documentation of `mbedtls_x509_crt_ca_cb_t` for
+ * more information.
+ *
+ * \param conf The SSL configuration to register the callback with.
+ * \param f_ca_cb The trusted certificate callback to use when verifying
+ * certificate chains.
+ * \param p_ca_cb The context to be passed to \p f_ca_cb (for example,
+ * a reference to a trusted CA database).
+ *
+ * \note This API is incompatible with mbedtls_ssl_conf_ca_chain():
+ * Any call to this function overwrites the values set through
+ * earlier calls to mbedtls_ssl_conf_ca_chain() or
+ * mbedtls_ssl_conf_ca_cb().
+ *
+ * \note This API is incompatible with CA indication in
+ * CertificateRequest messages: A server-side SSL context which
+ * is bound to an SSL configuration that uses a CA callback
+ * configured via mbedtls_ssl_conf_ca_cb(), and which requires
+ * client authentication, will send an empty CA list in the
+ * corresponding CertificateRequest message.
+ *
+ * \note This API is incompatible with mbedtls_ssl_set_hs_ca_chain():
+ * If an SSL context is bound to an SSL configuration which uses
+ * CA callbacks configured via mbedtls_ssl_conf_ca_cb(), then
+ * calls to mbedtls_ssl_set_hs_ca_chain() have no effect.
+ *
+ * \note The use of this API disables the use of restartable ECC
+ * during X.509 CRT signature verification (but doesn't affect
+ * other uses).
+ *
+ * \warning This API is incompatible with the use of CRLs. Any call to
+ * mbedtls_ssl_conf_ca_cb() unsets CRLs configured through
+ * earlier calls to mbedtls_ssl_conf_ca_chain().
+ *
+ * \warning In multi-threaded environments, the callback \p f_ca_cb
+ * must be thread-safe, and it is the user's responsibility
+ * to guarantee this (for example through a mutex
+ * contained in the callback context pointed to by \p p_ca_cb).
+ */
+void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
+ mbedtls_x509_crt_ca_cb_t f_ca_cb,
+ void *p_ca_cb );
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
/**
* \brief Set own certificate chain and private key
*
@@ -1934,7 +2475,7 @@
* provision more than one cert/key pair (eg one ECDSA, one
* RSA with SHA-256, one RSA with SHA-1). An adequate
* certificate will be selected according to the client's
- * advertised capabilities. In case mutliple certificates are
+ * advertised capabilities. In case multiple certificates are
* adequate, preference is given to the one set by the first
* call to this function, then second, etc.
*
@@ -1945,6 +2486,14 @@
* whether it matches those preferences - the server can then
* decide what it wants to do with it.
*
+ * \note The provided \p pk_key needs to match the public key in the
+ * first certificate in \p own_cert, or all handshakes using
+ * that certificate will fail. It is your responsibility
+ * to ensure that; this function will not perform any check.
+ * You may use mbedtls_pk_check_pair() in order to perform
+ * this check yourself, but be aware that this function can
+ * be computationally expensive on some key types.
+ *
* \param conf SSL configuration
* \param own_cert own public certificate chain
* \param pk_key own private key
@@ -1958,68 +2507,146 @@
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
/**
- * \brief Set the Pre Shared Key (PSK) and the expected identity name
+ * \brief Configure a pre-shared key (PSK) and identity
+ * to be used in PSK-based ciphersuites.
*
* \note This is mainly useful for clients. Servers will usually
* want to use \c mbedtls_ssl_conf_psk_cb() instead.
*
- * \note Currently clients can only register one pre-shared key.
- * In other words, the servers' identity hint is ignored.
+ * \warning Currently, clients can only register a single pre-shared key.
+ * Calling this function or mbedtls_ssl_conf_psk_opaque() more
+ * than once will overwrite values configured in previous calls.
* Support for setting multiple PSKs on clients and selecting
- * one based on the identity hint is not a planned feature but
- * feedback is welcomed.
+ * one based on the identity hint is not a planned feature,
+ * but feedback is welcomed.
*
- * \param conf SSL configuration
- * \param psk pointer to the pre-shared key
- * \param psk_len pre-shared key length
- * \param psk_identity pointer to the pre-shared key identity
- * \param psk_identity_len identity key length
+ * \param conf The SSL configuration to register the PSK with.
+ * \param psk The pointer to the pre-shared key to use.
+ * \param psk_len The length of the pre-shared key in bytes.
+ * \param psk_identity The pointer to the pre-shared key identity.
+ * \param psk_identity_len The length of the pre-shared key identity
+ * in bytes.
*
- * \return 0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ * \note The PSK and its identity are copied internally and
+ * hence need not be preserved by the caller for the lifetime
+ * of the SSL configuration.
+ *
+ * \return \c 0 if successful.
+ * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
*/
int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
const unsigned char *psk, size_t psk_len,
const unsigned char *psk_identity, size_t psk_identity_len );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/**
+ * \brief Configure an opaque pre-shared key (PSK) and identity
+ * to be used in PSK-based ciphersuites.
+ *
+ * \note This is mainly useful for clients. Servers will usually
+ * want to use \c mbedtls_ssl_conf_psk_cb() instead.
+ *
+ * \warning Currently, clients can only register a single pre-shared key.
+ * Calling this function or mbedtls_ssl_conf_psk() more than
+ * once will overwrite values configured in previous calls.
+ * Support for setting multiple PSKs on clients and selecting
+ * one based on the identity hint is not a planned feature,
+ * but feedback is welcomed.
+ *
+ * \param conf The SSL configuration to register the PSK with.
+ * \param psk The identifier of the key slot holding the PSK.
+ * Until \p conf is destroyed or this function is successfully
+ * called again, the key slot \p psk must be populated with a
+ * key of type PSA_ALG_CATEGORY_KEY_DERIVATION whose policy
+ * allows its use for the key derivation algorithm applied
+ * in the handshake.
+ * \param psk_identity The pointer to the pre-shared key identity.
+ * \param psk_identity_len The length of the pre-shared key identity
+ * in bytes.
+ *
+ * \note The PSK identity hint is copied internally and hence need
+ * not be preserved by the caller for the lifetime of the
+ * SSL configuration.
+ *
+ * \return \c 0 if successful.
+ * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
+ */
+int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
+ psa_key_handle_t psk,
+ const unsigned char *psk_identity,
+ size_t psk_identity_len );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/**
- * \brief Set the Pre Shared Key (PSK) for the current handshake
+ * \brief Set the pre-shared Key (PSK) for the current handshake.
*
* \note This should only be called inside the PSK callback,
- * ie the function passed to \c mbedtls_ssl_conf_psk_cb().
+ * i.e. the function passed to \c mbedtls_ssl_conf_psk_cb().
*
- * \param ssl SSL context
- * \param psk pointer to the pre-shared key
- * \param psk_len pre-shared key length
+ * \param ssl The SSL context to configure a PSK for.
+ * \param psk The pointer to the pre-shared key.
+ * \param psk_len The length of the pre-shared key in bytes.
*
- * \return 0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ * \return \c 0 if successful.
+ * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
*/
int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
const unsigned char *psk, size_t psk_len );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/**
+ * \brief Set an opaque pre-shared Key (PSK) for the current handshake.
+ *
+ * \note This should only be called inside the PSK callback,
+ * i.e. the function passed to \c mbedtls_ssl_conf_psk_cb().
+ *
+ * \param ssl The SSL context to configure a PSK for.
+ * \param psk The identifier of the key slot holding the PSK.
+ * For the duration of the current handshake, the key slot
+ * must be populated with a key of type
+ * PSA_ALG_CATEGORY_KEY_DERIVATION whose policy allows its
+ * use for the key derivation algorithm
+ * applied in the handshake.
+ *
+ * \return \c 0 if successful.
+ * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
+ */
+int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
+ psa_key_handle_t psk );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
/**
* \brief Set the PSK callback (server-side only).
*
* If set, the PSK callback is called for each
- * handshake where a PSK ciphersuite was negotiated.
+ * handshake where a PSK-based ciphersuite was negotiated.
* The caller provides the identity received and wants to
* receive the actual PSK data and length.
*
- * The callback has the following parameters: (void *parameter,
- * mbedtls_ssl_context *ssl, const unsigned char *psk_identity,
- * size_t identity_len)
+ * The callback has the following parameters:
+ * - \c void*: The opaque pointer \p p_psk.
+ * - \c mbedtls_ssl_context*: The SSL context to which
+ * the operation applies.
+ * - \c const unsigned char*: The PSK identity
+ * selected by the client.
+ * - \c size_t: The length of the PSK identity
+ * selected by the client.
+ *
* If a valid PSK identity is found, the callback should use
- * \c mbedtls_ssl_set_hs_psk() on the ssl context to set the
- * correct PSK and return 0.
+ * \c mbedtls_ssl_set_hs_psk() or
+ * \c mbedtls_ssl_set_hs_psk_opaque()
+ * on the SSL context to set the correct PSK and return \c 0.
* Any other return value will result in a denied PSK identity.
*
* \note If you set a PSK callback using this function, then you
* don't need to set a PSK key and identity using
* \c mbedtls_ssl_conf_psk().
*
- * \param conf SSL configuration
- * \param f_psk PSK identity function
- * \param p_psk PSK identity parameter
+ * \param conf The SSL configuration to register the callback with.
+ * \param f_psk The callback for selecting and setting the PSK based
+ * in the PSK identity chosen by the client.
+ * \param p_psk A pointer to an opaque structure to be passed to
+ * the callback, for example a PSK store.
*/
void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
@@ -2425,13 +3052,31 @@
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
/**
- * \brief Set the maximum fragment length to emit and/or negotiate
- * (Default: the smaller of MBEDTLS_SSL_IN_CONTENT_LEN and
- * MBEDTLS_SSL_OUT_CONTENT_LEN, usually 2^14 bytes)
+ * \brief Set the maximum fragment length to emit and/or negotiate.
+ * (Typical: the smaller of #MBEDTLS_SSL_IN_CONTENT_LEN and
+ * #MBEDTLS_SSL_OUT_CONTENT_LEN, usually `2^14` bytes)
* (Server: set maximum fragment length to emit,
- * usually negotiated by the client during handshake
+ * usually negotiated by the client during handshake)
* (Client: set maximum fragment length to emit *and*
* negotiate with the server during handshake)
+ * (Default: #MBEDTLS_SSL_MAX_FRAG_LEN_NONE)
+ *
+ * \note On the client side, the maximum fragment length extension
+ * *will not* be used, unless the maximum fragment length has
+ * been set via this function to a value different than
+ * #MBEDTLS_SSL_MAX_FRAG_LEN_NONE.
+ *
+ * \note With TLS, this currently only affects ApplicationData (sent
+ * with \c mbedtls_ssl_read()), not handshake messages.
+ * With DTLS, this affects both ApplicationData and handshake.
+ *
+ * \note This sets the maximum length for a record's payload,
+ * excluding record overhead that will be added to it, see
+ * \c mbedtls_ssl_get_record_expansion().
+ *
+ * \note For DTLS, it is also possible to set a limit for the total
+ * size of daragrams passed to the transport layer, including
+ * record overhead, see \c mbedtls_ssl_set_mtu().
*
* \param conf SSL configuration
* \param mfl_code Code for maximum fragment length (allowed values:
@@ -2579,7 +3224,7 @@
* (Default: 2^48 - 1)
*
* Renegotiation is automatically triggered when a record
- * counter (outgoing or ingoing) crosses the defined
+ * counter (outgoing or incoming) crosses the defined
* threshold. The default value is meant to prevent the
* connection from being closed when the counter is about to
* reached its maximal value (it is not allowed to wrap).
@@ -2663,13 +3308,14 @@
/**
* \brief Return the result of the certificate verification
*
- * \param ssl SSL context
+ * \param ssl The SSL context to use.
*
- * \return 0 if successful,
- * -1 if result is not available (eg because the handshake was
- * aborted too early), or
- * a combination of BADCERT_xxx and BADCRL_xxx flags, see
- * x509.h
+ * \return \c 0 if the certificate verification was successful.
+ * \return \c -1u if the result is not available. This may happen
+ * e.g. if the handshake aborts early, or a verification
+ * callback returned a fatal error.
+ * \return A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX
+ * and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h.
*/
uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
@@ -2695,6 +3341,9 @@
* \brief Return the (maximum) number of bytes added by the record
* layer: header + encryption/MAC overhead (inc. padding)
*
+ * \note This function is not available (always returns an error)
+ * when record compression is enabled.
+ *
* \param ssl SSL context
*
* \return Current maximum record expansion in bytes, or
@@ -2709,12 +3358,8 @@
* This is the value negotiated with peer if any,
* or the locally configured value.
*
- * \note With DTLS, \c mbedtls_ssl_write() will return an error if
- * called with a larger length value.
- * With TLS, \c mbedtls_ssl_write() will fragment the input if
- * necessary and return the number of bytes written; it is up
- * to the caller to call \c mbedtls_ssl_write() again in
- * order to send the remaining bytes if any.
+ * \sa mbedtls_ssl_conf_max_frag_len()
+ * \sa mbedtls_ssl_get_max_record_payload()
*
* \param ssl SSL context
*
@@ -2723,20 +3368,64 @@
size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
- * \brief Return the peer certificate from the current connection
+ * \brief Return the current maximum outgoing record payload in bytes.
+ * This takes into account the config.h setting \c
+ * MBEDTLS_SSL_OUT_CONTENT_LEN, the configured and negotiated
+ * max fragment length extension if used, and for DTLS the
+ * path MTU as configured and current record expansion.
*
- * Note: Can be NULL in case no certificate was sent during
- * the handshake. Different calls for the same connection can
- * return the same or different pointers for the same
- * certificate and even a different certificate altogether.
- * The peer cert CAN change in a single connection if
- * renegotiation is performed.
+ * \note With DTLS, \c mbedtls_ssl_write() will return an error if
+ * called with a larger length value.
+ * With TLS, \c mbedtls_ssl_write() will fragment the input if
+ * necessary and return the number of bytes written; it is up
+ * to the caller to call \c mbedtls_ssl_write() again in
+ * order to send the remaining bytes if any.
+ *
+ * \note This function is not available (always returns an error)
+ * when record compression is enabled.
+ *
+ * \sa mbedtls_ssl_set_mtu()
+ * \sa mbedtls_ssl_get_max_frag_len()
+ * \sa mbedtls_ssl_get_record_expansion()
*
* \param ssl SSL context
*
- * \return the current peer certificate
+ * \return Current maximum payload for an outgoing record,
+ * or a negative error code.
+ */
+int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * \brief Return the peer certificate from the current connection.
+ *
+ * \param ssl The SSL context to use. This must be initialized and setup.
+ *
+ * \return The current peer certificate, if available.
+ * The returned certificate is owned by the SSL context and
+ * is valid only until the next call to the SSL API.
+ * \return \c NULL if no peer certificate is available. This might
+ * be because the chosen ciphersuite doesn't use CRTs
+ * (PSK-based ciphersuites, for example), or because
+ * #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled,
+ * allowing the stack to free the peer's CRT to save memory.
+ *
+ * \note For one-time inspection of the peer's certificate during
+ * the handshake, consider registering an X.509 CRT verification
+ * callback through mbedtls_ssl_conf_verify() instead of calling
+ * this function. Using mbedtls_ssl_conf_verify() also comes at
+ * the benefit of allowing you to influence the verification
+ * process, for example by masking expected and tolerated
+ * verification failures.
+ *
+ * \warning You must not use the pointer returned by this function
+ * after any further call to the SSL API, including
+ * mbedtls_ssl_read() and mbedtls_ssl_write(); this is
+ * because the pointer might change during renegotiation,
+ * which happens transparently to the user.
+ * If you want to use the certificate across API calls,
+ * you must make a copy.
*/
const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@@ -2776,35 +3465,50 @@
*
* \param ssl SSL context
*
- * \return 0 if successful, or
- * MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
- * MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or
- * a specific SSL error code.
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
+ * if the handshake is incomplete and waiting for data to
+ * be available for reading from or writing to the underlying
+ * transport - in this case you must call this function again
+ * when the underlying transport is ready for the operation.
+ * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
+ * operation is in progress (see
+ * mbedtls_ssl_conf_async_private_cb()) - in this case you
+ * must call this function again when the operation is ready.
+ * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
+ * operation is in progress (see mbedtls_ecp_set_max_ops()) -
+ * in this case you must call this function again to complete
+ * the handshake when you're done attending other tasks.
+ * \return #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use
+ * and the client did not demonstrate reachability yet - in
+ * this case you must stop using the context (see below).
+ * \return Another SSL error code - in this case you must stop using
+ * the context (see below).
*
- * If this function returns MBEDTLS_ERR_SSL_WANT_READ, the
- * handshake is unfinished and no further data is available
- * from the underlying transport. In this case, you must call
- * the function again at some later stage.
+ * \warning If this function returns something other than
+ * \c 0,
+ * #MBEDTLS_ERR_SSL_WANT_READ,
+ * #MBEDTLS_ERR_SSL_WANT_WRITE,
+ * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+ * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
+ * you must stop using the SSL context for reading or writing,
+ * and either free it or call \c mbedtls_ssl_session_reset()
+ * on it before re-using it for a new connection; the current
+ * connection must be closed.
+ *
+ * \note If DTLS is in use, then you may choose to handle
+ * #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
+ * purposes, as it is an expected return value rather than an
+ * actual error, but you still need to reset/free the context.
*
* \note Remarks regarding event-driven DTLS:
- * If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram
+ * If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram
* from the underlying transport layer is currently being processed,
* and it is safe to idle until the timer or the underlying transport
* signal a new event. This is not true for a successful handshake,
* in which case the datagram of the underlying transport that is
* currently being processed might or might not contain further
* DTLS records.
- *
- * \note If this function returns something other than 0 or
- * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
- * the SSL context for reading or writing, and either free it or
- * call \c mbedtls_ssl_session_reset() on it before re-using it
- * for a new connection; the current connection must be closed.
- *
- * \note If DTLS is in use, then you may choose to handle
- * MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
- * purposes, as it is an expected return value rather than an
- * actual error, but you still need to reset/free the context.
*/
int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
@@ -2812,20 +3516,21 @@
* \brief Perform a single step of the SSL handshake
*
* \note The state of the context (ssl->state) will be at
- * the next state after execution of this function. Do not
+ * the next state after this function returns \c 0. Do not
* call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
*
- * \note If this function returns something other than 0 or
- * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
- * the SSL context for reading or writing, and either free it or
- * call \c mbedtls_ssl_session_reset() on it before re-using it
- * for a new connection; the current connection must be closed.
- *
* \param ssl SSL context
*
- * \return 0 if successful, or
- * MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
- * a specific SSL error code.
+ * \return See mbedtls_ssl_handshake().
+ *
+ * \warning If this function returns something other than \c 0,
+ * #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,
+ * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+ * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using
+ * the SSL context for reading or writing, and either free it
+ * or call \c mbedtls_ssl_session_reset() on it before
+ * re-using it for a new connection; the current connection
+ * must be closed.
*/
int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
@@ -2840,13 +3545,18 @@
* \param ssl SSL context
*
* \return 0 if successful, or any mbedtls_ssl_handshake() return
- * value.
+ * value except #MBEDTLS_ERR_SSL_CLIENT_RECONNECT that can't
+ * happen during a renegotiation.
*
- * \note If this function returns something other than 0 or
- * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
- * the SSL context for reading or writing, and either free it or
- * call \c mbedtls_ssl_session_reset() on it before re-using it
- * for a new connection; the current connection must be closed.
+ * \warning If this function returns something other than \c 0,
+ * #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,
+ * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+ * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using
+ * the SSL context for reading or writing, and either free it
+ * or call \c mbedtls_ssl_session_reset() on it before
+ * re-using it for a new connection; the current connection
+ * must be closed.
+ *
*/
int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_RENEGOTIATION */
@@ -2858,42 +3568,56 @@
* \param buf buffer that will hold the data
* \param len maximum number of bytes to read
*
- * \return One of the following:
- * - 0 if the read end of the underlying transport was closed,
- * - the (positive) number of bytes read, or
- * - a negative error code on failure.
+ * \return The (positive) number of bytes read if successful.
+ * \return \c 0 if the read end of the underlying transport was closed
+ * - in this case you must stop using the context (see below).
+ * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
+ * if the handshake is incomplete and waiting for data to
+ * be available for reading from or writing to the underlying
+ * transport - in this case you must call this function again
+ * when the underlying transport is ready for the operation.
+ * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
+ * operation is in progress (see
+ * mbedtls_ssl_conf_async_private_cb()) - in this case you
+ * must call this function again when the operation is ready.
+ * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
+ * operation is in progress (see mbedtls_ecp_set_max_ops()) -
+ * in this case you must call this function again to complete
+ * the handshake when you're done attending other tasks.
+ * \return #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server
+ * side of a DTLS connection and the client is initiating a
+ * new connection using the same source port. See below.
+ * \return Another SSL error code - in this case you must stop using
+ * the context (see below).
*
- * If MBEDTLS_ERR_SSL_WANT_READ is returned, no application data
- * is available from the underlying transport. In this case,
- * the function needs to be called again at some later stage.
+ * \warning If this function returns something other than
+ * a positive value,
+ * #MBEDTLS_ERR_SSL_WANT_READ,
+ * #MBEDTLS_ERR_SSL_WANT_WRITE,
+ * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS,
+ * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
+ * #MBEDTLS_ERR_SSL_CLIENT_RECONNECT,
+ * you must stop using the SSL context for reading or writing,
+ * and either free it or call \c mbedtls_ssl_session_reset()
+ * on it before re-using it for a new connection; the current
+ * connection must be closed.
*
- * If MBEDTLS_ERR_SSL_WANT_WRITE is returned, a write is pending
- * but the underlying transport isn't available for writing. In this
- * case, the function needs to be called again at some later stage.
- *
- * When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
+ * \note When this function returns #MBEDTLS_ERR_SSL_CLIENT_RECONNECT
* (which can only happen server-side), it means that a client
* is initiating a new connection using the same source port.
* You can either treat that as a connection close and wait
* for the client to resend a ClientHello, or directly
* continue with \c mbedtls_ssl_handshake() with the same
- * context (as it has beeen reset internally). Either way, you
- * should make sure this is seen by the application as a new
+ * context (as it has been reset internally). Either way, you
+ * must make sure this is seen by the application as a new
* connection: application state, if any, should be reset, and
* most importantly the identity of the client must be checked
* again. WARNING: not validating the identity of the client
* again, or not transmitting the new identity to the
* application layer, would allow authentication bypass!
*
- * \note If this function returns something other than a positive value
- * or MBEDTLS_ERR_SSL_WANT_READ/WRITE or MBEDTLS_ERR_SSL_CLIENT_RECONNECT,
- * you must stop using the SSL context for reading or writing,
- * and either free it or call \c mbedtls_ssl_session_reset() on it
- * before re-using it for a new connection; the current connection
- * must be closed.
- *
* \note Remarks regarding event-driven DTLS:
- * - If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram
+ * - If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram
* from the underlying transport layer is currently being processed,
* and it is safe to idle until the timer or the underlying transport
* signal a new event.
@@ -2922,21 +3646,39 @@
* \param buf buffer holding the data
* \param len how many bytes must be written
*
- * \return the number of bytes actually written (may be less than len),
- * or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ,
- * or another negative error code.
+ * \return The (non-negative) number of bytes actually written if
+ * successful (may be less than \p len).
+ * \return #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
+ * if the handshake is incomplete and waiting for data to
+ * be available for reading from or writing to the underlying
+ * transport - in this case you must call this function again
+ * when the underlying transport is ready for the operation.
+ * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
+ * operation is in progress (see
+ * mbedtls_ssl_conf_async_private_cb()) - in this case you
+ * must call this function again when the operation is ready.
+ * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
+ * operation is in progress (see mbedtls_ecp_set_max_ops()) -
+ * in this case you must call this function again to complete
+ * the handshake when you're done attending other tasks.
+ * \return Another SSL error code - in this case you must stop using
+ * the context (see below).
*
- * \note If this function returns something other than 0, a positive
- * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop
- * using the SSL context for reading or writing, and either
- * free it or call \c mbedtls_ssl_session_reset() on it before
- * re-using it for a new connection; the current connection
- * must be closed.
+ * \warning If this function returns something other than
+ * a non-negative value,
+ * #MBEDTLS_ERR_SSL_WANT_READ,
+ * #MBEDTLS_ERR_SSL_WANT_WRITE,
+ * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+ * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
+ * you must stop using the SSL context for reading or writing,
+ * and either free it or call \c mbedtls_ssl_session_reset()
+ * on it before re-using it for a new connection; the current
+ * connection must be closed.
*
- * \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
+ * \note When this function returns #MBEDTLS_ERR_SSL_WANT_WRITE/READ,
* it must be called later with the *same* arguments,
* until it returns a value greater that or equal to 0. When
- * the function returns MBEDTLS_ERR_SSL_WANT_WRITE there may be
+ * the function returns #MBEDTLS_ERR_SSL_WANT_WRITE there may be
* some partial data in the output buffer, however this is not
* yet sent.
*
@@ -3000,7 +3742,7 @@
* mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().
*
* \note You need to call mbedtls_ssl_config_defaults() unless you
- * manually set all of the relevent fields yourself.
+ * manually set all of the relevant fields yourself.
*
* \param conf SSL configuration context
*/
@@ -3049,6 +3791,27 @@
*/
void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
+/**
+ * \brief TLS-PRF function for key derivation.
+ *
+ * \param prf The tls_prf type funtion type to be used.
+ * \param secret Secret for the key derivation function.
+ * \param slen Length of the secret.
+ * \param label String label for the key derivation function,
+ * terminated with null character.
+ * \param random Random bytes.
+ * \param rlen Length of the random bytes buffer.
+ * \param dstbuf The buffer holding the derived key.
+ * \param dlen Length of the output buffer.
+ *
+ * \return 0 on sucess. An SSL specific error on failure.
+ */
+int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
+ const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen );
+
#ifdef __cplusplus
}
#endif
diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index ec081e6..84254d3 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -24,6 +24,12 @@
#ifndef MBEDTLS_SSL_CACHE_H
#define MBEDTLS_SSL_CACHE_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "ssl.h"
#if defined(MBEDTLS_THREADING_C)
@@ -64,7 +70,8 @@
mbedtls_time_t timestamp; /*!< entry timestamp */
#endif
mbedtls_ssl_session session; /*!< entry session */
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+ defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_x509_buf peer_cert; /*!< entry peer_cert */
#endif
mbedtls_ssl_cache_entry *next; /*!< chain pointer */
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index cda8b48..7126783 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -24,6 +24,12 @@
#ifndef MBEDTLS_SSL_CIPHERSUITES_H
#define MBEDTLS_SSL_CIPHERSUITES_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "pk.h"
#include "cipher.h"
#include "md.h"
@@ -480,6 +486,24 @@
}
}
+static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info )
+{
+ switch( info->key_exchange )
+ {
+ case MBEDTLS_KEY_EXCHANGE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
+ case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+ return( 1 );
+
+ default:
+ return( 0 );
+ }
+}
+
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
{
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 80b65bb..e34760a 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -24,6 +24,12 @@
#ifndef MBEDTLS_SSL_COOKIE_H
#define MBEDTLS_SSL_COOKIE_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "ssl.h"
#if defined(MBEDTLS_THREADING_C)
@@ -50,7 +56,7 @@
/**
* \brief Context for the default cookie functions.
*/
-typedef struct
+typedef struct mbedtls_ssl_cookie_ctx
{
mbedtls_md_context_t hmac_ctx; /*!< context for the HMAC portion */
#if !defined(MBEDTLS_HAVE_TIME)
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index d214703..c2bc3b7 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -24,9 +24,19 @@
#ifndef MBEDTLS_SSL_INTERNAL_H
#define MBEDTLS_SSL_INTERNAL_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#include "ssl.h"
#include "cipher.h"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#endif
+
#if defined(MBEDTLS_MD5_C)
#include "md5.h"
#endif
@@ -47,6 +57,11 @@
#include "ecjpake.h"
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#include "psa_util.h"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
@@ -93,6 +108,14 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+/* Shorthand for restartable ECC */
+#if defined(MBEDTLS_ECP_RESTARTABLE) && \
+ defined(MBEDTLS_SSL_CLI_C) && \
+ defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#define MBEDTLS_SSL__ECP_RESTARTABLE
+#endif
+
#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
@@ -123,7 +146,16 @@
#define MBEDTLS_SSL_COMPRESSION_ADD 0
#endif
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
+ ( defined(MBEDTLS_CIPHER_MODE_CBC) && \
+ ( defined(MBEDTLS_AES_C) || \
+ defined(MBEDTLS_CAMELLIA_C) || \
+ defined(MBEDTLS_ARIA_C) || \
+ defined(MBEDTLS_DES_C) ) )
+#define MBEDTLS_SSL_SOME_MODES_USE_MAC
+#endif
+
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
/* Ciphersuites using HMAC */
#if defined(MBEDTLS_SHA512_C)
#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
@@ -132,7 +164,7 @@
#else
#define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
#endif
-#else
+#else /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
#define MBEDTLS_SSL_MAC_ADD 16
#endif
@@ -143,10 +175,17 @@
#define MBEDTLS_SSL_PADDING_ADD 0
#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+#define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_PADDING_GRANULARITY
+#else
+#define MBEDTLS_SSL_MAX_CID_EXPANSION 0
+#endif
+
#define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD + \
MBEDTLS_MAX_IV_LENGTH + \
MBEDTLS_SSL_MAC_ADD + \
- MBEDTLS_SSL_PADDING_ADD \
+ MBEDTLS_SSL_PADDING_ADD + \
+ MBEDTLS_SSL_MAX_CID_EXPANSION \
)
#define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
@@ -155,6 +194,9 @@
#define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
+/* The maximum number of buffered handshake messages. */
+#define MBEDTLS_SSL_MAX_BUFFERED_HS 4
+
/* Maximum length we can advertise as our max content length for
RFC 6066 max_fragment_length extension negotiation purposes
(the lesser of both sizes, if they are unequal.)
@@ -196,11 +238,23 @@
implicit sequence number. */
#define MBEDTLS_SSL_HEADER_LEN 13
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define MBEDTLS_SSL_IN_BUFFER_LEN \
( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
+#else
+#define MBEDTLS_SSL_IN_BUFFER_LEN \
+ ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) \
+ + ( MBEDTLS_SSL_CID_IN_LEN_MAX ) )
+#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define MBEDTLS_SSL_OUT_BUFFER_LEN \
( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
+#else
+#define MBEDTLS_SSL_OUT_BUFFER_LEN \
+ ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) \
+ + ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
+#endif
#ifdef MBEDTLS_ZLIB_SUPPORT
/* Compression buffer holds both IN and OUT buffers, so should be size of the larger */
@@ -241,6 +295,10 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
+typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen );
/*
* This structure contains the parameters only needed during handshake.
*/
@@ -259,7 +317,15 @@
#endif
#if defined(MBEDTLS_ECDH_C)
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
-#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_ecc_curve_t ecdh_psa_curve;
+ psa_key_handle_t ecdh_psa_privkey;
+ unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
+ size_t ecdh_psa_peerkey_len;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_ECDH_C */
+
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */
#if defined(MBEDTLS_SSL_CLI_C)
@@ -272,9 +338,12 @@
const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_handle_t psk_opaque; /*!< Opaque PSK from the callback */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
unsigned char *psk; /*!< PSK from the callback */
size_t psk_len; /*!< Length of PSK from callback */
-#endif
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@@ -284,7 +353,23 @@
mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ int ecrs_enabled; /*!< Handshake supports EC restart? */
+ mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */
+ enum { /* this complements ssl->state with info on intra-state operations */
+ ssl_ecrs_none = 0, /*!< nothing going on (yet) */
+ ssl_ecrs_crt_verify, /*!< Certificate: crt_verify() */
+ ssl_ecrs_ske_start_processing, /*!< ServerKeyExchange: pk_verify() */
+ ssl_ecrs_cke_ecdh_calc_secret, /*!< ClientKeyExchange: ECDH step 2 */
+ ssl_ecrs_crt_vrfy_sign, /*!< CertificateVerify: pk_sign() */
+ } ecrs_state; /*!< current (or last) operation */
+ mbedtls_x509_crt *ecrs_peer_cert; /*!< The peer's CRT chain. */
+ size_t ecrs_n; /*!< place for saving a length */
+#endif
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+ !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ mbedtls_pk_context peer_pubkey; /*!< The public key from the peer. */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
unsigned int in_msg_seq; /*!< Incoming handshake sequence number */
@@ -294,18 +379,57 @@
unsigned char verify_cookie_len; /*!< Cli: cookie length
Srv: flag for sending a cookie */
- unsigned char *hs_msg; /*!< Reassembled handshake message */
-
uint32_t retransmit_timeout; /*!< Current value of timeout */
unsigned char retransmit_state; /*!< Retransmission state */
- mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
- mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
+ mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */
+ mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */
+ unsigned char *cur_msg_p; /*!< Position in current message */
unsigned int in_flight_start_seq; /*!< Minimum message sequence in the
flight being received */
mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for
resending messages */
unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
for resending messages */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* The state of CID configuration in this handshake. */
+
+ uint8_t cid_in_use; /*!< This indicates whether the use of the CID extension
+ * has been negotiated. Possible values are
+ * #MBEDTLS_SSL_CID_ENABLED and
+ * #MBEDTLS_SSL_CID_DISABLED. */
+ unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */
+ uint8_t peer_cid_len; /*!< The length of
+ * \c peer_cid. */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ struct
+ {
+ size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
+ * buffers used for message buffering. */
+
+ uint8_t seen_ccs; /*!< Indicates if a CCS message has
+ * been seen in the current flight. */
+
+ struct mbedtls_ssl_hs_buffer
+ {
+ unsigned is_valid : 1;
+ unsigned is_fragmented : 1;
+ unsigned is_complete : 1;
+ unsigned char *data;
+ size_t data_len;
+ } hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
+
+ struct
+ {
+ unsigned char *data;
+ size_t len;
+ unsigned epoch;
+ } future_record;
+
+ } buffering;
+
+ uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
@@ -318,19 +442,27 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_operation_t fin_sha256_psa;
+#else
mbedtls_sha256_context fin_sha256;
#endif
+#endif
#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_operation_t fin_sha384_psa;
+#else
mbedtls_sha512_context fin_sha512;
#endif
+#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
- int (*tls_prf)(const unsigned char *, size_t, const char *,
- const unsigned char *, size_t,
- unsigned char *, size_t);
+ mbedtls_ssl_tls_prf_cb *tls_prf;
+
+ mbedtls_ssl_ciphersuite_t const *ciphersuite_info;
size_t pmslen; /*!< premaster length */
@@ -364,26 +496,119 @@
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
};
+typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
+
/*
- * This structure contains a full set of runtime transform parameters
- * either in negotiation or active.
+ * Representation of decryption/encryption transformations on records
+ *
+ * There are the following general types of record transformations:
+ * - Stream transformations (TLS versions <= 1.2 only)
+ * Transformation adding a MAC and applying a stream-cipher
+ * to the authenticated message.
+ * - CBC block cipher transformations ([D]TLS versions <= 1.2 only)
+ * In addition to the distinction of the order of encryption and
+ * authentication, there's a fundamental difference between the
+ * handling in SSL3 & TLS 1.0 and TLS 1.1 and TLS 1.2: For SSL3
+ * and TLS 1.0, the final IV after processing a record is used
+ * as the IV for the next record. No explicit IV is contained
+ * in an encrypted record. The IV for the first record is extracted
+ * at key extraction time. In contrast, for TLS 1.1 and 1.2, no
+ * IV is generated at key extraction time, but every encrypted
+ * record is explicitly prefixed by the IV with which it was encrypted.
+ * - AEAD transformations ([D]TLS versions >= 1.2 only)
+ * These come in two fundamentally different versions, the first one
+ * used in TLS 1.2, excluding ChaChaPoly ciphersuites, and the second
+ * one used for ChaChaPoly ciphersuites in TLS 1.2 as well as for TLS 1.3.
+ * In the first transformation, the IV to be used for a record is obtained
+ * as the concatenation of an explicit, static 4-byte IV and the 8-byte
+ * record sequence number, and explicitly prepending this sequence number
+ * to the encrypted record. In contrast, in the second transformation
+ * the IV is obtained by XOR'ing a static IV obtained at key extraction
+ * time with the 8-byte record sequence number, without prepending the
+ * latter to the encrypted record.
+ *
+ * In addition to type and version, the following parameters are relevant:
+ * - The symmetric cipher algorithm to be used.
+ * - The (static) encryption/decryption keys for the cipher.
+ * - For stream/CBC, the type of message digest to be used.
+ * - For stream/CBC, (static) encryption/decryption keys for the digest.
+ * - For AEAD transformations, the size (potentially 0) of an explicit,
+ * random initialization vector placed in encrypted records.
+ * - For some transformations (currently AEAD and CBC in SSL3 and TLS 1.0)
+ * an implicit IV. It may be static (e.g. AEAD) or dynamic (e.g. CBC)
+ * and (if present) is combined with the explicit IV in a transformation-
+ * dependent way (e.g. appending in TLS 1.2 and XOR'ing in TLS 1.3).
+ * - For stream/CBC, a flag determining the order of encryption and MAC.
+ * - The details of the transformation depend on the SSL/TLS version.
+ * - The length of the authentication tag.
+ *
+ * Note: Except for CBC in SSL3 and TLS 1.0, these parameters are
+ * constant across multiple encryption/decryption operations.
+ * For CBC, the implicit IV needs to be updated after each
+ * operation.
+ *
+ * The struct below refines this abstract view as follows:
+ * - The cipher underlying the transformation is managed in
+ * cipher contexts cipher_ctx_{enc/dec}, which must have the
+ * same cipher type. The mode of these cipher contexts determines
+ * the type of the transformation in the sense above: e.g., if
+ * the type is MBEDTLS_CIPHER_AES_256_CBC resp. MBEDTLS_CIPHER_AES_192_GCM
+ * then the transformation has type CBC resp. AEAD.
+ * - The cipher keys are never stored explicitly but
+ * are maintained within cipher_ctx_{enc/dec}.
+ * - For stream/CBC transformations, the message digest contexts
+ * used for the MAC's are stored in md_ctx_{enc/dec}. These contexts
+ * are unused for AEAD transformations.
+ * - For stream/CBC transformations and versions > SSL3, the
+ * MAC keys are not stored explicitly but maintained within
+ * md_ctx_{enc/dec}.
+ * - For stream/CBC transformations and version SSL3, the MAC
+ * keys are stored explicitly in mac_enc, mac_dec and have
+ * a fixed size of 20 bytes. These fields are unused for
+ * AEAD transformations or transformations >= TLS 1.0.
+ * - For transformations using an implicit IV maintained within
+ * the transformation context, its contents are stored within
+ * iv_{enc/dec}.
+ * - The value of ivlen indicates the length of the IV.
+ * This is redundant in case of stream/CBC transformations
+ * which always use 0 resp. the cipher's block length as the
+ * IV length, but is needed for AEAD ciphers and may be
+ * different from the underlying cipher's block length
+ * in this case.
+ * - The field fixed_ivlen is nonzero for AEAD transformations only
+ * and indicates the length of the static part of the IV which is
+ * constant throughout the communication, and which is stored in
+ * the first fixed_ivlen bytes of the iv_{enc/dec} arrays.
+ * Note: For CBC in SSL3 and TLS 1.0, the fields iv_{enc/dec}
+ * still store IV's for continued use across multiple transformations,
+ * so it is not true that fixed_ivlen == 0 means that iv_{enc/dec} are
+ * not being used!
+ * - minor_ver denotes the SSL/TLS version
+ * - For stream/CBC transformations, maclen denotes the length of the
+ * authentication tag, while taglen is unused and 0.
+ * - For AEAD transformations, taglen denotes the length of the
+ * authentication tag, while maclen is unused and 0.
+ * - For CBC transformations, encrypt_then_mac determines the
+ * order of encryption and authentication. This field is unused
+ * in other transformations.
+ *
*/
struct mbedtls_ssl_transform
{
/*
* Session specific crypto layer
*/
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
- /*!< Chosen cipersuite_info */
- unsigned int keylen; /*!< symmetric key length (bytes) */
size_t minlen; /*!< min. ciphertext length */
size_t ivlen; /*!< IV length */
size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
- size_t maclen; /*!< MAC length */
+ size_t maclen; /*!< MAC(CBC) len */
+ size_t taglen; /*!< TAG(AEAD) len */
unsigned char iv_enc[16]; /*!< IV (encryption) */
unsigned char iv_dec[16]; /*!< IV (decryption) */
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
+
#if defined(MBEDTLS_SSL_PROTO_SSL3)
/* Needed only for SSL v3.0 secret */
unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
@@ -393,8 +618,22 @@
mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ int encrypt_then_mac; /*!< flag for EtM activation */
+#endif
+
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
+
mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
+ int minor_ver;
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ uint8_t in_cid_len;
+ uint8_t out_cid_len;
+ unsigned char in_cid [ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
+ unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/*
* Session specific compression layer
@@ -405,6 +644,49 @@
#endif
};
+/*
+ * Internal representation of record frames
+ *
+ * Instances come in two flavors:
+ * (1) Encrypted
+ * These always have data_offset = 0
+ * (2) Unencrypted
+ * These have data_offset set to the amount of
+ * pre-expansion during record protection. Concretely,
+ * this is the length of the fixed part of the explicit IV
+ * used for encryption, or 0 if no explicit IV is used
+ * (e.g. for CBC in TLS 1.0, or stream ciphers).
+ *
+ * The reason for the data_offset in the unencrypted case
+ * is to allow for in-place conversion of an unencrypted to
+ * an encrypted record. If the offset wasn't included, the
+ * encrypted content would need to be shifted afterwards to
+ * make space for the fixed IV.
+ *
+ */
+#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
+#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_OUT_LEN_MAX
+#else
+#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX
+#endif
+
+typedef struct
+{
+ uint8_t ctr[8]; /* Record sequence number */
+ uint8_t type; /* Record type */
+ uint8_t ver[2]; /* SSL/TLS version */
+
+ unsigned char *buf; /* Memory buffer enclosing the record content */
+ size_t buf_len; /* Buffer length */
+ size_t data_offset; /* Offset of record content */
+ size_t data_len; /* Length of record content */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ uint8_t cid_len; /* Length of the CID (0 if not present) */
+ unsigned char cid[ MBEDTLS_SSL_CID_LEN_MAX ]; /* The CID */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+} mbedtls_record;
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/*
* List of certificate + private key pairs
@@ -478,7 +760,6 @@
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl );
int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
@@ -490,7 +771,10 @@
* of the logic of (D)TLS from the implementation
* of the secure transport.
*
- * \param ssl SSL context to use
+ * \param ssl The SSL context to use.
+ * \param update_hs_digest This indicates if the handshake digest
+ * should be automatically updated in case
+ * a handshake message is found.
*
* \return 0 or non-zero error code.
*
@@ -556,10 +840,12 @@
* following the above definition.
*
*/
-int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
+ unsigned update_hs_digest );
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
@@ -642,15 +928,14 @@
void mbedtls_ssl_read_version( int *major, int *minor, int transport,
const unsigned char ver[2] );
-static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl )
{
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- return( 13 );
-#else
- ((void) ssl);
-#endif
- return( 5 );
+ return( (size_t) ( ssl->in_iv - ssl->in_hdr ) );
+}
+
+static inline size_t mbedtls_ssl_out_hdr_len( const mbedtls_ssl_context *ssl )
+{
+ return( (size_t) ( ssl->out_iv - ssl->out_hdr ) );
}
static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
@@ -668,6 +953,7 @@
void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
#endif
/* Visible for testing purposes only */
@@ -676,6 +962,9 @@
void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
#endif
+int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
+ const mbedtls_ssl_session *src );
+
/* constant-time buffer comparison */
static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
{
@@ -706,6 +995,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
+/* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
unsigned char *hash, size_t *hashlen,
unsigned char *data, size_t data_len,
@@ -717,4 +1007,14 @@
}
#endif
+void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform );
+int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform,
+ mbedtls_record *rec,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform,
+ mbedtls_record *rec );
+
#endif /* ssl_internal.h */
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 93ad46a..774a007 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -24,6 +24,12 @@
#ifndef MBEDTLS_SSL_TICKET_H
#define MBEDTLS_SSL_TICKET_H
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
/*
* This implementation of the session ticket callbacks includes key
* management, rotating the keys periodically in order to preserve forward
@@ -44,7 +50,7 @@
/**
* \brief Information for session ticket protection
*/
-typedef struct
+typedef struct mbedtls_ssl_ticket_key
{
unsigned char name[4]; /*!< random key identifier */
uint32_t generation_time; /*!< key generation timestamp (seconds) */
@@ -55,7 +61,7 @@
/**
* \brief Context for session ticket handling functions
*/
-typedef struct
+typedef struct mbedtls_ssl_ticket_context
{
mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */
unsigned char active; /*!< index of the currently active key */
@@ -111,14 +117,14 @@
/**
* \brief Implementation of the ticket write callback
*
- * \note See \c mbedlts_ssl_ticket_write_t for description
+ * \note See \c mbedtls_ssl_ticket_write_t for description
*/
mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;
/**
* \brief Implementation of the ticket parse callback
*
- * \note See \c mbedlts_ssl_ticket_parse_t for description
+ * \note See \c mbedtls_ssl_ticket_parse_t for description
*/
mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index c25daa5..92e6e6b 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -36,13 +36,16 @@
extern "C" {
#endif
+/* MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE is deprecated and should not be
+ * used. */
#define MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE -0x001A /**< The selected feature is not available. */
+
#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C /**< Bad input parameters to function. */
#define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E /**< Locking / unlocking / free failed with error code. */
#if defined(MBEDTLS_THREADING_PTHREAD)
#include <pthread.h>
-typedef struct
+typedef struct mbedtls_threading_mutex_t
{
pthread_mutex_t mutex;
char is_valid;
@@ -99,6 +102,17 @@
#if defined(MBEDTLS_FS_IO)
extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
#endif
+
+#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
+/* This mutex may or may not be used in the default definition of
+ * mbedtls_platform_gmtime_r(), but in order to determine that,
+ * we need to check POSIX features, hence modify _POSIX_C_SOURCE.
+ * With the current approach, this declaration is orphaned, lacking
+ * an accompanying definition, in case mbedtls_platform_gmtime_r()
+ * doesn't need it, but that's not a problem. */
+extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
+#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
+
#endif /* MBEDTLS_THREADING_C */
#ifdef __cplusplus
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
index bbcb906..a965fe0 100644
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@@ -51,7 +51,7 @@
/**
* \brief Context for mbedtls_timing_set/get_delay()
*/
-typedef struct
+typedef struct mbedtls_timing_delay_context
{
struct mbedtls_timing_hr_time timer;
uint32_t int_ms;
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index eaf25d9..79b42b2 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -39,7 +39,7 @@
* Major, Minor, Patchlevel
*/
#define MBEDTLS_VERSION_MAJOR 2
-#define MBEDTLS_VERSION_MINOR 12
+#define MBEDTLS_VERSION_MINOR 17
#define MBEDTLS_VERSION_PATCH 0
/**
@@ -47,9 +47,9 @@
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x020C0000
-#define MBEDTLS_VERSION_STRING "2.12.0"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.12.0"
+#define MBEDTLS_VERSION_NUMBER 0x02110000
+#define MBEDTLS_VERSION_STRING "2.17.0"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.17.0"
#if defined(MBEDTLS_VERSION_C)
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index d6db9c6..054ff2e 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -77,7 +77,7 @@
#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 /**< Allocation of memory failed. */
#define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 /**< Destination buffer is too small. */
-#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 /**< A fatal error occured, eg the chain is too long or the vrfy callback failed. */
+#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 /**< A fatal error occurred, eg the chain is too long or the vrfy callback failed. */
/* \} name */
/**
@@ -110,6 +110,28 @@
/* \} addtogroup x509_module */
/*
+ * X.509 v3 Subject Alternative Name types.
+ * otherName [0] OtherName,
+ * rfc822Name [1] IA5String,
+ * dNSName [2] IA5String,
+ * x400Address [3] ORAddress,
+ * directoryName [4] Name,
+ * ediPartyName [5] EDIPartyName,
+ * uniformResourceIdentifier [6] IA5String,
+ * iPAddress [7] OCTET STRING,
+ * registeredID [8] OBJECT IDENTIFIER
+ */
+#define MBEDTLS_X509_SAN_OTHER_NAME 0
+#define MBEDTLS_X509_SAN_RFC822_NAME 1
+#define MBEDTLS_X509_SAN_DNS_NAME 2
+#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME 3
+#define MBEDTLS_X509_SAN_DIRECTORY_NAME 4
+#define MBEDTLS_X509_SAN_EDI_PARTY_NAME 5
+#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6
+#define MBEDTLS_X509_SAN_IP_ADDRESS 7
+#define MBEDTLS_X509_SAN_REGISTERED_ID 8
+
+/*
* X.509 v3 Key Usage Extension flags
* Reminder: update x509_info_key_usage() when adding new flags.
*/
@@ -142,24 +164,26 @@
*
* Comments refer to the status for using certificates. Status can be
* different for writing certificates or reading CRLs or CSRs.
+ *
+ * Those are defined in oid.h as oid.c needs them in a data structure. Since
+ * these were previously defined here, let's have aliases for compatibility.
*/
-#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
-#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
-#define MBEDTLS_X509_EXT_KEY_USAGE (1 << 2)
-#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES (1 << 3)
-#define MBEDTLS_X509_EXT_POLICY_MAPPINGS (1 << 4)
-#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME (1 << 5) /* Supported (DNS) */
-#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME (1 << 6)
-#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
-#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS (1 << 8) /* Supported */
-#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS (1 << 9)
-#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS (1 << 10)
-#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE (1 << 11)
-#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
-#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
-#define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14)
-
-#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16)
+#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER
+#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER
+#define MBEDTLS_X509_EXT_KEY_USAGE MBEDTLS_OID_X509_EXT_KEY_USAGE
+#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
+#define MBEDTLS_X509_EXT_POLICY_MAPPINGS MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS
+#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */
+#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME
+#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS
+#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */
+#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS
+#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS
+#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
+#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS
+#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY
+#define MBEDTLS_X509_EXT_FRESHEST_CRL MBEDTLS_OID_X509_EXT_FRESHEST_CRL
+#define MBEDTLS_X509_EXT_NS_CERT_TYPE MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
/*
* Storage format identifiers
@@ -250,7 +274,7 @@
*
* \param to mbedtls_x509_time to check
*
- * \return 1 if the given time is in the past or an error occured,
+ * \return 1 if the given time is in the past or an error occurred,
* 0 otherwise.
*/
int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
@@ -264,11 +288,13 @@
*
* \param from mbedtls_x509_time to check
*
- * \return 1 if the given time is in the future or an error occured,
+ * \return 1 if the given time is in the future or an error occurred,
* 0 otherwise.
*/
int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief Checkup routine
*
@@ -276,6 +302,8 @@
*/
int mbedtls_x509_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
/*
* Internal module functions. You probably do not want to use these unless you
* know you do.
diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index 08a4283..fa838d6 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -111,7 +111,7 @@
/**
* \brief Parse one or more CRLs and append them to the chained list
*
- * \note Mutliple CRLs are accepted only if using PEM format
+ * \note Multiple CRLs are accepted only if using PEM format
*
* \param chain points to the start of the chain
* \param buf buffer holding the CRL data in PEM or DER format
@@ -126,7 +126,7 @@
/**
* \brief Load one or more CRLs and append them to the chained list
*
- * \note Mutliple CRLs are accepted only if using PEM format
+ * \note Multiple CRLs are accepted only if using PEM format
*
* \param chain points to the start of the chain
* \param path filename to read the CRLs from (in PEM or DER encoding)
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index ac23cff..6983d60 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -32,6 +32,7 @@
#include "x509.h"
#include "x509_crl.h"
+#include "bignum.h"
/**
* \addtogroup x509_module
@@ -52,6 +53,8 @@
*/
typedef struct mbedtls_x509_crt
{
+ int own_buffer; /**< Indicates if \c raw is owned
+ * by the structure or not. */
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
@@ -68,12 +71,15 @@
mbedtls_x509_time valid_from; /**< Start time of certificate validity. */
mbedtls_x509_time valid_to; /**< End time of certificate validity. */
+ mbedtls_x509_buf pk_raw;
mbedtls_pk_context pk; /**< Container for the public key context. */
mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
- mbedtls_x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName supported). */
+ mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
+
+ mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
int ext_types; /**< Bit string containing detected and parsed extensions */
int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
@@ -95,17 +101,64 @@
mbedtls_x509_crt;
/**
+ * From RFC 5280 section 4.2.1.6:
+ * OtherName ::= SEQUENCE {
+ * type-id OBJECT IDENTIFIER,
+ * value [0] EXPLICIT ANY DEFINED BY type-id }
+ */
+typedef struct mbedtls_x509_san_other_name
+{
+ /**
+ * The type_id is an OID as deifned in RFC 5280.
+ * To check the value of the type id, you should use
+ * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
+ */
+ mbedtls_x509_buf type_id; /**< The type id. */
+ union
+ {
+ /**
+ * From RFC 4108 section 5:
+ * HardwareModuleName ::= SEQUENCE {
+ * hwType OBJECT IDENTIFIER,
+ * hwSerialNum OCTET STRING }
+ */
+ struct
+ {
+ mbedtls_x509_buf oid; /**< The object identifier. */
+ mbedtls_x509_buf val; /**< The named value. */
+ }
+ hardware_module_name;
+ }
+ value;
+}
+mbedtls_x509_san_other_name;
+
+/**
+ * A structure for holding the parsed Subject Alternative Name, according to type
+ */
+typedef struct mbedtls_x509_subject_alternative_name
+{
+ int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
+ union {
+ mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
+ mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */
+ }
+ san; /**< A union of the supported SAN types */
+}
+mbedtls_x509_subject_alternative_name;
+
+/**
* Build flag from an algorithm/curve identifier (pk, md, ecp)
* Since 0 is always XXX_NONE, ignore it.
*/
-#define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( id - 1 ) )
+#define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( (id) - 1 ) )
/**
* Security profile for certificate verification.
*
* All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
*/
-typedef struct
+typedef struct mbedtls_x509_crt_profile
{
uint32_t allowed_mds; /**< MDs for signatures */
uint32_t allowed_pks; /**< PK algs for signatures */
@@ -143,6 +196,71 @@
}
mbedtls_x509write_cert;
+/**
+ * Item in a verification chain: cert and flags for it
+ */
+typedef struct {
+ mbedtls_x509_crt *crt;
+ uint32_t flags;
+} mbedtls_x509_crt_verify_chain_item;
+
+/**
+ * Max size of verification chain: end-entity + intermediates + trusted root
+ */
+#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
+
+/**
+ * Verification chain as built by \c mbedtls_crt_verify_chain()
+ */
+typedef struct
+{
+ mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
+ unsigned len;
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ /* This stores the list of potential trusted signers obtained from
+ * the CA callback used for the CRT verification, if configured.
+ * We must track it somewhere because the callback passes its
+ * ownership to the caller. */
+ mbedtls_x509_crt *trust_ca_cb_result;
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+} mbedtls_x509_crt_verify_chain;
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+
+/**
+ * \brief Context for resuming X.509 verify operations
+ */
+typedef struct
+{
+ /* for check_signature() */
+ mbedtls_pk_restart_ctx pk;
+
+ /* for find_parent_in() */
+ mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */
+ mbedtls_x509_crt *fallback_parent;
+ int fallback_signature_is_good;
+
+ /* for find_parent() */
+ int parent_is_trusted; /* -1 if find_parent is not in progress */
+
+ /* for verify_chain() */
+ enum {
+ x509_crt_rs_none,
+ x509_crt_rs_find_parent,
+ } in_progress; /* none if no operation is in progress */
+ int self_cnt;
+ mbedtls_x509_crt_verify_chain ver_chain;
+
+} mbedtls_x509_crt_restart_ctx;
+
+#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
+
+/* Now we can declare functions that take a pointer to that */
+typedef void mbedtls_x509_crt_restart_ctx;
+
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* Default security profile. Should provide a good balance between security
@@ -163,31 +281,88 @@
/**
* \brief Parse a single DER formatted certificate and add it
- * to the chained list.
+ * to the end of the provided chained list.
*
- * \param chain points to the start of the chain
- * \param buf buffer holding the certificate DER data
- * \param buflen size of the buffer
+ * \param chain The pointer to the start of the CRT chain to attach to.
+ * When parsing the first CRT in a chain, this should point
+ * to an instance of ::mbedtls_x509_crt initialized through
+ * mbedtls_x509_crt_init().
+ * \param buf The buffer holding the DER encoded certificate.
+ * \param buflen The size in Bytes of \p buf.
*
- * \return 0 if successful, or a specific X509 or PEM error code
+ * \note This function makes an internal copy of the CRT buffer
+ * \p buf. In particular, \p buf may be destroyed or reused
+ * after this call returns. To avoid duplicating the CRT
+ * buffer (at the cost of stricter lifetime constraints),
+ * use mbedtls_x509_crt_parse_der_nocopy() instead.
+ *
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
-int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
- size_t buflen );
+int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen );
/**
- * \brief Parse one or more certificates and add them
- * to the chained list. Parses permissively. If some
- * certificates can be parsed, the result is the number
- * of failed certificates it encountered. If none complete
- * correctly, the first error is returned.
+ * \brief Parse a single DER formatted certificate and add it
+ * to the end of the provided chained list. This is a
+ * variant of mbedtls_x509_crt_parse_der() which takes
+ * temporary ownership of the CRT buffer until the CRT
+ * is destroyed.
*
- * \param chain points to the start of the chain
- * \param buf buffer holding the certificate data in PEM or DER format
- * \param buflen size of the buffer
- * (including the terminating null byte for PEM data)
+ * \param chain The pointer to the start of the CRT chain to attach to.
+ * When parsing the first CRT in a chain, this should point
+ * to an instance of ::mbedtls_x509_crt initialized through
+ * mbedtls_x509_crt_init().
+ * \param buf The address of the readable buffer holding the DER encoded
+ * certificate to use. On success, this buffer must be
+ * retained and not be changed for the liftetime of the
+ * CRT chain \p chain, that is, until \p chain is destroyed
+ * through a call to mbedtls_x509_crt_free().
+ * \param buflen The size in Bytes of \p buf.
*
- * \return 0 if all certificates parsed successfully, a positive number
- * if partly successful or a specific X509 or PEM error code
+ * \note This call is functionally equivalent to
+ * mbedtls_x509_crt_parse_der(), but it avoids creating a
+ * copy of the input buffer at the cost of stronger lifetime
+ * constraints. This is useful in constrained environments
+ * where duplication of the CRT cannot be tolerated.
+ *
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
+ */
+int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen );
+
+/**
+ * \brief Parse one DER-encoded or one or more concatenated PEM-encoded
+ * certificates and add them to the chained list.
+ *
+ * For CRTs in PEM encoding, the function parses permissively:
+ * if at least one certificate can be parsed, the function
+ * returns the number of certificates for which parsing failed
+ * (hence \c 0 if all certificates were parsed successfully).
+ * If no certificate could be parsed, the function returns
+ * the first (negative) error encountered during parsing.
+ *
+ * PEM encoded certificates may be interleaved by other data
+ * such as human readable descriptions of their content, as
+ * long as the certificates are enclosed in the PEM specific
+ * '-----{BEGIN/END} CERTIFICATE-----' delimiters.
+ *
+ * \param chain The chain to which to add the parsed certificates.
+ * \param buf The buffer holding the certificate data in PEM or DER format.
+ * For certificates in PEM encoding, this may be a concatenation
+ * of multiple certificates; for DER encoding, the buffer must
+ * comprise exactly one certificate.
+ * \param buflen The size of \p buf, including the terminating \c NULL byte
+ * in case of PEM encoded data.
+ *
+ * \return \c 0 if all certificates were parsed successfully.
+ * \return The (positive) number of certificates that couldn't
+ * be parsed if parsing was partly successful (see above).
+ * \return A negative X509 or PEM error code otherwise.
+ *
*/
int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
@@ -221,8 +396,37 @@
* if partly successful or a specific X509 or PEM error code
*/
int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
-#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_FS_IO */
+/**
+ * \brief This function parses an item in the SubjectAlternativeNames
+ * extension.
+ *
+ * \param san_buf The buffer holding the raw data item of the subject
+ * alternative name.
+ * \param san The target structure to populate with the parsed presentation
+ * of the subject alternative name encoded in \p san_raw.
+ *
+ * \note Only "dnsName" and "otherName" of type hardware_module_name
+ * as defined in RFC 4180 is supported.
+ *
+ * \note This function should be called on a single raw data of
+ * subject alternative name. For example, after successful
+ * certificate parsing, one must iterate on every item in the
+ * \p crt->subject_alt_names sequence, and pass it to
+ * this function.
+ *
+ * \warning The target structure contains pointers to the raw data of the
+ * parsed certificate, and its lifetime is restricted by the
+ * lifetime of the certificate.
+ *
+ * \return \c 0 on success
+ * \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported
+ * SAN type.
+ * \return Another negative value for any other failure.
+ */
+int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
+ mbedtls_x509_subject_alternative_name *san );
/**
* \brief Returns an informational string about the
* certificate.
@@ -254,7 +458,7 @@
uint32_t flags );
/**
- * \brief Verify the certificate signature
+ * \brief Verify a chain of certificates.
*
* The verify callback is a user-supplied callback that
* can clear / modify / add flags for a certificate. If set,
@@ -294,22 +498,27 @@
* specific peers you know) - in that case, the self-signed
* certificate doesn't need to have the CA bit set.
*
- * \param crt a certificate (chain) to be verified
- * \param trust_ca the list of trusted CAs (see note above)
- * \param ca_crl the list of CRLs for trusted CAs (see note above)
- * \param cn expected Common Name (can be set to
- * NULL if the CN must not be verified)
- * \param flags result of the verification
- * \param f_vrfy verification function
- * \param p_vrfy verification parameter
+ * \param crt The certificate chain to be verified.
+ * \param trust_ca The list of trusted CAs.
+ * \param ca_crl The list of CRLs for trusted CAs.
+ * \param cn The expected Common Name. This may be \c NULL if the
+ * CN need not be verified.
+ * \param flags The address at which to store the result of the verification.
+ * If the verification couldn't be completed, the flag value is
+ * set to (uint32_t) -1.
+ * \param f_vrfy The verification callback to use. See the documentation
+ * of mbedtls_x509_crt_verify() for more information.
+ * \param p_vrfy The context to be passed to \p f_vrfy.
*
- * \return 0 (and flags set to 0) if the chain was verified and valid,
- * MBEDTLS_ERR_X509_CERT_VERIFY_FAILED if the chain was verified
- * but found to be invalid, in which case *flags will have one
- * or more MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX
- * flags set, or another error (and flags set to 0xffffffff)
- * in case of a fatal error encountered during the
- * verification process.
+ * \return \c 0 if the chain is valid with respect to the
+ * passed CN, CAs, CRLs and security profile.
+ * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
+ * certificate chain verification failed. In this case,
+ * \c *flags will have one or more
+ * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
+ * flags set.
+ * \return Another negative error code in case of a fatal error
+ * encountered during the verification process.
*/
int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
@@ -319,7 +528,8 @@
void *p_vrfy );
/**
- * \brief Verify the certificate signature according to profile
+ * \brief Verify a chain of certificates with respect to
+ * a configurable security profile.
*
* \note Same as \c mbedtls_x509_crt_verify(), but with explicit
* security profile.
@@ -328,22 +538,28 @@
* for ECDSA) apply to all certificates: trusted root,
* intermediate CAs if any, and end entity certificate.
*
- * \param crt a certificate (chain) to be verified
- * \param trust_ca the list of trusted CAs
- * \param ca_crl the list of CRLs for trusted CAs
- * \param profile security profile for verification
- * \param cn expected Common Name (can be set to
- * NULL if the CN must not be verified)
- * \param flags result of the verification
- * \param f_vrfy verification function
- * \param p_vrfy verification parameter
+ * \param crt The certificate chain to be verified.
+ * \param trust_ca The list of trusted CAs.
+ * \param ca_crl The list of CRLs for trusted CAs.
+ * \param profile The security profile to use for the verification.
+ * \param cn The expected Common Name. This may be \c NULL if the
+ * CN need not be verified.
+ * \param flags The address at which to store the result of the verification.
+ * If the verification couldn't be completed, the flag value is
+ * set to (uint32_t) -1.
+ * \param f_vrfy The verification callback to use. See the documentation
+ * of mbedtls_x509_crt_verify() for more information.
+ * \param p_vrfy The context to be passed to \p f_vrfy.
*
- * \return 0 if successful or MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
- * in which case *flags will have one or more
- * MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags
- * set,
- * or another error in case of a fatal error encountered
- * during the verification process.
+ * \return \c 0 if the chain is valid with respect to the
+ * passed CN, CAs, CRLs and security profile.
+ * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
+ * certificate chain verification failed. In this case,
+ * \c *flags will have one or more
+ * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
+ * flags set.
+ * \return Another negative error code in case of a fatal error
+ * encountered during the verification process.
*/
int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
@@ -353,6 +569,108 @@
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );
+/**
+ * \brief Restartable version of \c mbedtls_crt_verify_with_profile()
+ *
+ * \note Performs the same job as \c mbedtls_crt_verify_with_profile()
+ * but can return early and restart according to the limit
+ * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+ *
+ * \param crt The certificate chain to be verified.
+ * \param trust_ca The list of trusted CAs.
+ * \param ca_crl The list of CRLs for trusted CAs.
+ * \param profile The security profile to use for the verification.
+ * \param cn The expected Common Name. This may be \c NULL if the
+ * CN need not be verified.
+ * \param flags The address at which to store the result of the verification.
+ * If the verification couldn't be completed, the flag value is
+ * set to (uint32_t) -1.
+ * \param f_vrfy The verification callback to use. See the documentation
+ * of mbedtls_x509_crt_verify() for more information.
+ * \param p_vrfy The context to be passed to \p f_vrfy.
+ * \param rs_ctx The restart context to use. This may be set to \c NULL
+ * to disable restartable ECC.
+ *
+ * \return See \c mbedtls_crt_verify_with_profile(), or
+ * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * operations was reached: see \c mbedtls_ecp_set_max_ops().
+ */
+int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crl *ca_crl,
+ const mbedtls_x509_crt_profile *profile,
+ const char *cn, uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy,
+ mbedtls_x509_crt_restart_ctx *rs_ctx );
+
+/**
+ * \brief The type of trusted certificate callbacks.
+ *
+ * Callbacks of this type are passed to and used by the CRT
+ * verification routine mbedtls_x509_crt_verify_with_ca_cb()
+ * when looking for trusted signers of a given certificate.
+ *
+ * On success, the callback returns a list of trusted
+ * certificates to be considered as potential signers
+ * for the input certificate.
+ *
+ * \param p_ctx An opaque context passed to the callback.
+ * \param child The certificate for which to search a potential signer.
+ * This will point to a readable certificate.
+ * \param candidate_cas The address at which to store the address of the first
+ * entry in the generated linked list of candidate signers.
+ * This will not be \c NULL.
+ *
+ * \note The callback must only return a non-zero value on a
+ * fatal error. If, in contrast, the search for a potential
+ * signer completes without a single candidate, the
+ * callback must return \c 0 and set \c *candidate_cas
+ * to \c NULL.
+ *
+ * \return \c 0 on success. In this case, \c *candidate_cas points
+ * to a heap-allocated linked list of instances of
+ * ::mbedtls_x509_crt, and ownership of this list is passed
+ * to the caller.
+ * \return A negative error code on failure.
+ */
+typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx,
+ mbedtls_x509_crt const *child,
+ mbedtls_x509_crt **candidate_cas );
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+/**
+ * \brief Version of \c mbedtls_x509_crt_verify_with_profile() which
+ * uses a callback to acquire the list of trusted CA
+ * certificates.
+ *
+ * \param crt The certificate chain to be verified.
+ * \param f_ca_cb The callback to be used to query for potential signers
+ * of a given child certificate. See the documentation of
+ * ::mbedtls_x509_crt_ca_cb_t for more information.
+ * \param p_ca_cb The opaque context to be passed to \p f_ca_cb.
+ * \param profile The security profile for the verification.
+ * \param cn The expected Common Name. This may be \c NULL if the
+ * CN need not be verified.
+ * \param flags The address at which to store the result of the verification.
+ * If the verification couldn't be completed, the flag value is
+ * set to (uint32_t) -1.
+ * \param f_vrfy The verification callback to use. See the documentation
+ * of mbedtls_x509_crt_verify() for more information.
+ * \param p_vrfy The context to be passed to \p f_vrfy.
+ *
+ * \return See \c mbedtls_crt_verify_with_profile().
+ */
+int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt,
+ mbedtls_x509_crt_ca_cb_t f_ca_cb,
+ void *p_ca_cb,
+ const mbedtls_x509_crt_profile *profile,
+ const char *cn, uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy );
+
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
/**
* \brief Check usage of certificate against keyUsage extension.
@@ -424,6 +742,18 @@
* \param crt Certificate chain to free
*/
void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+/**
+ * \brief Initialize a restart context
+ */
+void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx );
+
+/**
+ * \brief Free the components of a restart context
+ */
+void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/* \} name */
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 0c6ccad..a3c2804 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -205,6 +205,14 @@
* \param key_usage key usage flags to set
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ *
+ * \note The <code>decipherOnly</code> flag from the Key Usage
+ * extension is represented by bit 8 (i.e.
+ * <code>0x8000</code>), which cannot typically be represented
+ * in an unsigned char. Therefore, the flag
+ * <code>decipherOnly</code> (i.e.
+ * #MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this
+ * function.
*/
int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage );
diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h
index 8df708a..b47f553 100644
--- a/include/mbedtls/xtea.h
+++ b/include/mbedtls/xtea.h
@@ -37,6 +37,8 @@
#define MBEDTLS_XTEA_DECRYPT 0
#define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */
+
+/* MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED -0x0029 /**< XTEA hardware accelerator failed. */
#ifdef __cplusplus
@@ -50,7 +52,7 @@
/**
* \brief XTEA context structure
*/
-typedef struct
+typedef struct mbedtls_xtea_context
{
uint32_t k[4]; /*!< key */
}
@@ -119,6 +121,8 @@
unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief Checkup routine
*
@@ -126,6 +130,8 @@
*/
int mbedtls_xtea_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
#ifdef __cplusplus
}
#endif
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 5115b96..7f0819e 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -98,6 +98,12 @@
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code")
endif(CMAKE_COMPILER_IS_CLANG)
+if(UNSAFE_BUILD)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error")
+ set(CMAKE_C_FLAGS_ASAN "${CMAKE_C_FLAGS_ASAN} -Wno-error")
+ set(CMAKE_C_FLAGS_ASANDBG "${CMAKE_C_FLAGS_ASANDBG} -Wno-error")
+endif(UNSAFE_BUILD)
+
if(WIN32)
set(libs ${libs} ws2_32)
endif(WIN32)
@@ -140,42 +146,52 @@
endif()
if(USE_STATIC_MBEDTLS_LIBRARY)
- add_library(${mbedcrypto_static_target} STATIC ${src_crypto})
- set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
- target_link_libraries(${mbedcrypto_static_target} ${libs})
add_library(${mbedx509_static_target} STATIC ${src_x509})
set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509)
target_link_libraries(${mbedx509_static_target} ${libs} ${mbedcrypto_static_target})
+ target_include_directories(${mbedx509_static_target}
+ PUBLIC ${MBEDTLS_DIR}/include/
+ PUBLIC ${MBEDTLS_DIR}/crypto/include/)
add_library(${mbedtls_static_target} STATIC ${src_tls})
set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls)
target_link_libraries(${mbedtls_static_target} ${libs} ${mbedx509_static_target})
+ target_include_directories(${mbedtls_static_target}
+ PUBLIC ${MBEDTLS_DIR}/include/
+ PUBLIC ${MBEDTLS_DIR}/crypto/include/
+ )
- install(TARGETS ${mbedtls_static_target} ${mbedx509_static_target} ${mbedcrypto_static_target}
+
+ install(TARGETS ${mbedtls_static_target} ${mbedx509_static_target}
DESTINATION ${LIB_INSTALL_DIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+
endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY)
- add_library(mbedcrypto SHARED ${src_crypto})
- set_target_properties(mbedcrypto PROPERTIES VERSION 2.12.0 SOVERSION 3)
- target_link_libraries(mbedcrypto ${libs})
add_library(mbedx509 SHARED ${src_x509})
- set_target_properties(mbedx509 PROPERTIES VERSION 2.12.0 SOVERSION 0)
+ set_target_properties(mbedx509 PROPERTIES VERSION 2.17.0 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
+ target_include_directories(mbedx509
+ PUBLIC ${MBEDTLS_DIR}/include/
+ PUBLIC ${MBEDTLS_DIR}/crypto/include/)
add_library(mbedtls SHARED ${src_tls})
- set_target_properties(mbedtls PROPERTIES VERSION 2.12.0 SOVERSION 11)
+ set_target_properties(mbedtls PROPERTIES VERSION 2.17.0 SOVERSION 12)
target_link_libraries(mbedtls ${libs} mbedx509)
+ target_include_directories(mbedtls
+ PUBLIC ${MBEDTLS_DIR}/include/
+ PUBLIC ${MBEDTLS_DIR}/crypto/include/)
- install(TARGETS mbedtls mbedx509 mbedcrypto
- DESTINATION ${LIB_INSTALL_DIR}
- PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ install(TARGETS mbedtls mbedx509
+ DESTINATION ${LIB_INSTALL_DIR}
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+
endif(USE_SHARED_MBEDTLS_LIBRARY)
-add_custom_target(lib DEPENDS mbedcrypto mbedx509 mbedtls)
+add_custom_target(lib DEPENDS mbedx509 mbedtls)
if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
- add_dependencies(lib mbedcrypto_static mbedx509_static mbedtls_static)
+ add_dependencies(lib mbedx509_static mbedtls_static)
endif()
diff --git a/library/Makefile b/library/Makefile
index ac88d4c..8b2e572 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -2,7 +2,7 @@
# Also see "include/mbedtls/config.h"
CFLAGS ?= -O2
-WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement
+WARNING_CFLAGS ?= -Wall -Wextra
LDFLAGS ?=
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
@@ -35,11 +35,11 @@
endif
endif
-SOEXT_TLS=so.11
+SOEXT_TLS=so.12
SOEXT_X509=so.0
SOEXT_CRYPTO=so.3
-# Set AR_DASH= (empty string) to use an ar implentation that does not accept
+# Set AR_DASH= (empty string) to use an ar implementation that does not accept
# the - prefix for command line options (e.g. llvm-ar)
AR_DASH ?= -
@@ -63,28 +63,12 @@
endif
endif
-OBJS_CRYPTO= aes.o aesni.o arc4.o \
- aria.o asn1parse.o asn1write.o \
- base64.o bignum.o blowfish.o \
- camellia.o ccm.o chacha20.o \
- chachapoly.o cipher.o cipher_wrap.o \
- cmac.o ctr_drbg.o des.o \
- dhm.o ecdh.o ecdsa.o \
- ecjpake.o ecp.o \
- ecp_curves.o entropy.o entropy_poll.o \
- error.o gcm.o havege.o \
- hkdf.o \
- hmac_drbg.o md.o md2.o \
- md4.o md5.o md_wrap.o \
- memory_buffer_alloc.o nist_kw.o \
- oid.o padlock.o pem.o \
- pk.o pk_wrap.o pkcs12.o \
- pkcs5.o pkparse.o pkwrite.o \
- platform.o platform_util.o poly1305.o \
- ripemd160.o rsa_internal.o rsa.o \
- sha1.o sha256.o sha512.o \
- threading.o timing.o version.o \
- version_features.o xtea.o
+
+
+# Look in crypto for libmbedcrypto.
+LOCAL_LDFLAGS += -L../crypto/library
+LOCAL_CFLAGS += -I../crypto/include
+CRYPTO := ../crypto/library/
OBJS_X509= certs.o pkcs11.o x509.o \
x509_create.o x509_crl.o x509_crt.o \
@@ -148,7 +132,7 @@
endif
endif
-libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so
+libmbedx509.$(SOEXT_X509): $(OBJS_X509) $(CRYPTO)libmbedcrypto.so
echo " LD $@"
$(CC) -shared -Wl,-soname,$@ -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509)
@@ -164,32 +148,8 @@
echo " LD $@"
$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_X509) -lws2_32 -lwinmm -lgdi32 -L. -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
-# crypto
-libmbedcrypto.a: $(OBJS_CRYPTO)
- echo " AR $@"
- $(AR) $(ARFLAGS) $@ $(OBJS_CRYPTO)
-ifdef APPLE_BUILD
-ifneq ($(APPLE_BUILD),0)
- echo " RL $@"
- $(RL) $(RLFLAGS) $@
-endif
-endif
-
-libmbedcrypto.$(SOEXT_CRYPTO): $(OBJS_CRYPTO)
- echo " LD $@"
- $(CC) -shared -Wl,-soname,$@ $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_CRYPTO)
-
-libmbedcrypto.so: libmbedcrypto.$(SOEXT_CRYPTO)
- echo " LN $@ -> $<"
- ln -sf $< $@
-
-libmbedcrypto.dylib: $(OBJS_CRYPTO)
- echo " LD $@"
- $(CC) -dynamiclib $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_CRYPTO)
-
-libmbedcrypto.dll: $(OBJS_CRYPTO)
- echo " LD $@"
- $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_CRYPTO) -lws2_32 -lwinmm -lgdi32 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
+libmbedcrypto.%:
+ $(MAKE) CRYPTO_INCLUDES:="-I../../include -I../include" -C ../crypto/library $@
.c.o:
echo " CC $<"
diff --git a/library/aes.c b/library/aes.c
index 5c939bb..aff0a99 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -36,6 +36,7 @@
#include <string.h>
#include "mbedtls/aes.h"
+#include "mbedtls/platform.h"
#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_PADLOCK_C)
#include "mbedtls/padlock.h"
@@ -55,6 +56,12 @@
#if !defined(MBEDTLS_AES_ALT)
+/* Parameter validation macros based on platform_util.h */
+#define AES_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA )
+#define AES_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
/*
* 32-bit integer manipulation macros (little endian)
*/
@@ -388,9 +395,9 @@
/*
* Tables generation code
*/
-#define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 )
-#define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) )
-#define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 )
+#define ROTL8(x) ( ( (x) << 8 ) & 0xFFFFFFFF ) | ( (x) >> 24 )
+#define XTIME(x) ( ( (x) << 1 ) ^ ( ( (x) & 0x80 ) ? 0x1B : 0x00 ) )
+#define MUL(x,y) ( ( (x) && (y) ) ? pow[(log[(x)]+log[(y)]) % 255] : 0 )
static int aes_init_done = 0;
@@ -510,6 +517,8 @@
void mbedtls_aes_init( mbedtls_aes_context *ctx )
{
+ AES_VALIDATE( ctx != NULL );
+
memset( ctx, 0, sizeof( mbedtls_aes_context ) );
}
@@ -524,12 +533,17 @@
#if defined(MBEDTLS_CIPHER_MODE_XTS)
void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx )
{
+ AES_VALIDATE( ctx != NULL );
+
mbedtls_aes_init( &ctx->crypt );
mbedtls_aes_init( &ctx->tweak );
}
void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx )
{
+ if( ctx == NULL )
+ return;
+
mbedtls_aes_free( &ctx->crypt );
mbedtls_aes_free( &ctx->tweak );
}
@@ -545,14 +559,8 @@
unsigned int i;
uint32_t *RK;
-#if !defined(MBEDTLS_AES_ROM_TABLES)
- if( aes_init_done == 0 )
- {
- aes_gen_tables();
- aes_init_done = 1;
-
- }
-#endif
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( key != NULL );
switch( keybits )
{
@@ -562,6 +570,14 @@
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
}
+#if !defined(MBEDTLS_AES_ROM_TABLES)
+ if( aes_init_done == 0 )
+ {
+ aes_gen_tables();
+ aes_init_done = 1;
+ }
+#endif
+
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
if( aes_padlock_ace == -1 )
aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
@@ -661,6 +677,9 @@
uint32_t *RK;
uint32_t *SK;
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( key != NULL );
+
mbedtls_aes_init( &cty );
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
@@ -751,6 +770,9 @@
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( key != NULL );
+
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
&key2, &key2bits );
if( ret != 0 )
@@ -773,6 +795,9 @@
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( key != NULL );
+
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
&key2, &key2bits );
if( ret != 0 )
@@ -790,51 +815,53 @@
#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
-#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
-{ \
- X0 = *RK++ ^ AES_FT0( ( Y0 ) & 0xFF ) ^ \
- AES_FT1( ( Y1 >> 8 ) & 0xFF ) ^ \
- AES_FT2( ( Y2 >> 16 ) & 0xFF ) ^ \
- AES_FT3( ( Y3 >> 24 ) & 0xFF ); \
- \
- X1 = *RK++ ^ AES_FT0( ( Y1 ) & 0xFF ) ^ \
- AES_FT1( ( Y2 >> 8 ) & 0xFF ) ^ \
- AES_FT2( ( Y3 >> 16 ) & 0xFF ) ^ \
- AES_FT3( ( Y0 >> 24 ) & 0xFF ); \
- \
- X2 = *RK++ ^ AES_FT0( ( Y2 ) & 0xFF ) ^ \
- AES_FT1( ( Y3 >> 8 ) & 0xFF ) ^ \
- AES_FT2( ( Y0 >> 16 ) & 0xFF ) ^ \
- AES_FT3( ( Y1 >> 24 ) & 0xFF ); \
- \
- X3 = *RK++ ^ AES_FT0( ( Y3 ) & 0xFF ) ^ \
- AES_FT1( ( Y0 >> 8 ) & 0xFF ) ^ \
- AES_FT2( ( Y1 >> 16 ) & 0xFF ) ^ \
- AES_FT3( ( Y2 >> 24 ) & 0xFF ); \
-}
+#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
+ do \
+ { \
+ (X0) = *RK++ ^ AES_FT0( ( (Y0) ) & 0xFF ) ^ \
+ AES_FT1( ( (Y1) >> 8 ) & 0xFF ) ^ \
+ AES_FT2( ( (Y2) >> 16 ) & 0xFF ) ^ \
+ AES_FT3( ( (Y3) >> 24 ) & 0xFF ); \
+ \
+ (X1) = *RK++ ^ AES_FT0( ( (Y1) ) & 0xFF ) ^ \
+ AES_FT1( ( (Y2) >> 8 ) & 0xFF ) ^ \
+ AES_FT2( ( (Y3) >> 16 ) & 0xFF ) ^ \
+ AES_FT3( ( (Y0) >> 24 ) & 0xFF ); \
+ \
+ (X2) = *RK++ ^ AES_FT0( ( (Y2) ) & 0xFF ) ^ \
+ AES_FT1( ( (Y3) >> 8 ) & 0xFF ) ^ \
+ AES_FT2( ( (Y0) >> 16 ) & 0xFF ) ^ \
+ AES_FT3( ( (Y1) >> 24 ) & 0xFF ); \
+ \
+ (X3) = *RK++ ^ AES_FT0( ( (Y3) ) & 0xFF ) ^ \
+ AES_FT1( ( (Y0) >> 8 ) & 0xFF ) ^ \
+ AES_FT2( ( (Y1) >> 16 ) & 0xFF ) ^ \
+ AES_FT3( ( (Y2) >> 24 ) & 0xFF ); \
+ } while( 0 )
-#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
-{ \
- X0 = *RK++ ^ AES_RT0( ( Y0 ) & 0xFF ) ^ \
- AES_RT1( ( Y3 >> 8 ) & 0xFF ) ^ \
- AES_RT2( ( Y2 >> 16 ) & 0xFF ) ^ \
- AES_RT3( ( Y1 >> 24 ) & 0xFF ); \
- \
- X1 = *RK++ ^ AES_RT0( ( Y1 ) & 0xFF ) ^ \
- AES_RT1( ( Y0 >> 8 ) & 0xFF ) ^ \
- AES_RT2( ( Y3 >> 16 ) & 0xFF ) ^ \
- AES_RT3( ( Y2 >> 24 ) & 0xFF ); \
- \
- X2 = *RK++ ^ AES_RT0( ( Y2 ) & 0xFF ) ^ \
- AES_RT1( ( Y1 >> 8 ) & 0xFF ) ^ \
- AES_RT2( ( Y0 >> 16 ) & 0xFF ) ^ \
- AES_RT3( ( Y3 >> 24 ) & 0xFF ); \
- \
- X3 = *RK++ ^ AES_RT0( ( Y3 ) & 0xFF ) ^ \
- AES_RT1( ( Y2 >> 8 ) & 0xFF ) ^ \
- AES_RT2( ( Y1 >> 16 ) & 0xFF ) ^ \
- AES_RT3( ( Y0 >> 24 ) & 0xFF ); \
-}
+#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
+ do \
+ { \
+ (X0) = *RK++ ^ AES_RT0( ( (Y0) ) & 0xFF ) ^ \
+ AES_RT1( ( (Y3) >> 8 ) & 0xFF ) ^ \
+ AES_RT2( ( (Y2) >> 16 ) & 0xFF ) ^ \
+ AES_RT3( ( (Y1) >> 24 ) & 0xFF ); \
+ \
+ (X1) = *RK++ ^ AES_RT0( ( (Y1) ) & 0xFF ) ^ \
+ AES_RT1( ( (Y0) >> 8 ) & 0xFF ) ^ \
+ AES_RT2( ( (Y3) >> 16 ) & 0xFF ) ^ \
+ AES_RT3( ( (Y2) >> 24 ) & 0xFF ); \
+ \
+ (X2) = *RK++ ^ AES_RT0( ( (Y2) ) & 0xFF ) ^ \
+ AES_RT1( ( (Y1) >> 8 ) & 0xFF ) ^ \
+ AES_RT2( ( (Y0) >> 16 ) & 0xFF ) ^ \
+ AES_RT3( ( (Y3) >> 24 ) & 0xFF ); \
+ \
+ (X3) = *RK++ ^ AES_RT0( ( (Y3) ) & 0xFF ) ^ \
+ AES_RT1( ( (Y2) >> 8 ) & 0xFF ) ^ \
+ AES_RT2( ( (Y1) >> 16 ) & 0xFF ) ^ \
+ AES_RT3( ( (Y0) >> 24 ) & 0xFF ); \
+ } while( 0 )
/*
* AES-ECB block encryption
@@ -976,10 +1003,16 @@
* AES-ECB block encryption/decryption
*/
int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] )
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16] )
{
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( input != NULL );
+ AES_VALIDATE_RET( output != NULL );
+ AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
+ mode == MBEDTLS_AES_DECRYPT );
+
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) );
@@ -1017,6 +1050,13 @@
int i;
unsigned char temp[16];
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
+ mode == MBEDTLS_AES_DECRYPT );
+ AES_VALIDATE_RET( iv != NULL );
+ AES_VALIDATE_RET( input != NULL );
+ AES_VALIDATE_RET( output != NULL );
+
if( length % 16 )
return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
@@ -1142,11 +1182,18 @@
unsigned char prev_tweak[16];
unsigned char tmp[16];
- /* Sectors must be at least 16 bytes. */
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
+ mode == MBEDTLS_AES_DECRYPT );
+ AES_VALIDATE_RET( data_unit != NULL );
+ AES_VALIDATE_RET( input != NULL );
+ AES_VALIDATE_RET( output != NULL );
+
+ /* Data units must be at least 16 bytes long. */
if( length < 16 )
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
- /* NIST SP 80-38E disallows data units larger than 2**20 blocks. */
+ /* NIST SP 800-38E disallows data units larger than 2**20 blocks. */
if( length > ( 1 << 20 ) * 16 )
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
@@ -1241,7 +1288,20 @@
unsigned char *output )
{
int c;
- size_t n = *iv_off;
+ size_t n;
+
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
+ mode == MBEDTLS_AES_DECRYPT );
+ AES_VALIDATE_RET( iv_off != NULL );
+ AES_VALIDATE_RET( iv != NULL );
+ AES_VALIDATE_RET( input != NULL );
+ AES_VALIDATE_RET( output != NULL );
+
+ n = *iv_off;
+
+ if( n > 15 )
+ return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
if( mode == MBEDTLS_AES_DECRYPT )
{
@@ -1279,15 +1339,21 @@
* AES-CFB8 buffer encryption/decryption
*/
int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output )
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output )
{
unsigned char c;
unsigned char ov[17];
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
+ mode == MBEDTLS_AES_DECRYPT );
+ AES_VALIDATE_RET( iv != NULL );
+ AES_VALIDATE_RET( input != NULL );
+ AES_VALIDATE_RET( output != NULL );
while( length-- )
{
memcpy( ov, iv, 16 );
@@ -1320,7 +1386,18 @@
unsigned char *output )
{
int ret = 0;
- size_t n = *iv_off;
+ size_t n;
+
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( iv_off != NULL );
+ AES_VALIDATE_RET( iv != NULL );
+ AES_VALIDATE_RET( input != NULL );
+ AES_VALIDATE_RET( output != NULL );
+
+ n = *iv_off;
+
+ if( n > 15 )
+ return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
while( length-- )
{
@@ -1355,7 +1432,16 @@
unsigned char *output )
{
int c, i;
- size_t n = *nc_off;
+ size_t n;
+
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( nc_off != NULL );
+ AES_VALIDATE_RET( nonce_counter != NULL );
+ AES_VALIDATE_RET( stream_block != NULL );
+ AES_VALIDATE_RET( input != NULL );
+ AES_VALIDATE_RET( output != NULL );
+
+ n = *nc_off;
if ( n > 0x0F )
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
@@ -1757,7 +1843,7 @@
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
*/
- if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
+ if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
{
mbedtls_printf( "skipped\n" );
continue;
@@ -1821,7 +1907,7 @@
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
*/
- if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
+ if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
{
mbedtls_printf( "skipped\n" );
continue;
@@ -1886,7 +1972,7 @@
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
*/
- if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
+ if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
{
mbedtls_printf( "skipped\n" );
continue;
@@ -1949,7 +2035,7 @@
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
*/
- if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
+ if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
{
mbedtls_printf( "skipped\n" );
continue;
diff --git a/library/aria.c b/library/aria.c
index e9bcd6d..aff66d6 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -55,6 +55,12 @@
#define inline __inline
#endif
+/* Parameter validation macros */
+#define ARIA_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA )
+#define ARIA_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
/*
* 32-bit integer manipulation macros (little endian)
*/
@@ -449,9 +455,11 @@
int i;
uint32_t w[4][4], *w2;
+ ARIA_VALIDATE_RET( ctx != NULL );
+ ARIA_VALIDATE_RET( key != NULL );
if( keybits != 128 && keybits != 192 && keybits != 256 )
- return( MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH );
+ return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
/* Copy key to W0 (and potential remainder to W1) */
GET_UINT32_LE( w[0][0], key, 0 );
@@ -503,6 +511,8 @@
const unsigned char *key, unsigned int keybits )
{
int i, j, k, ret;
+ ARIA_VALIDATE_RET( ctx != NULL );
+ ARIA_VALIDATE_RET( key != NULL );
ret = mbedtls_aria_setkey_enc( ctx, key, keybits );
if( ret != 0 )
@@ -539,6 +549,9 @@
int i;
uint32_t a, b, c, d;
+ ARIA_VALIDATE_RET( ctx != NULL );
+ ARIA_VALIDATE_RET( input != NULL );
+ ARIA_VALIDATE_RET( output != NULL );
GET_UINT32_LE( a, input, 0 );
GET_UINT32_LE( b, input, 4 );
@@ -586,6 +599,7 @@
/* Initialize context */
void mbedtls_aria_init( mbedtls_aria_context *ctx )
{
+ ARIA_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_aria_context ) );
}
@@ -612,6 +626,13 @@
int i;
unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE];
+ ARIA_VALIDATE_RET( ctx != NULL );
+ ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT ||
+ mode == MBEDTLS_ARIA_DECRYPT );
+ ARIA_VALIDATE_RET( length == 0 || input != NULL );
+ ARIA_VALIDATE_RET( length == 0 || output != NULL );
+ ARIA_VALIDATE_RET( iv != NULL );
+
if( length % MBEDTLS_ARIA_BLOCKSIZE )
return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH );
@@ -665,7 +686,23 @@
unsigned char *output )
{
unsigned char c;
- size_t n = *iv_off;
+ size_t n;
+
+ ARIA_VALIDATE_RET( ctx != NULL );
+ ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT ||
+ mode == MBEDTLS_ARIA_DECRYPT );
+ ARIA_VALIDATE_RET( length == 0 || input != NULL );
+ ARIA_VALIDATE_RET( length == 0 || output != NULL );
+ ARIA_VALIDATE_RET( iv != NULL );
+ ARIA_VALIDATE_RET( iv_off != NULL );
+
+ n = *iv_off;
+
+ /* An overly large value of n can lead to an unlimited
+ * buffer overflow. Therefore, guard against this
+ * outside of parameter validation. */
+ if( n >= MBEDTLS_ARIA_BLOCKSIZE )
+ return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
if( mode == MBEDTLS_ARIA_DECRYPT )
{
@@ -713,7 +750,21 @@
unsigned char *output )
{
int c, i;
- size_t n = *nc_off;
+ size_t n;
+
+ ARIA_VALIDATE_RET( ctx != NULL );
+ ARIA_VALIDATE_RET( length == 0 || input != NULL );
+ ARIA_VALIDATE_RET( length == 0 || output != NULL );
+ ARIA_VALIDATE_RET( nonce_counter != NULL );
+ ARIA_VALIDATE_RET( stream_block != NULL );
+ ARIA_VALIDATE_RET( nc_off != NULL );
+
+ n = *nc_off;
+ /* An overly large value of n can lead to an unlimited
+ * buffer overflow. Therefore, guard against this
+ * outside of parameter validation. */
+ if( n >= MBEDTLS_ARIA_BLOCKSIZE )
+ return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
while( length-- )
{
@@ -875,11 +926,11 @@
#define ARIA_SELF_TEST_IF_FAIL \
{ \
if( verbose ) \
- printf( "failed\n" ); \
+ mbedtls_printf( "failed\n" ); \
return( 1 ); \
} else { \
if( verbose ) \
- printf( "passed\n" ); \
+ mbedtls_printf( "passed\n" ); \
}
/*
@@ -908,7 +959,7 @@
{
/* test ECB encryption */
if( verbose )
- printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i );
+ mbedtls_printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i );
mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i );
mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_pt, blk );
if( memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE ) != 0 )
@@ -916,14 +967,14 @@
/* test ECB decryption */
if( verbose )
- printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i );
+ mbedtls_printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i );
mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i );
mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_ct[i], blk );
if( memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE ) != 0 )
ARIA_SELF_TEST_IF_FAIL;
}
if( verbose )
- printf( "\n" );
+ mbedtls_printf( "\n" );
/*
* Test set 2
@@ -933,7 +984,7 @@
{
/* Test CBC encryption */
if( verbose )
- printf( " ARIA-CBC-%d (enc): ", 128 + 64 * i );
+ mbedtls_printf( " ARIA-CBC-%d (enc): ", 128 + 64 * i );
mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
memset( buf, 0x55, sizeof( buf ) );
@@ -944,7 +995,7 @@
/* Test CBC decryption */
if( verbose )
- printf( " ARIA-CBC-%d (dec): ", 128 + 64 * i );
+ mbedtls_printf( " ARIA-CBC-%d (dec): ", 128 + 64 * i );
mbedtls_aria_setkey_dec( &ctx, aria_test2_key, 128 + 64 * i );
memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
memset( buf, 0xAA, sizeof( buf ) );
@@ -954,7 +1005,7 @@
ARIA_SELF_TEST_IF_FAIL;
}
if( verbose )
- printf( "\n" );
+ mbedtls_printf( "\n" );
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -963,7 +1014,7 @@
{
/* Test CFB encryption */
if( verbose )
- printf( " ARIA-CFB-%d (enc): ", 128 + 64 * i );
+ mbedtls_printf( " ARIA-CFB-%d (enc): ", 128 + 64 * i );
mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
memset( buf, 0x55, sizeof( buf ) );
@@ -975,7 +1026,7 @@
/* Test CFB decryption */
if( verbose )
- printf( " ARIA-CFB-%d (dec): ", 128 + 64 * i );
+ mbedtls_printf( " ARIA-CFB-%d (dec): ", 128 + 64 * i );
mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
memset( buf, 0xAA, sizeof( buf ) );
@@ -986,7 +1037,7 @@
ARIA_SELF_TEST_IF_FAIL;
}
if( verbose )
- printf( "\n" );
+ mbedtls_printf( "\n" );
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
@@ -994,7 +1045,7 @@
{
/* Test CTR encryption */
if( verbose )
- printf( " ARIA-CTR-%d (enc): ", 128 + 64 * i );
+ mbedtls_printf( " ARIA-CTR-%d (enc): ", 128 + 64 * i );
mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE ); // IV = 0
memset( buf, 0x55, sizeof( buf ) );
@@ -1006,7 +1057,7 @@
/* Test CTR decryption */
if( verbose )
- printf( " ARIA-CTR-%d (dec): ", 128 + 64 * i );
+ mbedtls_printf( " ARIA-CTR-%d (dec): ", 128 + 64 * i );
mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE ); // IV = 0
memset( buf, 0xAA, sizeof( buf ) );
@@ -1017,7 +1068,7 @@
ARIA_SELF_TEST_IF_FAIL;
}
if( verbose )
- printf( "\n" );
+ mbedtls_printf( "\n" );
#endif /* MBEDTLS_CIPHER_MODE_CTR */
return( 0 );
diff --git a/library/asn1write.c b/library/asn1write.c
index 72acdf3..b54e26b 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -257,56 +257,108 @@
return( (int) len );
}
-int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start,
- const char *text, size_t text_len )
+int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, int tag,
+ const char *text, size_t text_len )
{
int ret;
size_t len = 0;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
- (const unsigned char *) text, text_len ) );
+ (const unsigned char *) text, text_len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_PRINTABLE_STRING ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, tag ) );
return( (int) len );
}
+int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start,
+ const char *text, size_t text_len )
+{
+ return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len) );
+}
+
+int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start,
+ const char *text, size_t text_len )
+{
+ return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text, text_len) );
+}
+
int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
const char *text, size_t text_len )
{
- int ret;
- size_t len = 0;
+ return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len) );
+}
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
- (const unsigned char *) text, text_len ) );
+int mbedtls_asn1_write_named_bitstring( unsigned char **p,
+ unsigned char *start,
+ const unsigned char *buf,
+ size_t bits )
+{
+ size_t unused_bits, byte_len;
+ const unsigned char *cur_byte;
+ unsigned char cur_byte_shifted;
+ unsigned char bit;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_IA5_STRING ) );
+ byte_len = ( bits + 7 ) / 8;
+ unused_bits = ( byte_len * 8 ) - bits;
- return( (int) len );
+ /*
+ * Named bitstrings require that trailing 0s are excluded in the encoding
+ * of the bitstring. Trailing 0s are considered part of the 'unused' bits
+ * when encoding this value in the first content octet
+ */
+ if( bits != 0 )
+ {
+ cur_byte = buf + byte_len - 1;
+ cur_byte_shifted = *cur_byte >> unused_bits;
+
+ for( ; ; )
+ {
+ bit = cur_byte_shifted & 0x1;
+ cur_byte_shifted >>= 1;
+
+ if( bit != 0 )
+ break;
+
+ bits--;
+ if( bits == 0 )
+ break;
+
+ if( bits % 8 == 0 )
+ cur_byte_shifted = *--cur_byte;
+ }
+ }
+
+ return( mbedtls_asn1_write_bitstring( p, start, buf, bits ) );
}
int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
const unsigned char *buf, size_t bits )
{
int ret;
- size_t len = 0, size;
+ size_t len = 0;
+ size_t unused_bits, byte_len;
- size = ( bits / 8 ) + ( ( bits % 8 ) ? 1 : 0 );
+ byte_len = ( bits + 7 ) / 8;
+ unused_bits = ( byte_len * 8 ) - bits;
- // Calculate byte length
- //
- if( *p < start || (size_t)( *p - start ) < size + 1 )
+ if( *p < start || (size_t)( *p - start ) < byte_len + 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
- len = size + 1;
- (*p) -= size;
- memcpy( *p, buf, size );
+ len = byte_len + 1;
- // Write unused bits
- //
- *--(*p) = (unsigned char) (size * 8 - bits);
+ /* Write the bitstring. Ensure the unused bits are zeroed */
+ if( byte_len > 0 )
+ {
+ byte_len--;
+ *--( *p ) = buf[byte_len] & ~( ( 0x1 << unused_bits ) - 1 );
+ ( *p ) -= byte_len;
+ memcpy( *p, buf, byte_len );
+ }
+
+ /* Write unused bits */
+ *--( *p ) = (unsigned char)unused_bits;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) );
@@ -328,14 +380,36 @@
return( (int) len );
}
-mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **head,
+
+/* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(),
+ * which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */
+static mbedtls_asn1_named_data *asn1_find_named_data(
+ mbedtls_asn1_named_data *list,
+ const char *oid, size_t len )
+{
+ while( list != NULL )
+ {
+ if( list->oid.len == len &&
+ memcmp( list->oid.p, oid, len ) == 0 )
+ {
+ break;
+ }
+
+ list = list->next;
+ }
+
+ return( list );
+}
+
+mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
+ mbedtls_asn1_named_data **head,
const char *oid, size_t oid_len,
const unsigned char *val,
size_t val_len )
{
mbedtls_asn1_named_data *cur;
- if( ( cur = mbedtls_asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
+ if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
{
// Add new entry if not present yet based on OID
//
diff --git a/library/bignum.c b/library/bignum.c
index 423e375..98ee12a 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -59,6 +59,11 @@
#define mbedtls_free free
#endif
+#define MPI_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA )
+#define MPI_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
#define biL (ciL << 3) /* bits in limb */
#define biH (ciL << 2) /* half limb size */
@@ -83,8 +88,7 @@
*/
void mbedtls_mpi_init( mbedtls_mpi *X )
{
- if( X == NULL )
- return;
+ MPI_VALIDATE( X != NULL );
X->s = 1;
X->n = 0;
@@ -116,6 +120,7 @@
int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs )
{
mbedtls_mpi_uint *p;
+ MPI_VALIDATE_RET( X != NULL );
if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
@@ -147,6 +152,10 @@
{
mbedtls_mpi_uint *p;
size_t i;
+ MPI_VALIDATE_RET( X != NULL );
+
+ if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
+ return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
/* Actually resize up in this case */
if( X->n <= nblimbs )
@@ -183,6 +192,8 @@
{
int ret = 0;
size_t i;
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( Y != NULL );
if( X == Y )
return( 0 );
@@ -222,6 +233,8 @@
void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
{
mbedtls_mpi T;
+ MPI_VALIDATE( X != NULL );
+ MPI_VALIDATE( Y != NULL );
memcpy( &T, X, sizeof( mbedtls_mpi ) );
memcpy( X, Y, sizeof( mbedtls_mpi ) );
@@ -237,6 +250,8 @@
{
int ret = 0;
size_t i;
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( Y != NULL );
/* make sure assign is 0 or 1 in a time-constant manner */
assign = (assign | (unsigned char)-assign) >> 7;
@@ -266,6 +281,8 @@
int ret, s;
size_t i;
mbedtls_mpi_uint tmp;
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( Y != NULL );
if( X == Y )
return( 0 );
@@ -298,6 +315,7 @@
int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z )
{
int ret;
+ MPI_VALIDATE_RET( X != NULL );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) );
memset( X->p, 0, X->n * ciL );
@@ -315,12 +333,18 @@
*/
int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos )
{
+ MPI_VALIDATE_RET( X != NULL );
+
if( X->n * biL <= pos )
return( 0 );
return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 );
}
+/* Get a specific byte, without range checks. */
+#define GET_BYTE( X, i ) \
+ ( ( ( X )->p[( i ) / ciL] >> ( ( ( i ) % ciL ) * 8 ) ) & 0xff )
+
/*
* Set a bit to a specific value of 0 or 1
*/
@@ -329,6 +353,7 @@
int ret = 0;
size_t off = pos / biL;
size_t idx = pos % biL;
+ MPI_VALIDATE_RET( X != NULL );
if( val != 0 && val != 1 )
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
@@ -355,6 +380,7 @@
size_t mbedtls_mpi_lsb( const mbedtls_mpi *X )
{
size_t i, j, count = 0;
+ MBEDTLS_INTERNAL_VALIDATE_RET( X != NULL, 0 );
for( i = 0; i < X->n; i++ )
for( j = 0; j < biL; j++, count++ )
@@ -435,6 +461,8 @@
size_t i, j, slen, n;
mbedtls_mpi_uint d;
mbedtls_mpi T;
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( s != NULL );
if( radix < 2 || radix > 16 )
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
@@ -499,26 +527,38 @@
}
/*
- * Helper to write the digits high-order first
+ * Helper to write the digits high-order first.
*/
-static int mpi_write_hlp( mbedtls_mpi *X, int radix, char **p )
+static int mpi_write_hlp( mbedtls_mpi *X, int radix,
+ char **p, const size_t buflen )
{
int ret;
mbedtls_mpi_uint r;
+ size_t length = 0;
+ char *p_end = *p + buflen;
- if( radix < 2 || radix > 16 )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ do
+ {
+ if( length >= buflen )
+ {
+ return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+ }
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) );
+ /*
+ * Write the residue in the current position, as an ASCII character.
+ */
+ if( r < 0xA )
+ *(--p_end) = (char)( '0' + r );
+ else
+ *(--p_end) = (char)( 'A' + ( r - 0xA ) );
- if( mbedtls_mpi_cmp_int( X, 0 ) != 0 )
- MBEDTLS_MPI_CHK( mpi_write_hlp( X, radix, p ) );
+ length++;
+ } while( mbedtls_mpi_cmp_int( X, 0 ) != 0 );
- if( r < 10 )
- *(*p)++ = (char)( r + 0x30 );
- else
- *(*p)++ = (char)( r + 0x37 );
+ memmove( *p, p_end, length );
+ *p += length;
cleanup:
@@ -535,19 +575,27 @@
size_t n;
char *p;
mbedtls_mpi T;
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( olen != NULL );
+ MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
if( radix < 2 || radix > 16 )
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
- n = mbedtls_mpi_bitlen( X );
- if( radix >= 4 ) n >>= 1;
- if( radix >= 16 ) n >>= 1;
- /*
- * Round up the buffer length to an even value to ensure that there is
- * enough room for hexadecimal values that can be represented in an odd
- * number of digits.
- */
- n += 3 + ( ( n + 1 ) & 1 );
+ n = mbedtls_mpi_bitlen( X ); /* Number of bits necessary to present `n`. */
+ if( radix >= 4 ) n >>= 1; /* Number of 4-adic digits necessary to present
+ * `n`. If radix > 4, this might be a strict
+ * overapproximation of the number of
+ * radix-adic digits needed to present `n`. */
+ if( radix >= 16 ) n >>= 1; /* Number of hexadecimal digits necessary to
+ * present `n`. */
+
+ n += 1; /* Terminating null byte */
+ n += 1; /* Compensate for the divisions above, which round down `n`
+ * in case it's not even. */
+ n += 1; /* Potential '-'-sign. */
+ n += ( n & 1 ); /* Make n even to have enough space for hexadecimal writing,
+ * which always uses an even number of hex-digits. */
if( buflen < n )
{
@@ -559,7 +607,10 @@
mbedtls_mpi_init( &T );
if( X->s == -1 )
+ {
*p++ = '-';
+ buflen--;
+ }
if( radix == 16 )
{
@@ -588,7 +639,7 @@
if( T.s == -1 )
T.s = 1;
- MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p ) );
+ MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p, buflen ) );
}
*p++ = '\0';
@@ -616,6 +667,12 @@
*/
char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( fin != NULL );
+
+ if( radix < 2 || radix > 16 )
+ return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
memset( s, 0, sizeof( s ) );
if( fgets( s, sizeof( s ) - 1, fin ) == NULL )
return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
@@ -647,6 +704,10 @@
* newline characters and '\0'
*/
char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
+ MPI_VALIDATE_RET( X != NULL );
+
+ if( radix < 2 || radix > 16 )
+ return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
memset( s, 0, sizeof( s ) );
@@ -674,13 +735,100 @@
}
#endif /* MBEDTLS_FS_IO */
+
+/* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint
+ * into the storage form used by mbedtls_mpi. */
+
+static mbedtls_mpi_uint mpi_uint_bigendian_to_host_c( mbedtls_mpi_uint x )
+{
+ uint8_t i;
+ mbedtls_mpi_uint tmp = 0;
+ /* This works regardless of the endianness. */
+ for( i = 0; i < ciL; i++, x >>= 8 )
+ tmp |= ( x & 0xFF ) << ( ( ciL - 1 - i ) << 3 );
+ return( tmp );
+}
+
+static mbedtls_mpi_uint mpi_uint_bigendian_to_host( mbedtls_mpi_uint x )
+{
+#if defined(__BYTE_ORDER__)
+
+/* Nothing to do on bigendian systems. */
+#if ( __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ )
+ return( x );
+#endif /* __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ */
+
+#if ( __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ )
+
+/* For GCC and Clang, have builtins for byte swapping. */
+#if defined(__GNUC__) && defined(__GNUC_PREREQ)
+#if __GNUC_PREREQ(4,3)
+#define have_bswap
+#endif
+#endif
+
+#if defined(__clang__) && defined(__has_builtin)
+#if __has_builtin(__builtin_bswap32) && \
+ __has_builtin(__builtin_bswap64)
+#define have_bswap
+#endif
+#endif
+
+#if defined(have_bswap)
+ /* The compiler is hopefully able to statically evaluate this! */
+ switch( sizeof(mbedtls_mpi_uint) )
+ {
+ case 4:
+ return( __builtin_bswap32(x) );
+ case 8:
+ return( __builtin_bswap64(x) );
+ }
+#endif
+#endif /* __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ */
+#endif /* __BYTE_ORDER__ */
+
+ /* Fall back to C-based reordering if we don't know the byte order
+ * or we couldn't use a compiler-specific builtin. */
+ return( mpi_uint_bigendian_to_host_c( x ) );
+}
+
+static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs )
+{
+ mbedtls_mpi_uint *cur_limb_left;
+ mbedtls_mpi_uint *cur_limb_right;
+ if( limbs == 0 )
+ return;
+
+ /*
+ * Traverse limbs and
+ * - adapt byte-order in each limb
+ * - swap the limbs themselves.
+ * For that, simultaneously traverse the limbs from left to right
+ * and from right to left, as long as the left index is not bigger
+ * than the right index (it's not a problem if limbs is odd and the
+ * indices coincide in the last iteration).
+ */
+ for( cur_limb_left = p, cur_limb_right = p + ( limbs - 1 );
+ cur_limb_left <= cur_limb_right;
+ cur_limb_left++, cur_limb_right-- )
+ {
+ mbedtls_mpi_uint tmp;
+ /* Note that if cur_limb_left == cur_limb_right,
+ * this code effectively swaps the bytes only once. */
+ tmp = mpi_uint_bigendian_to_host( *cur_limb_left );
+ *cur_limb_left = mpi_uint_bigendian_to_host( *cur_limb_right );
+ *cur_limb_right = tmp;
+ }
+}
+
/*
- * Import X from unsigned binary data, big endian
+ * Import X from unsigned binary data, little endian
*/
-int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen )
+int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
+ const unsigned char *buf, size_t buflen )
{
int ret;
- size_t i, j;
+ size_t i;
size_t const limbs = CHARS_TO_LIMBS( buflen );
/* Ensure that target MPI has exactly the necessary number of limbs */
@@ -693,30 +841,142 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
- for( i = buflen, j = 0; i > 0; i--, j++ )
- X->p[j / ciL] |= ((mbedtls_mpi_uint) buf[i - 1]) << ((j % ciL) << 3);
+ for( i = 0; i < buflen; i++ )
+ X->p[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3);
cleanup:
+ /*
+ * This function is also used to import keys. However, wiping the buffers
+ * upon failure is not necessary because failure only can happen before any
+ * input is copied.
+ */
return( ret );
}
/*
+ * Import X from unsigned binary data, big endian
+ */
+int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen )
+{
+ int ret;
+ size_t const limbs = CHARS_TO_LIMBS( buflen );
+ size_t const overhead = ( limbs * ciL ) - buflen;
+ unsigned char *Xp;
+
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
+
+ /* Ensure that target MPI has exactly the necessary number of limbs */
+ if( X->n != limbs )
+ {
+ mbedtls_mpi_free( X );
+ mbedtls_mpi_init( X );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) );
+ }
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
+
+ /* Avoid calling `memcpy` with NULL source argument,
+ * even if buflen is 0. */
+ if( buf != NULL )
+ {
+ Xp = (unsigned char*) X->p;
+ memcpy( Xp + overhead, buf, buflen );
+
+ mpi_bigendian_to_host( X->p, limbs );
+ }
+
+cleanup:
+
+ /*
+ * This function is also used to import keys. However, wiping the buffers
+ * upon failure is not necessary because failure only can happen before any
+ * input is copied.
+ */
+ return( ret );
+}
+
+/*
+ * Export X into unsigned binary data, little endian
+ */
+int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,
+ unsigned char *buf, size_t buflen )
+{
+ size_t stored_bytes = X->n * ciL;
+ size_t bytes_to_copy;
+ size_t i;
+
+ if( stored_bytes < buflen )
+ {
+ bytes_to_copy = stored_bytes;
+ }
+ else
+ {
+ bytes_to_copy = buflen;
+
+ /* The output buffer is smaller than the allocated size of X.
+ * However X may fit if its leading bytes are zero. */
+ for( i = bytes_to_copy; i < stored_bytes; i++ )
+ {
+ if( GET_BYTE( X, i ) != 0 )
+ return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+ }
+ }
+
+ for( i = 0; i < bytes_to_copy; i++ )
+ buf[i] = GET_BYTE( X, i );
+
+ if( stored_bytes < buflen )
+ {
+ /* Write trailing 0 bytes */
+ memset( buf + stored_bytes, 0, buflen - stored_bytes );
+ }
+
+ return( 0 );
+}
+
+/*
* Export X into unsigned binary data, big endian
*/
-int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen )
+int mbedtls_mpi_write_binary( const mbedtls_mpi *X,
+ unsigned char *buf, size_t buflen )
{
- size_t i, j, n;
+ size_t stored_bytes;
+ size_t bytes_to_copy;
+ unsigned char *p;
+ size_t i;
- n = mbedtls_mpi_size( X );
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
- if( buflen < n )
- return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+ stored_bytes = X->n * ciL;
- memset( buf, 0, buflen );
+ if( stored_bytes < buflen )
+ {
+ /* There is enough space in the output buffer. Write initial
+ * null bytes and record the position at which to start
+ * writing the significant bytes. In this case, the execution
+ * trace of this function does not depend on the value of the
+ * number. */
+ bytes_to_copy = stored_bytes;
+ p = buf + buflen - stored_bytes;
+ memset( buf, 0, buflen - stored_bytes );
+ }
+ else
+ {
+ /* The output buffer is smaller than the allocated size of X.
+ * However X may fit if its leading bytes are zero. */
+ bytes_to_copy = buflen;
+ p = buf;
+ for( i = bytes_to_copy; i < stored_bytes; i++ )
+ {
+ if( GET_BYTE( X, i ) != 0 )
+ return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+ }
+ }
- for( i = buflen - 1, j = 0; n > 0; i--, j++, n-- )
- buf[i] = (unsigned char)( X->p[j / ciL] >> ((j % ciL) << 3) );
+ for( i = 0; i < bytes_to_copy; i++ )
+ p[bytes_to_copy - i - 1] = GET_BYTE( X, i );
return( 0 );
}
@@ -729,6 +989,7 @@
int ret;
size_t i, v0, t1;
mbedtls_mpi_uint r0 = 0, r1;
+ MPI_VALIDATE_RET( X != NULL );
v0 = count / (biL );
t1 = count & (biL - 1);
@@ -778,6 +1039,7 @@
{
size_t i, v0, v1;
mbedtls_mpi_uint r0 = 0, r1;
+ MPI_VALIDATE_RET( X != NULL );
v0 = count / biL;
v1 = count & (biL - 1);
@@ -820,6 +1082,8 @@
int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y )
{
size_t i, j;
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( Y != NULL );
for( i = X->n; i > 0; i-- )
if( X->p[i - 1] != 0 )
@@ -850,6 +1114,8 @@
int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y )
{
size_t i, j;
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( Y != NULL );
for( i = X->n; i > 0; i-- )
if( X->p[i - 1] != 0 )
@@ -884,6 +1150,7 @@
{
mbedtls_mpi Y;
mbedtls_mpi_uint p[1];
+ MPI_VALIDATE_RET( X != NULL );
*p = ( z < 0 ) ? -z : z;
Y.s = ( z < 0 ) ? -1 : 1;
@@ -901,6 +1168,9 @@
int ret;
size_t i, j;
mbedtls_mpi_uint *o, *p, c, tmp;
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( A != NULL );
+ MPI_VALIDATE_RET( B != NULL );
if( X == B )
{
@@ -978,6 +1248,9 @@
mbedtls_mpi TB;
int ret;
size_t n;
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( A != NULL );
+ MPI_VALIDATE_RET( B != NULL );
if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
@@ -1018,8 +1291,12 @@
*/
int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
{
- int ret, s = A->s;
+ int ret, s;
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( A != NULL );
+ MPI_VALIDATE_RET( B != NULL );
+ s = A->s;
if( A->s * B->s < 0 )
{
if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
@@ -1049,8 +1326,12 @@
*/
int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
{
- int ret, s = A->s;
+ int ret, s;
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( A != NULL );
+ MPI_VALIDATE_RET( B != NULL );
+ s = A->s;
if( A->s * B->s > 0 )
{
if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
@@ -1082,6 +1363,8 @@
{
mbedtls_mpi _B;
mbedtls_mpi_uint p[1];
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( A != NULL );
p[0] = ( b < 0 ) ? -b : b;
_B.s = ( b < 0 ) ? -1 : 1;
@@ -1098,6 +1381,8 @@
{
mbedtls_mpi _B;
mbedtls_mpi_uint p[1];
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( A != NULL );
p[0] = ( b < 0 ) ? -b : b;
_B.s = ( b < 0 ) ? -1 : 1;
@@ -1187,6 +1472,9 @@
int ret;
size_t i, j;
mbedtls_mpi TA, TB;
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( A != NULL );
+ MPI_VALIDATE_RET( B != NULL );
mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
@@ -1223,6 +1511,8 @@
{
mbedtls_mpi _B;
mbedtls_mpi_uint p[1];
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( A != NULL );
_B.s = 1;
_B.n = 1;
@@ -1331,11 +1621,14 @@
/*
* Division by mbedtls_mpi: A = Q * B + R (HAC 14.20)
*/
-int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
+int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
+ const mbedtls_mpi *B )
{
int ret;
size_t i, n, t, k;
mbedtls_mpi X, Y, Z, T1, T2;
+ MPI_VALIDATE_RET( A != NULL );
+ MPI_VALIDATE_RET( B != NULL );
if( mbedtls_mpi_cmp_int( B, 0 ) == 0 )
return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
@@ -1446,10 +1739,13 @@
/*
* Division by int: A = Q * b + R
*/
-int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b )
+int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R,
+ const mbedtls_mpi *A,
+ mbedtls_mpi_sint b )
{
mbedtls_mpi _B;
mbedtls_mpi_uint p[1];
+ MPI_VALIDATE_RET( A != NULL );
p[0] = ( b < 0 ) ? -b : b;
_B.s = ( b < 0 ) ? -1 : 1;
@@ -1465,6 +1761,9 @@
int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
{
int ret;
+ MPI_VALIDATE_RET( R != NULL );
+ MPI_VALIDATE_RET( A != NULL );
+ MPI_VALIDATE_RET( B != NULL );
if( mbedtls_mpi_cmp_int( B, 0 ) < 0 )
return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
@@ -1489,6 +1788,8 @@
{
size_t i;
mbedtls_mpi_uint x, y, z;
+ MPI_VALIDATE_RET( r != NULL );
+ MPI_VALIDATE_RET( A != NULL );
if( b == 0 )
return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
@@ -1602,7 +1903,8 @@
/*
* Montgomery reduction: A = A * R^-1 mod N
*/
-static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T )
+static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N,
+ mbedtls_mpi_uint mm, const mbedtls_mpi *T )
{
mbedtls_mpi_uint z = 1;
mbedtls_mpi U;
@@ -1616,7 +1918,9 @@
/*
* Sliding-window exponentiation: X = A^E mod N (HAC 14.85)
*/
-int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR )
+int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
+ const mbedtls_mpi *E, const mbedtls_mpi *N,
+ mbedtls_mpi *_RR )
{
int ret;
size_t wbits, wsize, one = 1;
@@ -1626,6 +1930,11 @@
mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos;
int neg;
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( A != NULL );
+ MPI_VALIDATE_RET( E != NULL );
+ MPI_VALIDATE_RET( N != NULL );
+
if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 )
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
@@ -1645,8 +1954,10 @@
wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 :
( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1;
+#if( MBEDTLS_MPI_WINDOW_SIZE < 6 )
if( wsize > MBEDTLS_MPI_WINDOW_SIZE )
wsize = MBEDTLS_MPI_WINDOW_SIZE;
+#endif
j = N->n + 1;
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
@@ -1830,6 +2141,10 @@
size_t lz, lzt;
mbedtls_mpi TG, TA, TB;
+ MPI_VALIDATE_RET( G != NULL );
+ MPI_VALIDATE_RET( A != NULL );
+ MPI_VALIDATE_RET( B != NULL );
+
mbedtls_mpi_init( &TG ); mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) );
@@ -1885,16 +2200,28 @@
void *p_rng )
{
int ret;
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ size_t const limbs = CHARS_TO_LIMBS( size );
+ size_t const overhead = ( limbs * ciL ) - size;
+ unsigned char *Xp;
- if( size > MBEDTLS_MPI_MAX_SIZE )
- return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( f_rng != NULL );
- MBEDTLS_MPI_CHK( f_rng( p_rng, buf, size ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) );
+ /* Ensure that target MPI has exactly the necessary number of limbs */
+ if( X->n != limbs )
+ {
+ mbedtls_mpi_free( X );
+ mbedtls_mpi_init( X );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) );
+ }
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
+
+ Xp = (unsigned char*) X->p;
+ f_rng( p_rng, Xp + overhead, size );
+
+ mpi_bigendian_to_host( X->p, limbs );
cleanup:
- mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( ret );
}
@@ -1905,6 +2232,9 @@
{
int ret;
mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2;
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( A != NULL );
+ MPI_VALIDATE_RET( N != NULL );
if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 )
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
@@ -2056,15 +2386,19 @@
/*
* Miller-Rabin pseudo-primality test (HAC 4.24)
*/
-static int mpi_miller_rabin( const mbedtls_mpi *X,
+static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret, count;
- size_t i, j, k, n, s;
+ size_t i, j, k, s;
mbedtls_mpi W, R, T, A, RR;
- mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A );
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( f_rng != NULL );
+
+ mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R );
+ mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A );
mbedtls_mpi_init( &RR );
/*
@@ -2077,27 +2411,12 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &R, s ) );
i = mbedtls_mpi_bitlen( X );
- /*
- * HAC, table 4.4
- */
- n = ( ( i >= 1300 ) ? 2 : ( i >= 850 ) ? 3 :
- ( i >= 650 ) ? 4 : ( i >= 350 ) ? 8 :
- ( i >= 250 ) ? 12 : ( i >= 150 ) ? 18 : 27 );
- for( i = 0; i < n; i++ )
+ for( i = 0; i < rounds; i++ )
{
/*
* pick a random A, 1 < A < |X| - 1
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
-
- if( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 )
- {
- j = mbedtls_mpi_bitlen( &A ) - mbedtls_mpi_bitlen( &W );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &A, j + 1 ) );
- }
- A.p[0] |= 3;
-
count = 0;
do {
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
@@ -2105,7 +2424,7 @@
j = mbedtls_mpi_bitlen( &A );
k = mbedtls_mpi_bitlen( &W );
if (j > k) {
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &A, j - k ) );
+ A.p[A.n - 1] &= ( (mbedtls_mpi_uint) 1 << ( k - ( A.n - 1 ) * biL - 1 ) ) - 1;
}
if (count++ > 30) {
@@ -2151,7 +2470,8 @@
}
cleanup:
- mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A );
+ mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R );
+ mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A );
mbedtls_mpi_free( &RR );
return( ret );
@@ -2160,12 +2480,14 @@
/*
* Pseudo-primality test: small factors, then Miller-Rabin
*/
-int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
int ret;
mbedtls_mpi XX;
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( f_rng != NULL );
XX.s = 1;
XX.n = X->n;
@@ -2186,17 +2508,37 @@
return( ret );
}
- return( mpi_miller_rabin( &XX, f_rng, p_rng ) );
+ return( mpi_miller_rabin( &XX, rounds, f_rng, p_rng ) );
}
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+/*
+ * Pseudo-primality test, error probability 2^-80
+ */
+int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( f_rng != NULL );
+
+ /*
+ * In the past our key generation aimed for an error rate of at most
+ * 2^-80. Since this function is deprecated, aim for the same certainty
+ * here as well.
+ */
+ return( mbedtls_mpi_is_prime_ext( X, 40, f_rng, p_rng ) );
+}
+#endif
+
/*
* Prime number generation
*
- * If dh_flag is 0 and nbits is at least 1024, then the procedure
- * follows the RSA probably-prime generation method of FIPS 186-4.
- * NB. FIPS 186-4 only allows the specific bit lengths of 1024 and 1536.
+ * To generate an RSA key in a way recommended by FIPS 186-4, both primes must
+ * be either 1024 bits or 1536 bits long, and flags must contain
+ * MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR.
*/
-int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
+int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
@@ -2209,9 +2551,13 @@
#endif
int ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
size_t k, n;
+ int rounds;
mbedtls_mpi_uint r;
mbedtls_mpi Y;
+ MPI_VALIDATE_RET( X != NULL );
+ MPI_VALIDATE_RET( f_rng != NULL );
+
if( nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS )
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
@@ -2219,6 +2565,27 @@
n = BITS_TO_LIMBS( nbits );
+ if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR ) == 0 )
+ {
+ /*
+ * 2^-80 error probability, number of rounds chosen per HAC, table 4.4
+ */
+ rounds = ( ( nbits >= 1300 ) ? 2 : ( nbits >= 850 ) ? 3 :
+ ( nbits >= 650 ) ? 4 : ( nbits >= 350 ) ? 8 :
+ ( nbits >= 250 ) ? 12 : ( nbits >= 150 ) ? 18 : 27 );
+ }
+ else
+ {
+ /*
+ * 2^-100 error probability, number of rounds computed based on HAC,
+ * fact 4.48
+ */
+ rounds = ( ( nbits >= 1450 ) ? 4 : ( nbits >= 1150 ) ? 5 :
+ ( nbits >= 1000 ) ? 6 : ( nbits >= 850 ) ? 7 :
+ ( nbits >= 750 ) ? 8 : ( nbits >= 500 ) ? 13 :
+ ( nbits >= 250 ) ? 28 : ( nbits >= 150 ) ? 40 : 51 );
+ }
+
while( 1 )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) );
@@ -2229,9 +2596,9 @@
if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits ) );
X->p[0] |= 1;
- if( dh_flag == 0 )
+ if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) == 0 )
{
- ret = mbedtls_mpi_is_prime( X, f_rng, p_rng );
+ ret = mbedtls_mpi_is_prime_ext( X, rounds, f_rng, p_rng );
if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
goto cleanup;
@@ -2264,8 +2631,10 @@
*/
if( ( ret = mpi_check_small_factors( X ) ) == 0 &&
( ret = mpi_check_small_factors( &Y ) ) == 0 &&
- ( ret = mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 &&
- ( ret = mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 )
+ ( ret = mpi_miller_rabin( X, rounds, f_rng, p_rng ) )
+ == 0 &&
+ ( ret = mpi_miller_rabin( &Y, rounds, f_rng, p_rng ) )
+ == 0 )
goto cleanup;
if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
diff --git a/library/blowfish.c b/library/blowfish.c
index 5b6bb98..cbf9238 100644
--- a/library/blowfish.c
+++ b/library/blowfish.c
@@ -40,6 +40,12 @@
#if !defined(MBEDTLS_BLOWFISH_ALT)
+/* Parameter validation macros */
+#define BLOWFISH_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA )
+#define BLOWFISH_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
/*
* 32-bit integer manipulation macros (big endian)
*/
@@ -153,6 +159,7 @@
void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx )
{
+ BLOWFISH_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_blowfish_context ) );
}
@@ -167,16 +174,20 @@
/*
* Blowfish key schedule
*/
-int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
- unsigned int keybits )
+int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits )
{
unsigned int i, j, k;
uint32_t data, datal, datar;
+ BLOWFISH_VALIDATE_RET( ctx != NULL );
+ BLOWFISH_VALIDATE_RET( key != NULL );
- if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS || keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS ||
- ( keybits % 8 ) )
+ if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS ||
+ keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS ||
+ keybits % 8 != 0 )
{
- return( MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH );
+ return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
}
keybits >>= 3;
@@ -231,6 +242,11 @@
unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] )
{
uint32_t X0, X1;
+ BLOWFISH_VALIDATE_RET( ctx != NULL );
+ BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
+ mode == MBEDTLS_BLOWFISH_DECRYPT );
+ BLOWFISH_VALIDATE_RET( input != NULL );
+ BLOWFISH_VALIDATE_RET( output != NULL );
GET_UINT32_BE( X0, input, 0 );
GET_UINT32_BE( X1, input, 4 );
@@ -263,6 +279,12 @@
{
int i;
unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE];
+ BLOWFISH_VALIDATE_RET( ctx != NULL );
+ BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
+ mode == MBEDTLS_BLOWFISH_DECRYPT );
+ BLOWFISH_VALIDATE_RET( iv != NULL );
+ BLOWFISH_VALIDATE_RET( length == 0 || input != NULL );
+ BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
if( length % MBEDTLS_BLOWFISH_BLOCKSIZE )
return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH );
@@ -317,7 +339,19 @@
unsigned char *output )
{
int c;
- size_t n = *iv_off;
+ size_t n;
+
+ BLOWFISH_VALIDATE_RET( ctx != NULL );
+ BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
+ mode == MBEDTLS_BLOWFISH_DECRYPT );
+ BLOWFISH_VALIDATE_RET( iv != NULL );
+ BLOWFISH_VALIDATE_RET( iv_off != NULL );
+ BLOWFISH_VALIDATE_RET( length == 0 || input != NULL );
+ BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
+
+ n = *iv_off;
+ if( n >= 8 )
+ return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
if( mode == MBEDTLS_BLOWFISH_DECRYPT )
{
@@ -365,7 +399,17 @@
unsigned char *output )
{
int c, i;
- size_t n = *nc_off;
+ size_t n;
+ BLOWFISH_VALIDATE_RET( ctx != NULL );
+ BLOWFISH_VALIDATE_RET( nonce_counter != NULL );
+ BLOWFISH_VALIDATE_RET( stream_block != NULL );
+ BLOWFISH_VALIDATE_RET( nc_off != NULL );
+ BLOWFISH_VALIDATE_RET( length == 0 || input != NULL );
+ BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
+
+ n = *nc_off;
+ if( n >= 8 )
+ return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
while( length-- )
{
diff --git a/library/camellia.c b/library/camellia.c
index 41b7da0..22262b8 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -49,6 +49,12 @@
#if !defined(MBEDTLS_CAMELLIA_ALT)
+/* Parameter validation macros */
+#define CAMELLIA_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA )
+#define CAMELLIA_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
/*
* 32-bit integer manipulation macros (big endian)
*/
@@ -321,6 +327,7 @@
void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
{
+ CAMELLIA_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_camellia_context ) );
}
@@ -335,8 +342,9 @@
/*
* Camellia key schedule (encryption)
*/
-int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
- unsigned int keybits )
+int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits )
{
int idx;
size_t i;
@@ -346,6 +354,9 @@
uint32_t KC[16];
uint32_t TK[20];
+ CAMELLIA_VALIDATE_RET( ctx != NULL );
+ CAMELLIA_VALIDATE_RET( key != NULL );
+
RK = ctx->rk;
memset( t, 0, 64 );
@@ -356,7 +367,7 @@
case 128: ctx->nr = 3; idx = 0; break;
case 192:
case 256: ctx->nr = 4; idx = 1; break;
- default : return( MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH );
+ default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
}
for( i = 0; i < keybits / 8; ++i )
@@ -440,14 +451,17 @@
/*
* Camellia key schedule (decryption)
*/
-int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
- unsigned int keybits )
+int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits )
{
int idx, ret;
size_t i;
mbedtls_camellia_context cty;
uint32_t *RK;
uint32_t *SK;
+ CAMELLIA_VALIDATE_RET( ctx != NULL );
+ CAMELLIA_VALIDATE_RET( key != NULL );
mbedtls_camellia_init( &cty );
@@ -495,6 +509,11 @@
{
int NR;
uint32_t *RK, X[4];
+ CAMELLIA_VALIDATE_RET( ctx != NULL );
+ CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
+ mode == MBEDTLS_CAMELLIA_DECRYPT );
+ CAMELLIA_VALIDATE_RET( input != NULL );
+ CAMELLIA_VALIDATE_RET( output != NULL );
( (void) mode );
@@ -552,14 +571,20 @@
* Camellia-CBC buffer encryption/decryption
*/
int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output )
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output )
{
int i;
unsigned char temp[16];
+ CAMELLIA_VALIDATE_RET( ctx != NULL );
+ CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
+ mode == MBEDTLS_CAMELLIA_DECRYPT );
+ CAMELLIA_VALIDATE_RET( iv != NULL );
+ CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
+ CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
if( length % 16 )
return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
@@ -614,7 +639,18 @@
unsigned char *output )
{
int c;
- size_t n = *iv_off;
+ size_t n;
+ CAMELLIA_VALIDATE_RET( ctx != NULL );
+ CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
+ mode == MBEDTLS_CAMELLIA_DECRYPT );
+ CAMELLIA_VALIDATE_RET( iv != NULL );
+ CAMELLIA_VALIDATE_RET( iv_off != NULL );
+ CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
+ CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
+
+ n = *iv_off;
+ if( n >= 16 )
+ return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
if( mode == MBEDTLS_CAMELLIA_DECRYPT )
{
@@ -662,7 +698,17 @@
unsigned char *output )
{
int c, i;
- size_t n = *nc_off;
+ size_t n;
+ CAMELLIA_VALIDATE_RET( ctx != NULL );
+ CAMELLIA_VALIDATE_RET( nonce_counter != NULL );
+ CAMELLIA_VALIDATE_RET( stream_block != NULL );
+ CAMELLIA_VALIDATE_RET( nc_off != NULL );
+ CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
+ CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
+
+ n = *nc_off;
+ if( n >= 16 )
+ return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
while( length-- )
{
diff --git a/library/ccm.c b/library/ccm.c
index 804eaf8..a7e360e 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -52,6 +52,11 @@
#if !defined(MBEDTLS_CCM_ALT)
+#define CCM_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CCM_BAD_INPUT )
+#define CCM_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
#define CCM_ENCRYPT 0
#define CCM_DECRYPT 1
@@ -60,6 +65,7 @@
*/
void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
{
+ CCM_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_ccm_context ) );
}
@@ -71,7 +77,11 @@
int ret;
const mbedtls_cipher_info_t *cipher_info;
- cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB );
+ CCM_VALIDATE_RET( ctx != NULL );
+ CCM_VALIDATE_RET( key != NULL );
+
+ cipher_info = mbedtls_cipher_info_from_values( cipher, keybits,
+ MBEDTLS_MODE_ECB );
if( cipher_info == NULL )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
@@ -97,6 +107,8 @@
*/
void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
{
+ if( ctx == NULL )
+ return;
mbedtls_cipher_free( &ctx->cipher_ctx );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
}
@@ -123,11 +135,17 @@
* This avoids allocating one more 16 bytes buffer while allowing src == dst.
*/
#define CTR_CRYPT( dst, src, len ) \
- if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctr, 16, b, &olen ) ) != 0 ) \
- return( ret ); \
- \
- for( i = 0; i < len; i++ ) \
- dst[i] = src[i] ^ b[i];
+ do \
+ { \
+ if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctr, \
+ 16, b, &olen ) ) != 0 ) \
+ { \
+ return( ret ); \
+ } \
+ \
+ for( i = 0; i < (len); i++ ) \
+ (dst)[i] = (src)[i] ^ b[i]; \
+ } while( 0 )
/*
* Authenticated encryption or decryption
@@ -310,6 +328,12 @@
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len )
{
+ CCM_VALIDATE_RET( ctx != NULL );
+ CCM_VALIDATE_RET( iv != NULL );
+ CCM_VALIDATE_RET( add_len == 0 || add != NULL );
+ CCM_VALIDATE_RET( length == 0 || input != NULL );
+ CCM_VALIDATE_RET( length == 0 || output != NULL );
+ CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
add, add_len, input, output, tag, tag_len ) );
}
@@ -320,6 +344,12 @@
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len )
{
+ CCM_VALIDATE_RET( ctx != NULL );
+ CCM_VALIDATE_RET( iv != NULL );
+ CCM_VALIDATE_RET( add_len == 0 || add != NULL );
+ CCM_VALIDATE_RET( length == 0 || input != NULL );
+ CCM_VALIDATE_RET( length == 0 || output != NULL );
+ CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
if( tag_len == 0 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
@@ -341,6 +371,13 @@
unsigned char i;
int diff;
+ CCM_VALIDATE_RET( ctx != NULL );
+ CCM_VALIDATE_RET( iv != NULL );
+ CCM_VALIDATE_RET( add_len == 0 || add != NULL );
+ CCM_VALIDATE_RET( length == 0 || input != NULL );
+ CCM_VALIDATE_RET( length == 0 || output != NULL );
+ CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
+
if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
iv, iv_len, add, add_len,
input, output, check_tag, tag_len ) ) != 0 )
@@ -367,6 +404,13 @@
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len )
{
+ CCM_VALIDATE_RET( ctx != NULL );
+ CCM_VALIDATE_RET( iv != NULL );
+ CCM_VALIDATE_RET( add_len == 0 || add != NULL );
+ CCM_VALIDATE_RET( length == 0 || input != NULL );
+ CCM_VALIDATE_RET( length == 0 || output != NULL );
+ CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
+
if( tag_len == 0 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
@@ -381,38 +425,39 @@
*/
#define NB_TESTS 3
-
+#define CCM_SELFTEST_PT_MAX_LEN 24
+#define CCM_SELFTEST_CT_MAX_LEN 32
/*
* The data is the same for all tests, only the used length changes
*/
-static const unsigned char key[] = {
+static const unsigned char key_test_data[] = {
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
};
-static const unsigned char iv[] = {
+static const unsigned char iv_test_data[] = {
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b
};
-static const unsigned char ad[] = {
+static const unsigned char ad_test_data[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13
};
-static const unsigned char msg[] = {
+static const unsigned char msg_test_data[CCM_SELFTEST_PT_MAX_LEN] = {
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
};
-static const size_t iv_len [NB_TESTS] = { 7, 8, 12 };
-static const size_t add_len[NB_TESTS] = { 8, 16, 20 };
-static const size_t msg_len[NB_TESTS] = { 4, 16, 24 };
-static const size_t tag_len[NB_TESTS] = { 4, 6, 8 };
+static const size_t iv_len_test_data [NB_TESTS] = { 7, 8, 12 };
+static const size_t add_len_test_data[NB_TESTS] = { 8, 16, 20 };
+static const size_t msg_len_test_data[NB_TESTS] = { 4, 16, 24 };
+static const size_t tag_len_test_data[NB_TESTS] = { 4, 6, 8 };
-static const unsigned char res[NB_TESTS][32] = {
+static const unsigned char res_test_data[NB_TESTS][CCM_SELFTEST_CT_MAX_LEN] = {
{ 0x71, 0x62, 0x01, 0x5b, 0x4d, 0xac, 0x25, 0x5d },
{ 0xd2, 0xa1, 0xf0, 0xe0, 0x51, 0xea, 0x5f, 0x62,
0x08, 0x1a, 0x77, 0x92, 0x07, 0x3d, 0x59, 0x3d,
@@ -426,13 +471,20 @@
int mbedtls_ccm_self_test( int verbose )
{
mbedtls_ccm_context ctx;
- unsigned char out[32];
+ /*
+ * Some hardware accelerators require the input and output buffers
+ * would be in RAM, because the flash is not accessible.
+ * Use buffers on the stack to hold the test vectors data.
+ */
+ unsigned char plaintext[CCM_SELFTEST_PT_MAX_LEN];
+ unsigned char ciphertext[CCM_SELFTEST_CT_MAX_LEN];
size_t i;
int ret;
mbedtls_ccm_init( &ctx );
- if( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 )
+ if( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key_test_data,
+ 8 * sizeof key_test_data ) != 0 )
{
if( verbose != 0 )
mbedtls_printf( " CCM: setup failed" );
@@ -445,27 +497,37 @@
if( verbose != 0 )
mbedtls_printf( " CCM-AES #%u: ", (unsigned int) i + 1 );
- ret = mbedtls_ccm_encrypt_and_tag( &ctx, msg_len[i],
- iv, iv_len[i], ad, add_len[i],
- msg, out,
- out + msg_len[i], tag_len[i] );
+ memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
+ memset( ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN );
+ memcpy( plaintext, msg_test_data, msg_len_test_data[i] );
+
+ ret = mbedtls_ccm_encrypt_and_tag( &ctx, msg_len_test_data[i],
+ iv_test_data, iv_len_test_data[i],
+ ad_test_data, add_len_test_data[i],
+ plaintext, ciphertext,
+ ciphertext + msg_len_test_data[i],
+ tag_len_test_data[i] );
if( ret != 0 ||
- memcmp( out, res[i], msg_len[i] + tag_len[i] ) != 0 )
+ memcmp( ciphertext, res_test_data[i],
+ msg_len_test_data[i] + tag_len_test_data[i] ) != 0 )
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
return( 1 );
}
+ memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
- ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len[i],
- iv, iv_len[i], ad, add_len[i],
- res[i], out,
- res[i] + msg_len[i], tag_len[i] );
+ ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len_test_data[i],
+ iv_test_data, iv_len_test_data[i],
+ ad_test_data, add_len_test_data[i],
+ ciphertext, plaintext,
+ ciphertext + msg_len_test_data[i],
+ tag_len_test_data[i] );
if( ret != 0 ||
- memcmp( out, msg, msg_len[i] ) != 0 )
+ memcmp( plaintext, msg_test_data, msg_len_test_data[i] ) != 0 )
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
diff --git a/library/certs.c b/library/certs.c
index f1379b8..f152c28 100644
--- a/library/certs.c
+++ b/library/certs.c
@@ -29,325 +29,1657 @@
#if defined(MBEDTLS_CERTS_C)
-#if defined(MBEDTLS_ECDSA_C)
-#define TEST_CA_CRT_EC \
+/*
+ * Test CA Certificates
+ *
+ * We define test CA certificates for each choice of the following parameters:
+ * - PEM or DER encoding
+ * - SHA-1 or SHA-256 hash
+ * - RSA or EC key
+ *
+ * Things to add:
+ * - multiple EC curve types
+ *
+ */
+
+/* This is taken from tests/data_files/test-ca2.crt */
+/* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca2.crt */
+#define TEST_CA_CRT_EC_PEM \
+ "-----BEGIN CERTIFICATE-----\r\n" \
+ "MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \
+ "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \
+ "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \
+ "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \
+ "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \
+ "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \
+ "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/\r\n" \
+ "MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk\r\n" \
+ "SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a\r\n" \
+ "LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ\r\n" \
+ "hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==\r\n" \
+ "-----END CERTIFICATE-----\r\n"
+/* END FILE */
+
+/* This is generated from tests/data_files/test-ca2.crt.der using `xxd -i`. */
+/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER tests/data_files/test-ca2.crt.der */
+#define TEST_CA_CRT_EC_DER { \
+ 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \
+ 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \
+ 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \
+ 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \
+ 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \
+ 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \
+ 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \
+ 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \
+ 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \
+ 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \
+ 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \
+ 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \
+ 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \
+ 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \
+ 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \
+ 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \
+ 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \
+ 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \
+ 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \
+ 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \
+ 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \
+ 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \
+ 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \
+ 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \
+ 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \
+ 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \
+ 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \
+ 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \
+ 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \
+ 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
+ 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \
+ 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \
+ 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \
+ 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \
+ 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \
+ 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \
+ 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \
+ 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \
+ 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \
+ 0xf5, 0xae, 0x1c, 0x42 \
+}
+/* END FILE */
+
+/* This is taken from tests/data_files/test-ca2.key.enc */
+/* BEGIN FILE string macro TEST_CA_KEY_EC_PEM tests/data_files/test-ca2.key.enc */
+#define TEST_CA_KEY_EC_PEM \
+ "-----BEGIN EC PRIVATE KEY-----\r\n" \
+ "Proc-Type: 4,ENCRYPTED\r\n" \
+ "DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n" \
+ "\r\n" \
+ "IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n" \
+ "ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n" \
+ "UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n" \
+ "a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n" \
+ "-----END EC PRIVATE KEY-----\r\n"
+/* END FILE */
+
+#define TEST_CA_PWD_EC_PEM "PolarSSLTest"
+
+/* This is generated from tests/data_files/test-ca2.key.der using `xxd -i`. */
+/* BEGIN FILE binary macro TEST_CA_KEY_EC_DER tests/data_files/test-ca2.key.der */
+#define TEST_CA_KEY_EC_DER { \
+ 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \
+ 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \
+ 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \
+ 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \
+ 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \
+ 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \
+ 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \
+ 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \
+ 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \
+ 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \
+ 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \
+ 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \
+ 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \
+ 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \
+}
+/* END FILE */
+
+/* This is taken from tests/data_files/test-ca-sha256.crt. */
+/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA256_PEM tests/data_files/test-ca-sha256.crt */
+#define TEST_CA_CRT_RSA_SHA256_PEM \
+ "-----BEGIN CERTIFICATE-----\r\n" \
+ "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \
+ "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
+ "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \
+ "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \
+ "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \
+ "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \
+ "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \
+ "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \
+ "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \
+ "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \
+ "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \
+ "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA\r\n" \
+ "A4IBAQA4qFSCth2q22uJIdE4KGHJsJjVEfw2/xn+MkTvCMfxVrvmRvqCtjE4tKDl\r\n" \
+ "oK4MxFOek07oDZwvtAT9ijn1hHftTNS7RH9zd/fxNpfcHnMZXVC4w4DNA1fSANtW\r\n" \
+ "5sY1JB5Je9jScrsLSS+mAjyv0Ow3Hb2Bix8wu7xNNrV5fIf7Ubm+wt6SqEBxu3Kb\r\n" \
+ "+EfObAT4huf3czznhH3C17ed6NSbXwoXfby7stWUDeRJv08RaFOykf/Aae7bY5PL\r\n" \
+ "yTVrkAnikMntJ9YI+hNNYt3inqq11A5cN0+rVTst8UKCxzQ4GpvroSwPKTFkbMw4\r\n" \
+ "/anT1dVxr/BtwJfiESoK3/4CeXR1\r\n" \
+ "-----END CERTIFICATE-----\r\n"
+/* END FILE */
+
+/* This is generated from tests/data_files/test-ca-sha256.crt.der
+ * using `xxd -i`. */
+/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER tests/data_files/test-ca-sha256.crt.der */
+#define TEST_CA_CRT_RSA_SHA256_DER { \
+ 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
+ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
+ 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
+ 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
+ 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
+ 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \
+ 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \
+ 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
+ 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \
+ 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \
+ 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \
+ 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \
+ 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \
+ 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \
+ 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \
+ 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \
+ 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \
+ 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \
+ 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \
+ 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \
+ 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \
+ 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \
+ 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \
+ 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \
+ 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \
+ 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \
+ 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \
+ 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \
+ 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \
+ 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \
+ 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \
+ 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \
+ 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \
+ 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \
+ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \
+ 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \
+ 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \
+ 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \
+ 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \
+ 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \
+ 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \
+ 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \
+ 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \
+ 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \
+ 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \
+ 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \
+ 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \
+ 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \
+ 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \
+ 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \
+ 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \
+ 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \
+ 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \
+ 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \
+ 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \
+ 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \
+ 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \
+ 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \
+ 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \
+ 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \
+ 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \
+ 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \
+}
+/* END FILE */
+
+/* This is taken from tests/data_files/test-ca-sha1.crt. */
+/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA1_PEM tests/data_files/test-ca-sha1.crt */
+#define TEST_CA_CRT_RSA_SHA1_PEM \
+ "-----BEGIN CERTIFICATE-----\r\n" \
+ "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \
+ "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
+ "MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \
+ "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \
+ "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \
+ "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \
+ "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \
+ "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \
+ "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \
+ "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \
+ "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \
+ "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA\r\n" \
+ "A4IBAQABE3OEPfEd/bcJW5ZdU3/VgPNS4tMzh8gnJP/V2FcvFtGylMpQq6YnEBYI\r\n" \
+ "yBHAL4DRvlMY5rnXGBp3ODR8MpqHC6AquRTCLzjS57iYff//4QFQqW9n92zctspv\r\n" \
+ "czkaPKgjqo1No3Uq0Xaz10rcxyTUPrf5wNVRZ2V0KvllvAAVSzbI4mpdUXztjhST\r\n" \
+ "S5A2BeWQAAOr0zq1F7TSRVJpJs7jmB2ai/igkh1IAjcuwV6VwlP+sbw0gjQ0NpGM\r\n" \
+ "iHpnlzRAi/tIbtOvMIGOBU2TIfax/5jq1agUx5aPmT5TWAiJPOOP6l5xXnDwxeYS\r\n" \
+ "NWqiX9GyusBZjezaCaHabjDLU0qQ\r\n" \
+ "-----END CERTIFICATE-----\r\n"
+/* END FILE */
+
+/* This is taken from tests/data_files/test-ca-sha1.crt.der. */
+/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER tests/data_files/test-ca-sha1.crt.der */
+#define TEST_CA_CRT_RSA_SHA1_DER { \
+ 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
+ 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
+ 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
+ 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
+ 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
+ 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \
+ 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \
+ 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
+ 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \
+ 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \
+ 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \
+ 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \
+ 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \
+ 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \
+ 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \
+ 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \
+ 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \
+ 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \
+ 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \
+ 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \
+ 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \
+ 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \
+ 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \
+ 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \
+ 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \
+ 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \
+ 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \
+ 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \
+ 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \
+ 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \
+ 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \
+ 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \
+ 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \
+ 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \
+ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \
+ 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \
+ 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \
+ 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \
+ 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \
+ 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \
+ 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x13, 0x73, 0x84, 0x3d, 0xf1, 0x1d, \
+ 0xfd, 0xb7, 0x09, 0x5b, 0x96, 0x5d, 0x53, 0x7f, 0xd5, 0x80, 0xf3, 0x52, \
+ 0xe2, 0xd3, 0x33, 0x87, 0xc8, 0x27, 0x24, 0xff, 0xd5, 0xd8, 0x57, 0x2f, \
+ 0x16, 0xd1, 0xb2, 0x94, 0xca, 0x50, 0xab, 0xa6, 0x27, 0x10, 0x16, 0x08, \
+ 0xc8, 0x11, 0xc0, 0x2f, 0x80, 0xd1, 0xbe, 0x53, 0x18, 0xe6, 0xb9, 0xd7, \
+ 0x18, 0x1a, 0x77, 0x38, 0x34, 0x7c, 0x32, 0x9a, 0x87, 0x0b, 0xa0, 0x2a, \
+ 0xb9, 0x14, 0xc2, 0x2f, 0x38, 0xd2, 0xe7, 0xb8, 0x98, 0x7d, 0xff, 0xff, \
+ 0xe1, 0x01, 0x50, 0xa9, 0x6f, 0x67, 0xf7, 0x6c, 0xdc, 0xb6, 0xca, 0x6f, \
+ 0x73, 0x39, 0x1a, 0x3c, 0xa8, 0x23, 0xaa, 0x8d, 0x4d, 0xa3, 0x75, 0x2a, \
+ 0xd1, 0x76, 0xb3, 0xd7, 0x4a, 0xdc, 0xc7, 0x24, 0xd4, 0x3e, 0xb7, 0xf9, \
+ 0xc0, 0xd5, 0x51, 0x67, 0x65, 0x74, 0x2a, 0xf9, 0x65, 0xbc, 0x00, 0x15, \
+ 0x4b, 0x36, 0xc8, 0xe2, 0x6a, 0x5d, 0x51, 0x7c, 0xed, 0x8e, 0x14, 0x93, \
+ 0x4b, 0x90, 0x36, 0x05, 0xe5, 0x90, 0x00, 0x03, 0xab, 0xd3, 0x3a, 0xb5, \
+ 0x17, 0xb4, 0xd2, 0x45, 0x52, 0x69, 0x26, 0xce, 0xe3, 0x98, 0x1d, 0x9a, \
+ 0x8b, 0xf8, 0xa0, 0x92, 0x1d, 0x48, 0x02, 0x37, 0x2e, 0xc1, 0x5e, 0x95, \
+ 0xc2, 0x53, 0xfe, 0xb1, 0xbc, 0x34, 0x82, 0x34, 0x34, 0x36, 0x91, 0x8c, \
+ 0x88, 0x7a, 0x67, 0x97, 0x34, 0x40, 0x8b, 0xfb, 0x48, 0x6e, 0xd3, 0xaf, \
+ 0x30, 0x81, 0x8e, 0x05, 0x4d, 0x93, 0x21, 0xf6, 0xb1, 0xff, 0x98, 0xea, \
+ 0xd5, 0xa8, 0x14, 0xc7, 0x96, 0x8f, 0x99, 0x3e, 0x53, 0x58, 0x08, 0x89, \
+ 0x3c, 0xe3, 0x8f, 0xea, 0x5e, 0x71, 0x5e, 0x70, 0xf0, 0xc5, 0xe6, 0x12, \
+ 0x35, 0x6a, 0xa2, 0x5f, 0xd1, 0xb2, 0xba, 0xc0, 0x59, 0x8d, 0xec, 0xda, \
+ 0x09, 0xa1, 0xda, 0x6e, 0x30, 0xcb, 0x53, 0x4a, 0x90 \
+}
+/* END FILE */
+
+/* This is taken from tests/data_files/test-ca.key */
+/* BEGIN FILE string macro TEST_CA_KEY_RSA_PEM tests/data_files/test-ca.key */
+#define TEST_CA_KEY_RSA_PEM \
+ "-----BEGIN RSA PRIVATE KEY-----\r\n" \
+ "Proc-Type: 4,ENCRYPTED\r\n" \
+ "DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B\r\n" \
+ "\r\n" \
+ "9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA\r\n" \
+ "7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl//8xFKwZr3Xb5yO5JUP8AUctQq\r\n" \
+ "Nb8CLlZyuUC+52REAAthdWgsX+7dJO4yabzUcQ22Tp9JSD0hiL43BlkWYUNK3dAo\r\n" \
+ "PZlmiptjnzVTjg1MxsBSydZinWOLBV8/JQgxSPo2yD4uEfig28qbvQ2wNIn0pnAb\r\n" \
+ "GxnSAOazkongEGfvcjIIs+LZN9gXFhxcOh6kc4Q/c99B7QWETwLLkYgZ+z1a9VY9\r\n" \
+ "gEU7CwCxYCD+h9hY6FPmsK0/lC4O7aeRKpYq00rPPxs6i7phiexg6ax6yTMmArQq\r\n" \
+ "QmK3TAsJm8V/J5AWpLEV6jAFgRGymGGHnof0DXzVWZidrcZJWTNuGEX90nB3ee2w\r\n" \
+ "PXJEFWKoD3K3aFcSLdHYr3mLGxP7H9ThQai9VsycxZKS5kwvBKQ//YMrmFfwPk8x\r\n" \
+ "vTeY4KZMaUrveEel5tWZC94RSMKgxR6cyE1nBXyTQnDOGbfpNNgBKxyKbINWoOJU\r\n" \
+ "WJZAwlsQn+QzCDwpri7+sV1mS3gBE6UY7aQmnmiiaC2V3Hbphxct/en5QsfDOt1X\r\n" \
+ "JczSfpRWLlbPznZg8OQh/VgCMA58N5DjOzTIK7sJJ5r+94ZBTCpgAMbF588f0NTR\r\n" \
+ "KCe4yrxGJR7X02M4nvD4IwOlpsQ8xQxZtOSgXv4LkxvdU9XJJKWZ/XNKJeWztxSe\r\n" \
+ "Z1vdTc2YfsDBA2SEv33vxHx2g1vqtw8SjDRT2RaQSS0QuSaMJimdOX6mTOCBKk1J\r\n" \
+ "9Q5mXTrER+/LnK0jEmXsBXWA5bqqVZIyahXSx4VYZ7l7w/PHiUDtDgyRhMMKi4n2\r\n" \
+ "iQvQcWSQTjrpnlJbca1/DkpRt3YwrvJwdqb8asZU2VrNETh5x0QVefDRLFiVpif/\r\n" \
+ "tUaeAe/P1F8OkS7OIZDs1SUbv/sD2vMbhNkUoCms3/PvNtdnvgL4F0zhaDpKCmlT\r\n" \
+ "P8vx49E7v5CyRNmED9zZg4o3wmMqrQO93PtTug3Eu9oVx1zPQM1NVMyBa2+f29DL\r\n" \
+ "1nuTCeXdo9+ni45xx+jAI4DCwrRdhJ9uzZyC6962H37H6D+5naNvClFR1s6li1Gb\r\n" \
+ "nqPoiy/OBsEx9CaDGcqQBp5Wme/3XW+6z1ISOx+igwNTVCT14mHdBMbya0eIKft5\r\n" \
+ "X+GnwtgEMyCYyyWuUct8g4RzErcY9+yW9Om5Hzpx4zOuW4NPZgPDTgK+t2RSL/Yq\r\n" \
+ "rE1njrgeGYcVeG3f+OftH4s6fPbq7t1A5ZgUscbLMBqr9tK+OqygR4EgKBPsH6Cz\r\n" \
+ "L6zlv/2RV0qAHvVuDJcIDIgwY5rJtINEm32rhOeFNJwZS5MNIC1czXZx5//ugX7l\r\n" \
+ "I4sy5nbVhwSjtAk8Xg5dZbdTZ6mIrb7xqH+fdakZor1khG7bC2uIwibD3cSl2XkR\r\n" \
+ "wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde\r\n" \
+ "P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n" \
+ "-----END RSA PRIVATE KEY-----\r\n"
+/* END FILE */
+
+#define TEST_CA_PWD_RSA_PEM "PolarSSLTest"
+
+/* This was generated from test-ca.key.der using `xxd -i`. */
+/* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER tests/data_files/test-ca.key.der */
+#define TEST_CA_KEY_RSA_DER { \
+ 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \
+ 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \
+ 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \
+ 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \
+ 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \
+ 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \
+ 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \
+ 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \
+ 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \
+ 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \
+ 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \
+ 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \
+ 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \
+ 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \
+ 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \
+ 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \
+ 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \
+ 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \
+ 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \
+ 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \
+ 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \
+ 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \
+ 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \
+ 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \
+ 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \
+ 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \
+ 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \
+ 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \
+ 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \
+ 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \
+ 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \
+ 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \
+ 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \
+ 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \
+ 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \
+ 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \
+ 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \
+ 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \
+ 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \
+ 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \
+ 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \
+ 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \
+ 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \
+ 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \
+ 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \
+ 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \
+ 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \
+ 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \
+ 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \
+ 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \
+ 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \
+ 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \
+ 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \
+ 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \
+ 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \
+ 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \
+ 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \
+ 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \
+ 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \
+ 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \
+ 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \
+ 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \
+ 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \
+ 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \
+ 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \
+ 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \
+ 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \
+ 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \
+ 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \
+ 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \
+ 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \
+ 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \
+ 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \
+ 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \
+ 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \
+ 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \
+ 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \
+ 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \
+ 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \
+ 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \
+ 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \
+ 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \
+ 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \
+ 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \
+ 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \
+ 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \
+ 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \
+ 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \
+ 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \
+ 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \
+ 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \
+ 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \
+ 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \
+ 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \
+ 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \
+ 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \
+ 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \
+ 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \
+ 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \
+ 0xa8, 0xc2, 0x8f, 0x0d \
+}
+/* END FILE */
+
+/*
+ * Test server Certificates
+ *
+ * Test server certificates are defined for each choice
+ * of the following parameters:
+ * - PEM or DER encoding
+ * - SHA-1 or SHA-256 hash
+ * - RSA or EC key
+ *
+ * Things to add:
+ * - multiple EC curve types
+ */
+
+/* This is taken from tests/data_files/server5.crt. */
+/* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server5.crt */
+#define TEST_SRV_CRT_EC_PEM \
+ "-----BEGIN CERTIFICATE-----\r\n" \
+ "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \
+ "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \
+ "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
+ "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \
+ "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \
+ "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \
+ "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \
+ "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n" \
+ "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \
+ "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n" \
+ "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n" \
+ "fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n" \
+ "-----END CERTIFICATE-----\r\n"
+/* END FILE */
+
+/* This is generated from tests/data_files/server5.crt.der using `xxd -i`. */
+/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER tests/data_files/server5.crt.der */
+#define TEST_SRV_CRT_EC_DER { \
+ 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
+ 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \
+ 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \
+ 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
+ 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \
+ 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \
+ 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \
+ 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \
+ 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \
+ 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \
+ 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \
+ 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \
+ 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \
+ 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \
+ 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \
+ 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \
+ 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \
+ 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \
+ 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \
+ 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \
+ 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \
+ 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \
+ 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \
+ 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \
+ 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \
+ 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \
+ 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \
+ 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \
+ 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \
+ 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \
+ 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \
+ 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \
+ 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \
+ 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \
+ 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \
+ 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \
+ 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \
+ 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \
+}
+/* END FILE */
+
+/* This is taken from tests/data_files/server5.key. */
+/* BEGIN FILE string macro TEST_SRV_KEY_EC_PEM tests/data_files/server5.key */
+#define TEST_SRV_KEY_EC_PEM \
+ "-----BEGIN EC PRIVATE KEY-----\r\n" \
+ "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n" \
+ "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n" \
+ "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n" \
+ "-----END EC PRIVATE KEY-----\r\n"
+/* END FILE */
+
+/* This is generated from tests/data_files/server5.key.der using `xxd -i`. */
+/* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER tests/data_files/server5.key.der */
+#define TEST_SRV_KEY_EC_DER { \
+ 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \
+ 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \
+ 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \
+ 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \
+ 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \
+ 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \
+ 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \
+ 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \
+ 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \
+ 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \
+ 0xff \
+}
+/* END FILE */
+
+/* This is taken from tests/data_files/server2-sha256.crt. */
+/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM tests/data_files/server2-sha256.crt */
+#define TEST_SRV_CRT_RSA_SHA256_PEM \
+ "-----BEGIN CERTIFICATE-----\r\n" \
+ "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \
+ "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
+ "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
+ "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \
+ "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \
+ "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \
+ "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \
+ "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \
+ "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \
+ "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \
+ "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \
+ "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJh\r\n" \
+ "Pqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6U\r\n" \
+ "HoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq9\r\n" \
+ "1C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sv\r\n" \
+ "a1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0\r\n" \
+ "e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbo\r\n" \
+ "pMZqLmbBm/7WPLc=\r\n" \
+ "-----END CERTIFICATE-----\r\n"
+/* END FILE */
+
+/* This is taken from tests/data_files/server2-sha256.crt.der. */
+/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER tests/data_files/server2-sha256.crt.der */
+#define TEST_SRV_CRT_RSA_SHA256_DER { \
+ 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
+ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
+ 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
+ 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
+ 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
+ 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \
+ 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \
+ 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
+ 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \
+ 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \
+ 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \
+ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \
+ 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \
+ 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \
+ 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \
+ 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \
+ 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \
+ 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \
+ 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \
+ 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \
+ 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \
+ 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \
+ 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \
+ 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \
+ 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \
+ 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \
+ 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \
+ 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \
+ 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \
+ 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \
+ 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \
+ 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \
+ 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \
+ 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \
+ 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \
+ 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \
+ 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \
+ 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \
+ 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \
+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \
+ 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \
+ 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \
+ 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \
+ 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \
+ 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \
+ 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \
+ 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \
+ 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \
+ 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \
+ 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \
+ 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \
+ 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \
+ 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \
+ 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \
+ 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \
+ 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \
+ 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \
+ 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \
+ 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \
+ 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \
+ 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \
+ 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \
+}
+/* END FILE */
+
+/* This is taken from tests/data_files/server2.crt. */
+/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM tests/data_files/server2.crt */
+#define TEST_SRV_CRT_RSA_SHA1_PEM \
"-----BEGIN CERTIFICATE-----\r\n" \
-"MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT\r\n" \
-"Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF\r\n" \
-"QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT\r\n" \
-"Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF\r\n" \
-"QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu\r\n" \
-"ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy\r\n" \
-"aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g\r\n" \
-"JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7\r\n" \
-"NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE\r\n" \
-"AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w\r\n" \
-"CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56\r\n" \
-"t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv\r\n" \
-"uCjn8pwUOkABXK8Mss90fzCfCEOtIA==\r\n" \
+"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \
+"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
+"MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
+"A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \
+"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \
+"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \
+"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \
+"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \
+"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \
+"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \
+"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \
+"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \
+"cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \
+"O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \
+"KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \
+"iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \
+"HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \
+"Awgk0+4m0T25cNs=\r\n" \
"-----END CERTIFICATE-----\r\n"
-const char mbedtls_test_ca_crt_ec[] = TEST_CA_CRT_EC;
-const size_t mbedtls_test_ca_crt_ec_len = sizeof( mbedtls_test_ca_crt_ec );
+/* END FILE */
-const char mbedtls_test_ca_key_ec[] =
-"-----BEGIN EC PRIVATE KEY-----\r\n"
-"Proc-Type: 4,ENCRYPTED\r\n"
-"DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n"
-"\r\n"
-"IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n"
-"ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n"
-"UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n"
-"a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n"
-"-----END EC PRIVATE KEY-----\r\n";
-const size_t mbedtls_test_ca_key_ec_len = sizeof( mbedtls_test_ca_key_ec );
+/* This is taken from tests/data_files/server2.crt.der. */
+/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER tests/data_files/server2.crt.der */
+#define TEST_SRV_CRT_RSA_SHA1_DER { \
+ 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
+ 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
+ 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
+ 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
+ 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
+ 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \
+ 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \
+ 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
+ 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \
+ 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \
+ 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \
+ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \
+ 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \
+ 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \
+ 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \
+ 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \
+ 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \
+ 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \
+ 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \
+ 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \
+ 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \
+ 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \
+ 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \
+ 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \
+ 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \
+ 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \
+ 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \
+ 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \
+ 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \
+ 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \
+ 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \
+ 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \
+ 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \
+ 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \
+ 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \
+ 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \
+ 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \
+ 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \
+ 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \
+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \
+ 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x73, 0x0b, 0x4a, 0xc5, \
+ 0xcb, 0xa0, 0xde, 0xf1, 0x63, 0x1c, 0x76, 0x04, 0x2b, 0x13, 0x0d, 0xc0, \
+ 0x84, 0x11, 0xc5, 0x8f, 0x3a, 0xa7, 0xc5, 0x9c, 0x35, 0x7a, 0x77, 0xb8, \
+ 0x20, 0x14, 0x82, 0xee, 0x54, 0xf0, 0xf2, 0xb0, 0x52, 0xcb, 0x78, 0xce, \
+ 0x59, 0x07, 0x4f, 0x51, 0x69, 0xfe, 0xd3, 0x2f, 0xe9, 0x09, 0xe7, 0x85, \
+ 0x92, 0xd8, 0xba, 0xb1, 0xeb, 0xc5, 0x76, 0x5d, 0x61, 0x2d, 0xe9, 0x86, \
+ 0xb5, 0xde, 0x2a, 0xf9, 0x3f, 0x53, 0x28, 0x42, 0x86, 0x83, 0x73, 0x43, \
+ 0xe0, 0x04, 0x5f, 0x07, 0x90, 0x14, 0x65, 0x9f, 0x6e, 0x10, 0x7a, 0xbc, \
+ 0x58, 0x19, 0x22, 0xc2, 0xeb, 0x39, 0x72, 0x51, 0x92, 0xd7, 0xb4, 0x1d, \
+ 0x75, 0x2f, 0xd3, 0x3a, 0x2b, 0x01, 0xe7, 0xdb, 0x50, 0xae, 0xe2, 0xf1, \
+ 0xd4, 0x4d, 0x5b, 0x3c, 0xbb, 0x41, 0x2b, 0x2a, 0xa4, 0xe2, 0x4a, 0x02, \
+ 0xe5, 0x60, 0x14, 0x2c, 0x9c, 0x1f, 0xa6, 0xcc, 0x06, 0x4b, 0x25, 0x89, \
+ 0x4e, 0x96, 0x30, 0x22, 0x9c, 0x5c, 0x58, 0x4d, 0xc3, 0xda, 0xd0, 0x6e, \
+ 0x50, 0x1e, 0x8c, 0x65, 0xf5, 0xd9, 0x17, 0x35, 0xa6, 0x58, 0x43, 0xb2, \
+ 0x29, 0xb7, 0xa8, 0x5e, 0x35, 0xde, 0xf0, 0x60, 0x42, 0x1a, 0x01, 0xcb, \
+ 0xcb, 0x0b, 0xd8, 0x0e, 0xc1, 0x90, 0xdf, 0xa1, 0xd2, 0x1a, 0xd1, 0x2c, \
+ 0x02, 0xf4, 0x76, 0x41, 0xa4, 0xcb, 0x4b, 0x15, 0x98, 0x71, 0xf9, 0x35, \
+ 0x7d, 0xb0, 0xe7, 0xe2, 0x34, 0x96, 0x91, 0xbe, 0x32, 0x67, 0x2d, 0x6b, \
+ 0xd3, 0x55, 0x04, 0x8a, 0x01, 0x50, 0xb4, 0xe3, 0x62, 0x78, 0x6c, 0x11, \
+ 0x15, 0xa5, 0x2a, 0x11, 0xc1, 0x49, 0x1c, 0x9b, 0xc4, 0x10, 0x65, 0x60, \
+ 0x87, 0xd9, 0x1e, 0x69, 0x59, 0x4e, 0x8f, 0x6b, 0xeb, 0xc1, 0xfe, 0x6b, \
+ 0xe2, 0x63, 0x78, 0x95, 0x6e, 0xe0, 0x2d, 0xd7, 0xa7, 0x37, 0xa8 \
+}
+/* END FILE */
-const char mbedtls_test_ca_pwd_ec[] = "PolarSSLTest";
-const size_t mbedtls_test_ca_pwd_ec_len = sizeof( mbedtls_test_ca_pwd_ec ) - 1;
+/* This is taken from tests/data_files/server2.key. */
+/* BEGIN FILE string macro TEST_SRV_KEY_RSA_PEM tests/data_files/server2.key */
+#define TEST_SRV_KEY_RSA_PEM \
+ "-----BEGIN RSA PRIVATE KEY-----\r\n" \
+ "MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n" \
+ "lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n" \
+ "2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n" \
+ "Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n" \
+ "GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n" \
+ "y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n" \
+ "++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n" \
+ "Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n" \
+ "/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n" \
+ "WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n" \
+ "GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n" \
+ "TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n" \
+ "CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n" \
+ "nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n" \
+ "AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n" \
+ "sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n" \
+ "mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n" \
+ "BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n" \
+ "whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n" \
+ "vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n" \
+ "3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n" \
+ "3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n" \
+ "ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n" \
+ "4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n" \
+ "TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n" \
+ "-----END RSA PRIVATE KEY-----\r\n"
+/* END FILE */
-const char mbedtls_test_srv_crt_ec[] =
-"-----BEGIN CERTIFICATE-----\r\n"
-"MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n"
-"A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n"
-"MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n"
-"A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n"
-"CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n"
-"2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n"
-"BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n"
-"PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n"
-"clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n"
-"CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n"
-"C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n"
-"fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n"
-"-----END CERTIFICATE-----\r\n";
-const size_t mbedtls_test_srv_crt_ec_len = sizeof( mbedtls_test_srv_crt_ec );
+/* This was generated from tests/data_files/server2.key.der using `xxd -i`. */
+/* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER tests/data_files/server2.key.der */
+#define TEST_SRV_KEY_RSA_DER { \
+ 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \
+ 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \
+ 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \
+ 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \
+ 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \
+ 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \
+ 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \
+ 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \
+ 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \
+ 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \
+ 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \
+ 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \
+ 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \
+ 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \
+ 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \
+ 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \
+ 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \
+ 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \
+ 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \
+ 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \
+ 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \
+ 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \
+ 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \
+ 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \
+ 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \
+ 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \
+ 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \
+ 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \
+ 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \
+ 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \
+ 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \
+ 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \
+ 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \
+ 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \
+ 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \
+ 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \
+ 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \
+ 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \
+ 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \
+ 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \
+ 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \
+ 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \
+ 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \
+ 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \
+ 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \
+ 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \
+ 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \
+ 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \
+ 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \
+ 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \
+ 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \
+ 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \
+ 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \
+ 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \
+ 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \
+ 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \
+ 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \
+ 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \
+ 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \
+ 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \
+ 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \
+ 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \
+ 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \
+ 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \
+ 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \
+ 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \
+ 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \
+ 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \
+ 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \
+ 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \
+ 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \
+ 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \
+ 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \
+ 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \
+ 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \
+ 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \
+ 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \
+ 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \
+ 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \
+ 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \
+ 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \
+ 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \
+ 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \
+ 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \
+ 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \
+ 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \
+ 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \
+ 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \
+ 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \
+ 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \
+ 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \
+ 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \
+ 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \
+ 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \
+ 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \
+ 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \
+ 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \
+ 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \
+ 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \
+ 0x06, 0x21, 0x2e, 0x56 \
+}
+/* END FILE */
-const char mbedtls_test_srv_key_ec[] =
-"-----BEGIN EC PRIVATE KEY-----\r\n"
-"MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n"
-"AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n"
-"6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n"
-"-----END EC PRIVATE KEY-----\r\n";
-const size_t mbedtls_test_srv_key_ec_len = sizeof( mbedtls_test_srv_key_ec );
+/*
+ * Test client Certificates
+ *
+ * Test client certificates are defined for each choice
+ * of the following parameters:
+ * - PEM or DER encoding
+ * - RSA or EC key
+ *
+ * Things to add:
+ * - hash type
+ * - multiple EC curve types
+ */
-const char mbedtls_test_cli_crt_ec[] =
-"-----BEGIN CERTIFICATE-----\r\n"
-"MIICLDCCAbKgAwIBAgIBDTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n"
-"A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n"
-"MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjBBMQswCQYDVQQGEwJOTDERMA8G\r\n"
-"A1UEChMIUG9sYXJTU0wxHzAdBgNVBAMTFlBvbGFyU1NMIFRlc3QgQ2xpZW50IDIw\r\n"
-"WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARX5a6xc9/TrLuTuIH/Eq7u5lOszlVT\r\n"
-"9jQOzC7jYyUL35ji81xgNpbA1RgUcOV/n9VLRRjlsGzVXPiWj4dwo+THo4GdMIGa\r\n"
-"MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMG4GA1Ud\r\n"
-"IwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJOTDER\r\n"
-"MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC\r\n"
-"CQDBQ+J+YkPM6DAKBggqhkjOPQQDAgNoADBlAjBKZQ17IIOimbmoD/yN7o89u3BM\r\n"
-"lgOsjnhw3fIOoLIWy2WOGsk/LGF++DzvrRzuNiACMQCd8iem1XS4JK7haj8xocpU\r\n"
-"LwjQje5PDGHfd3h9tP38Qknu5bJqws0md2KOKHyeV0U=\r\n"
-"-----END CERTIFICATE-----\r\n";
-const size_t mbedtls_test_cli_crt_ec_len = sizeof( mbedtls_test_cli_crt_ec );
+/* This is taken from tests/data_files/cli2.crt. */
+/* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM tests/data_files/cli2.crt */
+#define TEST_CLI_CRT_EC_PEM \
+ "-----BEGIN CERTIFICATE-----\r\n" \
+ "MIIB3zCCAWOgAwIBAgIBDTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw\r\n" \
+ "DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJTU0wgVGVzdCBFQyBDQTAe\r\n" \
+ "Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMEExCzAJBgNVBAYTAk5MMREw\r\n" \
+ "DwYDVQQKDAhQb2xhclNTTDEfMB0GA1UEAwwWUG9sYXJTU0wgVGVzdCBDbGllbnQg\r\n" \
+ "MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFflrrFz39Osu5O4gf8Sru7mU6zO\r\n" \
+ "VVP2NA7MLuNjJQvfmOLzXGA2lsDVGBRw5X+f1UtFGOWwbNVc+JaPh3Cj5MejTTBL\r\n" \
+ "MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMB8GA1Ud\r\n" \
+ "IwQYMBaAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8MAwGCCqGSM49BAMCBQADaAAwZQIx\r\n" \
+ "AMqme4DKMldUlplDET9Q6Eptre7uUWKhsLOF+zPkKDlfzpIkJYEFgcloDHGYw80u\r\n" \
+ "IgIwNftyPXsabTqMM7iEHgVpX/GRozKklY9yQI/5eoA6gGW7Y+imuGR/oao5ySOb\r\n" \
+ "a9Vk\r\n" \
+ "-----END CERTIFICATE-----\r\n"
+/* END FILE */
-const char mbedtls_test_cli_key_ec[] =
-"-----BEGIN EC PRIVATE KEY-----\r\n"
-"MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n"
-"AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n"
-"wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n"
-"-----END EC PRIVATE KEY-----\r\n";
-const size_t mbedtls_test_cli_key_ec_len = sizeof( mbedtls_test_cli_key_ec );
-#endif /* MBEDTLS_ECDSA_C */
+/* This is generated from tests/data_files/cli2.crt.der using `xxd -i`. */
+/* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER tests/data_files/cli2.crt.der */
+#define TEST_CLI_CRT_EC_DER { \
+ 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
+ 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \
+ 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \
+ 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \
+ 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \
+ 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \
+ 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \
+ 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \
+ 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \
+ 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \
+ 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \
+ 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \
+ 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \
+ 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \
+ 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \
+ 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \
+ 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \
+ 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \
+ 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \
+ 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \
+ 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \
+ 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \
+ 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \
+ 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \
+ 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \
+ 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \
+ 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \
+ 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \
+ 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \
+ 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \
+ 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \
+ 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \
+ 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \
+ 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \
+ 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \
+ 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \
+ 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \
+ 0x6b, 0xd5, 0x64 \
+}
+/* END FILE */
+
+/* This is taken from tests/data_files/cli2.key. */
+/* BEGIN FILE string macro TEST_CLI_KEY_EC_PEM tests/data_files/cli2.key */
+#define TEST_CLI_KEY_EC_PEM \
+ "-----BEGIN EC PRIVATE KEY-----\r\n" \
+ "MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n" \
+ "AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n" \
+ "wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n" \
+ "-----END EC PRIVATE KEY-----\r\n"
+/* END FILE */
+
+/* This is generated from tests/data_files/cli2.key.der using `xxd -i`. */
+/* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER tests/data_files/cli2.key.der */
+#define TEST_CLI_KEY_EC_DER { \
+ 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \
+ 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \
+ 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \
+ 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \
+ 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \
+ 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \
+ 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \
+ 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \
+ 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \
+ 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \
+ 0xc7 \
+}
+/* END FILE */
+
+/* This is taken from tests/data_files/cli-rsa-sha256.crt. */
+/* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM tests/data_files/cli-rsa-sha256.crt */
+#define TEST_CLI_CRT_RSA_PEM \
+ "-----BEGIN CERTIFICATE-----\r\n" \
+ "MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \
+ "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
+ "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n" \
+ "A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n" \
+ "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n" \
+ "M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n" \
+ "1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n" \
+ "MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n" \
+ "4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n" \
+ "/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n" \
+ "o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf\r\n" \
+ "BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsFAAOC\r\n" \
+ "AQEAXidv1d4pLlBiKWED95rMycBdgDcgyNqJxakFkRfRyA2y1mlyTn7uBXRkNLY5\r\n" \
+ "ZFzK82GCjk2Q2OD4RZSCPAJJqLpHHU34t71ciffvy2KK81YvrxczRhMAE64i+qna\r\n" \
+ "yP3Td2XuWJR05PVPoSemsNELs9gWttdnYy3ce+EY2Y0n7Rsi7982EeLIAA7H6ca4\r\n" \
+ "2Es/NUH//JZJT32OP0doMxeDRA+vplkKqTLLWf7dX26LIriBkBaRCgR5Yv9LBPFc\r\n" \
+ "NOtpzu/LbrY7QFXKJMI+JXDudCsOn8KCmiA4d6Emisqfh3V3485l7HEQNcvLTxlD\r\n" \
+ "6zDQyi0/ykYUYZkwQTK1N2Nvlw==\r\n" \
+ "-----END CERTIFICATE-----\r\n"
+/* END FILE */
+
+/* This was generated from tests/data_files/cli-rsa-sha256.crt.der
+ using `xxd -i.` */
+/* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER tests/data_files/cli-rsa-sha256.crt.der */
+#define TEST_CLI_CRT_RSA_DER { \
+ 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
+ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
+ 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
+ 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
+ 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
+ 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \
+ 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \
+ 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
+ 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \
+ 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \
+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \
+ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \
+ 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \
+ 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \
+ 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \
+ 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \
+ 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \
+ 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \
+ 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \
+ 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \
+ 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \
+ 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \
+ 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \
+ 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \
+ 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \
+ 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \
+ 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \
+ 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \
+ 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \
+ 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \
+ 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \
+ 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \
+ 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \
+ 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \
+ 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \
+ 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \
+ 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \
+ 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \
+ 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \
+ 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \
+ 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \
+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \
+ 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \
+ 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \
+ 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \
+ 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \
+ 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \
+ 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \
+ 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \
+ 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \
+ 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \
+ 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \
+ 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \
+ 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \
+ 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \
+ 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \
+ 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \
+ 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \
+ 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \
+ 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \
+ 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \
+ 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \
+ 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \
+ 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \
+}
+/* END FILE */
+
+/* This is taken from tests/data_files/cli-rsa.key. */
+/* BEGIN FILE string macro TEST_CLI_KEY_RSA_PEM tests/data_files/cli-rsa.key */
+#define TEST_CLI_KEY_RSA_PEM \
+ "-----BEGIN RSA PRIVATE KEY-----\r\n" \
+ "MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n" \
+ "B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n" \
+ "bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9\r\n" \
+ "Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH\r\n" \
+ "7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v\r\n" \
+ "dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst\r\n" \
+ "yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz\r\n" \
+ "4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt\r\n" \
+ "ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA\r\n" \
+ "zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d\r\n" \
+ "l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf\r\n" \
+ "DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT\r\n" \
+ "VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL\r\n" \
+ "Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7\r\n" \
+ "wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys\r\n" \
+ "c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi\r\n" \
+ "33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60\r\n" \
+ "ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0\r\n" \
+ "BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW\r\n" \
+ "KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+\r\n" \
+ "UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc\r\n" \
+ "7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq\r\n" \
+ "gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu\r\n" \
+ "bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n" \
+ "8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n" \
+ "-----END RSA PRIVATE KEY-----\r\n"/* END FILE */
+
+/* This was generated from tests/data_files/cli-rsa.key.der using `xxd -i`. */
+/* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER tests/data_files/cli-rsa.key.der */
+#define TEST_CLI_KEY_RSA_DER { \
+ 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \
+ 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \
+ 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \
+ 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \
+ 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \
+ 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \
+ 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \
+ 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \
+ 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \
+ 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \
+ 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \
+ 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \
+ 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \
+ 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \
+ 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \
+ 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \
+ 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \
+ 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \
+ 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \
+ 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \
+ 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \
+ 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \
+ 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \
+ 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \
+ 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \
+ 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \
+ 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \
+ 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \
+ 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \
+ 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \
+ 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \
+ 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \
+ 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \
+ 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \
+ 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \
+ 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \
+ 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \
+ 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \
+ 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \
+ 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \
+ 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \
+ 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \
+ 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \
+ 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \
+ 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \
+ 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \
+ 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \
+ 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \
+ 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \
+ 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \
+ 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \
+ 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \
+ 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \
+ 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \
+ 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \
+ 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \
+ 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \
+ 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \
+ 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \
+ 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \
+ 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \
+ 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \
+ 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \
+ 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \
+ 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \
+ 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \
+ 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \
+ 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \
+ 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \
+ 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \
+ 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \
+ 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \
+ 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \
+ 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \
+ 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \
+ 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \
+ 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \
+ 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \
+ 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \
+ 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \
+ 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \
+ 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \
+ 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \
+ 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \
+ 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \
+ 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \
+ 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \
+ 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \
+ 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \
+ 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \
+ 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \
+ 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \
+ 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \
+ 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \
+ 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \
+ 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \
+ 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \
+ 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \
+ 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \
+ 0x8b, 0x87, 0xc3, 0x00 \
+}
+/* END FILE */
+
+/*
+ *
+ * Test certificates and keys as C variables
+ *
+ */
+
+/*
+ * CA
+ */
+
+const char mbedtls_test_ca_crt_ec_pem[] = TEST_CA_CRT_EC_PEM;
+const char mbedtls_test_ca_key_ec_pem[] = TEST_CA_KEY_EC_PEM;
+const char mbedtls_test_ca_pwd_ec_pem[] = TEST_CA_PWD_EC_PEM;
+const char mbedtls_test_ca_key_rsa_pem[] = TEST_CA_KEY_RSA_PEM;
+const char mbedtls_test_ca_pwd_rsa_pem[] = TEST_CA_PWD_RSA_PEM;
+const char mbedtls_test_ca_crt_rsa_sha1_pem[] = TEST_CA_CRT_RSA_SHA1_PEM;
+const char mbedtls_test_ca_crt_rsa_sha256_pem[] = TEST_CA_CRT_RSA_SHA256_PEM;
+
+const unsigned char mbedtls_test_ca_crt_ec_der[] = TEST_CA_CRT_EC_DER;
+const unsigned char mbedtls_test_ca_key_ec_der[] = TEST_CA_KEY_EC_DER;
+const unsigned char mbedtls_test_ca_key_rsa_der[] = TEST_CA_KEY_RSA_DER;
+const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[] =
+ TEST_CA_CRT_RSA_SHA1_DER;
+const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[] =
+ TEST_CA_CRT_RSA_SHA256_DER;
+
+const size_t mbedtls_test_ca_crt_ec_pem_len =
+ sizeof( mbedtls_test_ca_crt_ec_pem );
+const size_t mbedtls_test_ca_key_ec_pem_len =
+ sizeof( mbedtls_test_ca_key_ec_pem );
+const size_t mbedtls_test_ca_pwd_ec_pem_len =
+ sizeof( mbedtls_test_ca_pwd_ec_pem ) - 1;
+const size_t mbedtls_test_ca_key_rsa_pem_len =
+ sizeof( mbedtls_test_ca_key_rsa_pem );
+const size_t mbedtls_test_ca_pwd_rsa_pem_len =
+ sizeof( mbedtls_test_ca_pwd_rsa_pem ) - 1;
+const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len =
+ sizeof( mbedtls_test_ca_crt_rsa_sha1_pem );
+const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len =
+ sizeof( mbedtls_test_ca_crt_rsa_sha256_pem );
+
+const size_t mbedtls_test_ca_crt_ec_der_len =
+ sizeof( mbedtls_test_ca_crt_ec_der );
+const size_t mbedtls_test_ca_key_ec_der_len =
+ sizeof( mbedtls_test_ca_key_ec_der );
+const size_t mbedtls_test_ca_pwd_ec_der_len = 0;
+const size_t mbedtls_test_ca_key_rsa_der_len =
+ sizeof( mbedtls_test_ca_key_rsa_der );
+const size_t mbedtls_test_ca_pwd_rsa_der_len = 0;
+const size_t mbedtls_test_ca_crt_rsa_sha1_der_len =
+ sizeof( mbedtls_test_ca_crt_rsa_sha1_der );
+const size_t mbedtls_test_ca_crt_rsa_sha256_der_len =
+ sizeof( mbedtls_test_ca_crt_rsa_sha256_der );
+
+/*
+ * Server
+ */
+
+const char mbedtls_test_srv_crt_ec_pem[] = TEST_SRV_CRT_EC_PEM;
+const char mbedtls_test_srv_key_ec_pem[] = TEST_SRV_KEY_EC_PEM;
+const char mbedtls_test_srv_pwd_ec_pem[] = "";
+const char mbedtls_test_srv_key_rsa_pem[] = TEST_SRV_KEY_RSA_PEM;
+const char mbedtls_test_srv_pwd_rsa_pem[] = "";
+const char mbedtls_test_srv_crt_rsa_sha1_pem[] = TEST_SRV_CRT_RSA_SHA1_PEM;
+const char mbedtls_test_srv_crt_rsa_sha256_pem[] = TEST_SRV_CRT_RSA_SHA256_PEM;
+
+const unsigned char mbedtls_test_srv_crt_ec_der[] = TEST_SRV_CRT_EC_DER;
+const unsigned char mbedtls_test_srv_key_ec_der[] = TEST_SRV_KEY_EC_DER;
+const unsigned char mbedtls_test_srv_key_rsa_der[] = TEST_SRV_KEY_RSA_DER;
+const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[] =
+ TEST_SRV_CRT_RSA_SHA1_DER;
+const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[] =
+ TEST_SRV_CRT_RSA_SHA256_DER;
+
+const size_t mbedtls_test_srv_crt_ec_pem_len =
+ sizeof( mbedtls_test_srv_crt_ec_pem );
+const size_t mbedtls_test_srv_key_ec_pem_len =
+ sizeof( mbedtls_test_srv_key_ec_pem );
+const size_t mbedtls_test_srv_pwd_ec_pem_len =
+ sizeof( mbedtls_test_srv_pwd_ec_pem ) - 1;
+const size_t mbedtls_test_srv_key_rsa_pem_len =
+ sizeof( mbedtls_test_srv_key_rsa_pem );
+const size_t mbedtls_test_srv_pwd_rsa_pem_len =
+ sizeof( mbedtls_test_srv_pwd_rsa_pem ) - 1;
+const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len =
+ sizeof( mbedtls_test_srv_crt_rsa_sha1_pem );
+const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len =
+ sizeof( mbedtls_test_srv_crt_rsa_sha256_pem );
+
+const size_t mbedtls_test_srv_crt_ec_der_len =
+ sizeof( mbedtls_test_srv_crt_ec_der );
+const size_t mbedtls_test_srv_key_ec_der_len =
+ sizeof( mbedtls_test_srv_key_ec_der );
+const size_t mbedtls_test_srv_pwd_ec_der_len = 0;
+const size_t mbedtls_test_srv_key_rsa_der_len =
+ sizeof( mbedtls_test_srv_key_rsa_der );
+const size_t mbedtls_test_srv_pwd_rsa_der_len = 0;
+const size_t mbedtls_test_srv_crt_rsa_sha1_der_len =
+ sizeof( mbedtls_test_srv_crt_rsa_sha1_der );
+const size_t mbedtls_test_srv_crt_rsa_sha256_der_len =
+ sizeof( mbedtls_test_srv_crt_rsa_sha256_der );
+
+/*
+ * Client
+ */
+
+const char mbedtls_test_cli_crt_ec_pem[] = TEST_CLI_CRT_EC_PEM;
+const char mbedtls_test_cli_key_ec_pem[] = TEST_CLI_KEY_EC_PEM;
+const char mbedtls_test_cli_pwd_ec_pem[] = "";
+const char mbedtls_test_cli_key_rsa_pem[] = TEST_CLI_KEY_RSA_PEM;
+const char mbedtls_test_cli_pwd_rsa_pem[] = "";
+const char mbedtls_test_cli_crt_rsa_pem[] = TEST_CLI_CRT_RSA_PEM;
+
+const unsigned char mbedtls_test_cli_crt_ec_der[] = TEST_CLI_CRT_EC_DER;
+const unsigned char mbedtls_test_cli_key_ec_der[] = TEST_CLI_KEY_EC_DER;
+const unsigned char mbedtls_test_cli_key_rsa_der[] = TEST_CLI_KEY_RSA_DER;
+const unsigned char mbedtls_test_cli_crt_rsa_der[] = TEST_CLI_CRT_RSA_DER;
+
+const size_t mbedtls_test_cli_crt_ec_pem_len =
+ sizeof( mbedtls_test_cli_crt_ec_pem );
+const size_t mbedtls_test_cli_key_ec_pem_len =
+ sizeof( mbedtls_test_cli_key_ec_pem );
+const size_t mbedtls_test_cli_pwd_ec_pem_len =
+ sizeof( mbedtls_test_cli_pwd_ec_pem ) - 1;
+const size_t mbedtls_test_cli_key_rsa_pem_len =
+ sizeof( mbedtls_test_cli_key_rsa_pem );
+const size_t mbedtls_test_cli_pwd_rsa_pem_len =
+ sizeof( mbedtls_test_cli_pwd_rsa_pem ) - 1;
+const size_t mbedtls_test_cli_crt_rsa_pem_len =
+ sizeof( mbedtls_test_cli_crt_rsa_pem );
+
+const size_t mbedtls_test_cli_crt_ec_der_len =
+ sizeof( mbedtls_test_cli_crt_ec_der );
+const size_t mbedtls_test_cli_key_ec_der_len =
+ sizeof( mbedtls_test_cli_key_ec_der );
+const size_t mbedtls_test_cli_key_rsa_der_len =
+ sizeof( mbedtls_test_cli_key_rsa_der );
+const size_t mbedtls_test_cli_crt_rsa_der_len =
+ sizeof( mbedtls_test_cli_crt_rsa_der );
+
+/*
+ *
+ * Definitions of test CRTs without specification of all parameters, choosing
+ * them automatically according to the config. For example, mbedtls_test_ca_crt
+ * is one of mbedtls_test_ca_crt_{rsa|ec}_{sha1|sha256}_{pem|der}.
+ *
+ */
+
+/*
+ * Dispatch between PEM and DER according to config
+ */
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+
+/* PEM encoded test CA certificates and keys */
+
+#define TEST_CA_KEY_RSA TEST_CA_KEY_RSA_PEM
+#define TEST_CA_PWD_RSA TEST_CA_PWD_RSA_PEM
+#define TEST_CA_CRT_RSA_SHA256 TEST_CA_CRT_RSA_SHA256_PEM
+#define TEST_CA_CRT_RSA_SHA1 TEST_CA_CRT_RSA_SHA1_PEM
+#define TEST_CA_KEY_EC TEST_CA_KEY_EC_PEM
+#define TEST_CA_PWD_EC TEST_CA_PWD_EC_PEM
+#define TEST_CA_CRT_EC TEST_CA_CRT_EC_PEM
+
+/* PEM encoded test server certificates and keys */
+
+#define TEST_SRV_KEY_RSA TEST_SRV_KEY_RSA_PEM
+#define TEST_SRV_PWD_RSA ""
+#define TEST_SRV_CRT_RSA_SHA256 TEST_SRV_CRT_RSA_SHA256_PEM
+#define TEST_SRV_CRT_RSA_SHA1 TEST_SRV_CRT_RSA_SHA1_PEM
+#define TEST_SRV_KEY_EC TEST_SRV_KEY_EC_PEM
+#define TEST_SRV_PWD_EC ""
+#define TEST_SRV_CRT_EC TEST_SRV_CRT_EC_PEM
+
+/* PEM encoded test client certificates and keys */
+
+#define TEST_CLI_KEY_RSA TEST_CLI_KEY_RSA_PEM
+#define TEST_CLI_PWD_RSA ""
+#define TEST_CLI_CRT_RSA TEST_CLI_CRT_RSA_PEM
+#define TEST_CLI_KEY_EC TEST_CLI_KEY_EC_PEM
+#define TEST_CLI_PWD_EC ""
+#define TEST_CLI_CRT_EC TEST_CLI_CRT_EC_PEM
+
+#else /* MBEDTLS_PEM_PARSE_C */
+
+/* DER encoded test CA certificates and keys */
+
+#define TEST_CA_KEY_RSA TEST_CA_KEY_RSA_DER
+#define TEST_CA_PWD_RSA ""
+#define TEST_CA_CRT_RSA_SHA256 TEST_CA_CRT_RSA_SHA256_DER
+#define TEST_CA_CRT_RSA_SHA1 TEST_CA_CRT_RSA_SHA1_DER
+#define TEST_CA_KEY_EC TEST_CA_KEY_EC_DER
+#define TEST_CA_PWD_EC ""
+#define TEST_CA_CRT_EC TEST_CA_CRT_EC_DER
+
+/* DER encoded test server certificates and keys */
+
+#define TEST_SRV_KEY_RSA TEST_SRV_KEY_RSA_DER
+#define TEST_SRV_PWD_RSA ""
+#define TEST_SRV_CRT_RSA_SHA256 TEST_SRV_CRT_RSA_SHA256_DER
+#define TEST_SRV_CRT_RSA_SHA1 TEST_SRV_CRT_RSA_SHA1_DER
+#define TEST_SRV_KEY_EC TEST_SRV_KEY_EC_DER
+#define TEST_SRV_PWD_EC ""
+#define TEST_SRV_CRT_EC TEST_SRV_CRT_EC_DER
+
+/* DER encoded test client certificates and keys */
+
+#define TEST_CLI_KEY_RSA TEST_CLI_KEY_RSA_DER
+#define TEST_CLI_PWD_RSA ""
+#define TEST_CLI_CRT_RSA TEST_CLI_CRT_RSA_DER
+#define TEST_CLI_KEY_EC TEST_CLI_KEY_EC_DER
+#define TEST_CLI_PWD_EC ""
+#define TEST_CLI_CRT_EC TEST_CLI_CRT_EC_DER
+
+#endif /* MBEDTLS_PEM_PARSE_C */
+
+const char mbedtls_test_ca_key_rsa[] = TEST_CA_KEY_RSA;
+const char mbedtls_test_ca_pwd_rsa[] = TEST_CA_PWD_RSA;
+const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256;
+const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1;
+const char mbedtls_test_ca_key_ec[] = TEST_CA_KEY_EC;
+const char mbedtls_test_ca_pwd_ec[] = TEST_CA_PWD_EC;
+const char mbedtls_test_ca_crt_ec[] = TEST_CA_CRT_EC;
+
+const char mbedtls_test_srv_key_rsa[] = TEST_SRV_KEY_RSA;
+const char mbedtls_test_srv_pwd_rsa[] = TEST_SRV_PWD_RSA;
+const char mbedtls_test_srv_crt_rsa_sha256[] = TEST_SRV_CRT_RSA_SHA256;
+const char mbedtls_test_srv_crt_rsa_sha1[] = TEST_SRV_CRT_RSA_SHA1;
+const char mbedtls_test_srv_key_ec[] = TEST_SRV_KEY_EC;
+const char mbedtls_test_srv_pwd_ec[] = TEST_SRV_PWD_EC;
+const char mbedtls_test_srv_crt_ec[] = TEST_SRV_CRT_EC;
+
+const char mbedtls_test_cli_key_rsa[] = TEST_CLI_KEY_RSA;
+const char mbedtls_test_cli_pwd_rsa[] = TEST_CLI_PWD_RSA;
+const char mbedtls_test_cli_crt_rsa[] = TEST_CLI_CRT_RSA;
+const char mbedtls_test_cli_key_ec[] = TEST_CLI_KEY_EC;
+const char mbedtls_test_cli_pwd_ec[] = TEST_CLI_PWD_EC;
+const char mbedtls_test_cli_crt_ec[] = TEST_CLI_CRT_EC;
+
+const size_t mbedtls_test_ca_key_rsa_len =
+ sizeof( mbedtls_test_ca_key_rsa );
+const size_t mbedtls_test_ca_pwd_rsa_len =
+ sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
+const size_t mbedtls_test_ca_crt_rsa_sha256_len =
+ sizeof( mbedtls_test_ca_crt_rsa_sha256 );
+const size_t mbedtls_test_ca_crt_rsa_sha1_len =
+ sizeof( mbedtls_test_ca_crt_rsa_sha1 );
+const size_t mbedtls_test_ca_key_ec_len =
+ sizeof( mbedtls_test_ca_key_ec );
+const size_t mbedtls_test_ca_pwd_ec_len =
+ sizeof( mbedtls_test_ca_pwd_ec ) - 1;
+const size_t mbedtls_test_ca_crt_ec_len =
+ sizeof( mbedtls_test_ca_crt_ec );
+
+const size_t mbedtls_test_srv_key_rsa_len =
+ sizeof( mbedtls_test_srv_key_rsa );
+const size_t mbedtls_test_srv_pwd_rsa_len =
+ sizeof( mbedtls_test_srv_pwd_rsa ) -1;
+const size_t mbedtls_test_srv_crt_rsa_sha256_len =
+ sizeof( mbedtls_test_srv_crt_rsa_sha256 );
+const size_t mbedtls_test_srv_crt_rsa_sha1_len =
+ sizeof( mbedtls_test_srv_crt_rsa_sha1 );
+const size_t mbedtls_test_srv_key_ec_len =
+ sizeof( mbedtls_test_srv_key_ec );
+const size_t mbedtls_test_srv_pwd_ec_len =
+ sizeof( mbedtls_test_srv_pwd_ec ) - 1;
+const size_t mbedtls_test_srv_crt_ec_len =
+ sizeof( mbedtls_test_srv_crt_ec );
+
+const size_t mbedtls_test_cli_key_rsa_len =
+ sizeof( mbedtls_test_cli_key_rsa );
+const size_t mbedtls_test_cli_pwd_rsa_len =
+ sizeof( mbedtls_test_cli_pwd_rsa ) - 1;
+const size_t mbedtls_test_cli_crt_rsa_len =
+ sizeof( mbedtls_test_cli_crt_rsa );
+const size_t mbedtls_test_cli_key_ec_len =
+ sizeof( mbedtls_test_cli_key_ec );
+const size_t mbedtls_test_cli_pwd_ec_len =
+ sizeof( mbedtls_test_cli_pwd_ec ) - 1;
+const size_t mbedtls_test_cli_crt_ec_len =
+ sizeof( mbedtls_test_cli_crt_ec );
+
+/*
+ * Dispatch between SHA-1 and SHA-256
+ */
+
+#if defined(MBEDTLS_SHA256_C)
+#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA256
+#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA256
+#else
+#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA1
+#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA1
+#endif /* MBEDTLS_SHA256_C */
+
+const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA;
+const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA;
+
+const size_t mbedtls_test_ca_crt_rsa_len =
+ sizeof( mbedtls_test_ca_crt_rsa );
+const size_t mbedtls_test_srv_crt_rsa_len =
+ sizeof( mbedtls_test_srv_crt_rsa );
+
+/*
+ * Dispatch between RSA and EC
+ */
#if defined(MBEDTLS_RSA_C)
-#if defined(MBEDTLS_SHA256_C)
-#define TEST_CA_CRT_RSA_SHA256 \
-"-----BEGIN CERTIFICATE-----\r\n" \
-"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \
-"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
-"MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \
-"A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \
-"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \
-"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \
-"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \
-"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \
-"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \
-"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \
-"gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA\r\n" \
-"FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE\r\n" \
-"CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T\r\n" \
-"BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHK/HHrTZMnnVMpde1io+voAtql7j\r\n" \
-"4sRhLrjD7o3THtwRbDa2diCvpq0Sq23Ng2LMYoXsOxoL/RQK3iN7UKxV3MKPEr0w\r\n" \
-"XQS+kKQqiT2bsfrjnWMVHZtUOMpm6FNqcdGm/Rss3vKda2lcKl8kUnq/ylc1+QbB\r\n" \
-"G6A6tUvQcr2ZyWfVg+mM5XkhTrOOXus2OLikb4WwEtJTJRNE0f+yPODSUz0/vT57\r\n" \
-"ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY\r\n" \
-"n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==\r\n" \
-"-----END CERTIFICATE-----\r\n"
+#define TEST_CA_KEY TEST_CA_KEY_RSA
+#define TEST_CA_PWD TEST_CA_PWD_RSA
+#define TEST_CA_CRT TEST_CA_CRT_RSA
-const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA256;
-const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa );
-#define TEST_CA_CRT_RSA_SOME
+#define TEST_SRV_KEY TEST_SRV_KEY_RSA
+#define TEST_SRV_PWD TEST_SRV_PWD_RSA
+#define TEST_SRV_CRT TEST_SRV_CRT_RSA
-static const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256;
+#define TEST_CLI_KEY TEST_CLI_KEY_RSA
+#define TEST_CLI_PWD TEST_CLI_PWD_RSA
+#define TEST_CLI_CRT TEST_CLI_CRT_RSA
-#endif
+#else /* no RSA, so assume ECDSA */
-#if !defined(TEST_CA_CRT_RSA_SOME) || defined(MBEDTLS_SHA1_C)
-#define TEST_CA_CRT_RSA_SHA1 \
-"-----BEGIN CERTIFICATE-----\r\n" \
-"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \
-"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
-"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \
-"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \
-"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \
-"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \
-"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \
-"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \
-"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \
-"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \
-"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" \
-"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" \
-"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" \
-"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" \
-"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" \
-"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" \
-"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" \
-"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \
-"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \
-"-----END CERTIFICATE-----\r\n"
+#define TEST_CA_KEY TEST_CA_KEY_EC
+#define TEST_CA_PWD TEST_CA_PWD_EC
+#define TEST_CA_CRT TEST_CA_CRT_EC
-#if !defined (TEST_CA_CRT_RSA_SOME)
-const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA1;
-const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa );
-#endif
+#define TEST_SRV_KEY TEST_SRV_KEY_EC
+#define TEST_SRV_PWD TEST_SRV_PWD_EC
+#define TEST_SRV_CRT TEST_SRV_CRT_EC
-static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1;
-
-#endif
-
-const char mbedtls_test_ca_key_rsa[] =
-"-----BEGIN RSA PRIVATE KEY-----\r\n"
-"Proc-Type: 4,ENCRYPTED\r\n"
-"DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B\r\n"
-"\r\n"
-"9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA\r\n"
-"7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl//8xFKwZr3Xb5yO5JUP8AUctQq\r\n"
-"Nb8CLlZyuUC+52REAAthdWgsX+7dJO4yabzUcQ22Tp9JSD0hiL43BlkWYUNK3dAo\r\n"
-"PZlmiptjnzVTjg1MxsBSydZinWOLBV8/JQgxSPo2yD4uEfig28qbvQ2wNIn0pnAb\r\n"
-"GxnSAOazkongEGfvcjIIs+LZN9gXFhxcOh6kc4Q/c99B7QWETwLLkYgZ+z1a9VY9\r\n"
-"gEU7CwCxYCD+h9hY6FPmsK0/lC4O7aeRKpYq00rPPxs6i7phiexg6ax6yTMmArQq\r\n"
-"QmK3TAsJm8V/J5AWpLEV6jAFgRGymGGHnof0DXzVWZidrcZJWTNuGEX90nB3ee2w\r\n"
-"PXJEFWKoD3K3aFcSLdHYr3mLGxP7H9ThQai9VsycxZKS5kwvBKQ//YMrmFfwPk8x\r\n"
-"vTeY4KZMaUrveEel5tWZC94RSMKgxR6cyE1nBXyTQnDOGbfpNNgBKxyKbINWoOJU\r\n"
-"WJZAwlsQn+QzCDwpri7+sV1mS3gBE6UY7aQmnmiiaC2V3Hbphxct/en5QsfDOt1X\r\n"
-"JczSfpRWLlbPznZg8OQh/VgCMA58N5DjOzTIK7sJJ5r+94ZBTCpgAMbF588f0NTR\r\n"
-"KCe4yrxGJR7X02M4nvD4IwOlpsQ8xQxZtOSgXv4LkxvdU9XJJKWZ/XNKJeWztxSe\r\n"
-"Z1vdTc2YfsDBA2SEv33vxHx2g1vqtw8SjDRT2RaQSS0QuSaMJimdOX6mTOCBKk1J\r\n"
-"9Q5mXTrER+/LnK0jEmXsBXWA5bqqVZIyahXSx4VYZ7l7w/PHiUDtDgyRhMMKi4n2\r\n"
-"iQvQcWSQTjrpnlJbca1/DkpRt3YwrvJwdqb8asZU2VrNETh5x0QVefDRLFiVpif/\r\n"
-"tUaeAe/P1F8OkS7OIZDs1SUbv/sD2vMbhNkUoCms3/PvNtdnvgL4F0zhaDpKCmlT\r\n"
-"P8vx49E7v5CyRNmED9zZg4o3wmMqrQO93PtTug3Eu9oVx1zPQM1NVMyBa2+f29DL\r\n"
-"1nuTCeXdo9+ni45xx+jAI4DCwrRdhJ9uzZyC6962H37H6D+5naNvClFR1s6li1Gb\r\n"
-"nqPoiy/OBsEx9CaDGcqQBp5Wme/3XW+6z1ISOx+igwNTVCT14mHdBMbya0eIKft5\r\n"
-"X+GnwtgEMyCYyyWuUct8g4RzErcY9+yW9Om5Hzpx4zOuW4NPZgPDTgK+t2RSL/Yq\r\n"
-"rE1njrgeGYcVeG3f+OftH4s6fPbq7t1A5ZgUscbLMBqr9tK+OqygR4EgKBPsH6Cz\r\n"
-"L6zlv/2RV0qAHvVuDJcIDIgwY5rJtINEm32rhOeFNJwZS5MNIC1czXZx5//ugX7l\r\n"
-"I4sy5nbVhwSjtAk8Xg5dZbdTZ6mIrb7xqH+fdakZor1khG7bC2uIwibD3cSl2XkR\r\n"
-"wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde\r\n"
-"P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n"
-"-----END RSA PRIVATE KEY-----\r\n";
-const size_t mbedtls_test_ca_key_rsa_len = sizeof( mbedtls_test_ca_key_rsa );
-
-const char mbedtls_test_ca_pwd_rsa[] = "PolarSSLTest";
-const size_t mbedtls_test_ca_pwd_rsa_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
-
-const char mbedtls_test_srv_crt_rsa[] =
-"-----BEGIN CERTIFICATE-----\r\n"
-"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
-"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
-"MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n"
-"A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n"
-"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n"
-"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n"
-"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n"
-"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n"
-"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n"
-"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n"
-"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n"
-"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJxnXClY\r\n"
-"oHkbp70cqBrsGXLybA74czbO5RdLEgFs7rHVS9r+c293luS/KdliLScZqAzYVylw\r\n"
-"UfRWvKMoWhHYKp3dEIS4xTXk6/5zXxhv9Rw8SGc8qn6vITHk1S1mPevtekgasY5Y\r\n"
-"iWQuM3h4YVlRH3HHEMAD1TnAexfXHHDFQGe+Bd1iAbz1/sH9H8l4StwX6egvTK3M\r\n"
-"wXRwkKkvjKaEDA9ATbZx0mI8LGsxSuCqe9r9dyjmttd47J1p1Rulz3CLzaRcVIuS\r\n"
-"RRQfaD8neM9c1S/iJ/amTVqJxA1KOdOS5780WhPfSArA+g4qAmSjelc3p4wWpha8\r\n"
-"zhuYwjVuX6JHG0c=\r\n"
-"-----END CERTIFICATE-----\r\n";
-const size_t mbedtls_test_srv_crt_rsa_len = sizeof( mbedtls_test_srv_crt_rsa );
-
-const char mbedtls_test_srv_key_rsa[] =
-"-----BEGIN RSA PRIVATE KEY-----\r\n"
-"MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n"
-"lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n"
-"2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n"
-"Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n"
-"GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n"
-"y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n"
-"++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n"
-"Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n"
-"/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n"
-"WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n"
-"GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n"
-"TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n"
-"CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n"
-"nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n"
-"AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n"
-"sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n"
-"mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n"
-"BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n"
-"whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n"
-"vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n"
-"3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n"
-"3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n"
-"ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n"
-"4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n"
-"TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n"
-"-----END RSA PRIVATE KEY-----\r\n";
-const size_t mbedtls_test_srv_key_rsa_len = sizeof( mbedtls_test_srv_key_rsa );
-
-const char mbedtls_test_cli_crt_rsa[] =
-"-----BEGIN CERTIFICATE-----\r\n"
-"MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n"
-"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
-"MTcwNTA1MTMwNzU5WhcNMjcwNTA2MTMwNzU5WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n"
-"A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n"
-"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n"
-"M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n"
-"1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n"
-"MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n"
-"4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n"
-"/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n"
-"o4GSMIGPMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITBjBgNVHSMEXDBa\r\n"
-"gBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNV\r\n"
-"BAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEAMAkGA1Ud\r\n"
-"EwQCMAAwDQYJKoZIhvcNAQELBQADggEBAC7yO786NvcHpK8UovKIG9cB32oSQQom\r\n"
-"LoR0eHDRzdqEkoq7yGZufHFiRAAzbMqJfogRtxlrWAeB4y/jGaMBV25IbFOIcH2W\r\n"
-"iCEaMMbG+VQLKNvuC63kmw/Zewc9ThM6Pa1Hcy0axT0faf1B/U01j0FIcw/6mTfK\r\n"
-"D8w48OIwc1yr0JtutCVjig5DC0yznGMt32RyseOLcUe+lfq005v2PAiCozr5X8rE\r\n"
-"ofGZpiM2NqRPePgYy+Vc75Zk28xkRQq1ncprgQb3S4vTsZdScpM9hLf+eMlrgqlj\r\n"
-"c5PLSkXBeLE5+fedkyfTaLxxQlgCpuoOhKBm04/R1pWNzUHyqagjO9Q=\r\n"
-"-----END CERTIFICATE-----\r\n";
-const size_t mbedtls_test_cli_crt_rsa_len = sizeof( mbedtls_test_cli_crt_rsa );
-
-const char mbedtls_test_cli_key_rsa[] =
-"-----BEGIN RSA PRIVATE KEY-----\r\n"
-"MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n"
-"B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n"
-"bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9\r\n"
-"Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH\r\n"
-"7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v\r\n"
-"dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst\r\n"
-"yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz\r\n"
-"4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt\r\n"
-"ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA\r\n"
-"zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d\r\n"
-"l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf\r\n"
-"DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT\r\n"
-"VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL\r\n"
-"Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7\r\n"
-"wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys\r\n"
-"c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi\r\n"
-"33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60\r\n"
-"ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0\r\n"
-"BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW\r\n"
-"KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+\r\n"
-"UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc\r\n"
-"7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq\r\n"
-"gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu\r\n"
-"bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n"
-"8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n"
-"-----END RSA PRIVATE KEY-----\r\n";
-const size_t mbedtls_test_cli_key_rsa_len = sizeof( mbedtls_test_cli_key_rsa );
+#define TEST_CLI_KEY TEST_CLI_KEY_EC
+#define TEST_CLI_PWD TEST_CLI_PWD_EC
+#define TEST_CLI_CRT TEST_CLI_CRT_EC
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_PEM_PARSE_C)
-/* Concatenation of all available CA certificates */
-const char mbedtls_test_cas_pem[] =
-#ifdef TEST_CA_CRT_RSA_SHA1
- TEST_CA_CRT_RSA_SHA1
-#endif
-#ifdef TEST_CA_CRT_RSA_SHA256
- TEST_CA_CRT_RSA_SHA256
-#endif
-#ifdef TEST_CA_CRT_EC
- TEST_CA_CRT_EC
-#endif
- "";
-const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem );
-#endif
+/* API stability forces us to declare
+ * mbedtls_test_{ca|srv|cli}_{key|pwd|crt}
+ * as pointers. */
+static const char test_ca_key[] = TEST_CA_KEY;
+static const char test_ca_pwd[] = TEST_CA_PWD;
+static const char test_ca_crt[] = TEST_CA_CRT;
-/* List of all available CA certificates */
+static const char test_srv_key[] = TEST_SRV_KEY;
+static const char test_srv_pwd[] = TEST_SRV_PWD;
+static const char test_srv_crt[] = TEST_SRV_CRT;
+
+static const char test_cli_key[] = TEST_CLI_KEY;
+static const char test_cli_pwd[] = TEST_CLI_PWD;
+static const char test_cli_crt[] = TEST_CLI_CRT;
+
+const char *mbedtls_test_ca_key = test_ca_key;
+const char *mbedtls_test_ca_pwd = test_ca_pwd;
+const char *mbedtls_test_ca_crt = test_ca_crt;
+
+const char *mbedtls_test_srv_key = test_srv_key;
+const char *mbedtls_test_srv_pwd = test_srv_pwd;
+const char *mbedtls_test_srv_crt = test_srv_crt;
+
+const char *mbedtls_test_cli_key = test_cli_key;
+const char *mbedtls_test_cli_pwd = test_cli_pwd;
+const char *mbedtls_test_cli_crt = test_cli_crt;
+
+const size_t mbedtls_test_ca_key_len =
+ sizeof( test_ca_key );
+const size_t mbedtls_test_ca_pwd_len =
+ sizeof( test_ca_pwd ) - 1;
+const size_t mbedtls_test_ca_crt_len =
+ sizeof( test_ca_crt );
+
+const size_t mbedtls_test_srv_key_len =
+ sizeof( test_srv_key );
+const size_t mbedtls_test_srv_pwd_len =
+ sizeof( test_srv_pwd ) - 1;
+const size_t mbedtls_test_srv_crt_len =
+ sizeof( test_srv_crt );
+
+const size_t mbedtls_test_cli_key_len =
+ sizeof( test_cli_key );
+const size_t mbedtls_test_cli_pwd_len =
+ sizeof( test_cli_pwd ) - 1;
+const size_t mbedtls_test_cli_crt_len =
+ sizeof( test_cli_crt );
+
+/*
+ *
+ * Lists of certificates
+ *
+ */
+
+/* List of CAs in PEM or DER, depending on config */
const char * mbedtls_test_cas[] = {
-#if defined(TEST_CA_CRT_RSA_SHA1)
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C)
mbedtls_test_ca_crt_rsa_sha1,
#endif
-#if defined(TEST_CA_CRT_RSA_SHA256)
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
mbedtls_test_ca_crt_rsa_sha256,
#endif
#if defined(MBEDTLS_ECDSA_C)
@@ -356,10 +1688,10 @@
NULL
};
const size_t mbedtls_test_cas_len[] = {
-#if defined(TEST_CA_CRT_RSA_SHA1)
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C)
sizeof( mbedtls_test_ca_crt_rsa_sha1 ),
#endif
-#if defined(TEST_CA_CRT_RSA_SHA256)
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
sizeof( mbedtls_test_ca_crt_rsa_sha256 ),
#endif
#if defined(MBEDTLS_ECDSA_C)
@@ -368,36 +1700,53 @@
0
};
+/* List of all available CA certificates in DER format */
+const unsigned char * mbedtls_test_cas_der[] = {
#if defined(MBEDTLS_RSA_C)
-const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa; /* SHA1 or SHA256 */
-const char *mbedtls_test_ca_key = mbedtls_test_ca_key_rsa;
-const char *mbedtls_test_ca_pwd = mbedtls_test_ca_pwd_rsa;
-const char *mbedtls_test_srv_crt = mbedtls_test_srv_crt_rsa;
-const char *mbedtls_test_srv_key = mbedtls_test_srv_key_rsa;
-const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa;
-const char *mbedtls_test_cli_key = mbedtls_test_cli_key_rsa;
-const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa );
-const size_t mbedtls_test_ca_key_len = sizeof( mbedtls_test_ca_key_rsa );
-const size_t mbedtls_test_ca_pwd_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
-const size_t mbedtls_test_srv_crt_len = sizeof( mbedtls_test_srv_crt_rsa );
-const size_t mbedtls_test_srv_key_len = sizeof( mbedtls_test_srv_key_rsa );
-const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa );
-const size_t mbedtls_test_cli_key_len = sizeof( mbedtls_test_cli_key_rsa );
-#else /* ! MBEDTLS_RSA_C, so MBEDTLS_ECDSA_C */
-const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_ec;
-const char *mbedtls_test_ca_key = mbedtls_test_ca_key_ec;
-const char *mbedtls_test_ca_pwd = mbedtls_test_ca_pwd_ec;
-const char *mbedtls_test_srv_crt = mbedtls_test_srv_crt_ec;
-const char *mbedtls_test_srv_key = mbedtls_test_srv_key_ec;
-const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_ec;
-const char *mbedtls_test_cli_key = mbedtls_test_cli_key_ec;
-const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_ec );
-const size_t mbedtls_test_ca_key_len = sizeof( mbedtls_test_ca_key_ec );
-const size_t mbedtls_test_ca_pwd_len = sizeof( mbedtls_test_ca_pwd_ec ) - 1;
-const size_t mbedtls_test_srv_crt_len = sizeof( mbedtls_test_srv_crt_ec );
-const size_t mbedtls_test_srv_key_len = sizeof( mbedtls_test_srv_key_ec );
-const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_ec );
-const size_t mbedtls_test_cli_key_len = sizeof( mbedtls_test_cli_key_ec );
+#if defined(MBEDTLS_SHA256_C)
+ mbedtls_test_ca_crt_rsa_sha256_der,
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA1_C)
+ mbedtls_test_ca_crt_rsa_sha1_der,
+#endif /* MBEDTLS_SHA1_C */
#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECDSA_C)
+ mbedtls_test_ca_crt_ec_der,
+#endif /* MBEDTLS_ECDSA_C */
+ NULL
+};
+
+const size_t mbedtls_test_cas_der_len[] = {
+#if defined(MBEDTLS_RSA_C)
+#if defined(MBEDTLS_SHA256_C)
+ sizeof( mbedtls_test_ca_crt_rsa_sha256_der ),
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA1_C)
+ sizeof( mbedtls_test_ca_crt_rsa_sha1_der ),
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECDSA_C)
+ sizeof( mbedtls_test_ca_crt_ec_der ),
+#endif /* MBEDTLS_ECDSA_C */
+ 0
+};
+
+/* Concatenation of all available CA certificates in PEM format */
+#if defined(MBEDTLS_PEM_PARSE_C)
+const char mbedtls_test_cas_pem[] =
+#if defined(MBEDTLS_RSA_C)
+#if defined(MBEDTLS_SHA256_C)
+ TEST_CA_CRT_RSA_SHA256_PEM
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA1_C)
+ TEST_CA_CRT_RSA_SHA1_PEM
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECDSA_C)
+ TEST_CA_CRT_EC_PEM
+#endif /* MBEDTLS_ECDSA_C */
+ "";
+const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem );
+#endif /* MBEDTLS_PEM_PARSE_C */
#endif /* MBEDTLS_CERTS_C */
diff --git a/library/chacha20.c b/library/chacha20.c
index d14a51e..8a3610f 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -53,15 +53,21 @@
#define inline __inline
#endif
+/* Parameter validation macros */
+#define CHACHA20_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
+#define CHACHA20_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
#define BYTES_TO_U32_LE( data, offset ) \
- ( (uint32_t) data[offset] \
- | (uint32_t) ( (uint32_t) data[( offset ) + 1] << 8 ) \
- | (uint32_t) ( (uint32_t) data[( offset ) + 2] << 16 ) \
- | (uint32_t) ( (uint32_t) data[( offset ) + 3] << 24 ) \
+ ( (uint32_t) (data)[offset] \
+ | (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 ) \
+ | (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 ) \
+ | (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 ) \
)
#define ROTL32( value, amount ) \
- ( (uint32_t) ( value << amount ) | ( value >> ( 32 - amount ) ) )
+ ( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) )
#define CHACHA20_CTR_INDEX ( 12U )
@@ -181,14 +187,13 @@
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
{
- if( ctx != NULL )
- {
- mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
- mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
+ CHACHA20_VALIDATE( ctx != NULL );
- /* Initially, there's no keystream bytes available */
- ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
- }
+ mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
+ mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
+
+ /* Initially, there's no keystream bytes available */
+ ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
}
void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
@@ -202,10 +207,8 @@
int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
const unsigned char key[32] )
{
- if( ( ctx == NULL ) || ( key == NULL ) )
- {
- return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
- }
+ CHACHA20_VALIDATE_RET( ctx != NULL );
+ CHACHA20_VALIDATE_RET( key != NULL );
/* ChaCha20 constants - the string "expand 32-byte k" */
ctx->state[0] = 0x61707865;
@@ -230,10 +233,8 @@
const unsigned char nonce[12],
uint32_t counter )
{
- if( ( ctx == NULL ) || ( nonce == NULL ) )
- {
- return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
- }
+ CHACHA20_VALIDATE_RET( ctx != NULL );
+ CHACHA20_VALIDATE_RET( nonce != NULL );
/* Counter */
ctx->state[12] = counter;
@@ -259,15 +260,9 @@
size_t offset = 0U;
size_t i;
- if( ctx == NULL )
- {
- return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
- }
- else if( ( size > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
- {
- /* input and output pointers are allowed to be NULL only if size == 0 */
- return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
- }
+ CHACHA20_VALIDATE_RET( ctx != NULL );
+ CHACHA20_VALIDATE_RET( size == 0 || input != NULL );
+ CHACHA20_VALIDATE_RET( size == 0 || output != NULL );
/* Use leftover keystream bytes, if available */
while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
@@ -332,6 +327,11 @@
mbedtls_chacha20_context ctx;
int ret;
+ CHACHA20_VALIDATE_RET( key != NULL );
+ CHACHA20_VALIDATE_RET( nonce != NULL );
+ CHACHA20_VALIDATE_RET( data_len == 0 || input != NULL );
+ CHACHA20_VALIDATE_RET( data_len == 0 || output != NULL );
+
mbedtls_chacha20_init( &ctx );
ret = mbedtls_chacha20_setkey( &ctx, key );
diff --git a/library/chachapoly.c b/library/chachapoly.c
index 860f877..dc643dd 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -44,6 +44,12 @@
#if !defined(MBEDTLS_CHACHAPOLY_ALT)
+/* Parameter validation macros */
+#define CHACHAPOLY_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )
+#define CHACHAPOLY_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
#define CHACHAPOLY_STATE_INIT ( 0 )
#define CHACHAPOLY_STATE_AAD ( 1 )
#define CHACHAPOLY_STATE_CIPHERTEXT ( 2 ) /* Encrypting or decrypting */
@@ -90,39 +96,35 @@
void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
{
- if( ctx != NULL )
- {
- mbedtls_chacha20_init( &ctx->chacha20_ctx );
- mbedtls_poly1305_init( &ctx->poly1305_ctx );
- ctx->aad_len = 0U;
- ctx->ciphertext_len = 0U;
- ctx->state = CHACHAPOLY_STATE_INIT;
- ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
- }
+ CHACHAPOLY_VALIDATE( ctx != NULL );
+
+ mbedtls_chacha20_init( &ctx->chacha20_ctx );
+ mbedtls_poly1305_init( &ctx->poly1305_ctx );
+ ctx->aad_len = 0U;
+ ctx->ciphertext_len = 0U;
+ ctx->state = CHACHAPOLY_STATE_INIT;
+ ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
}
void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx )
{
- if( ctx != NULL )
- {
- mbedtls_chacha20_free( &ctx->chacha20_ctx );
- mbedtls_poly1305_free( &ctx->poly1305_ctx );
- ctx->aad_len = 0U;
- ctx->ciphertext_len = 0U;
- ctx->state = CHACHAPOLY_STATE_INIT;
- ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
- }
+ if( ctx == NULL )
+ return;
+
+ mbedtls_chacha20_free( &ctx->chacha20_ctx );
+ mbedtls_poly1305_free( &ctx->poly1305_ctx );
+ ctx->aad_len = 0U;
+ ctx->ciphertext_len = 0U;
+ ctx->state = CHACHAPOLY_STATE_INIT;
+ ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
}
int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
const unsigned char key[32] )
{
int ret;
-
- if( ( ctx == NULL ) || ( key == NULL ) )
- {
- return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- }
+ CHACHAPOLY_VALIDATE_RET( ctx != NULL );
+ CHACHAPOLY_VALIDATE_RET( key != NULL );
ret = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key );
@@ -135,11 +137,8 @@
{
int ret;
unsigned char poly1305_key[64];
-
- if( ( ctx == NULL ) || ( nonce == NULL ) )
- {
- return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- }
+ CHACHAPOLY_VALIDATE_RET( ctx != NULL );
+ CHACHAPOLY_VALIDATE_RET( nonce != NULL );
/* Set counter = 0, will be update to 1 when generating Poly1305 key */
ret = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U );
@@ -176,19 +175,11 @@
const unsigned char *aad,
size_t aad_len )
{
- if( ctx == NULL )
- {
- return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- }
- else if( ( aad_len > 0U ) && ( aad == NULL ) )
- {
- /* aad pointer is allowed to be NULL if aad_len == 0 */
- return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- }
- else if( ctx->state != CHACHAPOLY_STATE_AAD )
- {
+ CHACHAPOLY_VALIDATE_RET( ctx != NULL );
+ CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
+
+ if( ctx->state != CHACHAPOLY_STATE_AAD )
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
- }
ctx->aad_len += aad_len;
@@ -201,18 +192,12 @@
unsigned char *output )
{
int ret;
+ CHACHAPOLY_VALIDATE_RET( ctx != NULL );
+ CHACHAPOLY_VALIDATE_RET( len == 0 || input != NULL );
+ CHACHAPOLY_VALIDATE_RET( len == 0 || output != NULL );
- if( ctx == NULL )
- {
- return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- }
- else if( ( len > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
- {
- /* input and output pointers are allowed to be NULL if len == 0 */
- return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- }
- else if( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
- ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
+ if( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
+ ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
{
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
}
@@ -257,12 +242,10 @@
{
int ret;
unsigned char len_block[16];
+ CHACHAPOLY_VALIDATE_RET( ctx != NULL );
+ CHACHAPOLY_VALIDATE_RET( mac != NULL );
- if( ( ctx == NULL ) || ( mac == NULL ) )
- {
- return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- }
- else if( ctx->state == CHACHAPOLY_STATE_INIT )
+ if( ctx->state == CHACHAPOLY_STATE_INIT )
{
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
}
@@ -350,6 +333,13 @@
unsigned char *output,
unsigned char tag[16] )
{
+ CHACHAPOLY_VALIDATE_RET( ctx != NULL );
+ CHACHAPOLY_VALIDATE_RET( nonce != NULL );
+ CHACHAPOLY_VALIDATE_RET( tag != NULL );
+ CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
+ CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL );
+ CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL );
+
return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
length, nonce, aad, aad_len,
input, output, tag ) );
@@ -368,9 +358,12 @@
unsigned char check_tag[16];
size_t i;
int diff;
-
- if( tag == NULL )
- return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+ CHACHAPOLY_VALIDATE_RET( ctx != NULL );
+ CHACHAPOLY_VALIDATE_RET( nonce != NULL );
+ CHACHAPOLY_VALIDATE_RET( tag != NULL );
+ CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
+ CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL );
+ CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL );
if( ( ret = chachapoly_crypt_and_tag( ctx,
MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
diff --git a/library/cipher.c b/library/cipher.c
index 7ae6c4a..3cdd07f 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -58,6 +58,15 @@
#include "mbedtls/cmac.h"
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#include "mbedtls/psa_util.h"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_NIST_KW_C)
+#include "mbedtls/nist_kw.h"
+#endif
+
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
@@ -65,13 +74,19 @@
#define mbedtls_free free
#endif
+#define CIPHER_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA )
+#define CIPHER_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/* Compare the contents of two buffers in constant time.
* Returns 0 if the contents are bitwise identical, otherwise returns
* a non-zero value.
* This is currently only used by GCM and ChaCha20+Poly1305.
*/
-static int mbedtls_constant_time_memcmp( const void *v1, const void *v2, size_t len )
+static int mbedtls_constant_time_memcmp( const void *v1, const void *v2,
+ size_t len )
{
const unsigned char *p1 = (const unsigned char*) v1;
const unsigned char *p2 = (const unsigned char*) v2;
@@ -81,7 +96,7 @@
for( diff = 0, i = 0; i < len; i++ )
diff |= p1[i] ^ p2[i];
- return (int)diff;
+ return( (int)diff );
}
#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
@@ -108,7 +123,8 @@
return( mbedtls_cipher_supported );
}
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type )
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type(
+ const mbedtls_cipher_type_t cipher_type )
{
const mbedtls_cipher_definition_t *def;
@@ -119,7 +135,8 @@
return( NULL );
}
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name )
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string(
+ const char *cipher_name )
{
const mbedtls_cipher_definition_t *def;
@@ -133,9 +150,10 @@
return( NULL );
}
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
- int key_bitlen,
- const mbedtls_cipher_mode_t mode )
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values(
+ const mbedtls_cipher_id_t cipher_id,
+ int key_bitlen,
+ const mbedtls_cipher_mode_t mode )
{
const mbedtls_cipher_definition_t *def;
@@ -150,6 +168,7 @@
void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx )
{
+ CIPHER_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
}
@@ -158,6 +177,29 @@
if( ctx == NULL )
return;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ctx->psa_enabled == 1 )
+ {
+ if( ctx->cipher_ctx != NULL )
+ {
+ mbedtls_cipher_context_psa * const cipher_psa =
+ (mbedtls_cipher_context_psa *) ctx->cipher_ctx;
+
+ if( cipher_psa->slot_state == MBEDTLS_CIPHER_PSA_KEY_OWNED )
+ {
+ /* xxx_free() doesn't allow to return failures. */
+ (void) psa_destroy_key( cipher_psa->slot );
+ }
+
+ mbedtls_platform_zeroize( cipher_psa, sizeof( *cipher_psa ) );
+ mbedtls_free( cipher_psa );
+ }
+
+ mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
+ return;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_CMAC_C)
if( ctx->cmac_ctx )
{
@@ -173,9 +215,11 @@
mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
}
-int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info )
+int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
+ const mbedtls_cipher_info_t *cipher_info )
{
- if( NULL == cipher_info || NULL == ctx )
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ if( cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
@@ -199,12 +243,116 @@
return( 0 );
}
-int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
- int key_bitlen, const mbedtls_operation_t operation )
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
+ const mbedtls_cipher_info_t *cipher_info,
+ size_t taglen )
{
- if( NULL == ctx || NULL == ctx->cipher_info )
+ psa_algorithm_t alg;
+ mbedtls_cipher_context_psa *cipher_psa;
+
+ if( NULL == cipher_info || NULL == ctx )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ /* Check that the underlying cipher mode and cipher type are
+ * supported by the underlying PSA Crypto implementation. */
+ alg = mbedtls_psa_translate_cipher_mode( cipher_info->mode, taglen );
+ if( alg == 0 )
+ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ if( mbedtls_psa_translate_cipher_type( cipher_info->type ) == 0 )
+ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+
+ memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
+
+ cipher_psa = mbedtls_calloc( 1, sizeof(mbedtls_cipher_context_psa ) );
+ if( cipher_psa == NULL )
+ return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
+ cipher_psa->alg = alg;
+ ctx->cipher_ctx = cipher_psa;
+ ctx->cipher_info = cipher_info;
+ ctx->psa_enabled = 1;
+ return( 0 );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
+ const unsigned char *key,
+ int key_bitlen,
+ const mbedtls_operation_t operation )
+{
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( key != NULL );
+ CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT ||
+ operation == MBEDTLS_DECRYPT );
+ if( ctx->cipher_info == NULL )
+ return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ctx->psa_enabled == 1 )
+ {
+ mbedtls_cipher_context_psa * const cipher_psa =
+ (mbedtls_cipher_context_psa *) ctx->cipher_ctx;
+
+ size_t const key_bytelen = ( (size_t) key_bitlen + 7 ) / 8;
+
+ psa_status_t status;
+ psa_key_type_t key_type;
+ psa_key_usage_t key_usage;
+ psa_key_policy_t key_policy;
+
+ /* PSA Crypto API only accepts byte-aligned keys. */
+ if( key_bitlen % 8 != 0 )
+ return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+ /* Don't allow keys to be set multiple times. */
+ if( cipher_psa->slot_state != MBEDTLS_CIPHER_PSA_KEY_UNSET )
+ return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+ key_type = mbedtls_psa_translate_cipher_type(
+ ctx->cipher_info->type );
+ if( key_type == 0 )
+ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+
+ /* Allocate a key slot to use. */
+ status = psa_allocate_key( &cipher_psa->slot );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+
+ /* Indicate that we own the key slot and need to
+ * destroy it in mbedtls_cipher_free(). */
+ cipher_psa->slot_state = MBEDTLS_CIPHER_PSA_KEY_OWNED;
+
+ /* From that point on, the responsibility for destroying the
+ * key slot is on mbedtls_cipher_free(). This includes the case
+ * where the policy setup or key import below fail, as
+ * mbedtls_cipher_free() needs to be called in any case. */
+
+ /* Setup policy for the new key slot. */
+ key_policy = psa_key_policy_init();
+
+ /* Mbed TLS' cipher layer doesn't enforce the mode of operation
+ * (encrypt vs. decrypt): it is possible to setup a key for encryption
+ * and use it for AEAD decryption. Until tests relying on this
+ * are changed, allow any usage in PSA. */
+ /* key_usage = mbedtls_psa_translate_cipher_operation( operation ); */
+ key_usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
+ psa_key_policy_set_usage( &key_policy, key_usage, cipher_psa->alg );
+ status = psa_set_key_policy( cipher_psa->slot, &key_policy );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+
+ /* Populate new key slot. */
+ status = psa_import_key( cipher_psa->slot,
+ key_type, key, key_bytelen );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+
+ ctx->key_bitlen = key_bitlen;
+ ctx->operation = operation;
+ return( 0 );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
(int) ctx->cipher_info->key_bitlen != key_bitlen )
{
@@ -222,24 +370,36 @@
MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
MBEDTLS_MODE_CTR == ctx->cipher_info->mode )
{
- return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
- ctx->key_bitlen );
+ return( ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
+ ctx->key_bitlen ) );
}
if( MBEDTLS_DECRYPT == operation )
- return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
- ctx->key_bitlen );
+ return( ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
+ ctx->key_bitlen ) );
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
- const unsigned char *iv, size_t iv_len )
+ const unsigned char *iv,
+ size_t iv_len )
{
size_t actual_iv_size;
- if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
+ if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ctx->psa_enabled == 1 )
+ {
+ /* While PSA Crypto has an API for multipart
+ * operations, we currently don't make it
+ * accessible through the cipher layer. */
+ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* avoid buffer overflow in ctx->iv */
if( iv_len > MBEDTLS_MAX_IV_LENGTH )
@@ -268,17 +428,30 @@
}
#endif
- memcpy( ctx->iv, iv, actual_iv_size );
- ctx->iv_size = actual_iv_size;
+ if ( actual_iv_size != 0 )
+ {
+ memcpy( ctx->iv, iv, actual_iv_size );
+ ctx->iv_size = actual_iv_size;
+ }
return( 0 );
}
int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
{
- if( NULL == ctx || NULL == ctx->cipher_info )
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ctx->psa_enabled == 1 )
+ {
+ /* We don't support resetting PSA-based
+ * cipher contexts, yet. */
+ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
ctx->unprocessed_len = 0;
return( 0 );
@@ -288,14 +461,26 @@
int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len )
{
- if( NULL == ctx || NULL == ctx->cipher_info )
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
+ if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ctx->psa_enabled == 1 )
+ {
+ /* While PSA Crypto has an API for multipart
+ * operations, we currently don't make it
+ * accessible through the cipher layer. */
+ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
{
- return mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation,
- ctx->iv, ctx->iv_size, ad, ad_len );
+ return( mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation,
+ ctx->iv, ctx->iv_size, ad, ad_len ) );
}
#endif
@@ -315,8 +500,8 @@
if ( result != 0 )
return( result );
- return mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
- ad, ad_len );
+ return( mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
+ ad, ad_len ) );
}
#endif
@@ -328,12 +513,24 @@
size_t ilen, unsigned char *output, size_t *olen )
{
int ret;
- size_t block_size = 0;
+ size_t block_size;
- if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
- {
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
+ CIPHER_VALIDATE_RET( output != NULL );
+ CIPHER_VALIDATE_RET( olen != NULL );
+ if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ctx->psa_enabled == 1 )
+ {
+ /* While PSA Crypto has an API for multipart
+ * operations, we currently don't make it
+ * accessible through the cipher layer. */
+ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
*olen = 0;
block_size = mbedtls_cipher_get_block_size( ctx );
@@ -358,8 +555,8 @@
if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM )
{
*olen = ilen;
- return mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input,
- output );
+ return( mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input,
+ output ) );
}
#endif
@@ -367,14 +564,14 @@
if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
{
*olen = ilen;
- return mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
- ilen, input, output );
+ return( mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
+ ilen, input, output ) );
}
#endif
if ( 0 == block_size )
{
- return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
+ return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
}
if( input == output &&
@@ -437,7 +634,7 @@
{
if( 0 == block_size )
{
- return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
+ return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
}
/* Encryption: only cache partial blocks
@@ -738,9 +935,22 @@
int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
unsigned char *output, size_t *olen )
{
- if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( output != NULL );
+ CIPHER_VALIDATE_RET( olen != NULL );
+ if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ctx->psa_enabled == 1 )
+ {
+ /* While PSA Crypto has an API for multipart
+ * operations, we currently don't make it
+ * accessible through the cipher layer. */
+ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
*olen = 0;
if( MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
@@ -808,8 +1018,8 @@
/* Set output size for decryption */
if( MBEDTLS_DECRYPT == ctx->operation )
- return ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ),
- olen );
+ return( ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ),
+ olen ) );
/* Set output size for encryption */
*olen = mbedtls_cipher_get_block_size( ctx );
@@ -823,14 +1033,29 @@
}
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode )
+int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
+ mbedtls_cipher_padding_t mode )
{
- if( NULL == ctx ||
- MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
+ CIPHER_VALIDATE_RET( ctx != NULL );
+
+ if( NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ctx->psa_enabled == 1 )
+ {
+ /* While PSA Crypto knows about CBC padding
+ * schemes, we currently don't make them
+ * accessible through the cipher layer. */
+ if( mode != MBEDTLS_PADDING_NONE )
+ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+
+ return( 0 );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
switch( mode )
{
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
@@ -874,15 +1099,30 @@
int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
unsigned char *tag, size_t tag_len )
{
- if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
+ if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
if( MBEDTLS_ENCRYPT != ctx->operation )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ctx->psa_enabled == 1 )
+ {
+ /* While PSA Crypto has an API for multipart
+ * operations, we currently don't make it
+ * accessible through the cipher layer. */
+ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+
+ return( 0 );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
- return mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx, tag, tag_len );
+ return( mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx,
+ tag, tag_len ) );
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
@@ -892,8 +1132,8 @@
if ( tag_len != 16U )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- return mbedtls_chachapoly_finish( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
- tag );
+ return( mbedtls_chachapoly_finish(
+ (mbedtls_chachapoly_context*) ctx->cipher_ctx, tag ) );
}
#endif
@@ -906,20 +1146,35 @@
unsigned char check_tag[16];
int ret;
- if( NULL == ctx || NULL == ctx->cipher_info ||
- MBEDTLS_DECRYPT != ctx->operation )
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
+ if( ctx->cipher_info == NULL )
+ return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+ if( MBEDTLS_DECRYPT != ctx->operation )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ctx->psa_enabled == 1 )
+ {
+ /* While PSA Crypto has an API for multipart
+ * operations, we currently don't make it
+ * accessible through the cipher layer. */
+ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
{
if( tag_len > sizeof( check_tag ) )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- if( 0 != ( ret = mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx,
- check_tag, tag_len ) ) )
+ if( 0 != ( ret = mbedtls_gcm_finish(
+ (mbedtls_gcm_context *) ctx->cipher_ctx,
+ check_tag, tag_len ) ) )
{
return( ret );
}
@@ -939,8 +1194,8 @@
if ( tag_len != sizeof( check_tag ) )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- ret = mbedtls_chachapoly_finish( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
- check_tag );
+ ret = mbedtls_chachapoly_finish(
+ (mbedtls_chachapoly_context*) ctx->cipher_ctx, check_tag );
if ( ret != 0 )
{
return( ret );
@@ -969,16 +1224,82 @@
int ret;
size_t finish_olen;
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
+ CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
+ CIPHER_VALIDATE_RET( output != NULL );
+ CIPHER_VALIDATE_RET( olen != NULL );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ctx->psa_enabled == 1 )
+ {
+ /* As in the non-PSA case, we don't check that
+ * a key has been set. If not, the key slot will
+ * still be in its default state of 0, which is
+ * guaranteed to be invalid, hence the PSA-call
+ * below will gracefully fail. */
+ mbedtls_cipher_context_psa * const cipher_psa =
+ (mbedtls_cipher_context_psa *) ctx->cipher_ctx;
+
+ psa_status_t status;
+ psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
+ size_t part_len;
+
+ if( ctx->operation == MBEDTLS_DECRYPT )
+ {
+ status = psa_cipher_decrypt_setup( &cipher_op,
+ cipher_psa->slot,
+ cipher_psa->alg );
+ }
+ else if( ctx->operation == MBEDTLS_ENCRYPT )
+ {
+ status = psa_cipher_encrypt_setup( &cipher_op,
+ cipher_psa->slot,
+ cipher_psa->alg );
+ }
+ else
+ return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+ /* In the following, we can immediately return on an error,
+ * because the PSA Crypto API guarantees that cipher operations
+ * are terminated by unsuccessful calls to psa_cipher_update(),
+ * and by any call to psa_cipher_finish(). */
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+
+ status = psa_cipher_set_iv( &cipher_op, iv, iv_len );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+
+ status = psa_cipher_update( &cipher_op,
+ input, ilen,
+ output, ilen, olen );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+
+ status = psa_cipher_finish( &cipher_op,
+ output + *olen, ilen - *olen,
+ &part_len );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+
+ *olen += part_len;
+ return( 0 );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
return( ret );
if( ( ret = mbedtls_cipher_reset( ctx ) ) != 0 )
return( ret );
- if( ( ret = mbedtls_cipher_update( ctx, input, ilen, output, olen ) ) != 0 )
+ if( ( ret = mbedtls_cipher_update( ctx, input, ilen,
+ output, olen ) ) != 0 )
return( ret );
- if( ( ret = mbedtls_cipher_finish( ctx, output + *olen, &finish_olen ) ) != 0 )
+ if( ( ret = mbedtls_cipher_finish( ctx, output + *olen,
+ &finish_olen ) ) != 0 )
return( ret );
*olen += finish_olen;
@@ -997,13 +1318,53 @@
unsigned char *output, size_t *olen,
unsigned char *tag, size_t tag_len )
{
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( iv != NULL );
+ CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
+ CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
+ CIPHER_VALIDATE_RET( output != NULL );
+ CIPHER_VALIDATE_RET( olen != NULL );
+ CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ctx->psa_enabled == 1 )
+ {
+ /* As in the non-PSA case, we don't check that
+ * a key has been set. If not, the key slot will
+ * still be in its default state of 0, which is
+ * guaranteed to be invalid, hence the PSA-call
+ * below will gracefully fail. */
+ mbedtls_cipher_context_psa * const cipher_psa =
+ (mbedtls_cipher_context_psa *) ctx->cipher_ctx;
+
+ psa_status_t status;
+
+ /* PSA Crypto API always writes the authentication tag
+ * at the end of the encrypted message. */
+ if( tag != output + ilen )
+ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+
+ status = psa_aead_encrypt( cipher_psa->slot,
+ cipher_psa->alg,
+ iv, iv_len,
+ ad, ad_len,
+ input, ilen,
+ output, ilen + tag_len, olen );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+
+ *olen -= tag_len;
+ return( 0 );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
{
*olen = ilen;
- return( mbedtls_gcm_crypt_and_tag( ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT, ilen,
- iv, iv_len, ad, ad_len, input, output,
- tag_len, tag ) );
+ return( mbedtls_gcm_crypt_and_tag( ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT,
+ ilen, iv, iv_len, ad, ad_len,
+ input, output, tag_len, tag ) );
}
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
@@ -1030,6 +1391,22 @@
ilen, iv, ad, ad_len, input, output, tag ) );
}
#endif /* MBEDTLS_CHACHAPOLY_C */
+#if defined(MBEDTLS_NIST_KW_C)
+ if( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
+ MBEDTLS_MODE_KWP == ctx->cipher_info->mode )
+ {
+ mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ?
+ MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
+
+ /* There is no iv, tag or ad associated with KW and KWP, these length should be 0 */
+ if( iv_len != 0 || tag_len != 0 || ad_len != 0 )
+ {
+ return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ }
+
+ return( mbedtls_nist_kw_wrap( ctx->cipher_ctx, mode, input, ilen, output, olen, SIZE_MAX ) );
+ }
+#endif /* MBEDTLS_NIST_KW_C */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
@@ -1044,6 +1421,47 @@
unsigned char *output, size_t *olen,
const unsigned char *tag, size_t tag_len )
{
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( iv != NULL );
+ CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
+ CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
+ CIPHER_VALIDATE_RET( output != NULL );
+ CIPHER_VALIDATE_RET( olen != NULL );
+ CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ctx->psa_enabled == 1 )
+ {
+ /* As in the non-PSA case, we don't check that
+ * a key has been set. If not, the key slot will
+ * still be in its default state of 0, which is
+ * guaranteed to be invalid, hence the PSA-call
+ * below will gracefully fail. */
+ mbedtls_cipher_context_psa * const cipher_psa =
+ (mbedtls_cipher_context_psa *) ctx->cipher_ctx;
+
+ psa_status_t status;
+
+ /* PSA Crypto API always writes the authentication tag
+ * at the end of the encrypted message. */
+ if( tag != input + ilen )
+ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+
+ status = psa_aead_decrypt( cipher_psa->slot,
+ cipher_psa->alg,
+ iv, iv_len,
+ ad, ad_len,
+ input, ilen + tag_len,
+ output, ilen, olen );
+ if( status == PSA_ERROR_INVALID_SIGNATURE )
+ return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
+ else if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+
+ return( 0 );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
{
@@ -1098,6 +1516,22 @@
return( ret );
}
#endif /* MBEDTLS_CHACHAPOLY_C */
+#if defined(MBEDTLS_NIST_KW_C)
+ if( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
+ MBEDTLS_MODE_KWP == ctx->cipher_info->mode )
+ {
+ mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ?
+ MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
+
+ /* There is no iv, tag or ad associated with KW and KWP, these length should be 0 */
+ if( iv_len != 0 || tag_len != 0 || ad_len != 0 )
+ {
+ return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ }
+
+ return( mbedtls_nist_kw_unwrap( ctx->cipher_ctx, mode, input, ilen, output, olen, SIZE_MAX ) );
+ }
+#endif /* MBEDTLS_NIST_KW_C */
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index 893490a..7fc40b5 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -73,6 +73,10 @@
#include "mbedtls/ccm.h"
#endif
+#if defined(MBEDTLS_NIST_KW_C)
+#include "mbedtls/nist_kw.h"
+#endif
+
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
#include <string.h>
#endif
@@ -258,7 +262,7 @@
MBEDTLS_MODE_ECB,
128,
"AES-128-ECB",
- 16,
+ 0,
0,
16,
&aes_info
@@ -269,7 +273,7 @@
MBEDTLS_MODE_ECB,
192,
"AES-192-ECB",
- 16,
+ 0,
0,
16,
&aes_info
@@ -280,7 +284,7 @@
MBEDTLS_MODE_ECB,
256,
"AES-256-ECB",
- 16,
+ 0,
0,
16,
&aes_info
@@ -2119,6 +2123,131 @@
};
#endif /* defined(MBEDTLS_CIPHER_NULL_CIPHER) */
+#if defined(MBEDTLS_NIST_KW_C)
+static void *kw_ctx_alloc( void )
+{
+ void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_nist_kw_context ) );
+
+ if( ctx != NULL )
+ mbedtls_nist_kw_init( (mbedtls_nist_kw_context *) ctx );
+
+ return( ctx );
+}
+
+static void kw_ctx_free( void *ctx )
+{
+ mbedtls_nist_kw_free( ctx );
+ mbedtls_free( ctx );
+}
+
+static int kw_aes_setkey_wrap( void *ctx, const unsigned char *key,
+ unsigned int key_bitlen )
+{
+ return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx,
+ MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 1 );
+}
+
+static int kw_aes_setkey_unwrap( void *ctx, const unsigned char *key,
+ unsigned int key_bitlen )
+{
+ return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx,
+ MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 0 );
+}
+
+static const mbedtls_cipher_base_t kw_aes_info = {
+ MBEDTLS_CIPHER_ID_AES,
+ NULL,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+ NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+ NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+ NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+ NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+ NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+ NULL,
+#endif
+ kw_aes_setkey_wrap,
+ kw_aes_setkey_unwrap,
+ kw_ctx_alloc,
+ kw_ctx_free,
+};
+
+static const mbedtls_cipher_info_t aes_128_nist_kw_info = {
+ MBEDTLS_CIPHER_AES_128_KW,
+ MBEDTLS_MODE_KW,
+ 128,
+ "AES-128-KW",
+ 0,
+ 0,
+ 16,
+ &kw_aes_info
+};
+
+static const mbedtls_cipher_info_t aes_192_nist_kw_info = {
+ MBEDTLS_CIPHER_AES_192_KW,
+ MBEDTLS_MODE_KW,
+ 192,
+ "AES-192-KW",
+ 0,
+ 0,
+ 16,
+ &kw_aes_info
+};
+
+static const mbedtls_cipher_info_t aes_256_nist_kw_info = {
+ MBEDTLS_CIPHER_AES_256_KW,
+ MBEDTLS_MODE_KW,
+ 256,
+ "AES-256-KW",
+ 0,
+ 0,
+ 16,
+ &kw_aes_info
+};
+
+static const mbedtls_cipher_info_t aes_128_nist_kwp_info = {
+ MBEDTLS_CIPHER_AES_128_KWP,
+ MBEDTLS_MODE_KWP,
+ 128,
+ "AES-128-KWP",
+ 0,
+ 0,
+ 16,
+ &kw_aes_info
+};
+
+static const mbedtls_cipher_info_t aes_192_nist_kwp_info = {
+ MBEDTLS_CIPHER_AES_192_KWP,
+ MBEDTLS_MODE_KWP,
+ 192,
+ "AES-192-KWP",
+ 0,
+ 0,
+ 16,
+ &kw_aes_info
+};
+
+static const mbedtls_cipher_info_t aes_256_nist_kwp_info = {
+ MBEDTLS_CIPHER_AES_256_KWP,
+ MBEDTLS_MODE_KWP,
+ 256,
+ "AES-256-KWP",
+ 0,
+ 0,
+ 16,
+ &kw_aes_info
+};
+#endif /* MBEDTLS_NIST_KW_C */
+
const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
{
#if defined(MBEDTLS_AES_C)
@@ -2259,6 +2388,15 @@
{ MBEDTLS_CIPHER_CHACHA20_POLY1305, &chachapoly_info },
#endif
+#if defined(MBEDTLS_NIST_KW_C)
+ { MBEDTLS_CIPHER_AES_128_KW, &aes_128_nist_kw_info },
+ { MBEDTLS_CIPHER_AES_192_KW, &aes_192_nist_kw_info },
+ { MBEDTLS_CIPHER_AES_256_KW, &aes_256_nist_kw_info },
+ { MBEDTLS_CIPHER_AES_128_KWP, &aes_128_nist_kwp_info },
+ { MBEDTLS_CIPHER_AES_192_KWP, &aes_192_nist_kwp_info },
+ { MBEDTLS_CIPHER_AES_256_KWP, &aes_256_nist_kwp_info },
+#endif
+
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
{ MBEDTLS_CIPHER_NULL, &null_cipher_info },
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
@@ -2266,7 +2404,8 @@
{ MBEDTLS_CIPHER_NONE, NULL }
};
-#define NUM_CIPHERS sizeof mbedtls_cipher_definitions / sizeof mbedtls_cipher_definitions[0]
+#define NUM_CIPHERS ( sizeof(mbedtls_cipher_definitions) / \
+ sizeof(mbedtls_cipher_definitions[0]) )
int mbedtls_cipher_supported[NUM_CIPHERS];
#endif /* MBEDTLS_CIPHER_C */
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index d0e5ba8..0db7beb 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -66,6 +66,18 @@
* Non-public function wrapped by mbedtls_ctr_drbg_seed(). Necessary to allow
* NIST tests to succeed (which require known length fixed entropy)
*/
+/* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2)
+ * mbedtls_ctr_drbg_seed_entropy_len(ctx, f_entropy, p_entropy,
+ * custom, len, entropy_len)
+ * implements
+ * CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string,
+ * security_strength) -> initial_working_state
+ * with inputs
+ * custom[:len] = nonce || personalization_string
+ * where entropy_input comes from f_entropy for entropy_len bytes
+ * and with outputs
+ * ctx = initial_working_state
+ */
int mbedtls_ctr_drbg_seed_entropy_len(
mbedtls_ctr_drbg_context *ctx,
int (*f_entropy)(void *, unsigned char *, size_t),
@@ -90,7 +102,8 @@
/*
* Initialize with an empty key
*/
- if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
+ if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key,
+ MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
return( ret );
}
@@ -108,8 +121,9 @@
const unsigned char *custom,
size_t len )
{
- return( mbedtls_ctr_drbg_seed_entropy_len( ctx, f_entropy, p_entropy, custom, len,
- MBEDTLS_CTR_DRBG_ENTROPY_LEN ) );
+ return( mbedtls_ctr_drbg_seed_entropy_len( ctx, f_entropy, p_entropy,
+ custom, len,
+ MBEDTLS_CTR_DRBG_ENTROPY_LEN ) );
}
void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
@@ -124,17 +138,20 @@
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
}
-void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, int resistance )
+void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
+ int resistance )
{
ctx->prediction_resistance = resistance;
}
-void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx, size_t len )
+void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
+ size_t len )
{
ctx->entropy_len = len;
}
-void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, int interval )
+void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
+ int interval )
{
ctx->reseed_interval = interval;
}
@@ -142,7 +159,8 @@
static int block_cipher_df( unsigned char *output,
const unsigned char *data, size_t data_len )
{
- unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16];
+ unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
+ MBEDTLS_CTR_DRBG_BLOCKSIZE + 16];
unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE];
@@ -156,7 +174,8 @@
if( data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
- memset( buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16 );
+ memset( buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
+ MBEDTLS_CTR_DRBG_BLOCKSIZE + 16 );
mbedtls_aes_init( &aes_ctx );
/*
@@ -181,7 +200,8 @@
for( i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++ )
key[i] = i;
- if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
+ if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, key,
+ MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
goto exit;
}
@@ -203,7 +223,8 @@
use_len -= ( use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE ) ?
MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len;
- if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, chain, chain ) ) != 0 )
+ if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT,
+ chain, chain ) ) != 0 )
{
goto exit;
}
@@ -220,7 +241,8 @@
/*
* Do final encryption with reduced data
*/
- if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
+ if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, tmp,
+ MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
goto exit;
}
@@ -229,7 +251,8 @@
for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
{
- if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, iv, iv ) ) != 0 )
+ if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT,
+ iv, iv ) ) != 0 )
{
goto exit;
}
@@ -256,8 +279,16 @@
return( ret );
}
+/* CTR_DRBG_Update (SP 800-90A §10.2.1.2)
+ * ctr_drbg_update_internal(ctx, provided_data)
+ * implements
+ * CTR_DRBG_Update(provided_data, Key, V)
+ * with inputs and outputs
+ * ctx->aes_ctx = Key
+ * ctx->counter = V
+ */
static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
- const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] )
+ const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] )
{
unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
unsigned char *p = tmp;
@@ -278,9 +309,10 @@
/*
* Crypt counter block
*/
- if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, p ) ) != 0 )
+ if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
+ ctx->counter, p ) ) != 0 )
{
- return( ret );
+ goto exit;
}
p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
@@ -292,32 +324,76 @@
/*
* Update key and counter
*/
- if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
+ if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp,
+ MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
{
- return( ret );
+ goto exit;
}
- memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, MBEDTLS_CTR_DRBG_BLOCKSIZE );
+ memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE,
+ MBEDTLS_CTR_DRBG_BLOCKSIZE );
- return( 0 );
+exit:
+ mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+ return( ret );
}
-void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional, size_t add_len )
+/* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2)
+ * mbedtls_ctr_drbg_update(ctx, additional, add_len)
+ * implements
+ * CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string,
+ * security_strength) -> initial_working_state
+ * with inputs
+ * ctx->counter = all-bits-0
+ * ctx->aes_ctx = context from all-bits-0 key
+ * additional[:add_len] = entropy_input || nonce || personalization_string
+ * and with outputs
+ * ctx = initial_working_state
+ */
+int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t add_len )
{
unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
+ int ret;
- if( add_len > 0 )
- {
- /* MAX_INPUT would be more logical here, but we have to match
- * block_cipher_df()'s limits since we can't propagate errors */
- if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
- add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT;
+ if( add_len == 0 )
+ return( 0 );
- block_cipher_df( add_input, additional, add_len );
- ctr_drbg_update_internal( ctx, add_input );
- }
+ if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
+ goto exit;
+ if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
+ goto exit;
+
+exit:
+ mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
+ return( ret );
}
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t add_len )
+{
+ /* MAX_INPUT would be more logical here, but we have to match
+ * block_cipher_df()'s limits since we can't propagate errors */
+ if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
+ add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT;
+ (void) mbedtls_ctr_drbg_update_ret( ctx, additional, add_len );
+}
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
+/* CTR_DRBG_Reseed with derivation function (SP 800-90A §10.2.1.4.2)
+ * mbedtls_ctr_drbg_reseed(ctx, additional, len)
+ * implements
+ * CTR_DRBG_Reseed(working_state, entropy_input, additional_input)
+ * -> new_working_state
+ * with inputs
+ * ctx contains working_state
+ * additional[:len] = additional_input
+ * and entropy_input comes from calling ctx->f_entropy
+ * and with output
+ * ctx contains new_working_state
+ */
int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional, size_t len )
{
@@ -355,22 +431,39 @@
* Reduce to 384 bits
*/
if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 )
- {
- return( ret );
- }
+ goto exit;
/*
* Update state
*/
if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 )
- {
- return( ret );
- }
+ goto exit;
ctx->reseed_counter = 1;
- return( 0 );
+exit:
+ mbedtls_platform_zeroize( seed, sizeof( seed ) );
+ return( ret );
}
+/* CTR_DRBG_Generate with derivation function (SP 800-90A §10.2.1.5.2)
+ * mbedtls_ctr_drbg_random_with_add(ctx, output, output_len, additional, add_len)
+ * implements
+ * CTR_DRBG_Reseed(working_state, entropy_input, additional[:add_len])
+ * -> working_state_after_reseed
+ * if required, then
+ * CTR_DRBG_Generate(working_state_after_reseed,
+ * requested_number_of_bits, additional_input)
+ * -> status, returned_bits, new_working_state
+ * with inputs
+ * ctx contains working_state
+ * requested_number_of_bits = 8 * output_len
+ * additional[:add_len] = additional_input
+ * and entropy_input comes from calling ctx->f_entropy
+ * and with outputs
+ * status = SUCCESS (this function does the reseed internally)
+ * returned_bits = output[:output_len]
+ * ctx contains new_working_state
+ */
int mbedtls_ctr_drbg_random_with_add( void *p_rng,
unsigned char *output, size_t output_len,
const unsigned char *additional, size_t add_len )
@@ -404,13 +497,9 @@
if( add_len > 0 )
{
if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
- {
- return( ret );
- }
+ goto exit;
if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
- {
- return( ret );
- }
+ goto exit;
}
while( output_len > 0 )
@@ -425,13 +514,14 @@
/*
* Crypt counter block
*/
- if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, tmp ) ) != 0 )
+ if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
+ ctx->counter, tmp ) ) != 0 )
{
- return( ret );
+ goto exit;
}
- use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE ) ? MBEDTLS_CTR_DRBG_BLOCKSIZE :
- output_len;
+ use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE )
+ ? MBEDTLS_CTR_DRBG_BLOCKSIZE : output_len;
/*
* Copy random block to destination
*/
@@ -441,16 +531,18 @@
}
if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
- {
- return( ret );
- }
+ goto exit;
ctx->reseed_counter++;
+exit:
+ mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
+ mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
return( 0 );
}
-int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len )
+int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output,
+ size_t output_len )
{
int ret;
mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
@@ -471,7 +563,8 @@
}
#if defined(MBEDTLS_FS_IO)
-int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path )
+int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx,
+ const char *path )
{
int ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
FILE *f;
@@ -480,13 +573,19 @@
if( ( f = fopen( path, "wb" ) ) == NULL )
return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
- if( ( ret = mbedtls_ctr_drbg_random( ctx, buf, MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 )
+ if( ( ret = mbedtls_ctr_drbg_random( ctx, buf,
+ MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 )
goto exit;
- if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) != MBEDTLS_CTR_DRBG_MAX_INPUT )
+ if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) !=
+ MBEDTLS_CTR_DRBG_MAX_INPUT )
+ {
ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
+ }
else
+ {
ret = 0;
+ }
exit:
mbedtls_platform_zeroize( buf, sizeof( buf ) );
@@ -495,38 +594,40 @@
return( ret );
}
-int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path )
+int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx,
+ const char *path )
{
int ret = 0;
- FILE *f;
+ FILE *f = NULL;
size_t n;
unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
+ unsigned char c;
if( ( f = fopen( path, "rb" ) ) == NULL )
return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
- fseek( f, 0, SEEK_END );
- n = (size_t) ftell( f );
- fseek( f, 0, SEEK_SET );
-
- if( n > MBEDTLS_CTR_DRBG_MAX_INPUT )
+ n = fread( buf, 1, sizeof( buf ), f );
+ if( fread( &c, 1, 1, f ) != 0 )
{
- fclose( f );
- return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+ ret = MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+ goto exit;
}
-
- if( fread( buf, 1, n, f ) != n )
+ if( n == 0 || ferror( f ) )
+ {
ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
- else
- mbedtls_ctr_drbg_update( ctx, buf, n );
-
+ goto exit;
+ }
fclose( f );
+ f = NULL;
+ ret = mbedtls_ctr_drbg_update_ret( ctx, buf, n );
+
+exit:
mbedtls_platform_zeroize( buf, sizeof( buf ) );
-
+ if( f != NULL )
+ fclose( f );
if( ret != 0 )
return( ret );
-
return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) );
}
#endif /* MBEDTLS_FS_IO */
@@ -608,7 +709,7 @@
test_offset = 0;
CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
- (void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) );
+ (void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) );
mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
@@ -629,7 +730,7 @@
test_offset = 0;
CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
- (void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
+ (void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) );
CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
diff --git a/library/debug.c b/library/debug.c
index db3924a..0c46c06 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -35,6 +35,7 @@
#define mbedtls_free free
#define mbedtls_time_t time_t
#define mbedtls_snprintf snprintf
+#define mbedtls_vsnprintf vsnprintf
#endif
#include "mbedtls/debug.h"
@@ -86,24 +87,16 @@
char str[DEBUG_BUF_SIZE];
int ret;
- if( NULL == ssl || NULL == ssl->conf || NULL == ssl->conf->f_dbg || level > debug_threshold )
+ if( NULL == ssl ||
+ NULL == ssl->conf ||
+ NULL == ssl->conf->f_dbg ||
+ level > debug_threshold )
+ {
return;
+ }
va_start( argp, format );
-#if defined(_WIN32)
-#if defined(_TRUNCATE) && !defined(__MINGW32__)
- ret = _vsnprintf_s( str, DEBUG_BUF_SIZE, _TRUNCATE, format, argp );
-#else
- ret = _vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
- if( ret < 0 || (size_t) ret == DEBUG_BUF_SIZE )
- {
- str[DEBUG_BUF_SIZE-1] = '\0';
- ret = -1;
- }
-#endif
-#else
- ret = vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
-#endif
+ ret = mbedtls_vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
va_end( argp );
if( ret >= 0 && ret < DEBUG_BUF_SIZE - 1 )
@@ -121,8 +114,13 @@
{
char str[DEBUG_BUF_SIZE];
- if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
+ if( NULL == ssl ||
+ NULL == ssl->conf ||
+ NULL == ssl->conf->f_dbg ||
+ level > debug_threshold )
+ {
return;
+ }
/*
* With non-blocking I/O and examples that just retry immediately,
@@ -146,8 +144,13 @@
char txt[17];
size_t i, idx = 0;
- if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
+ if( NULL == ssl ||
+ NULL == ssl->conf ||
+ NULL == ssl->conf->f_dbg ||
+ level > debug_threshold )
+ {
return;
+ }
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "dumping '%s' (%u bytes)\n",
text, (unsigned int) len );
@@ -199,8 +202,13 @@
{
char str[DEBUG_BUF_SIZE];
- if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
+ if( NULL == ssl ||
+ NULL == ssl->conf ||
+ NULL == ssl->conf->f_dbg ||
+ level > debug_threshold )
+ {
return;
+ }
mbedtls_snprintf( str, sizeof( str ), "%s(X)", text );
mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->X );
@@ -219,8 +227,14 @@
int j, k, zeros = 1;
size_t i, n, idx = 0;
- if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || X == NULL || level > debug_threshold )
+ if( NULL == ssl ||
+ NULL == ssl->conf ||
+ NULL == ssl->conf->f_dbg ||
+ NULL == X ||
+ level > debug_threshold )
+ {
return;
+ }
for( n = X->n - 1; n > 0; n-- )
if( X->p[n] != 0 )
@@ -345,8 +359,14 @@
char str[DEBUG_BUF_SIZE];
int i = 0;
- if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || crt == NULL || level > debug_threshold )
+ if( NULL == ssl ||
+ NULL == ssl->conf ||
+ NULL == ssl->conf->f_dbg ||
+ NULL == crt ||
+ level > debug_threshold )
+ {
return;
+ }
while( crt != NULL )
{
@@ -365,4 +385,54 @@
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_ECDH_C)
+static void mbedtls_debug_printf_ecdh_internal( const mbedtls_ssl_context *ssl,
+ int level, const char *file,
+ int line,
+ const mbedtls_ecdh_context *ecdh,
+ mbedtls_debug_ecdh_attr attr )
+{
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+ const mbedtls_ecdh_context* ctx = ecdh;
+#else
+ const mbedtls_ecdh_context_mbed* ctx = &ecdh->ctx.mbed_ecdh;
+#endif
+
+ switch( attr )
+ {
+ case MBEDTLS_DEBUG_ECDH_Q:
+ mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Q",
+ &ctx->Q );
+ break;
+ case MBEDTLS_DEBUG_ECDH_QP:
+ mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Qp",
+ &ctx->Qp );
+ break;
+ case MBEDTLS_DEBUG_ECDH_Z:
+ mbedtls_debug_print_mpi( ssl, level, file, line, "ECDH: z",
+ &ctx->z );
+ break;
+ default:
+ break;
+ }
+}
+
+void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const mbedtls_ecdh_context *ecdh,
+ mbedtls_debug_ecdh_attr attr )
+{
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+ mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh, attr );
+#else
+ switch( ecdh->var )
+ {
+ default:
+ mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh,
+ attr );
+ }
+#endif
+}
+#endif /* MBEDTLS_ECDH_C */
+
#endif /* MBEDTLS_DEBUG_C */
diff --git a/library/des.c b/library/des.c
index ca9e071..8a33d82 100644
--- a/library/des.c
+++ b/library/des.c
@@ -257,50 +257,57 @@
/*
* Initial Permutation macro
*/
-#define DES_IP(X,Y) \
-{ \
- T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
- T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
- T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
- T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
- Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
- T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
- X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
-}
+#define DES_IP(X,Y) \
+ do \
+ { \
+ T = (((X) >> 4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T << 4); \
+ T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \
+ T = (((Y) >> 2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T << 2); \
+ T = (((Y) >> 8) ^ (X)) & 0x00FF00FF; (X) ^= T; (Y) ^= (T << 8); \
+ (Y) = (((Y) << 1) | ((Y) >> 31)) & 0xFFFFFFFF; \
+ T = ((X) ^ (Y)) & 0xAAAAAAAA; (Y) ^= T; (X) ^= T; \
+ (X) = (((X) << 1) | ((X) >> 31)) & 0xFFFFFFFF; \
+ } while( 0 )
/*
* Final Permutation macro
*/
-#define DES_FP(X,Y) \
-{ \
- X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
- T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
- Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
- T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
- T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
- T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
- T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
-}
+#define DES_FP(X,Y) \
+ do \
+ { \
+ (X) = (((X) << 31) | ((X) >> 1)) & 0xFFFFFFFF; \
+ T = ((X) ^ (Y)) & 0xAAAAAAAA; (X) ^= T; (Y) ^= T; \
+ (Y) = (((Y) << 31) | ((Y) >> 1)) & 0xFFFFFFFF; \
+ T = (((Y) >> 8) ^ (X)) & 0x00FF00FF; (X) ^= T; (Y) ^= (T << 8); \
+ T = (((Y) >> 2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T << 2); \
+ T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \
+ T = (((X) >> 4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T << 4); \
+ } while( 0 )
/*
* DES round macro
*/
-#define DES_ROUND(X,Y) \
-{ \
- T = *SK++ ^ X; \
- Y ^= SB8[ (T ) & 0x3F ] ^ \
- SB6[ (T >> 8) & 0x3F ] ^ \
- SB4[ (T >> 16) & 0x3F ] ^ \
- SB2[ (T >> 24) & 0x3F ]; \
- \
- T = *SK++ ^ ((X << 28) | (X >> 4)); \
- Y ^= SB7[ (T ) & 0x3F ] ^ \
- SB5[ (T >> 8) & 0x3F ] ^ \
- SB3[ (T >> 16) & 0x3F ] ^ \
- SB1[ (T >> 24) & 0x3F ]; \
-}
+#define DES_ROUND(X,Y) \
+ do \
+ { \
+ T = *SK++ ^ (X); \
+ (Y) ^= SB8[ (T ) & 0x3F ] ^ \
+ SB6[ (T >> 8) & 0x3F ] ^ \
+ SB4[ (T >> 16) & 0x3F ] ^ \
+ SB2[ (T >> 24) & 0x3F ]; \
+ \
+ T = *SK++ ^ (((X) << 28) | ((X) >> 4)); \
+ (Y) ^= SB7[ (T ) & 0x3F ] ^ \
+ SB5[ (T >> 8) & 0x3F ] ^ \
+ SB3[ (T >> 16) & 0x3F ] ^ \
+ SB1[ (T >> 24) & 0x3F ]; \
+ } while( 0 )
-#define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
+#define SWAP(a,b) \
+ do \
+ { \
+ uint32_t t = (a); (a) = (b); (b) = t; t = 0; \
+ } while( 0 )
void mbedtls_des_init( mbedtls_des_context *ctx )
{
diff --git a/library/dhm.c b/library/dhm.c
index 82cbb0c..8255632 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -60,6 +60,11 @@
#if !defined(MBEDTLS_DHM_ALT)
+#define DHM_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_DHM_BAD_INPUT_DATA )
+#define DHM_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
/*
* helper to validate the mbedtls_mpi size and import it
*/
@@ -121,6 +126,7 @@
void mbedtls_dhm_init( mbedtls_dhm_context *ctx )
{
+ DHM_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_dhm_context ) );
}
@@ -132,6 +138,9 @@
const unsigned char *end )
{
int ret;
+ DHM_VALIDATE_RET( ctx != NULL );
+ DHM_VALIDATE_RET( p != NULL && *p != NULL );
+ DHM_VALIDATE_RET( end != NULL );
if( ( ret = dhm_read_bignum( &ctx->P, p, end ) ) != 0 ||
( ret = dhm_read_bignum( &ctx->G, p, end ) ) != 0 ||
@@ -157,6 +166,10 @@
int ret, count = 0;
size_t n1, n2, n3;
unsigned char *p;
+ DHM_VALIDATE_RET( ctx != NULL );
+ DHM_VALIDATE_RET( output != NULL );
+ DHM_VALIDATE_RET( olen != NULL );
+ DHM_VALIDATE_RET( f_rng != NULL );
if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
@@ -227,9 +240,9 @@
const mbedtls_mpi *G )
{
int ret;
-
- if( ctx == NULL || P == NULL || G == NULL )
- return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+ DHM_VALIDATE_RET( ctx != NULL );
+ DHM_VALIDATE_RET( P != NULL );
+ DHM_VALIDATE_RET( G != NULL );
if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ||
( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
@@ -248,8 +261,10 @@
const unsigned char *input, size_t ilen )
{
int ret;
+ DHM_VALIDATE_RET( ctx != NULL );
+ DHM_VALIDATE_RET( input != NULL );
- if( ctx == NULL || ilen < 1 || ilen > ctx->len )
+ if( ilen < 1 || ilen > ctx->len )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
@@ -267,8 +282,11 @@
void *p_rng )
{
int ret, count = 0;
+ DHM_VALIDATE_RET( ctx != NULL );
+ DHM_VALIDATE_RET( output != NULL );
+ DHM_VALIDATE_RET( f_rng != NULL );
- if( ctx == NULL || olen < 1 || olen > ctx->len )
+ if( olen < 1 || olen > ctx->len )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
@@ -380,8 +398,11 @@
{
int ret;
mbedtls_mpi GYb;
+ DHM_VALIDATE_RET( ctx != NULL );
+ DHM_VALIDATE_RET( output != NULL );
+ DHM_VALIDATE_RET( olen != NULL );
- if( ctx == NULL || output_size < ctx->len )
+ if( output_size < ctx->len )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
@@ -428,11 +449,19 @@
*/
void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
{
- mbedtls_mpi_free( &ctx->pX ); mbedtls_mpi_free( &ctx->Vf );
- mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->RP );
- mbedtls_mpi_free( &ctx->K ); mbedtls_mpi_free( &ctx->GY );
- mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X );
- mbedtls_mpi_free( &ctx->G ); mbedtls_mpi_free( &ctx->P );
+ if( ctx == NULL )
+ return;
+
+ mbedtls_mpi_free( &ctx->pX );
+ mbedtls_mpi_free( &ctx->Vf );
+ mbedtls_mpi_free( &ctx->Vi );
+ mbedtls_mpi_free( &ctx->RP );
+ mbedtls_mpi_free( &ctx->K );
+ mbedtls_mpi_free( &ctx->GY );
+ mbedtls_mpi_free( &ctx->GX );
+ mbedtls_mpi_free( &ctx->X );
+ mbedtls_mpi_free( &ctx->G );
+ mbedtls_mpi_free( &ctx->P );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
}
@@ -449,7 +478,12 @@
unsigned char *p, *end;
#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_context pem;
+#endif /* MBEDTLS_PEM_PARSE_C */
+ DHM_VALIDATE_RET( dhm != NULL );
+ DHM_VALIDATE_RET( dhmin != NULL );
+
+#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_init( &pem );
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
@@ -596,6 +630,8 @@
int ret;
size_t n;
unsigned char *buf;
+ DHM_VALIDATE_RET( dhm != NULL );
+ DHM_VALIDATE_RET( path != NULL );
if( ( ret = load_file( path, &buf, &n ) ) != 0 )
return( ret );
@@ -613,12 +649,28 @@
#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PEM_PARSE_C)
static const char mbedtls_test_dhm_params[] =
"-----BEGIN DH PARAMETERS-----\r\n"
"MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n"
"1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n"
"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
"-----END DH PARAMETERS-----\r\n";
+#else /* MBEDTLS_PEM_PARSE_C */
+static const char mbedtls_test_dhm_params[] = {
+ 0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9e, 0x35, 0xf4, 0x30, 0x44,
+ 0x3a, 0x09, 0x90, 0x4f, 0x3a, 0x39, 0xa9, 0x79, 0x79, 0x7d, 0x07, 0x0d,
+ 0xf5, 0x33, 0x78, 0xe7, 0x9c, 0x24, 0x38, 0xbe, 0xf4, 0xe7, 0x61, 0xf3,
+ 0xc7, 0x14, 0x55, 0x33, 0x28, 0x58, 0x9b, 0x04, 0x1c, 0x80, 0x9b, 0xe1,
+ 0xd6, 0xc6, 0xb5, 0xf1, 0xfc, 0x9f, 0x47, 0xd3, 0xa2, 0x54, 0x43, 0x18,
+ 0x82, 0x53, 0xa9, 0x92, 0xa5, 0x68, 0x18, 0xb3, 0x7b, 0xa9, 0xde, 0x5a,
+ 0x40, 0xd3, 0x62, 0xe5, 0x6e, 0xff, 0x0b, 0xe5, 0x41, 0x74, 0x74, 0xc1,
+ 0x25, 0xc1, 0x99, 0x27, 0x2c, 0x8f, 0xe4, 0x1d, 0xea, 0x73, 0x3d, 0xf6,
+ 0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64,
+ 0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8,
+ 0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f,
+ 0x49, 0x75, 0xb3, 0x02, 0x01, 0x02 };
+#endif /* MBEDTLS_PEM_PARSE_C */
static const size_t mbedtls_test_dhm_params_len = sizeof( mbedtls_test_dhm_params );
diff --git a/library/ecdh.c b/library/ecdh.c
index 61380b6..eecae91 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -35,41 +35,92 @@
#if defined(MBEDTLS_ECDH_C)
#include "mbedtls/ecdh.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
+/* Parameter validation macros based on platform_util.h */
+#define ECDH_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
+#define ECDH_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed;
+#endif
+
+static mbedtls_ecp_group_id mbedtls_ecdh_grp_id(
+ const mbedtls_ecdh_context *ctx )
+{
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+ return( ctx->grp.id );
+#else
+ return( ctx->grp_id );
+#endif
+}
+
#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
/*
- * Generate public key: simple wrapper around mbedtls_ecp_gen_keypair
+ * Generate public key (restartable version)
+ *
+ * Note: this internal function relies on its caller preserving the value of
+ * the output parameter 'd' across continuation calls. This would not be
+ * acceptable for a public function but is OK here as we control call sites.
+ */
+static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp,
+ mbedtls_mpi *d, mbedtls_ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_ecp_restart_ctx *rs_ctx )
+{
+ int ret;
+
+ /* If multiplication is in progress, we already generated a privkey */
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx == NULL || rs_ctx->rsm == NULL )
+#endif
+ MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
+
+ MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, Q, d, &grp->G,
+ f_rng, p_rng, rs_ctx ) );
+
+cleanup:
+ return( ret );
+}
+
+/*
+ * Generate public key
*/
int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- return mbedtls_ecp_gen_keypair( grp, d, Q, f_rng, p_rng );
+ ECDH_VALIDATE_RET( grp != NULL );
+ ECDH_VALIDATE_RET( d != NULL );
+ ECDH_VALIDATE_RET( Q != NULL );
+ ECDH_VALIDATE_RET( f_rng != NULL );
+ return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) );
}
-#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */
+#endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */
#if !defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT)
/*
* Compute shared secret (SEC1 3.3.1)
*/
-int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
+static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp,
+ mbedtls_mpi *z,
const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+ void *p_rng,
+ mbedtls_ecp_restart_ctx *rs_ctx )
{
int ret;
mbedtls_ecp_point P;
mbedtls_ecp_point_init( &P );
- /*
- * Make sure Q is a valid pubkey before using it
- */
- MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, Q ) );
-
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, &P, d, Q, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &P, d, Q,
+ f_rng, p_rng, rs_ctx ) );
if( mbedtls_ecp_is_zero( &P ) )
{
@@ -84,16 +135,121 @@
return( ret );
}
-#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
+
+/*
+ * Compute shared secret (SEC1 3.3.1)
+ */
+int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
+ const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ ECDH_VALIDATE_RET( grp != NULL );
+ ECDH_VALIDATE_RET( Q != NULL );
+ ECDH_VALIDATE_RET( d != NULL );
+ ECDH_VALIDATE_RET( z != NULL );
+ return( ecdh_compute_shared_restartable( grp, z, Q, d,
+ f_rng, p_rng, NULL ) );
+}
+#endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
+
+static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx )
+{
+ mbedtls_ecp_group_init( &ctx->grp );
+ mbedtls_mpi_init( &ctx->d );
+ mbedtls_ecp_point_init( &ctx->Q );
+ mbedtls_ecp_point_init( &ctx->Qp );
+ mbedtls_mpi_init( &ctx->z );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ mbedtls_ecp_restart_init( &ctx->rs );
+#endif
+}
/*
* Initialize context
*/
void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
{
+ ECDH_VALIDATE( ctx != NULL );
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+ ecdh_init_internal( ctx );
+ mbedtls_ecp_point_init( &ctx->Vi );
+ mbedtls_ecp_point_init( &ctx->Vf );
+ mbedtls_mpi_init( &ctx->_d );
+#else
memset( ctx, 0, sizeof( mbedtls_ecdh_context ) );
+
+ ctx->var = MBEDTLS_ECDH_VARIANT_NONE;
+#endif
+ ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ ctx->restart_enabled = 0;
+#endif
}
+static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx,
+ mbedtls_ecp_group_id grp_id )
+{
+ int ret;
+
+ ret = mbedtls_ecp_group_load( &ctx->grp, grp_id );
+ if( ret != 0 )
+ {
+ return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ }
+
+ return( 0 );
+}
+
+/*
+ * Setup context
+ */
+int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id )
+{
+ ECDH_VALIDATE_RET( ctx != NULL );
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+ return( ecdh_setup_internal( ctx, grp_id ) );
+#else
+ switch( grp_id )
+ {
+ default:
+ ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
+ ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
+ ctx->grp_id = grp_id;
+ ecdh_init_internal( &ctx->ctx.mbed_ecdh );
+ return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) );
+ }
+#endif
+}
+
+static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx )
+{
+ mbedtls_ecp_group_free( &ctx->grp );
+ mbedtls_mpi_free( &ctx->d );
+ mbedtls_ecp_point_free( &ctx->Q );
+ mbedtls_ecp_point_free( &ctx->Qp );
+ mbedtls_mpi_free( &ctx->z );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ mbedtls_ecp_restart_free( &ctx->rs );
+#endif
+}
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+/*
+ * Enable restartable operations for context
+ */
+void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx )
+{
+ ECDH_VALIDATE( ctx != NULL );
+
+ ctx->restart_enabled = 1;
+}
+#endif
+
/*
* Free context
*/
@@ -102,14 +258,76 @@
if( ctx == NULL )
return;
- mbedtls_ecp_group_free( &ctx->grp );
- mbedtls_ecp_point_free( &ctx->Q );
- mbedtls_ecp_point_free( &ctx->Qp );
- mbedtls_ecp_point_free( &ctx->Vi );
- mbedtls_ecp_point_free( &ctx->Vf );
- mbedtls_mpi_free( &ctx->d );
- mbedtls_mpi_free( &ctx->z );
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+ mbedtls_ecp_point_free( &ctx->Vi );
+ mbedtls_ecp_point_free( &ctx->Vf );
mbedtls_mpi_free( &ctx->_d );
+ ecdh_free_internal( ctx );
+#else
+ switch( ctx->var )
+ {
+ case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
+ ecdh_free_internal( &ctx->ctx.mbed_ecdh );
+ break;
+ default:
+ break;
+ }
+
+ ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
+ ctx->var = MBEDTLS_ECDH_VARIANT_NONE;
+ ctx->grp_id = MBEDTLS_ECP_DP_NONE;
+#endif
+}
+
+static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
+ size_t *olen, int point_format,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *,
+ unsigned char *,
+ size_t),
+ void *p_rng,
+ int restart_enabled )
+{
+ int ret;
+ size_t grp_len, pt_len;
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ mbedtls_ecp_restart_ctx *rs_ctx = NULL;
+#endif
+
+ if( ctx->grp.pbits == 0 )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( restart_enabled )
+ rs_ctx = &ctx->rs;
+#else
+ (void) restart_enabled;
+#endif
+
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q,
+ f_rng, p_rng, rs_ctx ) ) != 0 )
+ return( ret );
+#else
+ if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
+ f_rng, p_rng ) ) != 0 )
+ return( ret );
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+ if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf,
+ blen ) ) != 0 )
+ return( ret );
+
+ buf += grp_len;
+ blen -= grp_len;
+
+ if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format,
+ &pt_len, buf, blen ) ) != 0 )
+ return( ret );
+
+ *olen = grp_len + pt_len;
+ return( 0 );
}
/*
@@ -120,33 +338,45 @@
* } ServerECDHParams;
*/
int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
- unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
- int ret;
- size_t grp_len, pt_len;
+ int restart_enabled = 0;
+ ECDH_VALIDATE_RET( ctx != NULL );
+ ECDH_VALIDATE_RET( olen != NULL );
+ ECDH_VALIDATE_RET( buf != NULL );
+ ECDH_VALIDATE_RET( f_rng != NULL );
- if( ctx == NULL || ctx->grp.pbits == 0 )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ restart_enabled = ctx->restart_enabled;
+#else
+ (void) restart_enabled;
+#endif
- if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
- != 0 )
- return( ret );
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+ return( ecdh_make_params_internal( ctx, olen, ctx->point_format, buf, blen,
+ f_rng, p_rng, restart_enabled ) );
+#else
+ switch( ctx->var )
+ {
+ case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
+ return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen,
+ ctx->point_format, buf, blen,
+ f_rng, p_rng,
+ restart_enabled ) );
+ default:
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
+#endif
+}
- if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) )
- != 0 )
- return( ret );
-
- buf += grp_len;
- blen -= grp_len;
-
- if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
- &pt_len, buf, blen ) ) != 0 )
- return( ret );
-
- *olen = grp_len + pt_len;
- return( 0 );
+static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx,
+ const unsigned char **buf,
+ const unsigned char *end )
+{
+ return( mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf,
+ end - *buf ) );
}
/*
@@ -157,31 +387,43 @@
* } ServerECDHParams;
*/
int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
- const unsigned char **buf, const unsigned char *end )
+ const unsigned char **buf,
+ const unsigned char *end )
{
int ret;
+ mbedtls_ecp_group_id grp_id;
+ ECDH_VALIDATE_RET( ctx != NULL );
+ ECDH_VALIDATE_RET( buf != NULL );
+ ECDH_VALIDATE_RET( *buf != NULL );
+ ECDH_VALIDATE_RET( end != NULL );
- if( ( ret = mbedtls_ecp_tls_read_group( &ctx->grp, buf, end - *buf ) ) != 0 )
+ if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) )
+ != 0 )
return( ret );
- if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, end - *buf ) )
- != 0 )
+ if( ( ret = mbedtls_ecdh_setup( ctx, grp_id ) ) != 0 )
return( ret );
- return( 0 );
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+ return( ecdh_read_params_internal( ctx, buf, end ) );
+#else
+ switch( ctx->var )
+ {
+ case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
+ return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh,
+ buf, end ) );
+ default:
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
+#endif
}
-/*
- * Get parameters from a keypair
- */
-int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
- mbedtls_ecdh_side side )
+static int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx,
+ const mbedtls_ecp_keypair *key,
+ mbedtls_ecdh_side side )
{
int ret;
- if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 )
- return( ret );
-
/* If it's not our key, just import the public part as Qp */
if( side == MBEDTLS_ECDH_THEIRS )
return( mbedtls_ecp_copy( &ctx->Qp, &key->Q ) );
@@ -198,39 +440,129 @@
}
/*
- * Setup and export the client public value
+ * Get parameters from a keypair
*/
-int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
- unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
+ const mbedtls_ecp_keypair *key,
+ mbedtls_ecdh_side side )
{
int ret;
+ ECDH_VALIDATE_RET( ctx != NULL );
+ ECDH_VALIDATE_RET( key != NULL );
+ ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS ||
+ side == MBEDTLS_ECDH_THEIRS );
- if( ctx == NULL || ctx->grp.pbits == 0 )
+ if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE )
+ {
+ /* This is the first call to get_params(). Set up the context
+ * for use with the group. */
+ if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 )
+ return( ret );
+ }
+ else
+ {
+ /* This is not the first call to get_params(). Check that the
+ * current key's group is the same as the context's, which was set
+ * from the first key's group. */
+ if( mbedtls_ecdh_grp_id( ctx ) != key->grp.id )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ }
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+ return( ecdh_get_params_internal( ctx, key, side ) );
+#else
+ switch( ctx->var )
+ {
+ case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
+ return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh,
+ key, side ) );
+ default:
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
+#endif
+}
+
+static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx,
+ size_t *olen, int point_format,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *,
+ unsigned char *,
+ size_t),
+ void *p_rng,
+ int restart_enabled )
+{
+ int ret;
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ mbedtls_ecp_restart_ctx *rs_ctx = NULL;
+#endif
+
+ if( ctx->grp.pbits == 0 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
- if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
- != 0 )
- return( ret );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( restart_enabled )
+ rs_ctx = &ctx->rs;
+#else
+ (void) restart_enabled;
+#endif
- return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
- olen, buf, blen );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q,
+ f_rng, p_rng, rs_ctx ) ) != 0 )
+ return( ret );
+#else
+ if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
+ f_rng, p_rng ) ) != 0 )
+ return( ret );
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+ return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format, olen,
+ buf, blen );
}
/*
- * Parse and import the client's public value
+ * Setup and export the client public value
*/
-int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
- const unsigned char *buf, size_t blen )
+int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int restart_enabled = 0;
+ ECDH_VALIDATE_RET( ctx != NULL );
+ ECDH_VALIDATE_RET( olen != NULL );
+ ECDH_VALIDATE_RET( buf != NULL );
+ ECDH_VALIDATE_RET( f_rng != NULL );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ restart_enabled = ctx->restart_enabled;
+#endif
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+ return( ecdh_make_public_internal( ctx, olen, ctx->point_format, buf, blen,
+ f_rng, p_rng, restart_enabled ) );
+#else
+ switch( ctx->var )
+ {
+ case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
+ return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen,
+ ctx->point_format, buf, blen,
+ f_rng, p_rng,
+ restart_enabled ) );
+ default:
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
+#endif
+}
+
+static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
+ const unsigned char *buf, size_t blen )
{
int ret;
const unsigned char *p = buf;
- if( ctx == NULL )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
- if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p, blen ) ) != 0 )
+ if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p,
+ blen ) ) != 0 )
return( ret );
if( (size_t)( p - buf ) != blen )
@@ -240,29 +572,109 @@
}
/*
- * Derive and export the shared secret
+ * Parse and import the client's public value
*/
-int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
- unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
+ const unsigned char *buf, size_t blen )
+{
+ ECDH_VALIDATE_RET( ctx != NULL );
+ ECDH_VALIDATE_RET( buf != NULL );
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+ return( ecdh_read_public_internal( ctx, buf, blen ) );
+#else
+ switch( ctx->var )
+ {
+ case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
+ return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh,
+ buf, blen ) );
+ default:
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
+#endif
+}
+
+static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
+ size_t *olen, unsigned char *buf,
+ size_t blen,
+ int (*f_rng)(void *,
+ unsigned char *,
+ size_t),
+ void *p_rng,
+ int restart_enabled )
{
int ret;
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ mbedtls_ecp_restart_ctx *rs_ctx = NULL;
+#endif
- if( ctx == NULL )
+ if( ctx == NULL || ctx->grp.pbits == 0 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
- if( ( ret = mbedtls_ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp, &ctx->d,
- f_rng, p_rng ) ) != 0 )
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( restart_enabled )
+ rs_ctx = &ctx->rs;
+#else
+ (void) restart_enabled;
+#endif
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( ( ret = ecdh_compute_shared_restartable( &ctx->grp, &ctx->z, &ctx->Qp,
+ &ctx->d, f_rng, p_rng,
+ rs_ctx ) ) != 0 )
{
return( ret );
}
+#else
+ if( ( ret = mbedtls_ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp,
+ &ctx->d, f_rng, p_rng ) ) != 0 )
+ {
+ return( ret );
+ }
+#endif /* MBEDTLS_ECP_RESTARTABLE */
if( mbedtls_mpi_size( &ctx->z ) > blen )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
*olen = ctx->grp.pbits / 8 + ( ( ctx->grp.pbits % 8 ) != 0 );
+
+ if( mbedtls_ecp_get_type( &ctx->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
+ return mbedtls_mpi_write_binary_le( &ctx->z, buf, *olen );
+
return mbedtls_mpi_write_binary( &ctx->z, buf, *olen );
}
+/*
+ * Derive and export the shared secret
+ */
+int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
+ unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int restart_enabled = 0;
+ ECDH_VALIDATE_RET( ctx != NULL );
+ ECDH_VALIDATE_RET( olen != NULL );
+ ECDH_VALIDATE_RET( buf != NULL );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ restart_enabled = ctx->restart_enabled;
+#endif
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+ return( ecdh_calc_secret_internal( ctx, olen, buf, blen, f_rng, p_rng,
+ restart_enabled ) );
+#else
+ switch( ctx->var )
+ {
+ case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
+ return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf,
+ blen, f_rng, p_rng,
+ restart_enabled ) );
+ default:
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ }
+#endif
+}
+
#endif /* MBEDTLS_ECDH_C */
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 17a88bd..dc19384 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -42,6 +42,186 @@
#include "mbedtls/hmac_drbg.h"
#endif
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc calloc
+#define mbedtls_free free
+#endif
+
+#include "mbedtls/platform_util.h"
+
+/* Parameter validation macros based on platform_util.h */
+#define ECDSA_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
+#define ECDSA_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+
+/*
+ * Sub-context for ecdsa_verify()
+ */
+struct mbedtls_ecdsa_restart_ver
+{
+ mbedtls_mpi u1, u2; /* intermediate values */
+ enum { /* what to do next? */
+ ecdsa_ver_init = 0, /* getting started */
+ ecdsa_ver_muladd, /* muladd step */
+ } state;
+};
+
+/*
+ * Init verify restart sub-context
+ */
+static void ecdsa_restart_ver_init( mbedtls_ecdsa_restart_ver_ctx *ctx )
+{
+ mbedtls_mpi_init( &ctx->u1 );
+ mbedtls_mpi_init( &ctx->u2 );
+ ctx->state = ecdsa_ver_init;
+}
+
+/*
+ * Free the components of a verify restart sub-context
+ */
+static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ mbedtls_mpi_free( &ctx->u1 );
+ mbedtls_mpi_free( &ctx->u2 );
+
+ ecdsa_restart_ver_init( ctx );
+}
+
+/*
+ * Sub-context for ecdsa_sign()
+ */
+struct mbedtls_ecdsa_restart_sig
+{
+ int sign_tries;
+ int key_tries;
+ mbedtls_mpi k; /* per-signature random */
+ mbedtls_mpi r; /* r value */
+ enum { /* what to do next? */
+ ecdsa_sig_init = 0, /* getting started */
+ ecdsa_sig_mul, /* doing ecp_mul() */
+ ecdsa_sig_modn, /* mod N computations */
+ } state;
+};
+
+/*
+ * Init verify sign sub-context
+ */
+static void ecdsa_restart_sig_init( mbedtls_ecdsa_restart_sig_ctx *ctx )
+{
+ ctx->sign_tries = 0;
+ ctx->key_tries = 0;
+ mbedtls_mpi_init( &ctx->k );
+ mbedtls_mpi_init( &ctx->r );
+ ctx->state = ecdsa_sig_init;
+}
+
+/*
+ * Free the components of a sign restart sub-context
+ */
+static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ mbedtls_mpi_free( &ctx->k );
+ mbedtls_mpi_free( &ctx->r );
+}
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+/*
+ * Sub-context for ecdsa_sign_det()
+ */
+struct mbedtls_ecdsa_restart_det
+{
+ mbedtls_hmac_drbg_context rng_ctx; /* DRBG state */
+ enum { /* what to do next? */
+ ecdsa_det_init = 0, /* getting started */
+ ecdsa_det_sign, /* make signature */
+ } state;
+};
+
+/*
+ * Init verify sign_det sub-context
+ */
+static void ecdsa_restart_det_init( mbedtls_ecdsa_restart_det_ctx *ctx )
+{
+ mbedtls_hmac_drbg_init( &ctx->rng_ctx );
+ ctx->state = ecdsa_det_init;
+}
+
+/*
+ * Free the components of a sign_det restart sub-context
+ */
+static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ mbedtls_hmac_drbg_free( &ctx->rng_ctx );
+
+ ecdsa_restart_det_init( ctx );
+}
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+#define ECDSA_RS_ECP &rs_ctx->ecp
+
+/* Utility macro for checking and updating ops budget */
+#define ECDSA_BUDGET( ops ) \
+ MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, &rs_ctx->ecp, ops ) );
+
+/* Call this when entering a function that needs its own sub-context */
+#define ECDSA_RS_ENTER( SUB ) do { \
+ /* reset ops count for this call if top-level */ \
+ if( rs_ctx != NULL && rs_ctx->ecp.depth++ == 0 ) \
+ rs_ctx->ecp.ops_done = 0; \
+ \
+ /* set up our own sub-context if needed */ \
+ if( mbedtls_ecp_restart_is_enabled() && \
+ rs_ctx != NULL && rs_ctx->SUB == NULL ) \
+ { \
+ rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) ); \
+ if( rs_ctx->SUB == NULL ) \
+ return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); \
+ \
+ ecdsa_restart_## SUB ##_init( rs_ctx->SUB ); \
+ } \
+} while( 0 )
+
+/* Call this when leaving a function that needs its own sub-context */
+#define ECDSA_RS_LEAVE( SUB ) do { \
+ /* clear our sub-context when not in progress (done or error) */ \
+ if( rs_ctx != NULL && rs_ctx->SUB != NULL && \
+ ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) \
+ { \
+ ecdsa_restart_## SUB ##_free( rs_ctx->SUB ); \
+ mbedtls_free( rs_ctx->SUB ); \
+ rs_ctx->SUB = NULL; \
+ } \
+ \
+ if( rs_ctx != NULL ) \
+ rs_ctx->ecp.depth--; \
+} while( 0 )
+
+#else /* MBEDTLS_ECP_RESTARTABLE */
+
+#define ECDSA_RS_ECP NULL
+
+#define ECDSA_BUDGET( ops ) /* no-op; for compatibility */
+
+#define ECDSA_RS_ENTER( SUB ) (void) rs_ctx
+#define ECDSA_RS_LEAVE( SUB ) (void) rs_ctx
+
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
/*
* Derive a suitable integer for group grp from a buffer of length len
* SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3
@@ -70,13 +250,17 @@
* Compute ECDSA signature of a hashed message (SEC1 4.1.3)
* Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message)
*/
-int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
+ mbedtls_mpi *r, mbedtls_mpi *s,
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ mbedtls_ecdsa_restart_ctx *rs_ctx )
{
- int ret, key_tries, sign_tries, blind_tries;
+ int ret, key_tries, sign_tries;
+ int *p_sign_tries = &sign_tries, *p_key_tries = &key_tries;
mbedtls_ecp_point R;
mbedtls_mpi k, e, t;
+ mbedtls_mpi *pk = &k, *pr = r;
/* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
if( grp->N.p == NULL )
@@ -89,26 +273,72 @@
mbedtls_ecp_point_init( &R );
mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t );
- sign_tries = 0;
+ ECDSA_RS_ENTER( sig );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->sig != NULL )
+ {
+ /* redirect to our context */
+ p_sign_tries = &rs_ctx->sig->sign_tries;
+ p_key_tries = &rs_ctx->sig->key_tries;
+ pk = &rs_ctx->sig->k;
+ pr = &rs_ctx->sig->r;
+
+ /* jump to current step */
+ if( rs_ctx->sig->state == ecdsa_sig_mul )
+ goto mul;
+ if( rs_ctx->sig->state == ecdsa_sig_modn )
+ goto modn;
+ }
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+ *p_sign_tries = 0;
do
{
+ if( *p_sign_tries++ > 10 )
+ {
+ ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
+ goto cleanup;
+ }
+
/*
* Steps 1-3: generate a suitable ephemeral keypair
* and set r = xR mod n
*/
- key_tries = 0;
+ *p_key_tries = 0;
do
{
- MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair( grp, &k, &R, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( r, &R.X, &grp->N ) );
-
- if( key_tries++ > 10 )
+ if( *p_key_tries++ > 10 )
{
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup;
}
+
+ MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->sig != NULL )
+ rs_ctx->sig->state = ecdsa_sig_mul;
+
+mul:
+#endif
+ MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &R, pk, &grp->G,
+ f_rng, p_rng, ECDSA_RS_ECP ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pr, &R.X, &grp->N ) );
}
- while( mbedtls_mpi_cmp_int( r, 0 ) == 0 );
+ while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->sig != NULL )
+ rs_ctx->sig->state = ecdsa_sig_modn;
+
+modn:
+#endif
+ /*
+ * Accounting for everything up to the end of the loop
+ * (step 6, but checking now avoids saving e and t)
+ */
+ ECDSA_BUDGET( MBEDTLS_ECP_OPS_INV + 4 );
/*
* Step 5: derive MPI from hashed message
@@ -119,57 +349,67 @@
* Generate a random value to blind inv_mod in next step,
* avoiding a potential timing leak.
*/
- blind_tries = 0;
- do
- {
- size_t n_size = ( grp->nbits + 7 ) / 8;
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &t, n_size, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &t, 8 * n_size - grp->nbits ) );
-
- /* See mbedtls_ecp_gen_keypair() */
- if( ++blind_tries > 30 )
- return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
- }
- while( mbedtls_mpi_cmp_int( &t, 1 ) < 0 ||
- mbedtls_mpi_cmp_mpi( &t, &grp->N ) >= 0 );
+ MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, &t, f_rng, p_rng ) );
/*
* Step 6: compute s = (e + r * d) / k = t (e + rd) / (kt) mod n
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, r, d ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, pr, d ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &e, &e, s ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &e, &e, &t ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &k, &k, &t ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, &k, &grp->N ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pk, pk, &t ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
-
- if( sign_tries++ > 10 )
- {
- ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
- goto cleanup;
- }
}
while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->sig != NULL )
+ mbedtls_mpi_copy( r, pr );
+#endif
+
cleanup:
mbedtls_ecp_point_free( &R );
mbedtls_mpi_free( &k ); mbedtls_mpi_free( &e ); mbedtls_mpi_free( &t );
+ ECDSA_RS_LEAVE( sig );
+
return( ret );
}
-#endif /* MBEDTLS_ECDSA_SIGN_ALT */
+
+/*
+ * Compute ECDSA signature of a hashed message
+ */
+int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+ const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ ECDSA_VALIDATE_RET( grp != NULL );
+ ECDSA_VALIDATE_RET( r != NULL );
+ ECDSA_VALIDATE_RET( s != NULL );
+ ECDSA_VALIDATE_RET( d != NULL );
+ ECDSA_VALIDATE_RET( f_rng != NULL );
+ ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
+
+ return( ecdsa_sign_restartable( grp, r, s, d, buf, blen,
+ f_rng, p_rng, NULL ) );
+}
+#endif /* !MBEDTLS_ECDSA_SIGN_ALT */
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
/*
* Deterministic signature wrapper
*/
-int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
+ mbedtls_mpi *r, mbedtls_mpi *s,
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
- mbedtls_md_type_t md_alg )
+ mbedtls_md_type_t md_alg,
+ mbedtls_ecdsa_restart_ctx *rs_ctx )
{
int ret;
mbedtls_hmac_drbg_context rng_ctx;
+ mbedtls_hmac_drbg_context *p_rng = &rng_ctx;
unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
size_t grp_len = ( grp->nbits + 7 ) / 8;
const mbedtls_md_info_t *md_info;
@@ -181,21 +421,64 @@
mbedtls_mpi_init( &h );
mbedtls_hmac_drbg_init( &rng_ctx );
+ ECDSA_RS_ENTER( det );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->det != NULL )
+ {
+ /* redirect to our context */
+ p_rng = &rs_ctx->det->rng_ctx;
+
+ /* jump to current step */
+ if( rs_ctx->det->state == ecdsa_det_sign )
+ goto sign;
+ }
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
/* Use private key and message hash (reduced) to initialize HMAC_DRBG */
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) );
MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) );
- mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len );
+ mbedtls_hmac_drbg_seed_buf( p_rng, md_info, data, 2 * grp_len );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->det != NULL )
+ rs_ctx->det->state = ecdsa_det_sign;
+
+sign:
+#endif
+#if defined(MBEDTLS_ECDSA_SIGN_ALT)
ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
- mbedtls_hmac_drbg_random, &rng_ctx );
+ mbedtls_hmac_drbg_random, p_rng );
+#else
+ ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen,
+ mbedtls_hmac_drbg_random, p_rng, rs_ctx );
+#endif /* MBEDTLS_ECDSA_SIGN_ALT */
cleanup:
mbedtls_hmac_drbg_free( &rng_ctx );
mbedtls_mpi_free( &h );
+ ECDSA_RS_LEAVE( det );
+
return( ret );
}
+
+/*
+ * Deterministic signature wrapper
+ */
+int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+ const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+ mbedtls_md_type_t md_alg )
+{
+ ECDSA_VALIDATE_RET( grp != NULL );
+ ECDSA_VALIDATE_RET( r != NULL );
+ ECDSA_VALIDATE_RET( s != NULL );
+ ECDSA_VALIDATE_RET( d != NULL );
+ ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
+
+ return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg, NULL ) );
+}
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
#if !defined(MBEDTLS_ECDSA_VERIFY_ALT)
@@ -203,21 +486,40 @@
* Verify ECDSA signature of hashed message (SEC1 4.1.4)
* Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message)
*/
-int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
- const unsigned char *buf, size_t blen,
- const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s)
+static int ecdsa_verify_restartable( mbedtls_ecp_group *grp,
+ const unsigned char *buf, size_t blen,
+ const mbedtls_ecp_point *Q,
+ const mbedtls_mpi *r, const mbedtls_mpi *s,
+ mbedtls_ecdsa_restart_ctx *rs_ctx )
{
int ret;
mbedtls_mpi e, s_inv, u1, u2;
mbedtls_ecp_point R;
+ mbedtls_mpi *pu1 = &u1, *pu2 = &u2;
mbedtls_ecp_point_init( &R );
- mbedtls_mpi_init( &e ); mbedtls_mpi_init( &s_inv ); mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 );
+ mbedtls_mpi_init( &e ); mbedtls_mpi_init( &s_inv );
+ mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 );
/* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
if( grp->N.p == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ ECDSA_RS_ENTER( ver );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->ver != NULL )
+ {
+ /* redirect to our context */
+ pu1 = &rs_ctx->ver->u1;
+ pu2 = &rs_ctx->ver->u2;
+
+ /* jump to current step */
+ if( rs_ctx->ver->state == ecdsa_ver_muladd )
+ goto muladd;
+ }
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
/*
* Step 1: make sure r and s are in range 1..n-1
*/
@@ -229,11 +531,6 @@
}
/*
- * Additional precaution: make sure Q is valid
- */
- MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, Q ) );
-
- /*
* Step 3: derive MPI from hashed message
*/
MBEDTLS_MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
@@ -241,21 +538,27 @@
/*
* Step 4: u1 = e / s mod n, u2 = r / s mod n
*/
+ ECDSA_BUDGET( MBEDTLS_ECP_OPS_CHK + MBEDTLS_ECP_OPS_INV + 2 );
+
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &s_inv, s, &grp->N ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &u1, &e, &s_inv ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &u1, &u1, &grp->N ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pu1, &e, &s_inv ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pu1, pu1, &grp->N ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &u2, r, &s_inv ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &u2, &u2, &grp->N ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pu2, r, &s_inv ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pu2, pu2, &grp->N ) );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->ver != NULL )
+ rs_ctx->ver->state = ecdsa_ver_muladd;
+
+muladd:
+#endif
/*
* Step 5: R = u1 G + u2 Q
- *
- * Since we're not using any secret data, no need to pass a RNG to
- * mbedtls_ecp_mul() for countermesures.
*/
- MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, &R, &u1, &grp->G, &u2, Q ) );
+ MBEDTLS_MPI_CHK( mbedtls_ecp_muladd_restartable( grp,
+ &R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP ) );
if( mbedtls_ecp_is_zero( &R ) )
{
@@ -280,11 +583,32 @@
cleanup:
mbedtls_ecp_point_free( &R );
- mbedtls_mpi_free( &e ); mbedtls_mpi_free( &s_inv ); mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 );
+ mbedtls_mpi_free( &e ); mbedtls_mpi_free( &s_inv );
+ mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 );
+
+ ECDSA_RS_LEAVE( ver );
return( ret );
}
-#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
+
+/*
+ * Verify ECDSA signature of hashed message
+ */
+int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
+ const unsigned char *buf, size_t blen,
+ const mbedtls_ecp_point *Q,
+ const mbedtls_mpi *r,
+ const mbedtls_mpi *s)
+{
+ ECDSA_VALIDATE_RET( grp != NULL );
+ ECDSA_VALIDATE_RET( Q != NULL );
+ ECDSA_VALIDATE_RET( r != NULL );
+ ECDSA_VALIDATE_RET( s != NULL );
+ ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
+
+ return( ecdsa_verify_restartable( grp, buf, blen, Q, r, s, NULL ) );
+}
+#endif /* !MBEDTLS_ECDSA_VERIFY_ALT */
/*
* Convert a signature (given by context) to ASN.1
@@ -313,14 +637,20 @@
/*
* Compute and write signature
*/
-int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
+int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
+ mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t *slen,
int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+ void *p_rng,
+ mbedtls_ecdsa_restart_ctx *rs_ctx )
{
int ret;
mbedtls_mpi r, s;
+ ECDSA_VALIDATE_RET( ctx != NULL );
+ ECDSA_VALIDATE_RET( hash != NULL );
+ ECDSA_VALIDATE_RET( sig != NULL );
+ ECDSA_VALIDATE_RET( slen != NULL );
mbedtls_mpi_init( &r );
mbedtls_mpi_init( &s );
@@ -329,14 +659,19 @@
(void) f_rng;
(void) p_rng;
- MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ctx->grp, &r, &s, &ctx->d,
- hash, hlen, md_alg ) );
+ MBEDTLS_MPI_CHK( ecdsa_sign_det_restartable( &ctx->grp, &r, &s, &ctx->d,
+ hash, hlen, md_alg, rs_ctx ) );
#else
(void) md_alg;
+#if defined(MBEDTLS_ECDSA_SIGN_ALT)
MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ctx->grp, &r, &s, &ctx->d,
hash, hlen, f_rng, p_rng ) );
-#endif
+#else
+ MBEDTLS_MPI_CHK( ecdsa_sign_restartable( &ctx->grp, &r, &s, &ctx->d,
+ hash, hlen, f_rng, p_rng, rs_ctx ) );
+#endif /* MBEDTLS_ECDSA_SIGN_ALT */
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
MBEDTLS_MPI_CHK( ecdsa_signature_to_asn1( &r, &s, sig, slen ) );
@@ -347,13 +682,35 @@
return( ret );
}
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED) && \
+/*
+ * Compute and write signature
+ */
+int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hlen,
+ unsigned char *sig, size_t *slen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ ECDSA_VALIDATE_RET( ctx != NULL );
+ ECDSA_VALIDATE_RET( hash != NULL );
+ ECDSA_VALIDATE_RET( sig != NULL );
+ ECDSA_VALIDATE_RET( slen != NULL );
+ return( mbedtls_ecdsa_write_signature_restartable(
+ ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL ) );
+}
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) && \
defined(MBEDTLS_ECDSA_DETERMINISTIC)
int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t *slen,
mbedtls_md_type_t md_alg )
{
+ ECDSA_VALIDATE_RET( ctx != NULL );
+ ECDSA_VALIDATE_RET( hash != NULL );
+ ECDSA_VALIDATE_RET( sig != NULL );
+ ECDSA_VALIDATE_RET( slen != NULL );
return( mbedtls_ecdsa_write_signature( ctx, md_alg, hash, hlen, sig, slen,
NULL, NULL ) );
}
@@ -366,11 +723,29 @@
const unsigned char *hash, size_t hlen,
const unsigned char *sig, size_t slen )
{
+ ECDSA_VALIDATE_RET( ctx != NULL );
+ ECDSA_VALIDATE_RET( hash != NULL );
+ ECDSA_VALIDATE_RET( sig != NULL );
+ return( mbedtls_ecdsa_read_signature_restartable(
+ ctx, hash, hlen, sig, slen, NULL ) );
+}
+
+/*
+ * Restartable read and check signature
+ */
+int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
+ const unsigned char *hash, size_t hlen,
+ const unsigned char *sig, size_t slen,
+ mbedtls_ecdsa_restart_ctx *rs_ctx )
+{
int ret;
unsigned char *p = (unsigned char *) sig;
const unsigned char *end = sig + slen;
size_t len;
mbedtls_mpi r, s;
+ ECDSA_VALIDATE_RET( ctx != NULL );
+ ECDSA_VALIDATE_RET( hash != NULL );
+ ECDSA_VALIDATE_RET( sig != NULL );
mbedtls_mpi_init( &r );
mbedtls_mpi_init( &s );
@@ -395,10 +770,15 @@
ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
}
-
+#if defined(MBEDTLS_ECDSA_VERIFY_ALT)
if( ( ret = mbedtls_ecdsa_verify( &ctx->grp, hash, hlen,
- &ctx->Q, &r, &s ) ) != 0 )
+ &ctx->Q, &r, &s ) ) != 0 )
goto cleanup;
+#else
+ if( ( ret = ecdsa_verify_restartable( &ctx->grp, hash, hlen,
+ &ctx->Q, &r, &s, rs_ctx ) ) != 0 )
+ goto cleanup;
+#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
/* At this point we know that the buffer starts with a valid signature.
* Return 0 if the buffer just contains the signature, and a specific
@@ -420,10 +800,18 @@
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
- mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
+ int ret = 0;
+ ECDSA_VALIDATE_RET( ctx != NULL );
+ ECDSA_VALIDATE_RET( f_rng != NULL );
+
+ ret = mbedtls_ecp_group_load( &ctx->grp, gid );
+ if( ret != 0 )
+ return( ret );
+
+ return( mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d,
+ &ctx->Q, f_rng, p_rng ) );
}
-#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
+#endif /* !MBEDTLS_ECDSA_GENKEY_ALT */
/*
* Set context from an mbedtls_ecp_keypair
@@ -431,6 +819,8 @@
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key )
{
int ret;
+ ECDSA_VALIDATE_RET( ctx != NULL );
+ ECDSA_VALIDATE_RET( key != NULL );
if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 ||
( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 ||
@@ -447,6 +837,8 @@
*/
void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx )
{
+ ECDSA_VALIDATE( ctx != NULL );
+
mbedtls_ecp_keypair_init( ctx );
}
@@ -455,7 +847,53 @@
*/
void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx )
{
+ if( ctx == NULL )
+ return;
+
mbedtls_ecp_keypair_free( ctx );
}
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+/*
+ * Initialize a restart context
+ */
+void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx )
+{
+ ECDSA_VALIDATE( ctx != NULL );
+
+ mbedtls_ecp_restart_init( &ctx->ecp );
+
+ ctx->ver = NULL;
+ ctx->sig = NULL;
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+ ctx->det = NULL;
+#endif
+}
+
+/*
+ * Free the components of a restart context
+ */
+void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ mbedtls_ecp_restart_free( &ctx->ecp );
+
+ ecdsa_restart_ver_free( ctx->ver );
+ mbedtls_free( ctx->ver );
+ ctx->ver = NULL;
+
+ ecdsa_restart_sig_free( ctx->sig );
+ mbedtls_free( ctx->sig );
+ ctx->sig = NULL;
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+ ecdsa_restart_det_free( ctx->det );
+ mbedtls_free( ctx->det );
+ ctx->det = NULL;
+#endif
+}
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
#endif /* MBEDTLS_ECDSA_C */
diff --git a/library/ecjpake.c b/library/ecjpake.c
index ec5a400..b276514 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -33,11 +33,18 @@
#if defined(MBEDTLS_ECJPAKE_C)
#include "mbedtls/ecjpake.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
#if !defined(MBEDTLS_ECJPAKE_ALT)
+/* Parameter validation macros based on platform_util.h */
+#define ECJPAKE_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
+#define ECJPAKE_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
/*
* Convert a mbedtls_ecjpake_role to identifier string
*/
@@ -54,8 +61,7 @@
*/
void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
{
- if( ctx == NULL )
- return;
+ ECJPAKE_VALIDATE( ctx != NULL );
ctx->md_info = NULL;
mbedtls_ecp_group_init( &ctx->grp );
@@ -106,6 +112,11 @@
{
int ret;
+ ECJPAKE_VALIDATE_RET( ctx != NULL );
+ ECJPAKE_VALIDATE_RET( role == MBEDTLS_ECJPAKE_CLIENT ||
+ role == MBEDTLS_ECJPAKE_SERVER );
+ ECJPAKE_VALIDATE_RET( secret != NULL || len == 0 );
+
ctx->role = role;
if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL )
@@ -127,6 +138,8 @@
*/
int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )
{
+ ECJPAKE_VALIDATE_RET( ctx != NULL );
+
if( ctx->md_info == NULL ||
ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
ctx->s.p == NULL )
@@ -504,6 +517,9 @@
const unsigned char *buf,
size_t len )
{
+ ECJPAKE_VALIDATE_RET( ctx != NULL );
+ ECJPAKE_VALIDATE_RET( buf != NULL );
+
return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, ctx->point_format,
&ctx->grp.G,
&ctx->Xp1, &ctx->Xp2, ID_PEER,
@@ -518,6 +534,11 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
+ ECJPAKE_VALIDATE_RET( ctx != NULL );
+ ECJPAKE_VALIDATE_RET( buf != NULL );
+ ECJPAKE_VALIDATE_RET( olen != NULL );
+ ECJPAKE_VALIDATE_RET( f_rng != NULL );
+
return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, ctx->point_format,
&ctx->grp.G,
&ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
@@ -560,6 +581,9 @@
mbedtls_ecp_group grp;
mbedtls_ecp_point G; /* C: GB, S: GA */
+ ECJPAKE_VALIDATE_RET( ctx != NULL );
+ ECJPAKE_VALIDATE_RET( buf != NULL );
+
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &G );
@@ -652,6 +676,11 @@
const unsigned char *end = buf + len;
size_t ec_len;
+ ECJPAKE_VALIDATE_RET( ctx != NULL );
+ ECJPAKE_VALIDATE_RET( buf != NULL );
+ ECJPAKE_VALIDATE_RET( olen != NULL );
+ ECJPAKE_VALIDATE_RET( f_rng != NULL );
+
mbedtls_ecp_point_init( &G );
mbedtls_ecp_point_init( &Xm );
mbedtls_mpi_init( &xm );
@@ -727,6 +756,11 @@
unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
size_t x_bytes;
+ ECJPAKE_VALIDATE_RET( ctx != NULL );
+ ECJPAKE_VALIDATE_RET( buf != NULL );
+ ECJPAKE_VALIDATE_RET( olen != NULL );
+ ECJPAKE_VALIDATE_RET( f_rng != NULL );
+
*olen = mbedtls_md_get_size( ctx->md_info );
if( len < *olen )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
@@ -917,7 +951,7 @@
0xb4, 0x38, 0xf7, 0x19, 0xd3, 0xc4, 0xf3, 0x51
};
-/* Load my private keys and generate the correponding public keys */
+/* Load my private keys and generate the corresponding public keys */
static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
const unsigned char *xm1, size_t len1,
const unsigned char *xm2, size_t len2 )
diff --git a/library/ecp.c b/library/ecp.c
index 41db3fb..7a263b2 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -47,6 +47,35 @@
#include MBEDTLS_CONFIG_FILE
#endif
+/**
+ * \brief Function level alternative implementation.
+ *
+ * The MBEDTLS_ECP_INTERNAL_ALT macro enables alternative implementations to
+ * replace certain functions in this module. The alternative implementations are
+ * typically hardware accelerators and need to activate the hardware before the
+ * computation starts and deactivate it after it finishes. The
+ * mbedtls_internal_ecp_init() and mbedtls_internal_ecp_free() functions serve
+ * this purpose.
+ *
+ * To preserve the correct functionality the following conditions must hold:
+ *
+ * - The alternative implementation must be activated by
+ * mbedtls_internal_ecp_init() before any of the replaceable functions is
+ * called.
+ * - mbedtls_internal_ecp_free() must \b only be called when the alternative
+ * implementation is activated.
+ * - mbedtls_internal_ecp_init() must \b not be called when the alternative
+ * implementation is activated.
+ * - Public functions must not return while the alternative implementation is
+ * activated.
+ * - Replaceable functions are guarded by \c MBEDTLS_ECP_XXX_ALT macros and
+ * before calling them an \code if( mbedtls_internal_ecp_grp_capable( grp ) )
+ * \endcode ensures that the alternative implementation supports the current
+ * group.
+ */
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+#endif
+
#if defined(MBEDTLS_ECP_C)
#include "mbedtls/ecp.h"
@@ -57,6 +86,12 @@
#if !defined(MBEDTLS_ECP_ALT)
+/* Parameter validation macros based on platform_util.h */
+#define ECP_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
+#define ECP_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
@@ -82,6 +117,233 @@
static unsigned long add_count, dbl_count, mul_count;
#endif
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+/*
+ * Maximum number of "basic operations" to be done in a row.
+ *
+ * Default value 0 means that ECC operations will not yield.
+ * Note that regardless of the value of ecp_max_ops, always at
+ * least one step is performed before yielding.
+ *
+ * Setting ecp_max_ops=1 can be suitable for testing purposes
+ * as it will interrupt computation at all possible points.
+ */
+static unsigned ecp_max_ops = 0;
+
+/*
+ * Set ecp_max_ops
+ */
+void mbedtls_ecp_set_max_ops( unsigned max_ops )
+{
+ ecp_max_ops = max_ops;
+}
+
+/*
+ * Check if restart is enabled
+ */
+int mbedtls_ecp_restart_is_enabled( void )
+{
+ return( ecp_max_ops != 0 );
+}
+
+/*
+ * Restart sub-context for ecp_mul_comb()
+ */
+struct mbedtls_ecp_restart_mul
+{
+ mbedtls_ecp_point R; /* current intermediate result */
+ size_t i; /* current index in various loops, 0 outside */
+ mbedtls_ecp_point *T; /* table for precomputed points */
+ unsigned char T_size; /* number of points in table T */
+ enum { /* what were we doing last time we returned? */
+ ecp_rsm_init = 0, /* nothing so far, dummy initial state */
+ ecp_rsm_pre_dbl, /* precompute 2^n multiples */
+ ecp_rsm_pre_norm_dbl, /* normalize precomputed 2^n multiples */
+ ecp_rsm_pre_add, /* precompute remaining points by adding */
+ ecp_rsm_pre_norm_add, /* normalize all precomputed points */
+ ecp_rsm_comb_core, /* ecp_mul_comb_core() */
+ ecp_rsm_final_norm, /* do the final normalization */
+ } state;
+};
+
+/*
+ * Init restart_mul sub-context
+ */
+static void ecp_restart_rsm_init( mbedtls_ecp_restart_mul_ctx *ctx )
+{
+ mbedtls_ecp_point_init( &ctx->R );
+ ctx->i = 0;
+ ctx->T = NULL;
+ ctx->T_size = 0;
+ ctx->state = ecp_rsm_init;
+}
+
+/*
+ * Free the components of a restart_mul sub-context
+ */
+static void ecp_restart_rsm_free( mbedtls_ecp_restart_mul_ctx *ctx )
+{
+ unsigned char i;
+
+ if( ctx == NULL )
+ return;
+
+ mbedtls_ecp_point_free( &ctx->R );
+
+ if( ctx->T != NULL )
+ {
+ for( i = 0; i < ctx->T_size; i++ )
+ mbedtls_ecp_point_free( ctx->T + i );
+ mbedtls_free( ctx->T );
+ }
+
+ ecp_restart_rsm_init( ctx );
+}
+
+/*
+ * Restart context for ecp_muladd()
+ */
+struct mbedtls_ecp_restart_muladd
+{
+ mbedtls_ecp_point mP; /* mP value */
+ mbedtls_ecp_point R; /* R intermediate result */
+ enum { /* what should we do next? */
+ ecp_rsma_mul1 = 0, /* first multiplication */
+ ecp_rsma_mul2, /* second multiplication */
+ ecp_rsma_add, /* addition */
+ ecp_rsma_norm, /* normalization */
+ } state;
+};
+
+/*
+ * Init restart_muladd sub-context
+ */
+static void ecp_restart_ma_init( mbedtls_ecp_restart_muladd_ctx *ctx )
+{
+ mbedtls_ecp_point_init( &ctx->mP );
+ mbedtls_ecp_point_init( &ctx->R );
+ ctx->state = ecp_rsma_mul1;
+}
+
+/*
+ * Free the components of a restart_muladd sub-context
+ */
+static void ecp_restart_ma_free( mbedtls_ecp_restart_muladd_ctx *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ mbedtls_ecp_point_free( &ctx->mP );
+ mbedtls_ecp_point_free( &ctx->R );
+
+ ecp_restart_ma_init( ctx );
+}
+
+/*
+ * Initialize a restart context
+ */
+void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx )
+{
+ ECP_VALIDATE( ctx != NULL );
+ ctx->ops_done = 0;
+ ctx->depth = 0;
+ ctx->rsm = NULL;
+ ctx->ma = NULL;
+}
+
+/*
+ * Free the components of a restart context
+ */
+void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ ecp_restart_rsm_free( ctx->rsm );
+ mbedtls_free( ctx->rsm );
+
+ ecp_restart_ma_free( ctx->ma );
+ mbedtls_free( ctx->ma );
+
+ mbedtls_ecp_restart_init( ctx );
+}
+
+/*
+ * Check if we can do the next step
+ */
+int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
+ mbedtls_ecp_restart_ctx *rs_ctx,
+ unsigned ops )
+{
+ ECP_VALIDATE_RET( grp != NULL );
+
+ if( rs_ctx != NULL && ecp_max_ops != 0 )
+ {
+ /* scale depending on curve size: the chosen reference is 256-bit,
+ * and multiplication is quadratic. Round to the closest integer. */
+ if( grp->pbits >= 512 )
+ ops *= 4;
+ else if( grp->pbits >= 384 )
+ ops *= 2;
+
+ /* Avoid infinite loops: always allow first step.
+ * Because of that, however, it's not generally true
+ * that ops_done <= ecp_max_ops, so the check
+ * ops_done > ecp_max_ops below is mandatory. */
+ if( ( rs_ctx->ops_done != 0 ) &&
+ ( rs_ctx->ops_done > ecp_max_ops ||
+ ops > ecp_max_ops - rs_ctx->ops_done ) )
+ {
+ return( MBEDTLS_ERR_ECP_IN_PROGRESS );
+ }
+
+ /* update running count */
+ rs_ctx->ops_done += ops;
+ }
+
+ return( 0 );
+}
+
+/* Call this when entering a function that needs its own sub-context */
+#define ECP_RS_ENTER( SUB ) do { \
+ /* reset ops count for this call if top-level */ \
+ if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) \
+ rs_ctx->ops_done = 0; \
+ \
+ /* set up our own sub-context if needed */ \
+ if( mbedtls_ecp_restart_is_enabled() && \
+ rs_ctx != NULL && rs_ctx->SUB == NULL ) \
+ { \
+ rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) ); \
+ if( rs_ctx->SUB == NULL ) \
+ return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); \
+ \
+ ecp_restart_## SUB ##_init( rs_ctx->SUB ); \
+ } \
+} while( 0 )
+
+/* Call this when leaving a function that needs its own sub-context */
+#define ECP_RS_LEAVE( SUB ) do { \
+ /* clear our sub-context when not in progress (done or error) */ \
+ if( rs_ctx != NULL && rs_ctx->SUB != NULL && \
+ ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) \
+ { \
+ ecp_restart_## SUB ##_free( rs_ctx->SUB ); \
+ mbedtls_free( rs_ctx->SUB ); \
+ rs_ctx->SUB = NULL; \
+ } \
+ \
+ if( rs_ctx != NULL ) \
+ rs_ctx->depth--; \
+} while( 0 )
+
+#else /* MBEDTLS_ECP_RESTARTABLE */
+
+#define ECP_RS_ENTER( sub ) (void) rs_ctx;
+#define ECP_RS_LEAVE( sub ) (void) rs_ctx;
+
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
@@ -102,16 +364,6 @@
#endif
/*
- * Curve types: internal for now, might be exposed later
- */
-typedef enum
-{
- ECP_TYPE_NONE = 0,
- ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */
- ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */
-} ecp_curve_type;
-
-/*
* List of supported curves:
* - internal ID
* - TLS NamedCurve ID (RFC 4492 sec. 5.1.1, RFC 7071 sec. 2)
@@ -243,6 +495,9 @@
{
const mbedtls_ecp_curve_info *curve_info;
+ if( name == NULL )
+ return( NULL );
+
for( curve_info = mbedtls_ecp_curve_list();
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
curve_info++ )
@@ -257,15 +512,15 @@
/*
* Get the type of a curve
*/
-static inline ecp_curve_type ecp_get_type( const mbedtls_ecp_group *grp )
+mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp )
{
if( grp->G.X.p == NULL )
- return( ECP_TYPE_NONE );
+ return( MBEDTLS_ECP_TYPE_NONE );
if( grp->G.Y.p == NULL )
- return( ECP_TYPE_MONTGOMERY );
+ return( MBEDTLS_ECP_TYPE_MONTGOMERY );
else
- return( ECP_TYPE_SHORT_WEIERSTRASS );
+ return( MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS );
}
/*
@@ -273,8 +528,7 @@
*/
void mbedtls_ecp_point_init( mbedtls_ecp_point *pt )
{
- if( pt == NULL )
- return;
+ ECP_VALIDATE( pt != NULL );
mbedtls_mpi_init( &pt->X );
mbedtls_mpi_init( &pt->Y );
@@ -286,10 +540,23 @@
*/
void mbedtls_ecp_group_init( mbedtls_ecp_group *grp )
{
- if( grp == NULL )
- return;
+ ECP_VALIDATE( grp != NULL );
- memset( grp, 0, sizeof( mbedtls_ecp_group ) );
+ grp->id = MBEDTLS_ECP_DP_NONE;
+ mbedtls_mpi_init( &grp->P );
+ mbedtls_mpi_init( &grp->A );
+ mbedtls_mpi_init( &grp->B );
+ mbedtls_ecp_point_init( &grp->G );
+ mbedtls_mpi_init( &grp->N );
+ grp->pbits = 0;
+ grp->nbits = 0;
+ grp->h = 0;
+ grp->modp = NULL;
+ grp->t_pre = NULL;
+ grp->t_post = NULL;
+ grp->t_data = NULL;
+ grp->T = NULL;
+ grp->T_size = 0;
}
/*
@@ -297,8 +564,7 @@
*/
void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key )
{
- if( key == NULL )
- return;
+ ECP_VALIDATE( key != NULL );
mbedtls_ecp_group_init( &key->grp );
mbedtls_mpi_init( &key->d );
@@ -366,6 +632,8 @@
int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
{
int ret;
+ ECP_VALIDATE_RET( P != NULL );
+ ECP_VALIDATE_RET( Q != NULL );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->X, &Q->X ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Y, &Q->Y ) );
@@ -380,7 +648,10 @@
*/
int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src )
{
- return mbedtls_ecp_group_load( dst, src->id );
+ ECP_VALIDATE_RET( dst != NULL );
+ ECP_VALIDATE_RET( src != NULL );
+
+ return( mbedtls_ecp_group_load( dst, src->id ) );
}
/*
@@ -389,6 +660,7 @@
int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt )
{
int ret;
+ ECP_VALIDATE_RET( pt != NULL );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Y , 1 ) );
@@ -403,15 +675,20 @@
*/
int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt )
{
+ ECP_VALIDATE_RET( pt != NULL );
+
return( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 );
}
/*
- * Compare two points lazyly
+ * Compare two points lazily
*/
int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
const mbedtls_ecp_point *Q )
{
+ ECP_VALIDATE_RET( P != NULL );
+ ECP_VALIDATE_RET( Q != NULL );
+
if( mbedtls_mpi_cmp_mpi( &P->X, &Q->X ) == 0 &&
mbedtls_mpi_cmp_mpi( &P->Y, &Q->Y ) == 0 &&
mbedtls_mpi_cmp_mpi( &P->Z, &Q->Z ) == 0 )
@@ -429,6 +706,9 @@
const char *x, const char *y )
{
int ret;
+ ECP_VALIDATE_RET( P != NULL );
+ ECP_VALIDATE_RET( x != NULL );
+ ECP_VALIDATE_RET( y != NULL );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->X, radix, x ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->Y, radix, y ) );
@@ -439,92 +719,136 @@
}
/*
- * Export a point into unsigned binary data (SEC1 2.3.3)
+ * Export a point into unsigned binary data (SEC1 2.3.3 and RFC7748)
*/
-int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
- int format, size_t *olen,
- unsigned char *buf, size_t buflen )
+int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
+ const mbedtls_ecp_point *P,
+ int format, size_t *olen,
+ unsigned char *buf, size_t buflen )
{
- int ret = 0;
+ int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
size_t plen;
-
- if( format != MBEDTLS_ECP_PF_UNCOMPRESSED &&
- format != MBEDTLS_ECP_PF_COMPRESSED )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
- /*
- * Common case: P == 0
- */
- if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
- {
- if( buflen < 1 )
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
- buf[0] = 0x00;
- *olen = 1;
-
- return( 0 );
- }
+ ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET( P != NULL );
+ ECP_VALIDATE_RET( olen != NULL );
+ ECP_VALIDATE_RET( buf != NULL );
+ ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED ||
+ format == MBEDTLS_ECP_PF_COMPRESSED );
plen = mbedtls_mpi_size( &grp->P );
- if( format == MBEDTLS_ECP_PF_UNCOMPRESSED )
+#if defined(ECP_MONTGOMERY)
+ if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
{
- *olen = 2 * plen + 1;
-
+ *olen = plen;
if( buflen < *olen )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
- buf[0] = 0x04;
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->Y, buf + 1 + plen, plen ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &P->X, buf, plen ) );
}
- else if( format == MBEDTLS_ECP_PF_COMPRESSED )
+#endif
+#if defined(ECP_SHORTWEIERSTRASS)
+ if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
{
- *olen = plen + 1;
+ /*
+ * Common case: P == 0
+ */
+ if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
+ {
+ if( buflen < 1 )
+ return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
- if( buflen < *olen )
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+ buf[0] = 0x00;
+ *olen = 1;
- buf[0] = 0x02 + mbedtls_mpi_get_bit( &P->Y, 0 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
+ return( 0 );
+ }
+
+ if( format == MBEDTLS_ECP_PF_UNCOMPRESSED )
+ {
+ *olen = 2 * plen + 1;
+
+ if( buflen < *olen )
+ return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+ buf[0] = 0x04;
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->Y, buf + 1 + plen, plen ) );
+ }
+ else if( format == MBEDTLS_ECP_PF_COMPRESSED )
+ {
+ *olen = plen + 1;
+
+ if( buflen < *olen )
+ return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+ buf[0] = 0x02 + mbedtls_mpi_get_bit( &P->Y, 0 );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
+ }
}
+#endif
cleanup:
return( ret );
}
/*
- * Import a point from unsigned binary data (SEC1 2.3.4)
+ * Import a point from unsigned binary data (SEC1 2.3.4 and RFC7748)
*/
-int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
- const unsigned char *buf, size_t ilen )
+int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *pt,
+ const unsigned char *buf, size_t ilen )
{
- int ret;
+ int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
size_t plen;
+ ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET( pt != NULL );
+ ECP_VALIDATE_RET( buf != NULL );
if( ilen < 1 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
- if( buf[0] == 0x00 )
- {
- if( ilen == 1 )
- return( mbedtls_ecp_set_zero( pt ) );
- else
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
- }
-
plen = mbedtls_mpi_size( &grp->P );
- if( buf[0] != 0x04 )
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+#if defined(ECP_MONTGOMERY)
+ if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
+ {
+ if( plen != ilen )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
- if( ilen != 2 * plen + 1 )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &pt->X, buf, plen ) );
+ mbedtls_mpi_free( &pt->Y );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->X, buf + 1, plen ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->Y, buf + 1 + plen, plen ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
+ if( grp->id == MBEDTLS_ECP_DP_CURVE25519 )
+ /* Set most significant bit to 0 as prescribed in RFC7748 §5 */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &pt->X, plen * 8 - 1, 0 ) );
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
+ }
+#endif
+#if defined(ECP_SHORTWEIERSTRASS)
+ if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
+ {
+ if( buf[0] == 0x00 )
+ {
+ if( ilen == 1 )
+ return( mbedtls_ecp_set_zero( pt ) );
+ else
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ }
+
+ if( buf[0] != 0x04 )
+ return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+
+ if( ilen != 2 * plen + 1 )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->X, buf + 1, plen ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->Y,
+ buf + 1 + plen, plen ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
+ }
+#endif
cleanup:
return( ret );
@@ -536,11 +860,16 @@
* opaque point <1..2^8-1>;
* } ECPoint;
*/
-int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
- const unsigned char **buf, size_t buf_len )
+int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *pt,
+ const unsigned char **buf, size_t buf_len )
{
unsigned char data_len;
const unsigned char *buf_start;
+ ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET( pt != NULL );
+ ECP_VALIDATE_RET( buf != NULL );
+ ECP_VALIDATE_RET( *buf != NULL );
/*
* We must have at least two bytes (1 for length, at least one for data)
@@ -558,7 +887,7 @@
buf_start = *buf;
*buf += data_len;
- return mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len );
+ return( mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len ) );
}
/*
@@ -572,6 +901,12 @@
unsigned char *buf, size_t blen )
{
int ret;
+ ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET( pt != NULL );
+ ECP_VALIDATE_RET( olen != NULL );
+ ECP_VALIDATE_RET( buf != NULL );
+ ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED ||
+ format == MBEDTLS_ECP_PF_COMPRESSED );
/*
* buffer length must be at least one, for our length byte
@@ -595,10 +930,33 @@
/*
* Set a group from an ECParameters record (RFC 4492)
*/
-int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len )
+int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
+ const unsigned char **buf, size_t len )
+{
+ int ret;
+ mbedtls_ecp_group_id grp_id;
+ ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET( buf != NULL );
+ ECP_VALIDATE_RET( *buf != NULL );
+
+ if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, len ) ) != 0 )
+ return( ret );
+
+ return( mbedtls_ecp_group_load( grp, grp_id ) );
+}
+
+/*
+ * Read a group id from an ECParameters record (RFC 4492) and convert it to
+ * mbedtls_ecp_group_id.
+ */
+int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp,
+ const unsigned char **buf, size_t len )
{
uint16_t tls_id;
const mbedtls_ecp_curve_info *curve_info;
+ ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET( buf != NULL );
+ ECP_VALIDATE_RET( *buf != NULL );
/*
* We expect at least three bytes (see below)
@@ -622,7 +980,9 @@
if( ( curve_info = mbedtls_ecp_curve_info_from_tls_id( tls_id ) ) == NULL )
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
- return mbedtls_ecp_group_load( grp, curve_info->grp_id );
+ *grp = curve_info->grp_id;
+
+ return( 0 );
}
/*
@@ -632,6 +992,9 @@
unsigned char *buf, size_t blen )
{
const mbedtls_ecp_curve_info *curve_info;
+ ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET( buf != NULL );
+ ECP_VALIDATE_RET( olen != NULL );
if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( grp->id ) ) == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
@@ -710,25 +1073,29 @@
#define INC_MUL_COUNT
#endif
-#define MOD_MUL( N ) do { MBEDTLS_MPI_CHK( ecp_modp( &N, grp ) ); INC_MUL_COUNT } \
- while( 0 )
+#define MOD_MUL( N ) \
+ do \
+ { \
+ MBEDTLS_MPI_CHK( ecp_modp( &(N), grp ) ); \
+ INC_MUL_COUNT \
+ } while( 0 )
/*
* Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_sub_mpi
* N->s < 0 is a very fast test, which fails only if N is 0
*/
-#define MOD_SUB( N ) \
- while( N.s < 0 && mbedtls_mpi_cmp_int( &N, 0 ) != 0 ) \
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &N, &N, &grp->P ) )
+#define MOD_SUB( N ) \
+ while( (N).s < 0 && mbedtls_mpi_cmp_int( &(N), 0 ) != 0 ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &(N), &(N), &grp->P ) )
/*
* Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_add_mpi and mbedtls_mpi_mul_int.
* We known P, N and the result are positive, so sub_abs is correct, and
* a bit faster.
*/
-#define MOD_ADD( N ) \
- while( mbedtls_mpi_cmp_mpi( &N, &grp->P ) >= 0 ) \
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &N, &N, &grp->P ) )
+#define MOD_ADD( N ) \
+ while( mbedtls_mpi_cmp_mpi( &(N), &grp->P ) >= 0 ) \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &(N), &(N), &grp->P ) )
#if defined(ECP_SHORTWEIERSTRASS)
/*
@@ -752,11 +1119,10 @@
return( 0 );
#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
- if ( mbedtls_internal_ecp_grp_capable( grp ) )
- {
- return mbedtls_internal_ecp_normalize_jac( grp, pt );
- }
+ if( mbedtls_internal_ecp_grp_capable( grp ) )
+ return( mbedtls_internal_ecp_normalize_jac( grp, pt ) );
#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */
+
mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi );
/*
@@ -796,32 +1162,33 @@
* Cost: 1N(t) := 1I + (6t - 3)M + 1S
*/
static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp,
- mbedtls_ecp_point *T[], size_t t_len )
+ mbedtls_ecp_point *T[], size_t T_size )
{
int ret;
size_t i;
mbedtls_mpi *c, u, Zi, ZZi;
- if( t_len < 2 )
+ if( T_size < 2 )
return( ecp_normalize_jac( grp, *T ) );
#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
- if ( mbedtls_internal_ecp_grp_capable( grp ) )
- {
- return mbedtls_internal_ecp_normalize_jac_many(grp, T, t_len);
- }
+ if( mbedtls_internal_ecp_grp_capable( grp ) )
+ return( mbedtls_internal_ecp_normalize_jac_many( grp, T, T_size ) );
#endif
- if( ( c = mbedtls_calloc( t_len, sizeof( mbedtls_mpi ) ) ) == NULL )
+ if( ( c = mbedtls_calloc( T_size, sizeof( mbedtls_mpi ) ) ) == NULL )
return( MBEDTLS_ERR_ECP_ALLOC_FAILED );
+ for( i = 0; i < T_size; i++ )
+ mbedtls_mpi_init( &c[i] );
+
mbedtls_mpi_init( &u ); mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi );
/*
* c[i] = Z_0 * ... * Z_i
*/
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &c[0], &T[0]->Z ) );
- for( i = 1; i < t_len; i++ )
+ for( i = 1; i < T_size; i++ )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &c[i], &c[i-1], &T[i]->Z ) );
MOD_MUL( c[i] );
@@ -830,9 +1197,9 @@
/*
* u = 1 / (Z_0 * ... * Z_n) mod P
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &u, &c[t_len-1], &grp->P ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &u, &c[T_size-1], &grp->P ) );
- for( i = t_len - 1; ; i-- )
+ for( i = T_size - 1; ; i-- )
{
/*
* Zi = 1 / Z_i mod p
@@ -872,7 +1239,7 @@
cleanup:
mbedtls_mpi_free( &u ); mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi );
- for( i = 0; i < t_len; i++ )
+ for( i = 0; i < T_size; i++ )
mbedtls_mpi_free( &c[i] );
mbedtls_free( c );
@@ -929,10 +1296,8 @@
#endif
#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
- if ( mbedtls_internal_ecp_grp_capable( grp ) )
- {
- return mbedtls_internal_ecp_double_jac( grp, R, P );
- }
+ if( mbedtls_internal_ecp_grp_capable( grp ) )
+ return( mbedtls_internal_ecp_double_jac( grp, R, P ) );
#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */
mbedtls_mpi_init( &M ); mbedtls_mpi_init( &S ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &U );
@@ -1027,10 +1392,8 @@
#endif
#if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
- if ( mbedtls_internal_ecp_grp_capable( grp ) )
- {
- return mbedtls_internal_ecp_add_mixed( grp, R, P, Q );
- }
+ if( mbedtls_internal_ecp_grp_capable( grp ) )
+ return( mbedtls_internal_ecp_add_mixed( grp, R, P, Q ) );
#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */
/*
@@ -1114,10 +1477,8 @@
int count = 0;
#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
- if ( mbedtls_internal_ecp_grp_capable( grp ) )
- {
- return mbedtls_internal_ecp_randomize_jac( grp, pt, f_rng, p_rng );
- }
+ if( mbedtls_internal_ecp_grp_capable( grp ) )
+ return( mbedtls_internal_ecp_randomize_jac( grp, pt, f_rng, p_rng ) );
#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */
p_size = ( grp->pbits + 7 ) / 8;
@@ -1173,11 +1534,38 @@
* modified version that provides resistance to SPA by avoiding zero
* digits in the representation as in [3]. We modify the method further by
* requiring that all K_i be odd, which has the small cost that our
- * representation uses one more K_i, due to carries.
+ * representation uses one more K_i, due to carries, but saves on the size of
+ * the precomputed table.
*
- * Also, for the sake of compactness, only the seven low-order bits of x[i]
- * are used to represent K_i, and the msb of x[i] encodes the the sign (s_i in
- * the paper): it is set if and only if if s_i == -1;
+ * Summary of the comb method and its modifications:
+ *
+ * - The goal is to compute m*P for some w*d-bit integer m.
+ *
+ * - The basic comb method splits m into the w-bit integers
+ * x[0] .. x[d-1] where x[i] consists of the bits in m whose
+ * index has residue i modulo d, and computes m * P as
+ * S[x[0]] + 2 * S[x[1]] + .. + 2^(d-1) S[x[d-1]], where
+ * S[i_{w-1} .. i_0] := i_{w-1} 2^{(w-1)d} P + ... + i_1 2^d P + i_0 P.
+ *
+ * - If it happens that, say, x[i+1]=0 (=> S[x[i+1]]=0), one can replace the sum by
+ * .. + 2^{i-1} S[x[i-1]] - 2^i S[x[i]] + 2^{i+1} S[x[i]] + 2^{i+2} S[x[i+2]] ..,
+ * thereby successively converting it into a form where all summands
+ * are nonzero, at the cost of negative summands. This is the basic idea of [3].
+ *
+ * - More generally, even if x[i+1] != 0, we can first transform the sum as
+ * .. - 2^i S[x[i]] + 2^{i+1} ( S[x[i]] + S[x[i+1]] ) + 2^{i+2} S[x[i+2]] ..,
+ * and then replace S[x[i]] + S[x[i+1]] = S[x[i] ^ x[i+1]] + 2 S[x[i] & x[i+1]].
+ * Performing and iterating this procedure for those x[i] that are even
+ * (keeping track of carry), we can transform the original sum into one of the form
+ * S[x'[0]] +- 2 S[x'[1]] +- .. +- 2^{d-1} S[x'[d-1]] + 2^d S[x'[d]]
+ * with all x'[i] odd. It is therefore only necessary to know S at odd indices,
+ * which is why we are only computing half of it in the first place in
+ * ecp_precompute_comb and accessing it with index abs(i) / 2 in ecp_select_comb.
+ *
+ * - For the sake of compactness, only the seven low-order bits of x[i]
+ * are used to represent its absolute value (K_i in the paper), and the msb
+ * of x[i] encodes the sign (s_i in the paper): it is set if and only if
+ * if s_i == -1;
*
* Calling conventions:
* - x is an array of size d + 1
@@ -1186,8 +1574,8 @@
* - m is the MPI, expected to be odd and such that bitlength(m) <= w * d
* (the result will be incorrect if these assumptions are not satisfied)
*/
-static void ecp_comb_fixed( unsigned char x[], size_t d,
- unsigned char w, const mbedtls_mpi *m )
+static void ecp_comb_recode_core( unsigned char x[], size_t d,
+ unsigned char w, const mbedtls_mpi *m )
{
size_t i, j;
unsigned char c, cc, adjust;
@@ -1217,70 +1605,178 @@
}
/*
- * Precompute points for the comb method
+ * Precompute points for the adapted comb method
*
- * If i = i_{w-1} ... i_1 is the binary representation of i, then
- * T[i] = i_{w-1} 2^{(w-1)d} P + ... + i_1 2^d P + P
+ * Assumption: T must be able to hold 2^{w - 1} elements.
*
- * T must be able to hold 2^{w - 1} elements
+ * Operation: If i = i_{w-1} ... i_1 is the binary representation of i,
+ * sets T[i] = i_{w-1} 2^{(w-1)d} P + ... + i_1 2^d P + P.
*
* Cost: d(w-1) D + (2^{w-1} - 1) A + 1 N(w-1) + 1 N(2^{w-1} - 1)
+ *
+ * Note: Even comb values (those where P would be omitted from the
+ * sum defining T[i] above) are not needed in our adaption
+ * the comb method. See ecp_comb_recode_core().
+ *
+ * This function currently works in four steps:
+ * (1) [dbl] Computation of intermediate T[i] for 2-power values of i
+ * (2) [norm_dbl] Normalization of coordinates of these T[i]
+ * (3) [add] Computation of all T[i]
+ * (4) [norm_add] Normalization of all T[i]
+ *
+ * Step 1 can be interrupted but not the others; together with the final
+ * coordinate normalization they are the largest steps done at once, depending
+ * on the window size. Here are operation counts for P-256:
+ *
+ * step (2) (3) (4)
+ * w = 5 142 165 208
+ * w = 4 136 77 160
+ * w = 3 130 33 136
+ * w = 2 124 11 124
+ *
+ * So if ECC operations are blocking for too long even with a low max_ops
+ * value, it's useful to set MBEDTLS_ECP_WINDOW_SIZE to a lower value in order
+ * to minimize maximum blocking time.
*/
static int ecp_precompute_comb( const mbedtls_ecp_group *grp,
mbedtls_ecp_point T[], const mbedtls_ecp_point *P,
- unsigned char w, size_t d )
+ unsigned char w, size_t d,
+ mbedtls_ecp_restart_ctx *rs_ctx )
{
int ret;
- unsigned char i, k;
- size_t j;
+ unsigned char i;
+ size_t j = 0;
+ const unsigned char T_size = 1U << ( w - 1 );
mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1];
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+ {
+ if( rs_ctx->rsm->state == ecp_rsm_pre_dbl )
+ goto dbl;
+ if( rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl )
+ goto norm_dbl;
+ if( rs_ctx->rsm->state == ecp_rsm_pre_add )
+ goto add;
+ if( rs_ctx->rsm->state == ecp_rsm_pre_norm_add )
+ goto norm_add;
+ }
+#else
+ (void) rs_ctx;
+#endif
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+ {
+ rs_ctx->rsm->state = ecp_rsm_pre_dbl;
+
+ /* initial state for the loop */
+ rs_ctx->rsm->i = 0;
+ }
+
+dbl:
+#endif
/*
* Set T[0] = P and
* T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value)
*/
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) );
- k = 0;
- for( i = 1; i < ( 1U << ( w - 1 ) ); i <<= 1 )
- {
- cur = T + i;
- MBEDTLS_MPI_CHK( mbedtls_ecp_copy( cur, T + ( i >> 1 ) ) );
- for( j = 0; j < d; j++ )
- MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 )
+ j = rs_ctx->rsm->i;
+ else
+#endif
+ j = 0;
- TT[k++] = cur;
+ for( ; j < d * ( w - 1 ); j++ )
+ {
+ MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL );
+
+ i = 1U << ( j / d );
+ cur = T + i;
+
+ if( j % d == 0 )
+ MBEDTLS_MPI_CHK( mbedtls_ecp_copy( cur, T + ( i >> 1 ) ) );
+
+ MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) );
}
- MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, k ) );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+ rs_ctx->rsm->state = ecp_rsm_pre_norm_dbl;
+norm_dbl:
+#endif
+ /*
+ * Normalize current elements in T. As T has holes,
+ * use an auxiliary array of pointers to elements in T.
+ */
+ j = 0;
+ for( i = 1; i < T_size; i <<= 1 )
+ TT[j++] = T + i;
+
+ MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 );
+
+ MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+ rs_ctx->rsm->state = ecp_rsm_pre_add;
+
+add:
+#endif
/*
* Compute the remaining ones using the minimal number of additions
* Be careful to update T[2^l] only after using it!
*/
- k = 0;
- for( i = 1; i < ( 1U << ( w - 1 ) ); i <<= 1 )
+ MBEDTLS_ECP_BUDGET( ( T_size - 1 ) * MBEDTLS_ECP_OPS_ADD );
+
+ for( i = 1; i < T_size; i <<= 1 )
{
j = i;
while( j-- )
- {
MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) );
- TT[k++] = &T[i + j];
- }
}
- MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, k ) );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+ rs_ctx->rsm->state = ecp_rsm_pre_norm_add;
+
+norm_add:
+#endif
+ /*
+ * Normalize final elements in T. Even though there are no holes now, we
+ * still need the auxiliary array for homogeneity with the previous
+ * call. Also, skip T[0] which is already normalised, being a copy of P.
+ */
+ for( j = 0; j + 1 < T_size; j++ )
+ TT[j] = T + j + 1;
+
+ MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 );
+
+ MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) );
cleanup:
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->rsm != NULL &&
+ ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ {
+ if( rs_ctx->rsm->state == ecp_rsm_pre_dbl )
+ rs_ctx->rsm->i = j;
+ }
+#endif
return( ret );
}
/*
* Select precomputed point: R = sign(i) * T[ abs(i) / 2 ]
+ *
+ * See ecp_comb_recode_core() for background
*/
static int ecp_select_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_ecp_point T[], unsigned char t_len,
+ const mbedtls_ecp_point T[], unsigned char T_size,
unsigned char i )
{
int ret;
@@ -1290,7 +1786,7 @@
ii = ( i & 0x7Fu ) >> 1;
/* Read the whole table to thwart cache-based timing attacks */
- for( j = 0; j < t_len; j++ )
+ for( j = 0; j < T_size; j++ )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->X, &T[j].X, j == ii ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->Y, &T[j].Y, j == ii ) );
@@ -1310,10 +1806,11 @@
* Cost: d A + d D + 1 R
*/
static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_ecp_point T[], unsigned char t_len,
+ const mbedtls_ecp_point T[], unsigned char T_size,
const unsigned char x[], size_t d,
int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+ void *p_rng,
+ mbedtls_ecp_restart_ctx *rs_ctx )
{
int ret;
mbedtls_ecp_point Txi;
@@ -1321,17 +1818,42 @@
mbedtls_ecp_point_init( &Txi );
- /* Start with a non-zero point and randomize its coordinates */
- i = d;
- MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, t_len, x[i] ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) );
- if( f_rng != 0 )
- MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) );
+#if !defined(MBEDTLS_ECP_RESTARTABLE)
+ (void) rs_ctx;
+#endif
- while( i-- != 0 )
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->rsm != NULL &&
+ rs_ctx->rsm->state != ecp_rsm_comb_core )
{
+ rs_ctx->rsm->i = 0;
+ rs_ctx->rsm->state = ecp_rsm_comb_core;
+ }
+
+ /* new 'if' instead of nested for the sake of the 'else' branch */
+ if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 )
+ {
+ /* restore current index (R already pointing to rs_ctx->rsm->R) */
+ i = rs_ctx->rsm->i;
+ }
+ else
+#endif
+ {
+ /* Start with a non-zero point and randomize its coordinates */
+ i = d;
+ MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) );
+ if( f_rng != 0 )
+ MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) );
+ }
+
+ while( i != 0 )
+ {
+ MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD );
+ --i;
+
MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R ) );
- MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, t_len, x[i] ) );
+ MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, T_size, x[i] ) );
MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi ) );
}
@@ -1339,32 +1861,130 @@
mbedtls_ecp_point_free( &Txi );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->rsm != NULL &&
+ ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ {
+ rs_ctx->rsm->i = i;
+ /* no need to save R, already pointing to rs_ctx->rsm->R */
+ }
+#endif
+
return( ret );
}
/*
- * Multiplication using the comb method,
- * for curves in short Weierstrass form
+ * Recode the scalar to get constant-time comb multiplication
+ *
+ * As the actual scalar recoding needs an odd scalar as a starting point,
+ * this wrapper ensures that by replacing m by N - m if necessary, and
+ * informs the caller that the result of multiplication will be negated.
+ *
+ * This works because we only support large prime order for Short Weierstrass
+ * curves, so N is always odd hence either m or N - m is.
+ *
+ * See ecp_comb_recode_core() for background.
*/
-static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
- const mbedtls_mpi *m, const mbedtls_ecp_point *P,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+static int ecp_comb_recode_scalar( const mbedtls_ecp_group *grp,
+ const mbedtls_mpi *m,
+ unsigned char k[COMB_MAX_D + 1],
+ size_t d,
+ unsigned char w,
+ unsigned char *parity_trick )
{
int ret;
- unsigned char w, m_is_odd, p_eq_g, pre_len, i;
- size_t d;
- unsigned char k[COMB_MAX_D + 1];
- mbedtls_ecp_point *T;
mbedtls_mpi M, mm;
mbedtls_mpi_init( &M );
mbedtls_mpi_init( &mm );
- /* we need N to be odd to trnaform m in an odd number, check now */
+ /* N is always odd (see above), just make extra sure */
if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ /* do we need the parity trick? */
+ *parity_trick = ( mbedtls_mpi_get_bit( m, 0 ) == 0 );
+
+ /* execute parity fix in constant time */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &M, m ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &M, &mm, *parity_trick ) );
+
+ /* actual scalar recoding */
+ ecp_comb_recode_core( k, d, w, &M );
+
+cleanup:
+ mbedtls_mpi_free( &mm );
+ mbedtls_mpi_free( &M );
+
+ return( ret );
+}
+
+/*
+ * Perform comb multiplication (for short Weierstrass curves)
+ * once the auxiliary table has been pre-computed.
+ *
+ * Scalar recoding may use a parity trick that makes us compute -m * P,
+ * if that is the case we'll need to recover m * P at the end.
+ */
+static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *R,
+ const mbedtls_mpi *m,
+ const mbedtls_ecp_point *T,
+ unsigned char T_size,
+ unsigned char w,
+ size_t d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_ecp_restart_ctx *rs_ctx )
+{
+ int ret;
+ unsigned char parity_trick;
+ unsigned char k[COMB_MAX_D + 1];
+ mbedtls_ecp_point *RR = R;
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+ {
+ RR = &rs_ctx->rsm->R;
+
+ if( rs_ctx->rsm->state == ecp_rsm_final_norm )
+ goto final_norm;
+ }
+#endif
+
+ MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w,
+ &parity_trick ) );
+ MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, T_size, k, d,
+ f_rng, p_rng, rs_ctx ) );
+ MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+ rs_ctx->rsm->state = ecp_rsm_final_norm;
+
+final_norm:
+#endif
+ MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV );
+ MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+ MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, RR ) );
+#endif
+
+cleanup:
+ return( ret );
+}
+
+/*
+ * Pick window size based on curve size and whether we optimize for base point
+ */
+static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp,
+ unsigned char p_eq_g )
+{
+ unsigned char w;
+
/*
* Minimize the number of multiplications, that is minimize
* 10 * d * w + 18 * 2^(w-1) + 11 * d + 7 * w, with d = ceil( nbits / w )
@@ -1377,14 +1997,8 @@
* Just adding one avoids upping the cost of the first mul too much,
* and the memory cost too.
*/
-#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
- p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
- mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 );
if( p_eq_g )
w++;
-#else
- p_eq_g = 0;
-#endif
/*
* Make sure w is within bounds.
@@ -1395,70 +2009,140 @@
if( w >= grp->nbits )
w = 2;
- /* Other sizes that depend on w */
- pre_len = 1U << ( w - 1 );
+ return( w );
+}
+
+/*
+ * Multiplication using the comb method - for curves in short Weierstrass form
+ *
+ * This function is mainly responsible for administrative work:
+ * - managing the restart context if enabled
+ * - managing the table of precomputed points (passed between the below two
+ * functions): allocation, computation, ownership tranfer, freeing.
+ *
+ * It delegates the actual arithmetic work to:
+ * ecp_precompute_comb() and ecp_mul_comb_with_precomp()
+ *
+ * See comments on ecp_comb_recode_core() regarding the computation strategy.
+ */
+static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ mbedtls_ecp_restart_ctx *rs_ctx )
+{
+ int ret;
+ unsigned char w, p_eq_g, i;
+ size_t d;
+ unsigned char T_size, T_ok;
+ mbedtls_ecp_point *T;
+
+ ECP_RS_ENTER( rsm );
+
+ /* Is P the base point ? */
+#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
+ p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
+ mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 );
+#else
+ p_eq_g = 0;
+#endif
+
+ /* Pick window size and deduce related sizes */
+ w = ecp_pick_window_size( grp, p_eq_g );
+ T_size = 1U << ( w - 1 );
d = ( grp->nbits + w - 1 ) / w;
- /*
- * Prepare precomputed points: if P == G we want to
- * use grp->T if already initialized, or initialize it.
- */
- T = p_eq_g ? grp->T : NULL;
-
- if( T == NULL )
+ /* Pre-computed table: do we have it already for the base point? */
+ if( p_eq_g && grp->T != NULL )
{
- T = mbedtls_calloc( pre_len, sizeof( mbedtls_ecp_point ) );
+ /* second pointer to the same table, will be deleted on exit */
+ T = grp->T;
+ T_ok = 1;
+ }
+ else
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ /* Pre-computed table: do we have one in progress? complete? */
+ if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL )
+ {
+ /* transfer ownership of T from rsm to local function */
+ T = rs_ctx->rsm->T;
+ rs_ctx->rsm->T = NULL;
+ rs_ctx->rsm->T_size = 0;
+
+ /* This effectively jumps to the call to mul_comb_after_precomp() */
+ T_ok = rs_ctx->rsm->state >= ecp_rsm_comb_core;
+ }
+ else
+#endif
+ /* Allocate table if we didn't have any */
+ {
+ T = mbedtls_calloc( T_size, sizeof( mbedtls_ecp_point ) );
if( T == NULL )
{
ret = MBEDTLS_ERR_ECP_ALLOC_FAILED;
goto cleanup;
}
- MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d ) );
+ for( i = 0; i < T_size; i++ )
+ mbedtls_ecp_point_init( &T[i] );
+
+ T_ok = 0;
+ }
+
+ /* Compute table (or finish computing it) if not done already */
+ if( !T_ok )
+ {
+ MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d, rs_ctx ) );
if( p_eq_g )
{
+ /* almost transfer ownership of T to the group, but keep a copy of
+ * the pointer to use for calling the next function more easily */
grp->T = T;
- grp->T_size = pre_len;
+ grp->T_size = T_size;
}
}
- /*
- * Make sure M is odd (M = m or M = N - m, since N is odd)
- * using the fact that m * P = - (N - m) * P
- */
- m_is_odd = ( mbedtls_mpi_get_bit( m, 0 ) == 1 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &M, m ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &M, &mm, ! m_is_odd ) );
-
- /*
- * Go for comb multiplication, R = M * P
- */
- ecp_comb_fixed( k, d, w, &M );
- MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, R, T, pre_len, k, d, f_rng, p_rng ) );
-
- /*
- * Now get m * P from M * P and normalize it
- */
- MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, ! m_is_odd ) );
- MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) );
+ /* Actual comb multiplication using precomputed points */
+ MBEDTLS_MPI_CHK( ecp_mul_comb_after_precomp( grp, R, m,
+ T, T_size, w, d,
+ f_rng, p_rng, rs_ctx ) );
cleanup:
- if( T != NULL && ! p_eq_g )
+ /* does T belong to the group? */
+ if( T == grp->T )
+ T = NULL;
+
+ /* does T belong to the restart context? */
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL )
{
- for( i = 0; i < pre_len; i++ )
+ /* transfer ownership of T from local function to rsm */
+ rs_ctx->rsm->T_size = T_size;
+ rs_ctx->rsm->T = T;
+ T = NULL;
+ }
+#endif
+
+ /* did T belong to us? then let's destroy it! */
+ if( T != NULL )
+ {
+ for( i = 0; i < T_size; i++ )
mbedtls_ecp_point_free( &T[i] );
mbedtls_free( T );
}
- mbedtls_mpi_free( &M );
- mbedtls_mpi_free( &mm );
-
+ /* don't free R while in progress in case R == P */
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
+#endif
+ /* prevent caller from using invalid value */
if( ret != 0 )
mbedtls_ecp_point_free( R );
+ ECP_RS_LEAVE( rsm );
+
return( ret );
}
@@ -1482,10 +2166,8 @@
int ret;
#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
- if ( mbedtls_internal_ecp_grp_capable( grp ) )
- {
- return mbedtls_internal_ecp_normalize_mxz( grp, P );
- }
+ if( mbedtls_internal_ecp_grp_capable( grp ) )
+ return( mbedtls_internal_ecp_normalize_mxz( grp, P ) );
#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &P->Z, &P->Z, &grp->P ) );
@@ -1513,10 +2195,8 @@
int count = 0;
#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
- if ( mbedtls_internal_ecp_grp_capable( grp ) )
- {
- return mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng );
- }
+ if( mbedtls_internal_ecp_grp_capable( grp ) )
+ return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng );
#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
p_size = ( grp->pbits + 7 ) / 8;
@@ -1568,10 +2248,8 @@
mbedtls_mpi A, AA, B, BB, E, C, D, DA, CB;
#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
- if ( mbedtls_internal_ecp_grp_capable( grp ) )
- {
- return mbedtls_internal_ecp_double_add_mxz( grp, R, S, P, Q, d );
- }
+ if( mbedtls_internal_ecp_grp_capable( grp ) )
+ return( mbedtls_internal_ecp_double_add_mxz( grp, R, S, P, Q, d ) );
#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */
mbedtls_mpi_init( &A ); mbedtls_mpi_init( &AA ); mbedtls_mpi_init( &B );
@@ -1668,52 +2346,83 @@
#endif /* ECP_MONTGOMERY */
/*
+ * Restartable multiplication R = m * P
+ */
+int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ mbedtls_ecp_restart_ctx *rs_ctx )
+{
+ int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+ char is_grp_capable = 0;
+#endif
+ ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET( R != NULL );
+ ECP_VALIDATE_RET( m != NULL );
+ ECP_VALIDATE_RET( P != NULL );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ /* reset ops count for this call if top-level */
+ if( rs_ctx != NULL && rs_ctx->depth++ == 0 )
+ rs_ctx->ops_done = 0;
+#endif
+
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+ if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) )
+ MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
+#endif /* MBEDTLS_ECP_INTERNAL_ALT */
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ /* skip argument check when restarting */
+ if( rs_ctx == NULL || rs_ctx->rsm == NULL )
+#endif
+ {
+ /* check_privkey is free */
+ MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_CHK );
+
+ /* Common sanity checks */
+ MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( grp, m ) );
+ MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
+ }
+
+ ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+#if defined(ECP_MONTGOMERY)
+ if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
+ MBEDTLS_MPI_CHK( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) );
+#endif
+#if defined(ECP_SHORTWEIERSTRASS)
+ if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
+ MBEDTLS_MPI_CHK( ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ) );
+#endif
+
+cleanup:
+
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+ if( is_grp_capable )
+ mbedtls_internal_ecp_free( grp );
+#endif /* MBEDTLS_ECP_INTERNAL_ALT */
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL )
+ rs_ctx->depth--;
+#endif
+
+ return( ret );
+}
+
+/*
* Multiplication R = m * P
*/
int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
- char is_grp_capable = 0;
-#endif
-
- /* Common sanity checks */
- if( mbedtls_mpi_cmp_int( &P->Z, 1 ) != 0 )
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
- if( ( ret = mbedtls_ecp_check_privkey( grp, m ) ) != 0 ||
- ( ret = mbedtls_ecp_check_pubkey( grp, P ) ) != 0 )
- return( ret );
-
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
- if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) )
- {
- MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
- }
-
-#endif /* MBEDTLS_ECP_INTERNAL_ALT */
-#if defined(ECP_MONTGOMERY)
- if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
- ret = ecp_mul_mxz( grp, R, m, P, f_rng, p_rng );
-
-#endif
-#if defined(ECP_SHORTWEIERSTRASS)
- if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
- ret = ecp_mul_comb( grp, R, m, P, f_rng, p_rng );
-
-#endif
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-cleanup:
-
- if ( is_grp_capable )
- {
- mbedtls_internal_ecp_free( grp );
- }
-
-#endif /* MBEDTLS_ECP_INTERNAL_ALT */
- return( ret );
+ ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET( R != NULL );
+ ECP_VALIDATE_RET( m != NULL );
+ ECP_VALIDATE_RET( P != NULL );
+ return( mbedtls_ecp_mul_restartable( grp, R, m, P, f_rng, p_rng, NULL ) );
}
#if defined(ECP_SHORTWEIERSTRASS)
@@ -1773,7 +2482,8 @@
static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
mbedtls_ecp_point *R,
const mbedtls_mpi *m,
- const mbedtls_ecp_point *P )
+ const mbedtls_ecp_point *P,
+ mbedtls_ecp_restart_ctx *rs_ctx )
{
int ret;
@@ -1789,7 +2499,8 @@
}
else
{
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, R, m, P,
+ NULL, NULL, rs_ctx ) );
}
cleanup:
@@ -1797,6 +2508,103 @@
}
/*
+ * Restartable linear combination
+ * NOT constant-time
+ */
+int mbedtls_ecp_muladd_restartable(
+ mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+ const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+ const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
+ mbedtls_ecp_restart_ctx *rs_ctx )
+{
+ int ret;
+ mbedtls_ecp_point mP;
+ mbedtls_ecp_point *pmP = &mP;
+ mbedtls_ecp_point *pR = R;
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+ char is_grp_capable = 0;
+#endif
+ ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET( R != NULL );
+ ECP_VALIDATE_RET( m != NULL );
+ ECP_VALIDATE_RET( P != NULL );
+ ECP_VALIDATE_RET( n != NULL );
+ ECP_VALIDATE_RET( Q != NULL );
+
+ if( mbedtls_ecp_get_type( grp ) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
+ return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+
+ mbedtls_ecp_point_init( &mP );
+
+ ECP_RS_ENTER( ma );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->ma != NULL )
+ {
+ /* redirect intermediate results to restart context */
+ pmP = &rs_ctx->ma->mP;
+ pR = &rs_ctx->ma->R;
+
+ /* jump to next operation */
+ if( rs_ctx->ma->state == ecp_rsma_mul2 )
+ goto mul2;
+ if( rs_ctx->ma->state == ecp_rsma_add )
+ goto add;
+ if( rs_ctx->ma->state == ecp_rsma_norm )
+ goto norm;
+ }
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+ MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pmP, m, P, rs_ctx ) );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->ma != NULL )
+ rs_ctx->ma->state = ecp_rsma_mul2;
+
+mul2:
+#endif
+ MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pR, n, Q, rs_ctx ) );
+
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+ if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) )
+ MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
+#endif /* MBEDTLS_ECP_INTERNAL_ALT */
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->ma != NULL )
+ rs_ctx->ma->state = ecp_rsma_add;
+
+add:
+#endif
+ MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_ADD );
+ MBEDTLS_MPI_CHK( ecp_add_mixed( grp, pR, pmP, pR ) );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->ma != NULL )
+ rs_ctx->ma->state = ecp_rsma_norm;
+
+norm:
+#endif
+ MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV );
+ MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, pR ) );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && rs_ctx->ma != NULL )
+ MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, pR ) );
+#endif
+
+cleanup:
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+ if( is_grp_capable )
+ mbedtls_internal_ecp_free( grp );
+#endif /* MBEDTLS_ECP_INTERNAL_ALT */
+
+ mbedtls_ecp_point_free( &mP );
+
+ ECP_RS_LEAVE( ma );
+
+ return( ret );
+}
+
+/*
* Linear combination
* NOT constant-time
*/
@@ -1804,45 +2612,15 @@
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
const mbedtls_mpi *n, const mbedtls_ecp_point *Q )
{
- int ret;
- mbedtls_ecp_point mP;
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
- char is_grp_capable = 0;
-#endif
-
- if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS )
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-
- mbedtls_ecp_point_init( &mP );
-
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, &mP, m, P ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R, n, Q ) );
-
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
- if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) )
- {
- MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
- }
-
-#endif /* MBEDTLS_ECP_INTERNAL_ALT */
- MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, &mP, R ) );
- MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) );
-
-cleanup:
-
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
- if ( is_grp_capable )
- {
- mbedtls_internal_ecp_free( grp );
- }
-
-#endif /* MBEDTLS_ECP_INTERNAL_ALT */
- mbedtls_ecp_point_free( &mP );
-
- return( ret );
+ ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET( R != NULL );
+ ECP_VALIDATE_RET( m != NULL );
+ ECP_VALIDATE_RET( P != NULL );
+ ECP_VALIDATE_RET( n != NULL );
+ ECP_VALIDATE_RET( Q != NULL );
+ return( mbedtls_ecp_muladd_restartable( grp, R, m, P, n, Q, NULL ) );
}
-
#if defined(ECP_MONTGOMERY)
/*
* Check validity of a public key for Montgomery curves with x-only schemes
@@ -1862,18 +2640,22 @@
/*
* Check that a point is valid as a public key
*/
-int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
+int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
+ const mbedtls_ecp_point *pt )
{
+ ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET( pt != NULL );
+
/* Must use affine coordinates */
if( mbedtls_mpi_cmp_int( &pt->Z, 1 ) != 0 )
return( MBEDTLS_ERR_ECP_INVALID_KEY );
#if defined(ECP_MONTGOMERY)
- if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
+ if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
return( ecp_check_pubkey_mx( grp, pt ) );
#endif
#if defined(ECP_SHORTWEIERSTRASS)
- if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
+ if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
return( ecp_check_pubkey_sw( grp, pt ) );
#endif
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
@@ -1882,17 +2664,20 @@
/*
* Check that an mbedtls_mpi is valid as a private key
*/
-int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d )
+int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
+ const mbedtls_mpi *d )
{
+ ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET( d != NULL );
+
#if defined(ECP_MONTGOMERY)
- if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
+ if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
{
/* see RFC 7748 sec. 5 para. 5 */
if( mbedtls_mpi_get_bit( d, 0 ) != 0 ||
mbedtls_mpi_get_bit( d, 1 ) != 0 ||
mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */
return( MBEDTLS_ERR_ECP_INVALID_KEY );
- else
/* see [Curve25519] page 5 */
if( grp->nbits == 254 && mbedtls_mpi_get_bit( d, 2 ) != 0 )
@@ -1902,7 +2687,7 @@
}
#endif /* ECP_MONTGOMERY */
#if defined(ECP_SHORTWEIERSTRASS)
- if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
+ if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
{
/* see SEC1 3.2 */
if( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
@@ -1917,19 +2702,24 @@
}
/*
- * Generate a keypair with configurable base point
+ * Generate a private key
*/
-int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
- const mbedtls_ecp_point *G,
- mbedtls_mpi *d, mbedtls_ecp_point *Q,
+int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
+ mbedtls_mpi *d,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- int ret;
- size_t n_size = ( grp->nbits + 7 ) / 8;
+ int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ size_t n_size;
+
+ ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET( d != NULL );
+ ECP_VALIDATE_RET( f_rng != NULL );
+
+ n_size = ( grp->nbits + 7 ) / 8;
#if defined(ECP_MONTGOMERY)
- if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
+ if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
{
/* [M225] page 5 */
size_t b;
@@ -1954,10 +2744,10 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
}
}
- else
#endif /* ECP_MONTGOMERY */
+
#if defined(ECP_SHORTWEIERSTRASS)
- if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
+ if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
{
/* SEC1 3.2.1: Generate d such that 1 <= n < N */
int count = 0;
@@ -1989,15 +2779,33 @@
while( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 );
}
- else
#endif /* ECP_SHORTWEIERSTRASS */
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
cleanup:
- if( ret != 0 )
- return( ret );
+ return( ret );
+}
- return( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) );
+/*
+ * Generate a keypair with configurable base point
+ */
+int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
+ const mbedtls_ecp_point *G,
+ mbedtls_mpi *d, mbedtls_ecp_point *Q,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret;
+ ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET( d != NULL );
+ ECP_VALIDATE_RET( G != NULL );
+ ECP_VALIDATE_RET( Q != NULL );
+ ECP_VALIDATE_RET( f_rng != NULL );
+
+ MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) );
+
+cleanup:
+ return( ret );
}
/*
@@ -2008,6 +2816,11 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
+ ECP_VALIDATE_RET( grp != NULL );
+ ECP_VALIDATE_RET( d != NULL );
+ ECP_VALIDATE_RET( Q != NULL );
+ ECP_VALIDATE_RET( f_rng != NULL );
+
return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) );
}
@@ -2018,6 +2831,8 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret;
+ ECP_VALIDATE_RET( key != NULL );
+ ECP_VALIDATE_RET( f_rng != NULL );
if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
return( ret );
@@ -2025,6 +2840,75 @@
return( mbedtls_ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) );
}
+#define ECP_CURVE25519_KEY_SIZE 32
+/*
+ * Read a private key.
+ */
+int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
+ const unsigned char *buf, size_t buflen )
+{
+ int ret = 0;
+
+ ECP_VALIDATE_RET( key != NULL );
+ ECP_VALIDATE_RET( buf != NULL );
+
+ if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
+ return( ret );
+
+ ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+
+#if defined(ECP_MONTGOMERY)
+ if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
+ {
+ /*
+ * If it is Curve25519 curve then mask the key as mandated by RFC7748
+ */
+ if( grp_id == MBEDTLS_ECP_DP_CURVE25519 )
+ {
+ if( buflen != ECP_CURVE25519_KEY_SIZE )
+ return MBEDTLS_ERR_ECP_INVALID_KEY;
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &key->d, buf, buflen ) );
+
+ /* Set the three least significant bits to 0 */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 0, 0 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 1, 0 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 2, 0 ) );
+
+ /* Set the most significant bit to 0 */
+ MBEDTLS_MPI_CHK(
+ mbedtls_mpi_set_bit( &key->d,
+ ECP_CURVE25519_KEY_SIZE * 8 - 1, 0 )
+ );
+
+ /* Set the second most significant bit to 1 */
+ MBEDTLS_MPI_CHK(
+ mbedtls_mpi_set_bit( &key->d,
+ ECP_CURVE25519_KEY_SIZE * 8 - 2, 1 )
+ );
+ }
+ else
+ ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+ }
+
+#endif
+#if defined(ECP_SHORTWEIERSTRASS)
+ if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
+ {
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &key->d, buf, buflen ) );
+
+ MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( &key->grp, &key->d ) );
+ }
+
+#endif
+cleanup:
+
+ if( ret != 0 )
+ mbedtls_mpi_free( &key->d );
+
+ return( ret );
+}
+
/*
* Check a public-private key pair
*/
@@ -2033,6 +2917,8 @@
int ret;
mbedtls_ecp_point Q;
mbedtls_ecp_group grp;
+ ECP_VALIDATE_RET( pub != NULL );
+ ECP_VALIDATE_RET( prv != NULL );
if( pub->grp.id == MBEDTLS_ECP_DP_NONE ||
pub->grp.id != prv->grp.id ||
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 68e2441..282481d 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -28,11 +28,18 @@
#if defined(MBEDTLS_ECP_C)
#include "mbedtls/ecp.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
#if !defined(MBEDTLS_ECP_ALT)
+/* Parameter validation macros based on platform_util.h */
+#define ECP_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
+#define ECP_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
@@ -44,11 +51,11 @@
*/
#if defined(MBEDTLS_HAVE_INT32)
-#define BYTES_TO_T_UINT_4( a, b, c, d ) \
- ( (mbedtls_mpi_uint) a << 0 ) | \
- ( (mbedtls_mpi_uint) b << 8 ) | \
- ( (mbedtls_mpi_uint) c << 16 ) | \
- ( (mbedtls_mpi_uint) d << 24 )
+#define BYTES_TO_T_UINT_4( a, b, c, d ) \
+ ( (mbedtls_mpi_uint) (a) << 0 ) | \
+ ( (mbedtls_mpi_uint) (b) << 8 ) | \
+ ( (mbedtls_mpi_uint) (c) << 16 ) | \
+ ( (mbedtls_mpi_uint) (d) << 24 )
#define BYTES_TO_T_UINT_2( a, b ) \
BYTES_TO_T_UINT_4( a, b, 0, 0 )
@@ -60,14 +67,14 @@
#else /* 64-bits */
#define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
- ( (mbedtls_mpi_uint) a << 0 ) | \
- ( (mbedtls_mpi_uint) b << 8 ) | \
- ( (mbedtls_mpi_uint) c << 16 ) | \
- ( (mbedtls_mpi_uint) d << 24 ) | \
- ( (mbedtls_mpi_uint) e << 32 ) | \
- ( (mbedtls_mpi_uint) f << 40 ) | \
- ( (mbedtls_mpi_uint) g << 48 ) | \
- ( (mbedtls_mpi_uint) h << 56 )
+ ( (mbedtls_mpi_uint) (a) << 0 ) | \
+ ( (mbedtls_mpi_uint) (b) << 8 ) | \
+ ( (mbedtls_mpi_uint) (c) << 16 ) | \
+ ( (mbedtls_mpi_uint) (d) << 24 ) | \
+ ( (mbedtls_mpi_uint) (e) << 32 ) | \
+ ( (mbedtls_mpi_uint) (f) << 40 ) | \
+ ( (mbedtls_mpi_uint) (g) << 48 ) | \
+ ( (mbedtls_mpi_uint) (h) << 56 )
#define BYTES_TO_T_UINT_4( a, b, c, d ) \
BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 )
@@ -746,6 +753,7 @@
*/
int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
{
+ ECP_VALIDATE_RET( grp != NULL );
mbedtls_ecp_group_free( grp );
grp->id = id;
@@ -882,7 +890,7 @@
}
#define WIDTH 8 / sizeof( mbedtls_mpi_uint )
-#define A( i ) N->p + i * WIDTH
+#define A( i ) N->p + (i) * WIDTH
#define ADD( i ) add64( p, A( i ), &c )
#define NEXT p += WIDTH; carry64( p, &c )
#define LAST p += WIDTH; *p = c; while( ++p < end ) *p = 0
@@ -947,7 +955,8 @@
#else /* 64-bit */
#define MAX32 N->n * 2
-#define A( j ) j % 2 ? (uint32_t)( N->p[j/2] >> 32 ) : (uint32_t)( N->p[j/2] )
+#define A( j ) (j) % 2 ? (uint32_t)( N->p[(j)/2] >> 32 ) : \
+ (uint32_t)( N->p[(j)/2] )
#define STORE32 \
if( i % 2 ) { \
N->p[i/2] &= 0x00000000FFFFFFFF; \
@@ -981,20 +990,21 @@
* Helpers for the main 'loop'
* (see fix_negative for the motivation of C)
*/
-#define INIT( b ) \
- int ret; \
- signed char c = 0, cc; \
- uint32_t cur; \
- size_t i = 0, bits = b; \
- mbedtls_mpi C; \
- mbedtls_mpi_uint Cp[ b / 8 / sizeof( mbedtls_mpi_uint) + 1 ]; \
- \
- C.s = 1; \
- C.n = b / 8 / sizeof( mbedtls_mpi_uint) + 1; \
- C.p = Cp; \
- memset( Cp, 0, C.n * sizeof( mbedtls_mpi_uint ) ); \
- \
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, b * 2 / 8 / sizeof( mbedtls_mpi_uint ) ) ); \
+#define INIT( b ) \
+ int ret; \
+ signed char c = 0, cc; \
+ uint32_t cur; \
+ size_t i = 0, bits = (b); \
+ mbedtls_mpi C; \
+ mbedtls_mpi_uint Cp[ (b) / 8 / sizeof( mbedtls_mpi_uint) + 1 ]; \
+ \
+ C.s = 1; \
+ C.n = (b) / 8 / sizeof( mbedtls_mpi_uint) + 1; \
+ C.p = Cp; \
+ memset( Cp, 0, C.n * sizeof( mbedtls_mpi_uint ) ); \
+ \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, (b) * 2 / 8 / \
+ sizeof( mbedtls_mpi_uint ) ) ); \
LOAD32;
#define NEXT \
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index 040aa11..4556f88 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -99,6 +99,7 @@
#include <sys/syscall.h>
#if defined(SYS_getrandom)
#define HAVE_GETRANDOM
+#include <errno.h>
static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
{
@@ -108,47 +109,8 @@
memset( buf, 0, buflen );
#endif
#endif
-
return( syscall( SYS_getrandom, buf, buflen, flags ) );
}
-
-#include <sys/utsname.h>
-/* Check if version is at least 3.17.0 */
-static int check_version_3_17_plus( void )
-{
- int minor;
- struct utsname un;
- const char *ver;
-
- /* Get version information */
- uname(&un);
- ver = un.release;
-
- /* Check major version; assume a single digit */
- if( ver[0] < '3' || ver[0] > '9' || ver [1] != '.' )
- return( -1 );
-
- if( ver[0] - '0' > 3 )
- return( 0 );
-
- /* Ok, so now we know major == 3, check minor.
- * Assume 1 or 2 digits. */
- if( ver[2] < '0' || ver[2] > '9' )
- return( -1 );
-
- minor = ver[2] - '0';
-
- if( ver[3] >= '0' && ver[3] <= '9' )
- minor = 10 * minor + ver[3] - '0';
- else if( ver [3] != '.' )
- return( -1 );
-
- if( minor < 17 )
- return( -1 );
-
- return( 0 );
-}
-static int has_getrandom = -1;
#endif /* SYS_getrandom */
#endif /* __linux__ */
@@ -159,22 +121,21 @@
{
FILE *file;
size_t read_len;
+ int ret;
((void) data);
#if defined(HAVE_GETRANDOM)
- if( has_getrandom == -1 )
- has_getrandom = ( check_version_3_17_plus() == 0 );
-
- if( has_getrandom )
+ ret = getrandom_wrapper( output, len, 0 );
+ if( ret >= 0 )
{
- int ret;
-
- if( ( ret = getrandom_wrapper( output, len, 0 ) ) < 0 )
- return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-
*olen = ret;
return( 0 );
}
+ else if( errno != ENOSYS )
+ return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ /* Fall through if the system call isn't known. */
+#else
+ ((void) ret);
#endif /* HAVE_GETRANDOM */
*olen = 0;
diff --git a/library/error.c b/library/error.c
index 774244b..e401a84 100644
--- a/library/error.c
+++ b/library/error.c
@@ -137,10 +137,6 @@
#include "mbedtls/md5.h"
#endif
-#if defined(MBEDTLS_NET_C)
-#include "mbedtls/net_sockets.h"
-#endif
-
#if defined(MBEDTLS_OID_C)
#include "mbedtls/oid.h"
#endif
@@ -165,6 +161,10 @@
#include "mbedtls/pkcs5.h"
#endif
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#endif
+
#if defined(MBEDTLS_POLY1305_C)
#include "mbedtls/poly1305.h"
#endif
@@ -189,22 +189,26 @@
#include "mbedtls/sha512.h"
#endif
-#if defined(MBEDTLS_SSL_TLS_C)
-#include "mbedtls/ssl.h"
-#endif
-
#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
#endif
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
-#include "mbedtls/x509.h"
-#endif
-
#if defined(MBEDTLS_XTEA_C)
#include "mbedtls/xtea.h"
#endif
+#if defined(MBEDTLS_NET_C)
+#include "mbedtls/net_sockets.h"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C)
+#include "mbedtls/ssl.h"
+#endif
+
+#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
+#include "mbedtls/x509.h"
+#endif
+
void mbedtls_strerror( int ret, char *buf, size_t buflen )
{
@@ -289,6 +293,8 @@
mbedtls_snprintf( buf, buflen, "ECP - The buffer contains a valid signature followed by more data" );
if( use_ret == -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "ECP - The ECP hardware accelerator failed" );
+ if( use_ret == -(MBEDTLS_ERR_ECP_IN_PROGRESS) )
+ mbedtls_snprintf( buf, buflen, "ECP - Operation in progress, call again with the same parameters to continue" );
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_MD_C)
@@ -515,6 +521,12 @@
mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that further message-processing should be done" );
if( use_ret == -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) )
mbedtls_snprintf( buf, buflen, "SSL - The asynchronous operation is not completed yet" );
+ if( use_ret == -(MBEDTLS_ERR_SSL_EARLY_MESSAGE) )
+ mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that a message arrived early" );
+ if( use_ret == -(MBEDTLS_ERR_SSL_UNEXPECTED_CID) )
+ mbedtls_snprintf( buf, buflen, "SSL - An encrypted DTLS-frame with an unexpected CID was received" );
+ if( use_ret == -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) )
+ mbedtls_snprintf( buf, buflen, "SSL - A cryptographic operation is in progress. Try again later" );
#endif /* MBEDTLS_SSL_TLS_C */
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
@@ -557,7 +569,7 @@
if( use_ret == -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL) )
mbedtls_snprintf( buf, buflen, "X509 - Destination buffer is too small" );
if( use_ret == -(MBEDTLS_ERR_X509_FATAL_ERROR) )
- mbedtls_snprintf( buf, buflen, "X509 - A fatal error occured, eg the chain is too long or the vrfy callback failed" );
+ mbedtls_snprintf( buf, buflen, "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed" );
#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
// END generated code
@@ -608,8 +620,8 @@
#endif /* MBEDTLS_ARC4_C */
#if defined(MBEDTLS_ARIA_C)
- if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH) )
- mbedtls_snprintf( buf, buflen, "ARIA - Invalid key length" );
+ if( use_ret == -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA) )
+ mbedtls_snprintf( buf, buflen, "ARIA - Bad input data" );
if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH) )
mbedtls_snprintf( buf, buflen, "ARIA - Invalid data input length" );
if( use_ret == -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE) )
@@ -662,17 +674,17 @@
#endif /* MBEDTLS_BIGNUM_C */
#if defined(MBEDTLS_BLOWFISH_C)
- if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH) )
- mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid key length" );
- if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) )
- mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" );
+ if( use_ret == -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA) )
+ mbedtls_snprintf( buf, buflen, "BLOWFISH - Bad input data" );
if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH) )
mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" );
+ if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) )
+ mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" );
#endif /* MBEDTLS_BLOWFISH_C */
#if defined(MBEDTLS_CAMELLIA_C)
- if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH) )
- mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid key length" );
+ if( use_ret == -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA) )
+ mbedtls_snprintf( buf, buflen, "CAMELLIA - Bad input data" );
if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH) )
mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" );
if( use_ret == -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED) )
@@ -780,6 +792,76 @@
mbedtls_snprintf( buf, buflen, "MD5 - MD5 hardware accelerator failed" );
#endif /* MBEDTLS_MD5_C */
+#if defined(MBEDTLS_OID_C)
+ if( use_ret == -(MBEDTLS_ERR_OID_NOT_FOUND) )
+ mbedtls_snprintf( buf, buflen, "OID - OID is not found" );
+ if( use_ret == -(MBEDTLS_ERR_OID_BUF_TOO_SMALL) )
+ mbedtls_snprintf( buf, buflen, "OID - output buffer is too small" );
+#endif /* MBEDTLS_OID_C */
+
+#if defined(MBEDTLS_PADLOCK_C)
+ if( use_ret == -(MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED) )
+ mbedtls_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" );
+#endif /* MBEDTLS_PADLOCK_C */
+
+#if defined(MBEDTLS_PLATFORM_C)
+ if( use_ret == -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED) )
+ mbedtls_snprintf( buf, buflen, "PLATFORM - Hardware accelerator failed" );
+ if( use_ret == -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) )
+ mbedtls_snprintf( buf, buflen, "PLATFORM - The requested feature is not supported by the platform" );
+#endif /* MBEDTLS_PLATFORM_C */
+
+#if defined(MBEDTLS_POLY1305_C)
+ if( use_ret == -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA) )
+ mbedtls_snprintf( buf, buflen, "POLY1305 - Invalid input parameter(s)" );
+ if( use_ret == -(MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE) )
+ mbedtls_snprintf( buf, buflen, "POLY1305 - Feature not available. For example, s part of the API is not implemented" );
+ if( use_ret == -(MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED) )
+ mbedtls_snprintf( buf, buflen, "POLY1305 - Poly1305 hardware accelerator failed" );
+#endif /* MBEDTLS_POLY1305_C */
+
+#if defined(MBEDTLS_RIPEMD160_C)
+ if( use_ret == -(MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED) )
+ mbedtls_snprintf( buf, buflen, "RIPEMD160 - RIPEMD160 hardware accelerator failed" );
+#endif /* MBEDTLS_RIPEMD160_C */
+
+#if defined(MBEDTLS_SHA1_C)
+ if( use_ret == -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED) )
+ mbedtls_snprintf( buf, buflen, "SHA1 - SHA-1 hardware accelerator failed" );
+ if( use_ret == -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA) )
+ mbedtls_snprintf( buf, buflen, "SHA1 - SHA-1 input data was malformed" );
+#endif /* MBEDTLS_SHA1_C */
+
+#if defined(MBEDTLS_SHA256_C)
+ if( use_ret == -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED) )
+ mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 hardware accelerator failed" );
+ if( use_ret == -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA) )
+ mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 input data was malformed" );
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+ if( use_ret == -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED) )
+ mbedtls_snprintf( buf, buflen, "SHA512 - SHA-512 hardware accelerator failed" );
+ if( use_ret == -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA) )
+ mbedtls_snprintf( buf, buflen, "SHA512 - SHA-512 input data was malformed" );
+#endif /* MBEDTLS_SHA512_C */
+
+#if defined(MBEDTLS_THREADING_C)
+ if( use_ret == -(MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE) )
+ mbedtls_snprintf( buf, buflen, "THREADING - The selected feature is not available" );
+ if( use_ret == -(MBEDTLS_ERR_THREADING_BAD_INPUT_DATA) )
+ mbedtls_snprintf( buf, buflen, "THREADING - Bad input parameters to function" );
+ if( use_ret == -(MBEDTLS_ERR_THREADING_MUTEX_ERROR) )
+ mbedtls_snprintf( buf, buflen, "THREADING - Locking / unlocking / free failed with error code" );
+#endif /* MBEDTLS_THREADING_C */
+
+#if defined(MBEDTLS_XTEA_C)
+ if( use_ret == -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH) )
+ mbedtls_snprintf( buf, buflen, "XTEA - The data input has an invalid length" );
+ if( use_ret == -(MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED) )
+ mbedtls_snprintf( buf, buflen, "XTEA - XTEA hardware accelerator failed" );
+#endif /* MBEDTLS_XTEA_C */
+
#if defined(MBEDTLS_NET_C)
if( use_ret == -(MBEDTLS_ERR_NET_SOCKET_FAILED) )
mbedtls_snprintf( buf, buflen, "NET - Failed to open a socket" );
@@ -808,63 +890,6 @@
if( use_ret == -(MBEDTLS_ERR_NET_BAD_INPUT_DATA) )
mbedtls_snprintf( buf, buflen, "NET - Input invalid" );
#endif /* MBEDTLS_NET_C */
-
-#if defined(MBEDTLS_OID_C)
- if( use_ret == -(MBEDTLS_ERR_OID_NOT_FOUND) )
- mbedtls_snprintf( buf, buflen, "OID - OID is not found" );
- if( use_ret == -(MBEDTLS_ERR_OID_BUF_TOO_SMALL) )
- mbedtls_snprintf( buf, buflen, "OID - output buffer is too small" );
-#endif /* MBEDTLS_OID_C */
-
-#if defined(MBEDTLS_PADLOCK_C)
- if( use_ret == -(MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED) )
- mbedtls_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" );
-#endif /* MBEDTLS_PADLOCK_C */
-
-#if defined(MBEDTLS_POLY1305_C)
- if( use_ret == -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA) )
- mbedtls_snprintf( buf, buflen, "POLY1305 - Invalid input parameter(s)" );
- if( use_ret == -(MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE) )
- mbedtls_snprintf( buf, buflen, "POLY1305 - Feature not available. For example, s part of the API is not implemented" );
- if( use_ret == -(MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED) )
- mbedtls_snprintf( buf, buflen, "POLY1305 - Poly1305 hardware accelerator failed" );
-#endif /* MBEDTLS_POLY1305_C */
-
-#if defined(MBEDTLS_RIPEMD160_C)
- if( use_ret == -(MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED) )
- mbedtls_snprintf( buf, buflen, "RIPEMD160 - RIPEMD160 hardware accelerator failed" );
-#endif /* MBEDTLS_RIPEMD160_C */
-
-#if defined(MBEDTLS_SHA1_C)
- if( use_ret == -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED) )
- mbedtls_snprintf( buf, buflen, "SHA1 - SHA-1 hardware accelerator failed" );
-#endif /* MBEDTLS_SHA1_C */
-
-#if defined(MBEDTLS_SHA256_C)
- if( use_ret == -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED) )
- mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 hardware accelerator failed" );
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
- if( use_ret == -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED) )
- mbedtls_snprintf( buf, buflen, "SHA512 - SHA-512 hardware accelerator failed" );
-#endif /* MBEDTLS_SHA512_C */
-
-#if defined(MBEDTLS_THREADING_C)
- if( use_ret == -(MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE) )
- mbedtls_snprintf( buf, buflen, "THREADING - The selected feature is not available" );
- if( use_ret == -(MBEDTLS_ERR_THREADING_BAD_INPUT_DATA) )
- mbedtls_snprintf( buf, buflen, "THREADING - Bad input parameters to function" );
- if( use_ret == -(MBEDTLS_ERR_THREADING_MUTEX_ERROR) )
- mbedtls_snprintf( buf, buflen, "THREADING - Locking / unlocking / free failed with error code" );
-#endif /* MBEDTLS_THREADING_C */
-
-#if defined(MBEDTLS_XTEA_C)
- if( use_ret == -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH) )
- mbedtls_snprintf( buf, buflen, "XTEA - The data input has an invalid length" );
- if( use_ret == -(MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED) )
- mbedtls_snprintf( buf, buflen, "XTEA - XTEA hardware accelerator failed" );
-#endif /* MBEDTLS_XTEA_C */
// END generated code
if( strlen( buf ) != 0 )
diff --git a/library/gcm.c b/library/gcm.c
index 57b0279..5121a7a 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -48,9 +48,8 @@
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
#include "mbedtls/aes.h"
-#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
-#else
+#if !defined(MBEDTLS_PLATFORM_C)
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
@@ -58,6 +57,12 @@
#if !defined(MBEDTLS_GCM_ALT)
+/* Parameter validation macros */
+#define GCM_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_GCM_BAD_INPUT )
+#define GCM_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
/*
* 32-bit integer manipulation macros (big endian)
*/
@@ -86,6 +91,7 @@
*/
void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
{
+ GCM_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_gcm_context ) );
}
@@ -165,7 +171,12 @@
int ret;
const mbedtls_cipher_info_t *cipher_info;
- cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB );
+ GCM_VALIDATE_RET( ctx != NULL );
+ GCM_VALIDATE_RET( key != NULL );
+ GCM_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 );
+
+ cipher_info = mbedtls_cipher_info_from_values( cipher, keybits,
+ MBEDTLS_MODE_ECB );
if( cipher_info == NULL )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
@@ -275,6 +286,10 @@
const unsigned char *p;
size_t use_len, olen = 0;
+ GCM_VALIDATE_RET( ctx != NULL );
+ GCM_VALIDATE_RET( iv != NULL );
+ GCM_VALIDATE_RET( add_len == 0 || add != NULL );
+
/* IV and AD are limited to 2^64 bits, so 2^61 bytes */
/* IV is not allowed to be zero length */
if( iv_len == 0 ||
@@ -321,8 +336,8 @@
gcm_mult( ctx, ctx->y, ctx->y );
}
- if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr,
- &olen ) ) != 0 )
+ if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16,
+ ctx->base_ectr, &olen ) ) != 0 )
{
return( ret );
}
@@ -357,6 +372,10 @@
unsigned char *out_p = output;
size_t use_len, olen = 0;
+ GCM_VALIDATE_RET( ctx != NULL );
+ GCM_VALIDATE_RET( length == 0 || input != NULL );
+ GCM_VALIDATE_RET( length == 0 || output != NULL );
+
if( output > input && (size_t) ( output - input ) < length )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
@@ -410,8 +429,14 @@
{
unsigned char work_buf[16];
size_t i;
- uint64_t orig_len = ctx->len * 8;
- uint64_t orig_add_len = ctx->add_len * 8;
+ uint64_t orig_len;
+ uint64_t orig_add_len;
+
+ GCM_VALIDATE_RET( ctx != NULL );
+ GCM_VALIDATE_RET( tag != NULL );
+
+ orig_len = ctx->len * 8;
+ orig_add_len = ctx->add_len * 8;
if( tag_len > 16 || tag_len < 4 )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
@@ -453,6 +478,13 @@
{
int ret;
+ GCM_VALIDATE_RET( ctx != NULL );
+ GCM_VALIDATE_RET( iv != NULL );
+ GCM_VALIDATE_RET( add_len == 0 || add != NULL );
+ GCM_VALIDATE_RET( length == 0 || input != NULL );
+ GCM_VALIDATE_RET( length == 0 || output != NULL );
+ GCM_VALIDATE_RET( tag != NULL );
+
if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len, add, add_len ) ) != 0 )
return( ret );
@@ -481,6 +513,13 @@
size_t i;
int diff;
+ GCM_VALIDATE_RET( ctx != NULL );
+ GCM_VALIDATE_RET( iv != NULL );
+ GCM_VALIDATE_RET( add_len == 0 || add != NULL );
+ GCM_VALIDATE_RET( tag != NULL );
+ GCM_VALIDATE_RET( length == 0 || input != NULL );
+ GCM_VALIDATE_RET( length == 0 || output != NULL );
+
if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length,
iv, iv_len, add, add_len,
input, output, tag_len, check_tag ) ) != 0 )
@@ -503,6 +542,8 @@
void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
{
+ if( ctx == NULL )
+ return;
mbedtls_cipher_free( &ctx->cipher_ctx );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
}
@@ -517,10 +558,10 @@
*/
#define MAX_TESTS 6
-static const int key_index[MAX_TESTS] =
+static const int key_index_test_data[MAX_TESTS] =
{ 0, 0, 1, 1, 1, 1 };
-static const unsigned char key[MAX_TESTS][32] =
+static const unsigned char key_test_data[MAX_TESTS][32] =
{
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -532,13 +573,13 @@
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
};
-static const size_t iv_len[MAX_TESTS] =
+static const size_t iv_len_test_data[MAX_TESTS] =
{ 12, 12, 12, 12, 8, 60 };
-static const int iv_index[MAX_TESTS] =
+static const int iv_index_test_data[MAX_TESTS] =
{ 0, 0, 1, 1, 1, 2 };
-static const unsigned char iv[MAX_TESTS][64] =
+static const unsigned char iv_test_data[MAX_TESTS][64] =
{
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00 },
@@ -554,13 +595,13 @@
0xa6, 0x37, 0xb3, 0x9b },
};
-static const size_t add_len[MAX_TESTS] =
+static const size_t add_len_test_data[MAX_TESTS] =
{ 0, 0, 0, 20, 20, 20 };
-static const int add_index[MAX_TESTS] =
+static const int add_index_test_data[MAX_TESTS] =
{ 0, 0, 0, 1, 1, 1 };
-static const unsigned char additional[MAX_TESTS][64] =
+static const unsigned char additional_test_data[MAX_TESTS][64] =
{
{ 0x00 },
{ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
@@ -568,13 +609,13 @@
0xab, 0xad, 0xda, 0xd2 },
};
-static const size_t pt_len[MAX_TESTS] =
+static const size_t pt_len_test_data[MAX_TESTS] =
{ 0, 16, 64, 60, 60, 60 };
-static const int pt_index[MAX_TESTS] =
+static const int pt_index_test_data[MAX_TESTS] =
{ 0, 0, 1, 1, 1, 1 };
-static const unsigned char pt[MAX_TESTS][64] =
+static const unsigned char pt_test_data[MAX_TESTS][64] =
{
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
@@ -588,7 +629,7 @@
0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
};
-static const unsigned char ct[MAX_TESTS * 3][64] =
+static const unsigned char ct_test_data[MAX_TESTS * 3][64] =
{
{ 0x00 },
{ 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
@@ -697,7 +738,7 @@
0x44, 0xae, 0x7e, 0x3f },
};
-static const unsigned char tag[MAX_TESTS * 3][16] =
+static const unsigned char tag_test_data[MAX_TESTS * 3][16] =
{
{ 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a },
@@ -757,14 +798,15 @@
mbedtls_printf( " AES-GCM-%3d #%d (%s): ",
key_len, i, "enc" );
- ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
+ ret = mbedtls_gcm_setkey( &ctx, cipher,
+ key_test_data[key_index_test_data[i]],
key_len );
/*
* AES-192 is an optional feature that may be unavailable when
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
*/
- if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && key_len == 192 )
+ if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192 )
{
mbedtls_printf( "skipped\n" );
break;
@@ -775,15 +817,19 @@
}
ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT,
- pt_len[i],
- iv[iv_index[i]], iv_len[i],
- additional[add_index[i]], add_len[i],
- pt[pt_index[i]], buf, 16, tag_buf );
+ pt_len_test_data[i],
+ iv_test_data[iv_index_test_data[i]],
+ iv_len_test_data[i],
+ additional_test_data[add_index_test_data[i]],
+ add_len_test_data[i],
+ pt_test_data[pt_index_test_data[i]],
+ buf, 16, tag_buf );
if( ret != 0 )
goto exit;
- if ( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
- memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+ if ( memcmp( buf, ct_test_data[j * 6 + i],
+ pt_len_test_data[i] ) != 0 ||
+ memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
{
ret = 1;
goto exit;
@@ -800,22 +846,26 @@
mbedtls_printf( " AES-GCM-%3d #%d (%s): ",
key_len, i, "dec" );
- ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
+ ret = mbedtls_gcm_setkey( &ctx, cipher,
+ key_test_data[key_index_test_data[i]],
key_len );
if( ret != 0 )
goto exit;
ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT,
- pt_len[i],
- iv[iv_index[i]], iv_len[i],
- additional[add_index[i]], add_len[i],
- ct[j * 6 + i], buf, 16, tag_buf );
+ pt_len_test_data[i],
+ iv_test_data[iv_index_test_data[i]],
+ iv_len_test_data[i],
+ additional_test_data[add_index_test_data[i]],
+ add_len_test_data[i],
+ ct_test_data[j * 6 + i], buf, 16, tag_buf );
if( ret != 0 )
goto exit;
- if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
- memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+ if( memcmp( buf, pt_test_data[pt_index_test_data[i]],
+ pt_len_test_data[i] ) != 0 ||
+ memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
{
ret = 1;
goto exit;
@@ -832,32 +882,40 @@
mbedtls_printf( " AES-GCM-%3d #%d split (%s): ",
key_len, i, "enc" );
- ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
+ ret = mbedtls_gcm_setkey( &ctx, cipher,
+ key_test_data[key_index_test_data[i]],
key_len );
if( ret != 0 )
goto exit;
ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT,
- iv[iv_index[i]], iv_len[i],
- additional[add_index[i]], add_len[i] );
+ iv_test_data[iv_index_test_data[i]],
+ iv_len_test_data[i],
+ additional_test_data[add_index_test_data[i]],
+ add_len_test_data[i] );
if( ret != 0 )
goto exit;
- if( pt_len[i] > 32 )
+ if( pt_len_test_data[i] > 32 )
{
- size_t rest_len = pt_len[i] - 32;
- ret = mbedtls_gcm_update( &ctx, 32, pt[pt_index[i]], buf );
+ size_t rest_len = pt_len_test_data[i] - 32;
+ ret = mbedtls_gcm_update( &ctx, 32,
+ pt_test_data[pt_index_test_data[i]],
+ buf );
if( ret != 0 )
goto exit;
- ret = mbedtls_gcm_update( &ctx, rest_len, pt[pt_index[i]] + 32,
- buf + 32 );
+ ret = mbedtls_gcm_update( &ctx, rest_len,
+ pt_test_data[pt_index_test_data[i]] + 32,
+ buf + 32 );
if( ret != 0 )
goto exit;
}
else
{
- ret = mbedtls_gcm_update( &ctx, pt_len[i], pt[pt_index[i]], buf );
+ ret = mbedtls_gcm_update( &ctx, pt_len_test_data[i],
+ pt_test_data[pt_index_test_data[i]],
+ buf );
if( ret != 0 )
goto exit;
}
@@ -866,8 +924,9 @@
if( ret != 0 )
goto exit;
- if( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
- memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+ if( memcmp( buf, ct_test_data[j * 6 + i],
+ pt_len_test_data[i] ) != 0 ||
+ memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
{
ret = 1;
goto exit;
@@ -884,32 +943,38 @@
mbedtls_printf( " AES-GCM-%3d #%d split (%s): ",
key_len, i, "dec" );
- ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
+ ret = mbedtls_gcm_setkey( &ctx, cipher,
+ key_test_data[key_index_test_data[i]],
key_len );
if( ret != 0 )
goto exit;
ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT,
- iv[iv_index[i]], iv_len[i],
- additional[add_index[i]], add_len[i] );
+ iv_test_data[iv_index_test_data[i]],
+ iv_len_test_data[i],
+ additional_test_data[add_index_test_data[i]],
+ add_len_test_data[i] );
if( ret != 0 )
goto exit;
- if( pt_len[i] > 32 )
+ if( pt_len_test_data[i] > 32 )
{
- size_t rest_len = pt_len[i] - 32;
- ret = mbedtls_gcm_update( &ctx, 32, ct[j * 6 + i], buf );
+ size_t rest_len = pt_len_test_data[i] - 32;
+ ret = mbedtls_gcm_update( &ctx, 32, ct_test_data[j * 6 + i],
+ buf );
if( ret != 0 )
goto exit;
- ret = mbedtls_gcm_update( &ctx, rest_len, ct[j * 6 + i] + 32,
+ ret = mbedtls_gcm_update( &ctx, rest_len,
+ ct_test_data[j * 6 + i] + 32,
buf + 32 );
if( ret != 0 )
goto exit;
}
else
{
- ret = mbedtls_gcm_update( &ctx, pt_len[i], ct[j * 6 + i],
+ ret = mbedtls_gcm_update( &ctx, pt_len_test_data[i],
+ ct_test_data[j * 6 + i],
buf );
if( ret != 0 )
goto exit;
@@ -919,8 +984,9 @@
if( ret != 0 )
goto exit;
- if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
- memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+ if( memcmp( buf, pt_test_data[pt_index_test_data[i]],
+ pt_len_test_data[i] ) != 0 ||
+ memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
{
ret = 1;
goto exit;
diff --git a/library/havege.c b/library/havege.c
index 4dcac02..54f897c 100644
--- a/library/havege.c
+++ b/library/havege.c
@@ -54,7 +54,7 @@
* ------------------------------------------------------------------------
*/
-#define SWAP(X,Y) { int *T = X; X = Y; Y = T; }
+#define SWAP(X,Y) { int *T = (X); (X) = (Y); (Y) = T; }
#define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
#define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index dad55ff..c50330e 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -66,31 +66,60 @@
/*
* HMAC_DRBG update, using optional additional data (10.1.2.2)
*/
-void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
- const unsigned char *additional, size_t add_len )
+int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t add_len )
{
size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info );
unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1;
unsigned char sep[1];
unsigned char K[MBEDTLS_MD_MAX_SIZE];
+ int ret;
for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
{
/* Step 1 or 4 */
- mbedtls_md_hmac_reset( &ctx->md_ctx );
- mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
- mbedtls_md_hmac_update( &ctx->md_ctx, sep, 1 );
+ if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 )
+ goto exit;
+ if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
+ ctx->V, md_len ) ) != 0 )
+ goto exit;
+ if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
+ sep, 1 ) ) != 0 )
+ goto exit;
if( rounds == 2 )
- mbedtls_md_hmac_update( &ctx->md_ctx, additional, add_len );
- mbedtls_md_hmac_finish( &ctx->md_ctx, K );
+ {
+ if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
+ additional, add_len ) ) != 0 )
+ goto exit;
+ }
+ if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, K ) ) != 0 )
+ goto exit;
/* Step 2 or 5 */
- mbedtls_md_hmac_starts( &ctx->md_ctx, K, md_len );
- mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
- mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V );
+ if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, K, md_len ) ) != 0 )
+ goto exit;
+ if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
+ ctx->V, md_len ) ) != 0 )
+ goto exit;
+ if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 )
+ goto exit;
}
+
+exit:
+ mbedtls_platform_zeroize( K, sizeof( K ) );
+ return( ret );
}
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t add_len )
+{
+ (void) mbedtls_hmac_drbg_update_ret( ctx, additional, add_len );
+}
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
/*
* Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA)
*/
@@ -108,10 +137,13 @@
* Use the V memory location, which is currently all 0, to initialize the
* MD context with an all-zero key. Then set V to its initial value.
*/
- mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, mbedtls_md_get_size( md_info ) );
+ if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V,
+ mbedtls_md_get_size( md_info ) ) ) != 0 )
+ return( ret );
memset( ctx->V, 0x01, mbedtls_md_get_size( md_info ) );
- mbedtls_hmac_drbg_update( ctx, data, data_len );
+ if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, data, data_len ) ) != 0 )
+ return( ret );
return( 0 );
}
@@ -124,6 +156,7 @@
{
unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT];
size_t seedlen;
+ int ret;
/* III. Check input length */
if( len > MBEDTLS_HMAC_DRBG_MAX_INPUT ||
@@ -135,7 +168,8 @@
memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT );
/* IV. Gather entropy_len bytes of entropy for the seed */
- if( ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) != 0 )
+ if( ( ret = ctx->f_entropy( ctx->p_entropy,
+ seed, ctx->entropy_len ) ) != 0 )
return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED );
seedlen = ctx->entropy_len;
@@ -148,13 +182,16 @@
}
/* 2. Update state */
- mbedtls_hmac_drbg_update( ctx, seed, seedlen );
+ if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, seed, seedlen ) ) != 0 )
+ goto exit;
/* 3. Reset reseed_counter */
ctx->reseed_counter = 1;
+exit:
/* 4. Done */
- return( 0 );
+ mbedtls_platform_zeroize( seed, seedlen );
+ return( ret );
}
/*
@@ -180,7 +217,8 @@
* Use the V memory location, which is currently all 0, to initialize the
* MD context with an all-zero key. Then set V to its initial value.
*/
- mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, md_size );
+ if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, md_size ) ) != 0 )
+ return( ret );
memset( ctx->V, 0x01, md_size );
ctx->f_entropy = f_entropy;
@@ -273,16 +311,24 @@
/* 2. Use additional data if any */
if( additional != NULL && add_len != 0 )
- mbedtls_hmac_drbg_update( ctx, additional, add_len );
+ {
+ if( ( ret = mbedtls_hmac_drbg_update_ret( ctx,
+ additional, add_len ) ) != 0 )
+ goto exit;
+ }
/* 3, 4, 5. Generate bytes */
while( left != 0 )
{
size_t use_len = left > md_len ? md_len : left;
- mbedtls_md_hmac_reset( &ctx->md_ctx );
- mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
- mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V );
+ if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 )
+ goto exit;
+ if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
+ ctx->V, md_len ) ) != 0 )
+ goto exit;
+ if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 )
+ goto exit;
memcpy( out, ctx->V, use_len );
out += use_len;
@@ -290,13 +336,16 @@
}
/* 6. Update */
- mbedtls_hmac_drbg_update( ctx, additional, add_len );
+ if( ( ret = mbedtls_hmac_drbg_update_ret( ctx,
+ additional, add_len ) ) != 0 )
+ goto exit;
/* 7. Update reseed counter */
ctx->reseed_counter++;
+exit:
/* 8. Done */
- return( 0 );
+ return( ret );
}
/*
@@ -368,35 +417,36 @@
int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
{
int ret = 0;
- FILE *f;
+ FILE *f = NULL;
size_t n;
unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
+ unsigned char c;
if( ( f = fopen( path, "rb" ) ) == NULL )
return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );
- fseek( f, 0, SEEK_END );
- n = (size_t) ftell( f );
- fseek( f, 0, SEEK_SET );
-
- if( n > MBEDTLS_HMAC_DRBG_MAX_INPUT )
+ n = fread( buf, 1, sizeof( buf ), f );
+ if( fread( &c, 1, 1, f ) != 0 )
{
- fclose( f );
- return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
+ ret = MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG;
+ goto exit;
}
-
- if( fread( buf, 1, n, f ) != n )
+ if( n == 0 || ferror( f ) )
+ {
ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
- else
- mbedtls_hmac_drbg_update( ctx, buf, n );
-
+ goto exit;
+ }
fclose( f );
+ f = NULL;
+ ret = mbedtls_hmac_drbg_update_ret( ctx, buf, n );
+
+exit:
mbedtls_platform_zeroize( buf, sizeof( buf ) );
-
+ if( f != NULL )
+ fclose( f );
if( ret != 0 )
return( ret );
-
return( mbedtls_hmac_drbg_write_seed_file( ctx, path ) );
}
#endif /* MBEDTLS_FS_IO */
diff --git a/library/md4.c b/library/md4.c
index 3f8ddff..828fd42 100644
--- a/library/md4.c
+++ b/library/md4.c
@@ -137,15 +137,21 @@
GET_UINT32_LE( X[14], data, 56 );
GET_UINT32_LE( X[15], data, 60 );
-#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
+#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
A = ctx->state[0];
B = ctx->state[1];
C = ctx->state[2];
D = ctx->state[3];
-#define F(x, y, z) ((x & y) | ((~x) & z))
-#define P(a,b,c,d,x,s) { a += F(b,c,d) + x; a = S(a,s); }
+#define F(x, y, z) (((x) & (y)) | ((~(x)) & (z)))
+#define P(a,b,c,d,x,s) \
+ do \
+ { \
+ (a) += F((b),(c),(d)) + (x); \
+ (a) = S((a),(s)); \
+ } while( 0 )
+
P( A, B, C, D, X[ 0], 3 );
P( D, A, B, C, X[ 1], 7 );
@@ -167,8 +173,13 @@
#undef P
#undef F
-#define F(x,y,z) ((x & y) | (x & z) | (y & z))
-#define P(a,b,c,d,x,s) { a += F(b,c,d) + x + 0x5A827999; a = S(a,s); }
+#define F(x,y,z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+#define P(a,b,c,d,x,s) \
+ do \
+ { \
+ (a) += F((b),(c),(d)) + (x) + 0x5A827999; \
+ (a) = S((a),(s)); \
+ } while( 0 )
P( A, B, C, D, X[ 0], 3 );
P( D, A, B, C, X[ 4], 5 );
@@ -190,8 +201,13 @@
#undef P
#undef F
-#define F(x,y,z) (x ^ y ^ z)
-#define P(a,b,c,d,x,s) { a += F(b,c,d) + x + 0x6ED9EBA1; a = S(a,s); }
+#define F(x,y,z) ((x) ^ (y) ^ (z))
+#define P(a,b,c,d,x,s) \
+ do \
+ { \
+ (a) += F((b),(c),(d)) + (x) + 0x6ED9EBA1; \
+ (a) = S((a),(s)); \
+ } while( 0 )
P( A, B, C, D, X[ 0], 3 );
P( D, A, B, C, X[ 8], 9 );
diff --git a/library/md5.c b/library/md5.c
index 2a740cd..a93da8a 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -136,19 +136,22 @@
GET_UINT32_LE( X[14], data, 56 );
GET_UINT32_LE( X[15], data, 60 );
-#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
+#define S(x,n) \
+ ( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) )
-#define P(a,b,c,d,k,s,t) \
-{ \
- a += F(b,c,d) + X[k] + t; a = S(a,s) + b; \
-}
+#define P(a,b,c,d,k,s,t) \
+ do \
+ { \
+ (a) += F((b),(c),(d)) + X[(k)] + (t); \
+ (a) = S((a),(s)) + (b); \
+ } while( 0 )
A = ctx->state[0];
B = ctx->state[1];
C = ctx->state[2];
D = ctx->state[3];
-#define F(x,y,z) (z ^ (x & (y ^ z)))
+#define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
P( A, B, C, D, 0, 7, 0xD76AA478 );
P( D, A, B, C, 1, 12, 0xE8C7B756 );
@@ -169,7 +172,7 @@
#undef F
-#define F(x,y,z) (y ^ (z & (x ^ y)))
+#define F(x,y,z) ((y) ^ ((z) & ((x) ^ (y))))
P( A, B, C, D, 1, 5, 0xF61E2562 );
P( D, A, B, C, 6, 9, 0xC040B340 );
@@ -190,7 +193,7 @@
#undef F
-#define F(x,y,z) (x ^ y ^ z)
+#define F(x,y,z) ((x) ^ (y) ^ (z))
P( A, B, C, D, 5, 4, 0xFFFA3942 );
P( D, A, B, C, 8, 11, 0x8771F681 );
@@ -211,7 +214,7 @@
#undef F
-#define F(x,y,z) (y ^ (x | ~z))
+#define F(x,y,z) ((y) ^ ((x) | ~(z)))
P( A, B, C, D, 0, 6, 0xF4292244 );
P( D, A, B, C, 7, 10, 0x432AFF97 );
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 816b130..5d538bf 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -284,7 +284,7 @@
int err = errno;
/*
- * Never return 'WOULD BLOCK' on a non-blocking socket
+ * Never return 'WOULD BLOCK' on a blocking socket
*/
if( ( fcntl( ctx->fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK )
{
diff --git a/library/nist_kw.c b/library/nist_kw.c
index 176af9f..317a242 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -311,7 +311,7 @@
}
mbedtls_platform_zeroize( inbuff, KW_SEMIBLOCK_LENGTH * 2 );
mbedtls_platform_zeroize( outbuff, KW_SEMIBLOCK_LENGTH * 2 );
- mbedtls_cipher_finish( &ctx->cipher_ctx, NULL, &olen );
+
return( ret );
}
@@ -528,7 +528,7 @@
mbedtls_platform_zeroize( &bad_padding, sizeof( bad_padding) );
mbedtls_platform_zeroize( &diff, sizeof( diff ) );
mbedtls_platform_zeroize( A, sizeof( A ) );
- mbedtls_cipher_finish( &ctx->cipher_ctx, NULL, &olen );
+
return( ret );
}
diff --git a/library/oid.c b/library/oid.c
index edea950..27c455e 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -41,10 +41,6 @@
#define mbedtls_snprintf snprintf
#endif
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
-#include "mbedtls/x509.h"
-#endif
-
/*
* Macro to automatically add the size of #define'd OIDs
*/
@@ -54,22 +50,24 @@
* Macro to generate an internal function for oid_XXX_from_asn1() (used by
* the other functions)
*/
-#define FN_OID_TYPED_FROM_ASN1( TYPE_T, NAME, LIST ) \
-static const TYPE_T * oid_ ## NAME ## _from_asn1( const mbedtls_asn1_buf *oid ) \
-{ \
- const TYPE_T *p = LIST; \
- const mbedtls_oid_descriptor_t *cur = (const mbedtls_oid_descriptor_t *) p; \
- if( p == NULL || oid == NULL ) return( NULL ); \
- while( cur->asn1 != NULL ) { \
- if( cur->asn1_len == oid->len && \
- memcmp( cur->asn1, oid->p, oid->len ) == 0 ) { \
- return( p ); \
- } \
- p++; \
- cur = (const mbedtls_oid_descriptor_t *) p; \
- } \
- return( NULL ); \
-}
+#define FN_OID_TYPED_FROM_ASN1( TYPE_T, NAME, LIST ) \
+ static const TYPE_T * oid_ ## NAME ## _from_asn1( \
+ const mbedtls_asn1_buf *oid ) \
+ { \
+ const TYPE_T *p = (LIST); \
+ const mbedtls_oid_descriptor_t *cur = \
+ (const mbedtls_oid_descriptor_t *) p; \
+ if( p == NULL || oid == NULL ) return( NULL ); \
+ while( cur->asn1 != NULL ) { \
+ if( cur->asn1_len == oid->len && \
+ memcmp( cur->asn1, oid->p, oid->len ) == 0 ) { \
+ return( p ); \
+ } \
+ p++; \
+ cur = (const mbedtls_oid_descriptor_t *) p; \
+ } \
+ return( NULL ); \
+ }
/*
* Macro to generate a function for retrieving a single attribute from the
@@ -103,12 +101,13 @@
*/
#define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \
ATTR2_TYPE, ATTR2) \
-int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, ATTR2_TYPE * ATTR2 ) \
+int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \
+ ATTR2_TYPE * ATTR2 ) \
{ \
const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
- if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
- *ATTR1 = data->ATTR1; \
- *ATTR2 = data->ATTR2; \
+ if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
+ *(ATTR1) = data->ATTR1; \
+ *(ATTR2) = data->ATTR2; \
return( 0 ); \
}
@@ -119,16 +118,16 @@
#define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \
int FN_NAME( ATTR1_TYPE ATTR1, const char **oid, size_t *olen ) \
{ \
- const TYPE_T *cur = LIST; \
+ const TYPE_T *cur = (LIST); \
while( cur->descriptor.asn1 != NULL ) { \
- if( cur->ATTR1 == ATTR1 ) { \
+ if( cur->ATTR1 == (ATTR1) ) { \
*oid = cur->descriptor.asn1; \
*olen = cur->descriptor.asn1_len; \
return( 0 ); \
} \
cur++; \
} \
- return( MBEDTLS_ERR_OID_NOT_FOUND ); \
+ return( MBEDTLS_ERR_OID_NOT_FOUND ); \
}
/*
@@ -140,9 +139,9 @@
int FN_NAME( ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid , \
size_t *olen ) \
{ \
- const TYPE_T *cur = LIST; \
+ const TYPE_T *cur = (LIST); \
while( cur->descriptor.asn1 != NULL ) { \
- if( cur->ATTR1 == ATTR1 && cur->ATTR2 == ATTR2 ) { \
+ if( cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2) ) { \
*oid = cur->descriptor.asn1; \
*olen = cur->descriptor.asn1_len; \
return( 0 ); \
@@ -152,7 +151,6 @@
return( MBEDTLS_ERR_OID_NOT_FOUND ); \
}
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
/*
* For X520 attribute types
*/
@@ -259,24 +257,28 @@
static const oid_x509_ext_t oid_x509_ext[] =
{
{
- { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" },
- MBEDTLS_X509_EXT_BASIC_CONSTRAINTS,
+ { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" },
+ MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS,
},
{
- { ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" },
- MBEDTLS_X509_EXT_KEY_USAGE,
+ { ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" },
+ MBEDTLS_OID_X509_EXT_KEY_USAGE,
},
{
- { ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" },
- MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE,
+ { ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" },
+ MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE,
},
{
- { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" },
- MBEDTLS_X509_EXT_SUBJECT_ALT_NAME,
+ { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" },
+ MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME,
},
{
- { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" },
- MBEDTLS_X509_EXT_NS_CERT_TYPE,
+ { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" },
+ MBEDTLS_OID_X509_EXT_NS_CERT_TYPE,
+ },
+ {
+ { ADD_LEN( MBEDTLS_OID_CERTIFICATE_POLICIES ), "id-ce-certificatePolicies", "Certificate Policies" },
+ MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES,
},
{
{ NULL, 0, NULL, NULL },
@@ -289,18 +291,27 @@
static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
{
- { ADD_LEN( MBEDTLS_OID_SERVER_AUTH ), "id-kp-serverAuth", "TLS Web Server Authentication" },
- { ADD_LEN( MBEDTLS_OID_CLIENT_AUTH ), "id-kp-clientAuth", "TLS Web Client Authentication" },
- { ADD_LEN( MBEDTLS_OID_CODE_SIGNING ), "id-kp-codeSigning", "Code Signing" },
- { ADD_LEN( MBEDTLS_OID_EMAIL_PROTECTION ), "id-kp-emailProtection", "E-mail Protection" },
- { ADD_LEN( MBEDTLS_OID_TIME_STAMPING ), "id-kp-timeStamping", "Time Stamping" },
- { ADD_LEN( MBEDTLS_OID_OCSP_SIGNING ), "id-kp-OCSPSigning", "OCSP Signing" },
+ { ADD_LEN( MBEDTLS_OID_SERVER_AUTH ), "id-kp-serverAuth", "TLS Web Server Authentication" },
+ { ADD_LEN( MBEDTLS_OID_CLIENT_AUTH ), "id-kp-clientAuth", "TLS Web Client Authentication" },
+ { ADD_LEN( MBEDTLS_OID_CODE_SIGNING ), "id-kp-codeSigning", "Code Signing" },
+ { ADD_LEN( MBEDTLS_OID_EMAIL_PROTECTION ), "id-kp-emailProtection", "E-mail Protection" },
+ { ADD_LEN( MBEDTLS_OID_TIME_STAMPING ), "id-kp-timeStamping", "Time Stamping" },
+ { ADD_LEN( MBEDTLS_OID_OCSP_SIGNING ), "id-kp-OCSPSigning", "OCSP Signing" },
+ { ADD_LEN( MBEDTLS_OID_WISUN_FAN ), "id-kp-wisun-fan-device", "Wi-SUN Alliance Field Area Network (FAN)" },
{ NULL, 0, NULL, NULL },
};
FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, ext_key_usage, const char *, description)
-#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
+
+static const mbedtls_oid_descriptor_t oid_certificate_policies[] =
+{
+ { ADD_LEN( MBEDTLS_OID_ANY_POLICY ), "anyPolicy", "Any Policy" },
+ { NULL, 0, NULL, NULL },
+};
+
+FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies)
+FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, mbedtls_oid_descriptor_t, certificate_policies, const char *, description)
#if defined(MBEDTLS_MD_C)
/*
@@ -616,6 +627,12 @@
MBEDTLS_MD_SHA512,
},
#endif /* MBEDTLS_SHA512_C */
+#if defined(MBEDTLS_RIPEMD160_C)
+ {
+ { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_RIPEMD160 ), "id-ripemd160", "RIPEMD-160" },
+ MBEDTLS_MD_RIPEMD160,
+ },
+#endif /* MBEDTLS_RIPEMD160_C */
{
{ NULL, 0, NULL, NULL },
MBEDTLS_MD_NONE,
diff --git a/library/pem.c b/library/pem.c
index 6069a23..897c8a0 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -423,9 +423,11 @@
void mbedtls_pem_free( mbedtls_pem_context *ctx )
{
- if( ctx->buf != NULL )
+ if ( ctx->buf != NULL )
+ {
mbedtls_platform_zeroize( ctx->buf, ctx->buflen );
- mbedtls_free( ctx->buf );
+ mbedtls_free( ctx->buf );
+ }
mbedtls_free( ctx->info );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) );
diff --git a/library/pk.c b/library/pk.c
index f05b139..a1e278e 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -41,16 +41,25 @@
#include "mbedtls/ecdsa.h"
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "mbedtls/psa_util.h"
+#endif
+
#include <limits.h>
#include <stdint.h>
+/* Parameter validation macros based on platform_util.h */
+#define PK_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
+#define PK_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
/*
* Initialise a mbedtls_pk_context
*/
void mbedtls_pk_init( mbedtls_pk_context *ctx )
{
- if( ctx == NULL )
- return;
+ PK_VALIDATE( ctx != NULL );
ctx->pk_info = NULL;
ctx->pk_ctx = NULL;
@@ -61,14 +70,44 @@
*/
void mbedtls_pk_free( mbedtls_pk_context *ctx )
{
- if( ctx == NULL || ctx->pk_info == NULL )
+ if( ctx == NULL )
return;
- ctx->pk_info->ctx_free_func( ctx->pk_ctx );
+ if ( ctx->pk_info != NULL )
+ ctx->pk_info->ctx_free_func( ctx->pk_ctx );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) );
}
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+/*
+ * Initialize a restart context
+ */
+void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
+{
+ PK_VALIDATE( ctx != NULL );
+ ctx->pk_info = NULL;
+ ctx->rs_ctx = NULL;
+}
+
+/*
+ * Free the components of a restart context
+ */
+void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx )
+{
+ if( ctx == NULL || ctx->pk_info == NULL ||
+ ctx->pk_info->rs_free_func == NULL )
+ {
+ return;
+ }
+
+ ctx->pk_info->rs_free_func( ctx->rs_ctx );
+
+ ctx->pk_info = NULL;
+ ctx->rs_ctx = NULL;
+}
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
+
/*
* Get pk_info structure from type
*/
@@ -100,7 +139,8 @@
*/
int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
{
- if( ctx == NULL || info == NULL || ctx->pk_info != NULL )
+ PK_VALIDATE_RET( ctx != NULL );
+ if( info == NULL || ctx->pk_info != NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
@@ -111,6 +151,38 @@
return( 0 );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/*
+ * Initialise a PSA-wrapping context
+ */
+int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_handle_t key )
+{
+ const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info;
+ psa_key_handle_t *pk_ctx;
+ psa_key_type_t type;
+
+ if( ctx == NULL || ctx->pk_info != NULL )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ if( PSA_SUCCESS != psa_get_key_information( key, &type, NULL ) )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ /* Current implementation of can_do() relies on this. */
+ if( ! PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ) )
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ;
+
+ if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
+ return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+
+ ctx->pk_info = info;
+
+ pk_ctx = (psa_key_handle_t *) ctx->pk_ctx;
+ *pk_ctx = key;
+
+ return( 0 );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/*
* Initialize an RSA-alt context
@@ -123,7 +195,8 @@
mbedtls_rsa_alt_context *rsa_alt;
const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
- if( ctx == NULL || ctx->pk_info != NULL )
+ PK_VALIDATE_RET( ctx != NULL );
+ if( ctx->pk_info != NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
@@ -147,7 +220,9 @@
*/
int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
{
- /* null or NONE context can't do anything */
+ /* A context with null pk_info is not set up yet and can't do anything.
+ * For backward compatibility, also accept NULL instead of a context
+ * pointer. */
if( ctx == NULL || ctx->pk_info == NULL )
return( 0 );
@@ -171,6 +246,78 @@
return( 0 );
}
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+/*
+ * Helper to set up a restart context if needed
+ */
+static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx,
+ const mbedtls_pk_info_t *info )
+{
+ /* Don't do anything if already set up or invalid */
+ if( ctx == NULL || ctx->pk_info != NULL )
+ return( 0 );
+
+ /* Should never happen when we're called */
+ if( info->rs_alloc_func == NULL || info->rs_free_func == NULL )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ if( ( ctx->rs_ctx = info->rs_alloc_func() ) == NULL )
+ return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+
+ ctx->pk_info = info;
+
+ return( 0 );
+}
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
+
+/*
+ * Verify a signature (restartable)
+ */
+int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len,
+ mbedtls_pk_restart_ctx *rs_ctx )
+{
+ PK_VALIDATE_RET( ctx != NULL );
+ PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
+ hash != NULL );
+ PK_VALIDATE_RET( sig != NULL );
+
+ if( ctx->pk_info == NULL ||
+ pk_hashlen_helper( md_alg, &hash_len ) != 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ /* optimization: use non-restartable version if restart disabled */
+ if( rs_ctx != NULL &&
+ mbedtls_ecp_restart_is_enabled() &&
+ ctx->pk_info->verify_rs_func != NULL )
+ {
+ int ret;
+
+ if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
+ return( ret );
+
+ ret = ctx->pk_info->verify_rs_func( ctx->pk_ctx,
+ md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx );
+
+ if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
+ mbedtls_pk_restart_free( rs_ctx );
+
+ return( ret );
+ }
+#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
+ (void) rs_ctx;
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
+
+ if( ctx->pk_info->verify_func == NULL )
+ return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+
+ return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len,
+ sig, sig_len ) );
+}
+
/*
* Verify a signature
*/
@@ -178,15 +325,8 @@
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
- if( ctx == NULL || ctx->pk_info == NULL ||
- pk_hashlen_helper( md_alg, &hash_len ) != 0 )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
- if( ctx->pk_info->verify_func == NULL )
- return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-
- return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len,
- sig, sig_len ) );
+ return( mbedtls_pk_verify_restartable( ctx, md_alg, hash, hash_len,
+ sig, sig_len, NULL ) );
}
/*
@@ -197,7 +337,12 @@
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
- if( ctx == NULL || ctx->pk_info == NULL )
+ PK_VALIDATE_RET( ctx != NULL );
+ PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
+ hash != NULL );
+ PK_VALIDATE_RET( sig != NULL );
+
+ if( ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( ! mbedtls_pk_can_do( ctx, type ) )
@@ -248,6 +393,55 @@
}
/*
+ * Make a signature (restartable)
+ */
+int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ mbedtls_pk_restart_ctx *rs_ctx )
+{
+ PK_VALIDATE_RET( ctx != NULL );
+ PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
+ hash != NULL );
+ PK_VALIDATE_RET( sig != NULL );
+
+ if( ctx->pk_info == NULL ||
+ pk_hashlen_helper( md_alg, &hash_len ) != 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ /* optimization: use non-restartable version if restart disabled */
+ if( rs_ctx != NULL &&
+ mbedtls_ecp_restart_is_enabled() &&
+ ctx->pk_info->sign_rs_func != NULL )
+ {
+ int ret;
+
+ if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
+ return( ret );
+
+ ret = ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg,
+ hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx->rs_ctx );
+
+ if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
+ mbedtls_pk_restart_free( rs_ctx );
+
+ return( ret );
+ }
+#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
+ (void) rs_ctx;
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
+
+ if( ctx->pk_info->sign_func == NULL )
+ return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+
+ return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len,
+ sig, sig_len, f_rng, p_rng ) );
+}
+
+/*
* Make a signature
*/
int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
@@ -255,15 +449,8 @@
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- if( ctx == NULL || ctx->pk_info == NULL ||
- pk_hashlen_helper( md_alg, &hash_len ) != 0 )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
- if( ctx->pk_info->sign_func == NULL )
- return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-
- return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len,
- sig, sig_len, f_rng, p_rng ) );
+ return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len,
+ sig, sig_len, f_rng, p_rng, NULL ) );
}
/*
@@ -274,7 +461,12 @@
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- if( ctx == NULL || ctx->pk_info == NULL )
+ PK_VALIDATE_RET( ctx != NULL );
+ PK_VALIDATE_RET( input != NULL || ilen == 0 );
+ PK_VALIDATE_RET( output != NULL || osize == 0 );
+ PK_VALIDATE_RET( olen != NULL );
+
+ if( ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->decrypt_func == NULL )
@@ -292,7 +484,12 @@
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- if( ctx == NULL || ctx->pk_info == NULL )
+ PK_VALIDATE_RET( ctx != NULL );
+ PK_VALIDATE_RET( input != NULL || ilen == 0 );
+ PK_VALIDATE_RET( output != NULL || osize == 0 );
+ PK_VALIDATE_RET( olen != NULL );
+
+ if( ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->encrypt_func == NULL )
@@ -307,13 +504,18 @@
*/
int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
{
- if( pub == NULL || pub->pk_info == NULL ||
- prv == NULL || prv->pk_info == NULL ||
- prv->pk_info->check_pair_func == NULL )
+ PK_VALIDATE_RET( pub != NULL );
+ PK_VALIDATE_RET( prv != NULL );
+
+ if( pub->pk_info == NULL ||
+ prv->pk_info == NULL )
{
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
}
+ if( prv->pk_info->check_pair_func == NULL )
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+
if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT )
{
if( pub->pk_info->type != MBEDTLS_PK_RSA )
@@ -333,6 +535,8 @@
*/
size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
{
+ /* For backward compatibility, accept NULL or a context that
+ * isn't set up yet, and return a fake value that should be safe. */
if( ctx == NULL || ctx->pk_info == NULL )
return( 0 );
@@ -344,7 +548,8 @@
*/
int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
{
- if( ctx == NULL || ctx->pk_info == NULL )
+ PK_VALIDATE_RET( ctx != NULL );
+ if( ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->debug_func == NULL )
@@ -376,4 +581,66 @@
return( ctx->pk_info->type );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/*
+ * Load the key to a PSA key slot,
+ * then turn the PK context into a wrapper for that key slot.
+ *
+ * Currently only works for EC private keys.
+ */
+int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
+ psa_key_handle_t *slot,
+ psa_algorithm_t hash_alg )
+{
+#if !defined(MBEDTLS_ECP_C)
+ return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+#else
+ psa_key_handle_t key;
+ const mbedtls_ecp_keypair *ec;
+ unsigned char d[MBEDTLS_ECP_MAX_BYTES];
+ size_t d_len;
+ psa_ecc_curve_t curve_id;
+ psa_key_type_t key_type;
+ psa_key_policy_t policy;
+ int ret;
+
+ /* export the private key material in the format PSA wants */
+ if( mbedtls_pk_get_type( pk ) != MBEDTLS_PK_ECKEY )
+ return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+
+ ec = mbedtls_pk_ec( *pk );
+ d_len = ( ec->grp.nbits + 7 ) / 8;
+ if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 )
+ return( ret );
+
+ curve_id = mbedtls_ecp_curve_info_from_grp_id( ec->grp.id )->tls_id;
+ key_type = PSA_KEY_TYPE_ECC_KEYPAIR(
+ mbedtls_psa_parse_tls_ecc_group ( curve_id ) );
+
+ /* allocate a key slot */
+ if( PSA_SUCCESS != psa_allocate_key( &key ) )
+ return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+
+ /* set policy */
+ policy = psa_key_policy_init();
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN,
+ PSA_ALG_ECDSA(hash_alg) );
+ if( PSA_SUCCESS != psa_set_key_policy( key, &policy ) )
+ return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+
+ /* import private key in slot */
+ if( PSA_SUCCESS != psa_import_key( key, key_type, d, d_len ) )
+ return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+
+ /* remember slot number to be destroyed later by caller */
+ *slot = key;
+
+ /* make PK context wrap the key slot */
+ mbedtls_pk_free( pk );
+ mbedtls_pk_init( pk );
+
+ return( mbedtls_pk_setup_opaque( pk, key ) );
+#endif /* MBEDTLS_ECP_C */
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_PK_C */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 2c7d2d7..c7f879a 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -41,10 +41,20 @@
#include "mbedtls/ecdsa.h"
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "mbedtls/asn1write.h"
+#endif
+
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
#include "mbedtls/platform_util.h"
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#include "mbedtls/psa_util.h"
+#include "mbedtls/asn1.h"
+#endif
+
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
@@ -190,11 +200,19 @@
rsa_can_do,
rsa_verify_wrap,
rsa_sign_wrap,
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ NULL,
+ NULL,
+#endif
rsa_decrypt_wrap,
rsa_encrypt_wrap,
rsa_check_pair_wrap,
rsa_alloc_wrap,
rsa_free_wrap,
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ NULL,
+ NULL,
+#endif
rsa_debug,
};
#endif /* MBEDTLS_RSA_C */
@@ -262,6 +280,110 @@
return( ret );
}
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+/* Forward declarations */
+static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len,
+ void *rs_ctx );
+
+static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ void *rs_ctx );
+
+/*
+ * Restart context for ECDSA operations with ECKEY context
+ *
+ * We need to store an actual ECDSA context, as we need to pass the same to
+ * the underlying ecdsa function, so we can't create it on the fly every time.
+ */
+typedef struct
+{
+ mbedtls_ecdsa_restart_ctx ecdsa_rs;
+ mbedtls_ecdsa_context ecdsa_ctx;
+} eckey_restart_ctx;
+
+static void *eckey_rs_alloc( void )
+{
+ eckey_restart_ctx *rs_ctx;
+
+ void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) );
+
+ if( ctx != NULL )
+ {
+ rs_ctx = ctx;
+ mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs );
+ mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx );
+ }
+
+ return( ctx );
+}
+
+static void eckey_rs_free( void *ctx )
+{
+ eckey_restart_ctx *rs_ctx;
+
+ if( ctx == NULL)
+ return;
+
+ rs_ctx = ctx;
+ mbedtls_ecdsa_restart_free( &rs_ctx->ecdsa_rs );
+ mbedtls_ecdsa_free( &rs_ctx->ecdsa_ctx );
+
+ mbedtls_free( ctx );
+}
+
+static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len,
+ void *rs_ctx )
+{
+ int ret;
+ eckey_restart_ctx *rs = rs_ctx;
+
+ /* Should never happen */
+ if( rs == NULL )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ /* set up our own sub-context if needed (that is, on first run) */
+ if( rs->ecdsa_ctx.grp.pbits == 0 )
+ MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
+
+ MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( &rs->ecdsa_ctx,
+ md_alg, hash, hash_len,
+ sig, sig_len, &rs->ecdsa_rs ) );
+
+cleanup:
+ return( ret );
+}
+
+static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ void *rs_ctx )
+{
+ int ret;
+ eckey_restart_ctx *rs = rs_ctx;
+
+ /* Should never happen */
+ if( rs == NULL )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ /* set up our own sub-context if needed (that is, on first run) */
+ if( rs->ecdsa_ctx.grp.pbits == 0 )
+ MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
+
+ MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( &rs->ecdsa_ctx, md_alg,
+ hash, hash_len, sig, sig_len,
+ f_rng, p_rng, &rs->ecdsa_rs ) );
+
+cleanup:
+ return( ret );
+}
+#endif /* MBEDTLS_ECP_RESTARTABLE */
#endif /* MBEDTLS_ECDSA_C */
static int eckey_check_pair( const void *pub, const void *prv )
@@ -301,15 +423,23 @@
#if defined(MBEDTLS_ECDSA_C)
eckey_verify_wrap,
eckey_sign_wrap,
-#else
- NULL,
- NULL,
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ eckey_verify_rs_wrap,
+ eckey_sign_rs_wrap,
#endif
+#else /* MBEDTLS_ECDSA_C */
+ NULL,
+ NULL,
+#endif /* MBEDTLS_ECDSA_C */
NULL,
NULL,
eckey_check_pair,
eckey_alloc_wrap,
eckey_free_wrap,
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ eckey_rs_alloc,
+ eckey_rs_free,
+#endif
eckey_debug,
};
@@ -329,11 +459,19 @@
eckeydh_can_do,
NULL,
NULL,
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ NULL,
+ NULL,
+#endif
NULL,
NULL,
eckey_check_pair,
eckey_alloc_wrap, /* Same underlying key structure */
eckey_free_wrap, /* Same underlying key structure */
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ NULL,
+ NULL,
+#endif
eckey_debug, /* Same underlying key structure */
};
#endif /* MBEDTLS_ECP_C */
@@ -344,6 +482,156 @@
return( type == MBEDTLS_PK_ECDSA );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/*
+ * An ASN.1 encoded signature is a sequence of two ASN.1 integers. Parse one of
+ * those integers and convert it to the fixed-length encoding expected by PSA.
+ */
+static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end,
+ unsigned char *to, size_t to_len )
+{
+ int ret;
+ size_t unpadded_len, padding_len;
+
+ if( ( ret = mbedtls_asn1_get_tag( from, end, &unpadded_len,
+ MBEDTLS_ASN1_INTEGER ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ while( unpadded_len > 0 && **from == 0x00 )
+ {
+ ( *from )++;
+ unpadded_len--;
+ }
+
+ if( unpadded_len > to_len || unpadded_len == 0 )
+ return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+ padding_len = to_len - unpadded_len;
+ memset( to, 0x00, padding_len );
+ memcpy( to + padding_len, *from, unpadded_len );
+ ( *from ) += unpadded_len;
+
+ return( 0 );
+}
+
+/*
+ * Convert a signature from an ASN.1 sequence of two integers
+ * to a raw {r,s} buffer. Note: the provided sig buffer must be at least
+ * twice as big as int_size.
+ */
+static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end,
+ unsigned char *sig, size_t int_size )
+{
+ int ret;
+ size_t tmp_size;
+
+ if( ( ret = mbedtls_asn1_get_tag( p, end, &tmp_size,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+ return( ret );
+
+ /* Extract r */
+ if( ( ret = extract_ecdsa_sig_int( p, end, sig, int_size ) ) != 0 )
+ return( ret );
+ /* Extract s */
+ if( ( ret = extract_ecdsa_sig_int( p, end, sig + int_size, int_size ) ) != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len )
+{
+ int ret;
+ psa_key_handle_t key_slot;
+ psa_key_policy_t policy;
+ psa_key_type_t psa_type;
+ mbedtls_pk_context key;
+ int key_len;
+ /* see ECP_PUB_DER_MAX_BYTES in pkwrite.c */
+ unsigned char buf[30 + 2 * MBEDTLS_ECP_MAX_BYTES];
+ unsigned char *p;
+ mbedtls_pk_info_t pk_info = mbedtls_eckey_info;
+ psa_algorithm_t psa_sig_md, psa_md;
+ psa_ecc_curve_t curve = mbedtls_psa_translate_ecc_group(
+ ( (mbedtls_ecdsa_context *) ctx )->grp.id );
+ const size_t signature_part_size = ( ( (mbedtls_ecdsa_context *) ctx )->grp.nbits + 7 ) / 8;
+
+ if( curve == 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ /* mbedtls_pk_write_pubkey() expects a full PK context;
+ * re-construct one to make it happy */
+ key.pk_info = &pk_info;
+ key.pk_ctx = ctx;
+ p = buf + sizeof( buf );
+ key_len = mbedtls_pk_write_pubkey( &p, buf, &key );
+ if( key_len <= 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ psa_md = mbedtls_psa_translate_md( md_alg );
+ if( psa_md == 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ psa_sig_md = PSA_ALG_ECDSA( psa_md );
+ psa_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve );
+
+ if( ( ret = psa_allocate_key( &key_slot ) ) != PSA_SUCCESS )
+ return( mbedtls_psa_err_translate_pk( ret ) );
+
+ policy = psa_key_policy_init();
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, psa_sig_md );
+ if( ( ret = psa_set_key_policy( key_slot, &policy ) ) != PSA_SUCCESS )
+ {
+ ret = mbedtls_psa_err_translate_pk( ret );
+ goto cleanup;
+ }
+
+ if( psa_import_key( key_slot, psa_type, buf + sizeof( buf ) - key_len, key_len )
+ != PSA_SUCCESS )
+ {
+ ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ goto cleanup;
+ }
+
+ /* We don't need the exported key anymore and can
+ * reuse its buffer for signature extraction. */
+ if( 2 * signature_part_size > sizeof( buf ) )
+ {
+ ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ goto cleanup;
+ }
+
+ p = (unsigned char*) sig;
+ if( ( ret = extract_ecdsa_sig( &p, sig + sig_len, buf,
+ signature_part_size ) ) != 0 )
+ {
+ goto cleanup;
+ }
+
+ if( psa_asymmetric_verify( key_slot, psa_sig_md,
+ hash, hash_len,
+ buf, 2 * signature_part_size )
+ != PSA_SUCCESS )
+ {
+ ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
+ goto cleanup;
+ }
+
+ if( p != sig + sig_len )
+ {
+ ret = MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
+ goto cleanup;
+ }
+ ret = 0;
+
+cleanup:
+ psa_destroy_key( key_slot );
+ return( ret );
+}
+#else /* MBEDTLS_USE_PSA_CRYPTO */
static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
@@ -359,6 +647,7 @@
return( ret );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
@@ -369,6 +658,40 @@
md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
}
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len,
+ void *rs_ctx )
+{
+ int ret;
+ ((void) md_alg);
+
+ ret = mbedtls_ecdsa_read_signature_restartable(
+ (mbedtls_ecdsa_context *) ctx,
+ hash, hash_len, sig, sig_len,
+ (mbedtls_ecdsa_restart_ctx *) rs_ctx );
+
+ if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
+ return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+
+ return( ret );
+}
+
+static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ void *rs_ctx )
+{
+ return( mbedtls_ecdsa_write_signature_restartable(
+ (mbedtls_ecdsa_context *) ctx,
+ md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng,
+ (mbedtls_ecdsa_restart_ctx *) rs_ctx ) );
+
+}
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
static void *ecdsa_alloc_wrap( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
@@ -385,6 +708,24 @@
mbedtls_free( ctx );
}
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+static void *ecdsa_rs_alloc( void )
+{
+ void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) );
+
+ if( ctx != NULL )
+ mbedtls_ecdsa_restart_init( ctx );
+
+ return( ctx );
+}
+
+static void ecdsa_rs_free( void *ctx )
+{
+ mbedtls_ecdsa_restart_free( ctx );
+ mbedtls_free( ctx );
+}
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
const mbedtls_pk_info_t mbedtls_ecdsa_info = {
MBEDTLS_PK_ECDSA,
"ECDSA",
@@ -392,11 +733,19 @@
ecdsa_can_do,
ecdsa_verify_wrap,
ecdsa_sign_wrap,
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ ecdsa_verify_rs_wrap,
+ ecdsa_sign_rs_wrap,
+#endif
NULL,
NULL,
eckey_check_pair, /* Compatible key structures */
ecdsa_alloc_wrap,
ecdsa_free_wrap,
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ ecdsa_rs_alloc,
+ ecdsa_rs_free,
+#endif
eckey_debug, /* Compatible key structures */
};
#endif /* MBEDTLS_ECDSA_C */
@@ -506,6 +855,10 @@
rsa_alt_can_do,
NULL,
rsa_alt_sign_wrap,
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ NULL,
+ NULL,
+#endif
rsa_alt_decrypt_wrap,
NULL,
#if defined(MBEDTLS_RSA_C)
@@ -515,9 +868,191 @@
#endif
rsa_alt_alloc_wrap,
rsa_alt_free_wrap,
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ NULL,
+ NULL,
+#endif
NULL,
};
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+static void *pk_opaque_alloc_wrap( void )
+{
+ void *ctx = mbedtls_calloc( 1, sizeof( psa_key_handle_t ) );
+
+ /* no _init() function to call, an calloc() already zeroized */
+
+ return( ctx );
+}
+
+static void pk_opaque_free_wrap( void *ctx )
+{
+ mbedtls_platform_zeroize( ctx, sizeof( psa_key_handle_t ) );
+ mbedtls_free( ctx );
+}
+
+static size_t pk_opaque_get_bitlen( const void *ctx )
+{
+ const psa_key_handle_t *key = (const psa_key_handle_t *) ctx;
+ size_t bits;
+
+ if( PSA_SUCCESS != psa_get_key_information( *key, NULL, &bits ) )
+ return( 0 );
+
+ return( bits );
+}
+
+static int pk_opaque_can_do( mbedtls_pk_type_t type )
+{
+ /* For now opaque PSA keys can only wrap ECC keypairs,
+ * as checked by setup_psa().
+ * Also, ECKEY_DH does not really make sense with the current API. */
+ return( type == MBEDTLS_PK_ECKEY ||
+ type == MBEDTLS_PK_ECDSA );
+}
+
+/*
+ * Simultaneously convert and move raw MPI from the beginning of a buffer
+ * to an ASN.1 MPI at the end of the buffer.
+ * See also mbedtls_asn1_write_mpi().
+ *
+ * p: pointer to the end of the output buffer
+ * start: start of the output buffer, and also of the mpi to write at the end
+ * n_len: length of the mpi to read from start
+ */
+static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
+ size_t n_len )
+{
+ int ret;
+ size_t len = 0;
+
+ if( (size_t)( *p - start ) < n_len )
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+ len = n_len;
+ *p -= len;
+ memmove( *p, start, len );
+
+ /* ASN.1 DER encoding requires minimal length, so skip leading 0s.
+ * Neither r nor s should be 0, but as a failsafe measure, still detect
+ * that rather than overflowing the buffer in case of a PSA error. */
+ while( len > 0 && **p == 0x00 )
+ {
+ ++(*p);
+ --len;
+ }
+
+ /* this is only reached if the signature was invalid */
+ if( len == 0 )
+ return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+
+ /* if the msb is 1, ASN.1 requires that we prepend a 0.
+ * Neither r nor s can be 0, so we can assume len > 0 at all times. */
+ if( **p & 0x80 )
+ {
+ if( *p - start < 1 )
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+ *--(*p) = 0x00;
+ len += 1;
+ }
+
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
+ MBEDTLS_ASN1_INTEGER ) );
+
+ return( (int) len );
+}
+
+/* Transcode signature from PSA format to ASN.1 sequence.
+ * See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of
+ * MPIs, and in-place.
+ *
+ * [in/out] sig: the signature pre- and post-transcoding
+ * [in/out] sig_len: signature length pre- and post-transcoding
+ * [int] buf_len: the available size the in/out buffer
+ */
+static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len,
+ size_t buf_len )
+{
+ int ret;
+ size_t len = 0;
+ const size_t rs_len = *sig_len / 2;
+ unsigned char *p = sig + buf_len;
+
+ MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
+
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, sig, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, sig,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+
+ memmove( sig, p, len );
+ *sig_len = len;
+
+ return( 0 );
+}
+
+static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ const psa_key_handle_t *key = (const psa_key_handle_t *) ctx;
+ psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
+ size_t bits, buf_len;
+ psa_status_t status;
+
+ /* PSA has its own RNG */
+ (void) f_rng;
+ (void) p_rng;
+
+ /* PSA needs an output buffer of known size, but our API doesn't provide
+ * that information. Assume that the buffer is large enough for a
+ * maximal-length signature with that key (otherwise the application is
+ * buggy anyway). */
+ status = psa_get_key_information( *key, NULL, &bits );
+ if( status != PSA_SUCCESS )
+ return( mbedtls_psa_err_translate_pk( status ) );
+
+ buf_len = MBEDTLS_ECDSA_MAX_SIG_LEN( bits );
+
+ /* make the signature */
+ status = psa_asymmetric_sign( *key, alg, hash, hash_len,
+ sig, buf_len, sig_len );
+ if( status != PSA_SUCCESS )
+ return( mbedtls_psa_err_translate_pk( status ) );
+
+ /* transcode it to ASN.1 sequence */
+ return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, buf_len ) );
+}
+
+const mbedtls_pk_info_t mbedtls_pk_opaque_info = {
+ MBEDTLS_PK_OPAQUE,
+ "Opaque",
+ pk_opaque_get_bitlen,
+ pk_opaque_can_do,
+ NULL, /* verify - will be done later */
+ pk_opaque_sign_wrap,
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ NULL, /* restartable verify - not relevant */
+ NULL, /* restartable sign - not relevant */
+#endif
+ NULL, /* decrypt - will be done later */
+ NULL, /* encrypt - will be done later */
+ NULL, /* check_pair - could be done later or left NULL */
+ pk_opaque_alloc_wrap,
+ pk_opaque_free_wrap,
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ NULL, /* restart alloc - not relevant */
+ NULL, /* restart free - not relevant */
+#endif
+ NULL, /* debug - could be done later, or even left NULL */
+};
+
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#endif /* MBEDTLS_PK_C */
diff --git a/library/pkcs12.c b/library/pkcs12.c
index 16a15cb..7edf064 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -48,6 +48,8 @@
#include "mbedtls/des.h"
#endif
+#if defined(MBEDTLS_ASN1_PARSE_C)
+
static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
mbedtls_asn1_buf *salt, int *iterations )
{
@@ -226,6 +228,8 @@
return( ret );
}
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
const unsigned char *filler, size_t fill_len )
{
diff --git a/library/pkcs5.c b/library/pkcs5.c
index f04f0ab..e7d805c 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -54,22 +54,7 @@
#define mbedtls_printf printf
#endif
-#if !defined(MBEDTLS_ASN1_PARSE_C)
-int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
- const unsigned char *pwd, size_t pwdlen,
- const unsigned char *data, size_t datalen,
- unsigned char *output )
-{
- ((void) pbe_params);
- ((void) mode);
- ((void) pwd);
- ((void) pwdlen);
- ((void) data);
- ((void) datalen);
- ((void) output);
- return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-}
-#else
+#if defined(MBEDTLS_ASN1_PARSE_C)
static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
mbedtls_asn1_buf *salt, int *iterations,
int *keylen, mbedtls_md_type_t *md_type )
@@ -91,7 +76,8 @@
* }
*
*/
- if( ( ret = mbedtls_asn1_get_tag( &p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
+ if( ( ret = mbedtls_asn1_get_tag( &p, end, &salt->len,
+ MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
salt->p = p;
@@ -156,7 +142,8 @@
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT +
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
- if( ( ret = mbedtls_asn1_get_alg( &p, end, &kdf_alg_oid, &kdf_alg_params ) ) != 0 )
+ if( ( ret = mbedtls_asn1_get_alg( &p, end, &kdf_alg_oid,
+ &kdf_alg_params ) ) != 0 )
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
// Only PBKDF2 supported at the moment
@@ -217,7 +204,8 @@
if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 )
+ if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen,
+ (mbedtls_operation_t) mode ) ) != 0 )
goto exit;
if( ( ret = mbedtls_cipher_crypt( &cipher_ctx, iv, enc_scheme_params.len,
@@ -232,7 +220,8 @@
}
#endif /* MBEDTLS_ASN1_PARSE_C */
-int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
+int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx,
+ const unsigned char *password,
size_t plen, const unsigned char *salt, size_t slen,
unsigned int iteration_count,
uint32_t key_length, unsigned char *output )
@@ -319,10 +308,10 @@
#define MAX_TESTS 6
-static const size_t plen[MAX_TESTS] =
+static const size_t plen_test_data[MAX_TESTS] =
{ 8, 8, 8, 24, 9 };
-static const unsigned char password[MAX_TESTS][32] =
+static const unsigned char password_test_data[MAX_TESTS][32] =
{
"password",
"password",
@@ -331,10 +320,10 @@
"pass\0word",
};
-static const size_t slen[MAX_TESTS] =
+static const size_t slen_test_data[MAX_TESTS] =
{ 4, 4, 4, 36, 5 };
-static const unsigned char salt[MAX_TESTS][40] =
+static const unsigned char salt_test_data[MAX_TESTS][40] =
{
"salt",
"salt",
@@ -343,13 +332,13 @@
"sa\0lt",
};
-static const uint32_t it_cnt[MAX_TESTS] =
+static const uint32_t it_cnt_test_data[MAX_TESTS] =
{ 1, 2, 4096, 4096, 4096 };
-static const uint32_t key_len[MAX_TESTS] =
+static const uint32_t key_len_test_data[MAX_TESTS] =
{ 20, 20, 20, 25, 16 };
-static const unsigned char result_key[MAX_TESTS][32] =
+static const unsigned char result_key_test_data[MAX_TESTS][32] =
{
{ 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
@@ -395,10 +384,12 @@
if( verbose != 0 )
mbedtls_printf( " PBKDF2 (SHA1) #%d: ", i );
- ret = mbedtls_pkcs5_pbkdf2_hmac( &sha1_ctx, password[i], plen[i], salt[i],
- slen[i], it_cnt[i], key_len[i], key );
+ ret = mbedtls_pkcs5_pbkdf2_hmac( &sha1_ctx, password_test_data[i],
+ plen_test_data[i], salt_test_data[i],
+ slen_test_data[i], it_cnt_test_data[i],
+ key_len_test_data[i], key );
if( ret != 0 ||
- memcmp( result_key[i], key, key_len[i] ) != 0 )
+ memcmp( result_key_test_data[i], key, key_len_test_data[i] ) != 0 )
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
diff --git a/library/pkparse.c b/library/pkparse.c
index d6ac987..ae210bc 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -61,6 +61,12 @@
#define mbedtls_free free
#endif
+/* Parameter validation macros based on platform_util.h */
+#define PK_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
+#define PK_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
#if defined(MBEDTLS_FS_IO)
/*
* Load all data from a file into a given buffer.
@@ -74,6 +80,10 @@
FILE *f;
long size;
+ PK_VALIDATE_RET( path != NULL );
+ PK_VALIDATE_RET( buf != NULL );
+ PK_VALIDATE_RET( n != NULL );
+
if( ( f = fopen( path, "rb" ) ) == NULL )
return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
@@ -124,6 +134,9 @@
size_t n;
unsigned char *buf;
+ PK_VALIDATE_RET( ctx != NULL );
+ PK_VALIDATE_RET( path != NULL );
+
if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
return( ret );
@@ -148,6 +161,9 @@
size_t n;
unsigned char *buf;
+ PK_VALIDATE_RET( ctx != NULL );
+ PK_VALIDATE_RET( path != NULL );
+
if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
return( ret );
@@ -605,6 +621,11 @@
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
const mbedtls_pk_info_t *pk_info;
+ PK_VALIDATE_RET( p != NULL );
+ PK_VALIDATE_RET( *p != NULL );
+ PK_VALIDATE_RET( end != NULL );
+ PK_VALIDATE_RET( pk != NULL );
+
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
@@ -1145,16 +1166,22 @@
{
int ret;
const mbedtls_pk_info_t *pk_info;
-
#if defined(MBEDTLS_PEM_PARSE_C)
size_t len;
mbedtls_pem_context pem;
+#endif
- mbedtls_pem_init( &pem );
+ PK_VALIDATE_RET( pk != NULL );
+ if( keylen == 0 )
+ return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+ PK_VALIDATE_RET( key != NULL );
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_pem_init( &pem );
#if defined(MBEDTLS_RSA_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( keylen == 0 || key[keylen - 1] != '\0' )
+ if( key[keylen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
@@ -1185,7 +1212,7 @@
#if defined(MBEDTLS_ECP_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( keylen == 0 || key[keylen - 1] != '\0' )
+ if( key[keylen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
@@ -1215,7 +1242,7 @@
#endif /* MBEDTLS_ECP_C */
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( keylen == 0 || key[keylen - 1] != '\0' )
+ if( key[keylen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
@@ -1238,7 +1265,7 @@
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( keylen == 0 || key[keylen - 1] != '\0' )
+ if( key[keylen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
@@ -1276,9 +1303,6 @@
{
unsigned char *key_copy;
- if( keylen == 0 )
- return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-
if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
@@ -1295,6 +1319,7 @@
return( 0 );
mbedtls_pk_free( pk );
+ mbedtls_pk_init( pk );
if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
{
@@ -1306,39 +1331,42 @@
return( 0 );
mbedtls_pk_free( pk );
+ mbedtls_pk_init( pk );
#if defined(MBEDTLS_RSA_C)
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
- if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
- ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
- key, keylen ) ) != 0 )
- {
- mbedtls_pk_free( pk );
- }
- else
+ if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
+ pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) == 0 )
{
return( 0 );
}
+ mbedtls_pk_free( pk );
+ mbedtls_pk_init( pk );
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
-
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
- if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
- ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
- key, keylen ) ) != 0 )
- {
- mbedtls_pk_free( pk );
- }
- else
+ if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
+ pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
+ key, keylen ) == 0 )
{
return( 0 );
}
-
+ mbedtls_pk_free( pk );
#endif /* MBEDTLS_ECP_C */
+ /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't,
+ * it is ok to leave the PK context initialized but not
+ * freed: It is the caller's responsibility to call pk_init()
+ * before calling this function, and to call pk_free()
+ * when it fails. If MBEDTLS_ECP_C is defined but MBEDTLS_RSA_C
+ * isn't, this leads to mbedtls_pk_free() being called
+ * twice, once here and once by the caller, but this is
+ * also ok and in line with the mbedtls_pk_free() calls
+ * on failed PEM parsing attempts. */
+
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
}
@@ -1356,11 +1384,18 @@
#if defined(MBEDTLS_PEM_PARSE_C)
size_t len;
mbedtls_pem_context pem;
+#endif
+ PK_VALIDATE_RET( ctx != NULL );
+ if( keylen == 0 )
+ return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+ PK_VALIDATE_RET( key != NULL || keylen == 0 );
+
+#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_init( &pem );
#if defined(MBEDTLS_RSA_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( keylen == 0 || key[keylen - 1] != '\0' )
+ if( key[keylen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
@@ -1391,7 +1426,7 @@
#endif /* MBEDTLS_RSA_C */
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( keylen == 0 || key[keylen - 1] != '\0' )
+ if( key[keylen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 4ae38af..aff8246 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -30,6 +30,7 @@
#include "mbedtls/pk.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/oid.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -48,6 +49,10 @@
#include "mbedtls/pem.h"
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#include "mbedtls/psa_util.h"
+#endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
@@ -56,6 +61,12 @@
#define mbedtls_free free
#endif
+/* Parameter validation macros based on platform_util.h */
+#define PK_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
+#define PK_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
#if defined(MBEDTLS_RSA_C)
/*
* RSAPublicKey ::= SEQUENCE {
@@ -173,6 +184,11 @@
int ret;
size_t len = 0;
+ PK_VALIDATE_RET( p != NULL );
+ PK_VALIDATE_RET( *p != NULL );
+ PK_VALIDATE_RET( start != NULL );
+ PK_VALIDATE_RET( key != NULL );
+
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) );
@@ -183,6 +199,29 @@
MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, mbedtls_pk_ec( *key ) ) );
else
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE )
+ {
+ size_t buffer_size;
+ psa_key_handle_t* key_slot = (psa_key_handle_t*) key->pk_ctx;
+
+ if ( *p < start )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ buffer_size = (size_t)( *p - start );
+ if ( psa_export_public_key( *key_slot, start, buffer_size, &len )
+ != PSA_SUCCESS )
+ {
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ }
+ else
+ {
+ *p -= len;
+ memmove( *p, start, len );
+ }
+ }
+ else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
return( (int) len );
@@ -193,8 +232,14 @@
int ret;
unsigned char *c;
size_t len = 0, par_len = 0, oid_len;
+ mbedtls_pk_type_t pk_type;
const char *oid;
+ PK_VALIDATE_RET( key != NULL );
+ if( size == 0 )
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ PK_VALIDATE_RET( buf != NULL );
+
c = buf + size;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) );
@@ -213,18 +258,51 @@
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
- if( ( ret = mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_get_type( key ),
- &oid, &oid_len ) ) != 0 )
- {
- return( ret );
- }
-
+ pk_type = mbedtls_pk_get_type( key );
#if defined(MBEDTLS_ECP_C)
- if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
+ if( pk_type == MBEDTLS_PK_ECKEY )
{
MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, mbedtls_pk_ec( *key ) ) );
}
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( pk_type == MBEDTLS_PK_OPAQUE )
+ {
+ psa_status_t status;
+ psa_key_type_t key_type;
+ psa_key_handle_t handle;
+ psa_ecc_curve_t curve;
+
+ handle = *((psa_key_handle_t*) key->pk_ctx );
+
+ status = psa_get_key_information( handle, &key_type,
+ NULL /* bitsize not needed */ );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+
+ curve = PSA_KEY_TYPE_GET_CURVE( key_type );
+ if( curve == 0 )
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+
+ ret = mbedtls_psa_get_ecc_oid_from_id( curve, &oid, &oid_len );
+ if( ret != 0 )
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+
+ /* Write EC algorithm parameters; that's akin
+ * to pk_write_ec_param() above. */
+ MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf,
+ oid, oid_len ) );
+
+ /* The rest of the function works as for legacy EC contexts. */
+ pk_type = MBEDTLS_PK_ECKEY;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if( ( ret = mbedtls_oid_get_oid_by_pk_alg( pk_type, &oid,
+ &oid_len ) ) != 0 )
+ {
+ return( ret );
+ }
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len,
par_len ) );
@@ -239,9 +317,16 @@
int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
{
int ret;
- unsigned char *c = buf + size;
+ unsigned char *c;
size_t len = 0;
+ PK_VALIDATE_RET( key != NULL );
+ if( size == 0 )
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ PK_VALIDATE_RET( buf != NULL );
+
+ c = buf + size;
+
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
{
@@ -478,6 +563,9 @@
unsigned char output_buf[PUB_DER_MAX_BYTES];
size_t olen = 0;
+ PK_VALIDATE_RET( key != NULL );
+ PK_VALIDATE_RET( buf != NULL || size == 0 );
+
if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf,
sizeof(output_buf) ) ) < 0 )
{
@@ -501,6 +589,9 @@
const char *begin, *end;
size_t olen = 0;
+ PK_VALIDATE_RET( key != NULL );
+ PK_VALIDATE_RET( buf != NULL || size == 0 );
+
if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 )
return( ret );
diff --git a/library/platform.c b/library/platform.c
index b24b2fa..5756159 100644
--- a/library/platform.c
+++ b/library/platform.c
@@ -30,7 +30,14 @@
#include "mbedtls/platform.h"
#include "mbedtls/platform_util.h"
-#if defined(MBEDTLS_PLATFORM_MEMORY)
+/* The compile time configuration of memory allocation via the macros
+ * MBEDTLS_PLATFORM_{FREE/CALLOC}_MACRO takes precedence over the runtime
+ * configuration via mbedtls_platform_set_calloc_free(). So, omit everything
+ * related to the latter if MBEDTLS_PLATFORM_{FREE/CALLOC}_MACRO are defined. */
+#if defined(MBEDTLS_PLATFORM_MEMORY) && \
+ !( defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && \
+ defined(MBEDTLS_PLATFORM_FREE_MACRO) )
+
#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
static void *platform_calloc_uninit( size_t n, size_t size )
{
@@ -71,30 +78,19 @@
mbedtls_free_func = free_func;
return( 0 );
}
-#endif /* MBEDTLS_PLATFORM_MEMORY */
+#endif /* MBEDTLS_PLATFORM_MEMORY &&
+ !( defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&
+ defined(MBEDTLS_PLATFORM_FREE_MACRO) ) */
-#if defined(_WIN32)
+#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
#include <stdarg.h>
int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... )
{
int ret;
va_list argp;
- /* Avoid calling the invalid parameter handler by checking ourselves */
- if( s == NULL || n == 0 || fmt == NULL )
- return( -1 );
-
va_start( argp, fmt );
-#if defined(_TRUNCATE) && !defined(__MINGW32__)
- ret = _vsnprintf_s( s, n, _TRUNCATE, fmt, argp );
-#else
- ret = _vsnprintf( s, n, fmt, argp );
- if( ret < 0 || (size_t) ret == n )
- {
- s[n-1] = '\0';
- ret = -1;
- }
-#endif
+ ret = mbedtls_vsnprintf( s, n, fmt, argp );
va_end( argp );
return( ret );
@@ -131,6 +127,62 @@
}
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
+#include <stdarg.h>
+int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg )
+{
+ int ret;
+
+ /* Avoid calling the invalid parameter handler by checking ourselves */
+ if( s == NULL || n == 0 || fmt == NULL )
+ return( -1 );
+
+#if defined(_TRUNCATE)
+ ret = vsnprintf_s( s, n, _TRUNCATE, fmt, arg );
+#else
+ ret = vsnprintf( s, n, fmt, arg );
+ if( ret < 0 || (size_t) ret == n )
+ {
+ s[n-1] = '\0';
+ ret = -1;
+ }
+#endif
+
+ return( ret );
+}
+#endif
+
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
+#if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF)
+/*
+ * Make dummy function to prevent NULL pointer dereferences
+ */
+static int platform_vsnprintf_uninit( char * s, size_t n,
+ const char * format, va_list arg )
+{
+ ((void) s);
+ ((void) n);
+ ((void) format);
+ ((void) arg);
+ return( -1 );
+}
+
+#define MBEDTLS_PLATFORM_STD_VSNPRINTF platform_vsnprintf_uninit
+#endif /* !MBEDTLS_PLATFORM_STD_VSNPRINTF */
+
+int (*mbedtls_vsnprintf)( char * s, size_t n,
+ const char * format,
+ va_list arg ) = MBEDTLS_PLATFORM_STD_VSNPRINTF;
+
+int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
+ const char * format,
+ va_list arg ) )
+{
+ mbedtls_vsnprintf = vsnprintf_func;
+ return( 0 );
+}
+#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
+
#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
/*
diff --git a/library/platform_util.c b/library/platform_util.c
index 1a57de9..756e226 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -20,6 +20,14 @@
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
+/*
+ * Ensure gmtime_r is available even with -std=c99; must be defined before
+ * config.h, which pulls in glibc's features.h. Harmless on other platforms.
+ */
+#if !defined(_POSIX_C_SOURCE)
+#define _POSIX_C_SOURCE 200112L
+#endif
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
@@ -27,6 +35,8 @@
#endif
#include "mbedtls/platform_util.h"
+#include "mbedtls/platform.h"
+#include "mbedtls/threading.h"
#include <stddef.h>
#include <string.h>
@@ -65,3 +75,62 @@
memset_func( buf, 0, len );
}
#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
+
+#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
+#include <time.h>
+#if !defined(_WIN32) && (defined(unix) || \
+ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
+ defined(__MACH__)))
+#include <unistd.h>
+#endif /* !_WIN32 && (unix || __unix || __unix__ ||
+ * (__APPLE__ && __MACH__)) */
+
+#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \
+ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \
+ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) )
+/*
+ * This is a convenience shorthand macro to avoid checking the long
+ * preprocessor conditions above. Ideally, we could expose this macro in
+ * platform_util.h and simply use it in platform_util.c, threading.c and
+ * threading.h. However, this macro is not part of the Mbed TLS public API, so
+ * we keep it private by only defining it in this file
+ */
+#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) )
+#define PLATFORM_UTIL_USE_GMTIME
+#endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */
+
+#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \
+ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \
+ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */
+
+struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
+ struct tm *tm_buf )
+{
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+ return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL );
+#elif !defined(PLATFORM_UTIL_USE_GMTIME)
+ return( gmtime_r( tt, tm_buf ) );
+#else
+ struct tm *lt;
+
+#if defined(MBEDTLS_THREADING_C)
+ if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 )
+ return( NULL );
+#endif /* MBEDTLS_THREADING_C */
+
+ lt = gmtime( tt );
+
+ if( lt != NULL )
+ {
+ memcpy( tm_buf, lt, sizeof( struct tm ) );
+ }
+
+#if defined(MBEDTLS_THREADING_C)
+ if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 )
+ return( NULL );
+#endif /* MBEDTLS_THREADING_C */
+
+ return( ( lt == NULL ) ? NULL : tm_buf );
+#endif /* _WIN32 && !EFIX64 && !EFI32 */
+}
+#endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */
diff --git a/library/poly1305.c b/library/poly1305.c
index e22d3af..2b56c5f 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -49,13 +49,19 @@
#define inline __inline
#endif
+/* Parameter validation macros */
+#define POLY1305_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )
+#define POLY1305_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
#define POLY1305_BLOCK_SIZE_BYTES ( 16U )
#define BYTES_TO_U32_LE( data, offset ) \
- ( (uint32_t) data[offset] \
- | (uint32_t) ( (uint32_t) data[( offset ) + 1] << 8 ) \
- | (uint32_t) ( (uint32_t) data[( offset ) + 2] << 16 ) \
- | (uint32_t) ( (uint32_t) data[( offset ) + 3] << 24 ) \
+ ( (uint32_t) (data)[offset] \
+ | (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 ) \
+ | (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 ) \
+ | (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 ) \
)
/*
@@ -276,27 +282,24 @@
void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
{
- if( ctx != NULL )
- {
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
- }
+ POLY1305_VALIDATE( ctx != NULL );
+
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
}
void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
{
- if( ctx != NULL )
- {
- mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
- }
+ if( ctx == NULL )
+ return;
+
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
}
int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
const unsigned char key[32] )
{
- if( ctx == NULL || key == NULL )
- {
- return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- }
+ POLY1305_VALIDATE_RET( ctx != NULL );
+ POLY1305_VALIDATE_RET( key != NULL );
/* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */
ctx->r[0] = BYTES_TO_U32_LE( key, 0 ) & 0x0FFFFFFFU;
@@ -331,16 +334,8 @@
size_t remaining = ilen;
size_t queue_free_len;
size_t nblocks;
-
- if( ctx == NULL )
- {
- return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- }
- else if( ( ilen > 0U ) && ( input == NULL ) )
- {
- /* input pointer is allowed to be NULL only if ilen == 0 */
- return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- }
+ POLY1305_VALIDATE_RET( ctx != NULL );
+ POLY1305_VALIDATE_RET( ilen == 0 || input != NULL );
if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) )
{
@@ -398,10 +393,8 @@
int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
unsigned char mac[16] )
{
- if( ( ctx == NULL ) || ( mac == NULL ) )
- {
- return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- }
+ POLY1305_VALIDATE_RET( ctx != NULL );
+ POLY1305_VALIDATE_RET( mac != NULL );
/* Process any leftover data */
if( ctx->queue_len > 0U )
@@ -431,6 +424,9 @@
{
mbedtls_poly1305_context ctx;
int ret;
+ POLY1305_VALIDATE_RET( key != NULL );
+ POLY1305_VALIDATE_RET( mac != NULL );
+ POLY1305_VALIDATE_RET( ilen == 0 || input != NULL );
mbedtls_poly1305_init( &ctx );
diff --git a/library/ripemd160.c b/library/ripemd160.c
index bd25ada..0791ae4 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -147,22 +147,29 @@
D = Dp = ctx->state[3];
E = Ep = ctx->state[4];
-#define F1( x, y, z ) ( x ^ y ^ z )
-#define F2( x, y, z ) ( ( x & y ) | ( ~x & z ) )
-#define F3( x, y, z ) ( ( x | ~y ) ^ z )
-#define F4( x, y, z ) ( ( x & z ) | ( y & ~z ) )
-#define F5( x, y, z ) ( x ^ ( y | ~z ) )
+#define F1( x, y, z ) ( (x) ^ (y) ^ (z) )
+#define F2( x, y, z ) ( ( (x) & (y) ) | ( ~(x) & (z) ) )
+#define F3( x, y, z ) ( ( (x) | ~(y) ) ^ (z) )
+#define F4( x, y, z ) ( ( (x) & (z) ) | ( (y) & ~(z) ) )
+#define F5( x, y, z ) ( (x) ^ ( (y) | ~(z) ) )
-#define S( x, n ) ( ( x << n ) | ( x >> (32 - n) ) )
+#define S( x, n ) ( ( (x) << (n) ) | ( (x) >> (32 - (n)) ) )
-#define P( a, b, c, d, e, r, s, f, k ) \
- a += f( b, c, d ) + X[r] + k; \
- a = S( a, s ) + e; \
- c = S( c, 10 );
+#define P( a, b, c, d, e, r, s, f, k ) \
+ do \
+ { \
+ (a) += f( (b), (c), (d) ) + X[r] + (k); \
+ (a) = S( (a), (s) ) + (e); \
+ (c) = S( (c), 10 ); \
+ } while( 0 )
-#define P2( a, b, c, d, e, r, s, rp, sp ) \
- P( a, b, c, d, e, r, s, F, K ); \
- P( a ## p, b ## p, c ## p, d ## p, e ## p, rp, sp, Fp, Kp );
+#define P2( a, b, c, d, e, r, s, rp, sp ) \
+ do \
+ { \
+ P( (a), (b), (c), (d), (e), (r), (s), F, K ); \
+ P( a ## p, b ## p, c ## p, d ## p, e ## p, \
+ (rp), (sp), Fp, Kp ); \
+ } while( 0 )
#define F F1
#define K 0x00000000
diff --git a/library/rsa.c b/library/rsa.c
index 88c1cf1..a35af44 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -71,6 +71,12 @@
#if !defined(MBEDTLS_RSA_ALT)
+/* Parameter validation macros */
+#define RSA_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
+#define RSA_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
#if defined(MBEDTLS_PKCS1_V15)
/* constant-time buffer comparison */
static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
@@ -93,6 +99,7 @@
const mbedtls_mpi *D, const mbedtls_mpi *E )
{
int ret;
+ RSA_VALIDATE_RET( ctx != NULL );
if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) ||
( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) ||
@@ -117,6 +124,7 @@
unsigned char const *E, size_t E_len )
{
int ret = 0;
+ RSA_VALIDATE_RET( ctx != NULL );
if( N != NULL )
{
@@ -240,12 +248,16 @@
int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
{
int ret = 0;
+ int have_N, have_P, have_Q, have_D, have_E;
+ int n_missing, pq_missing, d_missing, is_pub, is_priv;
- const int have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
- const int have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
- const int have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
- const int have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
- const int have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
+ RSA_VALIDATE_RET( ctx != NULL );
+
+ have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
+ have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
+ have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
+ have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
+ have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
/*
* Check whether provided parameters are enough
@@ -257,13 +269,13 @@
*
*/
- const int n_missing = have_P && have_Q && have_D && have_E;
- const int pq_missing = have_N && !have_P && !have_Q && have_D && have_E;
- const int d_missing = have_P && have_Q && !have_D && have_E;
- const int is_pub = have_N && !have_P && !have_Q && !have_D && have_E;
+ n_missing = have_P && have_Q && have_D && have_E;
+ pq_missing = have_N && !have_P && !have_Q && have_D && have_E;
+ d_missing = have_P && have_Q && !have_D && have_E;
+ is_pub = have_N && !have_P && !have_Q && !have_D && have_E;
/* These three alternatives are mutually exclusive */
- const int is_priv = n_missing || pq_missing || d_missing;
+ is_priv = n_missing || pq_missing || d_missing;
if( !is_priv && !is_pub )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -336,9 +348,11 @@
unsigned char *E, size_t E_len )
{
int ret = 0;
+ int is_priv;
+ RSA_VALIDATE_RET( ctx != NULL );
/* Check if key is private or public */
- const int is_priv =
+ is_priv =
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
@@ -379,9 +393,11 @@
mbedtls_mpi *D, mbedtls_mpi *E )
{
int ret;
+ int is_priv;
+ RSA_VALIDATE_RET( ctx != NULL );
/* Check if key is private or public */
- int is_priv =
+ is_priv =
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
@@ -421,9 +437,11 @@
mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP )
{
int ret;
+ int is_priv;
+ RSA_VALIDATE_RET( ctx != NULL );
/* Check if key is private or public */
- int is_priv =
+ is_priv =
mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
@@ -459,6 +477,10 @@
int padding,
int hash_id )
{
+ RSA_VALIDATE( ctx != NULL );
+ RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
+ padding == MBEDTLS_RSA_PKCS_V21 );
+
memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
mbedtls_rsa_set_padding( ctx, padding, hash_id );
@@ -471,8 +493,13 @@
/*
* Set padding for an existing RSA context
*/
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id )
+void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
+ int hash_id )
{
+ RSA_VALIDATE( ctx != NULL );
+ RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
+ padding == MBEDTLS_RSA_PKCS_V21 );
+
ctx->padding = padding;
ctx->hash_id = hash_id;
}
@@ -502,12 +529,20 @@
{
int ret;
mbedtls_mpi H, G, L;
+ int prime_quality = 0;
+ RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET( f_rng != NULL );
- if( f_rng == NULL || nbits < 128 || exponent < 3 )
+ if( nbits < 128 || exponent < 3 || nbits % 2 != 0 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- if( nbits % 2 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ /*
+ * If the modulus is 1024 bit long or shorter, then the security strength of
+ * the RSA algorithm is less than or equal to 80 bits and therefore an error
+ * rate of 2^-80 is sufficient.
+ */
+ if( nbits > 1024 )
+ prime_quality = MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR;
mbedtls_mpi_init( &H );
mbedtls_mpi_init( &G );
@@ -523,11 +558,11 @@
do
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0,
- f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1,
+ prime_quality, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
- f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1,
+ prime_quality, f_rng, p_rng ) );
/* make sure the difference between p and q is not too small (FIPS 186-4 §B.3.3 step 5.4) */
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &H, &ctx->P, &ctx->Q ) );
@@ -603,6 +638,8 @@
*/
int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
{
+ RSA_VALIDATE_RET( ctx != NULL );
+
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 )
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
@@ -626,6 +663,8 @@
*/
int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
{
+ RSA_VALIDATE_RET( ctx != NULL );
+
if( mbedtls_rsa_check_pubkey( ctx ) != 0 ||
rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 )
{
@@ -655,6 +694,9 @@
int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
const mbedtls_rsa_context *prv )
{
+ RSA_VALIDATE_RET( pub != NULL );
+ RSA_VALIDATE_RET( prv != NULL );
+
if( mbedtls_rsa_check_pubkey( pub ) != 0 ||
mbedtls_rsa_check_privkey( prv ) != 0 )
{
@@ -680,6 +722,9 @@
int ret;
size_t olen;
mbedtls_mpi T;
+ RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET( input != NULL );
+ RSA_VALIDATE_RET( output != NULL );
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -822,6 +867,10 @@
* checked result; should be the same in the end. */
mbedtls_mpi I, C;
+ RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET( input != NULL );
+ RSA_VALIDATE_RET( output != NULL );
+
if( rsa_check_context( ctx, 1 /* private key checks */,
f_rng != NULL /* blinding y/n */ ) != 0 )
{
@@ -1082,6 +1131,13 @@
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
+ RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC );
+ RSA_VALIDATE_RET( output != NULL );
+ RSA_VALIDATE_RET( ilen == 0 || input != NULL );
+ RSA_VALIDATE_RET( label_len == 0 || label != NULL );
+
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1115,7 +1171,8 @@
p += hlen;
p += olen - 2 * hlen - 2 - ilen;
*p++ = 1;
- memcpy( p, input, ilen );
+ if( ilen != 0 )
+ memcpy( p, input, ilen );
mbedtls_md_init( &md_ctx );
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
@@ -1158,11 +1215,13 @@
int ret;
unsigned char *p = output;
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC );
+ RSA_VALIDATE_RET( output != NULL );
+ RSA_VALIDATE_RET( ilen == 0 || input != NULL );
- // We don't check p_rng because it won't be dereferenced here
- if( f_rng == NULL || input == NULL || output == NULL )
+ if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
olen = ctx->len;
@@ -1176,6 +1235,9 @@
*p++ = 0;
if( mode == MBEDTLS_RSA_PUBLIC )
{
+ if( f_rng == NULL )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
*p++ = MBEDTLS_RSA_CRYPT;
while( nb_pad-- > 0 )
@@ -1202,7 +1264,8 @@
}
*p++ = 0;
- memcpy( p, input, ilen );
+ if( ilen != 0 )
+ memcpy( p, input, ilen );
return( ( mode == MBEDTLS_RSA_PUBLIC )
? mbedtls_rsa_public( ctx, output, output )
@@ -1220,6 +1283,12 @@
const unsigned char *input,
unsigned char *output )
{
+ RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC );
+ RSA_VALIDATE_RET( output != NULL );
+ RSA_VALIDATE_RET( ilen == 0 || input != NULL );
+
switch( ctx->padding )
{
#if defined(MBEDTLS_PKCS1_V15)
@@ -1262,6 +1331,14 @@
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
+ RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC );
+ RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
+ RSA_VALIDATE_RET( label_len == 0 || label != NULL );
+ RSA_VALIDATE_RET( input != NULL );
+ RSA_VALIDATE_RET( olen != NULL );
+
/*
* Parameters sanity checks
*/
@@ -1366,7 +1443,8 @@
}
*olen = ilen - (p - buf);
- memcpy( output, p, *olen );
+ if( *olen != 0 )
+ memcpy( output, p, *olen );
ret = 0;
cleanup:
@@ -1378,6 +1456,97 @@
#endif /* MBEDTLS_PKCS1_V21 */
#if defined(MBEDTLS_PKCS1_V15)
+/** Turn zero-or-nonzero into zero-or-all-bits-one, without branches.
+ *
+ * \param value The value to analyze.
+ * \return Zero if \p value is zero, otherwise all-bits-one.
+ */
+static unsigned all_or_nothing_int( unsigned value )
+{
+ /* MSVC has a warning about unary minus on unsigned, but this is
+ * well-defined and precisely what we want to do here */
+#if defined(_MSC_VER)
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+ return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
+}
+
+/** Check whether a size is out of bounds, without branches.
+ *
+ * This is equivalent to `size > max`, but is likely to be compiled to
+ * to code using bitwise operation rather than a branch.
+ *
+ * \param size Size to check.
+ * \param max Maximum desired value for \p size.
+ * \return \c 0 if `size <= max`.
+ * \return \c 1 if `size > max`.
+ */
+static unsigned size_greater_than( size_t size, size_t max )
+{
+ /* Return the sign bit (1 for negative) of (max - size). */
+ return( ( max - size ) >> ( sizeof( size_t ) * 8 - 1 ) );
+}
+
+/** Choose between two integer values, without branches.
+ *
+ * This is equivalent to `cond ? if1 : if0`, but is likely to be compiled
+ * to code using bitwise operation rather than a branch.
+ *
+ * \param cond Condition to test.
+ * \param if1 Value to use if \p cond is nonzero.
+ * \param if0 Value to use if \p cond is zero.
+ * \return \c if1 if \p cond is nonzero, otherwise \c if0.
+ */
+static unsigned if_int( unsigned cond, unsigned if1, unsigned if0 )
+{
+ unsigned mask = all_or_nothing_int( cond );
+ return( ( mask & if1 ) | (~mask & if0 ) );
+}
+
+/** Shift some data towards the left inside a buffer without leaking
+ * the length of the data through side channels.
+ *
+ * `mem_move_to_left(start, total, offset)` is functionally equivalent to
+ * ```
+ * memmove(start, start + offset, total - offset);
+ * memset(start + offset, 0, total - offset);
+ * ```
+ * but it strives to use a memory access pattern (and thus total timing)
+ * that does not depend on \p offset. This timing independence comes at
+ * the expense of performance.
+ *
+ * \param start Pointer to the start of the buffer.
+ * \param total Total size of the buffer.
+ * \param offset Offset from which to copy \p total - \p offset bytes.
+ */
+static void mem_move_to_left( void *start,
+ size_t total,
+ size_t offset )
+{
+ volatile unsigned char *buf = start;
+ size_t i, n;
+ if( total == 0 )
+ return;
+ for( i = 0; i < total; i++ )
+ {
+ unsigned no_op = size_greater_than( total - offset, i );
+ /* The first `total - offset` passes are a no-op. The last
+ * `offset` passes shift the data one byte to the left and
+ * zero out the last byte. */
+ for( n = 0; n < total - 1; n++ )
+ {
+ unsigned char current = buf[n];
+ unsigned char next = buf[n+1];
+ buf[n] = if_int( no_op, current, next );
+ }
+ buf[total-1] = if_int( no_op, buf[total-1], 0 );
+ }
+}
+
/*
* Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-DECRYPT function
*/
@@ -1387,18 +1556,42 @@
int mode, size_t *olen,
const unsigned char *input,
unsigned char *output,
- size_t output_max_len)
+ size_t output_max_len )
{
int ret;
- size_t ilen, pad_count = 0, i;
- unsigned char *p, bad, pad_done = 0;
+ size_t ilen, i, plaintext_max_size;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ /* The following variables take sensitive values: their value must
+ * not leak into the observable behavior of the function other than
+ * the designated outputs (output, olen, return value). Otherwise
+ * this would open the execution of the function to
+ * side-channel-based variants of the Bleichenbacher padding oracle
+ * attack. Potential side channels include overall timing, memory
+ * access patterns (especially visible to an adversary who has access
+ * to a shared memory cache), and branches (especially visible to
+ * an adversary who has access to a shared code cache or to a shared
+ * branch predictor). */
+ size_t pad_count = 0;
+ unsigned bad = 0;
+ unsigned char pad_done = 0;
+ size_t plaintext_size = 0;
+ unsigned output_too_large;
+
+ RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC );
+ RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
+ RSA_VALIDATE_RET( input != NULL );
+ RSA_VALIDATE_RET( olen != NULL );
+
+ ilen = ctx->len;
+ plaintext_max_size = ( output_max_len > ilen - 11 ?
+ ilen - 11 :
+ output_max_len );
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- ilen = ctx->len;
-
if( ilen < 16 || ilen > sizeof( buf ) )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1409,63 +1602,115 @@
if( ret != 0 )
goto cleanup;
- p = buf;
- bad = 0;
+ /* Check and get padding length in constant time and constant
+ * memory trace. The first byte must be 0. */
+ bad |= buf[0];
- /*
- * Check and get padding len in "constant-time"
- */
- bad |= *p++; /* First byte must be 0 */
-
- /* This test does not depend on secret data */
if( mode == MBEDTLS_RSA_PRIVATE )
{
- bad |= *p++ ^ MBEDTLS_RSA_CRYPT;
+ /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00
+ * where PS must be at least 8 nonzero bytes. */
+ bad |= buf[1] ^ MBEDTLS_RSA_CRYPT;
- /* Get padding len, but always read till end of buffer
- * (minus one, for the 00 byte) */
- for( i = 0; i < ilen - 3; i++ )
+ /* Read the whole buffer. Set pad_done to nonzero if we find
+ * the 0x00 byte and remember the padding length in pad_count. */
+ for( i = 2; i < ilen; i++ )
{
- pad_done |= ((p[i] | (unsigned char)-p[i]) >> 7) ^ 1;
+ pad_done |= ((buf[i] | (unsigned char)-buf[i]) >> 7) ^ 1;
pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
}
-
- p += pad_count;
- bad |= *p++; /* Must be zero */
}
else
{
- bad |= *p++ ^ MBEDTLS_RSA_SIGN;
+ /* Decode EMSA-PKCS1-v1_5 padding: 0x00 || 0x01 || PS || 0x00
+ * where PS must be at least 8 bytes with the value 0xFF. */
+ bad |= buf[1] ^ MBEDTLS_RSA_SIGN;
- /* Get padding len, but always read till end of buffer
- * (minus one, for the 00 byte) */
- for( i = 0; i < ilen - 3; i++ )
+ /* Read the whole buffer. Set pad_done to nonzero if we find
+ * the 0x00 byte and remember the padding length in pad_count.
+ * If there's a non-0xff byte in the padding, the padding is bad. */
+ for( i = 2; i < ilen; i++ )
{
- pad_done |= ( p[i] != 0xFF );
- pad_count += ( pad_done == 0 );
+ pad_done |= if_int( buf[i], 0, 1 );
+ pad_count += if_int( pad_done, 0, 1 );
+ bad |= if_int( pad_done, 0, buf[i] ^ 0xFF );
}
-
- p += pad_count;
- bad |= *p++; /* Must be zero */
}
- bad |= ( pad_count < 8 );
+ /* If pad_done is still zero, there's no data, only unfinished padding. */
+ bad |= if_int( pad_done, 0, 1 );
- if( bad )
- {
- ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
- goto cleanup;
- }
+ /* There must be at least 8 bytes of padding. */
+ bad |= size_greater_than( 8, pad_count );
- if( ilen - ( p - buf ) > output_max_len )
- {
- ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
- goto cleanup;
- }
+ /* If the padding is valid, set plaintext_size to the number of
+ * remaining bytes after stripping the padding. If the padding
+ * is invalid, avoid leaking this fact through the size of the
+ * output: use the maximum message size that fits in the output
+ * buffer. Do it without branches to avoid leaking the padding
+ * validity through timing. RSA keys are small enough that all the
+ * size_t values involved fit in unsigned int. */
+ plaintext_size = if_int( bad,
+ (unsigned) plaintext_max_size,
+ (unsigned) ( ilen - pad_count - 3 ) );
- *olen = ilen - (p - buf);
- memcpy( output, p, *olen );
- ret = 0;
+ /* Set output_too_large to 0 if the plaintext fits in the output
+ * buffer and to 1 otherwise. */
+ output_too_large = size_greater_than( plaintext_size,
+ plaintext_max_size );
+
+ /* Set ret without branches to avoid timing attacks. Return:
+ * - INVALID_PADDING if the padding is bad (bad != 0).
+ * - OUTPUT_TOO_LARGE if the padding is good but the decrypted
+ * plaintext does not fit in the output buffer.
+ * - 0 if the padding is correct. */
+ ret = - (int) if_int( bad, - MBEDTLS_ERR_RSA_INVALID_PADDING,
+ if_int( output_too_large, - MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE,
+ 0 ) );
+
+ /* If the padding is bad or the plaintext is too large, zero the
+ * data that we're about to copy to the output buffer.
+ * We need to copy the same amount of data
+ * from the same buffer whether the padding is good or not to
+ * avoid leaking the padding validity through overall timing or
+ * through memory or cache access patterns. */
+ bad = all_or_nothing_int( bad | output_too_large );
+ for( i = 11; i < ilen; i++ )
+ buf[i] &= ~bad;
+
+ /* If the plaintext is too large, truncate it to the buffer size.
+ * Copy anyway to avoid revealing the length through timing, because
+ * revealing the length is as bad as revealing the padding validity
+ * for a Bleichenbacher attack. */
+ plaintext_size = if_int( output_too_large,
+ (unsigned) plaintext_max_size,
+ (unsigned) plaintext_size );
+
+ /* Move the plaintext to the leftmost position where it can start in
+ * the working buffer, i.e. make it start plaintext_max_size from
+ * the end of the buffer. Do this with a memory access trace that
+ * does not depend on the plaintext size. After this move, the
+ * starting location of the plaintext is no longer sensitive
+ * information. */
+ mem_move_to_left( buf + ilen - plaintext_max_size,
+ plaintext_max_size,
+ plaintext_max_size - plaintext_size );
+
+ /* Finally copy the decrypted plaintext plus trailing zeros into the output
+ * buffer. If output_max_len is 0, then output may be an invalid pointer
+ * and the result of memcpy() would be undefined; prevent undefined
+ * behavior making sure to depend only on output_max_len (the size of the
+ * user-provided output buffer), which is independent from plaintext
+ * length, validity of padding, success of the decryption, and other
+ * secrets. */
+ if( output_max_len != 0 )
+ memcpy( output, buf + ilen - plaintext_max_size, plaintext_max_size );
+
+ /* Report the amount of data we copied to the output buffer. In case
+ * of errors (bad padding or output too large), the value of *olen
+ * when this function returns is not specified. Making it equivalent
+ * to the good case limits the risks of leaking the padding validity. */
+ *olen = plaintext_size;
cleanup:
mbedtls_platform_zeroize( buf, sizeof( buf ) );
@@ -1485,6 +1730,13 @@
unsigned char *output,
size_t output_max_len)
{
+ RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC );
+ RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
+ RSA_VALIDATE_RET( input != NULL );
+ RSA_VALIDATE_RET( olen != NULL );
+
switch( ctx->padding )
{
#if defined(MBEDTLS_PKCS1_V15)
@@ -1521,11 +1773,18 @@
size_t olen;
unsigned char *p = sig;
unsigned char salt[MBEDTLS_MD_MAX_SIZE];
- unsigned int slen, hlen, offset = 0;
+ size_t slen, min_slen, hlen, offset = 0;
int ret;
size_t msb;
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
+ RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC );
+ RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
+ hashlen == 0 ) ||
+ hash != NULL );
+ RSA_VALIDATE_RET( sig != NULL );
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1550,10 +1809,20 @@
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
hlen = mbedtls_md_get_size( md_info );
- slen = hlen;
- if( olen < hlen + slen + 2 )
+ /* Calculate the largest possible salt length. Normally this is the hash
+ * length, which is the maximum length the salt can have. If there is not
+ * enough room, use the maximum salt length that fits. The constraint is
+ * that the hash length plus the salt length plus 2 bytes must be at most
+ * the key length. This complies with FIPS 186-4 §5.5 (e) and RFC 8017
+ * (PKCS#1 v2.2) §9.1.1 step 3. */
+ min_slen = hlen - 2;
+ if( olen < hlen + min_slen + 2 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ else if( olen >= hlen + hlen + 2 )
+ slen = hlen;
+ else
+ slen = olen - hlen - 2;
memset( sig, 0, olen );
@@ -1563,7 +1832,7 @@
/* Note: EMSA-PSS encoding is over the length of N - 1 bits */
msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
- p += olen - hlen * 2 - 2;
+ p += olen - hlen - slen - 2;
*p++ = 0x01;
memcpy( p, salt, slen );
p += slen;
@@ -1763,6 +2032,14 @@
int ret;
unsigned char *sig_try = NULL, *verif = NULL;
+ RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC );
+ RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
+ hashlen == 0 ) ||
+ hash != NULL );
+ RSA_VALIDATE_RET( sig != NULL );
+
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1832,6 +2109,14 @@
const unsigned char *hash,
unsigned char *sig )
{
+ RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC );
+ RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
+ hashlen == 0 ) ||
+ hash != NULL );
+ RSA_VALIDATE_RET( sig != NULL );
+
switch( ctx->padding )
{
#if defined(MBEDTLS_PKCS1_V15)
@@ -1878,6 +2163,14 @@
mbedtls_md_context_t md_ctx;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC );
+ RSA_VALIDATE_RET( sig != NULL );
+ RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
+ hashlen == 0 ) ||
+ hash != NULL );
+
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -2006,7 +2299,16 @@
const unsigned char *hash,
const unsigned char *sig )
{
- mbedtls_md_type_t mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
+ mbedtls_md_type_t mgf1_hash_id;
+ RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC );
+ RSA_VALIDATE_RET( sig != NULL );
+ RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
+ hashlen == 0 ) ||
+ hash != NULL );
+
+ mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
? (mbedtls_md_type_t) ctx->hash_id
: md_alg;
@@ -2032,9 +2334,19 @@
const unsigned char *sig )
{
int ret = 0;
- const size_t sig_len = ctx->len;
+ size_t sig_len;
unsigned char *encoded = NULL, *encoded_expected = NULL;
+ RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC );
+ RSA_VALIDATE_RET( sig != NULL );
+ RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
+ hashlen == 0 ) ||
+ hash != NULL );
+
+ sig_len = ctx->len;
+
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -2104,6 +2416,14 @@
const unsigned char *hash,
const unsigned char *sig )
{
+ RSA_VALIDATE_RET( ctx != NULL );
+ RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
+ mode == MBEDTLS_RSA_PUBLIC );
+ RSA_VALIDATE_RET( sig != NULL );
+ RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
+ hashlen == 0 ) ||
+ hash != NULL );
+
switch( ctx->padding )
{
#if defined(MBEDTLS_PKCS1_V15)
@@ -2129,6 +2449,8 @@
int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
{
int ret;
+ RSA_VALIDATE_RET( dst != NULL );
+ RSA_VALIDATE_RET( src != NULL );
dst->ver = src->ver;
dst->len = src->len;
@@ -2168,14 +2490,23 @@
*/
void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
{
- mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf );
- mbedtls_mpi_free( &ctx->RN ); mbedtls_mpi_free( &ctx->D );
- mbedtls_mpi_free( &ctx->Q ); mbedtls_mpi_free( &ctx->P );
- mbedtls_mpi_free( &ctx->E ); mbedtls_mpi_free( &ctx->N );
+ if( ctx == NULL )
+ return;
+
+ mbedtls_mpi_free( &ctx->Vi );
+ mbedtls_mpi_free( &ctx->Vf );
+ mbedtls_mpi_free( &ctx->RN );
+ mbedtls_mpi_free( &ctx->D );
+ mbedtls_mpi_free( &ctx->Q );
+ mbedtls_mpi_free( &ctx->P );
+ mbedtls_mpi_free( &ctx->E );
+ mbedtls_mpi_free( &ctx->N );
#if !defined(MBEDTLS_RSA_NO_CRT)
- mbedtls_mpi_free( &ctx->RQ ); mbedtls_mpi_free( &ctx->RP );
- mbedtls_mpi_free( &ctx->QP ); mbedtls_mpi_free( &ctx->DQ );
+ mbedtls_mpi_free( &ctx->RQ );
+ mbedtls_mpi_free( &ctx->RP );
+ mbedtls_mpi_free( &ctx->QP );
+ mbedtls_mpi_free( &ctx->DQ );
mbedtls_mpi_free( &ctx->DP );
#endif /* MBEDTLS_RSA_NO_CRT */
diff --git a/library/rsa_internal.c b/library/rsa_internal.c
index 507009f..9a42d47 100644
--- a/library/rsa_internal.c
+++ b/library/rsa_internal.c
@@ -351,15 +351,20 @@
*/
#if defined(MBEDTLS_GENPRIME)
+ /*
+ * When generating keys, the strongest security we support aims for an error
+ * rate of at most 2^-100 and we are aiming for the same certainty here as
+ * well.
+ */
if( f_rng != NULL && P != NULL &&
- ( ret = mbedtls_mpi_is_prime( P, f_rng, p_rng ) ) != 0 )
+ ( ret = mbedtls_mpi_is_prime_ext( P, 50, f_rng, p_rng ) ) != 0 )
{
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
goto cleanup;
}
if( f_rng != NULL && Q != NULL &&
- ( ret = mbedtls_mpi_is_prime( Q, f_rng, p_rng ) ) != 0 )
+ ( ret = mbedtls_mpi_is_prime_ext( Q, 50, f_rng, p_rng ) ) != 0 )
{
ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
goto cleanup;
diff --git a/library/sha1.c b/library/sha1.c
index bab6087..355c83d 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -46,6 +46,11 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
+#define SHA1_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA )
+
+#define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
+
#if !defined(MBEDTLS_SHA1_ALT)
/*
@@ -73,6 +78,8 @@
void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
{
+ SHA1_VALIDATE( ctx != NULL );
+
memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
}
@@ -87,6 +94,9 @@
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
const mbedtls_sha1_context *src )
{
+ SHA1_VALIDATE( dst != NULL );
+ SHA1_VALIDATE( src != NULL );
+
*dst = *src;
}
@@ -95,6 +105,8 @@
*/
int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
{
+ SHA1_VALIDATE_RET( ctx != NULL );
+
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -120,6 +132,9 @@
{
uint32_t temp, W[16], A, B, C, D, E;
+ SHA1_VALIDATE_RET( ctx != NULL );
+ SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
+
GET_UINT32_BE( W[ 0], data, 0 );
GET_UINT32_BE( W[ 1], data, 4 );
GET_UINT32_BE( W[ 2], data, 8 );
@@ -137,19 +152,21 @@
GET_UINT32_BE( W[14], data, 56 );
GET_UINT32_BE( W[15], data, 60 );
-#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
+#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
-#define R(t) \
-( \
- temp = W[( t - 3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \
- W[( t - 14 ) & 0x0F] ^ W[ t & 0x0F], \
- ( W[t & 0x0F] = S(temp,1) ) \
-)
+#define R(t) \
+ ( \
+ temp = W[( (t) - 3 ) & 0x0F] ^ W[( (t) - 8 ) & 0x0F] ^ \
+ W[( (t) - 14 ) & 0x0F] ^ W[ (t) & 0x0F], \
+ ( W[(t) & 0x0F] = S(temp,1) ) \
+ )
-#define P(a,b,c,d,e,x) \
-{ \
- e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
-}
+#define P(a,b,c,d,e,x) \
+ do \
+ { \
+ (e) += S((a),5) + F((b),(c),(d)) + K + (x); \
+ (b) = S((b),30); \
+ } while( 0 )
A = ctx->state[0];
B = ctx->state[1];
@@ -157,7 +174,7 @@
D = ctx->state[3];
E = ctx->state[4];
-#define F(x,y,z) (z ^ (x & (y ^ z)))
+#define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
#define K 0x5A827999
P( A, B, C, D, E, W[0] );
@@ -184,7 +201,7 @@
#undef K
#undef F
-#define F(x,y,z) (x ^ y ^ z)
+#define F(x,y,z) ((x) ^ (y) ^ (z))
#define K 0x6ED9EBA1
P( A, B, C, D, E, R(20) );
@@ -211,7 +228,7 @@
#undef K
#undef F
-#define F(x,y,z) ((x & y) | (z & (x | y)))
+#define F(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
#define K 0x8F1BBCDC
P( A, B, C, D, E, R(40) );
@@ -238,7 +255,7 @@
#undef K
#undef F
-#define F(x,y,z) (x ^ y ^ z)
+#define F(x,y,z) ((x) ^ (y) ^ (z))
#define K 0xCA62C1D6
P( A, B, C, D, E, R(60) );
@@ -294,6 +311,9 @@
size_t fill;
uint32_t left;
+ SHA1_VALIDATE_RET( ctx != NULL );
+ SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
+
if( ilen == 0 )
return( 0 );
@@ -352,6 +372,9 @@
uint32_t used;
uint32_t high, low;
+ SHA1_VALIDATE_RET( ctx != NULL );
+ SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
+
/*
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
*/
@@ -420,6 +443,9 @@
int ret;
mbedtls_sha1_context ctx;
+ SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
+ SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
+
mbedtls_sha1_init( &ctx );
if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )
diff --git a/library/sha256.c b/library/sha256.c
index dbb4a89..2dc0e1a 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -49,6 +49,10 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
+#define SHA256_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
+#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
+
#if !defined(MBEDTLS_SHA256_ALT)
/*
@@ -76,6 +80,8 @@
void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
{
+ SHA256_VALIDATE( ctx != NULL );
+
memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
}
@@ -90,6 +96,9 @@
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
const mbedtls_sha256_context *src )
{
+ SHA256_VALIDATE( dst != NULL );
+ SHA256_VALIDATE( src != NULL );
+
*dst = *src;
}
@@ -98,6 +107,9 @@
*/
int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
{
+ SHA256_VALIDATE_RET( ctx != NULL );
+ SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -160,8 +172,8 @@
0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
};
-#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
-#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
+#define SHR(x,n) (((x) & 0xFFFFFFFF) >> (n))
+#define ROTR(x,n) (SHR(x,n) | ((x) << (32 - (n))))
#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
@@ -169,21 +181,22 @@
#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
-#define F0(x,y,z) ((x & y) | (z & (x | y)))
-#define F1(x,y,z) (z ^ (x & (y ^ z)))
+#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
+#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
#define R(t) \
-( \
- W[t] = S1(W[t - 2]) + W[t - 7] + \
- S0(W[t - 15]) + W[t - 16] \
-)
+ ( \
+ W[t] = S1(W[(t) - 2]) + W[(t) - 7] + \
+ S0(W[(t) - 15]) + W[(t) - 16] \
+ )
-#define P(a,b,c,d,e,f,g,h,x,K) \
-{ \
- temp1 = h + S3(e) + F1(e,f,g) + K + x; \
- temp2 = S2(a) + F0(a,b,c); \
- d += temp1; h = temp1 + temp2; \
-}
+#define P(a,b,c,d,e,f,g,h,x,K) \
+ do \
+ { \
+ temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
+ temp2 = S2(a) + F0((a),(b),(c)); \
+ (d) += temp1; (h) = temp1 + temp2; \
+ } while( 0 )
int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
const unsigned char data[64] )
@@ -192,6 +205,9 @@
uint32_t A[8];
unsigned int i;
+ SHA256_VALIDATE_RET( ctx != NULL );
+ SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
+
for( i = 0; i < 8; i++ )
A[i] = ctx->state[i];
@@ -263,6 +279,9 @@
size_t fill;
uint32_t left;
+ SHA256_VALIDATE_RET( ctx != NULL );
+ SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
+
if( ilen == 0 )
return( 0 );
@@ -321,6 +340,9 @@
uint32_t used;
uint32_t high, low;
+ SHA256_VALIDATE_RET( ctx != NULL );
+ SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
+
/*
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
*/
@@ -395,6 +417,10 @@
int ret;
mbedtls_sha256_context ctx;
+ SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+ SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
+ SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
+
mbedtls_sha256_init( &ctx );
if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
diff --git a/library/sha512.c b/library/sha512.c
index a9440e8..bdd20b2 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -55,6 +55,10 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
+#define SHA512_VALIDATE_RET(cond) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA )
+#define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
+
#if !defined(MBEDTLS_SHA512_ALT)
/*
@@ -90,6 +94,8 @@
void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
{
+ SHA512_VALIDATE( ctx != NULL );
+
memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
}
@@ -104,6 +110,9 @@
void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
const mbedtls_sha512_context *src )
{
+ SHA512_VALIDATE( dst != NULL );
+ SHA512_VALIDATE( src != NULL );
+
*dst = *src;
}
@@ -112,6 +121,9 @@
*/
int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
{
+ SHA512_VALIDATE_RET( ctx != NULL );
+ SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
+
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -209,8 +221,11 @@
uint64_t temp1, temp2, W[80];
uint64_t A, B, C, D, E, F, G, H;
-#define SHR(x,n) (x >> n)
-#define ROTR(x,n) (SHR(x,n) | (x << (64 - n)))
+ SHA512_VALIDATE_RET( ctx != NULL );
+ SHA512_VALIDATE_RET( (const unsigned char *)data != NULL );
+
+#define SHR(x,n) ((x) >> (n))
+#define ROTR(x,n) (SHR((x),(n)) | ((x) << (64 - (n))))
#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6))
@@ -218,15 +233,16 @@
#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
-#define F0(x,y,z) ((x & y) | (z & (x | y)))
-#define F1(x,y,z) (z ^ (x & (y ^ z)))
+#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
+#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
-#define P(a,b,c,d,e,f,g,h,x,K) \
-{ \
- temp1 = h + S3(e) + F1(e,f,g) + K + x; \
- temp2 = S2(a) + F0(a,b,c); \
- d += temp1; h = temp1 + temp2; \
-}
+#define P(a,b,c,d,e,f,g,h,x,K) \
+ do \
+ { \
+ temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
+ temp2 = S2(a) + F0((a),(b),(c)); \
+ (d) += temp1; (h) = temp1 + temp2; \
+ } while( 0 )
for( i = 0; i < 16; i++ )
{
@@ -294,6 +310,9 @@
size_t fill;
unsigned int left;
+ SHA512_VALIDATE_RET( ctx != NULL );
+ SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
+
if( ilen == 0 )
return( 0 );
@@ -351,6 +370,9 @@
unsigned used;
uint64_t high, low;
+ SHA512_VALIDATE_RET( ctx != NULL );
+ SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
+
/*
* Add padding: 0x80 then 0x00 until 16 bytes remain for the length
*/
@@ -427,6 +449,10 @@
int ret;
mbedtls_sha512_context ctx;
+ SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
+ SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
+ SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
+
mbedtls_sha512_init( &ctx );
if( ( ret = mbedtls_sha512_starts_ret( &ctx, is384 ) ) != 0 )
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 47867f1..62a0a29 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -40,6 +40,7 @@
#endif
#include "mbedtls/ssl_cache.h"
+#include "mbedtls/ssl_internal.h"
#include <string.h>
@@ -92,16 +93,24 @@
entry->session.id_len ) != 0 )
continue;
- memcpy( session->master, entry->session.master, 48 );
+ ret = mbedtls_ssl_session_copy( session, &entry->session );
+ if( ret != 0 )
+ {
+ ret = 1;
+ goto exit;
+ }
- session->verify_result = entry->session.verify_result;
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+ defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/*
* Restore peer certificate (without rest of the original chain)
*/
if( entry->peer_cert.p != NULL )
{
+ /* `session->peer_cert` is NULL after the call to
+ * mbedtls_ssl_session_copy(), because cache entries
+ * have the `peer_cert` field set to NULL. */
+
if( ( session->peer_cert = mbedtls_calloc( 1,
sizeof(mbedtls_x509_crt) ) ) == NULL )
{
@@ -119,7 +128,7 @@
goto exit;
}
}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
ret = 0;
goto exit;
@@ -239,9 +248,8 @@
#endif
}
- memcpy( &cur->session, session, sizeof( mbedtls_ssl_session ) );
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+ defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/*
* If we're reusing an entry, free its certificate first
*/
@@ -250,26 +258,43 @@
mbedtls_free( cur->peer_cert.p );
memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) );
}
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- /*
- * Store peer certificate
- */
- if( session->peer_cert != NULL )
+ /* Copy the entire session; this temporarily makes a copy of the
+ * X.509 CRT structure even though we only want to store the raw CRT.
+ * This inefficiency will go away as soon as we implement on-demand
+ * parsing of CRTs, in which case there's no need for the `peer_cert`
+ * field anymore in the first place, and we're done after this call. */
+ ret = mbedtls_ssl_session_copy( &cur->session, session );
+ if( ret != 0 )
{
- cur->peer_cert.p = mbedtls_calloc( 1, session->peer_cert->raw.len );
+ ret = 1;
+ goto exit;
+ }
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+ defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ /* If present, free the X.509 structure and only store the raw CRT data. */
+ if( cur->session.peer_cert != NULL )
+ {
+ cur->peer_cert.p =
+ mbedtls_calloc( 1, cur->session.peer_cert->raw.len );
if( cur->peer_cert.p == NULL )
{
ret = 1;
goto exit;
}
- memcpy( cur->peer_cert.p, session->peer_cert->raw.p,
- session->peer_cert->raw.len );
+ memcpy( cur->peer_cert.p,
+ cur->session.peer_cert->raw.p,
+ cur->session.peer_cert->raw.len );
cur->peer_cert.len = session->peer_cert->raw.len;
+ mbedtls_x509_crt_free( cur->session.peer_cert );
+ mbedtls_free( cur->session.peer_cert );
cur->session.peer_cert = NULL;
}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
ret = 0;
@@ -311,9 +336,10 @@
mbedtls_ssl_session_free( &prv->session );
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+ defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_free( prv->peer_cert.p );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
mbedtls_free( prv );
}
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 59cdc7a..518f7dd 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -43,11 +43,11 @@
/*
* Ordered from most preferred to least preferred in terms of security.
*
- * Current rule (except rc4, weak and null which come last):
+ * Current rule (except RC4 and 3DES, weak and null which come last):
* 1. By key exchange:
* Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
* 2. By key length and cipher:
- * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 > 3DES
+ * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
* 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
* 4. By hash function used when relevant
* 5. By key exchange/auth again: EC > non-EC
@@ -126,11 +126,6 @@
MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
- /* All remaining >= 128-bit ephemeral suites */
- MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-
/* The PSK ephemeral suites */
MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
@@ -162,9 +157,6 @@
MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
- MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
-
/* The ECJPAKE suite */
MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
@@ -228,11 +220,6 @@
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
- /* All remaining >= 128-bit suites */
- MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-
/* The RSA PSK suites */
MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
@@ -251,8 +238,6 @@
MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
- MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
-
/* The PSK suites */
MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
@@ -275,6 +260,16 @@
MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
+ /* 3DES suites */
+ MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
/* RC4 suites */
@@ -2187,6 +2182,26 @@
static int supported_ciphersuites[MAX_CIPHERSUITES];
static int supported_init = 0;
+static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info )
+{
+ (void)cs_info;
+
+#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
+ if( cs_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
+ return( 1 );
+#endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */
+
+#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
+ if( cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_ECB ||
+ cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_CBC )
+ {
+ return( 1 );
+ }
+#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
+
+ return( 0 );
+}
+
const int *mbedtls_ssl_list_ciphersuites( void )
{
/*
@@ -2202,14 +2217,12 @@
*p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
p++ )
{
-#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
const mbedtls_ssl_ciphersuite_t *cs_info;
if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL &&
- cs_info->cipher != MBEDTLS_CIPHER_ARC4_128 )
-#else
- if( mbedtls_ssl_ciphersuite_from_id( *p ) != NULL )
-#endif
+ !ciphersuite_is_removed( cs_info ) )
+ {
*(q++) = *p;
+ }
}
*q = 0;
@@ -2320,7 +2333,8 @@
#endif /* MBEDTLS_PK_C */
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info )
{
switch( info->key_exchange )
@@ -2330,13 +2344,14 @@
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+ case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
return( 1 );
default:
return( 0 );
}
}
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info )
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index ba59c48..f1bf704 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -39,6 +39,10 @@
#include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "mbedtls/psa_util.h"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#include <string.h>
#include <stdint.h>
@@ -51,6 +55,44 @@
#include "mbedtls/platform_util.h"
#endif
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+static int ssl_conf_has_static_psk( mbedtls_ssl_config const *conf )
+{
+ if( conf->psk_identity == NULL ||
+ conf->psk_identity_len == 0 )
+ {
+ return( 0 );
+ }
+
+ if( conf->psk != NULL && conf->psk_len != 0 )
+ return( 1 );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( conf->psk_opaque != 0 )
+ return( 1 );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ return( 0 );
+}
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf )
+{
+ if( conf->psk_identity == NULL ||
+ conf->psk_identity_len == 0 )
+ {
+ return( 0 );
+ }
+
+ if( conf->psk != NULL && conf->psk_len != 0 )
+ return( 1 );
+
+ return( 0 );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -433,6 +475,54 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+ size_t ext_len;
+ const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
+
+ /*
+ * Quoting draft-ietf-tls-dtls-connection-id-05
+ * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
+ *
+ * struct {
+ * opaque cid<0..2^8-1>;
+ * } ConnectionId;
+ */
+
+ *olen = 0;
+ if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
+ ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
+ {
+ return;
+ }
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding CID extension" ) );
+
+ /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX
+ * which is at most 255, so the increment cannot overflow. */
+ if( end < p || (size_t)( end - p ) < (unsigned)( ssl->own_cid_len + 5 ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return;
+ }
+
+ /* Add extension ID + size */
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF );
+ ext_len = (size_t) ssl->own_cid_len + 1;
+ *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( ext_len ) & 0xFF );
+
+ *p++ = (uint8_t) ssl->own_cid_len;
+ memcpy( p, ssl->own_cid, ssl->own_cid_len );
+
+ *olen = ssl->own_cid_len + 5;
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -754,6 +844,15 @@
return( 1 );
#endif
+ /* Don't suggest PSK-based ciphersuite if no PSK is available. */
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
+ ssl_conf_has_static_psk( ssl->conf ) == 0 )
+ {
+ return( 1 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
return( 0 );
}
@@ -766,6 +865,10 @@
unsigned char offer_compress;
const int *ciphersuites;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ int uses_ec = 0;
+#endif
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
@@ -917,6 +1020,11 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x",
ciphersuites[i] ) );
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info );
+#endif
+
n++;
*p++ = (unsigned char)( ciphersuites[i] >> 8 );
*p++ = (unsigned char)( ciphersuites[i] );
@@ -1010,11 +1118,14 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen );
- ext_len += olen;
+ if( uses_ec )
+ {
+ ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
- ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
- ext_len += olen;
+ ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+ }
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -1022,6 +1133,11 @@
ext_len += olen;
#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
@@ -1076,12 +1192,21 @@
mbedtls_ssl_send_flight_completed( ssl );
#endif
- if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
return( ret );
}
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
+ return( ret );
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
return( 0 );
@@ -1170,6 +1295,62 @@
}
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ size_t peer_cid_len;
+
+ if( /* CID extension only makes sense in DTLS */
+ ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
+ /* The server must only send the CID extension if we have offered it. */
+ ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension unexpected" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ if( len == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ peer_cid_len = *buf++;
+ len--;
+
+ if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ if( len != peer_cid_len )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
+ ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
+ memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Server CID", buf, peer_cid_len );
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
@@ -1291,7 +1472,7 @@
{
int ret;
- if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
+ if( ssl->handshake->ciphersuite_info->key_exchange !=
MBEDTLS_KEY_EXCHANGE_ECJPAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) );
@@ -1477,15 +1658,15 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) );
- buf = ssl->in_msg;
-
- if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
{
/* No alert on a read error. */
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
return( ret );
}
+ buf = ssl->in_msg;
+
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
{
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -1654,9 +1835,8 @@
/*
* Initialize update checksum functions
*/
- ssl->transform_negotiate->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i );
-
- if( ssl->transform_negotiate->ciphersuite_info == NULL )
+ ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i );
+ if( ssl->handshake->ciphersuite_info == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", i ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@@ -1664,7 +1844,7 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- mbedtls_ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
+ mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );
@@ -1742,6 +1922,14 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA &&
+ ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ {
+ ssl->handshake->ecrs_enabled = 1;
+ }
+#endif
+
if( comp != MBEDTLS_SSL_COMPRESS_NULL
#if defined(MBEDTLS_ZLIB_SUPPORT)
&& comp != MBEDTLS_SSL_COMPRESS_DEFLATE
@@ -1814,6 +2002,20 @@
break;
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ case MBEDTLS_TLS_EXT_CID:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) );
+
+ if( ( ret = ssl_parse_cid_ext( ssl,
+ ext + 4,
+ ext_size ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ break;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt_then_mac extension" ) );
@@ -1998,8 +2200,14 @@
static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
{
const mbedtls_ecp_curve_info *curve_info;
+ mbedtls_ecp_group_id grp_id;
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+ grp_id = ssl->handshake->ecdh_ctx.grp.id;
+#else
+ grp_id = ssl->handshake->ecdh_ctx.grp_id;
+#endif
- curve_info = mbedtls_ecp_curve_info_from_grp_id( ssl->handshake->ecdh_ctx.grp.id );
+ curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id );
if( curve_info == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
@@ -2009,14 +2217,15 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
#if defined(MBEDTLS_ECP_C)
- if( mbedtls_ssl_check_curve( ssl, ssl->handshake->ecdh_ctx.grp.id ) != 0 )
+ if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
#else
if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
ssl->handshake->ecdh_ctx.grp.nbits > 521 )
#endif
return( -1 );
- MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp", &ssl->handshake->ecdh_ctx.Qp );
+ MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_QP );
return( 0 );
}
@@ -2026,6 +2235,64 @@
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
+static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
+ unsigned char **p,
+ unsigned char *end )
+{
+ uint16_t tls_id;
+ uint8_t ecpoint_len;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ /*
+ * Parse ECC group
+ */
+
+ if( end - *p < 4 )
+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+
+ /* First byte is curve_type; only named_curve is handled */
+ if( *(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE )
+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+
+ /* Next two bytes are the namedcurve value */
+ tls_id = *(*p)++;
+ tls_id <<= 8;
+ tls_id |= *(*p)++;
+
+ /* Convert EC group to PSA key type. */
+ if( ( handshake->ecdh_psa_curve =
+ mbedtls_psa_parse_tls_ecc_group( tls_id ) ) == 0 )
+ {
+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ }
+
+ /*
+ * Put peer's ECDH public key in the format understood by PSA.
+ */
+
+ ecpoint_len = *(*p)++;
+ if( (size_t)( end - *p ) < ecpoint_len )
+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+
+ if( mbedtls_psa_tls_ecpoint_to_psa_ec( handshake->ecdh_psa_curve,
+ *p, ecpoint_len,
+ handshake->ecdh_psa_peerkey,
+ sizeof( handshake->ecdh_psa_peerkey ),
+ &handshake->ecdh_psa_peerkey_len ) != 0 )
+ {
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ }
+
+ *p += ecpoint_len;
+ return( 0 );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO &&
+ ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
+
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
@@ -2047,6 +2314,10 @@
(const unsigned char **) p, end ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_read_params" ), ret );
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+#endif
return( ret );
}
@@ -2076,7 +2347,7 @@
*
* opaque psk_identity_hint<0..2^16-1>;
*/
- if( (*p) > end - 2 )
+ if( end - (*p) < 2 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
"(psk_identity_hint length)" ) );
@@ -2085,7 +2356,7 @@
len = (*p)[0] << 8 | (*p)[1];
*p += 2;
- if( (*p) > end - len )
+ if( end - (*p) < (int) len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
"(psk_identity_hint length)" ) );
@@ -2116,6 +2387,7 @@
int ret;
size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2;
unsigned char *p = ssl->handshake->premaster + pms_offset;
+ mbedtls_pk_context * peer_pk;
if( offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN )
{
@@ -2141,23 +2413,28 @@
ssl->handshake->pmslen = 48;
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ peer_pk = &ssl->handshake->peer_pubkey;
+#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
if( ssl->session_negotiate->peer_cert == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ /* Should never happen */
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+ peer_pk = &ssl->session_negotiate->peer_cert->pk;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/*
* Now write it out, encrypted
*/
- if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
- MBEDTLS_PK_RSA ) )
+ if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_RSA ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate key type mismatch" ) );
return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
}
- if( ( ret = mbedtls_pk_encrypt( &ssl->session_negotiate->peer_cert->pk,
+ if( ( ret = mbedtls_pk_encrypt( peer_pk,
p, ssl->handshake->pmslen,
ssl->out_msg + offset + len_bytes, olen,
MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes,
@@ -2177,6 +2454,10 @@
}
#endif
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ /* We don't need the peer's public key anymore. Free it. */
+ mbedtls_pk_free( peer_pk );
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
return( 0 );
}
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
@@ -2252,21 +2533,27 @@
{
int ret;
const mbedtls_ecp_keypair *peer_key;
+ mbedtls_pk_context * peer_pk;
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ peer_pk = &ssl->handshake->peer_pubkey;
+#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
if( ssl->session_negotiate->peer_cert == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ /* Should never happen */
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+ peer_pk = &ssl->session_negotiate->peer_cert->pk;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
- MBEDTLS_PK_ECKEY ) )
+ if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECKEY ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
}
- peer_key = mbedtls_pk_ec( ssl->session_negotiate->peer_cert->pk );
+ peer_key = mbedtls_pk_ec( *peer_pk );
if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
MBEDTLS_ECDH_THEIRS ) ) != 0 )
@@ -2281,6 +2568,13 @@
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ /* We don't need the peer's public key anymore. Free it,
+ * so that more RAM is available for upcoming expensive
+ * operations like ECDHE. */
+ mbedtls_pk_free( peer_pk );
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
return( ret );
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
@@ -2290,7 +2584,7 @@
{
int ret;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
unsigned char *p = NULL, *end = NULL;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
@@ -2328,7 +2622,15 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
- if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ssl->handshake->ecrs_enabled &&
+ ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing )
+ {
+ goto start_processing;
+ }
+#endif
+
+ if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
return( ret );
@@ -2365,6 +2667,12 @@
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ssl->handshake->ecrs_enabled )
+ ssl->handshake->ecrs_state = ssl_ecrs_ske_start_processing;
+
+start_processing:
+#endif
p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
end = ssl->in_msg + ssl->in_hslen;
MBEDTLS_SSL_DEBUG_BUF( 3, "server key exchange", p, end - p );
@@ -2409,6 +2717,24 @@
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
+ if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
+ {
+ if( ssl_parse_server_ecdh_params_psa( ssl, &p, end ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ }
+ }
+ else
+#endif /* MBEDTLS_USE_PSA_CRYPTO &&
+ ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
@@ -2457,6 +2783,9 @@
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
size_t params_len = p - params;
+ void *rs_ctx = NULL;
+
+ mbedtls_pk_context * peer_pk;
/*
* Handle the digitally-signed structure
@@ -2560,18 +2889,22 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ peer_pk = &ssl->handshake->peer_pubkey;
+#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
if( ssl->session_negotiate->peer_cert == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ /* Should never happen */
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+ peer_pk = &ssl->session_negotiate->peer_cert->pk;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/*
* Verify signature
*/
- if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) )
+ if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@@ -2579,14 +2912,33 @@
return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
}
- if( ( ret = mbedtls_pk_verify( &ssl->session_negotiate->peer_cert->pk,
- md_alg, hash, hashlen, p, sig_len ) ) != 0 )
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ssl->handshake->ecrs_enabled )
+ rs_ctx = &ssl->handshake->ecrs_ctx.pk;
+#endif
+
+ if( ( ret = mbedtls_pk_verify_restartable( peer_pk,
+ md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 )
{
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
+#endif
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+#endif
return( ret );
}
+
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ /* We don't need the peer's public key anymore. Free it,
+ * so that more RAM is available for upcoming expensive
+ * operations like ECDHE. */
+ mbedtls_pk_free( peer_pk );
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
}
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
@@ -2602,7 +2954,7 @@
static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
@@ -2624,7 +2976,7 @@
size_t n = 0;
size_t cert_type_len = 0, dn_len = 0;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
@@ -2635,7 +2987,7 @@
return( 0 );
}
- if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
return( ret );
@@ -2709,7 +3061,7 @@
* therefore the buffer length at this point must be greater than that
* regardless of the actual code path.
*/
- if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n )
+ if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@@ -2787,7 +3139,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello done" ) );
- if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
return( ret );
@@ -2823,9 +3175,11 @@
static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
{
int ret;
- size_t i, n;
+
+ size_t header_len;
+ size_t content_len;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
@@ -2835,16 +3189,16 @@
/*
* DHM key exchange -- send G^X mod P
*/
- n = ssl->handshake->dhm_ctx.len;
+ content_len = ssl->handshake->dhm_ctx.len;
- ssl->out_msg[4] = (unsigned char)( n >> 8 );
- ssl->out_msg[5] = (unsigned char)( n );
- i = 6;
+ ssl->out_msg[4] = (unsigned char)( content_len >> 8 );
+ ssl->out_msg[5] = (unsigned char)( content_len );
+ header_len = 6;
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
- (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
- &ssl->out_msg[i], n,
- ssl->conf->f_rng, ssl->conf->p_rng );
+ (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+ &ssl->out_msg[header_len], content_len,
+ ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
@@ -2855,10 +3209,10 @@
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
- ssl->handshake->premaster,
- MBEDTLS_PREMASTER_SIZE,
- &ssl->handshake->pmslen,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ ssl->handshake->premaster,
+ MBEDTLS_PREMASTER_SIZE,
+ &ssl->handshake->pmslen,
+ ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
return( ret );
@@ -2868,6 +3222,119 @@
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
+ if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
+ {
+ psa_status_t status;
+ psa_key_policy_t policy;
+
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ unsigned char own_pubkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
+ size_t own_pubkey_len;
+ unsigned char *own_pubkey_ecpoint;
+ size_t own_pubkey_ecpoint_len;
+
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+
+ header_len = 4;
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
+
+ /*
+ * Generate EC private key for ECDHE exchange.
+ */
+
+ /* Allocate a new key slot for the private key. */
+
+ status = psa_allocate_key( &handshake->ecdh_psa_privkey );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+ /* The master secret is obtained from the shared ECDH secret by
+ * applying the TLS 1.2 PRF with a specific salt and label. While
+ * the PSA Crypto API encourages combining key agreement schemes
+ * such as ECDH with fixed KDFs such as TLS 1.2 PRF, it does not
+ * yet support the provisioning of salt + label to the KDF.
+ * For the time being, we therefore need to split the computation
+ * of the ECDH secret and the application of the TLS 1.2 PRF. */
+ policy = psa_key_policy_init();
+ psa_key_policy_set_usage( &policy,
+ PSA_KEY_USAGE_DERIVE,
+ PSA_ALG_ECDH( PSA_ALG_SELECT_RAW ) );
+ status = psa_set_key_policy( handshake->ecdh_psa_privkey, &policy );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+ /* Generate ECDH private key. */
+ status = psa_generate_key( handshake->ecdh_psa_privkey,
+ PSA_KEY_TYPE_ECC_KEYPAIR( handshake->ecdh_psa_curve ),
+ MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( handshake->ecdh_psa_curve ),
+ NULL, 0 );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+ /* Export the public part of the ECDH private key from PSA
+ * and convert it to ECPoint format used in ClientKeyExchange. */
+ status = psa_export_public_key( handshake->ecdh_psa_privkey,
+ own_pubkey, sizeof( own_pubkey ),
+ &own_pubkey_len );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+ if( mbedtls_psa_tls_psa_ec_to_ecpoint( own_pubkey,
+ own_pubkey_len,
+ &own_pubkey_ecpoint,
+ &own_pubkey_ecpoint_len ) != 0 )
+ {
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ }
+
+ /* Copy ECPoint structure to outgoing message buffer. */
+ ssl->out_msg[header_len] = (unsigned char) own_pubkey_ecpoint_len;
+ memcpy( ssl->out_msg + header_len + 1,
+ own_pubkey_ecpoint, own_pubkey_ecpoint_len );
+ content_len = own_pubkey_ecpoint_len + 1;
+
+ /* Compute ECDH shared secret. */
+ status = psa_key_agreement( &generator,
+ handshake->ecdh_psa_privkey,
+ handshake->ecdh_psa_peerkey,
+ handshake->ecdh_psa_peerkey_len,
+ PSA_ALG_ECDH( PSA_ALG_SELECT_RAW ) );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+ /* The ECDH secret is the premaster secret used for key derivation. */
+
+ ssl->handshake->pmslen =
+ MBEDTLS_PSA_ECC_KEY_BYTES_OF_CURVE( handshake->ecdh_psa_curve );
+
+ status = psa_generator_read( &generator,
+ ssl->handshake->premaster,
+ ssl->handshake->pmslen );
+ if( status != PSA_SUCCESS )
+ {
+ psa_generator_abort( &generator );
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ }
+
+ status = psa_generator_abort( &generator );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+ status = psa_destroy_key( handshake->ecdh_psa_privkey );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ handshake->ecdh_psa_privkey = 0;
+ }
+ else
+#endif /* MBEDTLS_USE_PSA_CRYPTO &&
+ ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
@@ -2880,31 +3347,62 @@
/*
* ECDH key exchange -- send client public value
*/
- i = 4;
+ header_len = 4;
+
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ssl->handshake->ecrs_enabled )
+ {
+ if( ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret )
+ goto ecdh_calc_secret;
+
+ mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx );
+ }
+#endif
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
- &n,
- &ssl->out_msg[i], 1000,
+ &content_len,
+ &ssl->out_msg[header_len], 1000,
ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+#endif
return( ret );
}
- MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
+ MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_Q );
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ssl->handshake->ecrs_enabled )
+ {
+ ssl->handshake->ecrs_n = content_len;
+ ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret;
+ }
+
+ecdh_calc_secret:
+ if( ssl->handshake->ecrs_enabled )
+ content_len = ssl->handshake->ecrs_n;
+#endif
if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
- &ssl->handshake->pmslen,
- ssl->handshake->premaster,
- MBEDTLS_MPI_MAX_SIZE,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ &ssl->handshake->pmslen,
+ ssl->handshake->premaster,
+ MBEDTLS_MPI_MAX_SIZE,
+ ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+#endif
return( ret );
}
- MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
+ MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_Z );
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
@@ -2917,39 +3415,50 @@
/*
* opaque psk_identity<0..2^16-1>;
*/
- if( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL )
+ if( ssl_conf_has_static_psk( ssl->conf ) == 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for PSK" ) );
- return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+ /* We don't offer PSK suites if we don't have a PSK,
+ * and we check that the server's choice is among the
+ * ciphersuites we offered, so this should never happen. */
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- i = 4;
- n = ssl->conf->psk_identity_len;
+ header_len = 4;
+ content_len = ssl->conf->psk_identity_len;
- if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
+ if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or "
"SSL buffer too short" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
- ssl->out_msg[i++] = (unsigned char)( n >> 8 );
- ssl->out_msg[i++] = (unsigned char)( n );
+ ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 );
+ ssl->out_msg[header_len++] = (unsigned char)( content_len );
- memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len );
- i += ssl->conf->psk_identity_len;
+ memcpy( ssl->out_msg + header_len,
+ ssl->conf->psk_identity,
+ ssl->conf->psk_identity_len );
+ header_len += ssl->conf->psk_identity_len;
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
{
- n = 0;
+ content_len = 0;
}
else
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
{
- if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 2 ) ) != 0 )
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* Opaque PSKs are currently only supported for PSK-only suites. */
+ if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
+ &content_len, 2 ) ) != 0 )
return( ret );
}
else
@@ -2957,24 +3466,31 @@
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* Opaque PSKs are currently only supported for PSK-only suites. */
+ if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
/*
* ClientDiffieHellmanPublic public (DHM send G^X mod P)
*/
- n = ssl->handshake->dhm_ctx.len;
+ content_len = ssl->handshake->dhm_ctx.len;
- if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
+ if( header_len + 2 + content_len >
+ MBEDTLS_SSL_OUT_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long"
" or SSL buffer too short" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
- ssl->out_msg[i++] = (unsigned char)( n >> 8 );
- ssl->out_msg[i++] = (unsigned char)( n );
+ ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 );
+ ssl->out_msg[header_len++] = (unsigned char)( content_len );
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
- &ssl->out_msg[i], n,
+ &ssl->out_msg[header_len], content_len,
ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
{
@@ -2987,11 +3503,19 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* Opaque PSKs are currently only supported for PSK-only suites. */
+ if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
/*
* ClientECDiffieHellmanPublic public;
*/
- ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n,
- &ssl->out_msg[i], MBEDTLS_SSL_OUT_CONTENT_LEN - i,
+ ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
+ &content_len,
+ &ssl->out_msg[header_len],
+ MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
{
@@ -2999,7 +3523,8 @@
return( ret );
}
- MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
+ MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_Q );
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
@@ -3008,6 +3533,17 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
+ ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
+ ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque PSK" ) );
+ }
+ else
+#endif /* MBEDTLS_USE_PSA_CRYPTO &&
+ MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
{
@@ -3020,8 +3556,9 @@
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
{
- i = 4;
- if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 0 ) ) != 0 )
+ header_len = 4;
+ if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
+ &content_len, 0 ) ) != 0 )
return( ret );
}
else
@@ -3029,10 +3566,12 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
{
- i = 4;
+ header_len = 4;
ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
- ssl->out_msg + i, MBEDTLS_SSL_OUT_CONTENT_LEN - i, &n,
+ ssl->out_msg + header_len,
+ MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
+ &content_len,
ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
{
@@ -3057,15 +3596,15 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- ssl->out_msglen = i + n;
+ ssl->out_msglen = header_len + content_len;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE;
ssl->state++;
- if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
return( ret );
}
@@ -3074,16 +3613,11 @@
return( 0 );
}
-#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if !defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
int ret;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
@@ -3094,11 +3628,7 @@
return( ret );
}
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+ if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
ssl->state++;
@@ -3108,31 +3638,36 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
-#else
+#else /* !MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
size_t n = 0, offset = 0;
unsigned char hash[48];
unsigned char *hash_start = hash;
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
unsigned int hashlen;
+ void *rs_ctx = NULL;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ssl->handshake->ecrs_enabled &&
+ ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign )
+ {
+ goto sign;
+ }
+#endif
+
if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
return( ret );
}
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+ if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
ssl->state++;
@@ -3153,8 +3688,15 @@
}
/*
- * Make an RSA signature of the handshake digests
+ * Make a signature of the handshake digests
*/
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ssl->handshake->ecrs_enabled )
+ ssl->handshake->ecrs_state = ssl_ecrs_crt_vrfy_sign;
+
+sign:
+#endif
+
ssl->handshake->calc_verify( ssl, hash );
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
@@ -3207,8 +3749,7 @@
* Reason: Otherwise we should have running hashes for SHA512 and SHA224
* in order to satisfy 'weird' needs from the server side.
*/
- if( ssl->transform_negotiate->ciphersuite_info->mac ==
- MBEDTLS_MD_SHA384 )
+ if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
{
md_alg = MBEDTLS_MD_SHA384;
ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384;
@@ -3231,11 +3772,21 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ), md_alg, hash_start, hashlen,
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ssl->handshake->ecrs_enabled )
+ rs_ctx = &ssl->handshake->ecrs_ctx.pk;
+#endif
+
+ if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ),
+ md_alg, hash_start, hashlen,
ssl->out_msg + 6 + offset, &n,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+#endif
return( ret );
}
@@ -3248,9 +3799,9 @@
ssl->state++;
- if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
return( ret );
}
@@ -3258,12 +3809,7 @@
return( ret );
}
-#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
@@ -3276,7 +3822,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse new session ticket" ) );
- if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
return( ret );
@@ -3311,8 +3857,8 @@
msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
- lifetime = ( msg[0] << 24 ) | ( msg[1] << 16 ) |
- ( msg[2] << 8 ) | ( msg[3] );
+ lifetime = ( ((uint32_t) msg[0]) << 24 ) | ( msg[1] << 16 ) |
+ ( msg[2] << 8 ) | ( msg[3] );
ticket_len = ( msg[4] << 8 ) | ( msg[5] );
@@ -3337,6 +3883,15 @@
if( ticket_len == 0 )
return( 0 );
+ if( ssl->session != NULL && ssl->session->ticket != NULL )
+ {
+ mbedtls_platform_zeroize( ssl->session->ticket,
+ ssl->session->ticket_len );
+ mbedtls_free( ssl->session->ticket );
+ ssl->session->ticket = NULL;
+ ssl->session->ticket_len = 0;
+ }
+
mbedtls_platform_zeroize( ssl->session_negotiate->ticket,
ssl->session_negotiate->ticket_len );
mbedtls_free( ssl->session_negotiate->ticket );
@@ -3390,10 +3945,10 @@
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
{
- if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
return( ret );
}
-#endif
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
/* Change state now, so that it is right in mbedtls_ssl_read_record(), used
* by DTLS for dropping out-of-sequence ChangeCipherSpec records */
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 52087ae..a19179a 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -149,6 +149,48 @@
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf )
+{
+ if( conf->f_psk != NULL )
+ return( 1 );
+
+ if( conf->psk_identity_len == 0 || conf->psk_identity == NULL )
+ return( 0 );
+
+ if( conf->psk != NULL && conf->psk_len != 0 )
+ return( 1 );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( conf->psk_opaque != 0 )
+ return( 1 );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ return( 0 );
+}
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
+{
+ if( ssl->conf->f_psk != NULL )
+ {
+ /* If we've used a callback to select the PSK,
+ * the static configuration is irrelevant. */
+
+ if( ssl->handshake->psk_opaque != 0 )
+ return( 1 );
+
+ return( 0 );
+ }
+
+ if( ssl->conf->psk_opaque != 0 )
+ return( 1 );
+
+ return( 0 );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
const unsigned char *buf,
size_t len )
@@ -433,6 +475,78 @@
}
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ size_t peer_cid_len;
+
+ /* CID extension only makes sense in DTLS */
+ if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ /*
+ * Quoting draft-ietf-tls-dtls-connection-id-05
+ * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
+ *
+ * struct {
+ * opaque cid<0..2^8-1>;
+ * } ConnectionId;
+ */
+
+ if( len < 1 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ peer_cid_len = *buf++;
+ len--;
+
+ if( len != peer_cid_len )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ /* Ignore CID if the user has disabled its use. */
+ if( ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
+ {
+ /* Leave ssl->handshake->cid_in_use in its default
+ * value of MBEDTLS_SSL_CID_DISABLED. */
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Client sent CID extension, but CID disabled" ) );
+ return( 0 );
+ }
+
+ if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
+ ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
+ memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Client CID", buf, peer_cid_len );
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
@@ -867,9 +981,7 @@
/* If the ciphersuite requires a pre-shared key and we don't
* have one, skip it now rather than failing later */
if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
- ssl->conf->f_psk == NULL &&
- ( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ||
- ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) )
+ ssl_conf_has_psk_or_cb( ssl->conf ) == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no pre-shared key" ) );
return( 0 );
@@ -1155,7 +1267,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) );
ssl->session_negotiate->ciphersuite = ciphersuites[i];
- ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
+ ssl->handshake->ciphersuite_info = ciphersuite_info;
/*
* SSLv2 Client Hello relevant renegotiation security checks
@@ -1240,7 +1352,7 @@
return( ssl_parse_client_hello_v2( ssl ) );
#endif
- MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_hdr_len( ssl ) );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) );
/*
* SSLv3/TLS Client Hello
@@ -1294,7 +1406,7 @@
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
- memcpy( ssl->out_ctr + 2, ssl->in_ctr + 2, 6 );
+ memcpy( ssl->cur_out_ctr + 2, ssl->in_ctr + 2, 6 );
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
@@ -1329,7 +1441,7 @@
}
if( ( ret = mbedtls_ssl_fetch_input( ssl,
- mbedtls_ssl_hdr_len( ssl ) + msg_len ) ) != 0 )
+ mbedtls_ssl_in_hdr_len( ssl ) + msg_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
@@ -1338,7 +1450,7 @@
/* Done reading this record, get ready for the next one */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- ssl->next_record_offset = msg_len + mbedtls_ssl_hdr_len( ssl );
+ ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len( ssl );
else
#endif
ssl->in_left = 0;
@@ -1449,7 +1561,7 @@
*/
/*
- * Minimal length (with everything empty and extensions ommitted) is
+ * Minimal length (with everything empty and extensions omitted) is
* 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can
* read at least up to session id length without worrying.
*/
@@ -1783,6 +1895,16 @@
break;
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ case MBEDTLS_TLS_EXT_CID:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) );
+
+ ret = ssl_parse_cid_ext( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) );
@@ -1999,7 +2121,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) );
ssl->session_negotiate->ciphersuite = ciphersuites[i];
- ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
+ ssl->handshake->ciphersuite_info = ciphersuite_info;
ssl->state++;
@@ -2060,6 +2182,54 @@
}
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+ size_t ext_len;
+ const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
+
+ *olen = 0;
+
+ /* Skip writing the extension if we don't want to use it or if
+ * the client hasn't offered it. */
+ if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED )
+ return;
+
+ /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX
+ * which is at most 255, so the increment cannot overflow. */
+ if( end < p || (size_t)( end - p ) < (unsigned)( ssl->own_cid_len + 5 ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return;
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding CID extension" ) );
+
+ /*
+ * Quoting draft-ietf-tls-dtls-connection-id-05
+ * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
+ *
+ * struct {
+ * opaque cid<0..2^8-1>;
+ * } ConnectionId;
+ */
+
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF );
+ ext_len = (size_t) ssl->own_cid_len + 1;
+ *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( ext_len ) & 0xFF );
+
+ *p++ = (uint8_t) ssl->own_cid_len;
+ memcpy( p, ssl->own_cid, ssl->own_cid_len );
+
+ *olen = ssl->own_cid_len + 5;
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -2266,7 +2436,7 @@
*olen = 0;
/* Skip costly computation if not needed */
- if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
+ if( ssl->handshake->ciphersuite_info->key_exchange !=
MBEDTLS_KEY_EXCHANGE_ECJPAKE )
return;
@@ -2384,12 +2554,21 @@
ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT;
- if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
return( ret );
}
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
+ return( ret );
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello verify request" ) );
return( 0 );
@@ -2572,6 +2751,11 @@
ext_len += olen;
#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif
+
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
@@ -2589,8 +2773,12 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
- ext_len += olen;
+ if ( mbedtls_ssl_ciphersuite_uses_ec(
+ mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ) ) )
+ {
+ ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+ }
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -2620,31 +2808,22 @@
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO;
- ret = mbedtls_ssl_write_record( ssl );
+ ret = mbedtls_ssl_write_handshake_msg( ssl );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
return( ret );
}
-#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if !defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+ if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
ssl->state++;
@@ -2654,12 +2833,12 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
-#else
+#else /* !MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
size_t dn_size, total_dn_size; /* excluding length bytes */
size_t ct_len, sa_len; /* including length bytes */
unsigned char *buf, *p;
@@ -2678,11 +2857,7 @@
#endif
authmode = ssl->conf->authmode;
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ||
+ if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ||
authmode == MBEDTLS_SSL_VERIFY_NONE )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
@@ -2778,6 +2953,11 @@
if( ssl->conf->cert_req_ca_list == MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED )
{
+ /* NOTE: If trusted certificates are provisioned
+ * via a CA callback (configured through
+ * `mbedtls_ssl_conf_ca_cb()`, then the
+ * CertificateRequest is currently left empty. */
+
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
if( ssl->handshake->sni_ca_chain != NULL )
crt = ssl->handshake->sni_ca_chain;
@@ -2815,18 +2995,13 @@
ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size >> 8 );
ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size );
- ret = mbedtls_ssl_write_record( ssl );
+ ret = mbedtls_ssl_write_handshake_msg( ssl );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
return( ret );
}
-#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
@@ -2886,7 +3061,8 @@
size_t *signature_len )
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
+
#if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
unsigned char *dig_signed = NULL;
@@ -3035,8 +3211,8 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s", (*curve)->name ) );
- if( ( ret = mbedtls_ecp_group_load( &ssl->handshake->ecdh_ctx.grp,
- (*curve)->grp_id ) ) != 0 )
+ if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx,
+ (*curve)->grp_id ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret );
return( ret );
@@ -3058,7 +3234,8 @@
ssl->out_msglen += len;
- MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q ", &ssl->handshake->ecdh_ctx.Q );
+ MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_Q );
}
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED */
@@ -3251,7 +3428,7 @@
size_t signature_len = 0;
#if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED)
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
#endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
@@ -3332,9 +3509,9 @@
ssl->state++;
- if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
return( ret );
}
@@ -3359,12 +3536,21 @@
mbedtls_ssl_send_flight_completed( ssl );
#endif
- if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
return( ret );
}
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
+ return( ret );
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello done" ) );
return( 0 );
@@ -3626,9 +3812,7 @@
int ret = 0;
size_t n;
- if( ssl->conf->f_psk == NULL &&
- ( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ||
- ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) )
+ if( ssl_conf_has_psk_or_cb( ssl->conf ) == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no pre-shared key" ) );
return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
@@ -3688,7 +3872,7 @@
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
unsigned char *p, *end;
- ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ ciphersuite_info = ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) );
@@ -3706,7 +3890,7 @@
}
else
#endif
- if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
return( ret );
@@ -3772,7 +3956,8 @@
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
}
- MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
+ MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_QP );
if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
&ssl->handshake->pmslen,
@@ -3784,7 +3969,8 @@
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
}
- MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z ", &ssl->handshake->ecdh_ctx.z );
+ MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_Z );
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
@@ -3806,6 +3992,13 @@
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* For opaque PSKs, we perform the PSK-to-MS derivation atomatically
+ * and skip the intermediate PMS. */
+ if( ssl_use_opaque_psk( ssl ) == 1 )
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque PSK" ) );
+ else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
{
@@ -3837,6 +4030,12 @@
return( ret );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* Opaque PSKs are currently only supported for PSK-only. */
+ if( ssl_use_opaque_psk( ssl ) == 1 )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+#endif
+
if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 2 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_encrypted_pms" ), ret );
@@ -3866,6 +4065,12 @@
return( ret );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* Opaque PSKs are currently only supported for PSK-only. */
+ if( ssl_use_opaque_psk( ssl ) == 1 )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+#endif
+
if( p != end )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) );
@@ -3897,7 +4102,14 @@
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
}
- MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* Opaque PSKs are currently only supported for PSK-only. */
+ if( ssl_use_opaque_psk( ssl ) == 1 )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+#endif
+
+ MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_QP );
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
@@ -3959,24 +4171,15 @@
return( 0 );
}
-#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if !defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+ if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
ssl->state++;
@@ -3986,7 +4189,7 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
-#else
+#else /* !MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
@@ -3999,42 +4202,39 @@
#endif
mbedtls_md_type_t md_alg;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
+ mbedtls_pk_context * peer_pk;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ||
- ssl->session_negotiate->peer_cert == NULL )
+ if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
ssl->state++;
return( 0 );
}
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ if( ssl->session_negotiate->peer_cert == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+ ssl->state++;
+ return( 0 );
+ }
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+ if( ssl->session_negotiate->peer_cert_digest == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+ ssl->state++;
+ return( 0 );
+ }
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
/* Read the message without adding it to the checksum */
- do {
-
- do ret = mbedtls_ssl_read_record_layer( ssl );
- while( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
-
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
- return( ret );
- }
-
- ret = mbedtls_ssl_handle_message_type( ssl );
-
- } while( MBEDTLS_ERR_SSL_NON_FATAL == ret ||
- MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret );
-
+ ret = mbedtls_ssl_read_record( ssl, 0 /* no checksum update */ );
if( 0 != ret )
{
- MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record" ), ret );
return( ret );
}
@@ -4050,6 +4250,17 @@
i = mbedtls_ssl_hs_hdr_len( ssl );
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ peer_pk = &ssl->handshake->peer_pubkey;
+#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+ if( ssl->session_negotiate->peer_cert == NULL )
+ {
+ /* Should never happen */
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+ peer_pk = &ssl->session_negotiate->peer_cert->pk;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
/*
* struct {
* SignatureAndHashAlgorithm algorithm; -- TLS 1.2 only
@@ -4064,8 +4275,7 @@
hashlen = 36;
/* For ECDSA, use SHA-1, not MD-5 + SHA-1 */
- if( mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
- MBEDTLS_PK_ECDSA ) )
+ if( mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECDSA ) )
{
hash_start += 16;
hashlen -= 16;
@@ -4120,7 +4330,7 @@
/*
* Check the certificate's key type matches the signature alg
*/
- if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) )
+ if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
@@ -4153,7 +4363,7 @@
/* Calculate hash and verify signature */
ssl->handshake->calc_verify( ssl, hash );
- if( ( ret = mbedtls_pk_verify( &ssl->session_negotiate->peer_cert->pk,
+ if( ( ret = mbedtls_pk_verify( peer_pk,
md_alg, hash_start, hashlen,
ssl->in_msg + i, sig_len ) ) != 0 )
{
@@ -4167,12 +4377,7 @@
return( ret );
}
-#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
@@ -4223,9 +4428,9 @@
*/
ssl->handshake->new_session_ticket = 0;
- if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
return( ret );
}
@@ -4254,10 +4459,10 @@
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
{
- if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
return( ret );
}
-#endif
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
switch( ssl->state )
{
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index a2b3048..ed65bcd 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -54,6 +54,19 @@
#define MAX_KEY_BYTES 32 /* 256 bits */
+#define TICKET_KEY_NAME_BYTES 4
+#define TICKET_IV_BYTES 12
+#define TICKET_CRYPT_LEN_BYTES 2
+#define TICKET_AUTH_TAG_BYTES 16
+
+#define TICKET_MIN_LEN ( TICKET_KEY_NAME_BYTES + \
+ TICKET_IV_BYTES + \
+ TICKET_CRYPT_LEN_BYTES + \
+ TICKET_AUTH_TAG_BYTES )
+#define TICKET_ADD_DATA_LEN ( TICKET_KEY_NAME_BYTES + \
+ TICKET_IV_BYTES + \
+ TICKET_CRYPT_LEN_BYTES )
+
/*
* Generate/update a key
*/
@@ -97,7 +110,7 @@
uint32_t current_time = (uint32_t) mbedtls_time( NULL );
uint32_t key_time = ctx->keys[ctx->active].generation_time;
- if( current_time > key_time &&
+ if( current_time >= key_time &&
current_time - key_time < ctx->ticket_lifetime )
{
return( 0 );
@@ -141,11 +154,27 @@
if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 ||
- ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) != 0 )
- {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ ret = mbedtls_cipher_setup_psa( &ctx->keys[0].ctx,
+ cipher_info, TICKET_AUTH_TAG_BYTES );
+ if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
return( ret );
- }
+ /* We don't yet expect to support all ciphers through PSA,
+ * so allow fallback to ordinary mbedtls_cipher_setup(). */
+ if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 )
+ return( ret );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ ret = mbedtls_cipher_setup_psa( &ctx->keys[1].ctx,
+ cipher_info, TICKET_AUTH_TAG_BYTES );
+ if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
+ return( ret );
+ if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) != 0 )
+ return( ret );
if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 ||
( ret = ssl_ticket_gen_key( ctx, 1 ) ) != 0 )
@@ -158,9 +187,16 @@
/*
* Serialize a session in the following format:
- * 0 . n-1 session structure, n = sizeof(mbedtls_ssl_session)
- * n . n+2 peer_cert length = m (0 if no certificate)
- * n+3 . n+2+m peer cert ASN.1
+ *
+ * - If MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is enabled:
+ * 0 . n-1 session structure, n = sizeof(mbedtls_ssl_session)
+ * n . n+2 peer_cert length = m (0 if no certificate)
+ * n+3 . n+2+m peer cert ASN.1
+ *
+ * - If MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is disabled:
+ * 0 . n-1 session structure, n = sizeof(mbedtls_ssl_session)
+ * n . n length of peer certificate digest = k (0 if no digest)
+ * n+1 . n+k peer certificate digest (digest type encoded in session)
*/
static int ssl_save_session( const mbedtls_ssl_session *session,
unsigned char *buf, size_t buf_len,
@@ -169,17 +205,25 @@
unsigned char *p = buf;
size_t left = buf_len;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
size_t cert_len;
+#else
+ size_t cert_digest_len;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
if( left < sizeof( mbedtls_ssl_session ) )
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ /* This also copies the values of pointer fields in the
+ * session to be serialized, but they'll be ignored when
+ * loading the session through ssl_load_session(). */
memcpy( p, session, sizeof( mbedtls_ssl_session ) );
p += sizeof( mbedtls_ssl_session );
left -= sizeof( mbedtls_ssl_session );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
if( session->peer_cert == NULL )
cert_len = 0;
else
@@ -188,14 +232,34 @@
if( left < 3 + cert_len )
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
- *p++ = (unsigned char)( cert_len >> 16 & 0xFF );
- *p++ = (unsigned char)( cert_len >> 8 & 0xFF );
- *p++ = (unsigned char)( cert_len & 0xFF );
+ *p++ = (unsigned char)( ( cert_len >> 16 ) & 0xFF );
+ *p++ = (unsigned char)( ( cert_len >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( cert_len ) & 0xFF );
+ left -= 3;
if( session->peer_cert != NULL )
memcpy( p, session->peer_cert->raw.p, cert_len );
p += cert_len;
+ left -= cert_len;
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+ if( session->peer_cert_digest != NULL )
+ cert_digest_len = 0;
+ else
+ cert_digest_len = session->peer_cert_digest_len;
+
+ if( left < 1 + cert_digest_len )
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+ *p++ = (unsigned char) cert_digest_len;
+ left--;
+
+ if( session->peer_cert_digest != NULL )
+ memcpy( p, session->peer_cert_digest, cert_digest_len );
+
+ p += cert_digest_len;
+ left -= cert_digest_len;
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
*olen = p - buf;
@@ -212,31 +276,46 @@
const unsigned char *p = buf;
const unsigned char * const end = buf + len;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
size_t cert_len;
+#else
+ size_t cert_digest_len;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
- if( p + sizeof( mbedtls_ssl_session ) > end )
+ if( sizeof( mbedtls_ssl_session ) > (size_t)( end - p ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
memcpy( session, p, sizeof( mbedtls_ssl_session ) );
p += sizeof( mbedtls_ssl_session );
+ /* Non-NULL pointer fields of `session` are meaningless
+ * and potentially harmful. Zeroize them for safety. */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- if( p + 3 > end )
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ session->peer_cert = NULL;
+#else
+ session->peer_cert_digest = NULL;
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+ session->ticket = NULL;
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ /* Deserialize CRT from the end of the ticket. */
+ if( 3 > (size_t)( end - p ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
p += 3;
- if( cert_len == 0 )
- {
- session->peer_cert = NULL;
- }
- else
+ if( cert_len != 0 )
{
int ret;
- if( p + cert_len > end )
+ if( cert_len > (size_t)( end - p ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
@@ -247,7 +326,7 @@
mbedtls_x509_crt_init( session->peer_cert );
if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert,
- p, cert_len ) ) != 0 )
+ p, cert_len ) ) != 0 )
{
mbedtls_x509_crt_free( session->peer_cert );
mbedtls_free( session->peer_cert );
@@ -257,6 +336,30 @@
p += cert_len;
}
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+ /* Deserialize CRT digest from the end of the ticket. */
+ if( 1 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ cert_digest_len = (size_t) p[0];
+ p++;
+
+ if( cert_digest_len != 0 )
+ {
+ if( cert_digest_len > (size_t)( end - p ) ||
+ cert_digest_len != session->peer_cert_digest_len )
+ {
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ session->peer_cert_digest = mbedtls_calloc( 1, cert_digest_len );
+ if( session->peer_cert_digest == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+ memcpy( session->peer_cert_digest, p, cert_digest_len );
+ p += cert_digest_len;
+ }
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
if( p != end )
@@ -278,6 +381,7 @@
* The key_name, iv, and length of encrypted_state are the additional
* authenticated data.
*/
+
int mbedtls_ssl_ticket_write( void *p_ticket,
const mbedtls_ssl_session *session,
unsigned char *start,
@@ -289,9 +393,9 @@
mbedtls_ssl_ticket_context *ctx = p_ticket;
mbedtls_ssl_ticket_key *key;
unsigned char *key_name = start;
- unsigned char *iv = start + 4;
- unsigned char *state_len_bytes = iv + 12;
- unsigned char *state = state_len_bytes + 2;
+ unsigned char *iv = start + TICKET_KEY_NAME_BYTES;
+ unsigned char *state_len_bytes = iv + TICKET_IV_BYTES;
+ unsigned char *state = state_len_bytes + TICKET_CRYPT_LEN_BYTES;
unsigned char *tag;
size_t clear_len, ciph_len;
@@ -302,7 +406,7 @@
/* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag,
* in addition to session itself, that will be checked when writing it. */
- if( end - start < 4 + 12 + 2 + 16 )
+ if( end - start < TICKET_MIN_LEN )
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
#if defined(MBEDTLS_THREADING_C)
@@ -317,9 +421,9 @@
*ticket_lifetime = ctx->ticket_lifetime;
- memcpy( key_name, key->name, 4 );
+ memcpy( key_name, key->name, TICKET_KEY_NAME_BYTES );
- if( ( ret = ctx->f_rng( ctx->p_rng, iv, 12 ) ) != 0 )
+ if( ( ret = ctx->f_rng( ctx->p_rng, iv, TICKET_IV_BYTES ) ) != 0 )
goto cleanup;
/* Dump session state */
@@ -335,8 +439,11 @@
/* Encrypt and authenticate */
tag = state + clear_len;
if( ( ret = mbedtls_cipher_auth_encrypt( &key->ctx,
- iv, 12, key_name, 4 + 12 + 2,
- state, clear_len, state, &ciph_len, tag, 16 ) ) != 0 )
+ iv, TICKET_IV_BYTES,
+ /* Additional data: key name, IV and length */
+ key_name, TICKET_ADD_DATA_LEN,
+ state, clear_len, state, &ciph_len,
+ tag, TICKET_AUTH_TAG_BYTES ) ) != 0 )
{
goto cleanup;
}
@@ -346,7 +453,7 @@
goto cleanup;
}
- *tlen = 4 + 12 + 2 + 16 + ciph_len;
+ *tlen = TICKET_MIN_LEN + ciph_len;
cleanup:
#if defined(MBEDTLS_THREADING_C)
@@ -385,17 +492,16 @@
mbedtls_ssl_ticket_context *ctx = p_ticket;
mbedtls_ssl_ticket_key *key;
unsigned char *key_name = buf;
- unsigned char *iv = buf + 4;
- unsigned char *enc_len_p = iv + 12;
- unsigned char *ticket = enc_len_p + 2;
+ unsigned char *iv = buf + TICKET_KEY_NAME_BYTES;
+ unsigned char *enc_len_p = iv + TICKET_IV_BYTES;
+ unsigned char *ticket = enc_len_p + TICKET_CRYPT_LEN_BYTES;
unsigned char *tag;
size_t enc_len, clear_len;
if( ctx == NULL || ctx->f_rng == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- /* See mbedtls_ssl_ticket_write() */
- if( len < 4 + 12 + 2 + 16 )
+ if( len < TICKET_MIN_LEN )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
#if defined(MBEDTLS_THREADING_C)
@@ -409,7 +515,7 @@
enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1];
tag = ticket + enc_len;
- if( len != 4 + 12 + 2 + enc_len + 16 )
+ if( len != TICKET_MIN_LEN + enc_len )
{
ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
goto cleanup;
@@ -425,9 +531,13 @@
}
/* Decrypt and authenticate */
- if( ( ret = mbedtls_cipher_auth_decrypt( &key->ctx, iv, 12,
- key_name, 4 + 12 + 2, ticket, enc_len,
- ticket, &clear_len, tag, 16 ) ) != 0 )
+ if( ( ret = mbedtls_cipher_auth_decrypt( &key->ctx,
+ iv, TICKET_IV_BYTES,
+ /* Additional data: key name, IV and length */
+ key_name, TICKET_ADD_DATA_LEN,
+ ticket, enc_len,
+ ticket, &clear_len,
+ tag, TICKET_AUTH_TAG_BYTES ) ) != 0 )
{
if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
ret = MBEDTLS_ERR_SSL_INVALID_MAC;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 91f96c8..68a1e59 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -50,10 +50,22 @@
#include <string.h>
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "mbedtls/psa_util.h"
+#include "psa/crypto.h"
+#endif
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#include "mbedtls/oid.h"
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "mbedtls/psa_util.h"
+#endif
+
+static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );
+static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl );
+
/* Length of the "epoch" field in the record header */
static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
{
@@ -96,7 +108,193 @@
return( 0 );
}
+static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform );
+static void ssl_update_in_pointers( mbedtls_ssl_context *ssl );
+
+#define SSL_DONT_FORCE_FLUSH 0
+#define SSL_FORCE_FLUSH 1
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+/* Top-level Connection ID API */
+
+int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf,
+ size_t len,
+ int ignore_other_cid )
+{
+ if( len > MBEDTLS_SSL_CID_IN_LEN_MAX )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ if( ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_FAIL &&
+ ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_IGNORE )
+ {
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ conf->ignore_unexpected_cid = ignore_other_cid;
+ conf->cid_len = len;
+ return( 0 );
+}
+
+int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
+ int enable,
+ unsigned char const *own_cid,
+ size_t own_cid_len )
+{
+ if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ ssl->negotiate_cid = enable;
+ if( enable == MBEDTLS_SSL_CID_DISABLED )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Disable use of CID extension." ) );
+ return( 0 );
+ }
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Enable use of CID extension." ) );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Own CID", own_cid, own_cid_len );
+
+ if( own_cid_len != ssl->conf->cid_len )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "CID length %u does not match CID length %u in config",
+ (unsigned) own_cid_len,
+ (unsigned) ssl->conf->cid_len ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ memcpy( ssl->own_cid, own_cid, own_cid_len );
+ /* Truncation is not an issue here because
+ * MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */
+ ssl->own_cid_len = (uint8_t) own_cid_len;
+
+ return( 0 );
+}
+
+int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
+ int *enabled,
+ unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],
+ size_t *peer_cid_len )
+{
+ *enabled = MBEDTLS_SSL_CID_DISABLED;
+
+ if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
+ ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ {
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ /* We report MBEDTLS_SSL_CID_DISABLED in case the CID extensions
+ * were used, but client and server requested the empty CID.
+ * This is indistinguishable from not using the CID extension
+ * in the first place. */
+ if( ssl->transform_in->in_cid_len == 0 &&
+ ssl->transform_in->out_cid_len == 0 )
+ {
+ return( 0 );
+ }
+
+ if( peer_cid_len != NULL )
+ {
+ *peer_cid_len = ssl->transform_in->out_cid_len;
+ if( peer_cid != NULL )
+ {
+ memcpy( peer_cid, ssl->transform_in->out_cid,
+ ssl->transform_in->out_cid_len );
+ }
+ }
+
+ *enabled = MBEDTLS_SSL_CID_ENABLED;
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+/* Forward declarations for functions related to message buffering. */
+static void ssl_buffering_free( mbedtls_ssl_context *ssl );
+static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
+ uint8_t slot );
+static void ssl_free_buffered_record( mbedtls_ssl_context *ssl );
+static int ssl_load_buffered_message( mbedtls_ssl_context *ssl );
+static int ssl_load_buffered_record( mbedtls_ssl_context *ssl );
+static int ssl_buffer_message( mbedtls_ssl_context *ssl );
+static int ssl_buffer_future_record( mbedtls_ssl_context *ssl );
+static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl );
+
+static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl );
+static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
+{
+ size_t mtu = ssl_get_current_mtu( ssl );
+
+ if( mtu != 0 && mtu < MBEDTLS_SSL_OUT_BUFFER_LEN )
+ return( mtu );
+
+ return( MBEDTLS_SSL_OUT_BUFFER_LEN );
+}
+
+static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl )
+{
+ size_t const bytes_written = ssl->out_left;
+ size_t const mtu = ssl_get_maximum_datagram_size( ssl );
+
+ /* Double-check that the write-index hasn't gone
+ * past what we can transmit in a single datagram. */
+ if( bytes_written > mtu )
+ {
+ /* Should never happen... */
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ return( (int) ( mtu - bytes_written ) );
+}
+
+static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl )
+{
+ int ret;
+ size_t remaining, expansion;
+ size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl );
+
+ if( max_len > mfl )
+ max_len = mfl;
+
+ /* By the standard (RFC 6066 Sect. 4), the MFL extension
+ * only limits the maximum record payload size, so in theory
+ * we would be allowed to pack multiple records of payload size
+ * MFL into a single datagram. However, this would mean that there's
+ * no way to explicitly communicate MTU restrictions to the peer.
+ *
+ * The following reduction of max_len makes sure that we never
+ * write datagrams larger than MFL + Record Expansion Overhead.
+ */
+ if( max_len <= ssl->out_left )
+ return( 0 );
+
+ max_len -= ssl->out_left;
+#endif
+
+ ret = ssl_get_remaining_space_in_datagram( ssl );
+ if( ret < 0 )
+ return( ret );
+ remaining = (size_t) ret;
+
+ ret = mbedtls_ssl_get_record_expansion( ssl );
+ if( ret < 0 )
+ return( ret );
+ expansion = (size_t) ret;
+
+ if( remaining <= expansion )
+ return( 0 );
+
+ remaining -= expansion;
+ if( remaining >= max_len )
+ remaining = max_len;
+
+ return( (int) remaining );
+}
+
/*
* Double the retransmit timeout value, within the allowed range,
* returning -1 if the maximum value has already been reached.
@@ -108,6 +306,18 @@
if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max )
return( -1 );
+ /* Implement the final paragraph of RFC 6347 section 4.1.1.1
+ * in the following way: after the initial transmission and a first
+ * retransmission, back off to a temporary estimated MTU of 508 bytes.
+ * This value is guaranteed to be deliverable (if not guaranteed to be
+ * delivered) of any compliant IPv4 (and IPv6) network, and should work
+ * on most non-IP stacks too. */
+ if( ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min )
+ {
+ ssl->handshake->mtu = 508;
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "mtu autoreduction to %d bytes", ssl->handshake->mtu ) );
+ }
+
new_timeout = 2 * ssl->handshake->retransmit_timeout;
/* Avoid arithmetic overflow and range overflow */
@@ -161,13 +371,15 @@
}
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-#if defined(MBEDTLS_SSL_CLI_C)
-static int ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session *src )
+int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
+ const mbedtls_ssl_session *src )
{
mbedtls_ssl_session_free( dst );
memcpy( dst, src, sizeof( mbedtls_ssl_session ) );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
+
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
if( src->peer_cert != NULL )
{
int ret;
@@ -186,6 +398,21 @@
return( ret );
}
}
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+ if( src->peer_cert_digest != NULL )
+ {
+ dst->peer_cert_digest =
+ mbedtls_calloc( 1, src->peer_cert_digest_len );
+ if( dst->peer_cert_digest == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+ memcpy( dst->peer_cert_digest, src->peer_cert_digest,
+ src->peer_cert_digest_len );
+ dst->peer_cert_digest_type = src->peer_cert_digest_type;
+ dst->peer_cert_digest_len = src->peer_cert_digest_len;
+ }
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
@@ -201,7 +428,6 @@
return( 0 );
}
-#endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
int (*mbedtls_ssl_hw_record_init)( mbedtls_ssl_context *ssl,
@@ -291,7 +517,8 @@
size_t nb, hs;
size_t i, j, k;
const unsigned char *S1, *S2;
- unsigned char tmp[128];
+ unsigned char *tmp;
+ size_t tmp_len = 0;
unsigned char h_i[20];
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
@@ -299,8 +526,13 @@
mbedtls_md_init( &md_ctx );
- if( sizeof( tmp ) < 20 + strlen( label ) + rlen )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ tmp_len = 20 + strlen( label ) + rlen;
+ tmp = mbedtls_calloc( 1, tmp_len );
+ if( tmp == NULL )
+ {
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto exit;
+ }
hs = ( slen + 1 ) / 2;
S1 = secret;
@@ -315,10 +547,15 @@
* First compute P_md5(secret,label+random)[0..dlen]
*/
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL )
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ {
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto exit;
+ }
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
- return( ret );
+ {
+ goto exit;
+ }
mbedtls_md_hmac_starts( &md_ctx, S1, hs );
mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
@@ -346,10 +583,15 @@
* XOR out with P_sha1(secret,label+random)[0..dlen]
*/
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL )
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ {
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto exit;
+ }
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
- return( ret );
+ {
+ goto exit;
+ }
mbedtls_md_hmac_starts( &md_ctx, S2, hs );
mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
@@ -371,16 +613,88 @@
dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] );
}
+exit:
mbedtls_md_free( &md_ctx );
- mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+ mbedtls_platform_zeroize( tmp, tmp_len );
mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
- return( 0 );
+ mbedtls_free( tmp );
+ return( ret );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static int tls_prf_generic( mbedtls_md_type_t md_type,
+ const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen )
+{
+ psa_status_t status;
+ psa_algorithm_t alg;
+ psa_key_policy_t policy;
+ psa_key_handle_t master_slot;
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+
+ if( ( status = psa_allocate_key( &master_slot ) ) != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+ if( md_type == MBEDTLS_MD_SHA384 )
+ alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384);
+ else
+ alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256);
+
+ policy = psa_key_policy_init();
+ psa_key_policy_set_usage( &policy,
+ PSA_KEY_USAGE_DERIVE,
+ alg );
+ status = psa_set_key_policy( master_slot, &policy );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+ status = psa_import_key( master_slot, PSA_KEY_TYPE_DERIVE, secret, slen );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+ status = psa_key_derivation( &generator,
+ master_slot, alg,
+ random, rlen,
+ (unsigned char const *) label,
+ (size_t) strlen( label ),
+ dlen );
+ if( status != PSA_SUCCESS )
+ {
+ psa_generator_abort( &generator );
+ psa_destroy_key( master_slot );
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ }
+
+ status = psa_generator_read( &generator, dstbuf, dlen );
+ if( status != PSA_SUCCESS )
+ {
+ psa_generator_abort( &generator );
+ psa_destroy_key( master_slot );
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ }
+
+ status = psa_generator_abort( &generator );
+ if( status != PSA_SUCCESS )
+ {
+ psa_destroy_key( master_slot );
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ }
+
+ status = psa_destroy_key( master_slot );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+ return( 0 );
+}
+
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+
static int tls_prf_generic( mbedtls_md_type_t md_type,
const unsigned char *secret, size_t slen,
const char *label,
@@ -389,7 +703,8 @@
{
size_t nb;
size_t i, j, k, md_len;
- unsigned char tmp[128];
+ unsigned char *tmp;
+ size_t tmp_len = 0;
unsigned char h_i[MBEDTLS_MD_MAX_SIZE];
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
@@ -402,8 +717,13 @@
md_len = mbedtls_md_get_size( md_info );
- if( sizeof( tmp ) < md_len + strlen( label ) + rlen )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ tmp_len = md_len + strlen( label ) + rlen;
+ tmp = mbedtls_calloc( 1, tmp_len );
+ if( tmp == NULL )
+ {
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto exit;
+ }
nb = strlen( label );
memcpy( tmp + md_len, label, nb );
@@ -414,7 +734,7 @@
* Compute P_<hash>(secret, label + random)[0..dlen]
*/
if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
- return( ret );
+ goto exit;
mbedtls_md_hmac_starts( &md_ctx, secret, slen );
mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb );
@@ -436,14 +756,17 @@
dstbuf[i + j] = h_i[j];
}
+exit:
mbedtls_md_free( &md_ctx );
- mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+ mbedtls_platform_zeroize( tmp, tmp_len );
mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
- return( 0 );
-}
+ mbedtls_free( tmp );
+ return( ret );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SHA256_C)
static int tls_prf_sha256( const unsigned char *secret, size_t slen,
const char *label,
@@ -498,9 +821,111 @@
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \
+ defined(MBEDTLS_USE_PSA_CRYPTO)
+static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
+{
+ if( ssl->conf->f_psk != NULL )
+ {
+ /* If we've used a callback to select the PSK,
+ * the static configuration is irrelevant. */
+ if( ssl->handshake->psk_opaque != 0 )
+ return( 1 );
+
+ return( 0 );
+ }
+
+ if( ssl->conf->psk_opaque != 0 )
+ return( 1 );
+
+ return( 0 );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO &&
+ MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
+
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
+{
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+ if( tls_prf == ssl3_prf )
+ {
+ return( MBEDTLS_SSL_TLS_PRF_SSL3 );
+ }
+ else
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
+ if( tls_prf == tls1_prf )
+ {
+ return( MBEDTLS_SSL_TLS_PRF_TLS1 );
+ }
+ else
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA512_C)
+ if( tls_prf == tls_prf_sha384 )
+ {
+ return( MBEDTLS_SSL_TLS_PRF_SHA384 );
+ }
+ else
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ if( tls_prf == tls_prf_sha256 )
+ {
+ return( MBEDTLS_SSL_TLS_PRF_SHA256 );
+ }
+ else
+#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+ return( MBEDTLS_SSL_TLS_PRF_NONE );
+}
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */
+
+int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
+ const unsigned char *secret, size_t slen,
+ const char *label,
+ const unsigned char *random, size_t rlen,
+ unsigned char *dstbuf, size_t dlen )
+{
+ mbedtls_ssl_tls_prf_cb *tls_prf = NULL;
+
+ switch( prf )
+ {
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+ case MBEDTLS_SSL_TLS_PRF_SSL3:
+ tls_prf = ssl3_prf;
+ break;
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
+ case MBEDTLS_SSL_TLS_PRF_TLS1:
+ tls_prf = tls1_prf;
+ break;
+#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA512_C)
+ case MBEDTLS_SSL_TLS_PRF_SHA384:
+ tls_prf = tls_prf_sha384;
+ break;
+#endif /* MBEDTLS_SHA512_C */
+#if defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_SSL_TLS_PRF_SHA256:
+ tls_prf = tls_prf_sha256;
+ break;
+#endif /* MBEDTLS_SHA256_C */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+ default:
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ return( tls_prf( secret, slen, label, random, rlen, dstbuf, dlen ) );
+}
+
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
{
int ret = 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ int psa_fallthrough;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
unsigned char tmp[64];
unsigned char keyblk[256];
unsigned char *key1;
@@ -509,31 +934,68 @@
unsigned char *mac_dec;
size_t mac_key_len;
size_t iv_copy_len;
+ unsigned keylen;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
const mbedtls_cipher_info_t *cipher_info;
const mbedtls_md_info_t *md_info;
+ /* cf. RFC 5246, Section 8.1:
+ * "The master secret is always exactly 48 bytes in length." */
+ size_t const master_secret_len = 48;
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ unsigned char session_hash[48];
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+
mbedtls_ssl_session *session = ssl->session_negotiate;
mbedtls_ssl_transform *transform = ssl->transform_negotiate;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
- cipher_info = mbedtls_cipher_info_from_type( transform->ciphersuite_info->cipher );
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+ defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
+ transform->encrypt_then_mac = session->encrypt_then_mac;
+#endif
+ transform->minor_ver = ssl->minor_ver;
+
+ ciphersuite_info = handshake->ciphersuite_info;
+ cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
if( cipher_info == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found",
- transform->ciphersuite_info->cipher ) );
+ ciphersuite_info->cipher ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- md_info = mbedtls_md_info_from_type( transform->ciphersuite_info->mac );
+ md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
if( md_info == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found",
- transform->ciphersuite_info->mac ) );
+ ciphersuite_info->mac ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* Copy own and peer's CID if the use of the CID
+ * extension has been negotiated. */
+ if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) );
+
+ transform->in_cid_len = ssl->own_cid_len;
+ memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Incoming CID", transform->in_cid,
+ transform->in_cid_len );
+
+ transform->out_cid_len = ssl->handshake->peer_cid_len;
+ memcpy( transform->out_cid, ssl->handshake->peer_cid,
+ ssl->handshake->peer_cid_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid,
+ transform->out_cid_len );
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
/*
* Set appropriate PRF function and other SSL / TLS / TLS1.2 functions
*/
@@ -558,7 +1020,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA512_C)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
- transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+ ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
{
handshake->tls_prf = tls_prf_sha384;
handshake->calc_verify = ssl_calc_verify_tls_sha384;
@@ -591,68 +1053,123 @@
* TLSv1+:
* master = PRF( premaster, "master secret", randbytes )[0..47]
*/
- if( handshake->resume == 0 )
+ if( handshake->resume != 0 )
{
- MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
- handshake->pmslen );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
+ }
+ else
+ {
+ /* The label for the KDF used for key expansion.
+ * This is either "master secret" or "extended master secret"
+ * depending on whether the Extended Master Secret extension
+ * is used. */
+ char const *lbl = "master secret";
+
+ /* The salt for the KDF used for key expansion.
+ * - If the Extended Master Secret extension is not used,
+ * this is ClientHello.Random + ServerHello.Random
+ * (see Sect. 8.1 in RFC 5246).
+ * - If the Extended Master Secret extension is used,
+ * this is the transcript of the handshake so far.
+ * (see Sect. 4 in RFC 7627). */
+ unsigned char const *salt = handshake->randbytes;
+ size_t salt_len = 64;
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED )
{
- unsigned char session_hash[48];
- size_t hash_len;
-
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using extended master secret" ) );
+ lbl = "extended master secret";
+ salt = session_hash;
ssl->handshake->calc_verify( ssl, session_hash );
-
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
#if defined(MBEDTLS_SHA512_C)
- if( ssl->transform_negotiate->ciphersuite_info->mac ==
- MBEDTLS_MD_SHA384 )
+ if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
{
- hash_len = 48;
+ salt_len = 48;
}
else
-#endif
- hash_len = 32;
+#endif /* MBEDTLS_SHA512_C */
+ salt_len = 32;
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- hash_len = 36;
+ salt_len = 36;
- MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, salt_len );
+ }
+#endif /* MBEDTLS_SSL_EXTENDED_MS_ENABLED */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+ if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
+ ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
+ ssl_use_opaque_psk( ssl ) == 1 )
+ {
+ /* Perform PSK-to-MS expansion in a single step. */
+ psa_status_t status;
+ psa_algorithm_t alg;
+ psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
+ psa_key_handle_t psk;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) );
+
+ psk = ssl->conf->psk_opaque;
+ if( ssl->handshake->psk_opaque != 0 )
+ psk = ssl->handshake->psk_opaque;
+
+ if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
+ else
+ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
+
+ status = psa_key_derivation( &generator, psk, alg,
+ salt, salt_len,
+ (unsigned char const *) lbl,
+ (size_t) strlen( lbl ),
+ master_secret_len );
+ if( status != PSA_SUCCESS )
+ {
+ psa_generator_abort( &generator );
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ }
+
+ status = psa_generator_read( &generator, session->master,
+ master_secret_len );
+ if( status != PSA_SUCCESS )
+ {
+ psa_generator_abort( &generator );
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ }
+
+ status = psa_generator_abort( &generator );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ }
+ else
+#endif
+ {
ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
- "extended master secret",
- session_hash, hash_len,
- session->master, 48 );
+ lbl, salt, salt_len,
+ session->master,
+ master_secret_len );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
return( ret );
}
- }
- else
-#endif
- ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
- "master secret",
- handshake->randbytes, 64,
- session->master, 48 );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
- return( ret );
- }
+ MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret",
+ handshake->premaster,
+ handshake->pmslen );
- mbedtls_platform_zeroize( handshake->premaster,
- sizeof(handshake->premaster) );
+ mbedtls_platform_zeroize( handshake->premaster,
+ sizeof(handshake->premaster) );
+ }
}
- else
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
/*
* Swap the client and server random values.
@@ -688,23 +1205,25 @@
MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
- mbedtls_platform_zeroize( handshake->randbytes,
- sizeof( handshake->randbytes ) );
-
/*
* Determine the appropriate key, IV and MAC length.
*/
- transform->keylen = cipher_info->key_bitlen / 8;
+ keylen = cipher_info->key_bitlen / 8;
+#if defined(MBEDTLS_GCM_C) || \
+ defined(MBEDTLS_CCM_C) || \
+ defined(MBEDTLS_CHACHAPOLY_C)
if( cipher_info->mode == MBEDTLS_MODE_GCM ||
cipher_info->mode == MBEDTLS_MODE_CCM ||
cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
{
- size_t taglen, explicit_ivlen;
+ size_t explicit_ivlen;
transform->maclen = 0;
mac_key_len = 0;
+ transform->taglen =
+ ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
/* All modes haves 96-bit IVs;
* GCM and CCM has 4 implicit and 8 explicit bytes
@@ -716,23 +1235,22 @@
else
transform->fixed_ivlen = 4;
- /* All modes have 128-bit tags, except CCM_8 (ciphersuite flag) */
- taglen = transform->ciphersuite_info->flags &
- MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
-
-
/* Minimum length of encrypted record */
explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
- transform->minlen = explicit_ivlen + taglen;
+ transform->minlen = explicit_ivlen + transform->taglen;
}
else
+#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
+ if( cipher_info->mode == MBEDTLS_MODE_STREAM ||
+ cipher_info->mode == MBEDTLS_MODE_CBC )
{
/* Initialize HMAC contexts */
if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
- return( ret );
+ goto end;
}
/* Get MAC length */
@@ -802,14 +1320,23 @@
#endif
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto end;
}
}
}
+ else
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
- transform->keylen, transform->minlen, transform->ivlen,
- transform->maclen ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, minlen: %u, ivlen: %u, maclen: %u",
+ (unsigned) keylen,
+ (unsigned) transform->minlen,
+ (unsigned) transform->ivlen,
+ (unsigned) transform->maclen ) );
/*
* Finally setup the cipher contexts, IVs and MAC secrets.
@@ -818,7 +1345,7 @@
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
key1 = keyblk + mac_key_len * 2;
- key2 = keyblk + mac_key_len * 2 + transform->keylen;
+ key2 = keyblk + mac_key_len * 2 + keylen;
mac_enc = keyblk;
mac_dec = keyblk + mac_key_len;
@@ -828,8 +1355,8 @@
*/
iv_copy_len = ( transform->fixed_ivlen ) ?
transform->fixed_ivlen : transform->ivlen;
- memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len );
- memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len,
+ memcpy( transform->iv_enc, key2 + keylen, iv_copy_len );
+ memcpy( transform->iv_dec, key2 + keylen + iv_copy_len,
iv_copy_len );
}
else
@@ -837,7 +1364,7 @@
#if defined(MBEDTLS_SSL_SRV_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
{
- key1 = keyblk + mac_key_len * 2 + transform->keylen;
+ key1 = keyblk + mac_key_len * 2 + keylen;
key2 = keyblk + mac_key_len * 2;
mac_enc = keyblk + mac_key_len;
@@ -848,24 +1375,27 @@
*/
iv_copy_len = ( transform->fixed_ivlen ) ?
transform->fixed_ivlen : transform->ivlen;
- memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len );
- memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
+ memcpy( transform->iv_dec, key1 + keylen, iv_copy_len );
+ memcpy( transform->iv_enc, key1 + keylen + iv_copy_len,
iv_copy_len );
}
else
#endif /* MBEDTLS_SSL_SRV_C */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto end;
}
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_PROTO_SSL3)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
- if( mac_key_len > sizeof transform->mac_enc )
+ if( mac_key_len > sizeof( transform->mac_enc ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto end;
}
memcpy( transform->mac_enc, mac_enc, mac_key_len );
@@ -889,8 +1419,10 @@
#endif
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto end;
}
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_init != NULL )
@@ -899,16 +1431,20 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) );
- if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, transform->keylen,
+ if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, keylen,
transform->iv_enc, transform->iv_dec,
iv_copy_len,
mac_enc, mac_dec,
mac_key_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto end;
}
}
+#else
+ ((void) mac_dec);
+ ((void) mac_enc);
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
@@ -916,23 +1452,107 @@
{
ssl->conf->f_export_keys( ssl->conf->p_export_keys,
session->master, keyblk,
- mac_key_len, transform->keylen,
+ mac_key_len, keylen,
iv_copy_len );
}
+
+ if( ssl->conf->f_export_keys_ext != NULL )
+ {
+ ssl->conf->f_export_keys_ext( ssl->conf->p_export_keys,
+ session->master, keyblk,
+ mac_key_len, keylen,
+ iv_copy_len,
+ handshake->randbytes + 32,
+ handshake->randbytes,
+ tls_prf_get_type( handshake->tls_prf ) );
+ }
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+ /* Only use PSA-based ciphers for TLS-1.2.
+ * That's relevant at least for TLS-1.0, where
+ * we assume that mbedtls_cipher_crypt() updates
+ * the structure field for the IV, which the PSA-based
+ * implementation currently doesn't. */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ {
+ ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_enc,
+ cipher_info, transform->taglen );
+ if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
+ goto end;
+ }
+
+ if( ret == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based encryption cipher context" ) );
+ psa_fallthrough = 0;
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record encryption - fall through to default setup." ) );
+ psa_fallthrough = 1;
+ }
+ }
+ else
+ psa_fallthrough = 1;
+#else
+ psa_fallthrough = 1;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+ if( psa_fallthrough == 1 )
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
cipher_info ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
- return( ret );
+ goto end;
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* Only use PSA-based ciphers for TLS-1.2.
+ * That's relevant at least for TLS-1.0, where
+ * we assume that mbedtls_cipher_crypt() updates
+ * the structure field for the IV, which the PSA-based
+ * implementation currently doesn't. */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ {
+ ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_dec,
+ cipher_info, transform->taglen );
+ if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
+ goto end;
+ }
+
+ if( ret == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based decryption cipher context" ) );
+ psa_fallthrough = 0;
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record decryption - fall through to default setup." ) );
+ psa_fallthrough = 1;
+ }
+ }
+ else
+ psa_fallthrough = 1;
+#else
+ psa_fallthrough = 1;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+ if( psa_fallthrough == 1 )
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
cipher_info ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
- return( ret );
+ goto end;
}
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1,
@@ -940,7 +1560,7 @@
MBEDTLS_ENCRYPT ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
- return( ret );
+ goto end;
}
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2,
@@ -948,7 +1568,7 @@
MBEDTLS_DECRYPT ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
- return( ret );
+ goto end;
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
@@ -958,19 +1578,18 @@
MBEDTLS_PADDING_NONE ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
- return( ret );
+ goto end;
}
if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec,
MBEDTLS_PADDING_NONE ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
- return( ret );
+ goto end;
}
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
- mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
#if defined(MBEDTLS_ZLIB_SUPPORT)
// Initialize compression
@@ -985,7 +1604,8 @@
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
MBEDTLS_SSL_COMPRESS_BUFFER_LEN ) );
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto end;
}
}
@@ -999,14 +1619,18 @@
inflateInit( &transform->ctx_inflate ) != Z_OK )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) );
- return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
+ ret = MBEDTLS_ERR_SSL_COMPRESSION_FAILED;
+ goto end;
}
}
#endif /* MBEDTLS_ZLIB_SUPPORT */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
-
- return( 0 );
+end:
+ mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
+ mbedtls_platform_zeroize( handshake->randbytes,
+ sizeof( handshake->randbytes ) );
+ return( ret );
}
#if defined(MBEDTLS_SSL_PROTO_SSL3)
@@ -1072,7 +1696,7 @@
mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
- mbedtls_md5_finish_ret( &md5, hash );
+ mbedtls_md5_finish_ret( &md5, hash );
mbedtls_sha1_finish_ret( &sha1, hash + 16 );
MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
@@ -1089,6 +1713,28 @@
#if defined(MBEDTLS_SHA256_C)
void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ size_t hash_size;
+ psa_status_t status;
+ psa_hash_operation_t sha256_psa = psa_hash_operation_init();
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) );
+ status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
+ if( status != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+ return;
+ }
+
+ status = psa_hash_finish( &sha256_psa, hash, 32, &hash_size );
+ if( status != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+ return;
+ }
+ MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, 32 );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
+#else
mbedtls_sha256_context sha256;
mbedtls_sha256_init( &sha256 );
@@ -1102,7 +1748,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
mbedtls_sha256_free( &sha256 );
-
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
return;
}
#endif /* MBEDTLS_SHA256_C */
@@ -1110,6 +1756,28 @@
#if defined(MBEDTLS_SHA512_C)
void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ size_t hash_size;
+ psa_status_t status;
+ psa_hash_operation_t sha384_psa = psa_hash_operation_init();
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha384" ) );
+ status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa );
+ if( status != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+ return;
+ }
+
+ status = psa_hash_finish( &sha384_psa, hash, 48, &hash_size );
+ if( status != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+ return;
+ }
+ MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, 48 );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
+#else
mbedtls_sha512_context sha512;
mbedtls_sha512_init( &sha512 );
@@ -1123,7 +1791,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
mbedtls_sha512_free( &sha512 );
-
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
return;
}
#endif /* MBEDTLS_SHA512_C */
@@ -1224,7 +1892,8 @@
*(p++) = (unsigned char)( zlen );
p += zlen;
- MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
+ MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_Z );
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
@@ -1297,15 +1966,9 @@
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
- ( defined(MBEDTLS_CIPHER_MODE_CBC) && \
- ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C)) )
-#define SSL_SOME_MODES_USE_MAC
-#endif
-
/* The function below is only used in the Lucky 13 counter-measure in
- * ssl_decrypt_buf(). These are the defines that guard the call site. */
-#if defined(SSL_SOME_MODES_USE_MAC) && \
+ * mbedtls_ssl_decrypt_buf(). These are the defines that guard the call site. */
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) && \
( defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2) )
@@ -1327,73 +1990,266 @@
/*
* Encryption/decryption functions
*/
-static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+/* This functions transforms a DTLS plaintext fragment and a record content
+ * type into an instance of the DTLSInnerPlaintext structure:
+ *
+ * struct {
+ * opaque content[DTLSPlaintext.length];
+ * ContentType real_type;
+ * uint8 zeros[length_of_padding];
+ * } DTLSInnerPlaintext;
+ *
+ * Input:
+ * - `content`: The beginning of the buffer holding the
+ * plaintext to be wrapped.
+ * - `*content_size`: The length of the plaintext in Bytes.
+ * - `max_len`: The number of Bytes available starting from
+ * `content`. This must be `>= *content_size`.
+ * - `rec_type`: The desired record content type.
+ *
+ * Output:
+ * - `content`: The beginning of the resulting DTLSInnerPlaintext structure.
+ * - `*content_size`: The length of the resulting DTLSInnerPlaintext structure.
+ *
+ * Returns:
+ * - `0` on success.
+ * - A negative error code if `max_len` didn't offer enough space
+ * for the expansion.
+ */
+static int ssl_cid_build_inner_plaintext( unsigned char *content,
+ size_t *content_size,
+ size_t remaining,
+ uint8_t rec_type )
+{
+ size_t len = *content_size;
+ size_t pad = ( MBEDTLS_SSL_CID_PADDING_GRANULARITY -
+ ( len + 1 ) % MBEDTLS_SSL_CID_PADDING_GRANULARITY ) %
+ MBEDTLS_SSL_CID_PADDING_GRANULARITY;
+
+ /* Write real content type */
+ if( remaining == 0 )
+ return( -1 );
+ content[ len ] = rec_type;
+ len++;
+ remaining--;
+
+ if( remaining < pad )
+ return( -1 );
+ memset( content + len, 0, pad );
+ len += pad;
+ remaining -= pad;
+
+ *content_size = len;
+ return( 0 );
+}
+
+/* This function parses a DTLSInnerPlaintext structure.
+ * See ssl_cid_build_inner_plaintext() for details. */
+static int ssl_cid_parse_inner_plaintext( unsigned char const *content,
+ size_t *content_size,
+ uint8_t *rec_type )
+{
+ size_t remaining = *content_size;
+
+ /* Determine length of padding by skipping zeroes from the back. */
+ do
+ {
+ if( remaining == 0 )
+ return( -1 );
+ remaining--;
+ } while( content[ remaining ] == 0 );
+
+ *content_size = remaining;
+ *rec_type = content[ remaining ];
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+/* `add_data` must have size 13 Bytes if the CID extension is disabled,
+ * and 13 + 1 + CID-length Bytes if the CID extension is enabled. */
+static void ssl_extract_add_data_from_record( unsigned char* add_data,
+ size_t *add_data_len,
+ mbedtls_record *rec )
+{
+ /* Quoting RFC 5246 (TLS 1.2):
+ *
+ * additional_data = seq_num + TLSCompressed.type +
+ * TLSCompressed.version + TLSCompressed.length;
+ *
+ * For the CID extension, this is extended as follows
+ * (quoting draft-ietf-tls-dtls-connection-id-05,
+ * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05):
+ *
+ * additional_data = seq_num + DTLSPlaintext.type +
+ * DTLSPlaintext.version +
+ * cid +
+ * cid_length +
+ * length_of_DTLSInnerPlaintext;
+ */
+
+ memcpy( add_data, rec->ctr, sizeof( rec->ctr ) );
+ add_data[8] = rec->type;
+ memcpy( add_data + 9, rec->ver, sizeof( rec->ver ) );
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( rec->cid_len != 0 )
+ {
+ memcpy( add_data + 11, rec->cid, rec->cid_len );
+ add_data[11 + rec->cid_len + 0] = rec->cid_len;
+ add_data[11 + rec->cid_len + 1] = ( rec->data_len >> 8 ) & 0xFF;
+ add_data[11 + rec->cid_len + 2] = ( rec->data_len >> 0 ) & 0xFF;
+ *add_data_len = 13 + 1 + rec->cid_len;
+ }
+ else
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ {
+ add_data[11 + 0] = ( rec->data_len >> 8 ) & 0xFF;
+ add_data[11 + 1] = ( rec->data_len >> 0 ) & 0xFF;
+ *add_data_len = 13;
+ }
+}
+
+int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform,
+ mbedtls_record *rec,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
mbedtls_cipher_mode_t mode;
int auth_done = 0;
+ unsigned char * data;
+ unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
+ size_t add_data_len;
+ size_t post_avail;
+
+ /* The SSL context is only used for debugging purposes! */
+#if !defined(MBEDTLS_DEBUG_C)
+ ((void) ssl);
+#endif
+
+ /* The PRNG is used for dynamic IV generation that's used
+ * for CBC transformations in TLS 1.1 and TLS 1.2. */
+#if !( defined(MBEDTLS_CIPHER_MODE_CBC) && \
+ ( defined(MBEDTLS_AES_C) || \
+ defined(MBEDTLS_ARIA_C) || \
+ defined(MBEDTLS_CAMELLIA_C) ) && \
+ ( defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) ) )
+ ((void) f_rng);
+ ((void) p_rng);
+#endif
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
- if( ssl->session_out == NULL || ssl->transform_out == NULL )
+ if( transform == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "no transform provided to encrypt_buf" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+ if( rec == NULL
+ || rec->buf == NULL
+ || rec->buf_len < rec->data_offset
+ || rec->buf_len - rec->data_offset < rec->data_len
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ || rec->cid_len != 0
+#endif
+ )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to encrypt_buf" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc );
-
+ data = rec->buf + rec->data_offset;
+ post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
- ssl->out_msg, ssl->out_msglen );
+ data, rec->data_len );
- if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN )
+ mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc );
+
+ if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %u too large, maximum %d",
- (unsigned) ssl->out_msglen,
+ (unsigned) rec->data_len,
MBEDTLS_SSL_OUT_CONTENT_LEN ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /*
+ * Add CID information
+ */
+ rec->cid_len = transform->out_cid_len;
+ memcpy( rec->cid, transform->out_cid, transform->out_cid_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "CID", rec->cid, rec->cid_len );
+
+ if( rec->cid_len != 0 )
+ {
+ /*
+ * Wrap plaintext into DTLSInnerPlaintext structure.
+ * See ssl_cid_build_inner_plaintext() for more information.
+ *
+ * Note that this changes `rec->data_len`, and hence
+ * `post_avail` needs to be recalculated afterwards.
+ */
+ if( ssl_cid_build_inner_plaintext( data,
+ &rec->data_len,
+ post_avail,
+ rec->type ) != 0 )
+ {
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
+
+ rec->type = MBEDTLS_SSL_MSG_CID;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
+
/*
* Add MAC before if needed
*/
-#if defined(SSL_SOME_MODES_USE_MAC)
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
if( mode == MBEDTLS_MODE_STREAM ||
( mode == MBEDTLS_MODE_CBC
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- && ssl->session_out->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
+ && transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
#endif
) )
{
+ if( post_avail < transform->maclen )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
+
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+ if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
unsigned char mac[SSL_MAC_MAX_BYTES];
-
- ssl_mac( &ssl->transform_out->md_ctx_enc,
- ssl->transform_out->mac_enc,
- ssl->out_msg, ssl->out_msglen,
- ssl->out_ctr, ssl->out_msgtype,
- mac );
-
- memcpy( ssl->out_msg + ssl->out_msglen, mac, ssl->transform_out->maclen );
+ ssl_mac( &transform->md_ctx_enc, transform->mac_enc,
+ data, rec->data_len, rec->ctr, rec->type, mac );
+ memcpy( data + rec->data_len, mac, transform->maclen );
}
else
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
+ if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
{
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
- mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 8 );
- mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_hdr, 3 );
- mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_len, 2 );
- mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc,
- ssl->out_msg, ssl->out_msglen );
- mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, mac );
- mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc );
+ ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
- memcpy( ssl->out_msg + ssl->out_msglen, mac, ssl->transform_out->maclen );
+ mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
+ add_data_len );
+ mbedtls_md_hmac_update( &transform->md_ctx_enc,
+ data, rec->data_len );
+ mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
+ mbedtls_md_hmac_reset( &transform->md_ctx_enc );
+
+ memcpy( data + rec->data_len, mac, transform->maclen );
}
else
#endif
@@ -1402,14 +2258,14 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac",
- ssl->out_msg + ssl->out_msglen,
- ssl->transform_out->maclen );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", data + rec->data_len,
+ transform->maclen );
- ssl->out_msglen += ssl->transform_out->maclen;
+ rec->data_len += transform->maclen;
+ post_avail -= transform->maclen;
auth_done++;
}
-#endif /* AEAD not the only option */
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
/*
* Encrypt
@@ -1418,23 +2274,21 @@
if( mode == MBEDTLS_MODE_STREAM )
{
int ret;
- size_t olen = 0;
-
+ size_t olen;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
- "including %d bytes of padding",
- ssl->out_msglen, 0 ) );
+ "including %d bytes of padding",
+ rec->data_len, 0 ) );
- if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
- ssl->transform_out->iv_enc,
- ssl->transform_out->ivlen,
- ssl->out_msg, ssl->out_msglen,
- ssl->out_msg, &olen ) ) != 0 )
+ if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
+ transform->iv_enc, transform->ivlen,
+ data, rec->data_len,
+ data, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
- if( ssl->out_msglen != olen )
+ if( rec->data_len != olen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -1442,6 +2296,7 @@
}
else
#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
+
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
@@ -1450,26 +2305,17 @@
mode == MBEDTLS_MODE_CHACHAPOLY )
{
int ret;
- size_t enc_msglen, olen;
- unsigned char *enc_msg;
- unsigned char add_data[13];
unsigned char iv[12];
- mbedtls_ssl_transform *transform = ssl->transform_out;
- unsigned char taglen = transform->ciphersuite_info->flags &
- MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
- size_t explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
+ size_t explicit_iv_len = transform->ivlen - transform->fixed_ivlen;
- /*
- * Prepare additional authenticated data
- */
- memcpy( add_data, ssl->out_ctr, 8 );
- add_data[8] = ssl->out_msgtype;
- mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
- ssl->conf->transport, add_data + 9 );
- add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF;
- add_data[12] = ssl->out_msglen & 0xFF;
-
- MBEDTLS_SSL_DEBUG_BUF( 4, "additional data for AEAD", add_data, 13 );
+ /* Check that there's space for both the authentication tag
+ * and the explicit IV before and after the record content. */
+ if( post_avail < transform->taglen ||
+ rec->data_offset < explicit_iv_len )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
/*
* Generate IV
@@ -1478,9 +2324,10 @@
{
/* GCM and CCM: fixed || explicit (=seqnum) */
memcpy( iv, transform->iv_enc, transform->fixed_ivlen );
- memcpy( iv + transform->fixed_ivlen, ssl->out_ctr, 8 );
- memcpy( ssl->out_iv, ssl->out_ctr, 8 );
-
+ memcpy( iv + transform->fixed_ivlen, rec->ctr,
+ explicit_iv_len );
+ /* Prefix record content with explicit IV. */
+ memcpy( data - explicit_iv_len, rec->ctr, explicit_iv_len );
}
else if( transform->ivlen == 12 && transform->fixed_ivlen == 12 )
{
@@ -1490,7 +2337,7 @@
memcpy( iv, transform->iv_enc, transform->fixed_ivlen );
for( i = 0; i < 8; i++ )
- iv[i+4] ^= ssl->out_ctr[i];
+ iv[i+4] ^= rec->ctr[i];
}
else
{
@@ -1499,46 +2346,40 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+ ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
+
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
iv, transform->ivlen );
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)",
- ssl->out_iv, explicit_ivlen );
-
- /*
- * Fix message length with added IV
- */
- enc_msg = ssl->out_msg;
- enc_msglen = ssl->out_msglen;
- ssl->out_msglen += explicit_ivlen;
-
+ data - explicit_iv_len, explicit_iv_len );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
+ add_data, add_data_len );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
"including 0 bytes of padding",
- ssl->out_msglen ) );
+ rec->data_len ) );
/*
* Encrypt and authenticate
*/
+
if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc,
- iv, transform->ivlen,
- add_data, 13,
- enc_msg, enc_msglen,
- enc_msg, &olen,
- enc_msg + enc_msglen, taglen ) ) != 0 )
+ iv, transform->ivlen,
+ add_data, add_data_len, /* add data */
+ data, rec->data_len, /* source */
+ data, &rec->data_len, /* destination */
+ data + rec->data_len, transform->taglen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret );
return( ret );
}
- if( olen != enc_msglen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
+ MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
+ data + rec->data_len, transform->taglen );
- ssl->out_msglen += taglen;
+ rec->data_len += transform->taglen + explicit_iv_len;
+ rec->data_offset -= explicit_iv_len;
+ post_avail -= transform->taglen;
auth_done++;
-
- MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, taglen );
}
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
@@ -1547,85 +2388,103 @@
if( mode == MBEDTLS_MODE_CBC )
{
int ret;
- unsigned char *enc_msg;
- size_t enc_msglen, padlen, olen = 0, i;
+ size_t padlen, i;
+ size_t olen;
- padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) %
- ssl->transform_out->ivlen;
- if( padlen == ssl->transform_out->ivlen )
+ /* Currently we're always using minimal padding
+ * (up to 255 bytes would be allowed). */
+ padlen = transform->ivlen - ( rec->data_len + 1 ) % transform->ivlen;
+ if( padlen == transform->ivlen )
padlen = 0;
+ /* Check there's enough space in the buffer for the padding. */
+ if( post_avail < padlen + 1 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
+
for( i = 0; i <= padlen; i++ )
- ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen;
+ data[rec->data_len + i] = (unsigned char) padlen;
- ssl->out_msglen += padlen + 1;
-
- enc_msglen = ssl->out_msglen;
- enc_msg = ssl->out_msg;
+ rec->data_len += padlen + 1;
+ post_avail -= padlen + 1;
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
/*
* Prepend per-record IV for block cipher in TLS v1.1 and up as per
* Method 1 (6.2.3.2. in RFC4346 and RFC5246)
*/
- if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+ if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
{
+ if( f_rng == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "No PRNG provided to encrypt_record routine" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ if( rec->data_offset < transform->ivlen )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
+
/*
* Generate IV
*/
- ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc,
- ssl->transform_out->ivlen );
+ ret = f_rng( p_rng, transform->iv_enc, transform->ivlen );
if( ret != 0 )
return( ret );
- memcpy( ssl->out_iv, ssl->transform_out->iv_enc,
- ssl->transform_out->ivlen );
+ memcpy( data - transform->ivlen, transform->iv_enc,
+ transform->ivlen );
- /*
- * Fix pointer positions and message length with added IV
- */
- enc_msg = ssl->out_msg;
- enc_msglen = ssl->out_msglen;
- ssl->out_msglen += ssl->transform_out->ivlen;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
"including %d bytes of IV and %d bytes of padding",
- ssl->out_msglen, ssl->transform_out->ivlen,
+ rec->data_len, transform->ivlen,
padlen + 1 ) );
- if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
- ssl->transform_out->iv_enc,
- ssl->transform_out->ivlen,
- enc_msg, enc_msglen,
- enc_msg, &olen ) ) != 0 )
+ if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
+ transform->iv_enc,
+ transform->ivlen,
+ data, rec->data_len,
+ data, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
- if( enc_msglen != olen )
+ if( rec->data_len != olen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
- if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
+ if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
{
/*
* Save IV in SSL3 and TLS1
*/
- memcpy( ssl->transform_out->iv_enc,
- ssl->transform_out->cipher_ctx_enc.iv,
- ssl->transform_out->ivlen );
+ memcpy( transform->iv_enc, transform->cipher_ctx_enc.iv,
+ transform->ivlen );
}
+ else
#endif
+ {
+ data -= transform->ivlen;
+ rec->data_offset -= transform->ivlen;
+ rec->data_len += transform->ivlen;
+ }
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( auth_done == 0 )
{
+ unsigned char mac[MBEDTLS_SSL_MAC_ADD];
+
/*
* MAC(MAC_write_key, seq_num +
* TLSCipherText.type +
@@ -1634,25 +2493,30 @@
* IV + // except for TLS 1.0
* ENC(content + padding + padding_length));
*/
- unsigned char pseudo_hdr[13];
+
+ if( post_avail < transform->maclen)
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
+
+ ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
+ add_data_len );
- memcpy( pseudo_hdr + 0, ssl->out_ctr, 8 );
- memcpy( pseudo_hdr + 8, ssl->out_hdr, 3 );
- pseudo_hdr[11] = (unsigned char)( ( ssl->out_msglen >> 8 ) & 0xFF );
- pseudo_hdr[12] = (unsigned char)( ( ssl->out_msglen ) & 0xFF );
+ mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
+ add_data_len );
+ mbedtls_md_hmac_update( &transform->md_ctx_enc,
+ data, rec->data_len );
+ mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
+ mbedtls_md_hmac_reset( &transform->md_ctx_enc );
- MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 );
+ memcpy( data + rec->data_len, mac, transform->maclen );
- mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 );
- mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc,
- ssl->out_iv, ssl->out_msglen );
- mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc,
- ssl->out_iv + ssl->out_msglen );
- mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc );
-
- ssl->out_msglen += ssl->transform_out->maclen;
+ rec->data_len += transform->maclen;
+ post_avail -= transform->maclen;
auth_done++;
}
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
@@ -1677,50 +2541,68 @@
return( 0 );
}
-static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform,
+ mbedtls_record *rec )
{
+ size_t olen;
mbedtls_cipher_mode_t mode;
- int auth_done = 0;
-#if defined(SSL_SOME_MODES_USE_MAC)
+ int ret, auth_done = 0;
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
size_t padlen = 0, correct = 1;
#endif
+ unsigned char* data;
+ unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_IN_LEN_MAX ];
+ size_t add_data_len;
+
+#if !defined(MBEDTLS_DEBUG_C)
+ ((void) ssl);
+#endif
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
-
- if( ssl->session_in == NULL || ssl->transform_in == NULL )
+ if( transform == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "no transform provided to decrypt_buf" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+ if( rec == NULL ||
+ rec->buf == NULL ||
+ rec->buf_len < rec->data_offset ||
+ rec->buf_len - rec->data_offset < rec->data_len )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to decrypt_buf" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_in->cipher_ctx_dec );
+ data = rec->buf + rec->data_offset;
+ mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec );
- if( ssl->in_msglen < ssl->transform_in->minlen )
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /*
+ * Match record's CID with incoming CID.
+ */
+ if( rec->cid_len != transform->in_cid_len ||
+ memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)",
- ssl->in_msglen, ssl->transform_in->minlen ) );
- return( MBEDTLS_ERR_SSL_INVALID_MAC );
+ return( MBEDTLS_ERR_SSL_UNEXPECTED_CID );
}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
if( mode == MBEDTLS_MODE_STREAM )
{
- int ret;
- size_t olen = 0;
-
padlen = 0;
-
- if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec,
- ssl->transform_in->iv_dec,
- ssl->transform_in->ivlen,
- ssl->in_msg, ssl->in_msglen,
- ssl->in_msg, &olen ) ) != 0 )
+ if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec,
+ transform->iv_dec,
+ transform->ivlen,
+ data, rec->data_len,
+ data, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
- if( ssl->in_msglen != olen )
+ if( rec->data_len != olen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -1735,44 +2617,19 @@
mode == MBEDTLS_MODE_CCM ||
mode == MBEDTLS_MODE_CHACHAPOLY )
{
- int ret;
- size_t dec_msglen, olen;
- unsigned char *dec_msg;
- unsigned char *dec_msg_result;
- unsigned char add_data[13];
unsigned char iv[12];
- mbedtls_ssl_transform *transform = ssl->transform_in;
- unsigned char taglen = transform->ciphersuite_info->flags &
- MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
size_t explicit_iv_len = transform->ivlen - transform->fixed_ivlen;
/*
* Compute and update sizes
*/
- if( ssl->in_msglen < explicit_iv_len + taglen )
+ if( rec->data_len < explicit_iv_len + transform->taglen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) "
- "+ taglen (%d)", ssl->in_msglen,
- explicit_iv_len, taglen ) );
+ "+ taglen (%d)", rec->data_len,
+ explicit_iv_len, transform->taglen ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
- dec_msglen = ssl->in_msglen - explicit_iv_len - taglen;
-
- dec_msg = ssl->in_msg;
- dec_msg_result = ssl->in_msg;
- ssl->in_msglen = dec_msglen;
-
- /*
- * Prepare additional authenticated data
- */
- memcpy( add_data, ssl->in_ctr, 8 );
- add_data[8] = ssl->in_msgtype;
- mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
- ssl->conf->transport, add_data + 9 );
- add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF;
- add_data[12] = ssl->in_msglen & 0xFF;
-
- MBEDTLS_SSL_DEBUG_BUF( 4, "additional data for AEAD", add_data, 13 );
/*
* Prepare IV
@@ -1781,7 +2638,7 @@
{
/* GCM and CCM: fixed || explicit (transmitted) */
memcpy( iv, transform->iv_dec, transform->fixed_ivlen );
- memcpy( iv + transform->fixed_ivlen, ssl->in_iv, 8 );
+ memcpy( iv + transform->fixed_ivlen, data, 8 );
}
else if( transform->ivlen == 12 && transform->fixed_ivlen == 12 )
@@ -1792,7 +2649,7 @@
memcpy( iv, transform->iv_dec, transform->fixed_ivlen );
for( i = 0; i < 8; i++ )
- iv[i+4] ^= ssl->in_ctr[i];
+ iv[i+4] ^= rec->ctr[i];
}
else
{
@@ -1801,18 +2658,32 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+ data += explicit_iv_len;
+ rec->data_offset += explicit_iv_len;
+ rec->data_len -= explicit_iv_len + transform->taglen;
+
+ ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
+ add_data, add_data_len );
+
+ memcpy( transform->iv_dec + transform->fixed_ivlen,
+ data - explicit_iv_len, explicit_iv_len );
+
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", iv, transform->ivlen );
- MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, taglen );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", data + rec->data_len,
+ transform->taglen );
+
/*
* Decrypt and authenticate
*/
- if( ( ret = mbedtls_cipher_auth_decrypt( &ssl->transform_in->cipher_ctx_dec,
- iv, transform->ivlen,
- add_data, 13,
- dec_msg, dec_msglen,
- dec_msg_result, &olen,
- dec_msg + dec_msglen, taglen ) ) != 0 )
+ if( ( ret = mbedtls_cipher_auth_decrypt( &transform->cipher_ctx_dec,
+ iv, transform->ivlen,
+ add_data, add_data_len,
+ data, rec->data_len,
+ data, &olen,
+ data + rec->data_len,
+ transform->taglen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret );
@@ -1823,7 +2694,7 @@
}
auth_done++;
- if( olen != dec_msglen )
+ if( olen != rec->data_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -1835,75 +2706,83 @@
( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) )
if( mode == MBEDTLS_MODE_CBC )
{
- /*
- * Decrypt and check the padding
- */
- int ret;
- unsigned char *dec_msg;
- unsigned char *dec_msg_result;
- size_t dec_msglen;
size_t minlen = 0;
- size_t olen = 0;
/*
* Check immediate ciphertext sanity
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
- minlen += ssl->transform_in->ivlen;
+ if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+ {
+ /* The ciphertext is prefixed with the CBC IV. */
+ minlen += transform->ivlen;
+ }
#endif
- if( ssl->in_msglen < minlen + ssl->transform_in->ivlen ||
- ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 )
+ /* Size considerations:
+ *
+ * - The CBC cipher text must not be empty and hence
+ * at least of size transform->ivlen.
+ *
+ * Together with the potential IV-prefix, this explains
+ * the first of the two checks below.
+ *
+ * - The record must contain a MAC, either in plain or
+ * encrypted, depending on whether Encrypt-then-MAC
+ * is used or not.
+ * - If it is, the message contains the IV-prefix,
+ * the CBC ciphertext, and the MAC.
+ * - If it is not, the padded plaintext, and hence
+ * the CBC ciphertext, has at least length maclen + 1
+ * because there is at least the padding length byte.
+ *
+ * As the CBC ciphertext is not empty, both cases give the
+ * lower bound minlen + maclen + 1 on the record size, which
+ * we test for in the second check below.
+ */
+ if( rec->data_len < minlen + transform->ivlen ||
+ rec->data_len < minlen + transform->maclen + 1 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) "
- "+ 1 ) ( + expl IV )", ssl->in_msglen,
- ssl->transform_in->ivlen,
- ssl->transform_in->maclen ) );
+ "+ 1 ) ( + expl IV )", rec->data_len,
+ transform->ivlen,
+ transform->maclen ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
- dec_msglen = ssl->in_msglen;
- dec_msg = ssl->in_msg;
- dec_msg_result = ssl->in_msg;
-
/*
* Authenticate before decrypt if enabled
*/
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( ssl->session_in->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
+ if( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
{
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
- unsigned char pseudo_hdr[13];
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
- dec_msglen -= ssl->transform_in->maclen;
- ssl->in_msglen -= ssl->transform_in->maclen;
+ /* Safe due to the check data_len >= minlen + maclen + 1 above. */
+ rec->data_len -= transform->maclen;
- memcpy( pseudo_hdr + 0, ssl->in_ctr, 8 );
- memcpy( pseudo_hdr + 8, ssl->in_hdr, 3 );
- pseudo_hdr[11] = (unsigned char)( ( ssl->in_msglen >> 8 ) & 0xFF );
- pseudo_hdr[12] = (unsigned char)( ( ssl->in_msglen ) & 0xFF );
+ ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
- MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
+ add_data_len );
+ mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data,
+ add_data_len );
+ mbedtls_md_hmac_update( &transform->md_ctx_dec,
+ data, rec->data_len );
+ mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect );
+ mbedtls_md_hmac_reset( &transform->md_ctx_dec );
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, pseudo_hdr, 13 );
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec,
- ssl->in_iv, ssl->in_msglen );
- mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect );
- mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec );
-
- MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_iv + ssl->in_msglen,
- ssl->transform_in->maclen );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", data + rec->data_len,
+ transform->maclen );
MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect,
- ssl->transform_in->maclen );
+ transform->maclen );
- if( mbedtls_ssl_safer_memcmp( ssl->in_iv + ssl->in_msglen, mac_expect,
- ssl->transform_in->maclen ) != 0 )
+ if( mbedtls_ssl_safer_memcmp( data + rec->data_len, mac_expect,
+ transform->maclen ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
-
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
auth_done++;
@@ -1913,10 +2792,10 @@
/*
* Check length sanity
*/
- if( ssl->in_msglen % ssl->transform_in->ivlen != 0 )
+ if( rec->data_len % transform->ivlen != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
- ssl->in_msglen, ssl->transform_in->ivlen ) );
+ rec->data_len, transform->ivlen ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
@@ -1924,67 +2803,84 @@
/*
* Initialize for prepended IV for block cipher in TLS v1.1 and up
*/
- if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+ if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
{
- unsigned char i;
- dec_msglen -= ssl->transform_in->ivlen;
- ssl->in_msglen -= ssl->transform_in->ivlen;
+ /* This is safe because data_len >= minlen + maclen + 1 initially,
+ * and at this point we have at most subtracted maclen (note that
+ * minlen == transform->ivlen here). */
+ memcpy( transform->iv_dec, data, transform->ivlen );
- for( i = 0; i < ssl->transform_in->ivlen; i++ )
- ssl->transform_in->iv_dec[i] = ssl->in_iv[i];
+ data += transform->ivlen;
+ rec->data_offset += transform->ivlen;
+ rec->data_len -= transform->ivlen;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
- if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec,
- ssl->transform_in->iv_dec,
- ssl->transform_in->ivlen,
- dec_msg, dec_msglen,
- dec_msg_result, &olen ) ) != 0 )
+ if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec,
+ transform->iv_dec, transform->ivlen,
+ data, rec->data_len, data, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
- if( dec_msglen != olen )
+ if( rec->data_len != olen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
- if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
+ if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
{
/*
* Save IV in SSL3 and TLS1
*/
- memcpy( ssl->transform_in->iv_dec,
- ssl->transform_in->cipher_ctx_dec.iv,
- ssl->transform_in->ivlen );
+ memcpy( transform->iv_dec, transform->cipher_ctx_dec.iv,
+ transform->ivlen );
}
#endif
- padlen = 1 + ssl->in_msg[ssl->in_msglen - 1];
+ /* Safe since data_len >= minlen + maclen + 1, so after having
+ * subtracted at most minlen and maclen up to this point,
+ * data_len > 0. */
+ padlen = data[rec->data_len - 1];
- if( ssl->in_msglen < ssl->transform_in->maclen + padlen &&
- auth_done == 0 )
+ if( auth_done == 1 )
+ {
+ correct *= ( rec->data_len >= padlen + 1 );
+ padlen *= ( rec->data_len >= padlen + 1 );
+ }
+ else
{
#if defined(MBEDTLS_SSL_DEBUG_ALL)
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
- ssl->in_msglen, ssl->transform_in->maclen, padlen ) );
+ if( rec->data_len < transform->maclen + padlen + 1 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
+ rec->data_len,
+ transform->maclen,
+ padlen + 1 ) );
+ }
#endif
- padlen = 0;
- correct = 0;
+
+ correct *= ( rec->data_len >= transform->maclen + padlen + 1 );
+ padlen *= ( rec->data_len >= transform->maclen + padlen + 1 );
}
+ padlen++;
+
+ /* Regardless of the validity of the padding,
+ * we have data_len >= padlen here. */
+
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+ if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
- if( padlen > ssl->transform_in->ivlen )
+ if( padlen > transform->ivlen )
{
#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
- "should be no more than %d",
- padlen, ssl->transform_in->ivlen ) );
+ "should be no more than %d",
+ padlen, transform->ivlen ) );
#endif
correct = 0;
}
@@ -1993,40 +2889,31 @@
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
+ if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
{
- /*
- * TLSv1+: always check the padding up to the first failure
- * and fake check up to 256 bytes of padding
- */
- size_t pad_count = 0, real_count = 1;
- size_t padding_idx = ssl->in_msglen - padlen;
- size_t i;
+ /* The padding check involves a series of up to 256
+ * consecutive memory reads at the end of the record
+ * plaintext buffer. In order to hide the length and
+ * validity of the padding, always perform exactly
+ * `min(256,plaintext_len)` reads (but take into account
+ * only the last `padlen` bytes for the padding check). */
+ size_t pad_count = 0;
+ size_t real_count = 0;
+ volatile unsigned char* const check = data;
- /*
- * Padding is guaranteed to be incorrect if:
- * 1. padlen > ssl->in_msglen
- *
- * 2. padding_idx > MBEDTLS_SSL_IN_CONTENT_LEN +
- * ssl->transform_in->maclen
- *
- * In both cases we reset padding_idx to a safe value (0) to
- * prevent out-of-buffer reads.
- */
- correct &= ( padlen <= ssl->in_msglen );
- correct &= ( padding_idx <= MBEDTLS_SSL_IN_CONTENT_LEN +
- ssl->transform_in->maclen );
+ /* Index of first padding byte; it has been ensured above
+ * that the subtraction is safe. */
+ size_t const padding_idx = rec->data_len - padlen;
+ size_t const num_checks = rec->data_len <= 256 ? rec->data_len : 256;
+ size_t const start_idx = rec->data_len - num_checks;
+ size_t idx;
- padding_idx *= correct;
-
- for( i = 0; i < 256; i++ )
+ for( idx = start_idx; idx < rec->data_len; idx++ )
{
- real_count &= ( i < padlen );
- pad_count += real_count *
- ( ssl->in_msg[padding_idx + i] == padlen - 1 );
+ real_count |= ( idx >= padding_idx );
+ pad_count += real_count * ( check[idx] == padlen - 1 );
}
-
- correct &= ( pad_count == padlen ); /* Only 1 on correct padding */
+ correct &= ( pad_count == padlen );
#if defined(MBEDTLS_SSL_DEBUG_ALL)
if( padlen > 0 && correct == 0 )
@@ -2042,7 +2929,11 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- ssl->in_msglen -= padlen;
+ /* If the padding was found to be invalid, padlen == 0
+ * and the subtraction is safe. If the padding was found valid,
+ * padlen hasn't been changed and the previous assertion
+ * data_len >= padlen still holds. */
+ rec->data_len -= padlen;
}
else
#endif /* MBEDTLS_CIPHER_MODE_CBC &&
@@ -2054,37 +2945,49 @@
#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption",
- ssl->in_msg, ssl->in_msglen );
+ data, rec->data_len );
#endif
/*
* Authenticate if not done yet.
* Compute the MAC regardless of the padding result (RFC4346, CBCTIME).
*/
-#if defined(SSL_SOME_MODES_USE_MAC)
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
if( auth_done == 0 )
{
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
- ssl->in_msglen -= ssl->transform_in->maclen;
+ /* If the initial value of padlen was such that
+ * data_len < maclen + padlen + 1, then padlen
+ * got reset to 1, and the initial check
+ * data_len >= minlen + maclen + 1
+ * guarantees that at this point we still
+ * have at least data_len >= maclen.
+ *
+ * If the initial value of padlen was such that
+ * data_len >= maclen + padlen + 1, then we have
+ * subtracted either padlen + 1 (if the padding was correct)
+ * or 0 (if the padding was incorrect) since then,
+ * hence data_len >= maclen in any case.
+ */
+ rec->data_len -= transform->maclen;
- ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 );
- ssl->in_len[1] = (unsigned char)( ssl->in_msglen );
+ ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+ if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
- ssl_mac( &ssl->transform_in->md_ctx_dec,
- ssl->transform_in->mac_dec,
- ssl->in_msg, ssl->in_msglen,
- ssl->in_ctr, ssl->in_msgtype,
- mac_expect );
+ ssl_mac( &transform->md_ctx_dec,
+ transform->mac_dec,
+ data, rec->data_len,
+ rec->ctr, rec->type,
+ mac_expect );
}
else
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
+ if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
{
/*
* Process MAC and always update for padlen afterwards to make
@@ -2114,6 +3017,7 @@
* linking an extra division function in some builds).
*/
size_t j, extra_run = 0;
+ unsigned char tmp[MBEDTLS_MD_MAX_BLOCK_SIZE];
/*
* The next two sizes are the minimum and maximum values of
@@ -2125,10 +3029,12 @@
* Note that max_len + maclen is never more than the buffer
* length, as we previously did in_msglen -= maclen too.
*/
- const size_t max_len = ssl->in_msglen + padlen;
+ const size_t max_len = rec->data_len + padlen;
const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0;
- switch( ssl->transform_in->ciphersuite_info->mac )
+ memset( tmp, 0, sizeof( tmp ) );
+
+ switch( mbedtls_md_get_type( transform->md_ctx_dec.md_info ) )
{
#if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \
defined(MBEDTLS_SHA256_C)
@@ -2136,15 +3042,17 @@
case MBEDTLS_MD_SHA1:
case MBEDTLS_MD_SHA256:
/* 8 bytes of message size, 64-byte compression blocks */
- extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 -
- ( 13 + ssl->in_msglen + 8 ) / 64;
+ extra_run =
+ ( add_data_len + rec->data_len + padlen + 8 ) / 64 -
+ ( add_data_len + rec->data_len + 8 ) / 64;
break;
#endif
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA384:
/* 16 bytes of message size, 128-byte compression blocks */
- extra_run = ( 13 + ssl->in_msglen + padlen + 16 ) / 128 -
- ( 13 + ssl->in_msglen + 16 ) / 128;
+ extra_run =
+ ( add_data_len + rec->data_len + padlen + 16 ) / 128 -
+ ( add_data_len + rec->data_len + 16 ) / 128;
break;
#endif
default:
@@ -2154,30 +3062,29 @@
extra_run &= correct * 0xFF;
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 8 );
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_hdr, 3 );
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 );
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg,
- ssl->in_msglen );
+ mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data,
+ add_data_len );
+ mbedtls_md_hmac_update( &transform->md_ctx_dec, data,
+ rec->data_len );
/* Make sure we access everything even when padlen > 0. This
* makes the synchronisation requirements for just-in-time
* Prime+Probe attacks much tighter and hopefully impractical. */
- ssl_read_memory( ssl->in_msg + ssl->in_msglen, padlen );
- mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect );
+ ssl_read_memory( data + rec->data_len, padlen );
+ mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect );
/* Call mbedtls_md_process at least once due to cache attacks
* that observe whether md_process() was called of not */
for( j = 0; j < extra_run + 1; j++ )
- mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg );
+ mbedtls_md_process( &transform->md_ctx_dec, tmp );
- mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec );
+ mbedtls_md_hmac_reset( &transform->md_ctx_dec );
/* Make sure we access all the memory that could contain the MAC,
* before we check it in the next code block. This makes the
* synchronisation requirements for just-in-time Prime+Probe
* attacks much tighter and hopefully impractical. */
- ssl_read_memory( ssl->in_msg + min_len,
- max_len - min_len + ssl->transform_in->maclen );
+ ssl_read_memory( data + min_len,
+ max_len - min_len + transform->maclen );
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
@@ -2188,13 +3095,12 @@
}
#if defined(MBEDTLS_SSL_DEBUG_ALL)
- MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, ssl->transform_in->maclen );
- MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_msg + ssl->in_msglen,
- ssl->transform_in->maclen );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, transform->maclen );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", data + rec->data_len, transform->maclen );
#endif
- if( mbedtls_ssl_safer_memcmp( ssl->in_msg + ssl->in_msglen, mac_expect,
- ssl->transform_in->maclen ) != 0 )
+ if( mbedtls_ssl_safer_memcmp( data + rec->data_len, mac_expect,
+ transform->maclen ) != 0 )
{
#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
@@ -2202,14 +3108,14 @@
correct = 0;
}
auth_done++;
-
- /*
- * Finally check the correct flag
- */
- if( correct == 0 )
- return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
-#endif /* SSL_SOME_MODES_USE_MAC */
+
+ /*
+ * Finally check the correct flag
+ */
+ if( correct == 0 )
+ return( MBEDTLS_ERR_SSL_INVALID_MAC );
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
/* Make extra sure authentication was performed, exactly once */
if( auth_done != 1 )
@@ -2218,54 +3124,15 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- if( ssl->in_msglen == 0 )
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( rec->cid_len != 0 )
{
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3
- && ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
- {
- /* TLS v1.2 explicitly disallows zero-length messages which are not application data */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) );
+ ret = ssl_cid_parse_inner_plaintext( data, &rec->data_len,
+ &rec->type );
+ if( ret != 0 )
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
- }
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
- ssl->nb_zero++;
-
- /*
- * Three or more empty messages may be a DoS attack
- * (excessive CPU consumption).
- */
- if( ssl->nb_zero > 3 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
- "messages, possible DoS attack" ) );
- return( MBEDTLS_ERR_SSL_INVALID_MAC );
- }
}
- else
- ssl->nb_zero = 0;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- ; /* in_ctr read from peer, not maintained internally */
- }
- else
-#endif
- {
- unsigned char i;
- for( i = 8; i > ssl_ep_len( ssl ); i-- )
- if( ++ssl->in_ctr[i - 1] != 0 )
- break;
-
- /* The loop goes to its end iff the counter is wrapping */
- if( i == ssl_ep_len( ssl ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
- return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
- }
- }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
@@ -2500,7 +3367,7 @@
}
/*
- * A record can't be split accross datagrams. If we need to read but
+ * A record can't be split across datagrams. If we need to read but
* are not at the beginning of a new record, the caller did something
* wrong.
*/
@@ -2644,7 +3511,7 @@
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
{
int ret;
- unsigned char *buf, i;
+ unsigned char *buf;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) );
@@ -2665,10 +3532,9 @@
while( ssl->out_left > 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
- mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
+ mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
- buf = ssl->out_hdr + mbedtls_ssl_hdr_len( ssl ) +
- ssl->out_msglen - ssl->out_left;
+ buf = ssl->out_hdr - ssl->out_left;
ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left );
MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", ret );
@@ -2687,16 +3553,17 @@
ssl->out_left -= ret;
}
- for( i = 8; i > ssl_ep_len( ssl ); i-- )
- if( ++ssl->out_ctr[i - 1] != 0 )
- break;
-
- /* The loop goes to its end iff the counter is wrapping */
- if( i == ssl_ep_len( ssl ) )
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) );
- return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+ ssl->out_hdr = ssl->out_buf;
}
+ else
+#endif
+ {
+ ssl->out_hdr = ssl->out_buf + 8;
+ }
+ ssl_update_out_pointers( ssl, ssl->transform_out );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
@@ -2713,6 +3580,9 @@
static int ssl_flight_append( mbedtls_ssl_context *ssl )
{
mbedtls_ssl_flight_item *msg;
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_flight_append" ) );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "message appended to flight",
+ ssl->out_msg, ssl->out_msglen );
/* Allocate space for current message */
if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL )
@@ -2746,6 +3616,7 @@
cur->next = msg;
}
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_flight_append" ) );
return( 0 );
}
@@ -2794,19 +3665,12 @@
ssl->handshake->alt_transform_out = tmp_transform;
/* Swap epoch + sequence_number */
- memcpy( tmp_out_ctr, ssl->out_ctr, 8 );
- memcpy( ssl->out_ctr, ssl->handshake->alt_out_ctr, 8 );
+ memcpy( tmp_out_ctr, ssl->cur_out_ctr, 8 );
+ memcpy( ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, 8 );
memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 );
/* Adjust to the newly activated transform */
- if( ssl->transform_out != NULL &&
- ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
- {
- ssl->out_msg = ssl->out_iv + ssl->transform_out->ivlen -
- ssl->transform_out->fixed_ivlen;
- }
- else
- ssl->out_msg = ssl->out_iv;
+ ssl_update_out_pointers( ssl, ssl->transform_out );
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_activate != NULL )
@@ -2822,20 +3686,38 @@
/*
* Retransmit the current flight of messages.
+ */
+int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
+{
+ int ret = 0;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) );
+
+ ret = mbedtls_ssl_flight_transmit( ssl );
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) );
+
+ return( ret );
+}
+
+/*
+ * Transmit or retransmit the current flight of messages.
*
* Need to remember the current message in case flush_output returns
* WANT_WRITE, causing us to exit this function and come back later.
* This function must be called until state is no longer SENDING.
*/
-int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) );
+ int ret;
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) );
if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise resending" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise flight transmission" ) );
ssl->handshake->cur_msg = ssl->handshake->flight;
+ ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12;
ssl_swap_epochs( ssl );
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
@@ -2843,33 +3725,129 @@
while( ssl->handshake->cur_msg != NULL )
{
- int ret;
- mbedtls_ssl_flight_item *cur = ssl->handshake->cur_msg;
+ size_t max_frag_len;
+ const mbedtls_ssl_flight_item * const cur = ssl->handshake->cur_msg;
+
+ int const is_finished =
+ ( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
+ cur->p[0] == MBEDTLS_SSL_HS_FINISHED );
+
+ uint8_t const force_flush = ssl->disable_datagram_packing == 1 ?
+ SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH;
/* Swap epochs before sending Finished: we can't do it after
* sending ChangeCipherSpec, in case write returns WANT_READ.
* Must be done before copying, may change out_msg pointer */
- if( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
- cur->p[0] == MBEDTLS_SSL_HS_FINISHED )
+ if( is_finished && ssl->handshake->cur_msg_p == ( cur->p + 12 ) )
{
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "swap epochs to send finished message" ) );
ssl_swap_epochs( ssl );
}
- memcpy( ssl->out_msg, cur->p, cur->len );
- ssl->out_msglen = cur->len;
- ssl->out_msgtype = cur->type;
+ ret = ssl_get_remaining_payload_in_datagram( ssl );
+ if( ret < 0 )
+ return( ret );
+ max_frag_len = (size_t) ret;
- ssl->handshake->cur_msg = cur->next;
+ /* CCS is copied as is, while HS messages may need fragmentation */
+ if( cur->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
+ {
+ if( max_frag_len == 0 )
+ {
+ if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
+ return( ret );
- MBEDTLS_SSL_DEBUG_BUF( 3, "resent handshake message header", ssl->out_msg, 12 );
+ continue;
+ }
- if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+ memcpy( ssl->out_msg, cur->p, cur->len );
+ ssl->out_msglen = cur->len;
+ ssl->out_msgtype = cur->type;
+
+ /* Update position inside current message */
+ ssl->handshake->cur_msg_p += cur->len;
+ }
+ else
+ {
+ const unsigned char * const p = ssl->handshake->cur_msg_p;
+ const size_t hs_len = cur->len - 12;
+ const size_t frag_off = p - ( cur->p + 12 );
+ const size_t rem_len = hs_len - frag_off;
+ size_t cur_hs_frag_len, max_hs_frag_len;
+
+ if( ( max_frag_len < 12 ) || ( max_frag_len == 12 && hs_len != 0 ) )
+ {
+ if( is_finished )
+ ssl_swap_epochs( ssl );
+
+ if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
+ return( ret );
+
+ continue;
+ }
+ max_hs_frag_len = max_frag_len - 12;
+
+ cur_hs_frag_len = rem_len > max_hs_frag_len ?
+ max_hs_frag_len : rem_len;
+
+ if( frag_off == 0 && cur_hs_frag_len != hs_len )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "fragmenting handshake message (%u > %u)",
+ (unsigned) cur_hs_frag_len,
+ (unsigned) max_hs_frag_len ) );
+ }
+
+ /* Messages are stored with handshake headers as if not fragmented,
+ * copy beginning of headers then fill fragmentation fields.
+ * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */
+ memcpy( ssl->out_msg, cur->p, 6 );
+
+ ssl->out_msg[6] = ( ( frag_off >> 16 ) & 0xff );
+ ssl->out_msg[7] = ( ( frag_off >> 8 ) & 0xff );
+ ssl->out_msg[8] = ( ( frag_off ) & 0xff );
+
+ ssl->out_msg[ 9] = ( ( cur_hs_frag_len >> 16 ) & 0xff );
+ ssl->out_msg[10] = ( ( cur_hs_frag_len >> 8 ) & 0xff );
+ ssl->out_msg[11] = ( ( cur_hs_frag_len ) & 0xff );
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 );
+
+ /* Copy the handshake message content and set records fields */
+ memcpy( ssl->out_msg + 12, p, cur_hs_frag_len );
+ ssl->out_msglen = cur_hs_frag_len + 12;
+ ssl->out_msgtype = cur->type;
+
+ /* Update position inside current message */
+ ssl->handshake->cur_msg_p += cur_hs_frag_len;
+ }
+
+ /* If done with the current message move to the next one if any */
+ if( ssl->handshake->cur_msg_p >= cur->p + cur->len )
+ {
+ if( cur->next != NULL )
+ {
+ ssl->handshake->cur_msg = cur->next;
+ ssl->handshake->cur_msg_p = cur->next->p + 12;
+ }
+ else
+ {
+ ssl->handshake->cur_msg = NULL;
+ ssl->handshake->cur_msg_p = NULL;
+ }
+ }
+
+ /* Actually send the message out */
+ if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
return( ret );
}
}
+ if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
+ return( ret );
+
+ /* Update state and set timer */
if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
else
@@ -2878,7 +3856,7 @@
ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_flight_transmit" ) );
return( 0 );
}
@@ -2896,6 +3874,12 @@
/* The next incoming flight will start with this msg_seq */
ssl->handshake->in_flight_start_seq = ssl->handshake->in_msg_seq;
+ /* We don't want to remember CCS's across flight boundaries. */
+ ssl->handshake->buffering.seen_ccs = 0;
+
+ /* Clear future message buffering structure. */
+ ssl_buffering_free( ssl );
+
/* Cancel timer */
ssl_set_timer( ssl, 0 );
@@ -2927,43 +3911,102 @@
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
- * Record layer functions
+ * Handshake layer functions
*/
/*
- * Write current record.
- * Uses ssl->out_msgtype, ssl->out_msglen and bytes at ssl->out_msg.
+ * Write (DTLS: or queue) current handshake (including CCS) message.
+ *
+ * - fill in handshake headers
+ * - update handshake checksum
+ * - DTLS: save message for resending
+ * - then pass to the record layer
+ *
+ * DTLS: except for HelloRequest, messages are only queued, and will only be
+ * actually sent when calling flight_transmit() or resend().
+ *
+ * Inputs:
+ * - ssl->out_msglen: 4 + actual handshake message len
+ * (4 is the size of handshake headers for TLS)
+ * - ssl->out_msg[0]: the handshake type (ClientHello, ServerHello, etc)
+ * - ssl->out_msg + 4: the handshake message body
+ *
+ * Outputs, ie state before passing to flight_append() or write_record():
+ * - ssl->out_msglen: the length of the record contents
+ * (including handshake headers but excluding record headers)
+ * - ssl->out_msg: the record contents (handshake headers + content)
*/
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
{
- int ret, done = 0, out_msg_type;
- size_t len = ssl->out_msglen;
+ int ret;
+ const size_t hs_len = ssl->out_msglen - 4;
+ const unsigned char hs_type = ssl->out_msg[0];
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write handshake message" ) );
+
+ /*
+ * Sanity checks
+ */
+ if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
+ ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
+ {
+ /* In SSLv3, the client might send a NoCertificate alert. */
+#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C)
+ if( ! ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
+ ssl->out_msgtype == MBEDTLS_SSL_MSG_ALERT &&
+ ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) )
+#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+ }
+
+ /* Whenever we send anything different from a
+ * HelloRequest we should be in a handshake - double check. */
+ if( ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+ hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) &&
+ ssl->handshake == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake != NULL &&
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
{
- ; /* Skip special handshake treatment when resending */
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- else
#endif
+
+ /* Double-check that we did not exceed the bounds
+ * of the outgoing record buffer.
+ * This should never fail as the various message
+ * writing functions must obey the bounds of the
+ * outgoing record buffer, but better be safe.
+ *
+ * Note: We deliberately do not check for the MTU or MFL here.
+ */
+ if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record too large: "
+ "size %u, maximum %u",
+ (unsigned) ssl->out_msglen,
+ (unsigned) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ /*
+ * Fill handshake headers
+ */
if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
{
- out_msg_type = ssl->out_msg[0];
-
- if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST &&
- ssl->handshake == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 );
- ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 );
- ssl->out_msg[3] = (unsigned char)( ( len - 4 ) );
+ ssl->out_msg[1] = (unsigned char)( hs_len >> 16 );
+ ssl->out_msg[2] = (unsigned char)( hs_len >> 8 );
+ ssl->out_msg[3] = (unsigned char)( hs_len );
/*
* DTLS has additional fields in the Handshake layer,
@@ -2980,17 +4023,16 @@
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: "
"size %u, maximum %u",
- (unsigned) ( ssl->in_hslen - 4 ),
+ (unsigned) ( hs_len ),
(unsigned) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 );
+ memmove( ssl->out_msg + 12, ssl->out_msg + 4, hs_len );
ssl->out_msglen += 8;
- len += 8;
/* Write message_seq and update it, except for HelloRequest */
- if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
+ if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
{
ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF;
@@ -3002,23 +4044,23 @@
ssl->out_msg[5] = 0;
}
- /* We don't fragment, so frag_offset = 0 and frag_len = len */
+ /* Handshake hashes are computed without fragmentation,
+ * so set frag_offset = 0 and frag_len = hs_len for now */
memset( ssl->out_msg + 6, 0x00, 3 );
memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 );
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
- ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
+ /* Update running hashes of handshake messages seen */
+ if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
+ ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen );
}
- /* Save handshake and CCS messages for resending */
+ /* Either send now, or just save to be sent (and resent) later */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->handshake != NULL &&
- ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING &&
- ( ssl->out_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ||
- ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) )
+ ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+ hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) )
{
if( ( ret = ssl_flight_append( ssl ) ) != 0 )
{
@@ -3026,7 +4068,40 @@
return( ret );
}
}
+ else
#endif
+ {
+ if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+ return( ret );
+ }
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write handshake message" ) );
+
+ return( 0 );
+}
+
+/*
+ * Record layer functions
+ */
+
+/*
+ * Write current record.
+ *
+ * Uses:
+ * - ssl->out_msgtype: type of the message (AppData, Handshake, Alert, CCS)
+ * - ssl->out_msglen: length of the record content (excl headers)
+ * - ssl->out_msg: record content
+ */
+int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
+{
+ int ret, done = 0;
+ size_t len = ssl->out_msglen;
+ uint8_t flush = force_flush;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
#if defined(MBEDTLS_ZLIB_SUPPORT)
if( ssl->transform_out != NULL &&
@@ -3060,38 +4135,135 @@
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
if( !done )
{
- ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
+ unsigned i;
+ size_t protected_record_size;
+
+ /* Skip writing the record content type to after the encryption,
+ * as it may change when using the CID extension. */
+
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
ssl->conf->transport, ssl->out_hdr + 1 );
+ memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 );
ssl->out_len[0] = (unsigned char)( len >> 8 );
ssl->out_len[1] = (unsigned char)( len );
if( ssl->transform_out != NULL )
{
- if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 )
+ mbedtls_record rec;
+
+ rec.buf = ssl->out_iv;
+ rec.buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN -
+ ( ssl->out_iv - ssl->out_buf );
+ rec.data_len = ssl->out_msglen;
+ rec.data_offset = ssl->out_msg - rec.buf;
+
+ memcpy( &rec.ctr[0], ssl->out_ctr, 8 );
+ mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
+ ssl->conf->transport, rec.ver );
+ rec.type = ssl->out_msgtype;
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* The CID is set by mbedtls_ssl_encrypt_buf(). */
+ rec.cid_len = 0;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec,
+ ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
return( ret );
}
- len = ssl->out_msglen;
- ssl->out_len[0] = (unsigned char)( len >> 8 );
- ssl->out_len[1] = (unsigned char)( len );
+ if( rec.data_offset != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ /* Update the record content type and CID. */
+ ssl->out_msgtype = rec.type;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID )
+ memcpy( ssl->out_cid, rec.cid, rec.cid_len );
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ ssl->out_msglen = len = rec.data_len;
+ ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 );
+ ssl->out_len[1] = (unsigned char)( rec.data_len );
}
- ssl->out_left = mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen;
+ protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ /* In case of DTLS, double-check that we don't exceed
+ * the remaining space in the datagram. */
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ ret = ssl_get_remaining_space_in_datagram( ssl );
+ if( ret < 0 )
+ return( ret );
+
+ if( protected_record_size > (size_t) ret )
+ {
+ /* Should never happen */
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+ /* Now write the potentially updated record content type. */
+ ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
- "version = [%d:%d], msglen = %d",
- ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2],
- ( ssl->out_len[0] << 8 ) | ssl->out_len[1] ) );
+ "version = [%d:%d], msglen = %d",
+ ssl->out_hdr[0], ssl->out_hdr[1],
+ ssl->out_hdr[2], len ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
- ssl->out_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen );
+ ssl->out_hdr, protected_record_size );
+
+ ssl->out_left += protected_record_size;
+ ssl->out_hdr += protected_record_size;
+ ssl_update_out_pointers( ssl, ssl->transform_out );
+
+ for( i = 8; i > ssl_ep_len( ssl ); i-- )
+ if( ++ssl->cur_out_ctr[i - 1] != 0 )
+ break;
+
+ /* The loop goes to its end iff the counter is wrapping */
+ if( i == ssl_ep_len( ssl ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) );
+ return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+ }
}
- if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ flush == SSL_DONT_FORCE_FLUSH )
+ {
+ size_t remaining;
+ ret = ssl_get_remaining_payload_in_datagram( ssl );
+ if( ret < 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_remaining_payload_in_datagram",
+ ret );
+ return( ret );
+ }
+
+ remaining = (size_t) ret;
+ if( remaining == 0 )
+ {
+ flush = SSL_FORCE_FLUSH;
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Still %u bytes available in current datagram", (unsigned) remaining ) );
+ }
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+ if( ( flush == SSL_FORCE_FLUSH ) &&
+ ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
return( ret );
@@ -3103,6 +4275,52 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
+
+static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl )
+{
+ if( ssl->in_msglen < ssl->in_hslen ||
+ memcmp( ssl->in_msg + 6, "\0\0\0", 3 ) != 0 ||
+ memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 )
+ {
+ return( 1 );
+ }
+ return( 0 );
+}
+
+static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context const *ssl )
+{
+ return( ( ssl->in_msg[9] << 16 ) |
+ ( ssl->in_msg[10] << 8 ) |
+ ssl->in_msg[11] );
+}
+
+static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl )
+{
+ return( ( ssl->in_msg[6] << 16 ) |
+ ( ssl->in_msg[7] << 8 ) |
+ ssl->in_msg[8] );
+}
+
+static int ssl_check_hs_header( mbedtls_ssl_context const *ssl )
+{
+ uint32_t msg_len, frag_off, frag_len;
+
+ msg_len = ssl_get_hs_total_len( ssl );
+ frag_off = ssl_get_hs_frag_off( ssl );
+ frag_len = ssl_get_hs_frag_len( ssl );
+
+ if( frag_off > msg_len )
+ return( -1 );
+
+ if( frag_len > msg_len - frag_off )
+ return( -1 );
+
+ if( frag_len + 12 > ssl->in_msglen )
+ return( -1 );
+
+ return( 0 );
+}
+
/*
* Mark bits in bitmask (used for DTLS HS reassembly)
*/
@@ -3164,162 +4382,30 @@
return( 0 );
}
-/*
- * Reassemble fragmented DTLS handshake messages.
- *
- * Use a temporary buffer for reassembly, divided in two parts:
- * - the first holds the reassembled message (including handshake header),
- * - the second holds a bitmask indicating which parts of the message
- * (excluding headers) have been received so far.
- */
-static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
+/* msg_len does not include the handshake header */
+static size_t ssl_get_reassembly_buffer_size( size_t msg_len,
+ unsigned add_bitmap )
{
- unsigned char *msg, *bitmask;
- size_t frag_len, frag_off;
- size_t msg_len = ssl->in_hslen - 12; /* Without headers */
+ size_t alloc_len;
- if( ssl->handshake == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "not supported outside handshake (for now)" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
- }
+ alloc_len = 12; /* Handshake header */
+ alloc_len += msg_len; /* Content buffer */
- /*
- * For first fragment, check size and allocate buffer
- */
- if( ssl->handshake->hs_msg == NULL )
- {
- size_t alloc_len;
+ if( add_bitmap )
+ alloc_len += msg_len / 8 + ( msg_len % 8 != 0 ); /* Bitmap */
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
- msg_len ) );
-
- if( ssl->in_hslen > MBEDTLS_SSL_IN_CONTENT_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too large" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
- }
-
- /* The bitmask needs one bit per byte of message excluding header */
- alloc_len = 12 + msg_len + msg_len / 8 + ( msg_len % 8 != 0 );
-
- ssl->handshake->hs_msg = mbedtls_calloc( 1, alloc_len );
- if( ssl->handshake->hs_msg == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", alloc_len ) );
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
- }
-
- /* Prepare final header: copy msg_type, length and message_seq,
- * then add standardised fragment_offset and fragment_length */
- memcpy( ssl->handshake->hs_msg, ssl->in_msg, 6 );
- memset( ssl->handshake->hs_msg + 6, 0, 3 );
- memcpy( ssl->handshake->hs_msg + 9,
- ssl->handshake->hs_msg + 1, 3 );
- }
- else
- {
- /* Make sure msg_type and length are consistent */
- if( memcmp( ssl->handshake->hs_msg, ssl->in_msg, 4 ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment header mismatch" ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
- }
- }
-
- msg = ssl->handshake->hs_msg + 12;
- bitmask = msg + msg_len;
-
- /*
- * Check and copy current fragment
- */
- frag_off = ( ssl->in_msg[6] << 16 ) |
- ( ssl->in_msg[7] << 8 ) |
- ssl->in_msg[8];
- frag_len = ( ssl->in_msg[9] << 16 ) |
- ( ssl->in_msg[10] << 8 ) |
- ssl->in_msg[11];
-
- if( frag_off + frag_len > msg_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment offset/len: %d + %d > %d",
- frag_off, frag_len, msg_len ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
- }
-
- if( frag_len + 12 > ssl->in_msglen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment length: %d + 12 > %d",
- frag_len, ssl->in_msglen ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d",
- frag_off, frag_len ) );
-
- memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
- ssl_bitmask_set( bitmask, frag_off, frag_len );
-
- /*
- * Do we have the complete message by now?
- * If yes, finalize it, else ask to read the next record.
- */
- if( ssl_bitmask_check( bitmask, msg_len ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "message is not complete yet" ) );
- return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake message completed" ) );
-
- if( frag_len + 12 < ssl->in_msglen )
- {
- /*
- * We'got more handshake messages in the same record.
- * This case is not handled now because no know implementation does
- * that and it's hard to test, so we prefer to fail cleanly for now.
- */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "last fragment not alone in its record" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
- }
-
- if( ssl->in_left > ssl->next_record_offset )
- {
- /*
- * We've got more data in the buffer after the current record,
- * that we don't want to overwrite. Move it before writing the
- * reassembled message, and adjust in_left and next_record_offset.
- */
- unsigned char *cur_remain = ssl->in_hdr + ssl->next_record_offset;
- unsigned char *new_remain = ssl->in_msg + ssl->in_hslen;
- size_t remain_len = ssl->in_left - ssl->next_record_offset;
-
- /* First compute and check new lengths */
- ssl->next_record_offset = new_remain - ssl->in_hdr;
- ssl->in_left = ssl->next_record_offset + remain_len;
-
- if( ssl->in_left > MBEDTLS_SSL_IN_BUFFER_LEN -
- (size_t)( ssl->in_hdr - ssl->in_buf ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "reassembled message too large for buffer" ) );
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
- }
-
- memmove( new_remain, cur_remain, remain_len );
- }
-
- memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen );
-
- mbedtls_free( ssl->handshake->hs_msg );
- ssl->handshake->hs_msg = NULL;
-
- MBEDTLS_SSL_DEBUG_BUF( 3, "reassembled handshake message",
- ssl->in_msg, ssl->in_hslen );
-
- return( 0 );
+ return( alloc_len );
}
+
#endif /* MBEDTLS_SSL_PROTO_DTLS */
+static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl )
+{
+ return( ( ssl->in_msg[1] << 16 ) |
+ ( ssl->in_msg[2] << 8 ) |
+ ssl->in_msg[3] );
+}
+
int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
{
if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
@@ -3329,10 +4415,7 @@
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
- ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + (
- ( ssl->in_msg[1] << 16 ) |
- ( ssl->in_msg[2] << 8 ) |
- ssl->in_msg[3] );
+ ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
" %d, type = %d, hslen = %d",
@@ -3344,12 +4427,26 @@
int ret;
unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
+ if( ssl_check_hs_header( ssl ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid handshake header" ) );
+ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ }
+
if( ssl->handshake != NULL &&
( ( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER &&
recv_msg_seq != ssl->handshake->in_msg_seq ) ||
( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) )
{
+ if( recv_msg_seq > ssl->handshake->in_msg_seq )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "received future handshake message of sequence number %u (next %u)",
+ recv_msg_seq,
+ ssl->handshake->in_msg_seq ) );
+ return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
+ }
+
/* Retransmit only on last message from previous flight, to avoid
* too many retransmissions.
* Besides, No sane server ever retransmits HelloVerifyRequest */
@@ -3379,20 +4476,14 @@
}
/* Wait until message completion to increment in_msg_seq */
- /* Reassemble if current message is fragmented or reassembly is
- * already in progress */
- if( ssl->in_msglen < ssl->in_hslen ||
- memcmp( ssl->in_msg + 6, "\0\0\0", 3 ) != 0 ||
- memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 ||
- ( ssl->handshake != NULL && ssl->handshake->hs_msg != NULL ) )
+ /* Message reassembly is handled alongside buffering of future
+ * messages; the commonality is that both handshake fragments and
+ * future messages cannot be forwarded immediately to the
+ * handshake logic layer. */
+ if( ssl_hs_is_proper_fragment( ssl ) == 1 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) );
-
- if( ( ret = ssl_reassemble_dtls_handshake( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_reassemble_dtls_handshake", ret );
- return( ret );
- }
+ return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
}
}
else
@@ -3409,9 +4500,9 @@
void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
{
+ mbedtls_ssl_handshake_params * const hs = ssl->handshake;
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER &&
- ssl->handshake != NULL )
+ if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && hs != NULL )
{
ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
}
@@ -3421,7 +4512,29 @@
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake != NULL )
{
- ssl->handshake->in_msg_seq++;
+ unsigned offset;
+ mbedtls_ssl_hs_buffer *hs_buf;
+
+ /* Increment handshake sequence number */
+ hs->in_msg_seq++;
+
+ /*
+ * Clear up handshake buffering and reassembly structure.
+ */
+
+ /* Free first entry */
+ ssl_buffering_free_slot( ssl, 0 );
+
+ /* Shift all other entries */
+ for( offset = 0, hs_buf = &hs->buffering.hs[0];
+ offset + 1 < MBEDTLS_SSL_MAX_BUFFERED_HS;
+ offset++, hs_buf++ )
+ {
+ *hs_buf = *(hs_buf + 1);
+ }
+
+ /* Create a fresh last entry */
+ memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) );
}
#endif
}
@@ -3704,6 +4817,19 @@
}
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
+static int ssl_check_record_type( uint8_t record_type )
+{
+ if( record_type != MBEDTLS_SSL_MSG_HANDSHAKE &&
+ record_type != MBEDTLS_SSL_MSG_ALERT &&
+ record_type != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
+ record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA )
+ {
+ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ }
+
+ return( 0 );
+}
+
/*
* ContentType type;
* ProtocolVersion version;
@@ -3726,23 +4852,40 @@
static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
{
int major_ver, minor_ver;
+ int ret;
- MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) );
+ /* Parse and validate record content type and version */
ssl->in_msgtype = ssl->in_hdr[0];
- ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, ssl->in_hdr + 1 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
- "version = [%d:%d], msglen = %d",
- ssl->in_msgtype,
- major_ver, minor_ver, ssl->in_msglen ) );
-
/* Check record type */
- if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
- ssl->in_msgtype != MBEDTLS_SSL_MSG_ALERT &&
- ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
- ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl->in_msgtype == MBEDTLS_SSL_MSG_CID &&
+ ssl->conf->cid_len != 0 )
+ {
+ /* Shift pointers to account for record header including CID
+ * struct {
+ * ContentType special_type = tls12_cid;
+ * ProtocolVersion version;
+ * uint16 epoch;
+ * uint48 sequence_number;
+ * opaque cid[cid_length]; // Additional field compared to
+ * // default DTLS record format
+ * uint16 length;
+ * opaque enc_content[DTLSCiphertext.length];
+ * } DTLSCiphertext;
+ */
+
+ /* So far, we only support static CID lengths
+ * fixed in the configuration. */
+ ssl->in_len = ssl->in_cid + ssl->conf->cid_len;
+ ssl->in_iv = ssl->in_msg = ssl->in_len + 2;
+ }
+ else
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ if( ssl_check_record_type( ssl->in_msgtype ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
@@ -3770,7 +4913,24 @@
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
- /* Check length against the size of our buffer */
+ /* Now that the total length of the record header is known, ensure
+ * that the current datagram is large enough to hold it.
+ * This would fail, for example, if we received a datagram of
+ * size 13 + n Bytes where n is less than the size of incoming CIDs. */
+ ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
+ return( ret );
+ }
+ MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_in_hdr_len( ssl ) );
+
+ /* Parse and validate record length
+ * This must happen after the CID parsing because
+ * its position in the record header depends on
+ * the presence of a CID. */
+
+ ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
if( ssl->in_msglen > MBEDTLS_SSL_IN_BUFFER_LEN
- (size_t)( ssl->in_msg - ssl->in_buf ) )
{
@@ -3778,6 +4938,11 @@
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
+ "version = [%d:%d], msglen = %d",
+ ssl->in_msgtype,
+ major_ver, minor_ver, ssl->in_msglen ) );
+
/*
* DTLS-related tests.
* Check epoch before checking length constraint because
@@ -3822,7 +4987,16 @@
}
else
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
+ {
+ /* Consider buffering the record. */
+ if( rec_epoch == (unsigned int) ssl->in_epoch + 1 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Consider record for buffering" ) );
+ return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
+ }
+
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
+ }
}
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
@@ -3834,29 +5008,6 @@
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
}
#endif
-
- /* Drop unexpected ChangeCipherSpec messages */
- if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
- ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
- ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
- }
-
- /* Drop unexpected ApplicationData records,
- * except at the beginning of renegotiations */
- if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
- ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
- ssl->state == MBEDTLS_SSL_SERVER_HELLO )
-#endif
- )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
- }
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
@@ -3913,7 +5064,7 @@
int ret, done = 0;
MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network",
- ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen );
+ ssl->in_hdr, mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen );
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_read != NULL )
@@ -3933,20 +5084,134 @@
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
if( !done && ssl->transform_in != NULL )
{
- if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
+ mbedtls_record rec;
+
+ rec.buf = ssl->in_iv;
+ rec.buf_len = MBEDTLS_SSL_IN_BUFFER_LEN
+ - ( ssl->in_iv - ssl->in_buf );
+ rec.data_len = ssl->in_msglen;
+ rec.data_offset = 0;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID )
+ rec.cid_len = (uint8_t)( ssl->in_len - ssl->in_cid );
+ memcpy( rec.cid, ssl->in_cid, rec.cid_len );
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ memcpy( &rec.ctr[0], ssl->in_ctr, 8 );
+ mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
+ ssl->conf->transport, rec.ver );
+ rec.type = ssl->in_msgtype;
+ if( ( ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in,
+ &rec ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID &&
+ ssl->conf->ignore_unexpected_cid
+ == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ignoring unexpected CID" ) );
+ ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
return( ret );
}
+ if( ssl->in_msgtype != rec.type )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "record type after decrypt (before %d): %d",
+ ssl->in_msgtype, rec.type ) );
+ }
+
+ /* The record content type may change during decryption,
+ * so re-read it. */
+ ssl->in_msgtype = rec.type;
+ /* Also update the input buffer, because unfortunately
+ * the server-side ssl_parse_client_hello() reparses the
+ * record header when receiving a ClientHello initiating
+ * a renegotiation. */
+ ssl->in_hdr[0] = rec.type;
+ ssl->in_msg = rec.buf + rec.data_offset;
+ ssl->in_msglen = rec.data_len;
+ ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 );
+ ssl->in_len[1] = (unsigned char)( rec.data_len );
+
MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt",
ssl->in_msg, ssl->in_msglen );
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* We have already checked the record content type
+ * in ssl_parse_record_header(), failing or silently
+ * dropping the record in the case of an unknown type.
+ *
+ * Since with the use of CIDs, the record content type
+ * might change during decryption, re-check the record
+ * content type, but treat a failure as fatal this time. */
+ if( ssl_check_record_type( ssl->in_msgtype ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
+ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
+ else if( ssl->in_msglen == 0 )
+ {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3
+ && ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
+ {
+ /* TLS v1.2 explicitly disallows zero-length messages which are not application data */
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) );
+ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+ ssl->nb_zero++;
+
+ /*
+ * Three or more empty messages may be a DoS attack
+ * (excessive CPU consumption).
+ */
+ if( ssl->nb_zero > 3 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
+ "messages, possible DoS attack" ) );
+ /* Treat the records as if they were not properly authenticated,
+ * thereby failing the connection if we see more than allowed
+ * by the configured bad MAC threshold. */
+ return( MBEDTLS_ERR_SSL_INVALID_MAC );
+ }
+ }
+ else
+ ssl->nb_zero = 0;
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ ; /* in_ctr read from peer, not maintained internally */
+ }
+ else
+#endif
+ {
+ unsigned i;
+ for( i = 8; i > ssl_ep_len( ssl ); i-- )
+ if( ++ssl->in_ctr[i - 1] != 0 )
+ break;
+
+ /* The loop goes to its end iff the counter is wrapping */
+ if( i == ssl_ep_len( ssl ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
+ return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+ }
+ }
+
}
#if defined(MBEDTLS_ZLIB_SUPPORT)
@@ -3980,7 +5245,14 @@
* RFC 6347 4.1.2.7) and continue reading until a valid record is found.
*
*/
-int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl )
+
+/* Helper functions for mbedtls_ssl_read_record(). */
+static int ssl_consume_current_message( mbedtls_ssl_context *ssl );
+static int ssl_get_next_record( mbedtls_ssl_context *ssl );
+static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
+ unsigned update_hs_digest )
{
int ret;
@@ -3990,17 +5262,53 @@
{
do {
- do ret = mbedtls_ssl_read_record_layer( ssl );
- while( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
-
+ ret = ssl_consume_current_message( ssl );
if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
return( ret );
+
+ if( ssl_record_is_in_progress( ssl ) == 0 )
+ {
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ int have_buffered = 0;
+
+ /* We only check for buffered messages if the
+ * current datagram is fully consumed. */
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl_next_record_is_in_datagram( ssl ) == 0 )
+ {
+ if( ssl_load_buffered_message( ssl ) == 0 )
+ have_buffered = 1;
+ }
+
+ if( have_buffered == 0 )
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+ {
+ ret = ssl_get_next_record( ssl );
+ if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING )
+ continue;
+
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_get_next_record" ), ret );
+ return( ret );
+ }
+ }
}
ret = mbedtls_ssl_handle_message_type( ssl );
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
+ {
+ /* Buffer future message */
+ ret = ssl_buffer_message( ssl );
+ if( ret != 0 )
+ return( ret );
+
+ ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
} while( MBEDTLS_ERR_SSL_NON_FATAL == ret ||
MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret );
@@ -4010,14 +5318,15 @@
return( ret );
}
- if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
+ if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+ update_hs_digest == 1 )
{
mbedtls_ssl_update_handshake_status( ssl );
}
}
else
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= reuse previously read message" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "reuse previously read message" ) );
ssl->keep_current_message = 0;
}
@@ -4026,13 +5335,350 @@
return( 0 );
}
-int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl )
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl )
{
- int ret;
+ if( ssl->in_left > ssl->next_record_offset )
+ return( 1 );
+ return( 0 );
+}
+
+static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
+{
+ mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+ mbedtls_ssl_hs_buffer * hs_buf;
+ int ret = 0;
+
+ if( hs == NULL )
+ return( -1 );
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_messsage" ) );
+
+ if( ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC ||
+ ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
+ {
+ /* Check if we have seen a ChangeCipherSpec before.
+ * If yes, synthesize a CCS record. */
+ if( !hs->buffering.seen_ccs )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "CCS not seen in the current flight" ) );
+ ret = -1;
+ goto exit;
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Injecting buffered CCS message" ) );
+ ssl->in_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
+ ssl->in_msglen = 1;
+ ssl->in_msg[0] = 1;
+
+ /* As long as they are equal, the exact value doesn't matter. */
+ ssl->in_left = 0;
+ ssl->next_record_offset = 0;
+
+ hs->buffering.seen_ccs = 0;
+ goto exit;
+ }
+
+#if defined(MBEDTLS_DEBUG_C)
+ /* Debug only */
+ {
+ unsigned offset;
+ for( offset = 1; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ )
+ {
+ hs_buf = &hs->buffering.hs[offset];
+ if( hs_buf->is_valid == 1 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Future message with sequence number %u %s buffered.",
+ hs->in_msg_seq + offset,
+ hs_buf->is_complete ? "fully" : "partially" ) );
+ }
+ }
+ }
+#endif /* MBEDTLS_DEBUG_C */
+
+ /* Check if we have buffered and/or fully reassembled the
+ * next handshake message. */
+ hs_buf = &hs->buffering.hs[0];
+ if( ( hs_buf->is_valid == 1 ) && ( hs_buf->is_complete == 1 ) )
+ {
+ /* Synthesize a record containing the buffered HS message. */
+ size_t msg_len = ( hs_buf->data[1] << 16 ) |
+ ( hs_buf->data[2] << 8 ) |
+ hs_buf->data[3];
+
+ /* Double-check that we haven't accidentally buffered
+ * a message that doesn't fit into the input buffer. */
+ if( msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message has been buffered - load" ) );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered handshake message (incl. header)",
+ hs_buf->data, msg_len + 12 );
+
+ ssl->in_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+ ssl->in_hslen = msg_len + 12;
+ ssl->in_msglen = msg_len + 12;
+ memcpy( ssl->in_msg, hs_buf->data, ssl->in_hslen );
+
+ ret = 0;
+ goto exit;
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message %u not or only partially bufffered",
+ hs->in_msg_seq ) );
+ }
+
+ ret = -1;
+
+exit:
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_load_buffered_message" ) );
+ return( ret );
+}
+
+static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
+ size_t desired )
+{
+ int offset;
+ mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Attempt to free buffered messages to have %u bytes available",
+ (unsigned) desired ) );
+
+ /* Get rid of future records epoch first, if such exist. */
+ ssl_free_buffered_record( ssl );
+
+ /* Check if we have enough space available now. */
+ if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
+ hs->buffering.total_bytes_buffered ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Enough space available after freeing future epoch record" ) );
+ return( 0 );
+ }
+
+ /* We don't have enough space to buffer the next expected handshake
+ * message. Remove buffers used for future messages to gain space,
+ * starting with the most distant one. */
+ for( offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1;
+ offset >= 0; offset-- )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Free buffering slot %d to make space for reassembly of next handshake message",
+ offset ) );
+
+ ssl_buffering_free_slot( ssl, (uint8_t) offset );
+
+ /* Check if we have enough space available now. */
+ if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
+ hs->buffering.total_bytes_buffered ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Enough space available after freeing buffered HS messages" ) );
+ return( 0 );
+ }
+ }
+
+ return( -1 );
+}
+
+static int ssl_buffer_message( mbedtls_ssl_context *ssl )
+{
+ int ret = 0;
+ mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+
+ if( hs == NULL )
+ return( 0 );
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_buffer_message" ) );
+
+ switch( ssl->in_msgtype )
+ {
+ case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Remember CCS message" ) );
+
+ hs->buffering.seen_ccs = 1;
+ break;
+
+ case MBEDTLS_SSL_MSG_HANDSHAKE:
+ {
+ unsigned recv_msg_seq_offset;
+ unsigned recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
+ mbedtls_ssl_hs_buffer *hs_buf;
+ size_t msg_len = ssl->in_hslen - 12;
+
+ /* We should never receive an old handshake
+ * message - double-check nonetheless. */
+ if( recv_msg_seq < ssl->handshake->in_msg_seq )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ recv_msg_seq_offset = recv_msg_seq - ssl->handshake->in_msg_seq;
+ if( recv_msg_seq_offset >= MBEDTLS_SSL_MAX_BUFFERED_HS )
+ {
+ /* Silently ignore -- message too far in the future */
+ MBEDTLS_SSL_DEBUG_MSG( 2,
+ ( "Ignore future HS message with sequence number %u, "
+ "buffering window %u - %u",
+ recv_msg_seq, ssl->handshake->in_msg_seq,
+ ssl->handshake->in_msg_seq + MBEDTLS_SSL_MAX_BUFFERED_HS - 1 ) );
+
+ goto exit;
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering HS message with sequence number %u, offset %u ",
+ recv_msg_seq, recv_msg_seq_offset ) );
+
+ hs_buf = &hs->buffering.hs[ recv_msg_seq_offset ];
+
+ /* Check if the buffering for this seq nr has already commenced. */
+ if( !hs_buf->is_valid )
+ {
+ size_t reassembly_buf_sz;
+
+ hs_buf->is_fragmented =
+ ( ssl_hs_is_proper_fragment( ssl ) == 1 );
+
+ /* We copy the message back into the input buffer
+ * after reassembly, so check that it's not too large.
+ * This is an implementation-specific limitation
+ * and not one from the standard, hence it is not
+ * checked in ssl_check_hs_header(). */
+ if( msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN )
+ {
+ /* Ignore message */
+ goto exit;
+ }
+
+ /* Check if we have enough space to buffer the message. */
+ if( hs->buffering.total_bytes_buffered >
+ MBEDTLS_SSL_DTLS_MAX_BUFFERING )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ reassembly_buf_sz = ssl_get_reassembly_buffer_size( msg_len,
+ hs_buf->is_fragmented );
+
+ if( reassembly_buf_sz > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
+ hs->buffering.total_bytes_buffered ) )
+ {
+ if( recv_msg_seq_offset > 0 )
+ {
+ /* If we can't buffer a future message because
+ * of space limitations -- ignore. */
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
+ (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+ (unsigned) hs->buffering.total_bytes_buffered ) );
+ goto exit;
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- attempt to make space by freeing buffered future messages\n",
+ (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+ (unsigned) hs->buffering.total_bytes_buffered ) );
+ }
+
+ if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %u (%u with bitmap) would exceed the compile-time limit %u (already %u bytes buffered) -- fail\n",
+ (unsigned) msg_len,
+ (unsigned) reassembly_buf_sz,
+ MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+ (unsigned) hs->buffering.total_bytes_buffered ) );
+ ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
+ goto exit;
+ }
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
+ msg_len ) );
+
+ hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz );
+ if( hs_buf->data == NULL )
+ {
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto exit;
+ }
+ hs_buf->data_len = reassembly_buf_sz;
+
+ /* Prepare final header: copy msg_type, length and message_seq,
+ * then add standardised fragment_offset and fragment_length */
+ memcpy( hs_buf->data, ssl->in_msg, 6 );
+ memset( hs_buf->data + 6, 0, 3 );
+ memcpy( hs_buf->data + 9, hs_buf->data + 1, 3 );
+
+ hs_buf->is_valid = 1;
+
+ hs->buffering.total_bytes_buffered += reassembly_buf_sz;
+ }
+ else
+ {
+ /* Make sure msg_type and length are consistent */
+ if( memcmp( hs_buf->data, ssl->in_msg, 4 ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Fragment header mismatch - ignore" ) );
+ /* Ignore */
+ goto exit;
+ }
+ }
+
+ if( !hs_buf->is_complete )
+ {
+ size_t frag_len, frag_off;
+ unsigned char * const msg = hs_buf->data + 12;
+
+ /*
+ * Check and copy current fragment
+ */
+
+ /* Validation of header fields already done in
+ * mbedtls_ssl_prepare_handshake_record(). */
+ frag_off = ssl_get_hs_frag_off( ssl );
+ frag_len = ssl_get_hs_frag_len( ssl );
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d",
+ frag_off, frag_len ) );
+ memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
+
+ if( hs_buf->is_fragmented )
+ {
+ unsigned char * const bitmask = msg + msg_len;
+ ssl_bitmask_set( bitmask, frag_off, frag_len );
+ hs_buf->is_complete = ( ssl_bitmask_check( bitmask,
+ msg_len ) == 0 );
+ }
+ else
+ {
+ hs_buf->is_complete = 1;
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "message %scomplete",
+ hs_buf->is_complete ? "" : "not yet " ) );
+ }
+
+ break;
+ }
+
+ default:
+ /* We don't buffer other types of messages. */
+ break;
+ }
+
+exit:
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_buffer_message" ) );
+ return( ret );
+}
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+static int ssl_consume_current_message( mbedtls_ssl_context *ssl )
+{
/*
- * Step A
- *
* Consume last content-layer message and potentially
* update in_msglen which keeps track of the contents'
* consumption state.
@@ -4114,22 +5760,172 @@
ssl->in_msglen = 0;
}
- /*
- * Step B
- *
- * Fetch and decode new record if current one is fully consumed.
- *
- */
+ return( 0 );
+}
+static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl )
+{
if( ssl->in_msglen > 0 )
+ return( 1 );
+
+ return( 0 );
+}
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+
+static void ssl_free_buffered_record( mbedtls_ssl_context *ssl )
+{
+ mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+ if( hs == NULL )
+ return;
+
+ if( hs->buffering.future_record.data != NULL )
{
- /* There's something left to be processed in the current record. */
+ hs->buffering.total_bytes_buffered -=
+ hs->buffering.future_record.len;
+
+ mbedtls_free( hs->buffering.future_record.data );
+ hs->buffering.future_record.data = NULL;
+ }
+}
+
+static int ssl_load_buffered_record( mbedtls_ssl_context *ssl )
+{
+ mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+ unsigned char * rec;
+ size_t rec_len;
+ unsigned rec_epoch;
+
+ if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ return( 0 );
+
+ if( hs == NULL )
+ return( 0 );
+
+ rec = hs->buffering.future_record.data;
+ rec_len = hs->buffering.future_record.len;
+ rec_epoch = hs->buffering.future_record.epoch;
+
+ if( rec == NULL )
+ return( 0 );
+
+ /* Only consider loading future records if the
+ * input buffer is empty. */
+ if( ssl_next_record_is_in_datagram( ssl ) == 1 )
+ return( 0 );
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_record" ) );
+
+ if( rec_epoch != ssl->in_epoch )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffered record not from current epoch." ) );
+ goto exit;
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Found buffered record from current epoch - load" ) );
+
+ /* Double-check that the record is not too large */
+ if( rec_len > MBEDTLS_SSL_IN_BUFFER_LEN -
+ (size_t)( ssl->in_hdr - ssl->in_buf ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ memcpy( ssl->in_hdr, rec, rec_len );
+ ssl->in_left = rec_len;
+ ssl->next_record_offset = 0;
+
+ ssl_free_buffered_record( ssl );
+
+exit:
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_load_buffered_record" ) );
+ return( 0 );
+}
+
+static int ssl_buffer_future_record( mbedtls_ssl_context *ssl )
+{
+ mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+ size_t const rec_hdr_len = 13;
+ size_t const total_buf_sz = rec_hdr_len + ssl->in_msglen;
+
+ /* Don't buffer future records outside handshakes. */
+ if( hs == NULL )
+ return( 0 );
+
+ /* Only buffer handshake records (we are only interested
+ * in Finished messages). */
+ if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
+ return( 0 );
+
+ /* Don't buffer more than one future epoch record. */
+ if( hs->buffering.future_record.data != NULL )
+ return( 0 );
+
+ /* Don't buffer record if there's not enough buffering space remaining. */
+ if( total_buf_sz > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
+ hs->buffering.total_bytes_buffered ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
+ (unsigned) total_buf_sz, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+ (unsigned) hs->buffering.total_bytes_buffered ) );
return( 0 );
}
- /* Current record either fully processed or to be discarded. */
+ /* Buffer record */
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u",
+ ssl->in_epoch + 1 ) );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", ssl->in_hdr,
+ rec_hdr_len + ssl->in_msglen );
- if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 )
+ /* ssl_parse_record_header() only considers records
+ * of the next epoch as candidates for buffering. */
+ hs->buffering.future_record.epoch = ssl->in_epoch + 1;
+ hs->buffering.future_record.len = total_buf_sz;
+
+ hs->buffering.future_record.data =
+ mbedtls_calloc( 1, hs->buffering.future_record.len );
+ if( hs->buffering.future_record.data == NULL )
+ {
+ /* If we run out of RAM trying to buffer a
+ * record from the next epoch, just ignore. */
+ return( 0 );
+ }
+
+ memcpy( hs->buffering.future_record.data, ssl->in_hdr, total_buf_sz );
+
+ hs->buffering.total_bytes_buffered += total_buf_sz;
+ return( 0 );
+}
+
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+static int ssl_get_next_record( mbedtls_ssl_context *ssl )
+{
+ int ret;
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ /* We might have buffered a future record; if so,
+ * and if the epoch matches now, load it.
+ * On success, this call will set ssl->in_left to
+ * the length of the buffered record, so that
+ * the calls to ssl_fetch_input() below will
+ * essentially be no-ops. */
+ ret = ssl_load_buffered_record( ssl );
+ if( ret != 0 )
+ return( ret );
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+ /* Reset in pointers to default state for TLS/DTLS records,
+ * assuming no CID and no offset between record content and
+ * record plaintext. */
+ ssl_update_in_pointers( ssl );
+
+ /* Ensure that we have enough space available for the default form
+ * of TLS / DTLS record headers (5 Bytes for TLS, 13 Bytes for DTLS,
+ * with no space for CIDs counted in). */
+ ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) );
+ if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
@@ -4141,11 +5937,21 @@
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ret != MBEDTLS_ERR_SSL_CLIENT_RECONNECT )
{
+ if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
+ {
+ ret = ssl_buffer_future_record( ssl );
+ if( ret != 0 )
+ return( ret );
+
+ /* Fall through to handling of unexpected records */
+ ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
+ }
+
if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD )
{
/* Skip unexpected record (but not whole datagram) */
ssl->next_record_offset = ssl->in_msglen
- + mbedtls_ssl_hdr_len( ssl );
+ + mbedtls_ssl_in_hdr_len( ssl );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record "
"(header)" ) );
@@ -4171,7 +5977,7 @@
* Read and optionally decrypt the message contents
*/
if( ( ret = mbedtls_ssl_fetch_input( ssl,
- mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
+ mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
@@ -4181,7 +5987,7 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
- ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl );
+ ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl );
if( ssl->next_record_offset < ssl->in_left )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) );
@@ -4197,8 +6003,7 @@
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
/* Silently discard invalid records */
- if( ret == MBEDTLS_ERR_SSL_INVALID_RECORD ||
- ret == MBEDTLS_ERR_SSL_INVALID_MAC )
+ if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
{
/* Except when waiting for Finished as a bad mac here
* probably means something went wrong in the handshake
@@ -4272,6 +6077,39 @@
}
}
+ if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
+ {
+ if( ssl->in_msglen != 1 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %d",
+ ssl->in_msglen ) );
+ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ }
+
+ if( ssl->in_msg[0] != 1 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, content: %02x",
+ ssl->in_msg[0] ) );
+ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ }
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
+ ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
+ {
+ if( ssl->handshake == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping ChangeCipherSpec outside handshake" ) );
+ return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "received out-of-order ChangeCipherSpec - remember" ) );
+ return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
+ }
+#endif
+ }
+
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
{
if( ssl->in_msglen != 2 )
@@ -4331,13 +6169,29 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->handshake != NULL &&
- ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
- ssl_handshake_wrapup_free_hs_transform( ssl );
- }
+ /* Drop unexpected ApplicationData records,
+ * except at the beginning of renegotiations */
+ if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
+ ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+ ssl->state == MBEDTLS_SSL_SERVER_HELLO )
#endif
+ )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
+ return( MBEDTLS_ERR_SSL_NON_FATAL );
+ }
+
+ if( ssl->handshake != NULL &&
+ ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+ {
+ ssl_handshake_wrapup_free_hs_transform( ssl );
+ }
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
return( 0 );
}
@@ -4373,7 +6227,7 @@
ssl->out_msg[0] = level;
ssl->out_msg[1] = message;
- if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
return( ret );
@@ -4383,27 +6237,42 @@
return( 0 );
}
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static void ssl_clear_peer_cert( mbedtls_ssl_session *session )
+{
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ if( session->peer_cert != NULL )
+ {
+ mbedtls_x509_crt_free( session->peer_cert );
+ mbedtls_free( session->peer_cert );
+ session->peer_cert = NULL;
+ }
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+ if( session->peer_cert_digest != NULL )
+ {
+ /* Zeroization is not necessary. */
+ mbedtls_free( session->peer_cert_digest );
+ session->peer_cert_digest = NULL;
+ session->peer_cert_digest_type = MBEDTLS_MD_NONE;
+ session->peer_cert_digest_len = 0;
+ }
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
/*
* Handshake functions
*/
-#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+#if !defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
/* No certificate support -> dummy functions */
int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
{
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+ if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
ssl->state++;
@@ -4416,14 +6285,12 @@
int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
{
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+ if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
ssl->state++;
@@ -4434,7 +6301,7 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
-#else
+#else /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
/* Some certificate support -> implement write and parse */
int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
@@ -4442,14 +6309,12 @@
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
size_t i, n;
const mbedtls_x509_crt *crt;
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+ if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
ssl->state++;
@@ -4542,9 +6407,9 @@
ssl->state++;
- if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
return( ret );
}
@@ -4553,113 +6418,68 @@
return( ret );
}
-int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
+#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
+
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
+ unsigned char *crt_buf,
+ size_t crt_buf_len )
{
- int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert;
+
+ if( peer_crt == NULL )
+ return( -1 );
+
+ if( peer_crt->raw.len != crt_buf_len )
+ return( -1 );
+
+ return( memcmp( peer_crt->raw.p, crt_buf, crt_buf_len ) );
+}
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
+ unsigned char *crt_buf,
+ size_t crt_buf_len )
+{
+ int ret;
+ unsigned char const * const peer_cert_digest =
+ ssl->session->peer_cert_digest;
+ mbedtls_md_type_t const peer_cert_digest_type =
+ ssl->session->peer_cert_digest_type;
+ mbedtls_md_info_t const * const digest_info =
+ mbedtls_md_info_from_type( peer_cert_digest_type );
+ unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN];
+ size_t digest_len;
+
+ if( peer_cert_digest == NULL || digest_info == NULL )
+ return( -1 );
+
+ digest_len = mbedtls_md_get_size( digest_info );
+ if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN )
+ return( -1 );
+
+ ret = mbedtls_md( digest_info, crt_buf, crt_buf_len, tmp_digest );
+ if( ret != 0 )
+ return( -1 );
+
+ return( memcmp( tmp_digest, peer_cert_digest, digest_len ) );
+}
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
+
+/*
+ * Once the certificate message is read, parse it into a cert chain and
+ * perform basic checks, but leave actual verification to the caller
+ */
+static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *chain )
+{
+ int ret;
+#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
+ int crt_cnt=0;
+#endif
size_t i, n;
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
- int authmode = ssl->conf->authmode;
uint8_t alert;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
-
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
- ssl->state++;
- return( 0 );
- }
-
-#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
- ssl->state++;
- return( 0 );
- }
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET )
- authmode = ssl->handshake->sni_authmode;
-#endif
-
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
- authmode == MBEDTLS_SSL_VERIFY_NONE )
- {
- ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
- ssl->state++;
- return( 0 );
- }
-#endif
-
- if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
- {
- /* mbedtls_ssl_read_record may have sent an alert already. We
- let it decide whether to alert. */
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
- return( ret );
- }
-
- ssl->state++;
-
-#if defined(MBEDTLS_SSL_SRV_C)
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
- /*
- * Check if the client sent an empty certificate
- */
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
- ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
- {
- if( ssl->in_msglen == 2 &&
- ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT &&
- ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
- ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
-
- /* The client was asked for a certificate but didn't send
- one. The client should know what's going on, so we
- don't send an alert. */
- ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
- if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
- return( 0 );
- else
- return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
- }
- }
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
- ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
- {
- if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
- ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
- ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE &&
- memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
-
- /* The client was asked for a certificate but didn't send
- one. The client should know what's going on, so we
- don't send an alert. */
- ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
- if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
- return( 0 );
- else
- return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
- }
- }
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
- MBEDTLS_SSL_PROTO_TLS1_2 */
-#endif /* MBEDTLS_SSL_SRV_C */
-
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
@@ -4693,43 +6513,32 @@
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
- /* In case we tried to reuse a session but it failed */
- if( ssl->session_negotiate->peer_cert != NULL )
- {
- mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert );
- mbedtls_free( ssl->session_negotiate->peer_cert );
- }
-
- if( ( ssl->session_negotiate->peer_cert = mbedtls_calloc( 1,
- sizeof( mbedtls_x509_crt ) ) ) == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
- sizeof( mbedtls_x509_crt ) ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
- }
-
- mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
-
+ /* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */
i += 3;
+ /* Iterate through and parse the CRTs in the provided chain. */
while( i < ssl->in_hslen )
{
+ /* Check that there's room for the next CRT's length fields. */
if ( i + 3 > ssl->in_hslen ) {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
+ /* In theory, the CRT can be up to 2**24 Bytes, but we don't support
+ * anything beyond 2**16 ~ 64K. */
if( ssl->in_msg[i] != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
+ /* Read length of the next CRT in the chain. */
n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
| (unsigned int) ssl->in_msg[i + 2];
i += 3;
@@ -4737,73 +6546,207 @@
if( n < 128 || i + n > ssl->in_hslen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
- ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert,
- ssl->in_msg + i, n );
+ /* Check if we're handling the first CRT in the chain. */
+#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
+ if( crt_cnt++ == 0 &&
+ ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+ ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
+ {
+ /* During client-side renegotiation, check that the server's
+ * end-CRTs hasn't changed compared to the initial handshake,
+ * mitigating the triple handshake attack. On success, reuse
+ * the original end-CRT instead of parsing it again. */
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Check that peer CRT hasn't changed during renegotiation" ) );
+ if( ssl_check_peer_crt_unchanged( ssl,
+ &ssl->in_msg[i],
+ n ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) );
+ mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+ }
+
+ /* Now we can safely free the original chain. */
+ ssl_clear_peer_cert( ssl->session );
+ }
+#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
+
+ /* Parse the next certificate in the chain. */
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ ret = mbedtls_x509_crt_parse_der( chain, ssl->in_msg + i, n );
+#else
+ /* If we don't need to store the CRT chain permanently, parse
+ * it in-place from the input buffer instead of making a copy. */
+ ret = mbedtls_x509_crt_parse_der_nocopy( chain, ssl->in_msg + i, n );
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
switch( ret )
{
- case 0: /*ok*/
- case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
- /* Ignore certificate with an unknown algorithm: maybe a
- prior certificate was already trusted. */
- break;
+ case 0: /*ok*/
+ case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
+ /* Ignore certificate with an unknown algorithm: maybe a
+ prior certificate was already trusted. */
+ break;
- case MBEDTLS_ERR_X509_ALLOC_FAILED:
- alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR;
- goto crt_parse_der_failed;
+ case MBEDTLS_ERR_X509_ALLOC_FAILED:
+ alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR;
+ goto crt_parse_der_failed;
- case MBEDTLS_ERR_X509_UNKNOWN_VERSION:
- alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- goto crt_parse_der_failed;
+ case MBEDTLS_ERR_X509_UNKNOWN_VERSION:
+ alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+ goto crt_parse_der_failed;
- default:
- alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
- crt_parse_der_failed:
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert );
- MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
- return( ret );
+ default:
+ alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
+ crt_parse_der_failed:
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert );
+ MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
+ return( ret );
}
i += n;
}
- MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert );
+ MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", chain );
+ return( 0 );
+}
+#if defined(MBEDTLS_SSL_SRV_C)
+static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
+{
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ return( -1 );
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
/*
- * On client, make sure the server cert doesn't change during renego to
- * avoid "triple handshake" attack: https://secure-resumption.com/
+ * Check if the client sent an empty certificate
*/
-#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
- ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
+ if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
- if( ssl->session->peer_cert == NULL )
+ if( ssl->in_msglen == 2 &&
+ ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT &&
+ ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
+ ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
+ return( 0 );
}
- if( ssl->session->peer_cert->raw.len !=
- ssl->session_negotiate->peer_cert->raw.len ||
- memcmp( ssl->session->peer_cert->raw.p,
- ssl->session_negotiate->peer_cert->raw.p,
- ssl->session->peer_cert->raw.len ) != 0 )
+ return( -1 );
+ }
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+ defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
+ ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+ ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE &&
+ memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
+ return( 0 );
+ }
+
+ return( -1 );
+#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
+ MBEDTLS_SSL_PROTO_TLS1_2 */
+}
+#endif /* MBEDTLS_SSL_SRV_C */
+
+/* Check if a certificate message is expected.
+ * Return either
+ * - SSL_CERTIFICATE_EXPECTED, or
+ * - SSL_CERTIFICATE_SKIP
+ * indicating whether a Certificate message is expected or not.
+ */
+#define SSL_CERTIFICATE_EXPECTED 0
+#define SSL_CERTIFICATE_SKIP 1
+static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl,
+ int authmode )
+{
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->handshake->ciphersuite_info;
+
+ if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
+ return( SSL_CERTIFICATE_SKIP );
+
+#if defined(MBEDTLS_SSL_SRV_C)
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+ {
+ if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
+ return( SSL_CERTIFICATE_SKIP );
+
+ if( authmode == MBEDTLS_SSL_VERIFY_NONE )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "server cert changed during renegotiation" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+ ssl->session_negotiate->verify_result =
+ MBEDTLS_X509_BADCERT_SKIP_VERIFY;
+ return( SSL_CERTIFICATE_SKIP );
}
}
-#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
+#else
+ ((void) authmode);
+#endif /* MBEDTLS_SSL_SRV_C */
- if( authmode != MBEDTLS_SSL_VERIFY_NONE )
+ return( SSL_CERTIFICATE_EXPECTED );
+}
+
+static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
+ int authmode,
+ mbedtls_x509_crt *chain,
+ void *rs_ctx )
+{
+ int ret = 0;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->handshake->ciphersuite_info;
+ int have_ca_chain = 0;
+
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
+ void *p_vrfy;
+
+ if( authmode == MBEDTLS_SSL_VERIFY_NONE )
+ return( 0 );
+
+ if( ssl->f_vrfy != NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use context-specific verification callback" ) );
+ f_vrfy = ssl->f_vrfy;
+ p_vrfy = ssl->p_vrfy;
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use configuration-specific verification callback" ) );
+ f_vrfy = ssl->conf->f_vrfy;
+ p_vrfy = ssl->conf->p_vrfy;
+ }
+
+ /*
+ * Main check: verify certificate
+ */
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ if( ssl->conf->f_ca_cb != NULL )
+ {
+ ((void) rs_ctx);
+ have_ca_chain = 1;
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "use CA callback for X.509 CRT verification" ) );
+ ret = mbedtls_x509_crt_verify_with_ca_cb(
+ chain,
+ ssl->conf->f_ca_cb,
+ ssl->conf->p_ca_cb,
+ ssl->conf->cert_profile,
+ ssl->hostname,
+ &ssl->session_negotiate->verify_result,
+ f_vrfy, p_vrfy );
+ }
+ else
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
{
mbedtls_x509_crt *ca_chain;
mbedtls_x509_crl *ca_crl;
@@ -4821,127 +6764,329 @@
ca_crl = ssl->conf->ca_crl;
}
- /*
- * Main check: verify certificate
- */
- ret = mbedtls_x509_crt_verify_with_profile(
- ssl->session_negotiate->peer_cert,
- ca_chain, ca_crl,
- ssl->conf->cert_profile,
- ssl->hostname,
- &ssl->session_negotiate->verify_result,
- ssl->conf->f_vrfy, ssl->conf->p_vrfy );
+ if( ca_chain != NULL )
+ have_ca_chain = 1;
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
- }
+ ret = mbedtls_x509_crt_verify_restartable(
+ chain,
+ ca_chain, ca_crl,
+ ssl->conf->cert_profile,
+ ssl->hostname,
+ &ssl->session_negotiate->verify_result,
+ f_vrfy, p_vrfy, rs_ctx );
+ }
- /*
- * Secondary checks: always done, but change 'ret' only if it was 0
- */
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
+ }
+
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
+#endif
+
+ /*
+ * Secondary checks: always done, but change 'ret' only if it was 0
+ */
#if defined(MBEDTLS_ECP_C)
+ {
+ const mbedtls_pk_context *pk = &chain->pk;
+
+ /* If certificate uses an EC key, make sure the curve is OK */
+ if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
+ mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
{
- const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk;
+ ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY;
- /* If certificate uses an EC key, make sure the curve is OK */
- if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
- mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
- {
- ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY;
-
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) );
- if( ret == 0 )
- ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
- }
- }
-#endif /* MBEDTLS_ECP_C */
-
- if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert,
- ciphersuite_info,
- ! ssl->conf->endpoint,
- &ssl->session_negotiate->verify_result ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) );
if( ret == 0 )
ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
}
+ }
+#endif /* MBEDTLS_ECP_C */
- /* mbedtls_x509_crt_verify_with_profile is supposed to report a
- * verification failure through MBEDTLS_ERR_X509_CERT_VERIFY_FAILED,
- * with details encoded in the verification flags. All other kinds
- * of error codes, including those from the user provided f_vrfy
- * functions, are treated as fatal and lead to a failure of
- * ssl_parse_certificate even if verification was optional. */
- if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
- ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
- ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) )
- {
- ret = 0;
- }
-
- if( ca_chain == NULL && authmode == MBEDTLS_SSL_VERIFY_REQUIRED )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
- ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED;
- }
-
- if( ret != 0 )
- {
- /* The certificate may have been rejected for several reasons.
- Pick one and send the corresponding alert. Which alert to send
- may be a subject of debate in some cases. */
- if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER )
- alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH )
- alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE )
- alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE )
- alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE )
- alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK )
- alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY )
- alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED )
- alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED )
- alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED;
- else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED )
- alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA;
- else
- alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN;
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- alert );
- }
-
-#if defined(MBEDTLS_DEBUG_C)
- if( ssl->session_negotiate->verify_result != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x",
- ssl->session_negotiate->verify_result ) );
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) );
- }
-#endif /* MBEDTLS_DEBUG_C */
+ if( mbedtls_ssl_check_cert_usage( chain,
+ ciphersuite_info,
+ ! ssl->conf->endpoint,
+ &ssl->session_negotiate->verify_result ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
+ if( ret == 0 )
+ ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
+ /* mbedtls_x509_crt_verify_with_profile is supposed to report a
+ * verification failure through MBEDTLS_ERR_X509_CERT_VERIFY_FAILED,
+ * with details encoded in the verification flags. All other kinds
+ * of error codes, including those from the user provided f_vrfy
+ * functions, are treated as fatal and lead to a failure of
+ * ssl_parse_certificate even if verification was optional. */
+ if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
+ ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
+ ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) )
+ {
+ ret = 0;
+ }
+
+ if( have_ca_chain == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
+ ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED;
+ }
+
+ if( ret != 0 )
+ {
+ uint8_t alert;
+
+ /* The certificate may have been rejected for several reasons.
+ Pick one and send the corresponding alert. Which alert to send
+ may be a subject of debate in some cases. */
+ if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER )
+ alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH )
+ alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE )
+ alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE )
+ alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE )
+ alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK )
+ alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY )
+ alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED )
+ alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED )
+ alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED;
+ else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED )
+ alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA;
+ else
+ alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN;
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ alert );
+ }
+
+#if defined(MBEDTLS_DEBUG_C)
+ if( ssl->session_negotiate->verify_result != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x",
+ ssl->session_negotiate->verify_result ) );
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) );
+ }
+#endif /* MBEDTLS_DEBUG_C */
return( ret );
}
-#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
- !MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
- !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
- !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
- !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
- !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
- !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl,
+ unsigned char *start, size_t len )
+{
+ int ret;
+ /* Remember digest of the peer's end-CRT. */
+ ssl->session_negotiate->peer_cert_digest =
+ mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
+ if( ssl->session_negotiate->peer_cert_digest == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
+ sizeof( MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ) ) );
+ mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ }
+
+ ret = mbedtls_md( mbedtls_md_info_from_type(
+ MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
+ start, len,
+ ssl->session_negotiate->peer_cert_digest );
+
+ ssl->session_negotiate->peer_cert_digest_type =
+ MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
+ ssl->session_negotiate->peer_cert_digest_len =
+ MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
+
+ return( ret );
+}
+
+static int ssl_remember_peer_pubkey( mbedtls_ssl_context *ssl,
+ unsigned char *start, size_t len )
+{
+ unsigned char *end = start + len;
+ int ret;
+
+ /* Make a copy of the peer's raw public key. */
+ mbedtls_pk_init( &ssl->handshake->peer_pubkey );
+ ret = mbedtls_pk_parse_subpubkey( &start, end,
+ &ssl->handshake->peer_pubkey );
+ if( ret != 0 )
+ {
+ /* We should have parsed the public key before. */
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ return( 0 );
+}
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
+int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
+{
+ int ret = 0;
+ int crt_expected;
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET
+ ? ssl->handshake->sni_authmode
+ : ssl->conf->authmode;
+#else
+ const int authmode = ssl->conf->authmode;
+#endif
+ void *rs_ctx = NULL;
+ mbedtls_x509_crt *chain = NULL;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
+
+ crt_expected = ssl_parse_certificate_coordinate( ssl, authmode );
+ if( crt_expected == SSL_CERTIFICATE_SKIP )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
+ goto exit;
+ }
+
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ssl->handshake->ecrs_enabled &&
+ ssl->handshake->ecrs_state == ssl_ecrs_crt_verify )
+ {
+ chain = ssl->handshake->ecrs_peer_cert;
+ ssl->handshake->ecrs_peer_cert = NULL;
+ goto crt_verify;
+ }
+#endif
+
+ if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
+ {
+ /* mbedtls_ssl_read_record may have sent an alert already. We
+ let it decide whether to alert. */
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+ goto exit;
+ }
+
+#if defined(MBEDTLS_SSL_SRV_C)
+ if( ssl_srv_check_client_no_crt_notification( ssl ) == 0 )
+ {
+ ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
+
+ if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
+ ret = 0;
+ else
+ ret = MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE;
+
+ goto exit;
+ }
+#endif /* MBEDTLS_SSL_SRV_C */
+
+ /* Clear existing peer CRT structure in case we tried to
+ * reuse a session but it failed, and allocate a new one. */
+ ssl_clear_peer_cert( ssl->session_negotiate );
+
+ chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
+ if( chain == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
+ sizeof( mbedtls_x509_crt ) ) );
+ mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto exit;
+ }
+ mbedtls_x509_crt_init( chain );
+
+ ret = ssl_parse_certificate_chain( ssl, chain );
+ if( ret != 0 )
+ goto exit;
+
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ssl->handshake->ecrs_enabled)
+ ssl->handshake->ecrs_state = ssl_ecrs_crt_verify;
+
+crt_verify:
+ if( ssl->handshake->ecrs_enabled)
+ rs_ctx = &ssl->handshake->ecrs_ctx;
+#endif
+
+ ret = ssl_parse_certificate_verify( ssl, authmode,
+ chain, rs_ctx );
+ if( ret != 0 )
+ goto exit;
+
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ {
+ unsigned char *crt_start, *pk_start;
+ size_t crt_len, pk_len;
+
+ /* We parse the CRT chain without copying, so
+ * these pointers point into the input buffer,
+ * and are hence still valid after freeing the
+ * CRT chain. */
+
+ crt_start = chain->raw.p;
+ crt_len = chain->raw.len;
+
+ pk_start = chain->pk_raw.p;
+ pk_len = chain->pk_raw.len;
+
+ /* Free the CRT structures before computing
+ * digest and copying the peer's public key. */
+ mbedtls_x509_crt_free( chain );
+ mbedtls_free( chain );
+ chain = NULL;
+
+ ret = ssl_remember_peer_crt_digest( ssl, crt_start, crt_len );
+ if( ret != 0 )
+ goto exit;
+
+ ret = ssl_remember_peer_pubkey( ssl, pk_start, pk_len );
+ if( ret != 0 )
+ goto exit;
+ }
+#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+ /* Pass ownership to session structure. */
+ ssl->session_negotiate->peer_cert = chain;
+ chain = NULL;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
+
+exit:
+
+ if( ret == 0 )
+ ssl->state++;
+
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
+ {
+ ssl->handshake->ecrs_peer_cert = chain;
+ chain = NULL;
+ }
+#endif
+
+ if( chain != NULL )
+ {
+ mbedtls_x509_crt_free( chain );
+ mbedtls_free( chain );
+ }
+
+ return( ret );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl )
{
@@ -4955,9 +7100,9 @@
ssl->state++;
- if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
return( ret );
}
@@ -4972,7 +7117,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) );
- if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
return( ret );
@@ -4986,13 +7131,8 @@
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
- if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC );
- }
+ /* CCS records are only accepted if they have length 1 and content '1',
+ * so we don't need to check this here. */
/*
* Switch to our negotiated transform and session parameters for inbound
@@ -5022,16 +7162,7 @@
#endif /* MBEDTLS_SSL_PROTO_DTLS */
memset( ssl->in_ctr, 0, 8 );
- /*
- * Set the in_msg pointer to the correct location based on IV length
- */
- if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
- {
- ssl->in_msg = ssl->in_iv + ssl->transform_negotiate->ivlen -
- ssl->transform_negotiate->fixed_ivlen;
- }
- else
- ssl->in_msg = ssl->in_iv;
+ ssl_update_in_pointers( ssl );
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_activate != NULL )
@@ -5091,11 +7222,21 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_abort( &ssl->handshake->fin_sha256_psa );
+ psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
+#else
mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 );
#endif
+#endif
#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_abort( &ssl->handshake->fin_sha384_psa );
+ psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
+#else
mbedtls_sha512_starts_ret( &ssl->handshake->fin_sha512, 1 );
#endif
+#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
@@ -5109,11 +7250,19 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
+#else
mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
#endif
+#endif
#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
+#else
mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
#endif
+#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
@@ -5132,7 +7281,11 @@
static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
+#else
mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
+#endif
}
#endif
@@ -5140,7 +7293,11 @@
static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
+#else
mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
+#endif
}
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -5296,13 +7453,44 @@
{
int len = 12;
const char *sender;
- mbedtls_sha256_context sha256;
unsigned char padbuf[32];
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ size_t hash_size;
+ psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT;
+ psa_status_t status;
+#else
+ mbedtls_sha256_context sha256;
+#endif
mbedtls_ssl_session *session = ssl->session_negotiate;
if( !session )
session = ssl->session;
+ sender = ( from == MBEDTLS_SSL_IS_CLIENT )
+ ? "client finished"
+ : "server finished";
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ sha256_psa = psa_hash_operation_init();
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha256" ) );
+
+ status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
+ if( status != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+ return;
+ }
+
+ status = psa_hash_finish( &sha256_psa, padbuf, sizeof( padbuf ), &hash_size );
+ if( status != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+ return;
+ }
+ MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 32 );
+#else
+
mbedtls_sha256_init( &sha256 );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) );
@@ -5320,19 +7508,15 @@
sha256.state, sizeof( sha256.state ) );
#endif
- sender = ( from == MBEDTLS_SSL_IS_CLIENT )
- ? "client finished"
- : "server finished";
-
mbedtls_sha256_finish_ret( &sha256, padbuf );
+ mbedtls_sha256_free( &sha256 );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
ssl->handshake->tls_prf( session->master, 48, sender,
padbuf, 32, buf, len );
MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
- mbedtls_sha256_free( &sha256 );
-
mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
@@ -5345,13 +7529,43 @@
{
int len = 12;
const char *sender;
- mbedtls_sha512_context sha512;
unsigned char padbuf[48];
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ size_t hash_size;
+ psa_hash_operation_t sha384_psa = PSA_HASH_OPERATION_INIT;
+ psa_status_t status;
+#else
+ mbedtls_sha512_context sha512;
+#endif
mbedtls_ssl_session *session = ssl->session_negotiate;
if( !session )
session = ssl->session;
+ sender = ( from == MBEDTLS_SSL_IS_CLIENT )
+ ? "client finished"
+ : "server finished";
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ sha384_psa = psa_hash_operation_init();
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha384" ) );
+
+ status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa );
+ if( status != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+ return;
+ }
+
+ status = psa_hash_finish( &sha384_psa, padbuf, sizeof( padbuf ), &hash_size );
+ if( status != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+ return;
+ }
+ MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 48 );
+#else
mbedtls_sha512_init( &sha512 );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) );
@@ -5369,19 +7583,15 @@
sha512.state, sizeof( sha512.state ) );
#endif
- sender = ( from == MBEDTLS_SSL_IS_CLIENT )
- ? "client finished"
- : "server finished";
-
mbedtls_sha512_finish_ret( &sha512, padbuf );
+ mbedtls_sha512_free( &sha512 );
+#endif
ssl->handshake->tls_prf( session->master, 48, sender,
padbuf, 48, buf, len );
MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
- mbedtls_sha512_free( &sha512 );
-
mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
@@ -5482,16 +7692,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
- /*
- * Set the out_msg pointer to the correct location based on IV length
- */
- if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
- {
- ssl->out_msg = ssl->out_iv + ssl->transform_negotiate->ivlen -
- ssl->transform_negotiate->fixed_ivlen;
- }
- else
- ssl->out_msg = ssl->out_iv;
+ ssl_update_out_pointers( ssl, ssl->transform_negotiate );
ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
@@ -5543,14 +7744,14 @@
/* Remember current epoch settings for resending */
ssl->handshake->alt_transform_out = ssl->transform_out;
- memcpy( ssl->handshake->alt_out_ctr, ssl->out_ctr, 8 );
+ memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, 8 );
/* Set sequence_number to zero */
- memset( ssl->out_ctr + 2, 0, 6 );
+ memset( ssl->cur_out_ctr + 2, 0, 6 );
/* Increment epoch */
for( i = 2; i > 0; i-- )
- if( ++ssl->out_ctr[i - 1] != 0 )
+ if( ++ssl->cur_out_ctr[i - 1] != 0 )
break;
/* The loop goes to its end iff the counter is wrapping */
@@ -5562,7 +7763,7 @@
}
else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- memset( ssl->out_ctr, 0, 8 );
+ memset( ssl->cur_out_ctr, 0, 8 );
ssl->transform_out = ssl->transform_negotiate;
ssl->session_out = ssl->session_negotiate;
@@ -5583,12 +7784,21 @@
mbedtls_ssl_send_flight_completed( ssl );
#endif
- if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
return( ret );
}
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
+ return( ret );
+ }
+#endif
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
return( 0 );
@@ -5610,7 +7820,7 @@
ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 );
- if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
return( ret );
@@ -5692,13 +7902,23 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ handshake->fin_sha256_psa = psa_hash_operation_init();
+ psa_hash_setup( &handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
+#else
mbedtls_sha256_init( &handshake->fin_sha256 );
mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 );
#endif
+#endif
#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ handshake->fin_sha384_psa = psa_hash_operation_init();
+ psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
+#else
mbedtls_sha512_init( &handshake->fin_sha512 );
mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 );
#endif
+#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
handshake->update_checksum = ssl_update_checksum_start;
@@ -5722,20 +7942,31 @@
#endif
#endif
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ mbedtls_x509_crt_restart_init( &handshake->ecrs_ctx );
+#endif
+
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET;
#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+ !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ mbedtls_pk_init( &handshake->peer_pubkey );
+#endif
}
-static void ssl_transform_init( mbedtls_ssl_transform *transform )
+void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform )
{
memset( transform, 0, sizeof(mbedtls_ssl_transform) );
mbedtls_cipher_init( &transform->cipher_ctx_enc );
mbedtls_cipher_init( &transform->cipher_ctx_dec );
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
mbedtls_md_init( &transform->md_ctx_enc );
mbedtls_md_init( &transform->md_ctx_dec );
+#endif
}
void mbedtls_ssl_session_init( mbedtls_ssl_session *session )
@@ -5792,7 +8023,7 @@
/* Initialize structures */
mbedtls_ssl_session_init( ssl->session_negotiate );
- ssl_transform_init( ssl->transform_negotiate );
+ mbedtls_ssl_transform_init( ssl->transform_negotiate );
ssl_handshake_params_init( ssl->handshake );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -5841,6 +8072,103 @@
}
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
+/* Once ssl->out_hdr as the address of the beginning of the
+ * next outgoing record is set, deduce the other pointers.
+ *
+ * Note: For TLS, we save the implicit record sequence number
+ * (entering MAC computation) in the 8 bytes before ssl->out_hdr,
+ * and the caller has to make sure there's space for this.
+ */
+
+static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform )
+{
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ ssl->out_ctr = ssl->out_hdr + 3;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ssl->out_cid = ssl->out_ctr + 8;
+ ssl->out_len = ssl->out_cid;
+ if( transform != NULL )
+ ssl->out_len += transform->out_cid_len;
+#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ ssl->out_len = ssl->out_ctr + 8;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ ssl->out_iv = ssl->out_len + 2;
+ }
+ else
+#endif
+ {
+ ssl->out_ctr = ssl->out_hdr - 8;
+ ssl->out_len = ssl->out_hdr + 3;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ssl->out_cid = ssl->out_len;
+#endif
+ ssl->out_iv = ssl->out_hdr + 5;
+ }
+
+ /* Adjust out_msg to make space for explicit IV, if used. */
+ if( transform != NULL &&
+ ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+ {
+ ssl->out_msg = ssl->out_iv + transform->ivlen - transform->fixed_ivlen;
+ }
+ else
+ ssl->out_msg = ssl->out_iv;
+}
+
+/* Once ssl->in_hdr as the address of the beginning of the
+ * next incoming record is set, deduce the other pointers.
+ *
+ * Note: For TLS, we save the implicit record sequence number
+ * (entering MAC computation) in the 8 bytes before ssl->in_hdr,
+ * and the caller has to make sure there's space for this.
+ */
+
+static void ssl_update_in_pointers( mbedtls_ssl_context *ssl )
+{
+ /* This function sets the pointers to match the case
+ * of unprotected TLS/DTLS records, with both ssl->in_iv
+ * and ssl->in_msg pointing to the beginning of the record
+ * content.
+ *
+ * When decrypting a protected record, ssl->in_msg
+ * will be shifted to point to the beginning of the
+ * record plaintext.
+ */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ /* This sets the header pointers to match records
+ * without CID. When we receive a record containing
+ * a CID, the fields are shifted accordingly in
+ * ssl_parse_record_header(). */
+ ssl->in_ctr = ssl->in_hdr + 3;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ssl->in_cid = ssl->in_ctr + 8;
+ ssl->in_len = ssl->in_cid; /* Default: no CID */
+#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ ssl->in_len = ssl->in_ctr + 8;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ ssl->in_iv = ssl->in_len + 2;
+ }
+ else
+#endif
+ {
+ ssl->in_ctr = ssl->in_hdr - 8;
+ ssl->in_len = ssl->in_hdr + 3;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ssl->in_cid = ssl->in_len;
+#endif
+ ssl->in_iv = ssl->in_hdr + 5;
+ }
+
+ /* This will be adjusted at record decryption time. */
+ ssl->in_msg = ssl->in_iv;
+}
+
/*
* Initialize an SSL context
*/
@@ -5852,6 +8180,28 @@
/*
* Setup an SSL context
*/
+
+static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl )
+{
+ /* Set the incoming and outgoing record pointers. */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ ssl->out_hdr = ssl->out_buf;
+ ssl->in_hdr = ssl->in_buf;
+ }
+ else
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+ {
+ ssl->out_hdr = ssl->out_buf + 8;
+ ssl->in_hdr = ssl->in_buf + 8;
+ }
+
+ /* Derive other internal pointers. */
+ ssl_update_out_pointers( ssl, NULL /* no transform enabled */ );
+ ssl_update_in_pointers ( ssl );
+}
+
int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
const mbedtls_ssl_config *conf )
{
@@ -5862,57 +8212,55 @@
/*
* Prepare base structures
*/
+
+ /* Set to NULL in case of an error condition */
+ ssl->out_buf = NULL;
+
ssl->in_buf = mbedtls_calloc( 1, MBEDTLS_SSL_IN_BUFFER_LEN );
if( ssl->in_buf == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", MBEDTLS_SSL_IN_BUFFER_LEN) );
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto error;
}
ssl->out_buf = mbedtls_calloc( 1, MBEDTLS_SSL_OUT_BUFFER_LEN );
if( ssl->out_buf == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", MBEDTLS_SSL_OUT_BUFFER_LEN) );
- mbedtls_free( ssl->in_buf );
- ssl->in_buf = NULL;
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto error;
}
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- ssl->out_hdr = ssl->out_buf;
- ssl->out_ctr = ssl->out_buf + 3;
- ssl->out_len = ssl->out_buf + 11;
- ssl->out_iv = ssl->out_buf + 13;
- ssl->out_msg = ssl->out_buf + 13;
-
- ssl->in_hdr = ssl->in_buf;
- ssl->in_ctr = ssl->in_buf + 3;
- ssl->in_len = ssl->in_buf + 11;
- ssl->in_iv = ssl->in_buf + 13;
- ssl->in_msg = ssl->in_buf + 13;
- }
- else
-#endif
- {
- ssl->out_ctr = ssl->out_buf;
- ssl->out_hdr = ssl->out_buf + 8;
- ssl->out_len = ssl->out_buf + 11;
- ssl->out_iv = ssl->out_buf + 13;
- ssl->out_msg = ssl->out_buf + 13;
-
- ssl->in_ctr = ssl->in_buf;
- ssl->in_hdr = ssl->in_buf + 8;
- ssl->in_len = ssl->in_buf + 11;
- ssl->in_iv = ssl->in_buf + 13;
- ssl->in_msg = ssl->in_buf + 13;
- }
+ ssl_reset_in_out_pointers( ssl );
if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
- return( ret );
+ goto error;
return( 0 );
+
+error:
+ mbedtls_free( ssl->in_buf );
+ mbedtls_free( ssl->out_buf );
+
+ ssl->conf = NULL;
+
+ ssl->in_buf = NULL;
+ ssl->out_buf = NULL;
+
+ ssl->in_hdr = NULL;
+ ssl->in_ctr = NULL;
+ ssl->in_len = NULL;
+ ssl->in_iv = NULL;
+ ssl->in_msg = NULL;
+
+ ssl->out_hdr = NULL;
+ ssl->out_ctr = NULL;
+ ssl->out_len = NULL;
+ ssl->out_iv = NULL;
+ ssl->out_msg = NULL;
+
+ return( ret );
}
/*
@@ -5926,6 +8274,11 @@
{
int ret;
+#if !defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) || \
+ !defined(MBEDTLS_SSL_SRV_C)
+ ((void) partial);
+#endif
+
ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
/* Cancel any possibly running timer */
@@ -5942,12 +8295,10 @@
ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION;
ssl->in_offt = NULL;
+ ssl_reset_in_out_pointers( ssl );
- ssl->in_msg = ssl->in_buf + 13;
ssl->in_msgtype = 0;
ssl->in_msglen = 0;
- if( partial == 0 )
- ssl->in_left = 0;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
ssl->next_record_offset = 0;
ssl->in_epoch = 0;
@@ -5961,7 +8312,6 @@
ssl->keep_current_message = 0;
- ssl->out_msg = ssl->out_buf + 13;
ssl->out_msgtype = 0;
ssl->out_msglen = 0;
ssl->out_left = 0;
@@ -5970,12 +8320,23 @@
ssl->split_done = 0;
#endif
+ memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
+
ssl->transform_in = NULL;
ssl->transform_out = NULL;
+ ssl->session_in = NULL;
+ ssl->session_out = NULL;
+
memset( ssl->out_buf, 0, MBEDTLS_SSL_OUT_BUFFER_LEN );
+
+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
if( partial == 0 )
+#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
+ {
+ ssl->in_left = 0;
memset( ssl->in_buf, 0, MBEDTLS_SSL_IN_BUFFER_LEN );
+ }
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_reset != NULL )
@@ -6008,7 +8369,9 @@
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
if( partial == 0 )
+#endif
{
mbedtls_free( ssl->cli_id );
ssl->cli_id = NULL;
@@ -6059,7 +8422,15 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
-void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max )
+
+void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
+ unsigned allow_packing )
+{
+ ssl->disable_datagram_packing = !allow_packing;
+}
+
+void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf,
+ uint32_t min, uint32_t max )
{
conf->hs_timeout_min = min;
conf->hs_timeout_max = max;
@@ -6109,6 +8480,13 @@
ssl->f_recv_timeout = f_recv_timeout;
}
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu )
+{
+ ssl->mtu = mtu;
+}
+#endif
+
void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
{
conf->read_timeout = timeout;
@@ -6152,7 +8530,8 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- if( ( ret = ssl_session_copy( ssl->session_negotiate, session ) ) != 0 )
+ if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate,
+ session ) ) != 0 )
return( ret );
ssl->handshake->resume = 1;
@@ -6234,7 +8613,29 @@
{
conf->ca_chain = ca_chain;
conf->ca_crl = ca_crl;
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ /* mbedtls_ssl_conf_ca_chain() and mbedtls_ssl_conf_ca_cb()
+ * cannot be used together. */
+ conf->f_ca_cb = NULL;
+ conf->p_ca_cb = NULL;
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
}
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
+ mbedtls_x509_crt_ca_cb_t f_ca_cb,
+ void *p_ca_cb )
+{
+ conf->f_ca_cb = f_ca_cb;
+ conf->p_ca_cb = p_ca_cb;
+
+ /* mbedtls_ssl_conf_ca_chain() and mbedtls_ssl_conf_ca_cb()
+ * cannot be used together. */
+ conf->ca_chain = NULL;
+ conf->ca_crl = NULL;
+}
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@@ -6261,6 +8662,16 @@
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy )
+{
+ ssl->f_vrfy = f_vrfy;
+ ssl->p_vrfy = p_vrfy;
+}
+#endif
+
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/*
* Set EC J-PAKE password for current handshake
@@ -6288,23 +8699,23 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
- const unsigned char *psk, size_t psk_len,
- const unsigned char *psk_identity, size_t psk_identity_len )
+
+static void ssl_conf_remove_psk( mbedtls_ssl_config *conf )
{
- if( psk == NULL || psk_identity == NULL )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- if( psk_len > MBEDTLS_PSK_MAX_LEN )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- /* Identity len will be encoded on two bytes */
- if( ( psk_identity_len >> 16 ) != 0 ||
- psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
+ /* Remove reference to existing PSK, if any. */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( conf->psk_opaque != 0 )
{
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ /* The maintenance of the PSK key slot is the
+ * user's responsibility. */
+ conf->psk_opaque = 0;
}
-
+ /* This and the following branch should never
+ * be taken simultaenously as we maintain the
+ * invariant that raw and opaque PSKs are never
+ * configured simultaneously. As a safeguard,
+ * though, `else` is omitted here. */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( conf->psk != NULL )
{
mbedtls_platform_zeroize( conf->psk, conf->psk_len );
@@ -6313,32 +8724,84 @@
conf->psk = NULL;
conf->psk_len = 0;
}
+
+ /* Remove reference to PSK identity, if any. */
if( conf->psk_identity != NULL )
{
mbedtls_free( conf->psk_identity );
conf->psk_identity = NULL;
conf->psk_identity_len = 0;
}
+}
- if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ||
- ( conf->psk_identity = mbedtls_calloc( 1, psk_identity_len ) ) == NULL )
+/* This function assumes that PSK identity in the SSL config is unset.
+ * It checks that the provided identity is well-formed and attempts
+ * to make a copy of it in the SSL config.
+ * On failure, the PSK identity in the config remains unset. */
+static int ssl_conf_set_psk_identity( mbedtls_ssl_config *conf,
+ unsigned char const *psk_identity,
+ size_t psk_identity_len )
+{
+ /* Identity len will be encoded on two bytes */
+ if( psk_identity == NULL ||
+ ( psk_identity_len >> 16 ) != 0 ||
+ psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
{
- mbedtls_free( conf->psk );
- mbedtls_free( conf->psk_identity );
- conf->psk = NULL;
- conf->psk_identity = NULL;
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- conf->psk_len = psk_len;
- conf->psk_identity_len = psk_identity_len;
+ conf->psk_identity = mbedtls_calloc( 1, psk_identity_len );
+ if( conf->psk_identity == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
- memcpy( conf->psk, psk, conf->psk_len );
+ conf->psk_identity_len = psk_identity_len;
memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len );
return( 0 );
}
+int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
+ const unsigned char *psk, size_t psk_len,
+ const unsigned char *psk_identity, size_t psk_identity_len )
+{
+ int ret;
+ /* Remove opaque/raw PSK + PSK Identity */
+ ssl_conf_remove_psk( conf );
+
+ /* Check and set raw PSK */
+ if( psk == NULL || psk_len > MBEDTLS_PSK_MAX_LEN )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ conf->psk_len = psk_len;
+ memcpy( conf->psk, psk, conf->psk_len );
+
+ /* Check and set PSK Identity */
+ ret = ssl_conf_set_psk_identity( conf, psk_identity, psk_identity_len );
+ if( ret != 0 )
+ ssl_conf_remove_psk( conf );
+
+ return( ret );
+}
+
+static void ssl_remove_psk( mbedtls_ssl_context *ssl )
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ssl->handshake->psk_opaque != 0 )
+ {
+ ssl->handshake->psk_opaque = 0;
+ }
+ else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( ssl->handshake->psk != NULL )
+ {
+ mbedtls_platform_zeroize( ssl->handshake->psk,
+ ssl->handshake->psk_len );
+ mbedtls_free( ssl->handshake->psk );
+ ssl->handshake->psk_len = 0;
+ }
+}
+
int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
const unsigned char *psk, size_t psk_len )
{
@@ -6348,13 +8811,7 @@
if( psk_len > MBEDTLS_PSK_MAX_LEN )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- if( ssl->handshake->psk != NULL )
- {
- mbedtls_platform_zeroize( ssl->handshake->psk,
- ssl->handshake->psk_len );
- mbedtls_free( ssl->handshake->psk );
- ssl->handshake->psk_len = 0;
- }
+ ssl_remove_psk( ssl );
if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
@@ -6365,6 +8822,42 @@
return( 0 );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
+ psa_key_handle_t psk_slot,
+ const unsigned char *psk_identity,
+ size_t psk_identity_len )
+{
+ int ret;
+ /* Clear opaque/raw PSK + PSK Identity, if present. */
+ ssl_conf_remove_psk( conf );
+
+ /* Check and set opaque PSK */
+ if( psk_slot == 0 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ conf->psk_opaque = psk_slot;
+
+ /* Check and set PSK Identity */
+ ret = ssl_conf_set_psk_identity( conf, psk_identity,
+ psk_identity_len );
+ if( ret != 0 )
+ ssl_conf_remove_psk( conf );
+
+ return( ret );
+}
+
+int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
+ psa_key_handle_t psk_slot )
+{
+ if( psk_slot == 0 || ssl->handshake == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ ssl_remove_psk( ssl );
+ ssl->handshake->psk_opaque = psk_slot;
+ return( 0 );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
size_t),
@@ -6678,6 +9171,14 @@
conf->f_export_keys = f_export_keys;
conf->p_export_keys = p_export_keys;
}
+
+void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf,
+ mbedtls_ssl_export_keys_ext_t *f_export_keys_ext,
+ void *p_export_keys )
+{
+ conf->f_export_keys_ext = f_export_keys_ext;
+ conf->p_export_keys = p_export_keys;
+}
#endif
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -6772,7 +9273,7 @@
/*
* In all other cases, the rest of the message can be dropped.
- * As in ssl_read_record_layer, this needs to be adapted if
+ * As in ssl_get_next_record, this needs to be adapted if
* we implement support for multiple alerts in single records.
*/
@@ -6839,28 +9340,49 @@
int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
{
- size_t transform_expansion;
+ size_t transform_expansion = 0;
const mbedtls_ssl_transform *transform = ssl->transform_out;
+ unsigned block_size;
+
+ size_t out_hdr_len = mbedtls_ssl_out_hdr_len( ssl );
+
+ if( transform == NULL )
+ return( (int) out_hdr_len );
#if defined(MBEDTLS_ZLIB_SUPPORT)
if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
#endif
- if( transform == NULL )
- return( (int) mbedtls_ssl_hdr_len( ssl ) );
-
switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
{
case MBEDTLS_MODE_GCM:
case MBEDTLS_MODE_CCM:
+ case MBEDTLS_MODE_CHACHAPOLY:
case MBEDTLS_MODE_STREAM:
transform_expansion = transform->minlen;
break;
case MBEDTLS_MODE_CBC:
- transform_expansion = transform->maclen
- + mbedtls_cipher_get_block_size( &transform->cipher_ctx_enc );
+
+ block_size = mbedtls_cipher_get_block_size(
+ &transform->cipher_ctx_enc );
+
+ /* Expansion due to the addition of the MAC. */
+ transform_expansion += transform->maclen;
+
+ /* Expansion due to the addition of CBC padding;
+ * Theoretically up to 256 bytes, but we never use
+ * more than the block size of the underlying cipher. */
+ transform_expansion += block_size;
+
+ /* For TLS 1.1 or higher, an explicit IV is added
+ * after the record header. */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+ transform_expansion += block_size;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
+
break;
default:
@@ -6868,7 +9390,12 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) );
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( transform->out_cid_len != 0 )
+ transform_expansion += MBEDTLS_SSL_MAX_CID_EXPANSION;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ return( (int)( out_hdr_len + transform_expansion ) );
}
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -6881,31 +9408,106 @@
*/
max_len = ssl_mfl_code_to_length( ssl->conf->mfl_code );
- /*
- * Check if a smaller max length was negotiated
- */
+ /* Check if a smaller max length was negotiated */
if( ssl->session_out != NULL &&
ssl_mfl_code_to_length( ssl->session_out->mfl_code ) < max_len )
{
max_len = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
}
- return max_len;
+ /* During a handshake, use the value being negotiated */
+ if( ssl->session_negotiate != NULL &&
+ ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ) < max_len )
+ {
+ max_len = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
+ }
+
+ return( max_len );
}
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl )
+{
+ /* Return unlimited mtu for client hello messages to avoid fragmentation. */
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+ ( ssl->state == MBEDTLS_SSL_CLIENT_HELLO ||
+ ssl->state == MBEDTLS_SSL_SERVER_HELLO ) )
+ return ( 0 );
+
+ if( ssl->handshake == NULL || ssl->handshake->mtu == 0 )
+ return( ssl->mtu );
+
+ if( ssl->mtu == 0 )
+ return( ssl->handshake->mtu );
+
+ return( ssl->mtu < ssl->handshake->mtu ?
+ ssl->mtu : ssl->handshake->mtu );
+}
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
+{
+ size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
+
+#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \
+ !defined(MBEDTLS_SSL_PROTO_DTLS)
+ (void) ssl;
+#endif
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl );
+
+ if( max_len > mfl )
+ max_len = mfl;
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl_get_current_mtu( ssl ) != 0 )
+ {
+ const size_t mtu = ssl_get_current_mtu( ssl );
+ const int ret = mbedtls_ssl_get_record_expansion( ssl );
+ const size_t overhead = (size_t) ret;
+
+ if( ret < 0 )
+ return( ret );
+
+ if( mtu <= overhead )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "MTU too low for record expansion" ) );
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ if( max_len > mtu - overhead )
+ max_len = mtu - overhead;
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \
+ !defined(MBEDTLS_SSL_PROTO_DTLS)
+ ((void) ssl);
+#endif
+
+ return( (int) max_len );
+}
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
{
if( ssl == NULL || ssl->session == NULL )
return( NULL );
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
return( ssl->session->peer_cert );
+#else
+ return( NULL );
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_CLI_C)
-int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *dst )
+int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl,
+ mbedtls_ssl_session *dst )
{
if( ssl == NULL ||
dst == NULL ||
@@ -6915,7 +9517,7 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- return( ssl_session_copy( dst, ssl->session ) );
+ return( mbedtls_ssl_session_copy( dst, ssl->session ) );
}
#endif /* MBEDTLS_SSL_CLI_C */
@@ -6981,9 +9583,9 @@
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST;
- if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
return( ret );
}
@@ -7113,7 +9715,7 @@
in_ctr_cmp = memcmp( ssl->in_ctr + ep_len,
ssl->conf->renego_period + ep_len, 8 - ep_len );
- out_ctr_cmp = memcmp( ssl->out_ctr + ep_len,
+ out_ctr_cmp = memcmp( ssl->cur_out_ctr + ep_len,
ssl->conf->renego_period + ep_len, 8 - ep_len );
if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 )
@@ -7148,7 +9750,7 @@
if( ssl->handshake != NULL &&
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
{
- if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
return( ret );
}
}
@@ -7197,7 +9799,7 @@
ssl_set_timer( ssl, ssl->conf->read_timeout );
}
- if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
{
if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
return( 0 );
@@ -7212,7 +9814,7 @@
/*
* OpenSSL sends empty messages to randomize the IV
*/
- if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
{
if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
return( 0 );
@@ -7445,12 +10047,15 @@
static int ssl_write_real( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
- int ret;
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- size_t max_len = mbedtls_ssl_get_max_frag_len( ssl );
-#else
- size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+ int ret = mbedtls_ssl_get_max_out_record_payload( ssl );
+ const size_t max_len = (size_t) ret;
+
+ if( ret < 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_max_out_record_payload", ret );
+ return( ret );
+ }
+
if( len > max_len )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -7491,7 +10096,7 @@
ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
memcpy( ssl->out_msg, buf, len );
- if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
return( ret );
@@ -7623,8 +10228,10 @@
mbedtls_cipher_free( &transform->cipher_ctx_enc );
mbedtls_cipher_free( &transform->cipher_ctx_dec );
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
mbedtls_md_free( &transform->md_ctx_enc );
mbedtls_md_free( &transform->md_ctx_dec );
+#endif
mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
}
@@ -7643,6 +10250,42 @@
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+
+static void ssl_buffering_free( mbedtls_ssl_context *ssl )
+{
+ unsigned offset;
+ mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+
+ if( hs == NULL )
+ return;
+
+ ssl_free_buffered_record( ssl );
+
+ for( offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ )
+ ssl_buffering_free_slot( ssl, offset );
+}
+
+static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
+ uint8_t slot )
+{
+ mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+ mbedtls_ssl_hs_buffer * const hs_buf = &hs->buffering.hs[slot];
+
+ if( slot >= MBEDTLS_SSL_MAX_BUFFERED_HS )
+ return;
+
+ if( hs_buf->is_valid == 1 )
+ {
+ hs->buffering.total_bytes_buffered -= hs_buf->data_len;
+ mbedtls_platform_zeroize( hs_buf->data, hs_buf->data_len );
+ mbedtls_free( hs_buf->data );
+ memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) );
+ }
+}
+
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
{
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@@ -7665,11 +10308,19 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_abort( &handshake->fin_sha256_psa );
+#else
mbedtls_sha256_free( &handshake->fin_sha256 );
#endif
+#endif
#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_abort( &handshake->fin_sha384_psa );
+#else
mbedtls_sha512_free( &handshake->fin_sha512 );
#endif
+#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_DHM_C)
@@ -7720,12 +10371,31 @@
}
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ mbedtls_x509_crt_restart_free( &handshake->ecrs_ctx );
+ if( handshake->ecrs_peer_cert != NULL )
+ {
+ mbedtls_x509_crt_free( handshake->ecrs_peer_cert );
+ mbedtls_free( handshake->ecrs_peer_cert );
+ }
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+ !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ mbedtls_pk_free( &handshake->peer_pubkey );
+#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
mbedtls_free( handshake->verify_cookie );
- mbedtls_free( handshake->hs_msg );
ssl_flight_free( handshake->flight );
+ ssl_buffering_free( ssl );
#endif
+#if defined(MBEDTLS_ECDH_C) && \
+ defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key( handshake->ecdh_psa_privkey );
+#endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */
+
mbedtls_platform_zeroize( handshake,
sizeof( mbedtls_ssl_handshake_params ) );
}
@@ -7736,11 +10406,7 @@
return;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- if( session->peer_cert != NULL )
- {
- mbedtls_x509_crt_free( session->peer_cert );
- mbedtls_free( session->peer_cert );
- }
+ ssl_clear_peer_cert( session );
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
@@ -7870,8 +10536,12 @@
#if defined(MBEDTLS_ECP_C)
static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
MBEDTLS_ECP_DP_SECP256R1,
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
MBEDTLS_ECP_DP_SECP384R1,
+#endif
MBEDTLS_ECP_DP_NONE
};
#endif
@@ -8554,6 +11224,70 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
+ unsigned char *hash, size_t *hashlen,
+ unsigned char *data, size_t data_len,
+ mbedtls_md_type_t md_alg )
+{
+ psa_status_t status;
+ psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
+ psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) );
+
+ if( ( status = psa_hash_setup( &hash_operation,
+ hash_alg ) ) != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_setup", status );
+ goto exit;
+ }
+
+ if( ( status = psa_hash_update( &hash_operation, ssl->handshake->randbytes,
+ 64 ) ) != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
+ goto exit;
+ }
+
+ if( ( status = psa_hash_update( &hash_operation,
+ data, data_len ) ) != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
+ goto exit;
+ }
+
+ if( ( status = psa_hash_finish( &hash_operation, hash, MBEDTLS_MD_MAX_SIZE,
+ hashlen ) ) != PSA_SUCCESS )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status );
+ goto exit;
+ }
+
+exit:
+ if( status != PSA_SUCCESS )
+ {
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+ switch( status )
+ {
+ case PSA_ERROR_NOT_SUPPORTED:
+ return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
+ case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */
+ case PSA_ERROR_BUFFER_TOO_SMALL:
+ return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ case PSA_ERROR_INSUFFICIENT_MEMORY:
+ return( MBEDTLS_ERR_MD_ALLOC_FAILED );
+ default:
+ return( MBEDTLS_ERR_MD_HW_ACCEL_FAILED );
+ }
+ }
+ return( 0 );
+}
+
+#else
+
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
unsigned char *hash, size_t *hashlen,
unsigned char *data, size_t data_len,
@@ -8564,6 +11298,8 @@
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
*hashlen = mbedtls_md_get_size( md_info );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform mbedtls-based computation of digest of ServerKeyExchange" ) );
+
mbedtls_md_init( &ctx );
/*
@@ -8608,6 +11344,8 @@
return( ret );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
MBEDTLS_SSL_PROTO_TLS1_2 */
diff --git a/library/threading.c b/library/threading.c
index 7a32e67..7c90c7c 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -19,6 +19,14 @@
* This file is part of mbed TLS (https://tls.mbed.org)
*/
+/*
+ * Ensure gmtime_r is available even with -std=c99; must be defined before
+ * config.h, which pulls in glibc's features.h. Harmless on other platforms.
+ */
+#if !defined(_POSIX_C_SOURCE)
+#define _POSIX_C_SOURCE 200112L
+#endif
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
@@ -29,6 +37,36 @@
#include "mbedtls/threading.h"
+#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
+
+#if !defined(_WIN32) && (defined(unix) || \
+ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
+ defined(__MACH__)))
+#include <unistd.h>
+#endif /* !_WIN32 && (unix || __unix || __unix__ ||
+ * (__APPLE__ && __MACH__)) */
+
+#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \
+ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \
+ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) )
+/*
+ * This is a convenience shorthand macro to avoid checking the long
+ * preprocessor conditions above. Ideally, we could expose this macro in
+ * platform_util.h and simply use it in platform_util.c, threading.c and
+ * threading.h. However, this macro is not part of the Mbed TLS public API, so
+ * we keep it private by only defining it in this file
+ */
+
+#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) )
+#define THREADING_USE_GMTIME
+#endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */
+
+#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \
+ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \
+ _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */
+
+#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
+
#if defined(MBEDTLS_THREADING_PTHREAD)
static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex )
{
@@ -114,6 +152,9 @@
#if defined(MBEDTLS_FS_IO)
mbedtls_mutex_init( &mbedtls_threading_readdir_mutex );
#endif
+#if defined(THREADING_USE_GMTIME)
+ mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex );
+#endif
}
/*
@@ -124,6 +165,9 @@
#if defined(MBEDTLS_FS_IO)
mbedtls_mutex_free( &mbedtls_threading_readdir_mutex );
#endif
+#if defined(THREADING_USE_GMTIME)
+ mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex );
+#endif
}
#endif /* MBEDTLS_THREADING_ALT */
@@ -136,5 +180,8 @@
#if defined(MBEDTLS_FS_IO)
mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT;
#endif
+#if defined(THREADING_USE_GMTIME)
+mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT;
+#endif
#endif /* MBEDTLS_THREADING_C */
diff --git a/library/timing.c b/library/timing.c
index 3e8139f..009516a 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -51,7 +51,7 @@
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
#include <windows.h>
-#include <winbase.h>
+#include <process.h>
struct _hr_time
{
@@ -267,18 +267,17 @@
/* It's OK to use a global because alarm() is supposed to be global anyway */
static DWORD alarmMs;
-static DWORD WINAPI TimerProc( LPVOID TimerContext )
+static void TimerProc( void *TimerContext )
{
- ((void) TimerContext);
+ (void) TimerContext;
Sleep( alarmMs );
mbedtls_timing_alarmed = 1;
- return( TRUE );
+ /* _endthread will be called implicitly on return
+ * That ensures execution of thread funcition's epilogue */
}
void mbedtls_set_alarm( int seconds )
{
- DWORD ThreadId;
-
if( seconds == 0 )
{
/* No need to create a thread for this simple case.
@@ -289,7 +288,7 @@
mbedtls_timing_alarmed = 0;
alarmMs = seconds * 1000;
- CloseHandle( CreateThread( NULL, 0, TimerProc, NULL, 0, &ThreadId ) );
+ (void) _beginthread( TimerProc, 0, NULL );
}
#else /* _WIN32 && !EFIX64 && !EFI32 */
diff --git a/library/version_features.c b/library/version_features.c
index 777b603..58acb5c 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -31,7 +31,7 @@
#include <string.h>
-static const char *features[] = {
+static const char * const features[] = {
#if defined(MBEDTLS_VERSION_FEATURES)
#if defined(MBEDTLS_HAVE_ASM)
"MBEDTLS_HAVE_ASM",
@@ -72,6 +72,9 @@
#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
"MBEDTLS_PLATFORM_SNPRINTF_ALT",
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
+ "MBEDTLS_PLATFORM_VSNPRINTF_ALT",
+#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
"MBEDTLS_PLATFORM_NV_SEED_ALT",
#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
@@ -84,6 +87,12 @@
#if defined(MBEDTLS_DEPRECATED_REMOVED)
"MBEDTLS_DEPRECATED_REMOVED",
#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#if defined(MBEDTLS_CHECK_PARAMS)
+ "MBEDTLS_CHECK_PARAMS",
+#endif /* MBEDTLS_CHECK_PARAMS */
+#if defined(MBEDTLS_CHECK_PARAMS_ASSERT)
+ "MBEDTLS_CHECK_PARAMS_ASSERT",
+#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */
#if defined(MBEDTLS_TIMING_ALT)
"MBEDTLS_TIMING_ALT",
#endif /* MBEDTLS_TIMING_ALT */
@@ -297,6 +306,9 @@
#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
"MBEDTLS_REMOVE_ARC4_CIPHERSUITES",
#endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */
+#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
+ "MBEDTLS_REMOVE_3DES_CIPHERSUITES",
+#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
"MBEDTLS_ECP_DP_SECP192R1_ENABLED",
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
@@ -339,6 +351,12 @@
#if defined(MBEDTLS_ECP_NIST_OPTIM)
"MBEDTLS_ECP_NIST_OPTIM",
#endif /* MBEDTLS_ECP_NIST_OPTIM */
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ "MBEDTLS_ECP_RESTARTABLE",
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+ "MBEDTLS_ECDH_LEGACY_CONTEXT",
+#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
"MBEDTLS_ECDSA_DETERMINISTIC",
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
@@ -414,6 +432,12 @@
#if defined(MBEDTLS_PKCS1_V21)
"MBEDTLS_PKCS1_V21",
#endif /* MBEDTLS_PKCS1_V21 */
+#if defined(MBEDTLS_PSA_CRYPTO_SPM)
+ "MBEDTLS_PSA_CRYPTO_SPM",
+#endif /* MBEDTLS_PSA_CRYPTO_SPM */
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+ "MBEDTLS_PSA_INJECT_ENTROPY",
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
#if defined(MBEDTLS_RSA_NO_CRT)
"MBEDTLS_RSA_NO_CRT",
#endif /* MBEDTLS_RSA_NO_CRT */
@@ -426,6 +450,9 @@
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
"MBEDTLS_SSL_ALL_ALERT_MESSAGES",
#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ "MBEDTLS_SSL_DTLS_CONNECTION_ID",
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
"MBEDTLS_SSL_ASYNC_PRIVATE",
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
@@ -441,6 +468,9 @@
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
"MBEDTLS_SSL_FALLBACK_SCSV",
#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ "MBEDTLS_SSL_KEEP_PEER_CERTIFICATE",
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
"MBEDTLS_SSL_HW_RECORD_ACCEL",
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
@@ -510,6 +540,9 @@
#if defined(MBEDTLS_THREADING_PTHREAD)
"MBEDTLS_THREADING_PTHREAD",
#endif /* MBEDTLS_THREADING_PTHREAD */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ "MBEDTLS_USE_PSA_CRYPTO",
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_VERSION_FEATURES)
"MBEDTLS_VERSION_FEATURES",
#endif /* MBEDTLS_VERSION_FEATURES */
@@ -519,6 +552,9 @@
#if defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
"MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION",
#endif /* MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ "MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK",
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
"MBEDTLS_X509_CHECK_KEY_USAGE",
#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */
@@ -678,6 +714,15 @@
#if defined(MBEDTLS_POLY1305_C)
"MBEDTLS_POLY1305_C",
#endif /* MBEDTLS_POLY1305_C */
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+ "MBEDTLS_PSA_CRYPTO_C",
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ "MBEDTLS_PSA_CRYPTO_STORAGE_C",
+#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+ "MBEDTLS_PSA_ITS_FILE_C",
+#endif /* MBEDTLS_PSA_ITS_FILE_C */
#if defined(MBEDTLS_RIPEMD160_C)
"MBEDTLS_RIPEMD160_C",
#endif /* MBEDTLS_RIPEMD160_C */
@@ -750,7 +795,7 @@
int mbedtls_version_check_feature( const char *feature )
{
- const char **idx = features;
+ const char * const *idx = features;
if( *idx == NULL )
return( -2 );
diff --git a/library/x509.c b/library/x509.c
index 2e6795f..2e0b0e8 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -29,10 +29,6 @@
* http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
*/
-/* Ensure gmtime_r is available even with -std=c99; must be included before
- * config.h, which pulls in glibc's features.h. Harmless on other platforms. */
-#define _POSIX_C_SOURCE 200112L
-
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
@@ -67,11 +63,19 @@
#include "mbedtls/platform_time.h"
#endif
#if defined(MBEDTLS_HAVE_TIME_DATE)
+#include "mbedtls/platform_util.h"
#include <time.h>
#endif
-#define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); }
-#define CHECK_RANGE(min, max, val) if( val < min || val > max ){ return( ret ); }
+#define CHECK(code) if( ( ret = ( code ) ) != 0 ){ return( ret ); }
+#define CHECK_RANGE(min, max, val) \
+ do \
+ { \
+ if( ( val ) < ( min ) || ( val ) > ( max ) ) \
+ { \
+ return( ret ); \
+ } \
+ } while( 0 )
/*
* CertificateSerialNumber ::= INTEGER
@@ -119,7 +123,7 @@
}
/*
- * Parse an algorithm identifier with (optional) paramaters
+ * Parse an algorithm identifier with (optional) parameters
*/
int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *alg, mbedtls_x509_buf *params )
@@ -357,6 +361,8 @@
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
+ end = *p + len;
+
if( ( end - *p ) < 1 )
return( MBEDTLS_ERR_X509_INVALID_NAME +
MBEDTLS_ERR_ASN1_OUT_OF_DATA );
@@ -390,6 +396,12 @@
val->p = *p;
*p += val->len;
+ if( *p != end )
+ {
+ return( MBEDTLS_ERR_X509_INVALID_NAME +
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ }
+
cur->next = NULL;
return( 0 );
@@ -696,30 +708,25 @@
* be either manually updated or extensions should be parsed!)
*/
int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *ext, int tag )
+ mbedtls_x509_buf *ext, int tag )
{
int ret;
size_t len;
- if( *p == end )
- return( 0 );
+ /* Extension structure use EXPLICIT tagging. That is, the actual
+ * `Extensions` structure is wrapped by a tag-length pair using
+ * the respective context-specific tag. */
+ ret = mbedtls_asn1_get_tag( p, end, &ext->len,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag );
+ if( ret != 0 )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
- ext->tag = **p;
-
- if( ( ret = mbedtls_asn1_get_tag( p, end, &ext->len,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag ) ) != 0 )
- return( ret );
-
- ext->p = *p;
- end = *p + ext->len;
+ ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag;
+ ext->p = *p;
+ end = *p + ext->len;
/*
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
- *
- * Extension ::= SEQUENCE {
- * extnID OBJECT IDENTIFIER,
- * critical BOOLEAN DEFAULT FALSE,
- * extnValue OCTET STRING }
*/
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
@@ -901,11 +908,7 @@
int ret = 0;
tt = mbedtls_time( NULL );
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
- lt = gmtime_s( &tm_buf, &tt ) == 0 ? &tm_buf : NULL;
-#else
- lt = gmtime_r( &tt, &tm_buf );
-#endif
+ lt = mbedtls_platform_gmtime_r( &tt, &tm_buf );
if( lt == NULL )
ret = -1;
@@ -1008,8 +1011,8 @@
*/
int mbedtls_x509_self_test( int verbose )
{
+ int ret = 0;
#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C)
- int ret;
uint32_t flags;
mbedtls_x509_crt cacert;
mbedtls_x509_crt clicert;
@@ -1017,6 +1020,7 @@
if( verbose != 0 )
mbedtls_printf( " X.509 certificate load: " );
+ mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crt_init( &clicert );
ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
@@ -1026,11 +1030,9 @@
if( verbose != 0 )
mbedtls_printf( "failed\n" );
- return( ret );
+ goto cleanup;
}
- mbedtls_x509_crt_init( &cacert );
-
ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt,
mbedtls_test_ca_crt_len );
if( ret != 0 )
@@ -1038,7 +1040,7 @@
if( verbose != 0 )
mbedtls_printf( "failed\n" );
- return( ret );
+ goto cleanup;
}
if( verbose != 0 )
@@ -1050,20 +1052,19 @@
if( verbose != 0 )
mbedtls_printf( "failed\n" );
- return( ret );
+ goto cleanup;
}
if( verbose != 0 )
mbedtls_printf( "passed\n\n");
+cleanup:
mbedtls_x509_crt_free( &cacert );
mbedtls_x509_crt_free( &clicert );
-
- return( 0 );
#else
((void) verbose);
- return( 0 );
#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA1_C */
+ return( ret );
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/x509_create.c b/library/x509_create.c
index df20ec8..546e8fa 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -33,48 +33,84 @@
#include <string.h>
+/* Structure linking OIDs for X.509 DN AttributeTypes to their
+ * string representations and default string encodings used by Mbed TLS. */
typedef struct {
- const char *name;
- size_t name_len;
- const char*oid;
+ const char *name; /* String representation of AttributeType, e.g.
+ * "CN" or "emailAddress". */
+ size_t name_len; /* Length of 'name', without trailing 0 byte. */
+ const char *oid; /* String representation of OID of AttributeType,
+ * as per RFC 5280, Appendix A.1. */
+ int default_tag; /* The default character encoding used for the
+ * given attribute type, e.g.
+ * MBEDTLS_ASN1_UTF8_STRING for UTF-8. */
} x509_attr_descriptor_t;
#define ADD_STRLEN( s ) s, sizeof( s ) - 1
+/* X.509 DN attributes from RFC 5280, Appendix A.1. */
static const x509_attr_descriptor_t x509_attrs[] =
{
- { ADD_STRLEN( "CN" ), MBEDTLS_OID_AT_CN },
- { ADD_STRLEN( "commonName" ), MBEDTLS_OID_AT_CN },
- { ADD_STRLEN( "C" ), MBEDTLS_OID_AT_COUNTRY },
- { ADD_STRLEN( "countryName" ), MBEDTLS_OID_AT_COUNTRY },
- { ADD_STRLEN( "O" ), MBEDTLS_OID_AT_ORGANIZATION },
- { ADD_STRLEN( "organizationName" ), MBEDTLS_OID_AT_ORGANIZATION },
- { ADD_STRLEN( "L" ), MBEDTLS_OID_AT_LOCALITY },
- { ADD_STRLEN( "locality" ), MBEDTLS_OID_AT_LOCALITY },
- { ADD_STRLEN( "R" ), MBEDTLS_OID_PKCS9_EMAIL },
- { ADD_STRLEN( "OU" ), MBEDTLS_OID_AT_ORG_UNIT },
- { ADD_STRLEN( "organizationalUnitName" ), MBEDTLS_OID_AT_ORG_UNIT },
- { ADD_STRLEN( "ST" ), MBEDTLS_OID_AT_STATE },
- { ADD_STRLEN( "stateOrProvinceName" ), MBEDTLS_OID_AT_STATE },
- { ADD_STRLEN( "emailAddress" ), MBEDTLS_OID_PKCS9_EMAIL },
- { ADD_STRLEN( "serialNumber" ), MBEDTLS_OID_AT_SERIAL_NUMBER },
- { ADD_STRLEN( "postalAddress" ), MBEDTLS_OID_AT_POSTAL_ADDRESS },
- { ADD_STRLEN( "postalCode" ), MBEDTLS_OID_AT_POSTAL_CODE },
- { ADD_STRLEN( "dnQualifier" ), MBEDTLS_OID_AT_DN_QUALIFIER },
- { ADD_STRLEN( "title" ), MBEDTLS_OID_AT_TITLE },
- { ADD_STRLEN( "surName" ), MBEDTLS_OID_AT_SUR_NAME },
- { ADD_STRLEN( "SN" ), MBEDTLS_OID_AT_SUR_NAME },
- { ADD_STRLEN( "givenName" ), MBEDTLS_OID_AT_GIVEN_NAME },
- { ADD_STRLEN( "GN" ), MBEDTLS_OID_AT_GIVEN_NAME },
- { ADD_STRLEN( "initials" ), MBEDTLS_OID_AT_INITIALS },
- { ADD_STRLEN( "pseudonym" ), MBEDTLS_OID_AT_PSEUDONYM },
- { ADD_STRLEN( "generationQualifier" ), MBEDTLS_OID_AT_GENERATION_QUALIFIER },
- { ADD_STRLEN( "domainComponent" ), MBEDTLS_OID_DOMAIN_COMPONENT },
- { ADD_STRLEN( "DC" ), MBEDTLS_OID_DOMAIN_COMPONENT },
- { NULL, 0, NULL }
+ { ADD_STRLEN( "CN" ),
+ MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "commonName" ),
+ MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "C" ),
+ MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING },
+ { ADD_STRLEN( "countryName" ),
+ MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING },
+ { ADD_STRLEN( "O" ),
+ MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "organizationName" ),
+ MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "L" ),
+ MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "locality" ),
+ MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "R" ),
+ MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING },
+ { ADD_STRLEN( "OU" ),
+ MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "organizationalUnitName" ),
+ MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "ST" ),
+ MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "stateOrProvinceName" ),
+ MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "emailAddress" ),
+ MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING },
+ { ADD_STRLEN( "serialNumber" ),
+ MBEDTLS_OID_AT_SERIAL_NUMBER, MBEDTLS_ASN1_PRINTABLE_STRING },
+ { ADD_STRLEN( "postalAddress" ),
+ MBEDTLS_OID_AT_POSTAL_ADDRESS, MBEDTLS_ASN1_PRINTABLE_STRING },
+ { ADD_STRLEN( "postalCode" ),
+ MBEDTLS_OID_AT_POSTAL_CODE, MBEDTLS_ASN1_PRINTABLE_STRING },
+ { ADD_STRLEN( "dnQualifier" ),
+ MBEDTLS_OID_AT_DN_QUALIFIER, MBEDTLS_ASN1_PRINTABLE_STRING },
+ { ADD_STRLEN( "title" ),
+ MBEDTLS_OID_AT_TITLE, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "surName" ),
+ MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "SN" ),
+ MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "givenName" ),
+ MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "GN" ),
+ MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "initials" ),
+ MBEDTLS_OID_AT_INITIALS, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "pseudonym" ),
+ MBEDTLS_OID_AT_PSEUDONYM, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "generationQualifier" ),
+ MBEDTLS_OID_AT_GENERATION_QUALIFIER, MBEDTLS_ASN1_UTF8_STRING },
+ { ADD_STRLEN( "domainComponent" ),
+ MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING },
+ { ADD_STRLEN( "DC" ),
+ MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING },
+ { NULL, 0, NULL, MBEDTLS_ASN1_NULL }
};
-static const char *x509_at_oid_from_name( const char *name, size_t name_len )
+static const x509_attr_descriptor_t *x509_attr_descr_from_name( const char *name, size_t name_len )
{
const x509_attr_descriptor_t *cur;
@@ -83,7 +119,10 @@
strncmp( cur->name, name, name_len ) == 0 )
break;
- return( cur->oid );
+ if ( cur->name == NULL )
+ return( NULL );
+
+ return( cur );
}
int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name )
@@ -92,6 +131,7 @@
const char *s = name, *c = s;
const char *end = s + strlen( s );
const char *oid = NULL;
+ const x509_attr_descriptor_t* attr_descr = NULL;
int in_tag = 1;
char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
char *d = data;
@@ -103,12 +143,13 @@
{
if( in_tag && *c == '=' )
{
- if( ( oid = x509_at_oid_from_name( s, c - s ) ) == NULL )
+ if( ( attr_descr = x509_attr_descr_from_name( s, c - s ) ) == NULL )
{
ret = MBEDTLS_ERR_X509_UNKNOWN_OID;
goto exit;
}
+ oid = attr_descr->oid;
s = c + 1;
in_tag = 0;
d = data;
@@ -127,13 +168,19 @@
}
else if( !in_tag && ( *c == ',' || c == end ) )
{
- if( mbedtls_asn1_store_named_data( head, oid, strlen( oid ),
- (unsigned char *) data,
- d - data ) == NULL )
+ mbedtls_asn1_named_data* cur =
+ mbedtls_asn1_store_named_data( head, oid, strlen( oid ),
+ (unsigned char *) data,
+ d - data );
+
+ if(cur == NULL )
{
return( MBEDTLS_ERR_X509_ALLOC_FAILED );
}
+ // set tagType
+ cur->val.tag = attr_descr->default_tag;
+
while( c < end && *(c + 1) == ' ' )
c++;
@@ -192,46 +239,40 @@
*
* AttributeValue ::= ANY DEFINED BY AttributeType
*/
-static int x509_write_name( unsigned char **p, unsigned char *start,
- const char *oid, size_t oid_len,
- const unsigned char *name, size_t name_len )
+static int x509_write_name( unsigned char **p, unsigned char *start, mbedtls_asn1_named_data* cur_name)
{
int ret;
size_t len = 0;
+ const char *oid = (const char*)cur_name->oid.p;
+ size_t oid_len = cur_name->oid.len;
+ const unsigned char *name = cur_name->val.p;
+ size_t name_len = cur_name->val.len;
- // Write PrintableString for all except MBEDTLS_OID_PKCS9_EMAIL
- //
- if( MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_EMAIL ) == oid_len &&
- memcmp( oid, MBEDTLS_OID_PKCS9_EMAIL, oid_len ) == 0 )
- {
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_ia5_string( p, start,
- (const char *) name,
- name_len ) );
- }
- else
- {
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_printable_string( p, start,
- (const char *) name,
- name_len ) );
- }
-
+ // Write correct string tag and value
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tagged_string( p, start,
+ cur_name->val.tag,
+ (const char *) name,
+ name_len ) );
// Write OID
//
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid,
+ oid_len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
+ MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SET ) );
return( (int) len );
}
int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
- mbedtls_asn1_named_data *first )
+ mbedtls_asn1_named_data *first )
{
int ret;
size_t len = 0;
@@ -239,9 +280,7 @@
while( cur != NULL )
{
- MBEDTLS_ASN1_CHK_ADD( len, x509_write_name( p, start, (char *) cur->oid.p,
- cur->oid.len,
- cur->val.p, cur->val.len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, x509_write_name( p, start, cur ) );
cur = cur->next;
}
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 8450f87..00f8545 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -103,17 +103,17 @@
{
int ret;
+ if( *p == end )
+ return( 0 );
+
/*
* crlExtensions [0] EXPLICIT Extensions OPTIONAL
* -- if present, version MUST be v2
*/
if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0 ) ) != 0 )
- {
- if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
- return( 0 );
-
return( ret );
- }
+
+ end = ext->p + ext->len;
while( *p < end )
{
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 290c1eb..b2c19db 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -43,16 +43,21 @@
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
-#include <stdio.h>
#include <string.h>
#if defined(MBEDTLS_PEM_PARSE_C)
#include "mbedtls/pem.h"
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#include "mbedtls/psa_util.h"
+#endif
+
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
+#include <stdio.h>
#include <stdlib.h>
#define mbedtls_free free
#define mbedtls_calloc calloc
@@ -163,6 +168,9 @@
static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile,
mbedtls_md_type_t md_alg )
{
+ if( md_alg == MBEDTLS_MD_NONE )
+ return( -1 );
+
if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 )
return( 0 );
@@ -176,6 +184,9 @@
static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile,
mbedtls_pk_type_t pk_alg )
{
+ if( pk_alg == MBEDTLS_PK_NONE )
+ return( -1 );
+
if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 )
return( 0 );
@@ -208,6 +219,9 @@
{
const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
+ if( gid == MBEDTLS_ECP_DP_NONE )
+ return( -1 );
+
if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 )
return( 0 );
@@ -219,6 +233,157 @@
}
/*
+ * Like memcmp, but case-insensitive and always returns -1 if different
+ */
+static int x509_memcasecmp( const void *s1, const void *s2, size_t len )
+{
+ size_t i;
+ unsigned char diff;
+ const unsigned char *n1 = s1, *n2 = s2;
+
+ for( i = 0; i < len; i++ )
+ {
+ diff = n1[i] ^ n2[i];
+
+ if( diff == 0 )
+ continue;
+
+ if( diff == 32 &&
+ ( ( n1[i] >= 'a' && n1[i] <= 'z' ) ||
+ ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
+ {
+ continue;
+ }
+
+ return( -1 );
+ }
+
+ return( 0 );
+}
+
+/*
+ * Return 0 if name matches wildcard, -1 otherwise
+ */
+static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name )
+{
+ size_t i;
+ size_t cn_idx = 0, cn_len = strlen( cn );
+
+ /* We can't have a match if there is no wildcard to match */
+ if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
+ return( -1 );
+
+ for( i = 0; i < cn_len; ++i )
+ {
+ if( cn[i] == '.' )
+ {
+ cn_idx = i;
+ break;
+ }
+ }
+
+ if( cn_idx == 0 )
+ return( -1 );
+
+ if( cn_len - cn_idx == name->len - 1 &&
+ x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
+ {
+ return( 0 );
+ }
+
+ return( -1 );
+}
+
+/*
+ * Compare two X.509 strings, case-insensitive, and allowing for some encoding
+ * variations (but not all).
+ *
+ * Return 0 if equal, -1 otherwise.
+ */
+static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b )
+{
+ if( a->tag == b->tag &&
+ a->len == b->len &&
+ memcmp( a->p, b->p, b->len ) == 0 )
+ {
+ return( 0 );
+ }
+
+ if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
+ ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
+ a->len == b->len &&
+ x509_memcasecmp( a->p, b->p, b->len ) == 0 )
+ {
+ return( 0 );
+ }
+
+ return( -1 );
+}
+
+/*
+ * Compare two X.509 Names (aka rdnSequence).
+ *
+ * See RFC 5280 section 7.1, though we don't implement the whole algorithm:
+ * we sometimes return unequal when the full algorithm would return equal,
+ * but never the other way. (In particular, we don't do Unicode normalisation
+ * or space folding.)
+ *
+ * Return 0 if equal, -1 otherwise.
+ */
+static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b )
+{
+ /* Avoid recursion, it might not be optimised by the compiler */
+ while( a != NULL || b != NULL )
+ {
+ if( a == NULL || b == NULL )
+ return( -1 );
+
+ /* type */
+ if( a->oid.tag != b->oid.tag ||
+ a->oid.len != b->oid.len ||
+ memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 )
+ {
+ return( -1 );
+ }
+
+ /* value */
+ if( x509_string_cmp( &a->val, &b->val ) != 0 )
+ return( -1 );
+
+ /* structure of the list of sets */
+ if( a->next_merged != b->next_merged )
+ return( -1 );
+
+ a = a->next;
+ b = b->next;
+ }
+
+ /* a == NULL == b */
+ return( 0 );
+}
+
+/*
+ * Reset (init or clear) a verify_chain
+ */
+static void x509_crt_verify_chain_reset(
+ mbedtls_x509_crt_verify_chain *ver_chain )
+{
+ size_t i;
+
+ for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ )
+ {
+ ver_chain->items[i].crt = NULL;
+ ver_chain->items[i].flags = (uint32_t) -1;
+ }
+
+ ver_chain->len = 0;
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ ver_chain->trust_ca_cb_result = NULL;
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+}
+
+/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*/
static int x509_get_version( unsigned char **p,
@@ -237,7 +402,7 @@
return( 0 );
}
- return( ret );
+ return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
}
end = *p + len;
@@ -304,7 +469,7 @@
if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
return( 0 );
- return( ret );
+ return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
}
uid->p = *p;
@@ -453,7 +618,8 @@
* nameAssigner [0] DirectoryString OPTIONAL,
* partyName [1] DirectoryString }
*
- * NOTE: we only parse and use dNSName at this point.
+ * NOTE: we list all types, but only use dNSName and otherName
+ * of type HwModuleName, as defined in RFC 4108, at this point.
*/
static int x509_get_subject_alt_name( unsigned char **p,
const unsigned char *end,
@@ -476,6 +642,9 @@
while( *p < end )
{
+ mbedtls_x509_subject_alternative_name dummy_san_buf;
+ memset( &dummy_san_buf, 0, sizeof( dummy_san_buf ) );
+
if( ( end - *p ) < 1 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
MBEDTLS_ERR_ASN1_OUT_OF_DATA );
@@ -492,11 +661,28 @@
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
}
- /* Skip everything but DNS name */
- if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) )
+ /*
+ * Check that the SAN are structured correct.
+ */
+ ret = mbedtls_x509_parse_subject_alt_name( &(cur->buf), &dummy_san_buf );
+ /*
+ * In case the extension is malformed, return an error,
+ * and clear the allocated sequences.
+ */
+ if( ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
{
- *p += tag_len;
- continue;
+ mbedtls_x509_sequence *seq_cur = subject_alt_name->next;
+ mbedtls_x509_sequence *seq_prv;
+ while( seq_cur != NULL )
+ {
+ seq_prv = seq_cur;
+ seq_cur = seq_cur->next;
+ mbedtls_platform_zeroize( seq_prv,
+ sizeof( mbedtls_x509_sequence ) );
+ mbedtls_free( seq_prv );
+ }
+ subject_alt_name->next = NULL;
+ return( ret );
}
/* Allocate and assign next pointer */
@@ -532,6 +718,168 @@
}
/*
+ * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
+ *
+ * anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 }
+ *
+ * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
+ *
+ * PolicyInformation ::= SEQUENCE {
+ * policyIdentifier CertPolicyId,
+ * policyQualifiers SEQUENCE SIZE (1..MAX) OF
+ * PolicyQualifierInfo OPTIONAL }
+ *
+ * CertPolicyId ::= OBJECT IDENTIFIER
+ *
+ * PolicyQualifierInfo ::= SEQUENCE {
+ * policyQualifierId PolicyQualifierId,
+ * qualifier ANY DEFINED BY policyQualifierId }
+ *
+ * -- policyQualifierIds for Internet policy qualifiers
+ *
+ * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
+ * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
+ * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
+ *
+ * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
+ *
+ * Qualifier ::= CHOICE {
+ * cPSuri CPSuri,
+ * userNotice UserNotice }
+ *
+ * CPSuri ::= IA5String
+ *
+ * UserNotice ::= SEQUENCE {
+ * noticeRef NoticeReference OPTIONAL,
+ * explicitText DisplayText OPTIONAL }
+ *
+ * NoticeReference ::= SEQUENCE {
+ * organization DisplayText,
+ * noticeNumbers SEQUENCE OF INTEGER }
+ *
+ * DisplayText ::= CHOICE {
+ * ia5String IA5String (SIZE (1..200)),
+ * visibleString VisibleString (SIZE (1..200)),
+ * bmpString BMPString (SIZE (1..200)),
+ * utf8String UTF8String (SIZE (1..200)) }
+ *
+ * NOTE: we only parse and use anyPolicy without qualifiers at this point
+ * as defined in RFC 5280.
+ */
+static int x509_get_certificate_policies( unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_sequence *certificate_policies )
+{
+ int ret, parse_ret = 0;
+ size_t len;
+ mbedtls_asn1_buf *buf;
+ mbedtls_asn1_sequence *cur = certificate_policies;
+
+ /* Get main sequence tag */
+ ret = mbedtls_asn1_get_tag( p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE );
+ if( ret != 0 )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ if( *p + len != end )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+ /*
+ * Cannot be an empty sequence.
+ */
+ if( len == 0 )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+ while( *p < end )
+ {
+ mbedtls_x509_buf policy_oid;
+ const unsigned char *policy_end;
+
+ /*
+ * Get the policy sequence
+ */
+ if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ policy_end = *p + len;
+
+ if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len,
+ MBEDTLS_ASN1_OID ) ) != 0 )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ policy_oid.tag = MBEDTLS_ASN1_OID;
+ policy_oid.len = len;
+ policy_oid.p = *p;
+
+ /*
+ * Only AnyPolicy is currently supported when enforcing policy.
+ */
+ if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_POLICY, &policy_oid ) != 0 )
+ {
+ /*
+ * Set the parsing return code but continue parsing, in case this
+ * extension is critical and MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ * is configured.
+ */
+ parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
+ }
+
+ /* Allocate and assign next pointer */
+ if( cur->buf.p != NULL )
+ {
+ if( cur->next != NULL )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
+
+ cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
+
+ if( cur->next == NULL )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+ MBEDTLS_ERR_ASN1_ALLOC_FAILED );
+
+ cur = cur->next;
+ }
+
+ buf = &( cur->buf );
+ buf->tag = policy_oid.tag;
+ buf->p = policy_oid.p;
+ buf->len = policy_oid.len;
+
+ *p += len;
+
+ /*
+ * If there is an optional qualifier, then *p < policy_end
+ * Check the Qualifier len to verify it doesn't exceed policy_end.
+ */
+ if( *p < policy_end )
+ {
+ if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+ /*
+ * Skip the optional policy qualifiers.
+ */
+ *p += len;
+ }
+
+ if( *p != policy_end )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ }
+
+ /* Set final sequence entry's next pointer to NULL */
+ cur->next = NULL;
+
+ if( *p != end )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+ return( parse_ret );
+}
+
+/*
* X.509 v3 extensions
*
*/
@@ -543,14 +891,13 @@
size_t len;
unsigned char *end_ext_data, *end_ext_octet;
+ if( *p == end )
+ return( 0 );
+
if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
- {
- if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
- return( 0 );
-
return( ret );
- }
+ end = crt->v3_ext.p + crt->v3_ext.len;
while( *p < end )
{
/*
@@ -570,18 +917,14 @@
end_ext_data = *p + len;
/* Get extension ID */
- extn_oid.tag = **p;
-
- if( ( ret = mbedtls_asn1_get_tag( p, end, &extn_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
+ if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len,
+ MBEDTLS_ASN1_OID ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+ extn_oid.tag = MBEDTLS_ASN1_OID;
extn_oid.p = *p;
*p += extn_oid.len;
- if( ( end - *p ) < 1 )
- return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
- MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
/* Get optional critical */
if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
@@ -662,8 +1005,39 @@
return( ret );
break;
+ case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES:
+ /* Parse certificate policies type */
+ if( ( ret = x509_get_certificate_policies( p, end_ext_octet,
+ &crt->certificate_policies ) ) != 0 )
+ {
+#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
+ if( is_critical )
+ return( ret );
+ else
+#endif
+ /*
+ * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we
+ * cannot interpret or enforce the policy. However, it is up to
+ * the user to choose how to enforce the policies,
+ * unless the extension is critical.
+ */
+ if( ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
+ return( ret );
+ }
+ break;
+
default:
- return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
+ /*
+ * If this is a non-critical extension, which the oid layer
+ * supports, but there isn't an x509 parser for it,
+ * skip the extension.
+ */
+#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
+ if( is_critical )
+ return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
+ else
+#endif
+ *p = end_ext_octet;
}
}
@@ -677,8 +1051,10 @@
/*
* Parse and fill a single X.509 certificate in DER format
*/
-static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *buf,
- size_t buflen )
+static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
+ const unsigned char *buf,
+ size_t buflen,
+ int make_copy )
{
int ret;
size_t len;
@@ -695,7 +1071,7 @@
if( crt == NULL || buf == NULL )
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
- // Use the original buffer until we figure out actual length
+ /* Use the original buffer until we figure out actual length. */
p = (unsigned char*) buf;
len = buflen;
end = p + len;
@@ -713,25 +1089,26 @@
return( MBEDTLS_ERR_X509_INVALID_FORMAT );
}
- if( len > (size_t) ( end - p ) )
- {
- mbedtls_x509_crt_free( crt );
- return( MBEDTLS_ERR_X509_INVALID_FORMAT +
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
- }
- crt_end = p + len;
-
- // Create and populate a new buffer for the raw field
- crt->raw.len = crt_end - buf;
- crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
- if( p == NULL )
- return( MBEDTLS_ERR_X509_ALLOC_FAILED );
-
- memcpy( p, buf, crt->raw.len );
-
- // Direct pointers to the new buffer
- p += crt->raw.len - len;
end = crt_end = p + len;
+ crt->raw.len = crt_end - buf;
+ if( make_copy != 0 )
+ {
+ /* Create and populate a new buffer for the raw field. */
+ crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
+ if( crt->raw.p == NULL )
+ return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+
+ memcpy( crt->raw.p, buf, crt->raw.len );
+ crt->own_buffer = 1;
+
+ p += crt->raw.len - len;
+ end = crt_end = p + len;
+ }
+ else
+ {
+ crt->raw.p = (unsigned char*) buf;
+ crt->own_buffer = 0;
+ }
/*
* TBSCertificate ::= SEQUENCE {
@@ -836,11 +1213,13 @@
/*
* SubjectPublicKeyInfo
*/
+ crt->pk_raw.p = p;
if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 )
{
mbedtls_x509_crt_free( crt );
return( ret );
}
+ crt->pk_raw.len = p - crt->pk_raw.p;
/*
* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
@@ -934,8 +1313,10 @@
* Parse one X.509 certificate in DER format from a buffer and add them to a
* chained list
*/
-int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
- size_t buflen )
+static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen,
+ int make_copy )
{
int ret;
mbedtls_x509_crt *crt = chain, *prev = NULL;
@@ -967,7 +1348,7 @@
crt = crt->next;
}
- if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
+ if( ( ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy ) ) != 0 )
{
if( prev )
prev->next = NULL;
@@ -981,11 +1362,27 @@
return( 0 );
}
+int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen )
+{
+ return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0 ) );
+}
+
+int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen )
+{
+ return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1 ) );
+}
+
/*
* Parse one or more PEM certificates from a buffer and add them to the chained
* list
*/
-int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
+int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen )
{
#if defined(MBEDTLS_PEM_PARSE_C)
int success = 0, first_error = 0, total_failed = 0;
@@ -1241,32 +1638,201 @@
}
#endif /* MBEDTLS_FS_IO */
-static int x509_info_subject_alt_name( char **buf, size_t *size,
- const mbedtls_x509_sequence *subject_alt_name )
+/*
+ * OtherName ::= SEQUENCE {
+ * type-id OBJECT IDENTIFIER,
+ * value [0] EXPLICIT ANY DEFINED BY type-id }
+ *
+ * HardwareModuleName ::= SEQUENCE {
+ * hwType OBJECT IDENTIFIER,
+ * hwSerialNum OCTET STRING }
+ *
+ * NOTE: we currently only parse and use otherName of type HwModuleName,
+ * as defined in RFC 4108.
+ */
+static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
+ mbedtls_x509_san_other_name *other_name )
{
- size_t i;
+ int ret = 0;
+ size_t len;
+ unsigned char *p = subject_alt_name->p;
+ const unsigned char *end = p + subject_alt_name->len;
+ mbedtls_x509_buf cur_oid;
+
+ if( ( subject_alt_name->tag &
+ ( MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK ) ) !=
+ ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ) )
+ {
+ /*
+ * The given subject alternative name is not of type "othername".
+ */
+ return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ }
+
+ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+ MBEDTLS_ASN1_OID ) ) != 0 )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ cur_oid.tag = MBEDTLS_ASN1_OID;
+ cur_oid.p = p;
+ cur_oid.len = len;
+
+ /*
+ * Only HwModuleName is currently supported.
+ */
+ if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid ) != 0 )
+ {
+ return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
+ }
+
+ if( p + len >= end )
+ {
+ mbedtls_platform_zeroize( other_name, sizeof( *other_name ) );
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ }
+ p += len;
+ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OID ) ) != 0 )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID;
+ other_name->value.hardware_module_name.oid.p = p;
+ other_name->value.hardware_module_name.oid.len = len;
+
+ if( p + len >= end )
+ {
+ mbedtls_platform_zeroize( other_name, sizeof( *other_name ) );
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ }
+ p += len;
+ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+ MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING;
+ other_name->value.hardware_module_name.val.p = p;
+ other_name->value.hardware_module_name.val.len = len;
+ p += len;
+ if( p != end )
+ {
+ mbedtls_platform_zeroize( other_name,
+ sizeof( *other_name ) );
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ }
+ return( 0 );
+}
+
+static int x509_info_subject_alt_name( char **buf, size_t *size,
+ const mbedtls_x509_sequence
+ *subject_alt_name,
+ const char *prefix )
+{
+ int ret;
size_t n = *size;
char *p = *buf;
const mbedtls_x509_sequence *cur = subject_alt_name;
- const char *sep = "";
- size_t sep_len = 0;
+ mbedtls_x509_subject_alternative_name san;
+ int parse_ret;
while( cur != NULL )
{
- if( cur->buf.len + sep_len >= n )
+ memset( &san, 0, sizeof( san ) );
+ parse_ret = mbedtls_x509_parse_subject_alt_name( &cur->buf, &san );
+ if( parse_ret != 0 )
{
- *p = '\0';
- return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+ if( parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
+ {
+ ret = mbedtls_snprintf( p, n, "\n%s <unsupported>", prefix );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ }
+ else
+ {
+ ret = mbedtls_snprintf( p, n, "\n%s <malformed>", prefix );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ }
+ cur = cur->next;
+ continue;
}
- n -= cur->buf.len + sep_len;
- for( i = 0; i < sep_len; i++ )
- *p++ = sep[i];
- for( i = 0; i < cur->buf.len; i++ )
- *p++ = cur->buf.p[i];
+ switch( san.type )
+ {
+ /*
+ * otherName
+ */
+ case MBEDTLS_X509_SAN_OTHER_NAME:
+ {
+ mbedtls_x509_san_other_name *other_name = &san.san.other_name;
- sep = ", ";
- sep_len = 2;
+ ret = mbedtls_snprintf( p, n, "\n%s otherName :", prefix );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
+ &other_name->value.hardware_module_name.oid ) != 0 )
+ {
+ ret = mbedtls_snprintf( p, n, "\n%s hardware module name :", prefix );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ ret = mbedtls_snprintf( p, n, "\n%s hardware type : ", prefix );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ ret = mbedtls_oid_get_numeric_string( p, n, &other_name->value.hardware_module_name.oid );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ if( other_name->value.hardware_module_name.val.len >= n )
+ {
+ *p = '\0';
+ return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+ }
+
+ memcpy( p, other_name->value.hardware_module_name.val.p,
+ other_name->value.hardware_module_name.val.len );
+ p += other_name->value.hardware_module_name.val.len;
+
+ n -= other_name->value.hardware_module_name.val.len;
+
+ }/* MBEDTLS_OID_ON_HW_MODULE_NAME */
+ }
+ break;
+
+ /*
+ * dNSName
+ */
+ case MBEDTLS_X509_SAN_DNS_NAME:
+ {
+ ret = mbedtls_snprintf( p, n, "\n%s dNSName : ", prefix );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ if( san.san.unstructured_name.len >= n )
+ {
+ *p = '\0';
+ return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+ }
+
+ memcpy( p, san.san.unstructured_name.p, san.san.unstructured_name.len );
+ p += san.san.unstructured_name.len;
+ n -= san.san.unstructured_name.len;
+ }
+ break;
+
+ /*
+ * Type not supported, skip item.
+ */
+ default:
+ ret = mbedtls_snprintf( p, n, "\n%s <unsupported>", prefix );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ break;
+ }
cur = cur->next;
}
@@ -1279,6 +1845,56 @@
return( 0 );
}
+int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
+ mbedtls_x509_subject_alternative_name *san )
+{
+ int ret;
+ switch( san_buf->tag &
+ ( MBEDTLS_ASN1_TAG_CLASS_MASK |
+ MBEDTLS_ASN1_TAG_VALUE_MASK ) )
+ {
+ /*
+ * otherName
+ */
+ case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ):
+ {
+ mbedtls_x509_san_other_name other_name;
+
+ ret = x509_get_other_name( san_buf, &other_name );
+ if( ret != 0 )
+ return( ret );
+
+ memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) );
+ san->type = MBEDTLS_X509_SAN_OTHER_NAME;
+ memcpy( &san->san.other_name,
+ &other_name, sizeof( other_name ) );
+
+ }
+ break;
+
+ /*
+ * dNSName
+ */
+ case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ):
+ {
+ memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) );
+ san->type = MBEDTLS_X509_SAN_DNS_NAME;
+
+ memcpy( &san->san.unstructured_name,
+ san_buf, sizeof( *san_buf ) );
+
+ }
+ break;
+
+ /*
+ * Type not supported
+ */
+ default:
+ return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
+ }
+ return( 0 );
+}
+
#define PRINT_ITEM(i) \
{ \
ret = mbedtls_snprintf( p, n, "%s" i, sep ); \
@@ -1287,7 +1903,7 @@
}
#define CERT_TYPE(type,name) \
- if( ns_cert_type & type ) \
+ if( ns_cert_type & (type) ) \
PRINT_ITEM( name );
static int x509_info_cert_type( char **buf, size_t *size,
@@ -1314,7 +1930,7 @@
}
#define KEY_USAGE(code,name) \
- if( key_usage & code ) \
+ if( key_usage & (code) ) \
PRINT_ITEM( name );
static int x509_info_key_usage( char **buf, size_t *size,
@@ -1370,6 +1986,35 @@
return( 0 );
}
+static int x509_info_cert_policies( char **buf, size_t *size,
+ const mbedtls_x509_sequence *certificate_policies )
+{
+ int ret;
+ const char *desc;
+ size_t n = *size;
+ char *p = *buf;
+ const mbedtls_x509_sequence *cur = certificate_policies;
+ const char *sep = "";
+
+ while( cur != NULL )
+ {
+ if( mbedtls_oid_get_certificate_policies( &cur->buf, &desc ) != 0 )
+ desc = "???";
+
+ ret = mbedtls_snprintf( p, n, "%s%s", sep, desc );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ sep = ", ";
+
+ cur = cur->next;
+ }
+
+ *size = n;
+ *buf = p;
+
+ return( 0 );
+}
+
/*
* Return an informational string about the certificate.
*/
@@ -1465,11 +2110,12 @@
if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
{
- ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix );
+ ret = mbedtls_snprintf( p, n, "\n%ssubject alt name :", prefix );
MBEDTLS_X509_SAFE_SNPRINTF;
if( ( ret = x509_info_subject_alt_name( &p, &n,
- &crt->subject_alt_names ) ) != 0 )
+ &crt->subject_alt_names,
+ prefix ) ) != 0 )
return( ret );
}
@@ -1501,6 +2147,16 @@
return( ret );
}
+ if( crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES )
+ {
+ ret = mbedtls_snprintf( p, n, "\n%scertificate policies : ", prefix );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ if( ( ret = x509_info_cert_policies( &p, &n,
+ &crt->certificate_policies ) ) != 0 )
+ return( ret );
+ }
+
ret = mbedtls_snprintf( p, n, "\n" );
MBEDTLS_X509_SAFE_SNPRINTF;
@@ -1662,9 +2318,7 @@
while( crl_list != NULL )
{
if( crl_list->version == 0 ||
- crl_list->issuer_raw.len != ca->subject_raw.len ||
- memcmp( crl_list->issuer_raw.p, ca->subject_raw.p,
- crl_list->issuer_raw.len ) != 0 )
+ x509_name_cmp( &crl_list->issuer, &ca->subject ) != 0 )
{
crl_list = crl_list->next;
continue;
@@ -1674,7 +2328,8 @@
* Check if the CA is configured to sign CRLs
*/
#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
- if( mbedtls_x509_crt_check_key_usage( ca, MBEDTLS_X509_KU_CRL_SIGN ) != 0 )
+ if( mbedtls_x509_crt_check_key_usage( ca,
+ MBEDTLS_X509_KU_CRL_SIGN ) != 0 )
{
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
break;
@@ -1735,159 +2390,59 @@
#endif /* MBEDTLS_X509_CRL_PARSE_C */
/*
- * Like memcmp, but case-insensitive and always returns -1 if different
- */
-static int x509_memcasecmp( const void *s1, const void *s2, size_t len )
-{
- size_t i;
- unsigned char diff;
- const unsigned char *n1 = s1, *n2 = s2;
-
- for( i = 0; i < len; i++ )
- {
- diff = n1[i] ^ n2[i];
-
- if( diff == 0 )
- continue;
-
- if( diff == 32 &&
- ( ( n1[i] >= 'a' && n1[i] <= 'z' ) ||
- ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
- {
- continue;
- }
-
- return( -1 );
- }
-
- return( 0 );
-}
-
-/*
- * Return 0 if name matches wildcard, -1 otherwise
- */
-static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name )
-{
- size_t i;
- size_t cn_idx = 0, cn_len = strlen( cn );
-
- /* We can't have a match if there is no wildcard to match */
- if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
- return( -1 );
-
- for( i = 0; i < cn_len; ++i )
- {
- if( cn[i] == '.' )
- {
- cn_idx = i;
- break;
- }
- }
-
- if( cn_idx == 0 )
- return( -1 );
-
- if( cn_len - cn_idx == name->len - 1 &&
- x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
- {
- return( 0 );
- }
-
- return( -1 );
-}
-
-/*
- * Compare two X.509 strings, case-insensitive, and allowing for some encoding
- * variations (but not all).
- *
- * Return 0 if equal, -1 otherwise.
- */
-static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b )
-{
- if( a->tag == b->tag &&
- a->len == b->len &&
- memcmp( a->p, b->p, b->len ) == 0 )
- {
- return( 0 );
- }
-
- if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
- ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
- a->len == b->len &&
- x509_memcasecmp( a->p, b->p, b->len ) == 0 )
- {
- return( 0 );
- }
-
- return( -1 );
-}
-
-/*
- * Compare two X.509 Names (aka rdnSequence).
- *
- * See RFC 5280 section 7.1, though we don't implement the whole algorithm:
- * we sometimes return unequal when the full algorithm would return equal,
- * but never the other way. (In particular, we don't do Unicode normalisation
- * or space folding.)
- *
- * Return 0 if equal, -1 otherwise.
- */
-static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b )
-{
- /* Avoid recursion, it might not be optimised by the compiler */
- while( a != NULL || b != NULL )
- {
- if( a == NULL || b == NULL )
- return( -1 );
-
- /* type */
- if( a->oid.tag != b->oid.tag ||
- a->oid.len != b->oid.len ||
- memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 )
- {
- return( -1 );
- }
-
- /* value */
- if( x509_string_cmp( &a->val, &b->val ) != 0 )
- return( -1 );
-
- /* structure of the list of sets */
- if( a->next_merged != b->next_merged )
- return( -1 );
-
- a = a->next;
- b = b->next;
- }
-
- /* a == NULL == b */
- return( 0 );
-}
-
-/*
* Check the signature of a certificate by its parent
*/
static int x509_crt_check_signature( const mbedtls_x509_crt *child,
- mbedtls_x509_crt *parent )
+ mbedtls_x509_crt *parent,
+ mbedtls_x509_crt_restart_ctx *rs_ctx )
{
- const mbedtls_md_info_t *md_info;
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-
+ size_t hash_len;
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
+ const mbedtls_md_info_t *md_info;
md_info = mbedtls_md_info_from_type( child->sig_md );
+ hash_len = mbedtls_md_get_size( md_info );
+
+ /* Note: hash errors can happen only after an internal error */
if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
- {
- /* Note: this can't happen except after an internal error */
return( -1 );
- }
+#else
+ psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
+ psa_algorithm_t hash_alg = mbedtls_psa_translate_md( child->sig_md );
- if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk,
- child->sig_md, hash, mbedtls_md_get_size( md_info ),
- child->sig.p, child->sig.len ) != 0 )
+ if( psa_hash_setup( &hash_operation, hash_alg ) != PSA_SUCCESS )
+ return( -1 );
+
+ if( psa_hash_update( &hash_operation, child->tbs.p, child->tbs.len )
+ != PSA_SUCCESS )
{
return( -1 );
}
- return( 0 );
+ if( psa_hash_finish( &hash_operation, hash, sizeof( hash ), &hash_len )
+ != PSA_SUCCESS )
+ {
+ return( -1 );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ /* Skip expensive computation on obvious mismatch */
+ if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) )
+ return( -1 );
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA )
+ {
+ return( mbedtls_pk_verify_restartable( &parent->pk,
+ child->sig_md, hash, hash_len,
+ child->sig.p, child->sig.len, &rs_ctx->pk ) );
+ }
+#else
+ (void) rs_ctx;
+#endif
+
+ return( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk,
+ child->sig_md, hash, hash_len,
+ child->sig.p, child->sig.len ) );
}
/*
@@ -1934,6 +2489,7 @@
* 1. subject name matches child's issuer
* 2. if necessary, the CA bit is set and key usage allows signing certs
* 3. for trusted roots, the signature is correct
+ * (for intermediates, the signature is checked and the result reported)
* 4. pathlen constraints are satisfied
*
* If there's a suitable candidate which is also time-valid, return the first
@@ -1956,23 +2512,54 @@
* Arguments:
* - [in] child: certificate for which we're looking for a parent
* - [in] candidates: chained list of potential parents
+ * - [out] r_parent: parent found (or NULL)
+ * - [out] r_signature_is_good: 1 if child signature by parent is valid, or 0
* - [in] top: 1 if candidates consists of trusted roots, ie we're at the top
* of the chain, 0 otherwise
* - [in] path_cnt: number of intermediates seen so far
* - [in] self_cnt: number of self-signed intermediates seen so far
* (will never be greater than path_cnt)
+ * - [in-out] rs_ctx: context for restarting operations
*
* Return value:
- * - the first suitable parent found (see above regarding time-validity)
- * - NULL if no suitable parent was found
+ * - 0 on success
+ * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
*/
-static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child,
- mbedtls_x509_crt *candidates,
- int top,
- size_t path_cnt,
- size_t self_cnt )
+static int x509_crt_find_parent_in(
+ mbedtls_x509_crt *child,
+ mbedtls_x509_crt *candidates,
+ mbedtls_x509_crt **r_parent,
+ int *r_signature_is_good,
+ int top,
+ unsigned path_cnt,
+ unsigned self_cnt,
+ mbedtls_x509_crt_restart_ctx *rs_ctx )
{
- mbedtls_x509_crt *parent, *badtime_parent = NULL;
+ int ret;
+ mbedtls_x509_crt *parent, *fallback_parent;
+ int signature_is_good, fallback_signature_is_good;
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ /* did we have something in progress? */
+ if( rs_ctx != NULL && rs_ctx->parent != NULL )
+ {
+ /* restore saved state */
+ parent = rs_ctx->parent;
+ fallback_parent = rs_ctx->fallback_parent;
+ fallback_signature_is_good = rs_ctx->fallback_signature_is_good;
+
+ /* clear saved state */
+ rs_ctx->parent = NULL;
+ rs_ctx->fallback_parent = NULL;
+ rs_ctx->fallback_signature_is_good = 0;
+
+ /* resume where we left */
+ goto check_signature;
+ }
+#endif
+
+ fallback_parent = NULL;
+ fallback_signature_is_good = 0;
for( parent = candidates; parent != NULL; parent = parent->next )
{
@@ -1988,17 +2575,38 @@
}
/* Signature */
- if( top && x509_crt_check_signature( child, parent ) != 0 )
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+check_signature:
+#endif
+ ret = x509_crt_check_signature( child, parent, rs_ctx );
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
{
- continue;
+ /* save state */
+ rs_ctx->parent = parent;
+ rs_ctx->fallback_parent = fallback_parent;
+ rs_ctx->fallback_signature_is_good = fallback_signature_is_good;
+
+ return( ret );
}
+#else
+ (void) ret;
+#endif
+
+ signature_is_good = ret == 0;
+ if( top && ! signature_is_good )
+ continue;
/* optional time check */
if( mbedtls_x509_time_is_past( &parent->valid_to ) ||
mbedtls_x509_time_is_future( &parent->valid_from ) )
{
- if( badtime_parent == NULL )
- badtime_parent = parent;
+ if( fallback_parent == NULL )
+ {
+ fallback_parent = parent;
+ fallback_signature_is_good = signature_is_good;
+ }
continue;
}
@@ -2006,10 +2614,18 @@
break;
}
- if( parent == NULL )
- parent = badtime_parent;
+ if( parent != NULL )
+ {
+ *r_parent = parent;
+ *r_signature_is_good = signature_is_good;
+ }
+ else
+ {
+ *r_parent = fallback_parent;
+ *r_signature_is_good = fallback_signature_is_good;
+ }
- return( parent );
+ return( 0 );
}
/*
@@ -2021,34 +2637,78 @@
* Arguments:
* - [in] child: certificate for which we're looking for a parent, followed
* by a chain of possible intermediates
- * - [in] trust_ca: locally trusted CAs
- * - [out] 1 if parent was found in trust_ca, 0 if found in provided chain
- * - [in] path_cnt: number of intermediates seen so far
- * - [in] self_cnt: number of self-signed intermediates seen so far
+ * - [in] trust_ca: list of locally trusted certificates
+ * - [out] parent: parent found (or NULL)
+ * - [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0
+ * - [out] signature_is_good: 1 if child signature by parent is valid, or 0
+ * - [in] path_cnt: number of links in the chain so far (EE -> ... -> child)
+ * - [in] self_cnt: number of self-signed certs in the chain so far
* (will always be no greater than path_cnt)
+ * - [in-out] rs_ctx: context for restarting operations
*
* Return value:
- * - the first suitable parent found (see find_parent_in() for "suitable")
- * - NULL if no suitable parent was found
+ * - 0 on success
+ * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
*/
-static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child,
- mbedtls_x509_crt *trust_ca,
- int *parent_is_trusted,
- size_t path_cnt,
- size_t self_cnt )
+static int x509_crt_find_parent(
+ mbedtls_x509_crt *child,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crt **parent,
+ int *parent_is_trusted,
+ int *signature_is_good,
+ unsigned path_cnt,
+ unsigned self_cnt,
+ mbedtls_x509_crt_restart_ctx *rs_ctx )
{
- mbedtls_x509_crt *parent;
+ int ret;
+ mbedtls_x509_crt *search_list;
- /* Look for a parent in trusted CAs */
*parent_is_trusted = 1;
- parent = x509_crt_find_parent_in( child, trust_ca, 1, path_cnt, self_cnt );
- if( parent != NULL )
- return( parent );
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ /* restore then clear saved state if we have some stored */
+ if( rs_ctx != NULL && rs_ctx->parent_is_trusted != -1 )
+ {
+ *parent_is_trusted = rs_ctx->parent_is_trusted;
+ rs_ctx->parent_is_trusted = -1;
+ }
+#endif
- /* Look for a parent upwards the chain */
- *parent_is_trusted = 0;
- return( x509_crt_find_parent_in( child, child->next, 0, path_cnt, self_cnt ) );
+ while( 1 ) {
+ search_list = *parent_is_trusted ? trust_ca : child->next;
+
+ ret = x509_crt_find_parent_in( child, search_list,
+ parent, signature_is_good,
+ *parent_is_trusted,
+ path_cnt, self_cnt, rs_ctx );
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ {
+ /* save state */
+ rs_ctx->parent_is_trusted = *parent_is_trusted;
+ return( ret );
+ }
+#else
+ (void) ret;
+#endif
+
+ /* stop here if found or already in second iteration */
+ if( *parent != NULL || *parent_is_trusted == 0 )
+ break;
+
+ /* prepare second iteration */
+ *parent_is_trusted = 0;
+ }
+
+ /* extra precaution against mistakes in the caller */
+ if( *parent == NULL )
+ {
+ *parent_is_trusted = 0;
+ *signature_is_good = 0;
+ }
+
+ return( 0 );
}
/*
@@ -2097,11 +2757,24 @@
* - EE, Ci1, ..., Ciq cannot be continued with a trusted root
* -> return that chain with NOT_TRUSTED set on Ciq
*
+ * Tests for (aspects of) this function should include at least:
+ * - trusted EE
+ * - EE -> trusted root
+ * - EE -> intermediate CA -> trusted root
+ * - if relevant: EE untrusted
+ * - if relevant: EE -> intermediate, untrusted
+ * with the aspect under test checked at each relevant level (EE, int, root).
+ * For some aspects longer chains are required, but usually length 2 is
+ * enough (but length 1 is not in general).
+ *
* Arguments:
* - [in] crt: the cert list EE, C1, ..., Cn
* - [in] trust_ca: the trusted list R1, ..., Rp
* - [in] ca_crl, profile: as in verify_with_profile()
- * - [out] ver_chain, chain_len: the built and verified chain
+ * - [out] ver_chain: the built and verified chain
+ * Only valid when return value is 0, may contain garbage otherwise!
+ * Restart note: need not be the same when calling again to resume.
+ * - [in-out] rs_ctx: context for restarting operations
*
* Return value:
* - non-zero if the chain could not be fully built and examined
@@ -2112,25 +2785,54 @@
mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
+ mbedtls_x509_crt_ca_cb_t f_ca_cb,
+ void *p_ca_cb,
const mbedtls_x509_crt_profile *profile,
- x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE],
- size_t *chain_len )
+ mbedtls_x509_crt_verify_chain *ver_chain,
+ mbedtls_x509_crt_restart_ctx *rs_ctx )
{
+ /* Don't initialize any of those variables here, so that the compiler can
+ * catch potential issues with jumping ahead when restarting */
+ int ret;
uint32_t *flags;
+ mbedtls_x509_crt_verify_chain_item *cur;
mbedtls_x509_crt *child;
mbedtls_x509_crt *parent;
- int parent_is_trusted = 0;
- int child_is_trusted = 0;
- size_t self_cnt = 0;
+ int parent_is_trusted;
+ int child_is_trusted;
+ int signature_is_good;
+ unsigned self_cnt;
+ mbedtls_x509_crt *cur_trust_ca = NULL;
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ /* resume if we had an operation in progress */
+ if( rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent )
+ {
+ /* restore saved state */
+ *ver_chain = rs_ctx->ver_chain; /* struct copy */
+ self_cnt = rs_ctx->self_cnt;
+
+ /* restore derived state */
+ cur = &ver_chain->items[ver_chain->len - 1];
+ child = cur->crt;
+ flags = &cur->flags;
+
+ goto find_parent;
+ }
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
child = crt;
- *chain_len = 0;
+ self_cnt = 0;
+ parent_is_trusted = 0;
+ child_is_trusted = 0;
while( 1 ) {
/* Add certificate to the verification chain */
- ver_chain[*chain_len].crt = child;
- flags = &ver_chain[*chain_len].flags;
- ++*chain_len;
+ cur = &ver_chain->items[ver_chain->len];
+ cur->crt = child;
+ cur->flags = 0;
+ ver_chain->len++;
+ flags = &cur->flags;
/* Check time-validity (all certificates) */
if( mbedtls_x509_time_is_past( &child->valid_to ) )
@@ -2151,15 +2853,57 @@
*flags |= MBEDTLS_X509_BADCERT_BAD_PK;
/* Special case: EE certs that are locally trusted */
- if( *chain_len == 1 &&
+ if( ver_chain->len == 1 &&
x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 )
{
return( 0 );
}
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+find_parent:
+#endif
+
+ /* Obtain list of potential trusted signers from CA callback,
+ * or use statically provided list. */
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ if( f_ca_cb != NULL )
+ {
+ mbedtls_x509_crt_free( ver_chain->trust_ca_cb_result );
+ mbedtls_free( ver_chain->trust_ca_cb_result );
+ ver_chain->trust_ca_cb_result = NULL;
+
+ ret = f_ca_cb( p_ca_cb, child, &ver_chain->trust_ca_cb_result );
+ if( ret != 0 )
+ return( MBEDTLS_ERR_X509_FATAL_ERROR );
+
+ cur_trust_ca = ver_chain->trust_ca_cb_result;
+ }
+ else
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+ {
+ ((void) f_ca_cb);
+ ((void) p_ca_cb);
+ cur_trust_ca = trust_ca;
+ }
+
/* Look for a parent in trusted CAs or up the chain */
- parent = x509_crt_find_parent( child, trust_ca, &parent_is_trusted,
- *chain_len - 1, self_cnt );
+ ret = x509_crt_find_parent( child, cur_trust_ca, &parent,
+ &parent_is_trusted, &signature_is_good,
+ ver_chain->len - 1, self_cnt, rs_ctx );
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ {
+ /* save state */
+ rs_ctx->in_progress = x509_crt_rs_find_parent;
+ rs_ctx->self_cnt = self_cnt;
+ rs_ctx->ver_chain = *ver_chain; /* struct copy */
+
+ return( ret );
+ }
+#else
+ (void) ret;
+#endif
/* No parent? We're done here */
if( parent == NULL )
@@ -2171,7 +2915,7 @@
/* Count intermediate self-issued (not necessarily self-signed) certs.
* These can occur with some strategies for key rollover, see [SIRO],
* and should be excluded from max_pathlen checks. */
- if( *chain_len != 1 &&
+ if( ver_chain->len != 1 &&
x509_name_cmp( &child->issuer, &child->subject ) == 0 )
{
self_cnt++;
@@ -2180,14 +2924,14 @@
/* path_cnt is 0 for the first intermediate CA,
* and if parent is trusted it's not an intermediate CA */
if( ! parent_is_trusted &&
- *chain_len > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
+ ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
{
/* return immediately to avoid overflow the chain array */
return( MBEDTLS_ERR_X509_FATAL_ERROR );
}
- /* if parent is trusted, the signature was checked by find_parent() */
- if( ! parent_is_trusted && x509_crt_check_signature( child, parent ) != 0 )
+ /* signature was checked while searching parent */
+ if( ! signature_is_good )
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
/* check size of signing key */
@@ -2205,6 +2949,7 @@
child = parent;
parent = NULL;
child_is_trusted = parent_is_trusted;
+ signature_is_good = 0;
}
}
@@ -2273,21 +3018,22 @@
*/
static int x509_crt_merge_flags_with_cb(
uint32_t *flags,
- x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE],
- size_t chain_len,
+ const mbedtls_x509_crt_verify_chain *ver_chain,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy )
{
int ret;
- size_t i;
+ unsigned i;
uint32_t cur_flags;
+ const mbedtls_x509_crt_verify_chain_item *cur;
- for( i = chain_len; i != 0; --i )
+ for( i = ver_chain->len; i != 0; --i )
{
- cur_flags = ver_chain[i-1].flags;
+ cur = &ver_chain->items[i-1];
+ cur_flags = cur->flags;
if( NULL != f_vrfy )
- if( ( ret = f_vrfy( p_vrfy, ver_chain[i-1].crt, (int) i-1, &cur_flags ) ) != 0 )
+ if( ( ret = f_vrfy( p_vrfy, cur->crt, (int) i-1, &cur_flags ) ) != 0 )
return( ret );
*flags |= cur_flags;
@@ -2297,21 +3043,7 @@
}
/*
- * Verify the certificate validity
- */
-int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
- mbedtls_x509_crt *trust_ca,
- mbedtls_x509_crl *ca_crl,
- const char *cn, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy )
-{
- return( mbedtls_x509_crt_verify_with_profile( crt, trust_ca, ca_crl,
- &mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) );
-}
-
-/*
- * Verify the certificate validity, with profile
+ * Verify the certificate validity, with profile, restartable version
*
* This function:
* - checks the requested CN (if any)
@@ -2319,24 +3051,33 @@
* as that isn't done as part of chain building/verification currently
* - builds and verifies the chain
* - then calls the callback and merges the flags
+ *
+ * The parameters pairs `trust_ca`, `ca_crl` and `f_ca_cb`, `p_ca_cb`
+ * are mutually exclusive: If `f_ca_cb != NULL`, it will be used by the
+ * verification routine to search for trusted signers, and CRLs will
+ * be disabled. Otherwise, `trust_ca` will be used as the static list
+ * of trusted signers, and `ca_crl` will be use as the static list
+ * of CRLs.
*/
-int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
+static int x509_crt_verify_restartable_ca_cb( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
+ mbedtls_x509_crt_ca_cb_t f_ca_cb,
+ void *p_ca_cb,
const mbedtls_x509_crt_profile *profile,
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy )
+ void *p_vrfy,
+ mbedtls_x509_crt_restart_ctx *rs_ctx )
{
int ret;
mbedtls_pk_type_t pk_type;
- x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE];
- size_t chain_len;
- uint32_t *ee_flags = &ver_chain[0].flags;
+ mbedtls_x509_crt_verify_chain ver_chain;
+ uint32_t ee_flags;
*flags = 0;
- memset( ver_chain, 0, sizeof( ver_chain ) );
- chain_len = 0;
+ ee_flags = 0;
+ x509_crt_verify_chain_reset( &ver_chain );
if( profile == NULL )
{
@@ -2346,28 +3087,44 @@
/* check name if requested */
if( cn != NULL )
- x509_crt_verify_name( crt, cn, ee_flags );
+ x509_crt_verify_name( crt, cn, &ee_flags );
/* Check the type and size of the key */
pk_type = mbedtls_pk_get_type( &crt->pk );
if( x509_profile_check_pk_alg( profile, pk_type ) != 0 )
- *ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
+ ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
if( x509_profile_check_key( profile, &crt->pk ) != 0 )
- *ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
+ ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
/* Check the chain */
- ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile,
- ver_chain, &chain_len );
+ ret = x509_crt_verify_chain( crt, trust_ca, ca_crl,
+ f_ca_cb, p_ca_cb, profile,
+ &ver_chain, rs_ctx );
+
if( ret != 0 )
goto exit;
+ /* Merge end-entity flags */
+ ver_chain.items[0].flags |= ee_flags;
+
/* Build final flags, calling callback on the way if any */
- ret = x509_crt_merge_flags_with_cb( flags,
- ver_chain, chain_len, f_vrfy, p_vrfy );
+ ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy );
exit:
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ mbedtls_x509_crt_free( ver_chain.trust_ca_cb_result );
+ mbedtls_free( ver_chain.trust_ca_cb_result );
+ ver_chain.trust_ca_cb_result = NULL;
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
+ mbedtls_x509_crt_restart_free( rs_ctx );
+#endif
+
/* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
* the SSL module for authmode optional, but non-zero return from the
* callback means a fatal error so it shouldn't be ignored */
@@ -2386,6 +3143,77 @@
return( 0 );
}
+
+/*
+ * Verify the certificate validity (default profile, not restartable)
+ */
+int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crl *ca_crl,
+ const char *cn, uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy )
+{
+ return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl,
+ NULL, NULL,
+ &mbedtls_x509_crt_profile_default,
+ cn, flags,
+ f_vrfy, p_vrfy, NULL ) );
+}
+
+/*
+ * Verify the certificate validity (user-chosen profile, not restartable)
+ */
+int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crl *ca_crl,
+ const mbedtls_x509_crt_profile *profile,
+ const char *cn, uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy )
+{
+ return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl,
+ NULL, NULL,
+ profile, cn, flags,
+ f_vrfy, p_vrfy, NULL ) );
+}
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+/*
+ * Verify the certificate validity (user-chosen profile, CA callback,
+ * not restartable).
+ */
+int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt,
+ mbedtls_x509_crt_ca_cb_t f_ca_cb,
+ void *p_ca_cb,
+ const mbedtls_x509_crt_profile *profile,
+ const char *cn, uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy )
+{
+ return( x509_crt_verify_restartable_ca_cb( crt, NULL, NULL,
+ f_ca_cb, p_ca_cb,
+ profile, cn, flags,
+ f_vrfy, p_vrfy, NULL ) );
+}
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
+int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crl *ca_crl,
+ const mbedtls_x509_crt_profile *profile,
+ const char *cn, uint32_t *flags,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy,
+ mbedtls_x509_crt_restart_ctx *rs_ctx )
+{
+ return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl,
+ NULL, NULL,
+ profile, cn, flags,
+ f_vrfy, p_vrfy, rs_ctx ) );
+}
+
+
/*
* Initialize a certificate chain
*/
@@ -2455,7 +3283,17 @@
mbedtls_free( seq_prv );
}
- if( cert_cur->raw.p != NULL )
+ seq_cur = cert_cur->certificate_policies.next;
+ while( seq_cur != NULL )
+ {
+ seq_prv = seq_cur;
+ seq_cur = seq_cur->next;
+ mbedtls_platform_zeroize( seq_prv,
+ sizeof( mbedtls_x509_sequence ) );
+ mbedtls_free( seq_prv );
+ }
+
+ if( cert_cur->raw.p != NULL && cert_cur->own_buffer )
{
mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len );
mbedtls_free( cert_cur->raw.p );
@@ -2478,4 +3316,36 @@
while( cert_cur != NULL );
}
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+/*
+ * Initialize a restart context
+ */
+void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx )
+{
+ mbedtls_pk_restart_init( &ctx->pk );
+
+ ctx->parent = NULL;
+ ctx->fallback_parent = NULL;
+ ctx->fallback_signature_is_good = 0;
+
+ ctx->parent_is_trusted = -1;
+
+ ctx->in_progress = x509_crt_rs_none;
+ ctx->self_cnt = 0;
+ x509_crt_verify_chain_reset( &ctx->ver_chain );
+}
+
+/*
+ * Free the components of a restart context
+ */
+void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx )
+{
+ if( ctx == NULL )
+ return;
+
+ mbedtls_pk_restart_free( &ctx->pk );
+ mbedtls_x509_crt_restart_init( ctx );
+}
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
+
#endif /* MBEDTLS_X509_CRT_PARSE_C */
diff --git a/library/x509_csr.c b/library/x509_csr.c
index f844257..c8c08c8 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -279,15 +279,24 @@
{
mbedtls_pem_init( &pem );
ret = mbedtls_pem_read_buffer( &pem,
- "-----BEGIN CERTIFICATE REQUEST-----",
- "-----END CERTIFICATE REQUEST-----",
- buf, NULL, 0, &use_len );
+ "-----BEGIN CERTIFICATE REQUEST-----",
+ "-----END CERTIFICATE REQUEST-----",
+ buf, NULL, 0, &use_len );
+ if( ret == MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+ {
+ ret = mbedtls_pem_read_buffer( &pem,
+ "-----BEGIN NEW CERTIFICATE REQUEST-----",
+ "-----END NEW CERTIFICATE REQUEST-----",
+ buf, NULL, 0, &use_len );
+ }
if( ret == 0 )
+ {
/*
* Was PEM encoded, parse the result
*/
ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen );
+ }
mbedtls_pem_free( &pem );
if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index b1ef216..03fb3fd 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -45,6 +45,16 @@
#include "mbedtls/pem.h"
#endif /* MBEDTLS_PEM_WRITE_C */
+/*
+ * For the currently used signature algorithms the buffer to store any signature
+ * must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
+ */
+#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
+#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
+#else
+#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
+#endif
+
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
{
memset( ctx, 0, sizeof( mbedtls_x509write_cert ) );
@@ -64,39 +74,44 @@
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_cert ) );
}
-void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version )
+void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx,
+ int version )
{
ctx->version = version;
}
-void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg )
+void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx,
+ mbedtls_md_type_t md_alg )
{
ctx->md_alg = md_alg;
}
-void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key )
+void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx,
+ mbedtls_pk_context *key )
{
ctx->subject_key = key;
}
-void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key )
+void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx,
+ mbedtls_pk_context *key )
{
ctx->issuer_key = key;
}
int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
- const char *subject_name )
+ const char *subject_name )
{
return mbedtls_x509_string_to_names( &ctx->subject, subject_name );
}
int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
- const char *issuer_name )
+ const char *issuer_name )
{
return mbedtls_x509_string_to_names( &ctx->issuer, issuer_name );
}
-int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial )
+int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx,
+ const mbedtls_mpi *serial )
{
int ret;
@@ -106,8 +121,9 @@
return( 0 );
}
-int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
- const char *not_after )
+int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx,
+ const char *not_before,
+ const char *not_after )
{
if( strlen( not_before ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 ||
strlen( not_after ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 )
@@ -127,12 +143,12 @@
int critical,
const unsigned char *val, size_t val_len )
{
- return mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len,
- critical, val, val_len );
+ return( mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len,
+ critical, val, val_len ) );
}
int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
- int is_ca, int max_pathlen )
+ int is_ca, int max_pathlen )
{
int ret;
unsigned char buf[9];
@@ -148,18 +164,21 @@
{
if( max_pathlen >= 0 )
{
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, max_pathlen ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf,
+ max_pathlen ) );
}
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( &c, buf, 1 ) );
}
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) );
- return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ),
- 0, buf + sizeof(buf) - len, len );
+ return(
+ mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS,
+ MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ),
+ 0, buf + sizeof(buf) - len, len ) );
}
#if defined(MBEDTLS_SHA1_C)
@@ -171,7 +190,8 @@
size_t len = 0;
memset( buf, 0, sizeof(buf) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) );
ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len,
buf + sizeof( buf ) - 20 );
@@ -181,11 +201,13 @@
len = 20;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_OCTET_STRING ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_OCTET_STRING ) );
- return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ),
- 0, buf + sizeof(buf) - len, len );
+ return mbedtls_x509write_crt_set_extension( ctx,
+ MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
+ MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ),
+ 0, buf + sizeof(buf) - len, len );
}
int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx )
@@ -196,7 +218,8 @@
size_t len = 0;
memset( buf, 0, sizeof(buf) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) );
ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len,
buf + sizeof( buf ) - 20 );
@@ -206,38 +229,55 @@
len = 20;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0 ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0 ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag( &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE ) );
- return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
- 0, buf + sizeof( buf ) - len, len );
+ return mbedtls_x509write_crt_set_extension(
+ ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
+ MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
+ 0, buf + sizeof( buf ) - len, len );
}
#endif /* MBEDTLS_SHA1_C */
int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
unsigned int key_usage )
{
- unsigned char buf[4], ku;
+ unsigned char buf[5], ku[2];
unsigned char *c;
int ret;
+ const unsigned int allowed_bits = MBEDTLS_X509_KU_DIGITAL_SIGNATURE |
+ MBEDTLS_X509_KU_NON_REPUDIATION |
+ MBEDTLS_X509_KU_KEY_ENCIPHERMENT |
+ MBEDTLS_X509_KU_DATA_ENCIPHERMENT |
+ MBEDTLS_X509_KU_KEY_AGREEMENT |
+ MBEDTLS_X509_KU_KEY_CERT_SIGN |
+ MBEDTLS_X509_KU_CRL_SIGN |
+ MBEDTLS_X509_KU_ENCIPHER_ONLY |
+ MBEDTLS_X509_KU_DECIPHER_ONLY;
- /* We currently only support 7 bits, from 0x80 to 0x02 */
- if( ( key_usage & ~0xfe ) != 0 )
+ /* Check that nothing other than the allowed flags is set */
+ if( ( key_usage & ~allowed_bits ) != 0 )
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
- c = buf + 4;
- ku = (unsigned char) key_usage;
+ c = buf + 5;
+ ku[0] = (unsigned char)( key_usage );
+ ku[1] = (unsigned char)( key_usage >> 8 );
+ ret = mbedtls_asn1_write_named_bitstring( &c, buf, ku, 9 );
- if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ku, 7 ) ) != 4 )
+ if( ret < 0 )
return( ret );
+ else if( ret < 3 || ret > 5 )
+ return( MBEDTLS_ERR_X509_INVALID_FORMAT );
ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
- 1, buf, 4 );
+ MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
+ 1, c, (size_t)ret );
if( ret != 0 )
return( ret );
@@ -253,12 +293,13 @@
c = buf + 4;
- if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
+ ret = mbedtls_asn1_write_named_bitstring( &c, buf, &ns_cert_type, 8 );
+ if( ret < 3 || ret > 4 )
return( ret );
ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
- MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
- 0, buf, 4 );
+ MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
+ 0, c, (size_t)ret );
if( ret != 0 )
return( ret );
@@ -280,7 +321,8 @@
(const unsigned char *) t + 2,
size - 2 ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_UTC_TIME ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
+ MBEDTLS_ASN1_UTC_TIME ) );
}
else
{
@@ -288,31 +330,32 @@
(const unsigned char *) t,
size ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_GENERALIZED_TIME ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
+ MBEDTLS_ASN1_GENERALIZED_TIME ) );
}
return( (int) len );
}
-int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx,
+ unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
int ret;
const char *sig_oid;
size_t sig_oid_len = 0;
unsigned char *c, *c2;
unsigned char hash[64];
- unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
- unsigned char tmp_buf[2048];
+ unsigned char sig[SIGNATURE_MAX_SIZE];
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
mbedtls_pk_type_t pk_alg;
/*
- * Prepare data to be signed in tmp_buf
+ * Prepare data to be signed at the end of the target buffer
*/
- c = tmp_buf + sizeof( tmp_buf );
+ c = buf + size;
/* Signature algorithm needed in TBS, and later for actual signature */
@@ -338,27 +381,36 @@
/* Only for v3 */
if( ctx->version == MBEDTLS_X509_CRT_VERSION_3 )
{
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED | 3 ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_x509_write_extensions( &c,
+ buf, ctx->extensions ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag( &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag( &c, buf,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED | 3 ) );
}
/*
* SubjectPublicKeyInfo
*/
- MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->subject_key,
- tmp_buf, c - tmp_buf ) );
+ MBEDTLS_ASN1_CHK_ADD( pub_len,
+ mbedtls_pk_write_pubkey_der( ctx->subject_key,
+ buf, c - buf ) );
c -= pub_len;
len += pub_len;
/*
* Subject ::= Name
*/
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->subject ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_x509_write_names( &c, buf,
+ ctx->subject ) );
/*
* Validity ::= SEQUENCE {
@@ -367,32 +419,39 @@
*/
sub_len = 0;
- MBEDTLS_ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_after,
- MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
+ MBEDTLS_ASN1_CHK_ADD( sub_len,
+ x509_write_time( &c, buf, ctx->not_after,
+ MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
- MBEDTLS_ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_before,
- MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
+ MBEDTLS_ASN1_CHK_ADD( sub_len,
+ x509_write_time( &c, buf, ctx->not_before,
+ MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
len += sub_len;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, sub_len ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag( &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE ) );
/*
* Issuer ::= Name
*/
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->issuer ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, buf,
+ ctx->issuer ) );
/*
* Signature ::= AlgorithmIdentifier
*/
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, tmp_buf,
- sig_oid, strlen( sig_oid ), 0 ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_algorithm_identifier( &c, buf,
+ sig_oid, strlen( sig_oid ), 0 ) );
/*
* Serial ::= INTEGER
*/
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, tmp_buf, &ctx->serial ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf,
+ &ctx->serial ) );
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
@@ -402,48 +461,67 @@
if( ctx->version != MBEDTLS_X509_CRT_VERSION_1 )
{
sub_len = 0;
- MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) );
+ MBEDTLS_ASN1_CHK_ADD( sub_len,
+ mbedtls_asn1_write_int( &c, buf, ctx->version ) );
len += sub_len;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_len( &c, buf, sub_len ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag( &c, buf,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
}
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len,
+ mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE ) );
/*
* Make signature
*/
+
+ /* Compute hash of CRT. */
if( ( ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c,
len, hash ) ) != 0 )
{
return( ret );
}
- if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg, hash, 0, sig, &sig_len,
- f_rng, p_rng ) ) != 0 )
+ if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg,
+ hash, 0, sig, &sig_len,
+ f_rng, p_rng ) ) != 0 )
{
return( ret );
}
- /*
- * Write data to output buffer
- */
+ /* Move CRT to the front of the buffer to have space
+ * for the signature. */
+ memmove( buf, c, len );
+ c = buf + len;
+
+ /* Add signature at the end of the buffer,
+ * making sure that it doesn't underflow
+ * into the CRT buffer. */
c2 = buf + size;
- MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf,
+ MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, c,
sig_oid, sig_oid_len, sig, sig_len ) );
- if( len > (size_t)( c2 - buf ) )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+ /*
+ * Memory layout after this step:
+ *
+ * buf c=buf+len c2 buf+size
+ * [CRT0,...,CRTn, UNUSED, ..., UNUSED, SIG0, ..., SIGm]
+ */
- c2 -= len;
- memcpy( c2, c, len );
+ /* Move raw CRT to just before the signature. */
+ c = c2 - len;
+ memmove( c, buf, len );
len += sig_and_oid_len;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) );
return( (int) len );
@@ -453,23 +531,23 @@
#define PEM_END_CRT "-----END CERTIFICATE-----\n"
#if defined(MBEDTLS_PEM_WRITE_C)
-int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt,
+ unsigned char *buf, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
int ret;
- unsigned char output_buf[4096];
- size_t olen = 0;
+ size_t olen;
- if( ( ret = mbedtls_x509write_crt_der( crt, output_buf, sizeof(output_buf),
+ if( ( ret = mbedtls_x509write_crt_der( crt, buf, size,
f_rng, p_rng ) ) < 0 )
{
return( ret );
}
if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CRT, PEM_END_CRT,
- output_buf + sizeof(output_buf) - ret,
- ret, buf, size, &olen ) ) != 0 )
+ buf + size - ret, ret,
+ buf, size, &olen ) ) != 0 )
{
return( ret );
}
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 66cee56..0d62d1d 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -37,6 +37,11 @@
#include "mbedtls/asn1write.h"
#include "mbedtls/platform_util.h"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#include "mbedtls/psa_util.h"
+#endif
+
#include <string.h>
#include <stdlib.h>
@@ -44,6 +49,16 @@
#include "mbedtls/pem.h"
#endif
+/*
+ * For the currently used signature algorithms the buffer to store any signature
+ * must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
+ */
+#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
+#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
+#else
+#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
+#endif
+
void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
{
memset( ctx, 0, sizeof( mbedtls_x509write_csr ) );
@@ -89,12 +104,13 @@
c = buf + 4;
- if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &key_usage, 7 ) ) != 4 )
+ ret = mbedtls_asn1_write_named_bitstring( &c, buf, &key_usage, 8 );
+ if( ret < 3 || ret > 4 )
return( ret );
ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
- buf, 4 );
+ c, (size_t)ret );
if( ret != 0 )
return( ret );
@@ -110,12 +126,13 @@
c = buf + 4;
- if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
+ ret = mbedtls_asn1_write_named_bitstring( &c, buf, &ns_cert_type, 8 );
+ if( ret < 3 || ret > 4 )
return( ret );
ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
- buf, 4 );
+ c, (size_t)ret );
if( ret != 0 )
return( ret );
@@ -131,12 +148,16 @@
size_t sig_oid_len = 0;
unsigned char *c, *c2;
unsigned char hash[64];
- unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
+ unsigned char sig[SIGNATURE_MAX_SIZE];
unsigned char tmp_buf[2048];
size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
mbedtls_pk_type_t pk_alg;
-
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
+ size_t hash_len;
+ psa_algorithm_t hash_alg = mbedtls_psa_translate_md( ctx->md_alg );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* Prepare data to be signed in tmp_buf
*/
@@ -187,9 +208,23 @@
/*
* Prepare signature
+ * Note: hash errors can happen only after an internal error
*/
- mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( psa_hash_setup( &hash_operation, hash_alg ) != PSA_SUCCESS )
+ return( MBEDTLS_ERR_X509_FATAL_ERROR );
+ if( psa_hash_update( &hash_operation, c, len ) != PSA_SUCCESS )
+ return( MBEDTLS_ERR_X509_FATAL_ERROR );
+
+ if( psa_hash_finish( &hash_operation, hash, sizeof( hash ), &hash_len )
+ != PSA_SUCCESS )
+ {
+ return( MBEDTLS_ERR_X509_FATAL_ERROR );
+ }
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+ mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
+#endif
if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
f_rng, p_rng ) ) != 0 )
{
diff --git a/programs/.gitignore b/programs/.gitignore
index 0241896..4d78930 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -49,6 +49,7 @@
test/ssl_cert_test
test/udp_proxy
test/zeroize
+test/query_compile_time_config
util/pem2der
util/strerror
x509/cert_app
diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt
index 4cdae78..2af4d11 100644
--- a/programs/CMakeLists.txt
+++ b/programs/CMakeLists.txt
@@ -6,3 +6,6 @@
add_subdirectory(test)
add_subdirectory(x509)
add_subdirectory(util)
+if (NOT WIN32)
+ add_subdirectory(fuzz)
+endif()
diff --git a/programs/Makefile b/programs/Makefile
index b6d1fa2..857be78 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -3,8 +3,8 @@
# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
CFLAGS ?= -O2
-WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement
-WARNING_CXXFLAGS ?= -Wall -W
+WARNING_CFLAGS ?= -Wall -Wextra
+WARNING_CXXFLAGS ?= -Wall -Wextra
LDFLAGS ?=
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
@@ -14,10 +14,14 @@
-lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX)
+LOCAL_LDFLAGS += -L../crypto/library
+LOCAL_CFLAGS += -I../crypto/include
+LOCAL_CXXFLAGS += -I../crypto/include
+
ifndef SHARED
-DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
+DEP=../crypto/library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
else
-DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT)
+DEP=../crypto/library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT)
endif
ifdef DEBUG
@@ -67,9 +71,10 @@
ssl/ssl_mail_client$(EXEXT) random/gen_entropy$(EXEXT) \
random/gen_random_havege$(EXEXT) \
random/gen_random_ctr_drbg$(EXEXT) \
- test/ssl_cert_test$(EXEXT) test/benchmark$(EXEXT) \
+ test/benchmark$(EXEXT) \
test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \
test/zeroize$(EXEXT) \
+ test/query_compile_time_config$(EXEXT) \
util/pem2der$(EXEXT) util/strerror$(EXEXT) \
x509/cert_app$(EXEXT) x509/crl_app$(EXEXT) \
x509/cert_req$(EXEXT) x509/cert_write$(EXEXT) \
@@ -85,9 +90,18 @@
.SILENT:
-.PHONY: all clean list
+.PHONY: all clean list fuzz
all: $(APPS)
+ifndef WINDOWS
+# APPS doesn't include the fuzzing programs, which aren't "normal"
+# sample or test programs, and don't build with MSVC which is
+# warning about fopen
+all: fuzz
+endif
+
+fuzz:
+ $(MAKE) -C fuzz
$(DEP):
$(MAKE) -C ../library
@@ -212,17 +226,17 @@
echo " CC ssl/ssl_client1.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client1.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-ssl/ssl_client2$(EXEXT): ssl/ssl_client2.c $(DEP)
+ssl/ssl_client2$(EXEXT): ssl/ssl_client2.c ssl/query_config.c $(DEP)
echo " CC ssl/ssl_client2.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client2.c ssl/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
ssl/ssl_server$(EXEXT): ssl/ssl_server.c $(DEP)
echo " CC ssl/ssl_server.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c $(DEP)
+ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c ssl/query_config.c $(DEP)
echo " CC ssl/ssl_server2.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c ssl/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
ssl/ssl_fork_server$(EXEXT): ssl/ssl_fork_server.c $(DEP)
echo " CC ssl/ssl_fork_server.c"
@@ -240,10 +254,6 @@
echo " CC ssl/mini_client.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/mini_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test/ssl_cert_test$(EXEXT): test/ssl_cert_test.c $(DEP)
- echo " CC test/ssl_cert_test.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/ssl_cert_test.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
test/benchmark$(EXEXT): test/benchmark.c $(DEP)
echo " CC test/benchmark.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -264,6 +274,10 @@
echo " CC test/zeroize.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+test/query_compile_time_config$(EXEXT): test/query_compile_time_config.c ssl/query_config.c $(DEP)
+ echo " CC test/query_compile_time_config.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_compile_time_config.c ssl/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
util/pem2der$(EXEXT): util/pem2der.c $(DEP)
echo " CC util/pem2der.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/pem2der.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -295,9 +309,12 @@
clean:
ifndef WINDOWS
rm -f $(APPS)
+ -rm -f ssl/ssl_pthread_server$(EXEXT)
+ -rm -f test/cpp_dummy_build$(EXEXT)
else
del /S /Q /F *.o *.exe
endif
+ $(MAKE) -C fuzz clean
list:
echo $(APPS)
diff --git a/programs/README.md b/programs/README.md
new file mode 100644
index 0000000..d26349d
--- /dev/null
+++ b/programs/README.md
@@ -0,0 +1,123 @@
+Mbed TLS sample programs
+========================
+
+This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs.
+
+## Symmetric cryptography (AES) examples
+
+* [`aes/aescrypt2.c`](aes/aescrypt2.c): file encryption and authentication with a key derived from a low-entropy secret, demonstrating the low-level AES interface, the digest interface and HMAC.
+ Warning: this program illustrates how to use low-level functions in the library. It should not be taken as an example of how to build a secure encryption mechanism. To derive a key from a low-entropy secret such as a password, use a standard key stretching mechanism such as PBKDF2 (provided by the `pkcs5` module). To encrypt and authenticate data, use a standard mode such as GCM or CCM (both available as library module).
+
+* [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface.
+
+## Hash (digest) examples
+
+* [`hash/generic_sum.c`](hash/generic_sum.c): file hash calculator and verifier, demonstrating the message digest (`md`) interface.
+
+* [`hash/hello.c`](hash/hello.c): hello-world program for MD5.
+
+## Public-key cryptography examples
+
+### Generic public-key cryptography (`pk`) examples
+
+* [`pkey/gen_key.c`](pkey/gen_key.c): generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs.
+
+* [`pkey/key_app.c`](pkey/key_app.c): loads a PEM or DER public key or private key file and dumps its content.
+
+* [`pkey/key_app_writer.c`](pkey/key_app_writer.c): loads a PEM or DER public key or private key file and writes it to a new PEM or DER file.
+
+* [`pkey/pk_encrypt.c`](pkey/pk_encrypt.c), [`pkey/pk_decrypt.c`](pkey/pk_decrypt.c): loads a PEM or DER public/private key file and uses the key to encrypt/decrypt a short string through the generic public-key interface.
+
+* [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): loads a PEM or DER private/public key file and uses the key to sign/verify a short string.
+
+### ECDSA and RSA signature examples
+
+* [`pkey/ecdsa.c`](pkey/ecdsa.c): generates an ECDSA key, signs a fixed message and verifies the signature.
+
+* [`pkey/rsa_encrypt.c`](pkey/rsa_encrypt.c), [`pkey/rsa_decrypt.c`](pkey/rsa_decrypt.c): loads an RSA public/private key and uses it to encrypt/decrypt a short string through the low-level RSA interface.
+
+* [`pkey/rsa_genkey.c`](pkey/rsa_genkey.c): generates an RSA key and writes it to a file that can be used with the other RSA sample programs.
+
+* [`pkey/rsa_sign.c`](pkey/rsa_sign.c), [`pkey/rsa_verify.c`](pkey/rsa_verify.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSA PKCS#1 v1.5 algorithm.
+
+* [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSASSA-PSS algorithm.
+
+### Diffie-Hellman key exchange examples
+
+* [`pkey/dh_client.c`](pkey/dh_client.c), [`pkey/dh_server.c`](pkey/dh_server.c): secure channel demonstrators (client, server). This pair of programs illustrates how to set up a secure channel using RSA for authentication and Diffie-Hellman to generate a shared AES session key.
+
+* [`pkey/ecdh_curve25519.c`](pkey/ecdh_curve25519.c): demonstration of a elliptic curve Diffie-Hellman (ECDH) key agreement.
+
+### Bignum (`mpi`) usage examples
+
+* [`pkey/dh_genprime.c`](pkey/dh_genprime.c): shows how to use the bignum (`mpi`) interface to generate Diffie-Hellman parameters.
+
+* [`pkey/mpi_demo.c`](pkey/mpi_demo.c): demonstrates operations on big integers.
+
+## Random number generator (RNG) examples
+
+* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data.
+ Note: most applications should only use the entropy generator to seed a cryptographic pseudorandom generator, as illustrated by `random/gen_random_ctr_drbg.c`.
+
+* [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): shows how to use the default entropy sources to seed a pseudorandom generator, and how to use the resulting random generator to generate random data.
+
+* [`random/gen_random_havege.c`](random/gen_random_havege.c): demonstrates the HAVEGE entropy collector.
+
+## SSL/TLS examples
+
+### SSL/TLS sample applications
+
+* [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response.
+
+* [`ssl/dtls_server.c`](ssl/dtls_server.c): a simple DTLS server program, which expects one datagram from the client and writes one datagram in response. This program supports DTLS cookies for hello verification.
+
+* [`ssl/mini_client.c`](ssl/mini_client.c): a minimalistic SSL client, which sends a short string and disconnects. This is primarily intended as a benchmark; for a better example of a typical TLS client, see `ssl/ssl_client1.c`.
+
+* [`ssl/ssl_client1.c`](ssl/ssl_client1.c): a simple HTTPS client that sends a fixed request and displays the response.
+
+* [`ssl/ssl_fork_server.c`](ssl/ssl_fork_server.c): a simple HTTPS server using one process per client to send a fixed response. This program requires a Unix/POSIX environment implementing the `fork` system call.
+
+* [`ssl/ssl_mail_client.c`](ssl/ssl_mail_client.c): a simple SMTP-over-TLS or SMTP-STARTTLS client. This client sends an email with fixed content.
+
+* [`ssl/ssl_pthread_server.c`](ssl/ssl_pthread_server.c): a simple HTTPS server using one thread per client to send a fixed response. This program requires the pthread library.
+
+* [`ssl/ssl_server.c`](ssl/ssl_server.c): a simple HTTPS server that sends a fixed response. It serves a single client at a time.
+
+### SSL/TLS feature demonstrators
+
+Note: unlike most of the other programs under the `programs/` directory, these two programs are not intended as a basis for writing an application. They combine most of the features supported by the library, and most applications require only a few features. To write a new application, we recommended that you start with `ssl_client1.c` or `ssl_server.c`, and then look inside `ssl/ssl_client2.c` or `ssl/ssl_server2.c` to see how to use the specific features that your application needs.
+
+* [`ssl/ssl_client2.c`](ssl/ssl_client2.c): an HTTPS client that sends a fixed request and displays the response, with options to select TLS protocol features and Mbed TLS library features.
+
+* [`ssl/ssl_server2.c`](ssl/ssl_server2.c): an HTTPS server that sends a fixed response, with options to select TLS protocol features and Mbed TLS library features.
+
+In addition to providing options for testing client-side features, the `ssl_client2` program has options that allow you to trigger certain behaviors in the server. For example, there are options to select ciphersuites, or to force a renegotiation. These options are useful for testing the corresponding features in a TLS server. Likewise, `ssl_server2` has options to activate certain behaviors that are useful for testing a TLS client.
+
+## Test utilities
+
+* [`test/benchmark.c`](test/benchmark.c): benchmark for cryptographic algorithms.
+
+* [`test/selftest.c`](test/selftest.c): runs the self-test function in each library module.
+
+* [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS.
+
+* [`test/zeroize.c`](test/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`tests/scripts/test_zeroize.gdb`](tests/scripts/test_zeroize.gdb).
+
+## Development utilities
+
+* [`util/pem2der.c`](util/pem2der.c): a PEM to DER converter. Mbed TLS can read PEM files directly, but this utility can be useful for interacting with other tools or with minimal Mbed TLS builds that lack PEM support.
+
+* [`util/strerror.c`](util/strerror.c): prints the error description corresponding to an integer status returned by an Mbed TLS function.
+
+## X.509 certificate examples
+
+* [`x509/cert_app.c`](x509/cert_app.c): connects to a TLS server and verifies its certificate chain.
+
+* [`x509/cert_req.c`](x509/cert_req.c): generates a certificate signing request (CSR) for a private key.
+
+* [`x509/cert_write.c`](x509/cert_write.c): signs a certificate signing request, or self-signs a certificate.
+
+* [`x509/crl_app.c`](x509/crl_app.c): loads and dumps a certificate revocation list (CRL).
+
+* [`x509/req_app.c`](x509/req_app.c): loads and dumps a certificate signing request (CSR).
+
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index 69c4060..8242ea7 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -37,12 +37,14 @@
#include <stdlib.h>
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
#include "mbedtls/aes.h"
#include "mbedtls/md.h"
+#include "mbedtls/platform_util.h"
#include <stdio.h>
#include <stdlib.h>
@@ -77,6 +79,8 @@
return( 0 );
}
#else
+
+
int main( int argc, char *argv[] )
{
int ret = 0;
@@ -450,13 +454,13 @@
the case when the user has missed or reordered some,
in which case the key might not be in argv[4]. */
for( i = 0; i < (unsigned int) argc; i++ )
- memset( argv[i], 0, strlen( argv[i] ) );
+ mbedtls_platform_zeroize( argv[i], strlen( argv[i] ) );
- memset( IV, 0, sizeof( IV ) );
- memset( key, 0, sizeof( key ) );
- memset( tmp, 0, sizeof( tmp ) );
- memset( buffer, 0, sizeof( buffer ) );
- memset( digest, 0, sizeof( digest ) );
+ mbedtls_platform_zeroize( IV, sizeof( IV ) );
+ mbedtls_platform_zeroize( key, sizeof( key ) );
+ mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+ mbedtls_platform_zeroize( buffer, sizeof( buffer ) );
+ mbedtls_platform_zeroize( digest, sizeof( digest ) );
mbedtls_aes_free( &aes_ctx );
mbedtls_md_free( &sha_ctx );
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index bc95eb9..a5acf5b 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -38,6 +38,7 @@
#include <stdlib.h>
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -46,6 +47,7 @@
defined(MBEDTLS_FS_IO)
#include "mbedtls/cipher.h"
#include "mbedtls/md.h"
+#include "mbedtls/platform_util.h"
#include <stdio.h>
#include <stdlib.h>
@@ -79,6 +81,8 @@
return( 0 );
}
#else
+
+
int main( int argc, char *argv[] )
{
int ret = 1, i, n;
@@ -547,13 +551,13 @@
the case when the user has missed or reordered some,
in which case the key might not be in argv[6]. */
for( i = 0; i < argc; i++ )
- memset( argv[i], 0, strlen( argv[i] ) );
+ mbedtls_platform_zeroize( argv[i], strlen( argv[i] ) );
- memset( IV, 0, sizeof( IV ) );
- memset( key, 0, sizeof( key ) );
- memset( buffer, 0, sizeof( buffer ) );
- memset( output, 0, sizeof( output ) );
- memset( digest, 0, sizeof( digest ) );
+ mbedtls_platform_zeroize( IV, sizeof( IV ) );
+ mbedtls_platform_zeroize( key, sizeof( key ) );
+ mbedtls_platform_zeroize( buffer, sizeof( buffer ) );
+ mbedtls_platform_zeroize( output, sizeof( output ) );
+ mbedtls_platform_zeroize( digest, sizeof( digest ) );
mbedtls_cipher_free( &cipher_ctx );
mbedtls_md_free( &md_ctx );
diff --git a/programs/fuzz/.gitignore b/programs/fuzz/.gitignore
new file mode 100644
index 0000000..6fcc004
--- /dev/null
+++ b/programs/fuzz/.gitignore
@@ -0,0 +1,10 @@
+*.o
+fuzz_client
+fuzz_dtlsclient
+fuzz_dtlsserver
+fuzz_privkey
+fuzz_pubkey
+fuzz_server
+fuzz_x509crl
+fuzz_x509crt
+fuzz_x509csr
diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt
new file mode 100644
index 0000000..17ec3f6
--- /dev/null
+++ b/programs/fuzz/CMakeLists.txt
@@ -0,0 +1,80 @@
+set(libs
+ mbedtls
+)
+
+if(USE_PKCS11_HELPER_LIBRARY)
+ set(libs ${libs} pkcs11-helper)
+endif(USE_PKCS11_HELPER_LIBRARY)
+
+if(ENABLE_ZLIB_SUPPORT)
+ set(libs ${libs} ${ZLIB_LIBRARIES})
+endif(ENABLE_ZLIB_SUPPORT)
+
+find_library(FUZZINGENGINE_LIB FuzzingEngine)
+
+if(NOT FUZZINGENGINE_LIB)
+ add_executable(fuzz_x509csr fuzz_x509csr.c onefile.c)
+ target_link_libraries(fuzz_x509csr ${libs})
+
+ add_executable(fuzz_x509crl fuzz_x509crl.c onefile.c)
+ target_link_libraries(fuzz_x509crl ${libs})
+
+ add_executable(fuzz_x509crt fuzz_x509crt.c onefile.c)
+ target_link_libraries(fuzz_x509crt ${libs})
+
+ add_executable(fuzz_privkey fuzz_privkey.c onefile.c)
+ target_link_libraries(fuzz_privkey ${libs})
+
+ add_executable(fuzz_pubkey fuzz_pubkey.c onefile.c)
+ target_link_libraries(fuzz_pubkey ${libs})
+
+ add_executable(fuzz_client fuzz_client.c common.c onefile.c)
+ target_link_libraries(fuzz_client ${libs})
+
+ add_executable(fuzz_server fuzz_server.c common.c onefile.c)
+ target_link_libraries(fuzz_server ${libs})
+
+ add_executable(fuzz_dtlsclient fuzz_dtlsclient.c common.c onefile.c)
+ target_link_libraries(fuzz_dtlsclient ${libs})
+
+ add_executable(fuzz_dtlsserver fuzz_dtlsserver.c common.c onefile.c)
+ target_link_libraries(fuzz_dtlsserver ${libs})
+else()
+ project(fuzz CXX)
+
+ add_executable(fuzz_x509csr fuzz_x509csr.c)
+ target_link_libraries(fuzz_x509csr ${libs} FuzzingEngine)
+ SET_TARGET_PROPERTIES(fuzz_x509csr PROPERTIES LINKER_LANGUAGE CXX)
+
+ add_executable(fuzz_x509crl fuzz_x509crl.c)
+ target_link_libraries(fuzz_x509crl ${libs} FuzzingEngine)
+ SET_TARGET_PROPERTIES(fuzz_x509crl PROPERTIES LINKER_LANGUAGE CXX)
+
+ add_executable(fuzz_x509crt fuzz_x509crt.c)
+ target_link_libraries(fuzz_x509crt ${libs} FuzzingEngine)
+ SET_TARGET_PROPERTIES(fuzz_x509crt PROPERTIES LINKER_LANGUAGE CXX)
+
+ add_executable(fuzz_privkey fuzz_privkey.c)
+ target_link_libraries(fuzz_privkey ${libs} FuzzingEngine)
+ SET_TARGET_PROPERTIES(fuzz_privkey PROPERTIES LINKER_LANGUAGE CXX)
+
+ add_executable(fuzz_pubkey fuzz_pubkey.c)
+ target_link_libraries(fuzz_pubkey ${libs} FuzzingEngine)
+ SET_TARGET_PROPERTIES(fuzz_pubkey PROPERTIES LINKER_LANGUAGE CXX)
+
+ add_executable(fuzz_client fuzz_client.c common.c)
+ target_link_libraries(fuzz_client ${libs} FuzzingEngine)
+ SET_TARGET_PROPERTIES(fuzz_client PROPERTIES LINKER_LANGUAGE CXX)
+
+ add_executable(fuzz_server fuzz_server.c common.c)
+ target_link_libraries(fuzz_server ${libs} FuzzingEngine)
+ SET_TARGET_PROPERTIES(fuzz_server PROPERTIES LINKER_LANGUAGE CXX)
+
+ add_executable(fuzz_dtlsclient fuzz_dtlsclient.c common.c)
+ target_link_libraries(fuzz_dtlsclient ${libs} FuzzingEngine)
+ SET_TARGET_PROPERTIES(fuzz_dtlsclient PROPERTIES LINKER_LANGUAGE CXX)
+
+ add_executable(fuzz_dtlsserver fuzz_dtlsserver.c common.c)
+ target_link_libraries(fuzz_dtlsserver ${libs} FuzzingEngine)
+ SET_TARGET_PROPERTIES(fuzz_dtlsserver PROPERTIES LINKER_LANGUAGE CXX)
+endif()
diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile
new file mode 100644
index 0000000..f2195d1
--- /dev/null
+++ b/programs/fuzz/Makefile
@@ -0,0 +1,72 @@
+
+LOCAL_CFLAGS = -I../../include -D_FILE_OFFSET_BITS=64
+LOCAL_LDFLAGS = -L../../library \
+ -lmbedtls$(SHARED_SUFFIX) \
+ -lmbedx509$(SHARED_SUFFIX) \
+ -lmbedcrypto$(SHARED_SUFFIX)
+
+LOCAL_LDFLAGS += -L../../crypto/library
+LOCAL_CFLAGS += -I../../crypto/include
+CRYPTO := ../../crypto/library/
+
+ifndef SHARED
+DEP=$(CRYPTO)libmbedcrypto.a ../../library/libmbedx509.a ../../library/libmbedtls.a
+else
+DEP=$(CRYPTO)libmbedcrypto.$(DLEXT) ../../library/libmbedx509.$(DLEXT) ../../library/libmbedtls.$(DLEXT)
+endif
+
+
+DLEXT ?= so
+EXEXT=
+SHARED_SUFFIX=
+# python2 for POSIX since FreeBSD has only python2 as default.
+PYTHON ?= python2
+
+# Zlib shared library extensions:
+ifdef ZLIB
+LOCAL_LDFLAGS += -lz
+endif
+
+ifdef FUZZINGENGINE
+LOCAL_LDFLAGS += -lFuzzingEngine
+endif
+
+# A test application is built for each suites/test_suite_*.data file.
+# Application name is same as .data file's base name and can be
+# constructed by stripping path 'suites/' and extension .data.
+APPS = $(basename $(wildcard fuzz_*.c))
+
+# Construct executable name by adding OS specific suffix $(EXEXT).
+BINARIES := $(addsuffix $(EXEXT),$(APPS))
+
+.SILENT:
+
+.PHONY: all check test clean
+
+all: $(BINARIES)
+
+$(DEP):
+ $(MAKE) -C ../../library
+
+C_FILES := $(addsuffix .c,$(APPS))
+
+%.o: %.c
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c $< -o $@
+
+
+ifdef FUZZINGENGINE
+$(BINARIES): %$(EXEXT): %.o common.o $(DEP)
+ echo " $(CC) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@"
+ $(CXX) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+else
+$(BINARIES): %$(EXEXT): %.o common.o onefile.o $(DEP)
+ echo " $(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@"
+ $(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+endif
+
+clean:
+ifndef WINDOWS
+ rm -rf $(BINARIES) *.o
+else
+ del /Q /F *.o *.exe
+endif
diff --git a/programs/fuzz/README.md b/programs/fuzz/README.md
new file mode 100644
index 0000000..8b24908
--- /dev/null
+++ b/programs/fuzz/README.md
@@ -0,0 +1,68 @@
+What is it?
+------
+
+This directory contains fuzz targets.
+Fuzz targets are simple codes using the library.
+They are used with a so-called fuzz driver, which will generate inputs, try to process them with the fuzz target, and alert in case of an unwanted behavior (such as a buffer overflow for instance).
+
+These targets were meant to be used with oss-fuzz but can be used in other contexts.
+
+This code was contributed by Philippe Antoine ( Catena cyber ).
+
+How to run?
+------
+
+To run the fuzz targets like oss-fuzz:
+```
+git clone https://github.com/google/oss-fuzz
+cd oss-fuzz
+python infra/helper.py build_image mbedtls
+python infra/helper.py build_fuzzers --sanitizer address mbedtls
+python infra/helper.py run_fuzzer mbedtls fuzz_client
+```
+You can use `undefined` sanitizer as well as `address` sanitizer.
+And you can run any of the fuzz targets like `fuzz_client`.
+
+To run the fuzz targets without oss-fuzz, you first need to install one libFuzzingEngine (libFuzzer for instance).
+Then you need to compile the code with the compiler flags of the wished sanitizer.
+```
+perl scripts/config.pl set MBEDTLS_PLATFORM_TIME_ALT
+mkdir build
+cd build
+cmake ..
+make
+```
+Finally, you can run the targets like `./test/fuzz/fuzz_client`.
+
+
+Corpus generation for network trafic targets
+------
+
+These targets use network trafic as inputs :
+* client : simulates a client against (fuzzed) server traffic
+* server : simulates a server against (fuzzed) client traffic
+* dtls_client
+* dtls_server
+
+They also use the last bytes as configuration options.
+
+To generate corpus for these targets, you can do the following, not fully automated steps :
+* Build mbedtls programs ssl_server2 and ssl_client2
+* Run them one against the other with `reproducible` option turned on while capturing trafic into test.pcap
+* Extract tcp payloads, for instance with tshark : `tshark -Tfields -e tcp.dstport -e tcp.payload -r test.pcap > test.txt`
+* Run a dummy python script to output either client or server corpus file like `python dummy.py test.txt > test.cor`
+* Finally, you can add the options by appending the last bytes to the file test.cor
+
+Here is an example of dummy.py for extracting payload from client to server (if we used `tcp.dstport` in tshark command)
+```
+import sys
+import binascii
+
+f = open(sys.argv[1])
+for l in f.readlines():
+ portAndPl=l.split()
+ if len(portAndPl) == 2:
+ # determine client or server based on port
+ if portAndPl[0] == "4433":
+ print(binascii.unhexlify(portAndPl[1].replace(":","")))
+```
diff --git a/programs/fuzz/common.c b/programs/fuzz/common.c
new file mode 100644
index 0000000..5e6c84c
--- /dev/null
+++ b/programs/fuzz/common.c
@@ -0,0 +1,91 @@
+#include "common.h"
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "mbedtls/ctr_drbg.h"
+
+mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
+{
+ (void) time;
+ return 0x5af2a056;
+}
+
+void dummy_init()
+{
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+ mbedtls_platform_set_time( dummy_constant_time );
+#else
+ fprintf(stderr, "Warning: fuzzing without constant time\n");
+#endif
+}
+
+int dummy_send( void *ctx, const unsigned char *buf, size_t len )
+{
+ //silence warning about unused parameter
+ (void) ctx;
+ (void) buf;
+
+ //pretends we wrote everything ok
+ if( len > INT_MAX ) {
+ return( -1 );
+ }
+ return( (int) len );
+}
+
+int fuzz_recv( void *ctx, unsigned char *buf, size_t len )
+{
+ //reads from the buffer from fuzzer
+ fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx;
+
+ if(biomemfuzz->Offset == biomemfuzz->Size) {
+ //EOF
+ return( 0 );
+ }
+ if( len > INT_MAX ) {
+ return( -1 );
+ }
+ if( len + biomemfuzz->Offset > biomemfuzz->Size ) {
+ //do not overflow
+ len = biomemfuzz->Size - biomemfuzz->Offset;
+ }
+ memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
+ biomemfuzz->Offset += len;
+ return( (int) len );
+}
+
+int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
+{
+ int ret;
+ size_t i;
+
+ //use mbedtls_ctr_drbg_random to find bugs in it
+ ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
+ for (i=0; i<output_len; i++) {
+ //replace result with pseudo random
+ output[i] = (unsigned char) rand();
+ }
+ return( ret );
+}
+
+int dummy_entropy( void *data, unsigned char *output, size_t len )
+{
+ size_t i;
+ (void) data;
+
+ //use mbedtls_entropy_func to find bugs in it
+ //test performance impact of entropy
+ //ret = mbedtls_entropy_func(data, output, len);
+ for (i=0; i<len; i++) {
+ //replace result with pseudo random
+ output[i] = (unsigned char) rand();
+ }
+ return( 0 );
+}
+
+int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len,
+ uint32_t timeout )
+{
+ (void) timeout;
+
+ return fuzz_recv(ctx, buf, len);
+}
diff --git a/programs/fuzz/common.h b/programs/fuzz/common.h
new file mode 100644
index 0000000..5586c06
--- /dev/null
+++ b/programs/fuzz/common.h
@@ -0,0 +1,19 @@
+#include "mbedtls/platform_time.h"
+#include <stdint.h>
+
+typedef struct fuzzBufferOffset
+{
+ const uint8_t *Data;
+ size_t Size;
+ size_t Offset;
+} fuzzBufferOffset_t;
+
+mbedtls_time_t dummy_constant_time( mbedtls_time_t* time );
+void dummy_init();
+
+int dummy_send( void *ctx, const unsigned char *buf, size_t len );
+int fuzz_recv( void *ctx, unsigned char *buf, size_t len );
+int dummy_random( void *p_rng, unsigned char *output, size_t output_len );
+int dummy_entropy( void *data, unsigned char *output, size_t len );
+int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len,
+ uint32_t timeout );
diff --git a/programs/fuzz/corpuses/client b/programs/fuzz/corpuses/client
new file mode 100644
index 0000000..48d0a67
--- /dev/null
+++ b/programs/fuzz/corpuses/client
Binary files differ
diff --git a/programs/fuzz/corpuses/dtlsclient b/programs/fuzz/corpuses/dtlsclient
new file mode 100644
index 0000000..87c3ca3
--- /dev/null
+++ b/programs/fuzz/corpuses/dtlsclient
Binary files differ
diff --git a/programs/fuzz/corpuses/dtlsserver b/programs/fuzz/corpuses/dtlsserver
new file mode 100644
index 0000000..7a7a117
--- /dev/null
+++ b/programs/fuzz/corpuses/dtlsserver
Binary files differ
diff --git a/programs/fuzz/corpuses/server b/programs/fuzz/corpuses/server
new file mode 100644
index 0000000..fbeb019
--- /dev/null
+++ b/programs/fuzz/corpuses/server
Binary files differ
diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
new file mode 100644
index 0000000..ca7a8ab
--- /dev/null
+++ b/programs/fuzz/fuzz_client.c
@@ -0,0 +1,173 @@
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "common.h"
+#include <string.h>
+#include <stdlib.h>
+#include <stdint.h>
+
+
+#ifdef MBEDTLS_SSL_CLI_C
+static int initialized = 0;
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+static mbedtls_x509_crt cacert;
+#endif
+const char *alpn_list[3];
+
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+const unsigned char psk[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+const char psk_id[] = "Client_identity";
+#endif
+
+const char *pers = "fuzz_client";
+#endif //MBEDTLS_SSL_CLI_C
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#ifdef MBEDTLS_SSL_CLI_C
+ int ret;
+ size_t len;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+ unsigned char buf[4096];
+ fuzzBufferOffset_t biomemfuzz;
+ uint16_t options;
+
+ if (initialized == 0) {
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_x509_crt_init( &cacert );
+ if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len ) != 0)
+ return 1;
+#endif
+
+ alpn_list[0] = "HTTP";
+ alpn_list[1] = "fuzzalpn";
+ alpn_list[2] = NULL;
+
+ dummy_init();
+
+ initialized = 1;
+ }
+
+ //we take 1 byte as options input
+ if (Size < 2) {
+ return 0;
+ }
+ options = (Data[Size - 2] << 8) | Data[Size - 1];
+ //Avoid warnings if compile options imply no options
+ (void) options;
+
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init( &entropy );
+
+ if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen( pers ) ) != 0 )
+ goto exit;
+
+ if( mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
+ goto exit;
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ if (options & 2) {
+ mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
+ (const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
+ }
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ if (options & 4) {
+ mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+ mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
+ } else
+#endif
+ {
+ mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
+ }
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+ mbedtls_ssl_conf_truncated_hmac( &conf, (options & 8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED);
+#endif
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
+#endif
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED);
+#endif
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+ mbedtls_ssl_conf_cbc_record_splitting( &conf, (options & 0x40) ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED );
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_conf_session_tickets( &conf, (options & 0x100) ? MBEDTLS_SSL_SESSION_TICKETS_DISABLED : MBEDTLS_SSL_SESSION_TICKETS_ENABLED );
+#endif
+#if defined(MBEDTLS_SSL_ALPN)
+ if (options & 0x200) {
+ mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list );
+ }
+#endif
+ //There may be other options to add :
+ // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes
+
+ srand(1);
+ mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
+
+ if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
+ goto exit;
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ if ((options & 1) == 0) {
+ if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 )
+ goto exit;
+ }
+#endif
+
+ biomemfuzz.Data = Data;
+ biomemfuzz.Size = Size-2;
+ biomemfuzz.Offset = 0;
+ mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL );
+
+ ret = mbedtls_ssl_handshake( &ssl );
+ if( ret == 0 )
+ {
+ //keep reading data from server until the end
+ do
+ {
+ len = sizeof( buf ) - 1;
+ ret = mbedtls_ssl_read( &ssl, buf, len );
+
+ if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+ continue;
+ else if( ret <= 0 )
+ //EOF or error
+ break;
+ }
+ while( 1 );
+ }
+
+exit:
+ mbedtls_entropy_free( &entropy );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_ssl_config_free( &conf );
+ mbedtls_ssl_free( &ssl );
+
+#else
+ (void) Data;
+ (void) Size;
+#endif //MBEDTLS_SSL_CLI_C
+
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_client.options b/programs/fuzz/fuzz_client.options
new file mode 100644
index 0000000..4d7340f
--- /dev/null
+++ b/programs/fuzz/fuzz_client.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 1048575
diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c
new file mode 100644
index 0000000..8197a64
--- /dev/null
+++ b/programs/fuzz/fuzz_dtlsclient.c
@@ -0,0 +1,116 @@
+#include <string.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include "common.h"
+#include "mbedtls/ssl.h"
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/timing.h"
+
+
+#ifdef MBEDTLS_SSL_CLI_C
+static int initialized = 0;
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+static mbedtls_x509_crt cacert;
+#endif
+
+const char *pers = "fuzz_dtlsclient";
+#endif // MBEDTLS_SSL_CLI_C
+#endif // MBEDTLS_SSL_PROTO_DTLS
+
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_CLI_C)
+ int ret;
+ size_t len;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+ mbedtls_timing_delay_context timer;
+ unsigned char buf[4096];
+ fuzzBufferOffset_t biomemfuzz;
+
+ if (initialized == 0) {
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_x509_crt_init( &cacert );
+ if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len ) != 0)
+ return 1;
+#endif
+ dummy_init();
+
+ initialized = 1;
+ }
+
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init( &entropy );
+
+ srand(1);
+ if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen( pers ) ) != 0 )
+ goto exit;
+
+ if( mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
+ goto exit;
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+#endif
+ mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
+ mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
+
+ if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
+ goto exit;
+
+ mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 )
+ goto exit;
+#endif
+
+ biomemfuzz.Data = Data;
+ biomemfuzz.Size = Size;
+ biomemfuzz.Offset = 0;
+ mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
+
+ ret = mbedtls_ssl_handshake( &ssl );
+ if( ret == 0 )
+ {
+ //keep reading data from server until the end
+ do
+ {
+ len = sizeof( buf ) - 1;
+ ret = mbedtls_ssl_read( &ssl, buf, len );
+
+ if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+ continue;
+ else if( ret <= 0 )
+ //EOF or error
+ break;
+ }
+ while( 1 );
+ }
+
+exit:
+ mbedtls_entropy_free( &entropy );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_ssl_config_free( &conf );
+ mbedtls_ssl_free( &ssl );
+
+#else
+ (void) Data;
+ (void) Size;
+#endif
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_dtlsclient.options b/programs/fuzz/fuzz_dtlsclient.options
new file mode 100644
index 0000000..4d7340f
--- /dev/null
+++ b/programs/fuzz/fuzz_dtlsclient.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 1048575
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
new file mode 100644
index 0000000..9e9fe8e
--- /dev/null
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -0,0 +1,141 @@
+#include <string.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include "common.h"
+#include "mbedtls/ssl.h"
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/timing.h"
+#include "mbedtls/ssl_cookie.h"
+
+
+#ifdef MBEDTLS_SSL_SRV_C
+const char *pers = "fuzz_dtlsserver";
+const unsigned char client_ip[4] = {0x7F, 0, 0, 1};
+static int initialized = 0;
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+static mbedtls_x509_crt srvcert;
+static mbedtls_pk_context pkey;
+#endif
+#endif // MBEDTLS_SSL_SRV_C
+#endif // MBEDTLS_SSL_PROTO_DTLS
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
+ int ret;
+ size_t len;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+ mbedtls_timing_delay_context timer;
+ mbedtls_ssl_cookie_ctx cookie_ctx;
+ unsigned char buf[4096];
+ fuzzBufferOffset_t biomemfuzz;
+
+ if (initialized == 0) {
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_x509_crt_init( &srvcert );
+ mbedtls_pk_init( &pkey );
+ if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len ) != 0)
+ return 1;
+ if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len ) != 0)
+ return 1;
+ if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0 ) != 0)
+ return 1;
+#endif
+ dummy_init();
+
+ initialized = 1;
+ }
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init( &entropy );
+ mbedtls_ssl_cookie_init( &cookie_ctx );
+
+ if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen( pers ) ) != 0 )
+ goto exit;
+
+
+ if( mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
+ goto exit;
+
+
+ srand(1);
+ mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
+ if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 )
+ goto exit;
+#endif
+
+ if( mbedtls_ssl_cookie_setup( &cookie_ctx, dummy_random, &ctr_drbg ) != 0 )
+ goto exit;
+
+ mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &cookie_ctx );
+
+ if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
+ goto exit;
+
+ mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay );
+
+ biomemfuzz.Data = Data;
+ biomemfuzz.Size = Size;
+ biomemfuzz.Offset = 0;
+ mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
+ if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 )
+ goto exit;
+
+ ret = mbedtls_ssl_handshake( &ssl );
+
+ if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
+ biomemfuzz.Offset = ssl.next_record_offset;
+ mbedtls_ssl_session_reset( &ssl );
+ mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
+ if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 )
+ goto exit;
+
+ ret = mbedtls_ssl_handshake( &ssl );
+
+ if( ret == 0 )
+ {
+ //keep reading data from server until the end
+ do
+ {
+ len = sizeof( buf ) - 1;
+ ret = mbedtls_ssl_read( &ssl, buf, len );
+ if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+ continue;
+ else if( ret <= 0 )
+ //EOF or error
+ break;
+ }
+ while( 1 );
+ }
+ }
+
+exit:
+ mbedtls_ssl_cookie_free( &cookie_ctx );
+ mbedtls_entropy_free( &entropy );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_ssl_config_free( &conf );
+ mbedtls_ssl_free( &ssl );
+
+#else
+ (void) Data;
+ (void) Size;
+#endif
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_dtlsserver.options b/programs/fuzz/fuzz_dtlsserver.options
new file mode 100644
index 0000000..4d7340f
--- /dev/null
+++ b/programs/fuzz/fuzz_dtlsserver.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 1048575
diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c
new file mode 100644
index 0000000..533a647
--- /dev/null
+++ b/programs/fuzz/fuzz_privkey.c
@@ -0,0 +1,64 @@
+#include <stdint.h>
+#include "mbedtls/pk.h"
+
+//4 Kb should be enough for every bug ;-)
+#define MAX_LEN 0x1000
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#ifdef MBEDTLS_PK_PARSE_C
+ int ret;
+ mbedtls_pk_context pk;
+
+ if (Size > MAX_LEN) {
+ //only work on small inputs
+ Size = MAX_LEN;
+ }
+
+ mbedtls_pk_init( &pk );
+ ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0 );
+ if (ret == 0) {
+#if defined(MBEDTLS_RSA_C)
+ if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
+ {
+ mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+ mbedtls_rsa_context *rsa;
+
+ mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
+ mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
+ mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
+
+ rsa = mbedtls_pk_rsa( pk );
+ mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E );
+ mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP );
+
+ mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
+ mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
+ mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
+ }
+ else
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
+ {
+ mbedtls_ecp_keypair *ecp;
+
+ ecp = mbedtls_pk_ec( pk );
+ if (ecp) {
+ ret = 0;
+ }
+ }
+ else
+#endif
+ {
+ ret = 0;
+ }
+ }
+ mbedtls_pk_free( &pk );
+#else
+ (void) Data;
+ (void) Size;
+#endif //MBEDTLS_PK_PARSE_C
+
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_privkey.options b/programs/fuzz/fuzz_privkey.options
new file mode 100644
index 0000000..0824b19
--- /dev/null
+++ b/programs/fuzz/fuzz_privkey.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c
new file mode 100644
index 0000000..df42f7d
--- /dev/null
+++ b/programs/fuzz/fuzz_pubkey.c
@@ -0,0 +1,57 @@
+#include <stdint.h>
+#include "mbedtls/pk.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#ifdef MBEDTLS_PK_PARSE_C
+ int ret;
+ mbedtls_pk_context pk;
+
+ mbedtls_pk_init( &pk );
+ ret = mbedtls_pk_parse_public_key( &pk, Data, Size );
+ if (ret == 0) {
+#if defined(MBEDTLS_RSA_C)
+ if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
+ {
+ mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+ mbedtls_rsa_context *rsa;
+
+ mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
+ mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
+ mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
+
+ rsa = mbedtls_pk_rsa( pk );
+ ret = mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E );
+ ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP );
+
+ mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
+ mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
+ mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
+
+ }
+ else
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
+ {
+ mbedtls_ecp_keypair *ecp;
+
+ ecp = mbedtls_pk_ec( pk );
+ //dummy use of value
+ if (ecp) {
+ ret = 0;
+ }
+ }
+ else
+#endif
+ {
+ ret = 0;
+ }
+ }
+ mbedtls_pk_free( &pk );
+#else
+ (void) Data;
+ (void) Size;
+#endif //MBEDTLS_PK_PARSE_C
+
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_pubkey.options b/programs/fuzz/fuzz_pubkey.options
new file mode 100644
index 0000000..0824b19
--- /dev/null
+++ b/programs/fuzz/fuzz_pubkey.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
new file mode 100644
index 0000000..7cb5922
--- /dev/null
+++ b/programs/fuzz/fuzz_server.c
@@ -0,0 +1,185 @@
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/ssl_ticket.h"
+#include "common.h"
+#include <string.h>
+#include <stdlib.h>
+#include <stdint.h>
+
+
+#ifdef MBEDTLS_SSL_SRV_C
+const char *pers = "fuzz_server";
+static int initialized = 0;
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+static mbedtls_x509_crt srvcert;
+static mbedtls_pk_context pkey;
+#endif
+const char *alpn_list[3];
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+const unsigned char psk[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+const char psk_id[] = "Client_identity";
+#endif
+#endif // MBEDTLS_SSL_SRV_C
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#ifdef MBEDTLS_SSL_SRV_C
+ int ret;
+ size_t len;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_ticket_context ticket_ctx;
+#endif
+ unsigned char buf[4096];
+ fuzzBufferOffset_t biomemfuzz;
+ uint8_t options;
+
+ //we take 1 byte as options input
+ if (Size < 1) {
+ return 0;
+ }
+ options = Data[Size - 1];
+
+ if (initialized == 0) {
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_x509_crt_init( &srvcert );
+ mbedtls_pk_init( &pkey );
+ if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len ) != 0)
+ return 1;
+ if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len ) != 0)
+ return 1;
+ if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0 ) != 0)
+ return 1;
+#endif
+
+ alpn_list[0] = "HTTP";
+ alpn_list[1] = "fuzzalpn";
+ alpn_list[2] = NULL;
+
+ dummy_init();
+
+ initialized = 1;
+ }
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init( &entropy );
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_ticket_init( &ticket_ctx );
+#endif
+
+ if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen( pers ) ) != 0 )
+ goto exit;
+
+
+ if( mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
+ goto exit;
+
+ srand(1);
+ mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
+ if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 )
+ goto exit;
+#endif
+
+ mbedtls_ssl_conf_cert_req_ca_list( &conf, (options & 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED );
+#if defined(MBEDTLS_SSL_ALPN)
+ if (options & 0x2) {
+ mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list );
+ }
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ if( options & 0x4 )
+ {
+ if( mbedtls_ssl_ticket_setup( &ticket_ctx,
+ dummy_random, &ctr_drbg,
+ MBEDTLS_CIPHER_AES_256_GCM,
+ 86400 ) != 0 )
+ goto exit;
+
+ mbedtls_ssl_conf_session_tickets_cb( &conf,
+ mbedtls_ssl_ticket_write,
+ mbedtls_ssl_ticket_parse,
+ &ticket_ctx );
+ }
+#endif
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+ mbedtls_ssl_conf_truncated_hmac( &conf, (options & 0x8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED);
+#endif
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
+#endif
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED);
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ if (options & 0x40) {
+ mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
+ (const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
+ }
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED );
+#endif
+
+ if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
+ goto exit;
+
+ biomemfuzz.Data = Data;
+ biomemfuzz.Size = Size-1;
+ biomemfuzz.Offset = 0;
+ mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL );
+
+ mbedtls_ssl_session_reset( &ssl );
+ ret = mbedtls_ssl_handshake( &ssl );
+ if( ret == 0 )
+ {
+ //keep reading data from server until the end
+ do
+ {
+ len = sizeof( buf ) - 1;
+ ret = mbedtls_ssl_read( &ssl, buf, len );
+
+ if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+ continue;
+ else if( ret <= 0 )
+ //EOF or error
+ break;
+ }
+ while( 1 );
+ }
+
+exit:
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_ticket_free( &ticket_ctx );
+#endif
+ mbedtls_entropy_free( &entropy );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_ssl_config_free( &conf );
+ mbedtls_ssl_free( &ssl );
+
+#else
+ (void) Data;
+ (void) Size;
+#endif //MBEDTLS_SSL_SRV_C
+
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_server.options b/programs/fuzz/fuzz_server.options
new file mode 100644
index 0000000..4d7340f
--- /dev/null
+++ b/programs/fuzz/fuzz_server.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 1048575
diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c
new file mode 100644
index 0000000..02f521c
--- /dev/null
+++ b/programs/fuzz/fuzz_x509crl.c
@@ -0,0 +1,22 @@
+#include <stdint.h>
+#include "mbedtls/x509_crl.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#ifdef MBEDTLS_X509_CRL_PARSE_C
+ int ret;
+ mbedtls_x509_crl crl;
+ unsigned char buf[4096];
+
+ mbedtls_x509_crl_init( &crl );
+ ret = mbedtls_x509_crl_parse( &crl, Data, Size );
+ if (ret == 0) {
+ ret = mbedtls_x509_crl_info( (char *) buf, sizeof( buf ) - 1, " ", &crl );
+ }
+ mbedtls_x509_crl_free( &crl );
+#else
+ (void) Data;
+ (void) Size;
+#endif
+
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_x509crl.options b/programs/fuzz/fuzz_x509crl.options
new file mode 100644
index 0000000..0824b19
--- /dev/null
+++ b/programs/fuzz/fuzz_x509crl.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c
new file mode 100644
index 0000000..8f593a1
--- /dev/null
+++ b/programs/fuzz/fuzz_x509crt.c
@@ -0,0 +1,22 @@
+#include <stdint.h>
+#include "mbedtls/x509_crt.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#ifdef MBEDTLS_X509_CRT_PARSE_C
+ int ret;
+ mbedtls_x509_crt crt;
+ unsigned char buf[4096];
+
+ mbedtls_x509_crt_init( &crt );
+ ret = mbedtls_x509_crt_parse( &crt, Data, Size );
+ if (ret == 0) {
+ ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ", &crt );
+ }
+ mbedtls_x509_crt_free( &crt );
+#else
+ (void) Data;
+ (void) Size;
+#endif
+
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_x509crt.options b/programs/fuzz/fuzz_x509crt.options
new file mode 100644
index 0000000..0824b19
--- /dev/null
+++ b/programs/fuzz/fuzz_x509crt.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c
new file mode 100644
index 0000000..3cf28a6
--- /dev/null
+++ b/programs/fuzz/fuzz_x509csr.c
@@ -0,0 +1,22 @@
+#include <stdint.h>
+#include "mbedtls/x509_csr.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#ifdef MBEDTLS_X509_CSR_PARSE_C
+ int ret;
+ mbedtls_x509_csr csr;
+ unsigned char buf[4096];
+
+ mbedtls_x509_csr_init( &csr );
+ ret = mbedtls_x509_csr_parse( &csr, Data, Size );
+ if (ret == 0) {
+ ret = mbedtls_x509_csr_info( (char *) buf, sizeof( buf ) - 1, " ", &csr );
+ }
+ mbedtls_x509_csr_free( &csr );
+#else
+ (void) Data;
+ (void) Size;
+#endif
+
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_x509csr.options b/programs/fuzz/fuzz_x509csr.options
new file mode 100644
index 0000000..0824b19
--- /dev/null
+++ b/programs/fuzz/fuzz_x509csr.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c
new file mode 100644
index 0000000..9e3986d
--- /dev/null
+++ b/programs/fuzz/onefile.c
@@ -0,0 +1,53 @@
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdio.h>
+// Get platform-specific definition
+#include "mbedtls/config.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
+
+int main(int argc, char** argv)
+{
+ FILE * fp;
+ uint8_t *Data;
+ size_t Size;
+
+ if (argc != 2) {
+ return 1;
+ }
+ //opens the file, get its size, and reads it into a buffer
+ fp = fopen(argv[1], "rb");
+ if (fp == NULL) {
+ return 2;
+ }
+ if (fseek(fp, 0L, SEEK_END) != 0) {
+ fclose(fp);
+ return 2;
+ }
+ Size = ftell(fp);
+ if (Size == (size_t) -1) {
+ fclose(fp);
+ return 2;
+ }
+ if (fseek(fp, 0L, SEEK_SET) != 0) {
+ fclose(fp);
+ return 2;
+ }
+ Data = malloc(Size);
+ if (Data == NULL) {
+ fclose(fp);
+ return 2;
+ }
+ if (fread(Data, Size, 1, fp) != 1) {
+ free(Data);
+ fclose(fp);
+ return 2;
+ }
+
+ //lauch fuzzer
+ LLVMFuzzerTestOneInput(Data, Size);
+ free(Data);
+ fclose(fp);
+ return 0;
+}
+
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index bbe8d92..709a149 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -32,6 +32,7 @@
#include <stdlib.h>
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -50,6 +51,8 @@
return( 0 );
}
#else
+
+
static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum )
{
int ret = mbedtls_md_file( md_info, filename, sum );
diff --git a/programs/hash/hello.c b/programs/hash/hello.c
index 2e8c224..55a0c7e 100644
--- a/programs/hash/hello.c
+++ b/programs/hash/hello.c
@@ -31,6 +31,7 @@
#include <stdlib.h>
#include <stdio.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
@@ -46,6 +47,8 @@
return( 0 );
}
#else
+
+
int main( void )
{
int i, ret;
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 3dadf48..86b260c 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -32,6 +32,7 @@
#include <stdlib.h>
#define mbedtls_printf printf
#define mbedtls_time_t time_t
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -70,6 +71,8 @@
return( 0 );
}
#else
+
+
int main( void )
{
FILE *f;
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index dbe9153..bf5482e 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -32,6 +32,7 @@
#include <stdlib.h>
#define mbedtls_printf printf
#define mbedtls_time_t time_t
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -68,6 +69,7 @@
*/
#define GENERATOR "4"
+
int main( int argc, char **argv )
{
int ret = 1;
@@ -156,7 +158,7 @@
goto exit;
}
- if( ( ret = mbedtls_mpi_is_prime( &Q, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+ if( ( ret = mbedtls_mpi_is_prime_ext( &Q, 50, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_is_prime returned %d\n\n", ret );
goto exit;
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index c4e2c39..c011774 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -32,6 +32,7 @@
#include <stdlib.h>
#define mbedtls_printf printf
#define mbedtls_time_t time_t
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -70,6 +71,8 @@
return( 0 );
}
#else
+
+
int main( void )
{
FILE *f;
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index 5db0408..9f849dd 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -31,16 +31,17 @@
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
-#if !defined(MBEDTLS_ECDH_C) || \
+#if !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDH_LEGACY_CONTEXT) || \
!defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
int main( void )
{
- mbedtls_printf( "MBEDTLS_ECDH_C and/or "
+ mbedtls_printf( "MBEDTLS_ECDH_C and/or MBEDTLS_ECDH_LEGACY_CONTEXT and/or "
"MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
"not defined\n" );
@@ -52,6 +53,7 @@
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/ecdh.h"
+
int main( int argc, char *argv[] )
{
int ret = 1;
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index c653df9..b851c31 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -31,6 +31,7 @@
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -99,6 +100,7 @@
#define dump_pubkey( a, b )
#endif
+
int main( int argc, char *argv[] )
{
int ret = 1;
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index f01bf5f..23e4e14 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -31,6 +31,7 @@
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -135,6 +136,8 @@
return( 0 );
}
#else
+
+
/*
* global options
*/
@@ -322,7 +325,8 @@
mbedtls_printf( "\n . Generating the private key ..." );
fflush( stdout );
- if( ( ret = mbedtls_pk_setup( &key, mbedtls_pk_info_from_type( opt.type ) ) ) != 0 )
+ if( ( ret = mbedtls_pk_setup( &key,
+ mbedtls_pk_info_from_type( (mbedtls_pk_type_t) opt.type ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_setup returned -0x%04x", -ret );
goto exit;
@@ -344,7 +348,8 @@
#if defined(MBEDTLS_ECP_C)
if( opt.type == MBEDTLS_PK_ECKEY )
{
- ret = mbedtls_ecp_gen_key( opt.ec_curve, mbedtls_pk_ec( key ),
+ ret = mbedtls_ecp_gen_key( (mbedtls_ecp_group_id) opt.ec_curve,
+ mbedtls_pk_ec( key ),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 027b95f..7939309 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -31,6 +31,7 @@
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -63,7 +64,6 @@
" password_file=%%s default: \"\"\n" \
"\n"
-
#if !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO)
int main( void )
@@ -73,6 +73,8 @@
return( 0 );
}
#else
+
+
/*
* global options
*/
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 13602c2..6096429 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -31,6 +31,7 @@
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -87,13 +88,17 @@
USAGE_OUT \
"\n"
-#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_FS_IO)
+#if !defined(MBEDTLS_PK_PARSE_C) || \
+ !defined(MBEDTLS_PK_WRITE_C) || \
+ !defined(MBEDTLS_FS_IO)
int main( void )
{
- mbedtls_printf( "MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
+ mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
return( 0 );
}
#else
+
+
/*
* global options
*/
@@ -173,7 +178,7 @@
return( ret );
len = ret;
- c = output_buf + sizeof(output_buf) - len - 1;
+ c = output_buf + sizeof(output_buf) - len;
}
if( ( f = fopen( output_file, "w" ) ) == NULL )
@@ -433,4 +438,4 @@
return( exit_code );
}
-#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
+#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
index 365bdc4..ecdcd32 100644
--- a/programs/pkey/mpi_demo.c
+++ b/programs/pkey/mpi_demo.c
@@ -31,6 +31,7 @@
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -48,6 +49,8 @@
return( 0 );
}
#else
+
+
int main( void )
{
int ret = 1;
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 00bd71e..bf42507 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -31,6 +31,7 @@
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -47,7 +48,6 @@
#include <string.h>
#endif
-
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_CTR_DRBG_C)
@@ -59,6 +59,8 @@
return( 0 );
}
#else
+
+
int main( int argc, char *argv[] )
{
FILE *f;
@@ -73,7 +75,10 @@
const char *pers = "mbedtls_pk_decrypt";
((void) argv);
+ mbedtls_pk_init( &pk );
+ mbedtls_entropy_init( &entropy );
mbedtls_ctr_drbg_init( &ctr_drbg );
+
memset(result, 0, sizeof( result ) );
if( argc != 2 )
@@ -90,20 +95,18 @@
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
- mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+ -ret );
goto exit;
}
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
- mbedtls_pk_init( &pk );
-
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", -ret );
@@ -116,14 +119,16 @@
if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
{
mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" );
+ ret = 1;
goto exit;
}
i = 0;
-
while( fscanf( f, "%02X", &c ) > 0 &&
i < (int) sizeof( buf ) )
+ {
buf[i++] = (unsigned char) c;
+ }
fclose( f );
@@ -136,7 +141,8 @@
if( ( ret = mbedtls_pk_decrypt( &pk, buf, i, result, &olen, sizeof(result),
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_pk_decrypt returned -0x%04x\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_pk_decrypt returned -0x%04x\n",
+ -ret );
goto exit;
}
@@ -147,13 +153,15 @@
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_ctr_drbg_free( &ctr_drbg );
+
+ mbedtls_pk_free( &pk );
mbedtls_entropy_free( &entropy );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
#if defined(MBEDTLS_ERROR_C)
if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
- mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
+ mbedtls_strerror( ret, (char *) buf, sizeof( buf ) );
mbedtls_printf( " ! Last error was: %s\n", buf );
}
#endif
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 400619c..a32b147 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -32,6 +32,7 @@
#include <stdlib.h>
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -59,6 +60,8 @@
return( 0 );
}
#else
+
+
int main( int argc, char *argv[] )
{
FILE *f;
@@ -73,6 +76,8 @@
const char *pers = "mbedtls_pk_encrypt";
mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init( &entropy );
+ mbedtls_pk_init( &pk );
if( argc != 3 )
{
@@ -88,20 +93,18 @@
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
- mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+ -ret );
goto exit;
}
mbedtls_printf( "\n . Reading public key from '%s'", argv[1] );
fflush( stdout );
- mbedtls_pk_init( &pk );
-
if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret );
@@ -126,7 +129,8 @@
buf, &olen, sizeof(buf),
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_pk_encrypt returned -0x%04x\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_pk_encrypt returned -0x%04x\n",
+ -ret );
goto exit;
}
@@ -135,13 +139,17 @@
*/
if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
{
- mbedtls_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" );
+ mbedtls_printf( " failed\n ! Could not create %s\n\n",
+ "result-enc.txt" );
+ ret = 1;
goto exit;
}
for( i = 0; i < olen; i++ )
+ {
mbedtls_fprintf( f, "%02X%s", buf[i],
( i + 1 ) % 16 == 0 ? "\r\n" : " " );
+ }
fclose( f );
@@ -150,13 +158,15 @@
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
- mbedtls_ctr_drbg_free( &ctr_drbg );
+
+ mbedtls_pk_free( &pk );
mbedtls_entropy_free( &entropy );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
#if defined(MBEDTLS_ERROR_C)
if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
- mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
+ mbedtls_strerror( ret, (char *) buf, sizeof( buf ) );
mbedtls_printf( " ! Last error was: %s\n", buf );
}
#endif
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 7ec4675..bdedca4 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -32,6 +32,7 @@
#include <stdlib.h>
#define mbedtls_snprintf snprintf
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -59,6 +60,17 @@
#include <stdio.h>
#include <string.h>
+
+/*
+ * For the currently used signature algorithms the buffer to store any signature
+ * must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
+ */
+#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
+#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
+#else
+#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
+#endif
+
int main( int argc, char *argv[] )
{
FILE *f;
@@ -68,7 +80,7 @@
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char hash[32];
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ unsigned char buf[SIGNATURE_MAX_SIZE];
char filename[512];
const char *pers = "mbedtls_pk_sign";
size_t olen = 0;
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index 3c7709f..a6bfe3f 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -32,6 +32,7 @@
#include <stdlib.h>
#define mbedtls_snprintf snprintf
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -55,6 +56,7 @@
#include <stdio.h>
#include <string.h>
+
int main( int argc, char *argv[] )
{
FILE *f;
@@ -99,7 +101,6 @@
goto exit;
}
-
i = fread( buf, 1, sizeof(buf), f );
fclose( f );
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index 0a252d2..ff71bd0 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -58,6 +58,8 @@
return( 0 );
}
#else
+
+
int main( int argc, char *argv[] )
{
FILE *f;
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 411657a..4a71c15 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -58,6 +58,8 @@
return( 0 );
}
#else
+
+
int main( int argc, char *argv[] )
{
FILE *f;
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index 3359e14..d556c19 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -31,6 +31,7 @@
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -62,6 +63,8 @@
return( 0 );
}
#else
+
+
int main( void )
{
int ret = 1;
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index b16fe5d..9bcd7a6 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -33,6 +33,7 @@
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
#define mbedtls_snprintf snprintf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -55,6 +56,7 @@
#include <stdio.h>
#include <string.h>
+
int main( int argc, char *argv[] )
{
FILE *f;
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index b0b0f7e..42209e2 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -32,6 +32,7 @@
#include <stdlib.h>
#define mbedtls_snprintf snprintf
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -54,12 +55,12 @@
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/md.h"
#include "mbedtls/rsa.h"
-#include "mbedtls/md.h"
#include "mbedtls/x509.h"
#include <stdio.h>
#include <string.h>
+
int main( int argc, char *argv[] )
{
FILE *f;
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 6f88345..94f0ef9 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -32,6 +32,7 @@
#include <stdlib.h>
#define mbedtls_printf printf
#define mbedtls_snprintf snprintf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -54,6 +55,7 @@
#include <stdio.h>
#include <string.h>
+
int main( int argc, char *argv[] )
{
FILE *f;
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 7c9c68f..148cd51 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -32,6 +32,7 @@
#include <stdlib.h>
#define mbedtls_snprintf snprintf
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -59,6 +60,7 @@
#include <stdio.h>
#include <string.h>
+
int main( int argc, char *argv[] )
{
FILE *f;
@@ -112,7 +114,6 @@
goto exit;
}
-
i = fread( buf, 1, MBEDTLS_MPI_MAX_SIZE, f );
fclose( f );
diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c
index a1eb386..6ae63b7 100644
--- a/programs/random/gen_entropy.c
+++ b/programs/random/gen_entropy.c
@@ -32,6 +32,7 @@
#include <stdlib.h>
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -49,6 +50,8 @@
return( 0 );
}
#else
+
+
int main( int argc, char *argv[] )
{
FILE *f;
diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
index 5ade946..59df34b 100644
--- a/programs/random/gen_random_ctr_drbg.c
+++ b/programs/random/gen_random_ctr_drbg.c
@@ -32,6 +32,7 @@
#include <stdlib.h>
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -52,6 +53,8 @@
return( 0 );
}
#else
+
+
int main( int argc, char *argv[] )
{
FILE *f;
diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c
index 3fb3f01..5ea52ae 100644
--- a/programs/random/gen_random_havege.c
+++ b/programs/random/gen_random_havege.c
@@ -32,6 +32,7 @@
#include <stdlib.h>
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -50,6 +51,8 @@
return( 0 );
}
#else
+
+
int main( int argc, char *argv[] )
{
FILE *f;
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index 1e65633..803920c 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -34,12 +34,14 @@
target_link_libraries(ssl_client1 ${libs})
add_executable(ssl_client2 ssl_client2.c)
+target_sources(ssl_client2 PUBLIC query_config.c)
target_link_libraries(ssl_client2 ${libs})
add_executable(ssl_server ssl_server.c)
target_link_libraries(ssl_server ${libs})
add_executable(ssl_server2 ssl_server2.c)
+target_sources(ssl_server2 PUBLIC query_config.c)
target_link_libraries(ssl_server2 ${libs})
add_executable(ssl_fork_server ssl_fork_server.c)
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index f271bad..3ea2a68 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -31,6 +31,9 @@
#include <stdio.h>
#define mbedtls_printf printf
#define mbedtls_fprintf fprintf
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
#if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
@@ -60,9 +63,18 @@
#include "mbedtls/certs.h"
#include "mbedtls/timing.h"
+/* Uncomment out the following line to default to IPv4 and disable IPv6 */
+//#define FORCE_IPV4
+
#define SERVER_PORT "4433"
#define SERVER_NAME "localhost"
-#define SERVER_ADDR "127.0.0.1" /* forces IPv4 */
+
+#ifdef FORCE_IPV4
+#define SERVER_ADDR "127.0.0.1" /* Forces IPv4 */
+#else
+#define SERVER_ADDR "::1"
+#endif
+
#define MESSAGE "Echo this"
#define READ_TIMEOUT_MS 1000
@@ -70,6 +82,7 @@
#define DEBUG_LEVEL 0
+
static void my_debug( void *ctx, int level,
const char *file, int line,
const char *str )
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 9d0dda4..bb32724 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -32,6 +32,18 @@
#define mbedtls_printf printf
#define mbedtls_fprintf fprintf
#define mbedtls_time_t time_t
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif
+
+/* Uncomment out the following line to default to IPv4 and disable IPv6 */
+//#define FORCE_IPV4
+
+#ifdef FORCE_IPV4
+#define BIND_IP "0.0.0.0" /* Forces IPv4 */
+#else
+#define BIND_IP "::"
#endif
#if !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
@@ -79,6 +91,7 @@
#define READ_TIMEOUT_MS 10000 /* 5 seconds */
#define DEBUG_LEVEL 0
+
static void my_debug( void *ctx, int level,
const char *file, int line,
const char *str )
@@ -170,7 +183,7 @@
printf( " . Bind on udp/*/4433 ..." );
fflush( stdout );
- if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_UDP ) ) != 0 )
+ if( ( ret = mbedtls_net_bind( &listen_fd, BIND_IP, "4433", MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
goto exit;
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 290455e..4b8140e 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -26,6 +26,17 @@
#include MBEDTLS_CONFIG_FILE
#endif
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif
+
/*
* We're creating and connecting the socket "manually" rather than using the
* NET module, in order to avoid the overhead of getaddrinfo() which tends to
@@ -44,13 +55,6 @@
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
!defined(UNIX)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif
-
int main( void )
{
mbedtls_printf( "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or "
@@ -60,12 +64,6 @@
}
#else
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#endif
-
#include <string.h>
#include "mbedtls/net_sockets.h"
@@ -168,6 +166,7 @@
ssl_write_failed,
};
+
int main( void )
{
int ret = exit_ok;
diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c
new file mode 100644
index 0000000..98a5df2
--- /dev/null
+++ b/programs/ssl/query_config.c
@@ -0,0 +1,2643 @@
+/*
+ * Query Mbed TLS compile time configurations from config.h
+ *
+ * Copyright (C) 2018, Arm Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of Mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+
+/*
+ * Include all the headers with public APIs in case they define a macro to its
+ * default value when that configuration is not set in the config.h.
+ */
+#include "mbedtls/aes.h"
+#include "mbedtls/aesni.h"
+#include "mbedtls/arc4.h"
+#include "mbedtls/aria.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/asn1write.h"
+#include "mbedtls/base64.h"
+#include "mbedtls/bignum.h"
+#include "mbedtls/blowfish.h"
+#include "mbedtls/camellia.h"
+#include "mbedtls/ccm.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/chacha20.h"
+#include "mbedtls/chachapoly.h"
+#include "mbedtls/cipher.h"
+#include "mbedtls/cmac.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/des.h"
+#include "mbedtls/dhm.h"
+#include "mbedtls/ecdh.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/ecjpake.h"
+#include "mbedtls/ecp.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/entropy_poll.h"
+#include "mbedtls/error.h"
+#include "mbedtls/gcm.h"
+#include "mbedtls/havege.h"
+#include "mbedtls/hkdf.h"
+#include "mbedtls/hmac_drbg.h"
+#include "mbedtls/md.h"
+#include "mbedtls/md2.h"
+#include "mbedtls/md4.h"
+#include "mbedtls/md5.h"
+#include "mbedtls/memory_buffer_alloc.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/nist_kw.h"
+#include "mbedtls/oid.h"
+#include "mbedtls/padlock.h"
+#include "mbedtls/pem.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/pkcs11.h"
+#include "mbedtls/pkcs12.h"
+#include "mbedtls/pkcs5.h"
+#include "mbedtls/platform_time.h"
+#include "mbedtls/platform_util.h"
+#include "mbedtls/poly1305.h"
+#include "mbedtls/ripemd160.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/sha512.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/ssl_cache.h"
+#include "mbedtls/ssl_ciphersuites.h"
+#include "mbedtls/ssl_cookie.h"
+#include "mbedtls/ssl_internal.h"
+#include "mbedtls/ssl_ticket.h"
+#include "mbedtls/threading.h"
+#include "mbedtls/timing.h"
+#include "mbedtls/version.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/x509_crl.h"
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/x509_csr.h"
+#include "mbedtls/xtea.h"
+
+#include <string.h>
+
+/*
+ * Helper macros to convert a macro or its expansion into a string
+ * WARNING: This does not work for expanding function-like macros. However,
+ * Mbed TLS does not currently have configuration options used in this fashion.
+ */
+#define MACRO_EXPANSION_TO_STR(macro) MACRO_NAME_TO_STR(macro)
+#define MACRO_NAME_TO_STR(macro) \
+ mbedtls_printf( "%s", strlen( #macro "" ) > 0 ? #macro "\n" : "" )
+
+#if defined(_MSC_VER)
+/*
+ * Visual Studio throws the warning 4003 because many Mbed TLS feature macros
+ * are defined empty. This means that from the preprocessor's point of view
+ * the macro MBEDTLS_EXPANSION_TO_STR is being invoked without arguments as
+ * some macros expand to nothing. We suppress that specific warning to get a
+ * clean build and to ensure that tests treating warnings as errors do not
+ * fail.
+ */
+#pragma warning(push)
+#pragma warning(disable:4003)
+#endif /* _MSC_VER */
+
+int query_config( const char *config )
+{
+#if defined(MBEDTLS_HAVE_ASM)
+ if( strcmp( "MBEDTLS_HAVE_ASM", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HAVE_ASM );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HAVE_ASM */
+
+#if defined(MBEDTLS_NO_UDBL_DIVISION)
+ if( strcmp( "MBEDTLS_NO_UDBL_DIVISION", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_NO_UDBL_DIVISION );
+ return( 0 );
+ }
+#endif /* MBEDTLS_NO_UDBL_DIVISION */
+
+#if defined(MBEDTLS_NO_64BIT_MULTIPLICATION)
+ if( strcmp( "MBEDTLS_NO_64BIT_MULTIPLICATION", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_NO_64BIT_MULTIPLICATION );
+ return( 0 );
+ }
+#endif /* MBEDTLS_NO_64BIT_MULTIPLICATION */
+
+#if defined(MBEDTLS_HAVE_SSE2)
+ if( strcmp( "MBEDTLS_HAVE_SSE2", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HAVE_SSE2 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HAVE_SSE2 */
+
+#if defined(MBEDTLS_HAVE_TIME)
+ if( strcmp( "MBEDTLS_HAVE_TIME", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HAVE_TIME );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HAVE_TIME */
+
+#if defined(MBEDTLS_HAVE_TIME_DATE)
+ if( strcmp( "MBEDTLS_HAVE_TIME_DATE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HAVE_TIME_DATE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HAVE_TIME_DATE */
+
+#if defined(MBEDTLS_PLATFORM_MEMORY)
+ if( strcmp( "MBEDTLS_PLATFORM_MEMORY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_MEMORY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_MEMORY */
+
+#if defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
+ if( strcmp( "MBEDTLS_PLATFORM_NO_STD_FUNCTIONS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_NO_STD_FUNCTIONS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
+
+#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_EXIT_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_EXIT_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
+
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_TIME_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_TIME_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_TIME_ALT */
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_FPRINTF_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_FPRINTF_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_PRINTF_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_PRINTF_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_SNPRINTF_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_SNPRINTF_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_VSNPRINTF_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_VSNPRINTF_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_NV_SEED_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_NV_SEED_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
+
+#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
+
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+ if( strcmp( "MBEDTLS_DEPRECATED_WARNING", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DEPRECATED_WARNING );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DEPRECATED_WARNING */
+
+#if defined(MBEDTLS_DEPRECATED_REMOVED)
+ if( strcmp( "MBEDTLS_DEPRECATED_REMOVED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DEPRECATED_REMOVED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
+#if defined(MBEDTLS_CHECK_PARAMS)
+ if( strcmp( "MBEDTLS_CHECK_PARAMS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CHECK_PARAMS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CHECK_PARAMS */
+
+#if defined(MBEDTLS_CHECK_PARAMS_ASSERT)
+ if( strcmp( "MBEDTLS_CHECK_PARAMS_ASSERT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CHECK_PARAMS_ASSERT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */
+
+#if defined(MBEDTLS_TIMING_ALT)
+ if( strcmp( "MBEDTLS_TIMING_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_TIMING_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_TIMING_ALT */
+
+#if defined(MBEDTLS_AES_ALT)
+ if( strcmp( "MBEDTLS_AES_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_ALT */
+
+#if defined(MBEDTLS_ARC4_ALT)
+ if( strcmp( "MBEDTLS_ARC4_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ARC4_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ARC4_ALT */
+
+#if defined(MBEDTLS_ARIA_ALT)
+ if( strcmp( "MBEDTLS_ARIA_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ARIA_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ARIA_ALT */
+
+#if defined(MBEDTLS_BLOWFISH_ALT)
+ if( strcmp( "MBEDTLS_BLOWFISH_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_BLOWFISH_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_BLOWFISH_ALT */
+
+#if defined(MBEDTLS_CAMELLIA_ALT)
+ if( strcmp( "MBEDTLS_CAMELLIA_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CAMELLIA_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CAMELLIA_ALT */
+
+#if defined(MBEDTLS_CCM_ALT)
+ if( strcmp( "MBEDTLS_CCM_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CCM_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CCM_ALT */
+
+#if defined(MBEDTLS_CHACHA20_ALT)
+ if( strcmp( "MBEDTLS_CHACHA20_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CHACHA20_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CHACHA20_ALT */
+
+#if defined(MBEDTLS_CHACHAPOLY_ALT)
+ if( strcmp( "MBEDTLS_CHACHAPOLY_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CHACHAPOLY_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CHACHAPOLY_ALT */
+
+#if defined(MBEDTLS_CMAC_ALT)
+ if( strcmp( "MBEDTLS_CMAC_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CMAC_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CMAC_ALT */
+
+#if defined(MBEDTLS_DES_ALT)
+ if( strcmp( "MBEDTLS_DES_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DES_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DES_ALT */
+
+#if defined(MBEDTLS_DHM_ALT)
+ if( strcmp( "MBEDTLS_DHM_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DHM_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DHM_ALT */
+
+#if defined(MBEDTLS_ECJPAKE_ALT)
+ if( strcmp( "MBEDTLS_ECJPAKE_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECJPAKE_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECJPAKE_ALT */
+
+#if defined(MBEDTLS_GCM_ALT)
+ if( strcmp( "MBEDTLS_GCM_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_GCM_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_GCM_ALT */
+
+#if defined(MBEDTLS_NIST_KW_ALT)
+ if( strcmp( "MBEDTLS_NIST_KW_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_NIST_KW_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_NIST_KW_ALT */
+
+#if defined(MBEDTLS_MD2_ALT)
+ if( strcmp( "MBEDTLS_MD2_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MD2_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MD2_ALT */
+
+#if defined(MBEDTLS_MD4_ALT)
+ if( strcmp( "MBEDTLS_MD4_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MD4_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MD4_ALT */
+
+#if defined(MBEDTLS_MD5_ALT)
+ if( strcmp( "MBEDTLS_MD5_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MD5_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MD5_ALT */
+
+#if defined(MBEDTLS_POLY1305_ALT)
+ if( strcmp( "MBEDTLS_POLY1305_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_POLY1305_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_POLY1305_ALT */
+
+#if defined(MBEDTLS_RIPEMD160_ALT)
+ if( strcmp( "MBEDTLS_RIPEMD160_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_RIPEMD160_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_RIPEMD160_ALT */
+
+#if defined(MBEDTLS_RSA_ALT)
+ if( strcmp( "MBEDTLS_RSA_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_RSA_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_RSA_ALT */
+
+#if defined(MBEDTLS_SHA1_ALT)
+ if( strcmp( "MBEDTLS_SHA1_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA1_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA1_ALT */
+
+#if defined(MBEDTLS_SHA256_ALT)
+ if( strcmp( "MBEDTLS_SHA256_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA256_ALT */
+
+#if defined(MBEDTLS_SHA512_ALT)
+ if( strcmp( "MBEDTLS_SHA512_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA512_ALT */
+
+#if defined(MBEDTLS_XTEA_ALT)
+ if( strcmp( "MBEDTLS_XTEA_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_XTEA_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_XTEA_ALT */
+
+#if defined(MBEDTLS_ECP_ALT)
+ if( strcmp( "MBEDTLS_ECP_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_ALT */
+
+#if defined(MBEDTLS_MD2_PROCESS_ALT)
+ if( strcmp( "MBEDTLS_MD2_PROCESS_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MD2_PROCESS_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MD2_PROCESS_ALT */
+
+#if defined(MBEDTLS_MD4_PROCESS_ALT)
+ if( strcmp( "MBEDTLS_MD4_PROCESS_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MD4_PROCESS_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MD4_PROCESS_ALT */
+
+#if defined(MBEDTLS_MD5_PROCESS_ALT)
+ if( strcmp( "MBEDTLS_MD5_PROCESS_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MD5_PROCESS_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MD5_PROCESS_ALT */
+
+#if defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
+ if( strcmp( "MBEDTLS_RIPEMD160_PROCESS_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_RIPEMD160_PROCESS_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_RIPEMD160_PROCESS_ALT */
+
+#if defined(MBEDTLS_SHA1_PROCESS_ALT)
+ if( strcmp( "MBEDTLS_SHA1_PROCESS_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA1_PROCESS_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA1_PROCESS_ALT */
+
+#if defined(MBEDTLS_SHA256_PROCESS_ALT)
+ if( strcmp( "MBEDTLS_SHA256_PROCESS_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_PROCESS_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA256_PROCESS_ALT */
+
+#if defined(MBEDTLS_SHA512_PROCESS_ALT)
+ if( strcmp( "MBEDTLS_SHA512_PROCESS_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_PROCESS_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA512_PROCESS_ALT */
+
+#if defined(MBEDTLS_DES_SETKEY_ALT)
+ if( strcmp( "MBEDTLS_DES_SETKEY_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DES_SETKEY_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DES_SETKEY_ALT */
+
+#if defined(MBEDTLS_DES_CRYPT_ECB_ALT)
+ if( strcmp( "MBEDTLS_DES_CRYPT_ECB_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DES_CRYPT_ECB_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DES_CRYPT_ECB_ALT */
+
+#if defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
+ if( strcmp( "MBEDTLS_DES3_CRYPT_ECB_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DES3_CRYPT_ECB_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DES3_CRYPT_ECB_ALT */
+
+#if defined(MBEDTLS_AES_SETKEY_ENC_ALT)
+ if( strcmp( "MBEDTLS_AES_SETKEY_ENC_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_SETKEY_ENC_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_SETKEY_ENC_ALT */
+
+#if defined(MBEDTLS_AES_SETKEY_DEC_ALT)
+ if( strcmp( "MBEDTLS_AES_SETKEY_DEC_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_SETKEY_DEC_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_SETKEY_DEC_ALT */
+
+#if defined(MBEDTLS_AES_ENCRYPT_ALT)
+ if( strcmp( "MBEDTLS_AES_ENCRYPT_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ENCRYPT_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_ENCRYPT_ALT */
+
+#if defined(MBEDTLS_AES_DECRYPT_ALT)
+ if( strcmp( "MBEDTLS_AES_DECRYPT_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_DECRYPT_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_DECRYPT_ALT */
+
+#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
+ if( strcmp( "MBEDTLS_ECDH_GEN_PUBLIC_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_GEN_PUBLIC_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */
+
+#if defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT)
+ if( strcmp( "MBEDTLS_ECDH_COMPUTE_SHARED_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_COMPUTE_SHARED_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
+
+#if defined(MBEDTLS_ECDSA_VERIFY_ALT)
+ if( strcmp( "MBEDTLS_ECDSA_VERIFY_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_VERIFY_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
+
+#if defined(MBEDTLS_ECDSA_SIGN_ALT)
+ if( strcmp( "MBEDTLS_ECDSA_SIGN_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_SIGN_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDSA_SIGN_ALT */
+
+#if defined(MBEDTLS_ECDSA_GENKEY_ALT)
+ if( strcmp( "MBEDTLS_ECDSA_GENKEY_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_GENKEY_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
+
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+ if( strcmp( "MBEDTLS_ECP_INTERNAL_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_INTERNAL_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_INTERNAL_ALT */
+
+#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
+ if( strcmp( "MBEDTLS_ECP_RANDOMIZE_JAC_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_RANDOMIZE_JAC_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */
+
+#if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
+ if( strcmp( "MBEDTLS_ECP_ADD_MIXED_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_ADD_MIXED_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */
+
+#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
+ if( strcmp( "MBEDTLS_ECP_DOUBLE_JAC_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DOUBLE_JAC_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */
+
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
+ if( strcmp( "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT */
+
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
+ if( strcmp( "MBEDTLS_ECP_NORMALIZE_JAC_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NORMALIZE_JAC_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */
+
+#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
+ if( strcmp( "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */
+
+#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
+ if( strcmp( "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_RANDOMIZE_MXZ_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
+
+#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
+ if( strcmp( "MBEDTLS_ECP_NORMALIZE_MXZ_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NORMALIZE_MXZ_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
+
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
+ if( strcmp( "MBEDTLS_TEST_NULL_ENTROPY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_TEST_NULL_ENTROPY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_TEST_NULL_ENTROPY */
+
+#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
+ if( strcmp( "MBEDTLS_ENTROPY_HARDWARE_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_HARDWARE_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
+
+#if defined(MBEDTLS_AES_ROM_TABLES)
+ if( strcmp( "MBEDTLS_AES_ROM_TABLES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ROM_TABLES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_ROM_TABLES */
+
+#if defined(MBEDTLS_AES_FEWER_TABLES)
+ if( strcmp( "MBEDTLS_AES_FEWER_TABLES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_FEWER_TABLES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_FEWER_TABLES */
+
+#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
+ if( strcmp( "MBEDTLS_CAMELLIA_SMALL_MEMORY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CAMELLIA_SMALL_MEMORY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+ if( strcmp( "MBEDTLS_CIPHER_MODE_CBC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_CBC );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+ if( strcmp( "MBEDTLS_CIPHER_MODE_CFB", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_CFB );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+ if( strcmp( "MBEDTLS_CIPHER_MODE_CTR", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_CTR );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+ if( strcmp( "MBEDTLS_CIPHER_MODE_OFB", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_OFB );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_MODE_OFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+ if( strcmp( "MBEDTLS_CIPHER_MODE_XTS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_XTS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_MODE_XTS */
+
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+ if( strcmp( "MBEDTLS_CIPHER_NULL_CIPHER", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_NULL_CIPHER );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ if( strcmp( "MBEDTLS_CIPHER_PADDING_PKCS7", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_PADDING_PKCS7 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
+
+#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
+ if( strcmp( "MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
+
+#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
+ if( strcmp( "MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
+
+#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
+ if( strcmp( "MBEDTLS_CIPHER_PADDING_ZEROS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_PADDING_ZEROS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_PADDING_ZEROS */
+
+#if defined(MBEDTLS_ENABLE_WEAK_CIPHERSUITES)
+ if( strcmp( "MBEDTLS_ENABLE_WEAK_CIPHERSUITES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ENABLE_WEAK_CIPHERSUITES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */
+
+#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
+ if( strcmp( "MBEDTLS_REMOVE_ARC4_CIPHERSUITES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_REMOVE_ARC4_CIPHERSUITES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */
+
+#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
+ if( strcmp( "MBEDTLS_REMOVE_3DES_CIPHERSUITES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_REMOVE_3DES_CIPHERSUITES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
+
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_SECP192R1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP192R1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_SECP224R1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP224R1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_SECP256R1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP256R1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_SECP384R1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP384R1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_SECP521R1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP521R1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_SECP192K1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP192K1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_SECP224K1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP224K1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_SECP256K1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP256K1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_BP256R1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_BP256R1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_BP384R1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_BP384R1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_BP512R1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_BP512R1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_CURVE25519_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_CURVE25519_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_CURVE448_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_CURVE448_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
+
+#if defined(MBEDTLS_ECP_NIST_OPTIM)
+ if( strcmp( "MBEDTLS_ECP_NIST_OPTIM", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NIST_OPTIM );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_NIST_OPTIM */
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( strcmp( "MBEDTLS_ECP_RESTARTABLE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_RESTARTABLE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
+ if( strcmp( "MBEDTLS_ECDH_LEGACY_CONTEXT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_LEGACY_CONTEXT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+ if( strcmp( "MBEDTLS_ECDSA_DETERMINISTIC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_DETERMINISTIC );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_PSK_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_PSK_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_RSA_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
+ if( strcmp( "MBEDTLS_PK_PARSE_EC_EXTENDED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PK_PARSE_EC_EXTENDED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
+
+#if defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+ if( strcmp( "MBEDTLS_ERROR_STRERROR_DUMMY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ERROR_STRERROR_DUMMY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */
+
+#if defined(MBEDTLS_GENPRIME)
+ if( strcmp( "MBEDTLS_GENPRIME", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_GENPRIME );
+ return( 0 );
+ }
+#endif /* MBEDTLS_GENPRIME */
+
+#if defined(MBEDTLS_FS_IO)
+ if( strcmp( "MBEDTLS_FS_IO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_FS_IO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_FS_IO */
+
+#if defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
+ if( strcmp( "MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
+
+#if defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+ if( strcmp( "MBEDTLS_NO_PLATFORM_ENTROPY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_NO_PLATFORM_ENTROPY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_NO_PLATFORM_ENTROPY */
+
+#if defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+ if( strcmp( "MBEDTLS_ENTROPY_FORCE_SHA256", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_FORCE_SHA256 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ENTROPY_FORCE_SHA256 */
+
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+ if( strcmp( "MBEDTLS_ENTROPY_NV_SEED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_NV_SEED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ENTROPY_NV_SEED */
+
+#if defined(MBEDTLS_MEMORY_DEBUG)
+ if( strcmp( "MBEDTLS_MEMORY_DEBUG", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MEMORY_DEBUG );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MEMORY_DEBUG */
+
+#if defined(MBEDTLS_MEMORY_BACKTRACE)
+ if( strcmp( "MBEDTLS_MEMORY_BACKTRACE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MEMORY_BACKTRACE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MEMORY_BACKTRACE */
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+ if( strcmp( "MBEDTLS_PK_RSA_ALT_SUPPORT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PK_RSA_ALT_SUPPORT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+
+#if defined(MBEDTLS_PKCS1_V15)
+ if( strcmp( "MBEDTLS_PKCS1_V15", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS1_V15 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PKCS1_V15 */
+
+#if defined(MBEDTLS_PKCS1_V21)
+ if( strcmp( "MBEDTLS_PKCS1_V21", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS1_V21 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PKCS1_V21 */
+
+#if defined(MBEDTLS_PSA_CRYPTO_SPM)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_SPM", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_SPM );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_SPM */
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+ if( strcmp( "MBEDTLS_PSA_INJECT_ENTROPY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_INJECT_ENTROPY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
+
+#if defined(MBEDTLS_RSA_NO_CRT)
+ if( strcmp( "MBEDTLS_RSA_NO_CRT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_RSA_NO_CRT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_RSA_NO_CRT */
+
+#if defined(MBEDTLS_SELF_TEST)
+ if( strcmp( "MBEDTLS_SELF_TEST", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SELF_TEST );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SELF_TEST */
+
+#if defined(MBEDTLS_SHA256_SMALLER)
+ if( strcmp( "MBEDTLS_SHA256_SMALLER", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_SMALLER );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA256_SMALLER */
+
+#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
+ if( strcmp( "MBEDTLS_SSL_ALL_ALERT_MESSAGES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_ALL_ALERT_MESSAGES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( strcmp( "MBEDTLS_SSL_DTLS_CONNECTION_ID", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_CONNECTION_ID );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+ if( strcmp( "MBEDTLS_SSL_ASYNC_PRIVATE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_ASYNC_PRIVATE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+
+#if defined(MBEDTLS_SSL_DEBUG_ALL)
+ if( strcmp( "MBEDTLS_SSL_DEBUG_ALL", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DEBUG_ALL );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_DEBUG_ALL */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ if( strcmp( "MBEDTLS_SSL_ENCRYPT_THEN_MAC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_ENCRYPT_THEN_MAC );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ if( strcmp( "MBEDTLS_SSL_EXTENDED_MASTER_SECRET", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_EXTENDED_MASTER_SECRET );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+
+#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
+ if( strcmp( "MBEDTLS_SSL_FALLBACK_SCSV", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_FALLBACK_SCSV );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
+
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ if( strcmp( "MBEDTLS_SSL_KEEP_PEER_CERTIFICATE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_KEEP_PEER_CERTIFICATE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
+#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
+ if( strcmp( "MBEDTLS_SSL_HW_RECORD_ACCEL", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_HW_RECORD_ACCEL );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
+
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+ if( strcmp( "MBEDTLS_SSL_CBC_RECORD_SPLITTING", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CBC_RECORD_SPLITTING );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if( strcmp( "MBEDTLS_SSL_RENEGOTIATION", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_RENEGOTIATION );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
+ if( strcmp( "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
+
+#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
+ if( strcmp( "MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ if( strcmp( "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_MAX_FRAGMENT_LENGTH );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+ if( strcmp( "MBEDTLS_SSL_PROTO_SSL3", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_SSL3 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1)
+ if( strcmp( "MBEDTLS_SSL_PROTO_TLS1", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_TLS1 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
+ if( strcmp( "MBEDTLS_SSL_PROTO_TLS1_1", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_TLS1_1 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( strcmp( "MBEDTLS_SSL_PROTO_TLS1_2", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_TLS1_2 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( strcmp( "MBEDTLS_SSL_PROTO_DTLS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_DTLS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if defined(MBEDTLS_SSL_ALPN)
+ if( strcmp( "MBEDTLS_SSL_ALPN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_ALPN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_ALPN */
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+ if( strcmp( "MBEDTLS_SSL_DTLS_ANTI_REPLAY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_ANTI_REPLAY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+ if( strcmp( "MBEDTLS_SSL_DTLS_HELLO_VERIFY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_HELLO_VERIFY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+
+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
+ if( strcmp( "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE */
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
+ if( strcmp( "MBEDTLS_SSL_DTLS_BADMAC_LIMIT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_BADMAC_LIMIT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ if( strcmp( "MBEDTLS_SSL_SESSION_TICKETS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SESSION_TICKETS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+ if( strcmp( "MBEDTLS_SSL_EXPORT_KEYS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_EXPORT_KEYS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ if( strcmp( "MBEDTLS_SSL_SERVER_NAME_INDICATION", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SERVER_NAME_INDICATION );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+ if( strcmp( "MBEDTLS_SSL_TRUNCATED_HMAC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TRUNCATED_HMAC );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
+ if( strcmp( "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */
+
+#if defined(MBEDTLS_THREADING_ALT)
+ if( strcmp( "MBEDTLS_THREADING_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_THREADING_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_THREADING_ALT */
+
+#if defined(MBEDTLS_THREADING_PTHREAD)
+ if( strcmp( "MBEDTLS_THREADING_PTHREAD", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_THREADING_PTHREAD );
+ return( 0 );
+ }
+#endif /* MBEDTLS_THREADING_PTHREAD */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( strcmp( "MBEDTLS_USE_PSA_CRYPTO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_USE_PSA_CRYPTO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_VERSION_FEATURES)
+ if( strcmp( "MBEDTLS_VERSION_FEATURES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_VERSION_FEATURES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_VERSION_FEATURES */
+
+#if defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
+ if( strcmp( "MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 */
+
+#if defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
+ if( strcmp( "MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ if( strcmp( "MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
+#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
+ if( strcmp( "MBEDTLS_X509_CHECK_KEY_USAGE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CHECK_KEY_USAGE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */
+
+#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
+ if( strcmp( "MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+ if( strcmp( "MBEDTLS_X509_RSASSA_PSS_SUPPORT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_RSASSA_PSS_SUPPORT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
+
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+ if( strcmp( "MBEDTLS_ZLIB_SUPPORT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ZLIB_SUPPORT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ZLIB_SUPPORT */
+
+#if defined(MBEDTLS_AESNI_C)
+ if( strcmp( "MBEDTLS_AESNI_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AESNI_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AESNI_C */
+
+#if defined(MBEDTLS_AES_C)
+ if( strcmp( "MBEDTLS_AES_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_ARC4_C)
+ if( strcmp( "MBEDTLS_ARC4_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ARC4_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ARC4_C */
+
+#if defined(MBEDTLS_ASN1_PARSE_C)
+ if( strcmp( "MBEDTLS_ASN1_PARSE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ASN1_PARSE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
+#if defined(MBEDTLS_ASN1_WRITE_C)
+ if( strcmp( "MBEDTLS_ASN1_WRITE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ASN1_WRITE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ASN1_WRITE_C */
+
+#if defined(MBEDTLS_BASE64_C)
+ if( strcmp( "MBEDTLS_BASE64_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_BASE64_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_BASE64_C */
+
+#if defined(MBEDTLS_BIGNUM_C)
+ if( strcmp( "MBEDTLS_BIGNUM_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_BIGNUM_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_BIGNUM_C */
+
+#if defined(MBEDTLS_BLOWFISH_C)
+ if( strcmp( "MBEDTLS_BLOWFISH_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_BLOWFISH_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_BLOWFISH_C */
+
+#if defined(MBEDTLS_CAMELLIA_C)
+ if( strcmp( "MBEDTLS_CAMELLIA_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CAMELLIA_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CAMELLIA_C */
+
+#if defined(MBEDTLS_ARIA_C)
+ if( strcmp( "MBEDTLS_ARIA_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ARIA_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ARIA_C */
+
+#if defined(MBEDTLS_CCM_C)
+ if( strcmp( "MBEDTLS_CCM_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CCM_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CCM_C */
+
+#if defined(MBEDTLS_CERTS_C)
+ if( strcmp( "MBEDTLS_CERTS_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CERTS_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CERTS_C */
+
+#if defined(MBEDTLS_CHACHA20_C)
+ if( strcmp( "MBEDTLS_CHACHA20_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CHACHA20_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CHACHA20_C */
+
+#if defined(MBEDTLS_CHACHAPOLY_C)
+ if( strcmp( "MBEDTLS_CHACHAPOLY_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CHACHAPOLY_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CHACHAPOLY_C */
+
+#if defined(MBEDTLS_CIPHER_C)
+ if( strcmp( "MBEDTLS_CIPHER_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_C */
+
+#if defined(MBEDTLS_CMAC_C)
+ if( strcmp( "MBEDTLS_CMAC_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CMAC_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CMAC_C */
+
+#if defined(MBEDTLS_CTR_DRBG_C)
+ if( strcmp( "MBEDTLS_CTR_DRBG_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CTR_DRBG_C */
+
+#if defined(MBEDTLS_DEBUG_C)
+ if( strcmp( "MBEDTLS_DEBUG_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DEBUG_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DEBUG_C */
+
+#if defined(MBEDTLS_DES_C)
+ if( strcmp( "MBEDTLS_DES_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DES_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_DHM_C)
+ if( strcmp( "MBEDTLS_DHM_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DHM_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DHM_C */
+
+#if defined(MBEDTLS_ECDH_C)
+ if( strcmp( "MBEDTLS_ECDH_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDH_C */
+
+#if defined(MBEDTLS_ECDSA_C)
+ if( strcmp( "MBEDTLS_ECDSA_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDSA_C */
+
+#if defined(MBEDTLS_ECJPAKE_C)
+ if( strcmp( "MBEDTLS_ECJPAKE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECJPAKE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECJPAKE_C */
+
+#if defined(MBEDTLS_ECP_C)
+ if( strcmp( "MBEDTLS_ECP_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_ENTROPY_C)
+ if( strcmp( "MBEDTLS_ENTROPY_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ENTROPY_C */
+
+#if defined(MBEDTLS_ERROR_C)
+ if( strcmp( "MBEDTLS_ERROR_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ERROR_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ERROR_C */
+
+#if defined(MBEDTLS_GCM_C)
+ if( strcmp( "MBEDTLS_GCM_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_GCM_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_GCM_C */
+
+#if defined(MBEDTLS_HAVEGE_C)
+ if( strcmp( "MBEDTLS_HAVEGE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HAVEGE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HAVEGE_C */
+
+#if defined(MBEDTLS_HKDF_C)
+ if( strcmp( "MBEDTLS_HKDF_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HKDF_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HKDF_C */
+
+#if defined(MBEDTLS_HMAC_DRBG_C)
+ if( strcmp( "MBEDTLS_HMAC_DRBG_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HMAC_DRBG_C */
+
+#if defined(MBEDTLS_NIST_KW_C)
+ if( strcmp( "MBEDTLS_NIST_KW_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_NIST_KW_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_NIST_KW_C */
+
+#if defined(MBEDTLS_MD_C)
+ if( strcmp( "MBEDTLS_MD_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MD_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MD_C */
+
+#if defined(MBEDTLS_MD2_C)
+ if( strcmp( "MBEDTLS_MD2_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MD2_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MD2_C */
+
+#if defined(MBEDTLS_MD4_C)
+ if( strcmp( "MBEDTLS_MD4_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MD4_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MD4_C */
+
+#if defined(MBEDTLS_MD5_C)
+ if( strcmp( "MBEDTLS_MD5_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MD5_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MD5_C */
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ if( strcmp( "MBEDTLS_MEMORY_BUFFER_ALLOC_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MEMORY_BUFFER_ALLOC_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
+
+#if defined(MBEDTLS_NET_C)
+ if( strcmp( "MBEDTLS_NET_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_NET_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_NET_C */
+
+#if defined(MBEDTLS_OID_C)
+ if( strcmp( "MBEDTLS_OID_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_OID_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_OID_C */
+
+#if defined(MBEDTLS_PADLOCK_C)
+ if( strcmp( "MBEDTLS_PADLOCK_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PADLOCK_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PADLOCK_C */
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+ if( strcmp( "MBEDTLS_PEM_PARSE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PEM_PARSE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PEM_PARSE_C */
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+ if( strcmp( "MBEDTLS_PEM_WRITE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PEM_WRITE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PEM_WRITE_C */
+
+#if defined(MBEDTLS_PK_C)
+ if( strcmp( "MBEDTLS_PK_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PK_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PK_C */
+
+#if defined(MBEDTLS_PK_PARSE_C)
+ if( strcmp( "MBEDTLS_PK_PARSE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PK_PARSE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PK_PARSE_C */
+
+#if defined(MBEDTLS_PK_WRITE_C)
+ if( strcmp( "MBEDTLS_PK_WRITE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PK_WRITE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PK_WRITE_C */
+
+#if defined(MBEDTLS_PKCS5_C)
+ if( strcmp( "MBEDTLS_PKCS5_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS5_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PKCS5_C */
+
+#if defined(MBEDTLS_PKCS11_C)
+ if( strcmp( "MBEDTLS_PKCS11_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS11_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PKCS11_C */
+
+#if defined(MBEDTLS_PKCS12_C)
+ if( strcmp( "MBEDTLS_PKCS12_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS12_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PKCS12_C */
+
+#if defined(MBEDTLS_PLATFORM_C)
+ if( strcmp( "MBEDTLS_PLATFORM_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_C */
+
+#if defined(MBEDTLS_POLY1305_C)
+ if( strcmp( "MBEDTLS_POLY1305_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_POLY1305_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_POLY1305_C */
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_STORAGE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_STORAGE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
+
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+ if( strcmp( "MBEDTLS_PSA_ITS_FILE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_ITS_FILE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_ITS_FILE_C */
+
+#if defined(MBEDTLS_RIPEMD160_C)
+ if( strcmp( "MBEDTLS_RIPEMD160_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_RIPEMD160_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_RIPEMD160_C */
+
+#if defined(MBEDTLS_RSA_C)
+ if( strcmp( "MBEDTLS_RSA_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_RSA_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_SHA1_C)
+ if( strcmp( "MBEDTLS_SHA1_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA1_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA1_C */
+
+#if defined(MBEDTLS_SHA256_C)
+ if( strcmp( "MBEDTLS_SHA256_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+ if( strcmp( "MBEDTLS_SHA512_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA512_C */
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+ if( strcmp( "MBEDTLS_SSL_CACHE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CACHE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CACHE_C */
+
+#if defined(MBEDTLS_SSL_COOKIE_C)
+ if( strcmp( "MBEDTLS_SSL_COOKIE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_COOKIE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_COOKIE_C */
+
+#if defined(MBEDTLS_SSL_TICKET_C)
+ if( strcmp( "MBEDTLS_SSL_TICKET_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TICKET_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_TICKET_C */
+
+#if defined(MBEDTLS_SSL_CLI_C)
+ if( strcmp( "MBEDTLS_SSL_CLI_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CLI_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_SRV_C)
+ if( strcmp( "MBEDTLS_SSL_SRV_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SRV_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_SSL_TLS_C)
+ if( strcmp( "MBEDTLS_SSL_TLS_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TLS_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_TLS_C */
+
+#if defined(MBEDTLS_THREADING_C)
+ if( strcmp( "MBEDTLS_THREADING_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_THREADING_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_THREADING_C */
+
+#if defined(MBEDTLS_TIMING_C)
+ if( strcmp( "MBEDTLS_TIMING_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_TIMING_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_TIMING_C */
+
+#if defined(MBEDTLS_VERSION_C)
+ if( strcmp( "MBEDTLS_VERSION_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_VERSION_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_VERSION_C */
+
+#if defined(MBEDTLS_X509_USE_C)
+ if( strcmp( "MBEDTLS_X509_USE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_USE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_USE_C */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if( strcmp( "MBEDTLS_X509_CRT_PARSE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRT_PARSE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+ if( strcmp( "MBEDTLS_X509_CRL_PARSE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRL_PARSE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_CRL_PARSE_C */
+
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+ if( strcmp( "MBEDTLS_X509_CSR_PARSE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CSR_PARSE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
+
+#if defined(MBEDTLS_X509_CREATE_C)
+ if( strcmp( "MBEDTLS_X509_CREATE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CREATE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_CREATE_C */
+
+#if defined(MBEDTLS_X509_CRT_WRITE_C)
+ if( strcmp( "MBEDTLS_X509_CRT_WRITE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRT_WRITE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_CRT_WRITE_C */
+
+#if defined(MBEDTLS_X509_CSR_WRITE_C)
+ if( strcmp( "MBEDTLS_X509_CSR_WRITE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CSR_WRITE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_CSR_WRITE_C */
+
+#if defined(MBEDTLS_XTEA_C)
+ if( strcmp( "MBEDTLS_XTEA_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_XTEA_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_XTEA_C */
+
+#if defined(MBEDTLS_MPI_WINDOW_SIZE)
+ if( strcmp( "MBEDTLS_MPI_WINDOW_SIZE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MPI_WINDOW_SIZE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MPI_WINDOW_SIZE */
+
+#if defined(MBEDTLS_MPI_MAX_SIZE)
+ if( strcmp( "MBEDTLS_MPI_MAX_SIZE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MPI_MAX_SIZE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MPI_MAX_SIZE */
+
+#if defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
+ if( strcmp( "MBEDTLS_CTR_DRBG_ENTROPY_LEN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_ENTROPY_LEN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CTR_DRBG_ENTROPY_LEN */
+
+#if defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
+ if( strcmp( "MBEDTLS_CTR_DRBG_RESEED_INTERVAL", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_RESEED_INTERVAL );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CTR_DRBG_RESEED_INTERVAL */
+
+#if defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
+ if( strcmp( "MBEDTLS_CTR_DRBG_MAX_INPUT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_MAX_INPUT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CTR_DRBG_MAX_INPUT */
+
+#if defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
+ if( strcmp( "MBEDTLS_CTR_DRBG_MAX_REQUEST", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_MAX_REQUEST );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CTR_DRBG_MAX_REQUEST */
+
+#if defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
+ if( strcmp( "MBEDTLS_CTR_DRBG_MAX_SEED_INPUT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_MAX_SEED_INPUT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CTR_DRBG_MAX_SEED_INPUT */
+
+#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
+ if( strcmp( "MBEDTLS_CTR_DRBG_USE_128_BIT_KEY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_USE_128_BIT_KEY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
+
+#if defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
+ if( strcmp( "MBEDTLS_HMAC_DRBG_RESEED_INTERVAL", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_RESEED_INTERVAL );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HMAC_DRBG_RESEED_INTERVAL */
+
+#if defined(MBEDTLS_HMAC_DRBG_MAX_INPUT)
+ if( strcmp( "MBEDTLS_HMAC_DRBG_MAX_INPUT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_MAX_INPUT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HMAC_DRBG_MAX_INPUT */
+
+#if defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST)
+ if( strcmp( "MBEDTLS_HMAC_DRBG_MAX_REQUEST", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_MAX_REQUEST );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HMAC_DRBG_MAX_REQUEST */
+
+#if defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT)
+ if( strcmp( "MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT */
+
+#if defined(MBEDTLS_ECP_MAX_BITS)
+ if( strcmp( "MBEDTLS_ECP_MAX_BITS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_MAX_BITS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_MAX_BITS */
+
+#if defined(MBEDTLS_ECP_WINDOW_SIZE)
+ if( strcmp( "MBEDTLS_ECP_WINDOW_SIZE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_WINDOW_SIZE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_WINDOW_SIZE */
+
+#if defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
+ if( strcmp( "MBEDTLS_ECP_FIXED_POINT_OPTIM", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_FIXED_POINT_OPTIM );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
+
+#if defined(MBEDTLS_ENTROPY_MAX_SOURCES)
+ if( strcmp( "MBEDTLS_ENTROPY_MAX_SOURCES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_MAX_SOURCES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ENTROPY_MAX_SOURCES */
+
+#if defined(MBEDTLS_ENTROPY_MAX_GATHER)
+ if( strcmp( "MBEDTLS_ENTROPY_MAX_GATHER", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_MAX_GATHER );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ENTROPY_MAX_GATHER */
+
+#if defined(MBEDTLS_ENTROPY_MIN_HARDWARE)
+ if( strcmp( "MBEDTLS_ENTROPY_MIN_HARDWARE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_MIN_HARDWARE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ENTROPY_MIN_HARDWARE */
+
+#if defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
+ if( strcmp( "MBEDTLS_MEMORY_ALIGN_MULTIPLE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MEMORY_ALIGN_MULTIPLE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MEMORY_ALIGN_MULTIPLE */
+
+#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_MEM_HDR", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_MEM_HDR );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_MEM_HDR */
+
+#if defined(MBEDTLS_PLATFORM_STD_CALLOC)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_CALLOC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_CALLOC );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_CALLOC */
+
+#if defined(MBEDTLS_PLATFORM_STD_FREE)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_FREE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_FREE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_FREE */
+
+#if defined(MBEDTLS_PLATFORM_STD_EXIT)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_EXIT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_EXIT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_EXIT */
+
+#if defined(MBEDTLS_PLATFORM_STD_TIME)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_TIME", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_TIME );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_TIME */
+
+#if defined(MBEDTLS_PLATFORM_STD_FPRINTF)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_FPRINTF", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_FPRINTF );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_FPRINTF */
+
+#if defined(MBEDTLS_PLATFORM_STD_PRINTF)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_PRINTF", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_PRINTF );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_PRINTF */
+
+#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_SNPRINTF", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_SNPRINTF );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_SNPRINTF */
+
+#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_EXIT_SUCCESS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_EXIT_SUCCESS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_EXIT_SUCCESS */
+
+#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_EXIT_FAILURE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_EXIT_FAILURE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_EXIT_FAILURE */
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_NV_SEED_READ", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_NV_SEED_READ );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_NV_SEED_READ */
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_NV_SEED_WRITE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_NV_SEED_WRITE */
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_NV_SEED_FILE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_NV_SEED_FILE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_NV_SEED_FILE */
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_CALLOC_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_CALLOC_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_CALLOC_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_FREE_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_FREE_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_FREE_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_EXIT_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_EXIT_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_TIME_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_TIME_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_TIME_TYPE_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_TIME_TYPE_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_FPRINTF_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_FPRINTF_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_PRINTF_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_PRINTF_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_SNPRINTF_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_SNPRINTF_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_VSNPRINTF_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_VSNPRINTF_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_NV_SEED_READ_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_NV_SEED_READ_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO */
+
+#if defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT)
+ if( strcmp( "MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT */
+
+#if defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES)
+ if( strcmp( "MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES */
+
+#if defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
+ if( strcmp( "MBEDTLS_SSL_MAX_CONTENT_LEN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_MAX_CONTENT_LEN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_MAX_CONTENT_LEN */
+
+#if defined(MBEDTLS_SSL_IN_CONTENT_LEN)
+ if( strcmp( "MBEDTLS_SSL_IN_CONTENT_LEN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_IN_CONTENT_LEN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_IN_CONTENT_LEN */
+
+#if defined(MBEDTLS_SSL_CID_IN_LEN_MAX)
+ if( strcmp( "MBEDTLS_SSL_CID_IN_LEN_MAX", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CID_IN_LEN_MAX );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CID_IN_LEN_MAX */
+
+#if defined(MBEDTLS_SSL_CID_OUT_LEN_MAX)
+ if( strcmp( "MBEDTLS_SSL_CID_OUT_LEN_MAX", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CID_OUT_LEN_MAX );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CID_OUT_LEN_MAX */
+
+#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY)
+ if( strcmp( "MBEDTLS_SSL_CID_PADDING_GRANULARITY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CID_PADDING_GRANULARITY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CID_PADDING_GRANULARITY */
+
+#if defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
+ if( strcmp( "MBEDTLS_SSL_OUT_CONTENT_LEN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_OUT_CONTENT_LEN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_OUT_CONTENT_LEN */
+
+#if defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING)
+ if( strcmp( "MBEDTLS_SSL_DTLS_MAX_BUFFERING", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_MAX_BUFFERING );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_DTLS_MAX_BUFFERING */
+
+#if defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
+ if( strcmp( "MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME */
+
+#if defined(MBEDTLS_PSK_MAX_LEN)
+ if( strcmp( "MBEDTLS_PSK_MAX_LEN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSK_MAX_LEN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSK_MAX_LEN */
+
+#if defined(MBEDTLS_SSL_COOKIE_TIMEOUT)
+ if( strcmp( "MBEDTLS_SSL_COOKIE_TIMEOUT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_COOKIE_TIMEOUT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_COOKIE_TIMEOUT */
+
+#if defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA)
+ if( strcmp( "MBEDTLS_X509_MAX_INTERMEDIATE_CA", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_MAX_INTERMEDIATE_CA );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_MAX_INTERMEDIATE_CA */
+
+#if defined(MBEDTLS_X509_MAX_FILE_PATH_LEN)
+ if( strcmp( "MBEDTLS_X509_MAX_FILE_PATH_LEN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_MAX_FILE_PATH_LEN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_MAX_FILE_PATH_LEN */
+
+#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
+ if( strcmp( "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES */
+
+#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
+ if( strcmp( "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE */
+
+#if defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_ZEROIZE_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_ZEROIZE_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
+
+#if defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_GMTIME_R_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_GMTIME_R_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */
+
+ /* If the symbol is not found, return an error */
+ return( 1 );
+}
+
+#if defined(_MSC_VER)
+#pragma warning(pop)
+#endif /* _MSC_VER */
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index bf7c013..b723243 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -34,6 +34,7 @@
#define mbedtls_time_t time_t
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -70,6 +71,7 @@
#define DEBUG_LEVEL 1
+
static void my_debug( void *ctx, int level,
const char *file, int line,
const char *str )
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 0dd9e3f..4221159 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -35,6 +35,11 @@
#define mbedtls_printf printf
#define mbedtls_fprintf fprintf
#define mbedtls_snprintf snprintf
+#define mbedtls_calloc calloc
+#define mbedtls_free free
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
#if !defined(MBEDTLS_ENTROPY_C) || \
@@ -59,6 +64,11 @@
#include "mbedtls/debug.h"
#include "mbedtls/timing.h"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#include "mbedtls/psa_util.h"
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -72,6 +82,7 @@
#define DFL_REQUEST_PAGE "/"
#define DFL_REQUEST_SIZE -1
#define DFL_DEBUG_LEVEL 0
+#define DFL_CONTEXT_CRT_CB 0
#define DFL_NBIO 0
#define DFL_EVENT 0
#define DFL_READ_TIMEOUT 0
@@ -80,9 +91,12 @@
#define DFL_CA_PATH ""
#define DFL_CRT_FILE ""
#define DFL_KEY_FILE ""
+#define DFL_KEY_OPAQUE 0
#define DFL_PSK ""
+#define DFL_PSK_OPAQUE 0
#define DFL_PSK_IDENTITY "Client_identity"
#define DFL_ECJPAKE_PW NULL
+#define DFL_EC_MAX_OPS -1
#define DFL_FORCE_CIPHER 0
#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
#define DFL_ALLOW_LEGACY -2
@@ -99,6 +113,10 @@
#define DFL_DHMLEN -1
#define DFL_RECONNECT 0
#define DFL_RECO_DELAY 0
+#define DFL_CID_ENABLED 0
+#define DFL_CID_VALUE ""
+#define DFL_CID_ENABLED_RENEGO -1
+#define DFL_CID_VALUE_RENEGO NULL
#define DFL_RECONNECT_HARD 0
#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
#define DFL_ALPN_STRING NULL
@@ -106,20 +124,37 @@
#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
#define DFL_HS_TO_MIN 0
#define DFL_HS_TO_MAX 0
+#define DFL_DTLS_MTU -1
+#define DFL_DGRAM_PACKING 1
#define DFL_FALLBACK -1
#define DFL_EXTENDED_MS -1
#define DFL_ETM -1
+#define DFL_CA_CALLBACK 0
+#define DFL_EAP_TLS 0
+#define DFL_REPRODUCIBLE 0
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
#define GET_REQUEST_END "\r\n\r\n"
#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#define USAGE_CONTEXT_CRT_CB \
+ " context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \
+ " to the SSL configuration of the SSL context.\n" \
+ " Possible values:\n"\
+ " - 0 (default): Use CRT callback bound to configuration\n" \
+ " - 1: Use CRT callback bound to SSL context\n"
+#else
+#define USAGE_CONTEXT_CRT_CB ""
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_FS_IO)
#define USAGE_IO \
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
" default: \"\" (pre-loaded)\n" \
+ " use \"none\" to skip loading any top-level CAs.\n" \
" ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
" default: \"\" (pre-loaded) (overrides ca_file)\n" \
+ " use \"none\" to skip loading any top-level CAs.\n" \
" crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
" default: \"\" (pre-loaded)\n" \
" key_file=%%s default: \"\" (pre-loaded)\n"
@@ -127,18 +162,62 @@
#define USAGE_IO \
" No file operations available (MBEDTLS_FS_IO not defined)\n"
#endif /* MBEDTLS_FS_IO */
-#else
+#else /* MBEDTLS_X509_CRT_PARSE_C */
#define USAGE_IO ""
#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
+#define USAGE_KEY_OPAQUE \
+ " key_opaque=%%d Handle your private key as if it were opaque\n" \
+ " default: 0 (disabled)\n"
+#else
+#define USAGE_KEY_OPAQUE ""
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+#define USAGE_CID \
+ " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \
+ " default: 0 (disabled)\n" \
+ " cid_renego=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension during renegotiation.\n" \
+ " default: same as 'cid' parameter\n" \
+ " cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \
+ " default: \"\"\n" \
+ " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \
+ " default: same as 'cid_val' parameter\n"
+#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+#define USAGE_CID ""
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-#define USAGE_PSK \
+#define USAGE_PSK_RAW \
" psk=%%s default: \"\" (in hex, without 0x)\n" \
" psk_identity=%%s default: \"Client_identity\"\n"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#define USAGE_PSK_SLOT \
+ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
+ " Enable this to store the PSK configured through command line\n" \
+ " parameter `psk` in a PSA-based key slot.\n" \
+ " Note: Currently only supported in conjunction with\n" \
+ " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \
+ " to force a particular PSK-only ciphersuite.\n" \
+ " Note: This is to test integration of PSA-based opaque PSKs with\n" \
+ " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
+ " with prepopulated key slots instead of importing raw key material.\n"
+#else
+#define USAGE_PSK_SLOT ""
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
#else
#define USAGE_PSK ""
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+#define USAGE_CA_CALLBACK \
+ " ca_callback=%%d default: 0 (disabled)\n" \
+ " Enable this to use the trusted certificate callback function\n"
+#else
+#define USAGE_CA_CALLBACK ""
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
#define USAGE_TICKETS \
" tickets=%%d default: 1 (enabled)\n"
@@ -146,6 +225,13 @@
#define USAGE_TICKETS ""
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+#define USAGE_EAP_TLS \
+ " eap_tls=%%d default: 0 (disabled)\n"
+#else
+#define USAGE_EAP_TLS ""
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */
+
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
#define USAGE_TRUNC_HMAC \
" trunc_hmac=%%d default: library default\n"
@@ -198,7 +284,11 @@
#define USAGE_DTLS \
" dtls=%%d default: 0 (TLS)\n" \
" hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
- " range of DTLS handshake timeouts in millisecs\n"
+ " range of DTLS handshake timeouts in millisecs\n" \
+ " mtu=%%d default: (library default: unlimited)\n" \
+ " dgram_packing=%%d default: 1 (allowed)\n" \
+ " allow or forbid packing of multiple\n" \
+ " records within a single datgram.\n"
#else
#define USAGE_DTLS ""
#endif
@@ -224,6 +314,9 @@
#define USAGE_ETM ""
#endif
+#define USAGE_REPRODUCIBLE \
+ " reproducible=0/1 default: 0 (disabled)\n"
+
#if defined(MBEDTLS_SSL_RENEGOTIATION)
#define USAGE_RENEGO \
" renegotiation=%%d default: 0 (disabled)\n" \
@@ -239,6 +332,13 @@
#define USAGE_ECJPAKE ""
#endif
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+#define USAGE_ECRESTART \
+ " ec_max_ops=%%s default: library default (restart disabled)\n"
+#else
+#define USAGE_ECRESTART ""
+#endif
+
#define USAGE \
"\n usage: ssl_client2 param=<>...\n" \
"\n acceptable parameters:\n" \
@@ -261,13 +361,17 @@
" max_resend=%%d default: 0 (no resend on timeout)\n" \
"\n" \
USAGE_DTLS \
+ USAGE_CID \
"\n" \
" auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \
USAGE_IO \
+ USAGE_KEY_OPAQUE \
+ USAGE_CA_CALLBACK \
"\n" \
USAGE_PSK \
USAGE_ECJPAKE \
+ USAGE_ECRESTART \
"\n" \
" allow_legacy=%%d default: (library default: no)\n" \
USAGE_RENEGO \
@@ -276,12 +380,15 @@
" reco_delay=%%d default: 0 seconds\n" \
" reconnect_hard=%%d default: 0 (disabled)\n" \
USAGE_TICKETS \
+ USAGE_EAP_TLS \
USAGE_MAX_FRAG_LEN \
USAGE_TRUNC_HMAC \
+ USAGE_CONTEXT_CRT_CB \
USAGE_ALPN \
USAGE_FALLBACK \
USAGE_EMS \
USAGE_ETM \
+ USAGE_REPRODUCIBLE \
USAGE_CURVES \
USAGE_RECSPLIT \
USAGE_DHMLEN \
@@ -294,11 +401,16 @@
" options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
"\n" \
" force_ciphersuite=<name> default: all enabled\n"\
+ " query_config=<name> return 0 if the specified\n" \
+ " configuration macro is defined and 1\n" \
+ " otherwise. The expansion of the macro\n" \
+ " is printed if it is defined\n" \
" acceptable ciphersuite names:\n"
#define ALPN_LIST_SIZE 10
#define CURVE_LIST_SIZE 20
+
/*
* global options
*/
@@ -318,9 +430,17 @@
const char *ca_path; /* the path with the CA certificate(s) reside */
const char *crt_file; /* the file with the client certificate */
const char *key_file; /* the file with the client key */
+ int key_opaque; /* handle private key as if it were opaque */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ int psk_opaque;
+#endif
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ int ca_callback; /* Use callback for trusted certificate list */
+#endif
const char *psk; /* the pre-shared key */
const char *psk_identity; /* the pre-shared key identity */
const char *ecjpake_pw; /* the EC J-PAKE password */
+ int ec_max_ops; /* EC consecutive operations limit */
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
int renegotiation; /* enable / disable renegotiation */
int allow_legacy; /* allow legacy renegotiation */
@@ -345,11 +465,60 @@
int transport; /* TLS or DTLS? */
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
uint32_t hs_to_max; /* Max value of DTLS handshake timer */
+ int dtls_mtu; /* UDP Maximum tranport unit for DTLS */
int fallback; /* is this a fallback connection? */
+ int dgram_packing; /* allow/forbid datagram packing */
int extended_ms; /* negotiate extended master secret? */
int etm; /* negotiate encrypt then mac? */
+ int context_crt_cb; /* use context-specific CRT verify callback */
+ int eap_tls; /* derive EAP-TLS keying material? */
+ int cid_enabled; /* whether to use the CID extension or not */
+ int cid_enabled_renego; /* whether to use the CID extension or not
+ * during renegotiation */
+ const char *cid_val; /* the CID to use for incoming messages */
+ const char *cid_val_renego; /* the CID to use for incoming messages
+ * after renegotiation */
+ int reproducible; /* make communication reproducible */
} opt;
+int query_config( const char *config );
+
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+typedef struct eap_tls_keys
+{
+ unsigned char master_secret[48];
+ unsigned char randbytes[64];
+ mbedtls_tls_prf_types tls_prf_type;
+} eap_tls_keys;
+
+static int eap_tls_key_derivation ( void *p_expkey,
+ const unsigned char *ms,
+ const unsigned char *kb,
+ size_t maclen,
+ size_t keylen,
+ size_t ivlen,
+ unsigned char client_random[32],
+ unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type )
+{
+ eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
+
+ ( ( void ) kb );
+ memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) );
+ memcpy( keys->randbytes, client_random, 32 );
+ memcpy( keys->randbytes + 32, server_random, 32 );
+ keys->tls_prf_type = tls_prf_type;
+
+ if( opt.debug_level > 2 )
+ {
+ mbedtls_printf("exported maclen is %u\n", (unsigned)maclen);
+ mbedtls_printf("exported keylen is %u\n", (unsigned)keylen);
+ mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen);
+ }
+ return( 0 );
+}
+#endif
+
static void my_debug( void *ctx, int level,
const char *file, int line,
const char *str )
@@ -366,6 +535,84 @@
fflush( (FILE *) ctx );
}
+
+mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
+{
+ (void) time;
+ return 0x5af2a056;
+}
+
+int dummy_entropy( void *data, unsigned char *output, size_t len )
+{
+ size_t i;
+ int ret;
+ (void) data;
+
+ ret = mbedtls_entropy_func( data, output, len );
+ for ( i = 0; i < len; i++ )
+ {
+ //replace result with pseudo random
+ output[i] = (unsigned char) rand();
+ }
+ return( ret );
+}
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+int ca_callback( void *data, mbedtls_x509_crt const *child,
+ mbedtls_x509_crt **candidates )
+{
+ int ret = 0;
+ mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
+ mbedtls_x509_crt *first;
+
+ /* This is a test-only implementation of the CA callback
+ * which always returns the entire list of trusted certificates.
+ * Production implementations managing a large number of CAs
+ * should use an efficient presentation and lookup for the
+ * set of trusted certificates (such as a hashtable) and only
+ * return those trusted certificates which satisfy basic
+ * parental checks, such as the matching of child `Issuer`
+ * and parent `Subject` field or matching key identifiers. */
+ ((void) child);
+
+ first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
+ if( first == NULL )
+ {
+ ret = -1;
+ goto exit;
+ }
+ mbedtls_x509_crt_init( first );
+
+ if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
+ {
+ ret = -1;
+ goto exit;
+ }
+
+ while( ca->next != NULL )
+ {
+ ca = ca->next;
+ if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
+ {
+ ret = -1;
+ goto exit;
+ }
+ }
+
+exit:
+
+ if( ret != 0 )
+ {
+ mbedtls_x509_crt_free( first );
+ mbedtls_free( first );
+ first = NULL;
+ }
+
+ *candidates = first;
+ return( ret );
+}
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
/*
* Test recv/send functions that make sure each try returns
* WANT_READ/WANT_WRITE at least once before sucesseding
@@ -405,6 +652,8 @@
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static unsigned char peer_crt_info[1024];
+
/*
* Enabled if debug_level > 1 in code below
*/
@@ -414,8 +663,14 @@
char buf[1024];
((void) data);
- mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
+ if( depth == 0 )
+ memcpy( peer_crt_info, buf, sizeof( buf ) );
+
+ if( opt.debug_level == 0 )
+ return( 0 );
+
+ mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
mbedtls_printf( "%s", buf );
if ( ( *flags ) == 0 )
@@ -497,6 +752,124 @@
return( 0 );
}
+/* Unhexify `hex` into `dst`. `dst` must have
+ * size at least `strlen( hex ) / 2`. */
+int unhexify( char const *hex, unsigned char *dst )
+{
+ unsigned char c;
+ size_t j;
+ size_t len = strlen( hex );
+
+ if( len % 2 != 0 )
+ return( -1 );
+
+ for( j = 0; j < len; j += 2 )
+ {
+ c = hex[j];
+ if( c >= '0' && c <= '9' )
+ c -= '0';
+ else if( c >= 'a' && c <= 'f' )
+ c -= 'a' - 10;
+ else if( c >= 'A' && c <= 'F' )
+ c -= 'A' - 10;
+ else
+ return( -1 );
+ dst[ j / 2 ] = c << 4;
+
+ c = hex[j + 1];
+ if( c >= '0' && c <= '9' )
+ c -= '0';
+ else if( c >= 'a' && c <= 'f' )
+ c -= 'a' - 10;
+ else if( c >= 'A' && c <= 'F' )
+ c -= 'A' - 10;
+ else
+ return( -1 );
+ dst[ j / 2 ] |= c;
+ }
+
+ return( 0 );
+}
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+int report_cid_usage( mbedtls_ssl_context *ssl,
+ const char *additional_description )
+{
+ int ret;
+ unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
+ size_t peer_cid_len;
+ int cid_negotiated;
+
+ if( opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ return( 0 );
+
+ /* Check if the use of a CID has been negotiated,
+ * but don't ask for the CID value and length.
+ *
+ * Note: Here and below, we're demonstrating the various ways
+ * in which mbedtls_ssl_get_peer_cid() can be called,
+ * depending on whether or not the length/value of the
+ * peer's CID is needed.
+ *
+ * An actual application, however, should use
+ * just one call to mbedtls_ssl_get_peer_cid(). */
+ ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
+ NULL, NULL );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
+ -ret );
+ return( ret );
+ }
+
+ if( cid_negotiated == MBEDTLS_SSL_CID_DISABLED )
+ {
+ if( opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED )
+ {
+ mbedtls_printf( "(%s) Use of Connection ID was rejected by the server.\n",
+ additional_description );
+ }
+ }
+ else
+ {
+ size_t idx=0;
+ mbedtls_printf( "(%s) Use of Connection ID has been negotiated.\n",
+ additional_description );
+
+ /* Ask for just the length of the peer's CID. */
+ ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
+ NULL, &peer_cid_len );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
+ -ret );
+ return( ret );
+ }
+
+ /* Ask for just length + value of the peer's CID. */
+ ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
+ peer_cid, &peer_cid_len );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
+ -ret );
+ return( ret );
+ }
+ mbedtls_printf( "(%s) Peer CID (length %u Bytes): ",
+ additional_description,
+ (unsigned) peer_cid_len );
+ while( idx < peer_cid_len )
+ {
+ mbedtls_printf( "%02x ", peer_cid[ idx ] );
+ idx++;
+ }
+ mbedtls_printf( "\n" );
+ }
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
int main( int argc, char *argv[] )
{
int ret = 0, len, tail_len, i, written, frags, retry_left;
@@ -508,6 +881,14 @@
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
size_t psk_len = 0;
#endif
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ size_t cid_len = 0;
+ size_t cid_renego_len = 0;
+#endif
+
#if defined(MBEDTLS_SSL_ALPN)
const char *alpn_list[ALPN_LIST_SIZE];
#endif
@@ -518,6 +899,13 @@
const char *pers = "ssl_client2";
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_handle_t slot = 0;
+ psa_algorithm_t alg = 0;
+ psa_key_policy_t policy;
+ psa_status_t status;
+#endif
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#endif
@@ -534,9 +922,18 @@
mbedtls_x509_crt cacert;
mbedtls_x509_crt clicert;
mbedtls_pk_context pkey;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_handle_t key_slot = 0; /* invalid key slot */
+#endif
#endif
char *p, *q;
const int *list;
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+ unsigned char eap_tls_keymaterial[16];
+ unsigned char eap_tls_iv[8];
+ const char* eap_tls_label = "client EAP encryption";
+ eap_tls_keys eap_tls_keying;
+#endif
/*
* Make sure memory references are valid.
@@ -555,6 +952,17 @@
memset( (void * ) alpn_list, 0, sizeof( alpn_list ) );
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_crypto_init();
+ if( status != PSA_SUCCESS )
+ {
+ mbedtls_fprintf( stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status );
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif
+
if( argc == 0 )
{
usage:
@@ -581,8 +989,13 @@
opt.server_addr = DFL_SERVER_ADDR;
opt.server_port = DFL_SERVER_PORT;
opt.debug_level = DFL_DEBUG_LEVEL;
+ opt.cid_enabled = DFL_CID_ENABLED;
+ opt.cid_val = DFL_CID_VALUE;
+ opt.cid_enabled_renego = DFL_CID_ENABLED_RENEGO;
+ opt.cid_val_renego = DFL_CID_VALUE_RENEGO;
opt.nbio = DFL_NBIO;
opt.event = DFL_EVENT;
+ opt.context_crt_cb = DFL_CONTEXT_CRT_CB;
opt.read_timeout = DFL_READ_TIMEOUT;
opt.max_resend = DFL_MAX_RESEND;
opt.request_page = DFL_REQUEST_PAGE;
@@ -591,9 +1004,17 @@
opt.ca_path = DFL_CA_PATH;
opt.crt_file = DFL_CRT_FILE;
opt.key_file = DFL_KEY_FILE;
+ opt.key_opaque = DFL_KEY_OPAQUE;
opt.psk = DFL_PSK;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ opt.psk_opaque = DFL_PSK_OPAQUE;
+#endif
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ opt.ca_callback = DFL_CA_CALLBACK;
+#endif
opt.psk_identity = DFL_PSK_IDENTITY;
opt.ecjpake_pw = DFL_ECJPAKE_PW;
+ opt.ec_max_ops = DFL_EC_MAX_OPS;
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
opt.renegotiation = DFL_RENEGOTIATION;
opt.allow_legacy = DFL_ALLOW_LEGACY;
@@ -617,9 +1038,13 @@
opt.transport = DFL_TRANSPORT;
opt.hs_to_min = DFL_HS_TO_MIN;
opt.hs_to_max = DFL_HS_TO_MAX;
+ opt.dtls_mtu = DFL_DTLS_MTU;
opt.fallback = DFL_FALLBACK;
opt.extended_ms = DFL_EXTENDED_MS;
opt.etm = DFL_ETM;
+ opt.dgram_packing = DFL_DGRAM_PACKING;
+ opt.eap_tls = DFL_EAP_TLS;
+ opt.reproducible = DFL_REPRODUCIBLE;
for( i = 1; i < argc; i++ )
{
@@ -650,6 +1075,12 @@
if( opt.debug_level < 0 || opt.debug_level > 65535 )
goto usage;
}
+ else if( strcmp( p, "context_crt_cb" ) == 0 )
+ {
+ opt.context_crt_cb = atoi( q );
+ if( opt.context_crt_cb != 0 && opt.context_crt_cb != 1 )
+ goto usage;
+ }
else if( strcmp( p, "nbio" ) == 0 )
{
opt.nbio = atoi( q );
@@ -687,12 +1118,48 @@
opt.crt_file = q;
else if( strcmp( p, "key_file" ) == 0 )
opt.key_file = q;
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
+ else if( strcmp( p, "key_opaque" ) == 0 )
+ opt.key_opaque = atoi( q );
+#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ else if( strcmp( p, "cid" ) == 0 )
+ {
+ opt.cid_enabled = atoi( q );
+ if( opt.cid_enabled != 0 && opt.cid_enabled != 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "cid_renego" ) == 0 )
+ {
+ opt.cid_enabled_renego = atoi( q );
+ if( opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "cid_val" ) == 0 )
+ {
+ opt.cid_val = q;
+ }
+ else if( strcmp( p, "cid_val_renego" ) == 0 )
+ {
+ opt.cid_val_renego = q;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
else if( strcmp( p, "psk" ) == 0 )
opt.psk = q;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ else if( strcmp( p, "psk_opaque" ) == 0 )
+ opt.psk_opaque = atoi( q );
+#endif
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ else if( strcmp( p, "ca_callback" ) == 0)
+ opt.ca_callback = atoi( q );
+#endif
else if( strcmp( p, "psk_identity" ) == 0 )
opt.psk_identity = q;
else if( strcmp( p, "ecjpake_pw" ) == 0 )
opt.ecjpake_pw = q;
+ else if( strcmp( p, "ec_max_ops" ) == 0 )
+ opt.ec_max_ops = atoi( q );
else if( strcmp( p, "force_ciphersuite" ) == 0 )
{
opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
@@ -927,6 +1394,21 @@
if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
goto usage;
}
+ else if( strcmp( p, "mtu" ) == 0 )
+ {
+ opt.dtls_mtu = atoi( q );
+ if( opt.dtls_mtu < 0 )
+ goto usage;
+ }
+ else if( strcmp( p, "dgram_packing" ) == 0 )
+ {
+ opt.dgram_packing = atoi( q );
+ if( opt.dgram_packing != 0 &&
+ opt.dgram_packing != 1 )
+ {
+ goto usage;
+ }
+ }
else if( strcmp( p, "recsplit" ) == 0 )
{
opt.recsplit = atoi( q );
@@ -939,6 +1421,20 @@
if( opt.dhmlen < 0 )
goto usage;
}
+ else if( strcmp( p, "query_config" ) == 0 )
+ {
+ return query_config( q );
+ }
+ else if( strcmp( p, "eap_tls" ) == 0 )
+ {
+ opt.eap_tls = atoi( q );
+ if( opt.eap_tls < 0 || opt.eap_tls > 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "reproducible" ) == 0 )
+ {
+ opt.reproducible = 1;
+ }
else
goto usage;
}
@@ -956,6 +1452,46 @@
mbedtls_debug_set_threshold( opt.debug_level );
#endif
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ /*
+ * Unhexify the pre-shared key if any is given
+ */
+ if( strlen( opt.psk ) )
+ {
+ psk_len = strlen( opt.psk ) / 2;
+ if( psk_len > sizeof( psk ) )
+ {
+ mbedtls_printf( "pre-shared key too long\n" );
+ goto exit;
+ }
+
+ if( unhexify( opt.psk, psk ) != 0 )
+ {
+ mbedtls_printf( "pre-shared key not valid hex\n" );
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( opt.psk_opaque != 0 )
+ {
+ if( opt.psk == NULL )
+ {
+ mbedtls_printf( "psk_opaque set but no psk to be imported specified.\n" );
+ ret = 2;
+ goto usage;
+ }
+
+ if( opt.force_ciphersuite[0] <= 0 )
+ {
+ mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
+ ret = 2;
+ goto usage;
+ }
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if( opt.force_ciphersuite[0] > 0 )
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@@ -1005,57 +1541,67 @@
opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED;
}
+
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( opt.psk_opaque != 0 )
+ {
+ /* Ensure that the chosen ciphersuite is PSK-only; we must know
+ * the ciphersuite in advance to set the correct policy for the
+ * PSK key slot. This limitation might go away in the future. */
+ if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK ||
+ opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
+ {
+ mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
+ ret = 2;
+ goto usage;
+ }
+
+ /* Determine KDF algorithm the opaque PSK will be used in. */
+#if defined(MBEDTLS_SHA512_C)
+ if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
+ else
+#endif /* MBEDTLS_SHA512_C */
+ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
- /*
- * Unhexify the pre-shared key if any is given
- */
- if( strlen( opt.psk ) )
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ cid_len = strlen( opt.cid_val ) / 2;
+ if( cid_len > sizeof( cid ) )
{
- unsigned char c;
- size_t j;
-
- if( strlen( opt.psk ) % 2 != 0 )
- {
- mbedtls_printf( "pre-shared key not valid hex\n" );
- goto exit;
- }
-
- psk_len = strlen( opt.psk ) / 2;
-
- for( j = 0; j < strlen( opt.psk ); j += 2 )
- {
- c = opt.psk[j];
- if( c >= '0' && c <= '9' )
- c -= '0';
- else if( c >= 'a' && c <= 'f' )
- c -= 'a' - 10;
- else if( c >= 'A' && c <= 'F' )
- c -= 'A' - 10;
- else
- {
- mbedtls_printf( "pre-shared key not valid hex\n" );
- goto exit;
- }
- psk[ j / 2 ] = c << 4;
-
- c = opt.psk[j + 1];
- if( c >= '0' && c <= '9' )
- c -= '0';
- else if( c >= 'a' && c <= 'f' )
- c -= 'a' - 10;
- else if( c >= 'A' && c <= 'F' )
- c -= 'A' - 10;
- else
- {
- mbedtls_printf( "pre-shared key not valid hex\n" );
- goto exit;
- }
- psk[ j / 2 ] |= c;
- }
+ mbedtls_printf( "CID too long\n" );
+ goto exit;
}
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+ if( unhexify( opt.cid_val, cid ) != 0 )
+ {
+ mbedtls_printf( "CID not valid hex\n" );
+ goto exit;
+ }
+
+ /* Keep CID settings for renegotiation unless
+ * specified otherwise. */
+ if( opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO )
+ opt.cid_enabled_renego = opt.cid_enabled;
+ if( opt.cid_val_renego == DFL_CID_VALUE_RENEGO )
+ opt.cid_val_renego = opt.cid_val;
+
+ cid_renego_len = strlen( opt.cid_val_renego ) / 2;
+ if( cid_renego_len > sizeof( cid_renego ) )
+ {
+ mbedtls_printf( "CID too long\n" );
+ goto exit;
+ }
+
+ if( unhexify( opt.cid_val_renego, cid_renego ) != 0 )
+ {
+ mbedtls_printf( "CID not valid hex\n" );
+ goto exit;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_ECP_C)
if( opt.curves != NULL )
@@ -1140,13 +1686,28 @@
fflush( stdout );
mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
- &entropy, (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
+ if (opt.reproducible)
{
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
- -ret );
- goto exit;
+ srand( 1 );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
+ -ret );
+ goto exit;
+ }
+ }
+ else
+ {
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
+ -ret );
+ goto exit;
+ }
}
mbedtls_printf( " ok\n" );
@@ -1158,20 +1719,22 @@
mbedtls_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
+ if( strcmp( opt.ca_path, "none" ) == 0 ||
+ strcmp( opt.ca_file, "none" ) == 0 )
+ {
+ ret = 0;
+ }
+ else
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.ca_path ) )
- if( strcmp( opt.ca_path, "none" ) == 0 )
- ret = 0;
- else
- ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
+ ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
else if( strlen( opt.ca_file ) )
- if( strcmp( opt.ca_file, "none" ) == 0 )
- ret = 0;
- else
- ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
+ ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
else
#endif
#if defined(MBEDTLS_CERTS_C)
+ {
+#if defined(MBEDTLS_PEM_PARSE_C)
for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
{
ret = mbedtls_x509_crt_parse( &cacert,
@@ -1180,12 +1743,23 @@
if( ret != 0 )
break;
}
+ if( ret == 0 )
+#endif /* MBEDTLS_PEM_PARSE_C */
+ for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
+ {
+ ret = mbedtls_x509_crt_parse_der( &cacert,
+ (const unsigned char *) mbedtls_test_cas_der[i],
+ mbedtls_test_cas_der_len[i] );
+ if( ret != 0 )
+ break;
+ }
+ }
#else
{
ret = 1;
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
}
-#endif
+#endif /* MBEDTLS_CERTS_C */
if( ret < 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
@@ -1203,12 +1777,12 @@
mbedtls_printf( " . Loading the client cert. and key..." );
fflush( stdout );
+ if( strcmp( opt.crt_file, "none" ) == 0 )
+ ret = 0;
+ else
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.crt_file ) )
- if( strcmp( opt.crt_file, "none" ) == 0 )
- ret = 0;
- else
- ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
+ ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
else
#endif
#if defined(MBEDTLS_CERTS_C)
@@ -1218,7 +1792,7 @@
#else
{
ret = 1;
- mbedtls_printf("MBEDTLS_CERTS_C not defined.");
+ mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
}
#endif
if( ret != 0 )
@@ -1228,12 +1802,12 @@
goto exit;
}
+ if( strcmp( opt.key_file, "none" ) == 0 )
+ ret = 0;
+ else
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.key_file ) )
- if( strcmp( opt.key_file, "none" ) == 0 )
- ret = 0;
- else
- ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
+ ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
else
#endif
#if defined(MBEDTLS_CERTS_C)
@@ -1243,7 +1817,7 @@
#else
{
ret = 1;
- mbedtls_printf("MBEDTLS_CERTS_C not defined.");
+ mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
}
#endif
if( ret != 0 )
@@ -1253,7 +1827,20 @@
goto exit;
}
- mbedtls_printf( " ok\n" );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( opt.key_opaque != 0 )
+ {
+ if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
+ PSA_ALG_SHA_256 ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! "
+ "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", -ret );
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_printf( " ok (key type: %s)\n", mbedtls_pk_get_name( &pkey ) );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/*
@@ -1316,10 +1903,39 @@
mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
}
- if( opt.debug_level > 0 )
+ if( opt.context_crt_cb == 0 )
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
+
+ memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
+ {
+ if( opt.cid_enabled == 1 &&
+ opt.cid_enabled_renego == 1 &&
+ cid_len != cid_renego_len )
+ {
+ mbedtls_printf( "CID length must not change during renegotiation\n" );
+ goto usage;
+ }
+
+ if( opt.cid_enabled == 1 )
+ ret = mbedtls_ssl_conf_cid( &conf, cid_len,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
+ else
+ ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
+
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
+ -ret );
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
if( opt.auth_mode != DFL_AUTH_MODE )
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
@@ -1327,6 +1943,9 @@
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min,
opt.hs_to_max );
+
+ if( opt.dgram_packing != DFL_DGRAM_PACKING )
+ mbedtls_ssl_set_datagram_packing( &ssl, opt.dgram_packing );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -1353,6 +1972,12 @@
mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
#endif
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+ if( opt.eap_tls != 0 )
+ mbedtls_ssl_conf_export_keys_ext_cb( &conf, eap_tls_key_derivation,
+ &eap_tls_keying );
+#endif
+
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
if( opt.recsplit != DFL_RECSPLIT )
mbedtls_ssl_conf_cbc_record_splitting( &conf, opt.recsplit
@@ -1375,6 +2000,16 @@
}
#endif
+ if (opt.reproducible)
+ {
+#if defined(MBEDTLS_HAVE_TIME)
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+ mbedtls_platform_set_time( dummy_constant_time );
+#else
+ fprintf( stderr, "Warning: reproducible option used without constant time\n" );
+#endif
+#endif
+ }
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
@@ -1402,7 +2037,12 @@
if( strcmp( opt.ca_path, "none" ) != 0 &&
strcmp( opt.ca_file, "none" ) != 0 )
{
- mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ if( opt.ca_callback != 0 )
+ mbedtls_ssl_conf_ca_cb( &conf, ca_callback, &cacert );
+ else
+#endif
+ mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
}
if( strcmp( opt.crt_file, "none" ) != 0 &&
strcmp( opt.key_file, "none" ) != 0 )
@@ -1425,6 +2065,45 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( opt.psk_opaque != 0 )
+ {
+ /* The algorithm has already been determined earlier. */
+ status = psa_allocate_key( &slot );
+ if( status != PSA_SUCCESS )
+ {
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+
+ policy = psa_key_policy_init();
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
+
+ status = psa_set_key_policy( slot, &policy );
+ if( status != PSA_SUCCESS )
+ {
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+
+ status = psa_import_key( slot, PSA_KEY_TYPE_DERIVE, psk, psk_len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+
+ if( ( ret = mbedtls_ssl_conf_psk_opaque( &conf, slot,
+ (const unsigned char *) opt.psk_identity,
+ strlen( opt.psk_identity ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n",
+ ret );
+ goto exit;
+ }
+ }
+ else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
(const unsigned char *) opt.psk_identity,
strlen( opt.psk_identity ) ) ) != 0 )
@@ -1433,7 +2112,7 @@
ret );
goto exit;
}
-#endif
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
if( opt.min_version != DFL_MIN_VERSION )
mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
@@ -1478,6 +2157,11 @@
}
#endif
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if( opt.context_crt_cb == 1 )
+ mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
if( opt.nbio == 2 )
mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL );
else
@@ -1485,11 +2169,34 @@
mbedtls_net_send, mbedtls_net_recv,
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled,
+ cid, cid_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
+ ret );
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( opt.dtls_mtu != DFL_DTLS_MTU )
+ mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
+#endif
+
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( opt.ec_max_ops != DFL_EC_MAX_OPS )
+ mbedtls_ecp_set_max_ops( opt.ec_max_ops );
+#endif
+
mbedtls_printf( " ok\n" );
/*
@@ -1501,7 +2208,8 @@
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
- ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
+ ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
-ret );
@@ -1517,6 +2225,11 @@
goto exit;
}
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
+ continue;
+#endif
+
/* For event-driven IO, wait for socket to become available */
if( opt.event == 1 /* level triggered IO */ )
{
@@ -1553,6 +2266,57 @@
}
#endif
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+ if( opt.eap_tls != 0 )
+ {
+ size_t j = 0;
+
+ if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type,
+ eap_tls_keying.master_secret,
+ sizeof( eap_tls_keying.master_secret ),
+ eap_tls_label,
+ eap_tls_keying.randbytes,
+ sizeof( eap_tls_keying.randbytes ),
+ eap_tls_keymaterial,
+ sizeof( eap_tls_keymaterial ) ) )
+ != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " EAP-TLS key material is:" );
+ for( j = 0; j < sizeof( eap_tls_keymaterial ); j++ )
+ {
+ if( j % 8 == 0 )
+ mbedtls_printf("\n ");
+ mbedtls_printf("%02x ", eap_tls_keymaterial[j] );
+ }
+ mbedtls_printf("\n");
+
+ if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type, NULL, 0,
+ eap_tls_label,
+ eap_tls_keying.randbytes,
+ sizeof( eap_tls_keying.randbytes ),
+ eap_tls_iv,
+ sizeof( eap_tls_iv ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " EAP-TLS IV is:" );
+ for( j = 0; j < sizeof( eap_tls_iv ); j++ )
+ {
+ if( j % 8 == 0 )
+ mbedtls_printf("\n ");
+ mbedtls_printf("%02x ", eap_tls_iv[j] );
+ }
+ mbedtls_printf("\n");
+ }
+#endif
if( opt.reconnect != 0 )
{
mbedtls_printf(" . Saving session for reuse..." );
@@ -1588,15 +2352,28 @@
else
mbedtls_printf( " ok\n" );
- if( mbedtls_ssl_get_peer_cert( &ssl ) != NULL )
- {
- mbedtls_printf( " . Peer certificate information ...\n" );
- mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
- mbedtls_ssl_get_peer_cert( &ssl ) );
- mbedtls_printf( "%s\n", buf );
- }
+ mbedtls_printf( " . Peer certificate information ...\n" );
+ mbedtls_printf( "%s\n", peer_crt_info );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ret = report_cid_usage( &ssl, "initial handshake" );
+ if( ret != 0 )
+ goto exit;
+
+ if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled_renego,
+ cid_renego,
+ cid_renego_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
+ ret );
+ return( ret );
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( opt.renegotiate )
{
@@ -1609,13 +2386,19 @@
while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
- ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
+ ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n",
ret );
goto exit;
}
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
+ continue;
+#endif
+
/* For event-driven IO, wait for socket to become available */
if( opt.event == 1 /* level triggered IO */ )
{
@@ -1631,6 +2414,12 @@
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ret = report_cid_usage( &ssl, "after renegotiation" );
+ if( ret != 0 )
+ goto exit;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
/*
* 6. Write the GET request
*/
@@ -1676,7 +2465,8 @@
len - written ) ) < 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
- ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
+ ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
-ret );
@@ -1705,6 +2495,11 @@
{
ret = mbedtls_ssl_write( &ssl, buf, len );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
+ continue;
+#endif
+
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
break;
@@ -1765,6 +2560,11 @@
memset( buf, 0, sizeof( buf ) );
ret = mbedtls_ssl_read( &ssl, buf, len );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
+ continue;
+#endif
+
if( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE )
{
@@ -1825,6 +2625,11 @@
{
ret = mbedtls_ssl_read( &ssl, buf, len );
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
+ continue;
+#endif
+
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
break;
@@ -1877,6 +2682,10 @@
mbedtls_printf( " . Restarting connection from same port..." );
fflush( stdout );
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
@@ -1887,7 +2696,8 @@
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
- ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
+ ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
-ret );
@@ -1947,6 +2757,10 @@
mbedtls_printf( " . Reconnecting with saved session..." );
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
@@ -1985,7 +2799,8 @@
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
- ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
+ ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
-ret );
@@ -2017,6 +2832,9 @@
mbedtls_x509_crt_free( &clicert );
mbedtls_x509_crt_free( &cacert );
mbedtls_pk_free( &pkey );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key( key_slot );
+#endif
#endif
mbedtls_ssl_session_free( &saved_session );
mbedtls_ssl_free( &ssl );
@@ -2024,6 +2842,26 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) && \
+ defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( opt.psk_opaque != 0 )
+ {
+ /* This is ok even if the slot hasn't been
+ * initialized (we might have jumed here
+ * immediately because of bad cmd line params,
+ * for example). */
+ status = psa_destroy_key( slot );
+ if( status != PSA_SUCCESS )
+ {
+ mbedtls_printf( "Failed to destroy key slot %u - error was %d",
+ (unsigned) slot, (int) status );
+ if( ret == 0 )
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ }
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED &&
+ MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 1c3a806..80407e4 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -33,6 +33,7 @@
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
#define mbedtls_time_t time_t
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -86,6 +87,7 @@
#define DEBUG_LEVEL 0
+
static void my_debug( void *ctx, int level,
const char *file, int line,
const char *str )
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index d3b569c..3163e21 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -39,6 +39,7 @@
#define mbedtls_time_t time_t
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -109,9 +110,9 @@
#if defined(MBEDTLS_BASE64_C)
#define USAGE_AUTH \
- " authentication=%%d default: 0 (disabled)\n" \
- " user_name=%%s default: \"user\"\n" \
- " user_pwd=%%s default: \"password\"\n"
+ " authentication=%%d default: 0 (disabled)\n" \
+ " user_name=%%s default: \"" DFL_USER_NAME "\"\n" \
+ " user_pwd=%%s default: \"" DFL_USER_PWD "\"\n"
#else
#define USAGE_AUTH \
" authentication options disabled. (Require MBEDTLS_BASE64_C)\n"
@@ -128,19 +129,20 @@
#endif /* MBEDTLS_FS_IO */
#define USAGE \
- "\n usage: ssl_mail_client param=<>...\n" \
- "\n acceptable parameters:\n" \
- " server_name=%%s default: localhost\n" \
- " server_port=%%d default: 4433\n" \
- " debug_level=%%d default: 0 (disabled)\n" \
+ "\n usage: ssl_mail_client param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " server_name=%%s default: " DFL_SERVER_NAME "\n" \
+ " server_port=%%d default: " DFL_SERVER_PORT "\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
" mode=%%d default: 0 (SSL/TLS) (1 for STARTTLS)\n" \
- USAGE_AUTH \
- " mail_from=%%s default: \"\"\n" \
- " mail_to=%%s default: \"\"\n" \
- USAGE_IO \
- " force_ciphersuite=<name> default: all enabled\n"\
+ USAGE_AUTH \
+ " mail_from=%%s default: \"\"\n" \
+ " mail_to=%%s default: \"\"\n" \
+ USAGE_IO \
+ " force_ciphersuite=<name> default: all enabled\n" \
" acceptable ciphersuite names:\n"
+
/*
* global options
*/
@@ -311,7 +313,7 @@
mbedtls_printf("\n%s", buf);
if( len && ( ret = mbedtls_net_send( sock_fd, buf, len ) ) <= 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
return -1;
}
@@ -323,7 +325,7 @@
if( ret <= 0 )
{
- mbedtls_printf( "failed\n ! read returned %d\n\n", ret );
+ mbedtls_printf( "failed\n ! mbedtls_net_recv returned %d\n\n", ret );
return -1;
}
@@ -356,9 +358,15 @@
int ret = 1, len;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_net_context server_fd;
- unsigned char buf[1024];
#if defined(MBEDTLS_BASE64_C)
unsigned char base[1024];
+ /* buf is used as the destination buffer for printing base with the format:
+ * "%s\r\n". Hence, the size of buf should be at least the size of base
+ * plus 2 bytes for the \r and \n characters.
+ */
+ unsigned char buf[sizeof( base ) + 2];
+#else
+ unsigned char buf[1024];
#endif
char hostname[32];
const char *pers = "ssl_mail_client";
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 9a05ad8..0624d33 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -30,9 +30,13 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
+#include <stdlib.h>
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
#define mbedtls_snprintf snprintf
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
@@ -77,6 +81,7 @@
#include "mbedtls/memory_buffer_alloc.h"
#endif
+
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
"<h2>mbed TLS Test Server</h2>\r\n" \
@@ -447,7 +452,6 @@
mbedtls_printf( " ok\n" );
-
/*
* 2. Setup the listening TCP socket
*/
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index dcdafbb..3e1d9a4 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -34,6 +34,9 @@
#define mbedtls_time_t time_t
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
@@ -80,6 +83,7 @@
#define DEBUG_LEVEL 0
+
static void my_debug( void *ctx, int level,
const char *file, int line,
const char *str )
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 7654a64..bbe93cb 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -30,12 +30,16 @@
#else
#include <stdio.h>
#include <stdlib.h>
+#define mbedtls_calloc calloc
#define mbedtls_free free
#define mbedtls_time time
#define mbedtls_time_t time_t
#define mbedtls_calloc calloc
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
#if !defined(MBEDTLS_ENTROPY_C) || \
@@ -60,6 +64,11 @@
#include "mbedtls/debug.h"
#include "mbedtls/timing.h"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#include "mbedtls/psa_util.h"
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -103,6 +112,7 @@
#define DFL_SERVER_ADDR NULL
#define DFL_SERVER_PORT "4433"
+#define DFL_RESPONSE_SIZE -1
#define DFL_DEBUG_LEVEL 0
#define DFL_NBIO 0
#define DFL_EVENT 0
@@ -118,6 +128,8 @@
#define DFL_ASYNC_PRIVATE_DELAY2 ( -1 )
#define DFL_ASYNC_PRIVATE_ERROR ( 0 )
#define DFL_PSK ""
+#define DFL_PSK_OPAQUE 0
+#define DFL_PSK_LIST_OPAQUE 0
#define DFL_PSK_IDENTITY "Client_identity"
#define DFL_ECJPAKE_PW NULL
#define DFL_PSK_LIST NULL
@@ -133,6 +145,10 @@
#define DFL_MAX_VERSION -1
#define DFL_ARC4 -1
#define DFL_SHA1 -1
+#define DFL_CID_ENABLED 0
+#define DFL_CID_VALUE ""
+#define DFL_CID_ENABLED_RENEGO -1
+#define DFL_CID_VALUE_RENEGO NULL
#define DFL_AUTH_MODE -1
#define DFL_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
@@ -150,9 +166,14 @@
#define DFL_ANTI_REPLAY -1
#define DFL_HS_TO_MIN 0
#define DFL_HS_TO_MAX 0
+#define DFL_DTLS_MTU -1
#define DFL_BADMAC_LIMIT -1
+#define DFL_DGRAM_PACKING 1
#define DFL_EXTENDED_MS -1
#define DFL_ETM -1
+#define DFL_CA_CALLBACK 0
+#define DFL_EAP_TLS 0
+#define DFL_REPRODUCIBLE 0
#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
"02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
@@ -175,15 +196,17 @@
* You will need to adapt the mbedtls_ssl_get_bytes_avail() test in ssl-opt.sh
* if you change this value to something outside the range <= 100 or > 500
*/
-#define IO_BUF_LEN 200
+#define DFL_IO_BUF_LEN 200
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_FS_IO)
#define USAGE_IO \
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
" default: \"\" (pre-loaded)\n" \
+ " use \"none\" to skip loading any top-level CAs.\n" \
" ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
" default: \"\" (pre-loaded) (overrides ca_file)\n" \
+ " use \"none\" to skip loading any top-level CAs.\n" \
" crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
" default: see note after key_file2\n" \
" key_file=%%s default: see note after key_file2\n" \
@@ -216,14 +239,62 @@
#define USAGE_SSL_ASYNC ""
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+#define USAGE_CID \
+ " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \
+ " default: 0 (disabled)\n" \
+ " cid_renego=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension during renegotiation.\n" \
+ " default: same as 'cid' parameter\n" \
+ " cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \
+ " default: \"\"\n" \
+ " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \
+ " default: same as 'cid_val' parameter\n"
+#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+#define USAGE_CID ""
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-#define USAGE_PSK \
- " psk=%%s default: \"\" (in hex, without 0x)\n" \
+#define USAGE_PSK_RAW \
+ " psk=%%s default: \"\" (in hex, without 0x)\n" \
+ " psk_list=%%s default: \"\"\n" \
+ " A list of (PSK identity, PSK value) pairs.\n" \
+ " The PSK values are in hex, without 0x.\n" \
+ " id1,psk1[,id2,psk2[,...]]\n" \
" psk_identity=%%s default: \"Client_identity\"\n"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#define USAGE_PSK_SLOT \
+ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
+ " Enable this to store the PSK configured through command line\n" \
+ " parameter `psk` in a PSA-based key slot.\n" \
+ " Note: Currently only supported in conjunction with\n" \
+ " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \
+ " to force a particular PSK-only ciphersuite.\n" \
+ " Note: This is to test integration of PSA-based opaque PSKs with\n" \
+ " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
+ " with prepopulated key slots instead of importing raw key material.\n" \
+ " psk_list_opaque=%%d default: 0 (don't use opaque dynamic PSKs)\n" \
+ " Enable this to store the list of dynamically chosen PSKs configured\n" \
+ " through the command line parameter `psk_list` in PSA-based key slots.\n" \
+ " Note: Currently only supported in conjunction with\n" \
+ " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \
+ " to force a particular PSK-only ciphersuite.\n" \
+ " Note: This is to test integration of PSA-based opaque PSKs with\n" \
+ " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
+ " with prepopulated key slots instead of importing raw key material.\n"
+#else
+#define USAGE_PSK_SLOT ""
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
#else
#define USAGE_PSK ""
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
-
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+#define USAGE_CA_CALLBACK \
+ " ca_callback=%%d default: 0 (disabled)\n" \
+ " Enable this to use the trusted certificate callback function\n"
+#else
+#define USAGE_CA_CALLBACK ""
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
#define USAGE_TICKETS \
" tickets=%%d default: 1 (enabled)\n" \
@@ -232,6 +303,13 @@
#define USAGE_TICKETS ""
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+#define USAGE_EAP_TLS \
+ " eap_tls=%%d default: 0 (disabled)\n"
+#else
+#define USAGE_EAP_TLS ""
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */
+
#if defined(MBEDTLS_SSL_CACHE_C)
#define USAGE_CACHE \
" cache_max=%%d default: cache default (50)\n" \
@@ -241,8 +319,14 @@
#endif /* MBEDTLS_SSL_CACHE_C */
#if defined(SNI_OPTION)
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+#define SNI_CRL ",crl"
+#else
+#define SNI_CRL ""
+#endif
+
#define USAGE_SNI \
- " sni=%%s name1,cert1,key1,ca1,crl1,auth1[,...]\n" \
+ " sni=%%s name1,cert1,key1,ca1"SNI_CRL",auth1[,...]\n" \
" default: disabled\n"
#else
#define USAGE_SNI ""
@@ -297,7 +381,11 @@
#define USAGE_DTLS \
" dtls=%%d default: 0 (TLS)\n" \
" hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
- " range of DTLS handshake timeouts in millisecs\n"
+ " range of DTLS handshake timeouts in millisecs\n" \
+ " mtu=%%d default: (library default: unlimited)\n" \
+ " dgram_packing=%%d default: 1 (allowed)\n" \
+ " allow or forbid packing of multiple\n" \
+ " records within a single datgram.\n"
#else
#define USAGE_DTLS ""
#endif
@@ -316,6 +404,9 @@
#define USAGE_ETM ""
#endif
+#define USAGE_REPRODUCIBLE \
+ " reproducible=0/1 default: 0 (disabled)\n"
+
#if defined(MBEDTLS_SSL_RENEGOTIATION)
#define USAGE_RENEGO \
" renegotiation=%%d default: 0 (disabled)\n" \
@@ -350,6 +441,11 @@
" server_addr=%%s default: (all interfaces)\n" \
" server_port=%%d default: 4433\n" \
" debug_level=%%d default: 0 (disabled)\n" \
+ " buffer_size=%%d default: 200 \n" \
+ " (minimum: 1, max: 16385)\n" \
+ " response_size=%%d default: about 152 (basic response)\n" \
+ " (minimum: 0, max: 16384)\n" \
+ " increases buffer_size if bigger\n"\
" nbio=%%d default: 0 (blocking I/O)\n" \
" options: 1 (non-blocking), 2 (added delays)\n" \
" event=%%d default: 0 (loop)\n" \
@@ -370,6 +466,7 @@
USAGE_SNI \
"\n" \
USAGE_PSK \
+ USAGE_CA_CALLBACK \
USAGE_ECJPAKE \
"\n" \
" allow_legacy=%%d default: (library default: no)\n" \
@@ -377,6 +474,8 @@
" exchanges=%%d default: 1\n" \
"\n" \
USAGE_TICKETS \
+ USAGE_EAP_TLS \
+ USAGE_REPRODUCIBLE \
USAGE_CACHE \
USAGE_MAX_FRAG_LEN \
USAGE_TRUNC_HMAC \
@@ -396,9 +495,12 @@
" in order from ssl3 to tls1_2\n" \
" default: all enabled\n" \
" force_ciphersuite=<name> default: all enabled\n" \
+ " query_config=<name> return 0 if the specified\n" \
+ " configuration macro is defined and 1\n" \
+ " otherwise. The expansion of the macro\n" \
+ " is printed if it is defined\n" \
" acceptable ciphersuite names:\n"
-
#define ALPN_LIST_SIZE 10
#define CURVE_LIST_SIZE 20
@@ -414,6 +516,7 @@
(out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \
}
+
/*
* global options
*/
@@ -425,6 +528,8 @@
int nbio; /* should I/O be blocking? */
int event; /* loop or event-driven IO? level or edge triggered? */
uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
+ int response_size; /* pad response with header to requested size */
+ uint16_t buffer_size; /* IO buffer size */
const char *ca_file; /* the file with the CA certificate(s) */
const char *ca_path; /* the path with the CA certificate(s) reside */
const char *crt_file; /* the file with the server certificate */
@@ -435,6 +540,13 @@
int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */
int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */
int async_private_error; /* inject error in async private callback */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ int psk_opaque;
+ int psk_list_opaque;
+#endif
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ int ca_callback; /* Use callback for trusted certificate list */
+#endif
const char *psk; /* the pre-shared key */
const char *psk_identity; /* the pre-shared key identity */
char *psk_list; /* list of PSK id/key pairs for callback */
@@ -470,9 +582,57 @@
int anti_replay; /* Use anti-replay for DTLS? -1 for default */
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
uint32_t hs_to_max; /* Max value of DTLS handshake timer */
+ int dtls_mtu; /* UDP Maximum tranport unit for DTLS */
+ int dgram_packing; /* allow/forbid datagram packing */
int badmac_limit; /* Limit of records with bad MAC */
+ int eap_tls; /* derive EAP-TLS keying material? */
+ int cid_enabled; /* whether to use the CID extension or not */
+ int cid_enabled_renego; /* whether to use the CID extension or not
+ * during renegotiation */
+ const char *cid_val; /* the CID to use for incoming messages */
+ const char *cid_val_renego; /* the CID to use for incoming messages
+ * after renegotiation */
+ int reproducible; /* make communication reproducible */
} opt;
+int query_config( const char *config );
+
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+typedef struct eap_tls_keys
+{
+ unsigned char master_secret[48];
+ unsigned char randbytes[64];
+ mbedtls_tls_prf_types tls_prf_type;
+} eap_tls_keys;
+
+static int eap_tls_key_derivation ( void *p_expkey,
+ const unsigned char *ms,
+ const unsigned char *kb,
+ size_t maclen,
+ size_t keylen,
+ size_t ivlen,
+ unsigned char client_random[32],
+ unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type )
+{
+ eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
+
+ ( ( void ) kb );
+ memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) );
+ memcpy( keys->randbytes, client_random, 32 );
+ memcpy( keys->randbytes + 32, server_random, 32 );
+ keys->tls_prf_type = tls_prf_type;
+
+ if( opt.debug_level > 2 )
+ {
+ mbedtls_printf("exported maclen is %u\n", (unsigned)maclen);
+ mbedtls_printf("exported keylen is %u\n", (unsigned)keylen);
+ mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen);
+ }
+ return( 0 );
+}
+#endif
+
static void my_debug( void *ctx, int level,
const char *file, int line,
const char *str )
@@ -488,6 +648,82 @@
fflush( (FILE *) ctx );
}
+mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
+{
+ (void) time;
+ return 0x5af2a056;
+}
+
+int dummy_entropy( void *data, unsigned char *output, size_t len )
+{
+ size_t i;
+ int ret;
+ (void) data;
+
+ ret = mbedtls_entropy_func( data, output, len );
+ for (i = 0; i < len; i++ ) {
+ //replace result with pseudo random
+ output[i] = (unsigned char) rand();
+ }
+ return( ret );
+}
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+int ca_callback( void *data, mbedtls_x509_crt const *child,
+ mbedtls_x509_crt **candidates)
+{
+ int ret = 0;
+ mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
+ mbedtls_x509_crt *first;
+
+ /* This is a test-only implementation of the CA callback
+ * which always returns the entire list of trusted certificates.
+ * Production implementations managing a large number of CAs
+ * should use an efficient presentation and lookup for the
+ * set of trusted certificates (such as a hashtable) and only
+ * return those trusted certificates which satisfy basic
+ * parental checks, such as the matching of child `Issuer`
+ * and parent `Subject` field. */
+ ((void) child);
+
+ first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
+ if( first == NULL )
+ {
+ ret = -1;
+ goto exit;
+ }
+ mbedtls_x509_crt_init( first );
+
+ if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
+ {
+ ret = -1;
+ goto exit;
+ }
+
+ while( ca->next != NULL )
+ {
+ ca = ca->next;
+ if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
+ {
+ ret = -1;
+ goto exit;
+ }
+ }
+
+exit:
+
+ if( ret != 0 )
+ {
+ mbedtls_x509_crt_free( first );
+ mbedtls_free( first );
+ first = NULL;
+ }
+
+ *candidates = first;
+ return( ret );
+}
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
/*
* Test recv/send functions that make sure each try returns
* WANT_READ/WANT_WRITE at least once before sucesseding
@@ -545,11 +781,14 @@
* Used by sni_parse and psk_parse to handle coma-separated lists
*/
#define GET_ITEM( dst ) \
- dst = p; \
- while( *p != ',' ) \
- if( ++p > end ) \
- goto error; \
- *p++ = '\0';
+ do \
+ { \
+ (dst) = p; \
+ while( *p != ',' ) \
+ if( ++p > end ) \
+ goto error; \
+ *p++ = '\0'; \
+ } while( 0 )
#if defined(SNI_OPTION)
typedef struct _sni_entry sni_entry;
@@ -578,10 +817,10 @@
mbedtls_x509_crt_free( cur->ca );
mbedtls_free( cur->ca );
-
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
mbedtls_x509_crl_free( cur->crl );
mbedtls_free( cur->crl );
-
+#endif
next = cur->next;
mbedtls_free( cur );
cur = next;
@@ -600,7 +839,10 @@
sni_entry *cur = NULL, *new = NULL;
char *p = sni_string;
char *end = p;
- char *crt_file, *key_file, *ca_file, *crl_file, *auth_str;
+ char *crt_file, *key_file, *ca_file, *auth_str;
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+ char *crl_file;
+#endif
while( *end != '\0' )
++end;
@@ -618,7 +860,9 @@
GET_ITEM( crt_file );
GET_ITEM( key_file );
GET_ITEM( ca_file );
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
GET_ITEM( crl_file );
+#endif
GET_ITEM( auth_str );
if( ( new->cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL ||
@@ -643,6 +887,7 @@
goto error;
}
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
if( strcmp( crl_file, "-" ) != 0 )
{
if( ( new->crl = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ) ) == NULL )
@@ -653,6 +898,7 @@
if( mbedtls_x509_crl_parse_file( new->crl, crl_file ) != 0 )
goto error;
}
+#endif
if( strcmp( auth_str, "-" ) != 0 )
{
@@ -704,17 +950,21 @@
#endif /* SNI_OPTION */
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) || \
+ defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-#define HEX2NUM( c ) \
- if( c >= '0' && c <= '9' ) \
- c -= '0'; \
- else if( c >= 'a' && c <= 'f' ) \
- c -= 'a' - 10; \
- else if( c >= 'A' && c <= 'F' ) \
- c -= 'A' - 10; \
- else \
- return( -1 );
+#define HEX2NUM( c ) \
+ do \
+ { \
+ if( (c) >= '0' && (c) <= '9' ) \
+ (c) -= '0'; \
+ else if( (c) >= 'a' && (c) <= 'f' ) \
+ (c) -= 'a' - 10; \
+ else if( (c) >= 'A' && (c) <= 'F' ) \
+ (c) -= 'A' - 10; \
+ else \
+ return( -1 ); \
+ } while( 0 )
/*
* Convert a hex string to bytes.
@@ -744,6 +994,10 @@
return( 0 );
}
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+
typedef struct _psk_entry psk_entry;
struct _psk_entry
@@ -751,22 +1005,39 @@
const char *name;
size_t key_len;
unsigned char key[MBEDTLS_PSK_MAX_LEN];
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_handle_t slot;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
psk_entry *next;
};
/*
* Free a list of psk_entry's
*/
-void psk_free( psk_entry *head )
+int psk_free( psk_entry *head )
{
psk_entry *next;
while( head != NULL )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status;
+ psa_key_handle_t const slot = head->slot;
+
+ if( slot != 0 )
+ {
+ status = psa_destroy_key( slot );
+ if( status != PSA_SUCCESS )
+ return( status );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
next = head->next;
mbedtls_free( head );
head = next;
}
+
+ return( 0 );
}
/*
@@ -824,6 +1095,11 @@
if( name_len == strlen( cur->name ) &&
memcmp( name, cur->name, name_len ) == 0 )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( cur->slot != 0 )
+ return( mbedtls_ssl_set_hs_psk_opaque( ssl, cur->slot ) );
+ else
+#endif
return( mbedtls_ssl_set_hs_psk( ssl, cur->key, cur->key_len ) );
}
@@ -1154,12 +1430,96 @@
return( 0 );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static psa_status_t psa_setup_psk_key_slot( psa_key_handle_t slot,
+ psa_algorithm_t alg,
+ unsigned char *psk,
+ size_t psk_len )
+{
+ psa_status_t status;
+ psa_key_policy_t policy;
+
+ policy = psa_key_policy_init();
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
+
+ status = psa_set_key_policy( slot, &policy );
+ if( status != PSA_SUCCESS )
+ {
+ fprintf( stderr, "POLICY\n" );
+ return( status );
+ }
+
+ status = psa_import_key( slot, PSA_KEY_TYPE_DERIVE, psk, psk_len );
+ if( status != PSA_SUCCESS )
+ {
+ fprintf( stderr, "IMPORT\n" );
+ return( status );
+ }
+
+ return( PSA_SUCCESS );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+int report_cid_usage( mbedtls_ssl_context *ssl,
+ const char *additional_description )
+{
+ int ret;
+ unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
+ size_t peer_cid_len;
+ int cid_negotiated;
+
+ if( opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ return( 0 );
+
+ /* Check if the use of a CID has been negotiated */
+ ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
+ peer_cid, &peer_cid_len );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
+ -ret );
+ return( ret );
+ }
+
+ if( cid_negotiated == MBEDTLS_SSL_CID_DISABLED )
+ {
+ if( opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED )
+ {
+ mbedtls_printf( "(%s) Use of Connection ID was not offered by client.\n",
+ additional_description );
+ }
+ }
+ else
+ {
+ size_t idx=0;
+ mbedtls_printf( "(%s) Use of Connection ID has been negotiated.\n",
+ additional_description );
+ mbedtls_printf( "(%s) Peer CID (length %u Bytes): ",
+ additional_description,
+ (unsigned) peer_cid_len );
+ while( idx < peer_cid_len )
+ {
+ mbedtls_printf( "%02x ", peer_cid[ idx ] );
+ idx++;
+ }
+ mbedtls_printf( "\n" );
+ }
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
int main( int argc, char *argv[] )
{
int ret = 0, len, written, frags, exchanges_left;
int version_suites[4][2];
- unsigned char buf[IO_BUF_LEN];
+ unsigned char* buf = 0;
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_algorithm_t alg = 0;
+ psa_key_handle_t psk_slot = 0;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
size_t psk_len = 0;
psk_entry *psk_info = NULL;
@@ -1219,9 +1579,25 @@
unsigned char alloc_buf[MEMORY_HEAP_SIZE];
#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ size_t cid_len = 0;
+ size_t cid_renego_len = 0;
+#endif
+
int i;
char *p, *q;
const int *list;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status;
+#endif
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+ unsigned char eap_tls_keymaterial[16];
+ unsigned char eap_tls_iv[8];
+ const char* eap_tls_label = "client EAP encryption";
+ eap_tls_keys eap_tls_keying;
+#endif
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
@@ -1261,6 +1637,17 @@
mbedtls_ssl_cookie_init( &cookie_ctx );
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_crypto_init();
+ if( status != PSA_SUCCESS )
+ {
+ mbedtls_fprintf( stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status );
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif
+
#if !defined(_WIN32)
/* Abort cleanly on SIGTERM and SIGINT */
signal( SIGTERM, term_handler );
@@ -1289,11 +1676,17 @@
goto exit;
}
+ opt.buffer_size = DFL_IO_BUF_LEN;
opt.server_addr = DFL_SERVER_ADDR;
opt.server_port = DFL_SERVER_PORT;
opt.debug_level = DFL_DEBUG_LEVEL;
opt.event = DFL_EVENT;
+ opt.response_size = DFL_RESPONSE_SIZE;
opt.nbio = DFL_NBIO;
+ opt.cid_enabled = DFL_CID_ENABLED;
+ opt.cid_enabled_renego = DFL_CID_ENABLED_RENEGO;
+ opt.cid_val = DFL_CID_VALUE;
+ opt.cid_val_renego = DFL_CID_VALUE_RENEGO;
opt.read_timeout = DFL_READ_TIMEOUT;
opt.ca_file = DFL_CA_FILE;
opt.ca_path = DFL_CA_PATH;
@@ -1306,6 +1699,13 @@
opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2;
opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR;
opt.psk = DFL_PSK;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ opt.psk_opaque = DFL_PSK_OPAQUE;
+ opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE;
+#endif
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ opt.ca_callback = DFL_CA_CALLBACK;
+#endif
opt.psk_identity = DFL_PSK_IDENTITY;
opt.psk_list = DFL_PSK_LIST;
opt.ecjpake_pw = DFL_ECJPAKE_PW;
@@ -1338,9 +1738,13 @@
opt.anti_replay = DFL_ANTI_REPLAY;
opt.hs_to_min = DFL_HS_TO_MIN;
opt.hs_to_max = DFL_HS_TO_MAX;
+ opt.dtls_mtu = DFL_DTLS_MTU;
+ opt.dgram_packing = DFL_DGRAM_PACKING;
opt.badmac_limit = DFL_BADMAC_LIMIT;
opt.extended_ms = DFL_EXTENDED_MS;
opt.etm = DFL_ETM;
+ opt.eap_tls = DFL_EAP_TLS;
+ opt.reproducible = DFL_REPRODUCIBLE;
for( i = 1; i < argc; i++ )
{
@@ -1383,6 +1787,20 @@
}
else if( strcmp( p, "read_timeout" ) == 0 )
opt.read_timeout = atoi( q );
+ else if( strcmp( p, "buffer_size" ) == 0 )
+ {
+ opt.buffer_size = atoi( q );
+ if( opt.buffer_size < 1 || opt.buffer_size > MBEDTLS_SSL_MAX_CONTENT_LEN + 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "response_size" ) == 0 )
+ {
+ opt.response_size = atoi( q );
+ if( opt.response_size < 0 || opt.response_size > MBEDTLS_SSL_MAX_CONTENT_LEN )
+ goto usage;
+ if( opt.buffer_size < opt.response_size )
+ opt.buffer_size = opt.response_size;
+ }
else if( strcmp( p, "ca_file" ) == 0 )
opt.ca_file = q;
else if( strcmp( p, "ca_path" ) == 0 )
@@ -1416,8 +1834,40 @@
opt.async_private_error = n;
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ else if( strcmp( p, "cid" ) == 0 )
+ {
+ opt.cid_enabled = atoi( q );
+ if( opt.cid_enabled != 0 && opt.cid_enabled != 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "cid_renego" ) == 0 )
+ {
+ opt.cid_enabled_renego = atoi( q );
+ if( opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "cid_val" ) == 0 )
+ {
+ opt.cid_val = q;
+ }
+ else if( strcmp( p, "cid_val_renego" ) == 0 )
+ {
+ opt.cid_val_renego = q;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
else if( strcmp( p, "psk" ) == 0 )
opt.psk = q;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ else if( strcmp( p, "psk_opaque" ) == 0 )
+ opt.psk_opaque = atoi( q );
+ else if( strcmp( p, "psk_list_opaque" ) == 0 )
+ opt.psk_list_opaque = atoi( q );
+#endif
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ else if( strcmp( p, "ca_callback" ) == 0)
+ opt.ca_callback = atoi( q );
+#endif
else if( strcmp( p, "psk_identity" ) == 0 )
opt.psk_identity = q;
else if( strcmp( p, "psk_list" ) == 0 )
@@ -1684,10 +2134,39 @@
if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
goto usage;
}
+ else if( strcmp( p, "mtu" ) == 0 )
+ {
+ opt.dtls_mtu = atoi( q );
+ if( opt.dtls_mtu < 0 )
+ goto usage;
+ }
+ else if( strcmp( p, "dgram_packing" ) == 0 )
+ {
+ opt.dgram_packing = atoi( q );
+ if( opt.dgram_packing != 0 &&
+ opt.dgram_packing != 1 )
+ {
+ goto usage;
+ }
+ }
else if( strcmp( p, "sni" ) == 0 )
{
opt.sni = q;
}
+ else if( strcmp( p, "query_config" ) == 0 )
+ {
+ return query_config( q );
+ }
+ else if( strcmp( p, "eap_tls" ) == 0 )
+ {
+ opt.eap_tls = atoi( q );
+ if( opt.eap_tls < 0 || opt.eap_tls > 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "reproducible" ) == 0 )
+ {
+ opt.reproducible = 1;
+ }
else
goto usage;
}
@@ -1704,6 +2183,49 @@
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold( opt.debug_level );
#endif
+ buf = mbedtls_calloc( 1, opt.buffer_size + 1 );
+ if( buf == NULL )
+ {
+ mbedtls_printf( "Could not allocate %u bytes\n", opt.buffer_size );
+ ret = 3;
+ goto exit;
+ }
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( opt.psk_opaque != 0 )
+ {
+ if( strlen( opt.psk ) == 0 )
+ {
+ mbedtls_printf( "psk_opaque set but no psk to be imported specified.\n" );
+ ret = 2;
+ goto usage;
+ }
+
+ if( opt.force_ciphersuite[0] <= 0 )
+ {
+ mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
+ ret = 2;
+ goto usage;
+ }
+ }
+
+ if( opt.psk_list_opaque != 0 )
+ {
+ if( opt.psk_list == NULL )
+ {
+ mbedtls_printf( "psk_slot set but no psk to be imported specified.\n" );
+ ret = 2;
+ goto usage;
+ }
+
+ if( opt.force_ciphersuite[0] <= 0 )
+ {
+ mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
+ ret = 2;
+ goto usage;
+ }
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( opt.force_ciphersuite[0] > 0 )
{
@@ -1754,6 +2276,30 @@
opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED;
}
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 )
+ {
+ /* Ensure that the chosen ciphersuite is PSK-only; we must know
+ * the ciphersuite in advance to set the correct policy for the
+ * PSK key slot. This limitation might go away in the future. */
+ if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK ||
+ opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
+ {
+ mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
+ ret = 2;
+ goto usage;
+ }
+
+ /* Determine KDF algorithm the opaque PSK will be used in. */
+#if defined(MBEDTLS_SHA512_C)
+ if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
+ else
+#endif /* MBEDTLS_SHA512_C */
+ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
if( opt.version_suites != NULL )
@@ -1797,6 +2343,27 @@
}
}
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( unhexify( cid, opt.cid_val, &cid_len ) != 0 )
+ {
+ mbedtls_printf( "CID not valid hex\n" );
+ goto exit;
+ }
+
+ /* Keep CID settings for renegotiation unless
+ * specified otherwise. */
+ if( opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO )
+ opt.cid_enabled_renego = opt.cid_enabled;
+ if( opt.cid_val_renego == DFL_CID_VALUE_RENEGO )
+ opt.cid_val_renego = opt.cid_val;
+
+ if( unhexify( cid_renego, opt.cid_val_renego, &cid_renego_len ) != 0 )
+ {
+ mbedtls_printf( "CID not valid hex\n" );
+ goto exit;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
/*
* Unhexify the pre-shared key and parse the list if any given
@@ -1900,13 +2467,28 @@
fflush( stdout );
mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
- &entropy, (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
+ if (opt.reproducible)
{
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
- -ret );
- goto exit;
+ srand( 1 );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
+ -ret );
+ goto exit;
+ }
+ }
+ else
+ {
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
+ -ret );
+ goto exit;
+ }
}
mbedtls_printf( " ok\n" );
@@ -1918,20 +2500,22 @@
mbedtls_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
+ if( strcmp( opt.ca_path, "none" ) == 0 ||
+ strcmp( opt.ca_file, "none" ) == 0 )
+ {
+ ret = 0;
+ }
+ else
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.ca_path ) )
- if( strcmp( opt.ca_path, "none" ) == 0 )
- ret = 0;
- else
- ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
+ ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
else if( strlen( opt.ca_file ) )
- if( strcmp( opt.ca_file, "none" ) == 0 )
- ret = 0;
- else
- ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
+ ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
else
#endif
#if defined(MBEDTLS_CERTS_C)
+ {
+#if defined(MBEDTLS_PEM_PARSE_C)
for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
{
ret = mbedtls_x509_crt_parse( &cacert,
@@ -1940,12 +2524,23 @@
if( ret != 0 )
break;
}
+ if( ret == 0 )
+#endif /* MBEDTLS_PEM_PARSE_C */
+ for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
+ {
+ ret = mbedtls_x509_crt_parse_der( &cacert,
+ (const unsigned char *) mbedtls_test_cas_der[i],
+ mbedtls_test_cas_der_len[i] );
+ if( ret != 0 )
+ break;
+ }
+ }
#else
{
ret = 1;
- mbedtls_printf("MBEDTLS_CERTS_C not defined.");
+ mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
}
-#endif
+#endif /* MBEDTLS_CERTS_C */
if( ret < 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
@@ -2155,6 +2750,9 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
+
+ if( opt.dgram_packing != DFL_DGRAM_PACKING )
+ mbedtls_ssl_set_datagram_packing( &ssl, opt.dgram_packing );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -2165,6 +2763,33 @@
};
#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
+ {
+ if( opt.cid_enabled == 1 &&
+ opt.cid_enabled_renego == 1 &&
+ cid_len != cid_renego_len )
+ {
+ mbedtls_printf( "CID length must not change during renegotiation\n" );
+ goto usage;
+ }
+
+ if( opt.cid_enabled == 1 )
+ ret = mbedtls_ssl_conf_cid( &conf, cid_len,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
+ else
+ ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
+
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
+ -ret );
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
@@ -2180,6 +2805,12 @@
mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
#endif
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+ if( opt.eap_tls != 0 )
+ mbedtls_ssl_conf_export_keys_ext_cb( &conf, eap_tls_key_derivation,
+ &eap_tls_keying );
+#endif
+
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
@@ -2189,6 +2820,16 @@
}
#endif
+ if (opt.reproducible)
+ {
+#if defined(MBEDTLS_HAVE_TIME)
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+ mbedtls_platform_set_time( dummy_constant_time );
+#else
+ fprintf( stderr, "Warning: reproducible option used without constant time\n" );
+#endif
+#endif
+ }
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
@@ -2307,7 +2948,12 @@
if( strcmp( opt.ca_path, "none" ) != 0 &&
strcmp( opt.ca_file, "none" ) != 0 )
{
- mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ if( opt.ca_callback != 0 )
+ mbedtls_ssl_conf_ca_cb( &conf, ca_callback, &cacert);
+ else
+#endif
+ mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
}
if( key_cert_init )
{
@@ -2424,12 +3070,42 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+
if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
{
- ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
- (const unsigned char *) opt.psk_identity,
- strlen( opt.psk_identity ) );
- if( ret != 0 )
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( opt.psk_opaque != 0 )
+ {
+ status = psa_allocate_key( &psk_slot );
+ if( status != PSA_SUCCESS )
+ {
+ fprintf( stderr, "ALLOC FAIL\n" );
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+
+ /* The algorithm has already been determined earlier. */
+ status = psa_setup_psk_key_slot( psk_slot, alg, psk, psk_len );
+ if( status != PSA_SUCCESS )
+ {
+ fprintf( stderr, "SETUP FAIL\n" );
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+ if( ( ret = mbedtls_ssl_conf_psk_opaque( &conf, psk_slot,
+ (const unsigned char *) opt.psk_identity,
+ strlen( opt.psk_identity ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n",
+ ret );
+ goto exit;
+ }
+ }
+ else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if( ( ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
+ (const unsigned char *) opt.psk_identity,
+ strlen( opt.psk_identity ) ) ) != 0 )
{
mbedtls_printf( " failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", - ret );
goto exit;
@@ -2437,7 +3113,34 @@
}
if( opt.psk_list != NULL )
+ {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( opt.psk_list_opaque != 0 )
+ {
+ psk_entry *cur_psk;
+ for( cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next )
+ {
+ status = psa_allocate_key( &cur_psk->slot );
+ if( status != PSA_SUCCESS )
+ {
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+
+ status = psa_setup_psk_key_slot( cur_psk->slot, alg,
+ cur_psk->key,
+ cur_psk->key_len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+ }
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
mbedtls_ssl_conf_psk_cb( &conf, psk_callback, psk_info );
+ }
#endif
#if defined(MBEDTLS_DHM_C)
@@ -2473,6 +3176,24 @@
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv,
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled,
+ cid, cid_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
+ ret );
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( opt.dtls_mtu != DFL_DTLS_MTU )
+ mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
+#endif
+
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
@@ -2693,6 +3414,75 @@
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+ if( opt.eap_tls != 0 )
+ {
+ size_t j = 0;
+
+ if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type,
+ eap_tls_keying.master_secret,
+ sizeof( eap_tls_keying.master_secret ),
+ eap_tls_label,
+ eap_tls_keying.randbytes,
+ sizeof( eap_tls_keying.randbytes ),
+ eap_tls_keymaterial,
+ sizeof( eap_tls_keymaterial ) ) )
+ != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " EAP-TLS key material is:" );
+ for( j = 0; j < sizeof( eap_tls_keymaterial ); j++ )
+ {
+ if( j % 8 == 0 )
+ mbedtls_printf("\n ");
+ mbedtls_printf("%02x ", eap_tls_keymaterial[j] );
+ }
+ mbedtls_printf("\n");
+
+ if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type, NULL, 0,
+ eap_tls_label,
+ eap_tls_keying.randbytes,
+ sizeof( eap_tls_keying.randbytes ),
+ eap_tls_iv,
+ sizeof( eap_tls_iv ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ -ret );
+ goto exit;
+ }
+
+ mbedtls_printf( " EAP-TLS IV is:" );
+ for( j = 0; j < sizeof( eap_tls_iv ); j++ )
+ {
+ if( j % 8 == 0 )
+ mbedtls_printf("\n ");
+ mbedtls_printf("%02x ", eap_tls_iv[j] );
+ }
+ mbedtls_printf("\n");
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ret = report_cid_usage( &ssl, "initial handshake" );
+ if( ret != 0 )
+ goto exit;
+
+ if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled_renego,
+ cid_renego, cid_renego_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
+ ret );
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
if( opt.exchanges == 0 )
goto close_notify;
@@ -2712,8 +3502,8 @@
do
{
int terminated = 0;
- len = sizeof( buf ) - 1;
- memset( buf, 0, sizeof( buf ) );
+ len = opt.buffer_size - 1;
+ memset( buf, 0, opt.buffer_size );
ret = mbedtls_ssl_read( &ssl, buf, len );
if( mbedtls_status_is_ssl_in_progress( ret ) )
@@ -2813,8 +3603,8 @@
}
else /* Not stream, so datagram */
{
- len = sizeof( buf ) - 1;
- memset( buf, 0, sizeof( buf ) );
+ len = opt.buffer_size - 1;
+ memset( buf, 0, opt.buffer_size );
do
{
@@ -2903,6 +3693,12 @@
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ret = report_cid_usage( &ssl, "after renegotiation" );
+ if( ret != 0 )
+ goto exit;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
/*
* 7. Write the 200 Response
*/
@@ -2912,6 +3708,25 @@
len = sprintf( (char *) buf, HTTP_RESPONSE,
mbedtls_ssl_get_ciphersuite( &ssl ) );
+ /* Add padding to the response to reach opt.response_size in length */
+ if( opt.response_size != DFL_RESPONSE_SIZE &&
+ len < opt.response_size )
+ {
+ memset( buf + len, 'B', opt.response_size - len );
+ len += opt.response_size - len;
+ }
+
+ /* Truncate if response size is smaller than the "natural" size */
+ if( opt.response_size != DFL_RESPONSE_SIZE &&
+ len > opt.response_size )
+ {
+ len = opt.response_size;
+
+ /* Still end with \r\n unless that's really not possible */
+ if( len >= 2 ) buf[len - 2] = '\r';
+ if( len >= 1 ) buf[len - 1] = '\n';
+ }
+
if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
{
for( written = 0, frags = 0; written < len; written += ret, frags++ )
@@ -3042,12 +3857,31 @@
sni_free( sni_info );
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
- psk_free( psk_info );
+ if( ( ret = psk_free( psk_info ) ) != 0 )
+ mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
#endif
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
mbedtls_dhm_free( &dhm );
#endif
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) && \
+ defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( opt.psk_opaque != 0 )
+ {
+ /* This is ok even if the slot hasn't been
+ * initialized (we might have jumed here
+ * immediately because of bad cmd line params,
+ * for example). */
+ status = psa_destroy_key( psk_slot );
+ if( status != PSA_SUCCESS )
+ {
+ mbedtls_printf( "Failed to destroy key slot %u - error was %d",
+ (unsigned) psk_slot, (int) status );
+ }
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED &&
+ MBEDTLS_USE_PSA_CRYPTO */
+
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
mbedtls_ctr_drbg_free( &ctr_drbg );
@@ -3063,6 +3897,8 @@
mbedtls_ssl_cookie_free( &cookie_ctx );
#endif
+ mbedtls_free( buf );
+
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_memory_buffer_alloc_status();
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 9ca0cb2..282ef58 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -21,15 +21,16 @@
target_link_libraries(cpp_dummy_build ${libs})
endif()
-add_executable(ssl_cert_test ssl_cert_test.c)
-target_link_libraries(ssl_cert_test ${libs})
-
add_executable(udp_proxy udp_proxy.c)
target_link_libraries(udp_proxy ${libs})
add_executable(zeroize zeroize.c)
target_link_libraries(zeroize ${libs})
-install(TARGETS selftest benchmark ssl_cert_test udp_proxy
+add_executable(query_compile_time_config query_compile_time_config.c)
+target_sources(query_compile_time_config PUBLIC ../ssl/query_config.c)
+target_link_libraries(query_compile_time_config ${libs})
+
+install(TARGETS selftest benchmark udp_proxy query_compile_time_config
DESTINATION "bin"
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 5277ceb..2b86566 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -29,10 +29,14 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
+#include <stdlib.h>
#define mbedtls_exit exit
#define mbedtls_printf printf
#define mbedtls_snprintf snprintf
#define mbedtls_free free
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
#if !defined(MBEDTLS_TIMING_C)
@@ -159,7 +163,7 @@
#define MEMORY_MEASURE_PRINT( title_len ) \
mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
- for( ii = 12 - title_len; ii != 0; ii-- ) mbedtls_printf( " " ); \
+ for( ii = 12 - (title_len); ii != 0; ii-- ) mbedtls_printf( " " ); \
max_used -= prv_used; \
max_blocks -= prv_blocks; \
max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \
@@ -254,6 +258,7 @@
rsa, dhm, ecdsa, ecdh;
} todo_list;
+
int main( int argc, char *argv[] )
{
int i;
@@ -700,7 +705,6 @@
mbedtls_exit(1);
TIME_AND_TSC( "HMAC_DRBG SHA-1 (NOPR)",
mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) );
- mbedtls_hmac_drbg_free( &hmac_drbg );
if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
mbedtls_exit(1);
@@ -708,7 +712,6 @@
MBEDTLS_HMAC_DRBG_PR_ON );
TIME_AND_TSC( "HMAC_DRBG SHA-1 (PR)",
mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) );
- mbedtls_hmac_drbg_free( &hmac_drbg );
#endif
#if defined(MBEDTLS_SHA256_C)
@@ -719,7 +722,6 @@
mbedtls_exit(1);
TIME_AND_TSC( "HMAC_DRBG SHA-256 (NOPR)",
mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) );
- mbedtls_hmac_drbg_free( &hmac_drbg );
if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
mbedtls_exit(1);
@@ -727,8 +729,8 @@
MBEDTLS_HMAC_DRBG_PR_ON );
TIME_AND_TSC( "HMAC_DRBG SHA-256 (PR)",
mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) );
- mbedtls_hmac_drbg_free( &hmac_drbg );
#endif
+ mbedtls_hmac_drbg_free( &hmac_drbg );
}
#endif
@@ -865,7 +867,7 @@
}
#endif
-#if defined(MBEDTLS_ECDH_C)
+#if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
if( todo.ecdh )
{
mbedtls_ecdh_context ecdh;
diff --git a/programs/test/cmake_subproject/.gitignore b/programs/test/cmake_subproject/.gitignore
new file mode 100644
index 0000000..464833b
--- /dev/null
+++ b/programs/test/cmake_subproject/.gitignore
@@ -0,0 +1,3 @@
+build
+Makefile
+cmake_subproject
diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt
new file mode 100644
index 0000000..f5f4191
--- /dev/null
+++ b/programs/test/cmake_subproject/CMakeLists.txt
@@ -0,0 +1,19 @@
+cmake_minimum_required(VERSION 2.6)
+
+# We use the parent Mbed TLS directory as the MBEDTLS_DIR for this test. Other
+# projects that use Mbed TLS as a subproject are likely to add by their own
+# relative paths.
+set(MBEDTLS_DIR ../../../)
+
+# Add Mbed TLS as a subdirectory.
+add_subdirectory(${MBEDTLS_DIR} build)
+
+# Link against all the Mbed TLS libraries.
+set(libs
+ mbedtls
+ mbedcrypto
+ mbedx509
+)
+
+add_executable(cmake_subproject cmake_subproject.c)
+target_link_libraries(cmake_subproject ${libs})
diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c
new file mode 100644
index 0000000..ca899bc
--- /dev/null
+++ b/programs/test/cmake_subproject/cmake_subproject.c
@@ -0,0 +1,56 @@
+/*
+ * Simple program to test that CMake builds with Mbed TLS as a subdirectory
+ * work correctly.
+ *
+ * Copyright (C) 2006-2019, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
+
+#include "mbedtls/version.h"
+
+/* The main reason to build this is for testing the CMake build, so the program
+ * doesn't need to do very much. It calls a single library function to ensure
+ * linkage works, but that is all. */
+int main()
+{
+ /* This version string is 18 bytes long, as advised by version.h. */
+ char version[18];
+
+ mbedtls_version_get_string_full( version );
+
+ mbedtls_printf( "Built against %s\n", version );
+
+ return( 0 );
+}
diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp
index c652884..9cd5090 100644
--- a/programs/test/cpp_dummy_build.cpp
+++ b/programs/test/cpp_dummy_build.cpp
@@ -81,6 +81,7 @@
#include "mbedtls/platform_time.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/poly1305.h"
+#include "mbedtls/psa_util.h"
#include "mbedtls/ripemd160.h"
#include "mbedtls/rsa.h"
#include "mbedtls/rsa_internal.h"
diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c
new file mode 100644
index 0000000..17becf2
--- /dev/null
+++ b/programs/test/query_compile_time_config.c
@@ -0,0 +1,56 @@
+/*
+ * Query the Mbed TLS compile time configuration
+ *
+ * Copyright (C) 2018, Arm Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of Mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif
+
+#define USAGE \
+ "usage: %s <MBEDTLS_CONFIG>\n\n" \
+ "This program takes one command line argument which corresponds to\n" \
+ "the string representation of a Mbed TLS compile time configuration.\n" \
+ "The value 0 will be returned if this configuration is defined in the\n" \
+ "Mbed TLS build and the macro expansion of that configuration will be\n" \
+ "printed (if any). Otherwise, 1 will be returned.\n"
+
+int query_config( const char *config );
+
+int main( int argc, char *argv[] )
+{
+ if ( argc != 2 )
+ {
+ mbedtls_printf( USAGE, argv[0] );
+ return( MBEDTLS_EXIT_FAILURE );
+ }
+
+ return( query_config( argv[1] ) );
+}
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index f923a43..727054e 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -77,6 +77,7 @@
#include "mbedtls/memory_buffer_alloc.h"
#endif
+
static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret )
{
int ret;
diff --git a/programs/test/ssl_cert_test.c b/programs/test/ssl_cert_test.c
deleted file mode 100644
index fd3526f..0000000
--- a/programs/test/ssl_cert_test.c
+++ /dev/null
@@ -1,261 +0,0 @@
-/*
- * SSL certificate functionality tests
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#include <stdlib.h>
-#define mbedtls_snprintf snprintf
-#define mbedtls_printf printf
-#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
-#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
-#endif /* MBEDTLS_PLATFORM_C */
-
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_X509_CRT_PARSE_C) && \
- defined(MBEDTLS_FS_IO) && defined(MBEDTLS_X509_CRL_PARSE_C)
-#include "mbedtls/certs.h"
-#include "mbedtls/x509_crt.h"
-
-#include <stdio.h>
-#include <string.h>
-#endif
-
-#define MAX_CLIENT_CERTS 8
-
-#if !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
- !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_X509_CRL_PARSE_C)
-int main( void )
-{
- mbedtls_printf("MBEDTLS_RSA_C and/or MBEDTLS_X509_CRT_PARSE_C "
- "MBEDTLS_FS_IO and/or MBEDTLS_X509_CRL_PARSE_C "
- "not defined.\n");
- return( 0 );
-}
-#else
-const char *client_certificates[MAX_CLIENT_CERTS] =
-{
- "client1.crt",
- "client2.crt",
- "server1.crt",
- "server2.crt",
- "cert_sha224.crt",
- "cert_sha256.crt",
- "cert_sha384.crt",
- "cert_sha512.crt"
-};
-
-const char *client_private_keys[MAX_CLIENT_CERTS] =
-{
- "client1.key",
- "client2.key",
- "server1.key",
- "server2.key",
- "cert_digest.key",
- "cert_digest.key",
- "cert_digest.key",
- "cert_digest.key"
-};
-
-int main( void )
-{
- int ret = 1, i;
- int exit_code = MBEDTLS_EXIT_FAILURE;
- mbedtls_x509_crt cacert;
- mbedtls_x509_crl crl;
- char buf[10240];
-
- mbedtls_x509_crt_init( &cacert );
- mbedtls_x509_crl_init( &crl );
-
- /*
- * 1.1. Load the trusted CA
- */
- mbedtls_printf( "\n . Loading the CA root certificate ..." );
- fflush( stdout );
-
- /*
- * Alternatively, you may load the CA certificates from a .pem or
- * .crt file by calling mbedtls_x509_crt_parse_file( &cacert, "myca.crt" ).
- */
- ret = mbedtls_x509_crt_parse_file( &cacert, "ssl/test-ca/test-ca.crt" );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret );
- goto exit;
- }
-
- mbedtls_printf( " ok\n" );
-
- mbedtls_x509_crt_info( buf, 1024, "CRT: ", &cacert );
- mbedtls_printf("%s\n", buf );
-
- /*
- * 1.2. Load the CRL
- */
- mbedtls_printf( " . Loading the CRL ..." );
- fflush( stdout );
-
- ret = mbedtls_x509_crl_parse_file( &crl, "ssl/test-ca/crl.pem" );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse_file returned %d\n\n", ret );
- goto exit;
- }
-
- mbedtls_printf( " ok\n" );
-
- mbedtls_x509_crl_info( buf, 1024, "CRL: ", &crl );
- mbedtls_printf("%s\n", buf );
-
- for( i = 0; i < MAX_CLIENT_CERTS; i++ )
- {
- /*
- * 1.3. Load own certificate
- */
- char name[512];
- uint32_t flags;
- mbedtls_x509_crt clicert;
- mbedtls_pk_context pk;
-
- mbedtls_x509_crt_init( &clicert );
- mbedtls_pk_init( &pk );
-
- mbedtls_snprintf(name, 512, "ssl/test-ca/%s", client_certificates[i]);
-
- mbedtls_printf( " . Loading the client certificate %s...", name );
- fflush( stdout );
-
- ret = mbedtls_x509_crt_parse_file( &clicert, name );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret );
- goto exit;
- }
-
- mbedtls_printf( " ok\n" );
-
- /*
- * 1.4. Verify certificate validity with CA certificate
- */
- mbedtls_printf( " . Verify the client certificate with CA certificate..." );
- fflush( stdout );
-
- ret = mbedtls_x509_crt_verify( &clicert, &cacert, &crl, NULL, &flags, NULL,
- NULL );
- if( ret != 0 )
- {
- if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
- {
- char vrfy_buf[512];
-
- mbedtls_printf( " failed\n" );
- mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
- mbedtls_printf( "%s\n", vrfy_buf );
- }
- else
- {
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_verify returned %d\n\n", ret );
- goto exit;
- }
- }
-
- mbedtls_printf( " ok\n" );
-
- /*
- * 1.5. Load own private key
- */
- mbedtls_snprintf(name, 512, "ssl/test-ca/%s", client_private_keys[i]);
-
- mbedtls_printf( " . Loading the client private key %s...", name );
- fflush( stdout );
-
- ret = mbedtls_pk_parse_keyfile( &pk, name, NULL );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned %d\n\n", ret );
- goto exit;
- }
-
- mbedtls_printf( " ok\n" );
-
- /*
- * 1.6. Verify certificate validity with private key
- */
- mbedtls_printf( " . Verify the client certificate with private key..." );
- fflush( stdout );
-
-
- /* EC NOT IMPLEMENTED YET */
- if( ! mbedtls_pk_can_do( &clicert.pk, MBEDTLS_PK_RSA ) )
- {
- mbedtls_printf( " failed\n ! certificate's key is not RSA\n\n" );
- goto exit;
- }
-
- ret = mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa( pk )->N, &mbedtls_pk_rsa( clicert.pk )->N);
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_cmp_mpi for N returned %d\n\n", ret );
- goto exit;
- }
-
- ret = mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa( pk )->E, &mbedtls_pk_rsa( clicert.pk )->E);
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_mpi_cmp_mpi for E returned %d\n\n", ret );
- goto exit;
- }
-
- ret = mbedtls_rsa_check_privkey( mbedtls_pk_rsa( pk ) );
- if( ret != 0 )
- {
- mbedtls_printf( " failed\n ! mbedtls_rsa_check_privkey returned %d\n\n", ret );
- goto exit;
- }
-
- mbedtls_printf( " ok\n" );
-
- mbedtls_x509_crt_free( &clicert );
- mbedtls_pk_free( &pk );
- }
-
- exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
- mbedtls_x509_crt_free( &cacert );
- mbedtls_x509_crl_free( &crl );
-
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
- return( exit_code );
-}
-#endif /* MBEDTLS_RSA_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO &&
- MBEDTLS_X509_CRL_PARSE_C */
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 55e0f24..979910e 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -40,6 +40,8 @@
#define mbedtls_time time
#define mbedtls_time_t time_t
#define mbedtls_printf printf
+#define mbedtls_calloc calloc
+#define mbedtls_free free
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -106,11 +108,29 @@
" delay=%%d default: 0 (no delayed packets)\n" \
" delay about 1:N packets randomly\n" \
" delay_ccs=0/1 default: 0 (don't delay ChangeCipherSpec)\n" \
+ " delay_cli=%%s Handshake message from client that should be\n"\
+ " delayed. Possible values are 'ClientHello',\n" \
+ " 'Certificate', 'CertificateVerify', and\n" \
+ " 'ClientKeyExchange'.\n" \
+ " May be used multiple times, even for the same\n"\
+ " message, in which case the respective message\n"\
+ " gets delayed multiple times.\n" \
+ " delay_srv=%%s Handshake message from server that should be\n"\
+ " delayed. Possible values are 'HelloRequest',\n"\
+ " 'ServerHello', 'ServerHelloDone', 'Certificate'\n"\
+ " 'ServerKeyExchange', 'NewSessionTicket',\n"\
+ " 'HelloVerifyRequest' and ''CertificateRequest'.\n"\
+ " May be used multiple times, even for the same\n"\
+ " message, in which case the respective message\n"\
+ " gets delayed multiple times.\n" \
" drop=%%d default: 0 (no dropped packets)\n" \
" drop about 1:N packets randomly\n" \
" mtu=%%d default: 0 (unlimited)\n" \
" drop packets larger than N bytes\n" \
" bad_ad=0/1 default: 0 (don't add bad ApplicationData)\n" \
+ " bad_cid=%%d default: 0 (don't corrupt Connection IDs)\n" \
+ " duplicate 1:N packets containing a CID,\n" \
+ " modifying CID in first instance of the packet.\n" \
" protect_hvr=0/1 default: 0 (don't protect HelloVerifyRequest)\n" \
" protect_len=%%d default: (don't protect packets of this size)\n" \
"\n" \
@@ -121,6 +141,9 @@
/*
* global options
*/
+
+#define MAX_DELAYED_HS 10
+
static struct options
{
const char *server_addr; /* address to forward packets to */
@@ -131,9 +154,16 @@
int duplicate; /* duplicate 1 in N packets (none if 0) */
int delay; /* delay 1 packet in N (none if 0) */
int delay_ccs; /* delay ChangeCipherSpec */
+ char* delay_cli[MAX_DELAYED_HS]; /* handshake types of messages from
+ * client that should be delayed. */
+ uint8_t delay_cli_cnt; /* Number of entries in delay_cli. */
+ char* delay_srv[MAX_DELAYED_HS]; /* handshake types of messages from
+ * server that should be delayed. */
+ uint8_t delay_srv_cnt; /* Number of entries in delay_srv. */
int drop; /* drop 1 packet in N (none if 0) */
int mtu; /* drop packets larger than this */
int bad_ad; /* inject corrupted ApplicationData record */
+ unsigned bad_cid; /* inject corrupted CID record */
int protect_hvr; /* never drop or delay HelloVerifyRequest */
int protect_len; /* never drop/delay packet of the given size*/
unsigned pack; /* merge packets into single datagram for
@@ -164,6 +194,11 @@
opt.pack = DFL_PACK;
/* Other members default to 0 */
+ opt.delay_cli_cnt = 0;
+ opt.delay_srv_cnt = 0;
+ memset( opt.delay_cli, 0, sizeof( opt.delay_cli ) );
+ memset( opt.delay_srv, 0, sizeof( opt.delay_srv ) );
+
for( i = 1; i < argc; i++ )
{
p = argv[i];
@@ -197,6 +232,43 @@
if( opt.delay_ccs < 0 || opt.delay_ccs > 1 )
exit_usage( p, q );
}
+ else if( strcmp( p, "delay_cli" ) == 0 ||
+ strcmp( p, "delay_srv" ) == 0 )
+ {
+ uint8_t *delay_cnt;
+ char **delay_list;
+ size_t len;
+ char *buf;
+
+ if( strcmp( p, "delay_cli" ) == 0 )
+ {
+ delay_cnt = &opt.delay_cli_cnt;
+ delay_list = opt.delay_cli;
+ }
+ else
+ {
+ delay_cnt = &opt.delay_srv_cnt;
+ delay_list = opt.delay_srv;
+ }
+
+ if( *delay_cnt == MAX_DELAYED_HS )
+ {
+ mbedtls_printf( " too many uses of %s: only %d allowed\n",
+ p, MAX_DELAYED_HS );
+ exit_usage( p, NULL );
+ }
+
+ len = strlen( q );
+ buf = mbedtls_calloc( 1, len + 1 );
+ if( buf == NULL )
+ {
+ mbedtls_printf( " Allocation failure\n" );
+ exit( 1 );
+ }
+ memcpy( buf, q, len + 1 );
+
+ delay_list[ (*delay_cnt)++ ] = buf;
+ }
else if( strcmp( p, "drop" ) == 0 )
{
opt.drop = atoi( q );
@@ -224,6 +296,12 @@
if( opt.bad_ad < 0 || opt.bad_ad > 1 )
exit_usage( p, q );
}
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ else if( strcmp( p, "bad_cid" ) == 0 )
+ {
+ opt.bad_cid = (unsigned) atoi( q );
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
else if( strcmp( p, "protect_hvr" ) == 0 )
{
opt.protect_hvr = atoi( q );
@@ -255,6 +333,7 @@
case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: return( "ChangeCipherSpec" );
case MBEDTLS_SSL_MSG_ALERT: return( "Alert" );
case MBEDTLS_SSL_MSG_APPLICATION_DATA: return( "ApplicationData" );
+ case MBEDTLS_SSL_MSG_CID: return( "CID" );
case MBEDTLS_SSL_MSG_HANDSHAKE: break; /* See below */
default: return( "Unknown" );
}
@@ -368,7 +447,10 @@
if( sizeof( buf->data ) - buf->len < len )
{
if( ( ret = ctx_buffer_flush( buf ) ) <= 0 )
+ {
+ mbedtls_printf( "ctx_buffer_flush failed with -%#04x", -ret );
return( ret );
+ }
}
memcpy( buf->data + buf->len, data, len );
@@ -385,6 +467,7 @@
const unsigned char * data,
size_t len )
{
+ int ret;
#if defined(MBEDTLS_TIMING_C)
ctx_buffer *buf = NULL;
if( opt.pack > 0 )
@@ -401,7 +484,12 @@
}
#endif /* MBEDTLS_TIMING_C */
- return( mbedtls_net_send( ctx, data, len ) );
+ ret = mbedtls_net_send( ctx, data, len );
+ if( ret < 0 )
+ {
+ mbedtls_printf( "net_send returned -%#04x\n", -ret );
+ }
+ return( ret );
}
typedef struct
@@ -440,6 +528,25 @@
int ret;
mbedtls_net_context *dst = p->dst;
+ /* insert corrupted CID record? */
+ if( opt.bad_cid != 0 &&
+ strcmp( p->type, "CID" ) == 0 &&
+ ( rand() % opt.bad_cid ) == 0 )
+ {
+ unsigned char buf[MAX_MSG_SIZE];
+ memcpy( buf, p->buf, p->len );
+
+ /* The CID resides at offset 11 in the DTLS record header. */
+ buf[11] ^= 1;
+ print_packet( p, "modified CID" );
+
+ if( ( ret = dispatch_data( dst, buf, p->len ) ) <= 0 )
+ {
+ mbedtls_printf( " ! dispatch returned %d\n", ret );
+ return( ret );
+ }
+ }
+
/* insert corrupted ApplicationData record? */
if( opt.bad_ad &&
strcmp( p->type, "ApplicationData" ) == 0 )
@@ -488,11 +595,37 @@
return( 0 );
}
-static packet prev;
+#define MAX_DELAYED_MSG 5
+static size_t prev_len;
+static packet prev[MAX_DELAYED_MSG];
void clear_pending( void )
{
- memset( &prev, 0, sizeof( packet ) );
+ memset( &prev, 0, sizeof( prev ) );
+ prev_len = 0;
+}
+
+void delay_packet( packet *delay )
+{
+ if( prev_len == MAX_DELAYED_MSG )
+ return;
+
+ memcpy( &prev[prev_len++], delay, sizeof( packet ) );
+}
+
+int send_delayed()
+{
+ uint8_t offset;
+ int ret;
+ for( offset = 0; offset < prev_len; offset++ )
+ {
+ ret = send_packet( &prev[offset], "delayed" );
+ if( ret != 0 )
+ return( ret );
+ }
+
+ clear_pending();
+ return( 0 );
}
/*
@@ -504,32 +637,17 @@
static unsigned char dropped[2048] = { 0 };
#define DROP_MAX 2
-/*
- * OpenSSL groups packets in a datagram the first time it sends them, but not
- * when it resends them. Count every record as seen the first time.
- */
+/* We only drop packets at the level of entire datagrams, not at the level
+ * of records. In particular, if the peer changes the way it packs multiple
+ * records into a single datagram, we don't necessarily count the number of
+ * times a record has been dropped correctly. However, the only known reason
+ * why a peer would change datagram packing is disabling the latter on
+ * retransmission, in which case we'd drop involved records at most
+ * DROP_MAX + 1 times. */
void update_dropped( const packet *p )
{
size_t id = p->len % sizeof( dropped );
- const unsigned char *end = p->buf + p->len;
- const unsigned char *cur = p->buf;
- size_t len = ( ( cur[11] << 8 ) | cur[12] ) + 13;
-
++dropped[id];
-
- /* Avoid counting single record twice */
- if( len == p->len )
- return;
-
- while( cur < end )
- {
- len = ( ( cur[11] << 8 ) | cur[12] ) + 13;
-
- id = len % sizeof( dropped );
- ++dropped[id];
-
- cur += len;
- }
}
int handle_message( const char *way,
@@ -540,6 +658,10 @@
packet cur;
size_t id;
+ uint8_t delay_idx;
+ char ** delay_list;
+ uint8_t delay_list_len;
+
/* receive packet */
if( ( ret = mbedtls_net_recv( src, cur.buf, sizeof( cur.buf ) ) ) <= 0 )
{
@@ -555,10 +677,42 @@
id = cur.len % sizeof( dropped );
+ if( strcmp( way, "S <- C" ) == 0 )
+ {
+ delay_list = opt.delay_cli;
+ delay_list_len = opt.delay_cli_cnt;
+ }
+ else
+ {
+ delay_list = opt.delay_srv;
+ delay_list_len = opt.delay_srv_cnt;
+ }
+
+ /* Check if message type is in the list of messages
+ * that should be delayed */
+ for( delay_idx = 0; delay_idx < delay_list_len; delay_idx++ )
+ {
+ if( delay_list[ delay_idx ] == NULL )
+ continue;
+
+ if( strcmp( delay_list[ delay_idx ], cur.type ) == 0 )
+ {
+ /* Delay message */
+ delay_packet( &cur );
+
+ /* Remove entry from list */
+ mbedtls_free( delay_list[delay_idx] );
+ delay_list[delay_idx] = NULL;
+
+ return( 0 );
+ }
+ }
+
/* do we want to drop, delay, or forward it? */
if( ( opt.mtu != 0 &&
cur.len > (unsigned) opt.mtu ) ||
( opt.drop != 0 &&
+ strcmp( cur.type, "CID" ) != 0 &&
strcmp( cur.type, "ApplicationData" ) != 0 &&
! ( opt.protect_hvr &&
strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) &&
@@ -571,15 +725,15 @@
else if( ( opt.delay_ccs == 1 &&
strcmp( cur.type, "ChangeCipherSpec" ) == 0 ) ||
( opt.delay != 0 &&
+ strcmp( cur.type, "CID" ) != 0 &&
strcmp( cur.type, "ApplicationData" ) != 0 &&
! ( opt.protect_hvr &&
strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) &&
- prev.dst == NULL &&
cur.len != (size_t) opt.protect_len &&
dropped[id] < DROP_MAX &&
rand() % opt.delay == 0 ) )
{
- memcpy( &prev, &cur, sizeof( packet ) );
+ delay_packet( &cur );
}
else
{
@@ -587,14 +741,10 @@
if( ( ret = send_packet( &cur, "forwarded" ) ) != 0 )
return( ret );
- /* send previously delayed message if any */
- if( prev.dst != NULL )
- {
- ret = send_packet( &prev, "delayed" );
- memset( &prev, 0, sizeof( packet ) );
- if( ret != 0 )
- return( ret );
- }
+ /* send previously delayed messages if any */
+ ret = send_delayed();
+ if( ret != 0 )
+ return( ret );
}
return( 0 );
@@ -604,6 +754,7 @@
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
+ uint8_t delay_idx;
mbedtls_net_context listen_fd, client_fd, server_fd;
@@ -798,6 +949,12 @@
}
#endif
+ for( delay_idx = 0; delay_idx < MAX_DELAYED_HS; delay_idx++ )
+ {
+ mbedtls_free( opt.delay_cli + delay_idx );
+ mbedtls_free( opt.delay_srv + delay_idx );
+ }
+
mbedtls_net_free( &client_fd );
mbedtls_net_free( &server_fd );
mbedtls_net_free( &listen_fd );
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index 73a9fb5..f184939 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -33,6 +33,7 @@
#define mbedtls_free free
#define mbedtls_calloc calloc
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -63,6 +64,8 @@
return( 0 );
}
#else
+
+
/*
* global options
*/
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index c57ecca..432eefb 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -34,6 +34,7 @@
#define mbedtls_time_t time_t
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -99,6 +100,7 @@
" permissive=%%d default: 0 (disabled)\n" \
"\n"
+
/*
* global options
*/
@@ -454,9 +456,12 @@
/*
* 5. Print the certificate
*/
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ mbedtls_printf( " . Peer certificate information ... skipped\n" );
+#else
mbedtls_printf( " . Peer certificate information ...\n" );
ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
- ssl.session->peer_cert );
+ mbedtls_ssl_get_peer_cert( &ssl ) );
if( ret == -1 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret );
@@ -464,6 +469,7 @@
}
mbedtls_printf( "%s\n", buf );
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
mbedtls_ssl_close_notify( &ssl );
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index a32ac50..f3d9157 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -31,6 +31,7 @@
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -59,16 +60,21 @@
#include <string.h>
#define DFL_FILENAME "keyfile.key"
+#define DFL_PASSWORD NULL
#define DFL_DEBUG_LEVEL 0
#define DFL_OUTPUT_FILENAME "cert.req"
#define DFL_SUBJECT_NAME "CN=Cert,O=mbed TLS,C=UK"
#define DFL_KEY_USAGE 0
+#define DFL_FORCE_KEY_USAGE 0
#define DFL_NS_CERT_TYPE 0
+#define DFL_FORCE_NS_CERT_TYPE 0
+#define DFL_MD_ALG MBEDTLS_MD_SHA256
#define USAGE \
"\n usage: cert_req param=<>...\n" \
"\n acceptable parameters:\n" \
" filename=%%s default: keyfile.key\n" \
+ " password=%%s default: NULL\n" \
" debug_level=%%d default: 0 (disabled)\n" \
" output_file=%%s default: cert.req\n" \
" subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \
@@ -81,6 +87,8 @@
" key_agreement\n" \
" key_cert_sign\n" \
" crl_sign\n" \
+ " force_key_usage=0/1 default: off\n" \
+ " Add KeyUsage even if it is empty\n" \
" ns_cert_type=%%s default: (empty)\n" \
" Comma-separated-list of values:\n" \
" ssl_client\n" \
@@ -90,19 +98,31 @@
" ssl_ca\n" \
" email_ca\n" \
" object_signing_ca\n" \
+ " force_ns_cert_type=0/1 default: off\n" \
+ " Add NsCertType even if it is empty\n" \
+ " md=%%s default: SHA256\n" \
+ " possible values:\n" \
+ " MD2, MD4, MD5, SHA1\n" \
+ " SHA224, SHA256\n" \
+ " SHA384, SHA512\n" \
"\n"
+
/*
* global options
*/
struct options
{
const char *filename; /* filename of the key file */
+ const char *password; /* password for the key file */
int debug_level; /* level of debugging */
const char *output_file; /* where to store the constructed key file */
const char *subject_name; /* subject name for certificate request */
unsigned char key_usage; /* key usage flags */
+ int force_key_usage; /* Force adding the KeyUsage extension */
unsigned char ns_cert_type; /* NS cert type */
+ int force_ns_cert_type; /* Force adding NsCertType extension */
+ mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
} opt;
int write_certificate_request( mbedtls_x509write_csr *req, const char *output_file,
@@ -151,7 +171,6 @@
* Set to sane values
*/
mbedtls_x509write_csr_init( &req );
- mbedtls_x509write_csr_set_md_alg( &req, MBEDTLS_MD_SHA256 );
mbedtls_pk_init( &key );
mbedtls_ctr_drbg_init( &ctr_drbg );
memset( buf, 0, sizeof( buf ) );
@@ -164,11 +183,15 @@
}
opt.filename = DFL_FILENAME;
+ opt.password = DFL_PASSWORD;
opt.debug_level = DFL_DEBUG_LEVEL;
opt.output_file = DFL_OUTPUT_FILENAME;
opt.subject_name = DFL_SUBJECT_NAME;
opt.key_usage = DFL_KEY_USAGE;
+ opt.force_key_usage = DFL_FORCE_KEY_USAGE;
opt.ns_cert_type = DFL_NS_CERT_TYPE;
+ opt.force_ns_cert_type = DFL_FORCE_NS_CERT_TYPE;
+ opt.md_alg = DFL_MD_ALG;
for( i = 1; i < argc; i++ )
{
@@ -180,6 +203,8 @@
if( strcmp( p, "filename" ) == 0 )
opt.filename = q;
+ else if( strcmp( p, "password" ) == 0 )
+ opt.password = q;
else if( strcmp( p, "output_file" ) == 0 )
opt.output_file = q;
else if( strcmp( p, "debug_level" ) == 0 )
@@ -192,6 +217,61 @@
{
opt.subject_name = q;
}
+ else if( strcmp( p, "md" ) == 0 )
+ {
+ if( strcmp( q, "SHA256" ) == 0 )
+ {
+ opt.md_alg = MBEDTLS_MD_SHA256;
+ }
+ else if( strcmp( q, "SHA224" ) == 0 )
+ {
+ opt.md_alg = MBEDTLS_MD_SHA224;
+ }
+ else
+#if defined(MBEDTLS_MD5_C)
+ if( strcmp( q, "MD5" ) == 0 )
+ {
+ opt.md_alg = MBEDTLS_MD_MD5;
+ }
+ else
+#endif /* MBEDTLS_MD5_C */
+#if defined(MBEDTLS_MD4_C)
+ if( strcmp( q, "MD4" ) == 0 )
+ {
+ opt.md_alg = MBEDTLS_MD_MD4;
+ }
+ else
+#endif /* MBEDTLS_MD5_C */
+#if defined(MBEDTLS_MD2_C)
+ if( strcmp( q, "MD2" ) == 0 )
+ {
+ opt.md_alg = MBEDTLS_MD_MD2;
+ }
+ else
+#endif /* MBEDTLS_MD2_C */
+#if defined(MBEDTLS_SHA1_C)
+ if( strcmp( q, "SHA1" ) == 0 )
+ {
+ opt.md_alg = MBEDTLS_MD_SHA1;
+ }
+ else
+#endif /* MBEDTLS_SHA1_C */
+#if defined(MBEDTLS_SHA512_C)
+ if( strcmp( q, "SHA384" ) == 0 )
+ {
+ opt.md_alg = MBEDTLS_MD_SHA384;
+ }
+ else
+ if( strcmp( q, "SHA512" ) == 0 )
+ {
+ opt.md_alg = MBEDTLS_MD_SHA512;
+ }
+ else
+#endif /* MBEDTLS_SHA512_C */
+ {
+ goto usage;
+ }
+ }
else if( strcmp( p, "key_usage" ) == 0 )
{
while( q != NULL )
@@ -219,6 +299,15 @@
q = r;
}
}
+ else if( strcmp( p, "force_key_usage" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.force_key_usage = 0; break;
+ case 1: opt.force_key_usage = 1; break;
+ default: goto usage;
+ }
+ }
else if( strcmp( p, "ns_cert_type" ) == 0 )
{
while( q != NULL )
@@ -246,14 +335,25 @@
q = r;
}
}
+ else if( strcmp( p, "force_ns_cert_type" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.force_ns_cert_type = 0; break;
+ case 1: opt.force_ns_cert_type = 1; break;
+ default: goto usage;
+ }
+ }
else
goto usage;
}
- if( opt.key_usage )
+ mbedtls_x509write_csr_set_md_alg( &req, opt.md_alg );
+
+ if( opt.key_usage || opt.force_key_usage == 1 )
mbedtls_x509write_csr_set_key_usage( &req, opt.key_usage );
- if( opt.ns_cert_type )
+ if( opt.ns_cert_type || opt.force_ns_cert_type == 1 )
mbedtls_x509write_csr_set_ns_cert_type( &req, opt.ns_cert_type );
/*
@@ -293,7 +393,7 @@
mbedtls_printf( " . Loading the private key ..." );
fflush( stdout );
- ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL );
+ ret = mbedtls_pk_parse_keyfile( &key, opt.filename, opt.password );
if( ret != 0 )
{
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 09a91e0..d36d73c 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -31,6 +31,7 @@
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -120,7 +121,7 @@
" max_pathlen=%%d default: -1 (none)\n" \
" md=%%s default: SHA256\n" \
" Supported values:\n" \
- " MD5, SHA1, SHA256, SHA512\n"\
+ " MD2, MD4, MD5, SHA1, SHA256, SHA512\n"\
" version=%%d default: 3\n" \
" Possible values: 1, 2, 3\n"\
" subject_identifier=%%s default: 1\n" \
@@ -153,6 +154,7 @@
" object_signing_ca\n" \
"\n"
+
/*
* global options
*/
@@ -164,7 +166,7 @@
const char *issuer_key; /* filename of the issuer key file */
const char *subject_pwd; /* password for the subject key file */
const char *issuer_pwd; /* password for the issuer key file */
- const char *output_file; /* where to store the constructed key file */
+ const char *output_file; /* where to store the constructed CRT */
const char *subject_name; /* subject name for certificate */
const char *issuer_name; /* issuer name for certificate */
const char *not_before; /* validity period not before */
@@ -242,6 +244,7 @@
mbedtls_pk_init( &loaded_subject_key );
mbedtls_mpi_init( &serial );
mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init( &entropy );
#if defined(MBEDTLS_X509_CSR_PARSE_C)
mbedtls_x509_csr_init( &csr );
#endif
@@ -354,10 +357,18 @@
{
if( strcmp( q, "SHA1" ) == 0 )
opt.md = MBEDTLS_MD_SHA1;
+ else if( strcmp( q, "SHA224" ) == 0 )
+ opt.md = MBEDTLS_MD_SHA224;
else if( strcmp( q, "SHA256" ) == 0 )
opt.md = MBEDTLS_MD_SHA256;
+ else if( strcmp( q, "SHA384" ) == 0 )
+ opt.md = MBEDTLS_MD_SHA384;
else if( strcmp( q, "SHA512" ) == 0 )
opt.md = MBEDTLS_MD_SHA512;
+ else if( strcmp( q, "MD2" ) == 0 )
+ opt.md = MBEDTLS_MD_MD2;
+ else if( strcmp( q, "MD4" ) == 0 )
+ opt.md = MBEDTLS_MD_MD4;
else if( strcmp( q, "MD5" ) == 0 )
opt.md = MBEDTLS_MD_MD5;
else
@@ -475,7 +486,6 @@
mbedtls_printf( " . Seeding the random number generator..." );
fflush( stdout );
- mbedtls_entropy_init( &entropy );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
@@ -770,7 +780,7 @@
}
/*
- * 1.2. Writing the request
+ * 1.2. Writing the certificate
*/
mbedtls_printf( " . Writing the certificate..." );
fflush( stdout );
@@ -789,6 +799,10 @@
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+ mbedtls_x509_csr_free( &csr );
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
+ mbedtls_x509_crt_free( &issuer_crt );
mbedtls_x509write_crt_free( &crt );
mbedtls_pk_free( &loaded_subject_key );
mbedtls_pk_free( &loaded_issuer_key );
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index f831683..127320a 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -31,6 +31,7 @@
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -60,6 +61,7 @@
" filename=%%s default: crl.pem\n" \
"\n"
+
/*
* global options
*/
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 0f20c85..3bb4277 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -31,6 +31,7 @@
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -60,6 +61,7 @@
" filename=%%s default: cert.req\n" \
"\n"
+
/*
* global options
*/
diff --git a/scripts/abi_check.py b/scripts/abi_check.py
index 8f9cd0f..e19f2c0 100755
--- a/scripts/abi_check.py
+++ b/scripts/abi_check.py
@@ -9,10 +9,10 @@
This script is a small wrapper around the abi-compliance-checker and
abi-dumper tools, applying them to compare the ABI and API of the library
files from two different Git revisions within an Mbed TLS repository.
-The results of the comparison are formatted as HTML and stored at
-a configurable location. Returns 0 on success, 1 on ABI/API non-compliance,
-and 2 if there is an error while running the script.
-Note: must be run from Mbed TLS root.
+The results of the comparison are either formatted as HTML and stored at
+a configurable location, or are given as a brief list of problems.
+Returns 0 on success, 1 on ABI/API non-compliance, and 2 if there is an error
+while running the script. Note: must be run from Mbed TLS root.
"""
import os
@@ -23,175 +23,303 @@
import argparse
import logging
import tempfile
+import fnmatch
+from types import SimpleNamespace
+
+import xml.etree.ElementTree as ET
class AbiChecker(object):
+ """API and ABI checker."""
- def __init__(self, report_dir, old_rev, new_rev, keep_all_reports):
+ def __init__(self, old_version, new_version, configuration):
+ """Instantiate the API/ABI checker.
+
+ old_version: RepoVersion containing details to compare against
+ new_version: RepoVersion containing details to check
+ configuration.report_dir: directory for output files
+ configuration.keep_all_reports: if false, delete old reports
+ configuration.brief: if true, output shorter report to stdout
+ configuration.skip_file: path to file containing symbols and types to skip
+ """
self.repo_path = "."
self.log = None
- self.setup_logger()
- self.report_dir = os.path.abspath(report_dir)
- self.keep_all_reports = keep_all_reports
- self.should_keep_report_dir = os.path.isdir(self.report_dir)
- self.old_rev = old_rev
- self.new_rev = new_rev
- self.mbedtls_modules = ["libmbedcrypto", "libmbedtls", "libmbedx509"]
- self.old_dumps = {}
- self.new_dumps = {}
+ self.verbose = configuration.verbose
+ self._setup_logger()
+ self.report_dir = os.path.abspath(configuration.report_dir)
+ self.keep_all_reports = configuration.keep_all_reports
+ self.can_remove_report_dir = not (os.path.exists(self.report_dir) or
+ self.keep_all_reports)
+ self.old_version = old_version
+ self.new_version = new_version
+ self.skip_file = configuration.skip_file
+ self.brief = configuration.brief
self.git_command = "git"
self.make_command = "make"
- def check_repo_path(self):
- current_dir = os.path.realpath('.')
- root_dir = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
- if current_dir != root_dir:
+ @staticmethod
+ def check_repo_path():
+ if not all(os.path.isdir(d) for d in ["include", "library", "tests"]):
raise Exception("Must be run from Mbed TLS root")
- def setup_logger(self):
+ def _setup_logger(self):
self.log = logging.getLogger()
- self.log.setLevel(logging.INFO)
+ if self.verbose:
+ self.log.setLevel(logging.DEBUG)
+ else:
+ self.log.setLevel(logging.INFO)
self.log.addHandler(logging.StreamHandler())
- def check_abi_tools_are_installed(self):
+ @staticmethod
+ def check_abi_tools_are_installed():
for command in ["abi-dumper", "abi-compliance-checker"]:
if not shutil.which(command):
raise Exception("{} not installed, aborting".format(command))
- def get_clean_worktree_for_git_revision(self, git_rev):
- self.log.info(
- "Checking out git worktree for revision {}".format(git_rev)
- )
+ def _get_clean_worktree_for_git_revision(self, version):
+ """Make a separate worktree with version.revision checked out.
+ Do not modify the current worktree."""
git_worktree_path = tempfile.mkdtemp()
- worktree_process = subprocess.Popen(
- [self.git_command, "worktree", "add", git_worktree_path, git_rev],
+ if version.repository:
+ self.log.debug(
+ "Checking out git worktree for revision {} from {}".format(
+ version.revision, version.repository
+ )
+ )
+ fetch_output = subprocess.check_output(
+ [self.git_command, "fetch",
+ version.repository, version.revision],
+ cwd=self.repo_path,
+ stderr=subprocess.STDOUT
+ )
+ self.log.debug(fetch_output.decode("utf-8"))
+ worktree_rev = "FETCH_HEAD"
+ else:
+ self.log.debug("Checking out git worktree for revision {}".format(
+ version.revision
+ ))
+ worktree_rev = version.revision
+ worktree_output = subprocess.check_output(
+ [self.git_command, "worktree", "add", "--detach",
+ git_worktree_path, worktree_rev],
cwd=self.repo_path,
- stdout=subprocess.PIPE,
stderr=subprocess.STDOUT
)
- worktree_output, _ = worktree_process.communicate()
- self.log.info(worktree_output.decode("utf-8"))
- if worktree_process.returncode != 0:
- raise Exception("Checking out worktree failed, aborting")
+ self.log.debug(worktree_output.decode("utf-8"))
+ version.commit = subprocess.check_output(
+ [self.git_command, "rev-parse", "HEAD"],
+ cwd=git_worktree_path,
+ stderr=subprocess.STDOUT
+ ).decode("ascii").rstrip()
+ self.log.debug("Commit is {}".format(version.commit))
return git_worktree_path
- def build_shared_libraries(self, git_worktree_path):
+ def _update_git_submodules(self, git_worktree_path, version):
+ """If the crypto submodule is present, initialize it.
+ if version.crypto_revision exists, update it to that revision,
+ otherwise update it to the default revision"""
+ update_output = subprocess.check_output(
+ [self.git_command, "submodule", "update", "--init", '--recursive'],
+ cwd=git_worktree_path,
+ stderr=subprocess.STDOUT
+ )
+ self.log.debug(update_output.decode("utf-8"))
+ if not (os.path.exists(os.path.join(git_worktree_path, "crypto"))
+ and version.crypto_revision):
+ return
+
+ if version.crypto_repository:
+ fetch_output = subprocess.check_output(
+ [self.git_command, "fetch", version.crypto_repository,
+ version.crypto_revision],
+ cwd=os.path.join(git_worktree_path, "crypto"),
+ stderr=subprocess.STDOUT
+ )
+ self.log.debug(fetch_output.decode("utf-8"))
+ crypto_rev = "FETCH_HEAD"
+ else:
+ crypto_rev = version.crypto_revision
+
+ checkout_output = subprocess.check_output(
+ [self.git_command, "checkout", crypto_rev],
+ cwd=os.path.join(git_worktree_path, "crypto"),
+ stderr=subprocess.STDOUT
+ )
+ self.log.debug(checkout_output.decode("utf-8"))
+
+ def _build_shared_libraries(self, git_worktree_path, version):
+ """Build the shared libraries in the specified worktree."""
my_environment = os.environ.copy()
my_environment["CFLAGS"] = "-g -Og"
my_environment["SHARED"] = "1"
- make_process = subprocess.Popen(
- self.make_command,
+ if os.path.exists(os.path.join(git_worktree_path, "crypto")):
+ my_environment["USE_CRYPTO_SUBMODULE"] = "1"
+ make_output = subprocess.check_output(
+ [self.make_command, "lib"],
env=my_environment,
cwd=git_worktree_path,
- stdout=subprocess.PIPE,
stderr=subprocess.STDOUT
)
- make_output, _ = make_process.communicate()
- self.log.info(make_output.decode("utf-8"))
- if make_process.returncode != 0:
- raise Exception("make failed, aborting")
+ self.log.debug(make_output.decode("utf-8"))
+ for root, _dirs, files in os.walk(git_worktree_path):
+ for file in fnmatch.filter(files, "*.so"):
+ version.modules[os.path.splitext(file)[0]] = (
+ os.path.join(root, file)
+ )
- def get_abi_dumps_from_shared_libraries(self, git_ref, git_worktree_path):
- abi_dumps = {}
- for mbed_module in self.mbedtls_modules:
+ @staticmethod
+ def _pretty_revision(version):
+ if version.revision == version.commit:
+ return version.revision
+ else:
+ return "{} ({})".format(version.revision, version.commit)
+
+ def _get_abi_dumps_from_shared_libraries(self, version):
+ """Generate the ABI dumps for the specified git revision.
+ The shared libraries must have been built and the module paths
+ present in version.modules."""
+ for mbed_module, module_path in version.modules.items():
output_path = os.path.join(
- self.report_dir, "{}-{}.dump".format(mbed_module, git_ref)
+ self.report_dir, "{}-{}-{}.dump".format(
+ mbed_module, version.revision, version.version
+ )
)
abi_dump_command = [
"abi-dumper",
- os.path.join(
- git_worktree_path, "library", mbed_module + ".so"),
+ module_path,
"-o", output_path,
- "-lver", git_ref
+ "-lver", self._pretty_revision(version),
]
- abi_dump_process = subprocess.Popen(
+ abi_dump_output = subprocess.check_output(
abi_dump_command,
- stdout=subprocess.PIPE,
stderr=subprocess.STDOUT
)
- abi_dump_output, _ = abi_dump_process.communicate()
- self.log.info(abi_dump_output.decode("utf-8"))
- if abi_dump_process.returncode != 0:
- raise Exception("abi-dumper failed, aborting")
- abi_dumps[mbed_module] = output_path
- return abi_dumps
+ self.log.debug(abi_dump_output.decode("utf-8"))
+ version.abi_dumps[mbed_module] = output_path
- def cleanup_worktree(self, git_worktree_path):
+ def _cleanup_worktree(self, git_worktree_path):
+ """Remove the specified git worktree."""
shutil.rmtree(git_worktree_path)
- worktree_process = subprocess.Popen(
+ worktree_output = subprocess.check_output(
[self.git_command, "worktree", "prune"],
cwd=self.repo_path,
- stdout=subprocess.PIPE,
stderr=subprocess.STDOUT
)
- worktree_output, _ = worktree_process.communicate()
- self.log.info(worktree_output.decode("utf-8"))
- if worktree_process.returncode != 0:
- raise Exception("Worktree cleanup failed, aborting")
+ self.log.debug(worktree_output.decode("utf-8"))
- def get_abi_dump_for_ref(self, git_rev):
- git_worktree_path = self.get_clean_worktree_for_git_revision(git_rev)
- self.build_shared_libraries(git_worktree_path)
- abi_dumps = self.get_abi_dumps_from_shared_libraries(
- git_rev, git_worktree_path
- )
- self.cleanup_worktree(git_worktree_path)
- return abi_dumps
+ def _get_abi_dump_for_ref(self, version):
+ """Generate the ABI dumps for the specified git revision."""
+ git_worktree_path = self._get_clean_worktree_for_git_revision(version)
+ self._update_git_submodules(git_worktree_path, version)
+ self._build_shared_libraries(git_worktree_path, version)
+ self._get_abi_dumps_from_shared_libraries(version)
+ self._cleanup_worktree(git_worktree_path)
- def get_abi_compatibility_report(self):
- compatibility_report = ""
- compliance_return_code = 0
- for mbed_module in self.mbedtls_modules:
- output_path = os.path.join(
- self.report_dir, "{}-{}-{}.html".format(
- mbed_module, self.old_rev, self.new_rev
- )
+ def _remove_children_with_tag(self, parent, tag):
+ children = parent.getchildren()
+ for child in children:
+ if child.tag == tag:
+ parent.remove(child)
+ else:
+ self._remove_children_with_tag(child, tag)
+
+ def _remove_extra_detail_from_report(self, report_root):
+ for tag in ['test_info', 'test_results', 'problem_summary',
+ 'added_symbols', 'affected']:
+ self._remove_children_with_tag(report_root, tag)
+
+ for report in report_root:
+ for problems in report.getchildren()[:]:
+ if not problems.getchildren():
+ report.remove(problems)
+
+ def _abi_compliance_command(self, mbed_module, output_path):
+ """Build the command to run to analyze the library mbed_module.
+ The report will be placed in output_path."""
+ abi_compliance_command = [
+ "abi-compliance-checker",
+ "-l", mbed_module,
+ "-old", self.old_version.abi_dumps[mbed_module],
+ "-new", self.new_version.abi_dumps[mbed_module],
+ "-strict",
+ "-report-path", output_path,
+ ]
+ if self.skip_file:
+ abi_compliance_command += ["-skip-symbols", self.skip_file,
+ "-skip-types", self.skip_file]
+ if self.brief:
+ abi_compliance_command += ["-report-format", "xml",
+ "-stdout"]
+ return abi_compliance_command
+
+ def _is_library_compatible(self, mbed_module, compatibility_report):
+ """Test if the library mbed_module has remained compatible.
+ Append a message regarding compatibility to compatibility_report."""
+ output_path = os.path.join(
+ self.report_dir, "{}-{}-{}.html".format(
+ mbed_module, self.old_version.revision,
+ self.new_version.revision
)
- abi_compliance_command = [
- "abi-compliance-checker",
- "-l", mbed_module,
- "-old", self.old_dumps[mbed_module],
- "-new", self.new_dumps[mbed_module],
- "-strict",
- "-report-path", output_path
- ]
- abi_compliance_process = subprocess.Popen(
- abi_compliance_command,
- stdout=subprocess.PIPE,
+ )
+ try:
+ subprocess.check_output(
+ self._abi_compliance_command(mbed_module, output_path),
stderr=subprocess.STDOUT
)
- abi_compliance_output, _ = abi_compliance_process.communicate()
- self.log.info(abi_compliance_output.decode("utf-8"))
- if abi_compliance_process.returncode == 0:
- compatibility_report += (
- "No compatibility issues for {}\n".format(mbed_module)
+ except subprocess.CalledProcessError as err:
+ if err.returncode != 1:
+ raise err
+ if self.brief:
+ self.log.info(
+ "Compatibility issues found for {}".format(mbed_module)
)
- if not self.keep_all_reports:
- os.remove(output_path)
- elif abi_compliance_process.returncode == 1:
- compliance_return_code = 1
- self.should_keep_report_dir = True
- compatibility_report += (
- "Compatibility issues found for {}, "
- "for details see {}\n".format(mbed_module, output_path)
- )
+ report_root = ET.fromstring(err.output.decode("utf-8"))
+ self._remove_extra_detail_from_report(report_root)
+ self.log.info(ET.tostring(report_root).decode("utf-8"))
else:
- raise Exception(
- "abi-compliance-checker failed with a return code of {},"
- " aborting".format(abi_compliance_process.returncode)
+ self.can_remove_report_dir = False
+ compatibility_report.append(
+ "Compatibility issues found for {}, "
+ "for details see {}".format(mbed_module, output_path)
)
- os.remove(self.old_dumps[mbed_module])
- os.remove(self.new_dumps[mbed_module])
- if not self.should_keep_report_dir and not self.keep_all_reports:
+ return False
+ compatibility_report.append(
+ "No compatibility issues for {}".format(mbed_module)
+ )
+ if not (self.keep_all_reports or self.brief):
+ os.remove(output_path)
+ return True
+
+ def get_abi_compatibility_report(self):
+ """Generate a report of the differences between the reference ABI
+ and the new ABI. ABI dumps from self.old_version and self.new_version
+ must be available."""
+ compatibility_report = ["Checking evolution from {} to {}".format(
+ self._pretty_revision(self.old_version),
+ self._pretty_revision(self.new_version)
+ )]
+ compliance_return_code = 0
+ shared_modules = list(set(self.old_version.modules.keys()) &
+ set(self.new_version.modules.keys()))
+ for mbed_module in shared_modules:
+ if not self._is_library_compatible(mbed_module,
+ compatibility_report):
+ compliance_return_code = 1
+ for version in [self.old_version, self.new_version]:
+ for mbed_module, mbed_module_dump in version.abi_dumps.items():
+ os.remove(mbed_module_dump)
+ if self.can_remove_report_dir:
os.rmdir(self.report_dir)
- self.log.info(compatibility_report)
+ self.log.info("\n".join(compatibility_report))
return compliance_return_code
def check_for_abi_changes(self):
+ """Generate a report of ABI differences
+ between self.old_rev and self.new_rev."""
self.check_repo_path()
self.check_abi_tools_are_installed()
- self.old_dumps = self.get_abi_dump_for_ref(self.old_rev)
- self.new_dumps = self.get_abi_dump_for_ref(self.new_rev)
+ self._get_abi_dump_for_ref(self.old_version)
+ self._get_abi_dump_for_ref(self.new_version)
return self.get_abi_compatibility_report()
@@ -203,13 +331,18 @@
abi-compliance-checker and abi-dumper tools, applying them
to compare the ABI and API of the library files from two
different Git revisions within an Mbed TLS repository.
- The results of the comparison are formatted as HTML and stored
- at a configurable location. Returns 0 on success, 1 on ABI/API
- non-compliance, and 2 if there is an error while running the
- script. Note: must be run from Mbed TLS root."""
+ The results of the comparison are either formatted as HTML and
+ stored at a configurable location, or are given as a brief list
+ of problems. Returns 0 on success, 1 on ABI/API non-compliance,
+ and 2 if there is an error while running the script.
+ Note: must be run from Mbed TLS root."""
)
)
parser.add_argument(
+ "-v", "--verbose", action="store_true",
+ help="set verbosity level",
+ )
+ parser.add_argument(
"-r", "--report-dir", type=str, default="reports",
help="directory where reports are stored, default is reports",
)
@@ -218,21 +351,82 @@
help="keep all reports, even if there are no compatibility issues",
)
parser.add_argument(
- "-o", "--old-rev", type=str, help="revision for old version",
- required=True
+ "-o", "--old-rev", type=str, help="revision for old version.",
+ required=True,
+ )
+ parser.add_argument(
+ "-or", "--old-repo", type=str, help="repository for old version."
+ )
+ parser.add_argument(
+ "-oc", "--old-crypto-rev", type=str,
+ help="revision for old crypto submodule."
+ )
+ parser.add_argument(
+ "-ocr", "--old-crypto-repo", type=str,
+ help="repository for old crypto submodule."
)
parser.add_argument(
"-n", "--new-rev", type=str, help="revision for new version",
- required=True
+ required=True,
+ )
+ parser.add_argument(
+ "-nr", "--new-repo", type=str, help="repository for new version."
+ )
+ parser.add_argument(
+ "-nc", "--new-crypto-rev", type=str,
+ help="revision for new crypto version"
+ )
+ parser.add_argument(
+ "-ncr", "--new-crypto-repo", type=str,
+ help="repository for new crypto submodule."
+ )
+ parser.add_argument(
+ "-s", "--skip-file", type=str,
+ help=("path to file containing symbols and types to skip "
+ "(typically \"-s identifiers\" after running "
+ "\"tests/scripts/list-identifiers.sh --internal\")")
+ )
+ parser.add_argument(
+ "-b", "--brief", action="store_true",
+ help="output only the list of issues to stdout, instead of a full report",
)
abi_args = parser.parse_args()
- abi_check = AbiChecker(
- abi_args.report_dir, abi_args.old_rev,
- abi_args.new_rev, abi_args.keep_all_reports
+ if os.path.isfile(abi_args.report_dir):
+ print("Error: {} is not a directory".format(abi_args.report_dir))
+ parser.exit()
+ old_version = SimpleNamespace(
+ version="old",
+ repository=abi_args.old_repo,
+ revision=abi_args.old_rev,
+ commit=None,
+ crypto_repository=abi_args.old_crypto_repo,
+ crypto_revision=abi_args.old_crypto_rev,
+ abi_dumps={},
+ modules={}
)
+ new_version = SimpleNamespace(
+ version="new",
+ repository=abi_args.new_repo,
+ revision=abi_args.new_rev,
+ commit=None,
+ crypto_repository=abi_args.new_crypto_repo,
+ crypto_revision=abi_args.new_crypto_rev,
+ abi_dumps={},
+ modules={}
+ )
+ configuration = SimpleNamespace(
+ verbose=abi_args.verbose,
+ report_dir=abi_args.report_dir,
+ keep_all_reports=abi_args.keep_all_reports,
+ brief=abi_args.brief,
+ skip_file=abi_args.skip_file
+ )
+ abi_check = AbiChecker(old_version, new_version, configuration)
return_code = abi_check.check_for_abi_changes()
sys.exit(return_code)
- except Exception:
+ except Exception: # pylint: disable=broad-except
+ # Print the backtrace and exit explicitly so as to exit with
+ # status 2, not 1.
traceback.print_exc()
sys.exit(2)
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index fc8b800..c39a86a 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -132,6 +132,9 @@
[ $VERBOSE ] && echo "Re-generating library/error.c"
scripts/generate_errors.pl
+[ $VERBOSE ] && echo "Re-generating programs/ssl/query_config.c"
+scripts/generate_query_config.pl
+
[ $VERBOSE ] && echo "Re-generating library/version_features.c"
scripts/generate_features.pl
diff --git a/scripts/config.pl b/scripts/config.pl
index 3d2884c..5b13fc9 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -29,6 +29,7 @@
# MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
# MBEDTLS_NO_PLATFORM_ENTROPY
# MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+# MBEDTLS_REMOVE_3DES_CIPHERSUITES
# MBEDTLS_SSL_HW_RECORD_ACCEL
# MBEDTLS_RSA_NO_CRT
# MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
@@ -36,6 +37,9 @@
# - this could be enabled if the respective tests were adapted
# MBEDTLS_ZLIB_SUPPORT
# MBEDTLS_PKCS11_C
+# MBEDTLS_PSA_CRYPTO_SPM
+# MBEDTLS_PSA_INJECT_ENTROPY
+# MBEDTLS_ECP_RESTARTABLE
# and any symbol beginning _ALT
#
@@ -89,6 +93,7 @@
MBEDTLS_NO_PLATFORM_ENTROPY
MBEDTLS_RSA_NO_CRT
MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+MBEDTLS_REMOVE_3DES_CIPHERSUITES
MBEDTLS_SSL_HW_RECORD_ACCEL
MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
@@ -96,6 +101,9 @@
MBEDTLS_PKCS11_C
MBEDTLS_NO_UDBL_DIVISION
MBEDTLS_NO_64BIT_MULTIPLICATION
+MBEDTLS_PSA_CRYPTO_SPM
+MBEDTLS_PSA_INJECT_ENTROPY
+MBEDTLS_ECP_RESTARTABLE
_ALT\s*$
);
@@ -115,6 +123,8 @@
MBEDTLS_MEMORY_BUFFER_ALLOC_C
MBEDTLS_PLATFORM_TIME_ALT
MBEDTLS_PLATFORM_FPRINTF_ALT
+MBEDTLS_PSA_ITS_FILE_C
+MBEDTLS_PSA_CRYPTO_STORAGE_C
);
# Things that should be enabled in "full" even if they match @excluded
diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt
new file mode 100644
index 0000000..064da4c
--- /dev/null
+++ b/scripts/data_files/query_config.fmt
@@ -0,0 +1,139 @@
+/*
+ * Query Mbed TLS compile time configurations from config.h
+ *
+ * Copyright (C) 2018, Arm Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of Mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+
+/*
+ * Include all the headers with public APIs in case they define a macro to its
+ * default value when that configuration is not set in the config.h.
+ */
+#include "mbedtls/aes.h"
+#include "mbedtls/aesni.h"
+#include "mbedtls/arc4.h"
+#include "mbedtls/aria.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/asn1write.h"
+#include "mbedtls/base64.h"
+#include "mbedtls/bignum.h"
+#include "mbedtls/blowfish.h"
+#include "mbedtls/camellia.h"
+#include "mbedtls/ccm.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/chacha20.h"
+#include "mbedtls/chachapoly.h"
+#include "mbedtls/cipher.h"
+#include "mbedtls/cmac.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/des.h"
+#include "mbedtls/dhm.h"
+#include "mbedtls/ecdh.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/ecjpake.h"
+#include "mbedtls/ecp.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/entropy_poll.h"
+#include "mbedtls/error.h"
+#include "mbedtls/gcm.h"
+#include "mbedtls/havege.h"
+#include "mbedtls/hkdf.h"
+#include "mbedtls/hmac_drbg.h"
+#include "mbedtls/md.h"
+#include "mbedtls/md2.h"
+#include "mbedtls/md4.h"
+#include "mbedtls/md5.h"
+#include "mbedtls/memory_buffer_alloc.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/nist_kw.h"
+#include "mbedtls/oid.h"
+#include "mbedtls/padlock.h"
+#include "mbedtls/pem.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/pkcs11.h"
+#include "mbedtls/pkcs12.h"
+#include "mbedtls/pkcs5.h"
+#include "mbedtls/platform_time.h"
+#include "mbedtls/platform_util.h"
+#include "mbedtls/poly1305.h"
+#include "mbedtls/ripemd160.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/sha512.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/ssl_cache.h"
+#include "mbedtls/ssl_ciphersuites.h"
+#include "mbedtls/ssl_cookie.h"
+#include "mbedtls/ssl_internal.h"
+#include "mbedtls/ssl_ticket.h"
+#include "mbedtls/threading.h"
+#include "mbedtls/timing.h"
+#include "mbedtls/version.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/x509_crl.h"
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/x509_csr.h"
+#include "mbedtls/xtea.h"
+
+#include <string.h>
+
+/*
+ * Helper macros to convert a macro or its expansion into a string
+ * WARNING: This does not work for expanding function-like macros. However,
+ * Mbed TLS does not currently have configuration options used in this fashion.
+ */
+#define MACRO_EXPANSION_TO_STR(macro) MACRO_NAME_TO_STR(macro)
+#define MACRO_NAME_TO_STR(macro) \
+ mbedtls_printf( "%s", strlen( #macro "" ) > 0 ? #macro "\n" : "" )
+
+#if defined(_MSC_VER)
+/*
+ * Visual Studio throws the warning 4003 because many Mbed TLS feature macros
+ * are defined empty. This means that from the preprocessor's point of view
+ * the macro MBEDTLS_EXPANSION_TO_STR is being invoked without arguments as
+ * some macros expand to nothing. We suppress that specific warning to get a
+ * clean build and to ensure that tests treating warnings as errors do not
+ * fail.
+ */
+#pragma warning(push)
+#pragma warning(disable:4003)
+#endif /* _MSC_VER */
+
+int query_config( const char *config )
+{
+CHECK_CONFIG /* If the symbol is not found, return an error */
+ return( 1 );
+}
+
+#if defined(_MSC_VER)
+#pragma warning(pop)
+#endif /* _MSC_VER */
diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt
index 767eda1..63ae94c 100644
--- a/scripts/data_files/version_features.fmt
+++ b/scripts/data_files/version_features.fmt
@@ -31,7 +31,7 @@
#include <string.h>
-static const char *features[] = {
+static const char * const features[] = {
#if defined(MBEDTLS_VERSION_FEATURES)
FEATURE_DEFINES
#endif /* MBEDTLS_VERSION_FEATURES */
@@ -40,7 +40,7 @@
int mbedtls_version_check_feature( const char *feature )
{
- const char **idx = features;
+ const char * const *idx = features;
if( *idx == NULL )
return( -2 );
diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2010-app-template.vcxproj
index de18f9d8..e7bb122 100644
--- a/scripts/data_files/vs2010-app-template.vcxproj
+++ b/scripts/data_files/vs2010-app-template.vcxproj
Binary files differ
diff --git a/scripts/data_files/vs2010-main-template.vcxproj b/scripts/data_files/vs2010-main-template.vcxproj
index 773b58a..bfc2400 100644
--- a/scripts/data_files/vs2010-main-template.vcxproj
+++ b/scripts/data_files/vs2010-main-template.vcxproj
@@ -86,7 +86,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+INCLUDE_DIRECTORIES
+ </AdditionalIncludeDirectories>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
<Link>
@@ -101,7 +103,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+INCLUDE_DIRECTORIES
+ </AdditionalIncludeDirectories>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
<Link>
@@ -118,7 +122,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+INCLUDE_DIRECTORIES
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@@ -136,7 +142,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+INCLUDE_DIRECTORIES
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index ac171ed4a..2fe202e 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -3,15 +3,17 @@
# Generate error.c
#
# Usage: ./generate_errors.pl or scripts/generate_errors.pl without arguments,
-# or generate_errors.pl include_dir data_dir error_file
+# or generate_errors.pl include_dir data_dir error_file include_crypto
+# include_crypto can be either 0 (don't include) or 1 (include). On by default.
use strict;
-my ($include_dir, $data_dir, $error_file);
+my ($include_dir, $data_dir, $error_file, $include_crypto);
+my $crypto_dir = "crypto";
if( @ARGV ) {
- die "Invalid number of arguments" if scalar @ARGV != 3;
- ($include_dir, $data_dir, $error_file) = @ARGV;
+ die "Invalid number of arguments" if scalar @ARGV != 4;
+ ($include_dir, $data_dir, $error_file, $include_crypto) = @ARGV;
-d $include_dir or die "No such directory: $include_dir\n";
-d $data_dir or die "No such directory: $data_dir\n";
@@ -19,6 +21,7 @@
$include_dir = 'include/mbedtls';
$data_dir = 'scripts/data_files';
$error_file = 'library/error.c';
+ $include_crypto = 1;
unless( -d $include_dir && -d $data_dir ) {
chdir '..' or die;
@@ -27,12 +30,16 @@
}
}
+if( $include_crypto ) {
+ -d $crypto_dir or die "Crypto submodule not present\n";
+}
+
my $error_format_file = $data_dir.'/error.fmt';
my @low_level_modules = qw( AES ARC4 ARIA ASN1 BASE64 BIGNUM BLOWFISH
CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES
ENTROPY GCM HKDF HMAC_DRBG MD2 MD4 MD5
- NET OID PADLOCK PBKDF2 POLY1305 RIPEMD160
+ NET OID PADLOCK PBKDF2 PLATFORM POLY1305 RIPEMD160
SHA1 SHA256 SHA512 THREADING XTEA );
my @high_level_modules = qw( CIPHER DHM ECP MD
PEM PK PKCS12 PKCS5
@@ -47,9 +54,19 @@
$/ = $line_separator;
-my @files = <$include_dir/*.h>;
+my @headers = ();
+if ($include_crypto) {
+ @headers = <$crypto_dir/$include_dir/*.h>;
+ foreach my $header (<$include_dir/*.h>) {
+ my $basename = $header; $basename =~ s!.*/!!;
+ push @headers, $header unless -e "$crypto_dir/$include_dir/$basename";
+ }
+} else {
+ @headers = <$include_dir/*.h>;
+}
+
my @matches;
-foreach my $file (@files) {
+foreach my $file (@headers) {
open(FILE, "$file");
my @grep_res = grep(/^\s*#define\s+MBEDTLS_ERR_\w+\s+\-0x[0-9A-Fa-f]+/, <FILE>);
push(@matches, @grep_res);
@@ -73,8 +90,9 @@
my ($error_name, $error_code) = $line =~ /(MBEDTLS_ERR_\w+)\s+\-(0x\w+)/;
my ($description) = $line =~ /\/\*\*< (.*?)\.? \*\//;
- die "Duplicated error code: $error_code ($error_name)\n"
- if( $error_codes_seen{$error_code}++ );
+ if( $error_codes_seen{$error_code}++ ) {
+ die "Duplicated error code: $error_code ($error_name)\n";
+ }
$description =~ s/\\/\\\\/g;
if ($description eq "") {
diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
new file mode 100755
index 0000000..f15e03a
--- /dev/null
+++ b/scripts/generate_query_config.pl
@@ -0,0 +1,75 @@
+#! /usr/bin/env perl
+
+# Generate query_config.c
+#
+# The file query_config.c contains a C function that can be used to check if
+# a configuration macro is defined and to retrieve its expansion in string
+# form (if any). This facilitates querying the compile time configuration of
+# the library, for example, for testing.
+#
+# The query_config.c is generated from the current configuration at
+# include/mbedtls/config.h. The idea is that the config.h contains ALL the
+# compile time configurations available in Mbed TLS (commented or uncommented).
+# This script extracts the configuration macros from the config.h and this
+# information is used to automatically generate the body of the query_config()
+# function by using the template in scripts/data_files/query_config.fmt.
+#
+# Usage: ./scripts/generate_query_config.pl without arguments
+
+use strict;
+
+my $config_file = "./include/mbedtls/config.h";
+
+my $query_config_format_file = "./scripts/data_files/query_config.fmt";
+my $query_config_file = "./programs/ssl/query_config.c";
+
+# Excluded macros from the generated query_config.c. For example, macros that
+# have commas or function-like macros cannot be transformed into strings easily
+# using the preprocessor, so they should be excluded or the preprocessor will
+# throw errors.
+my @excluded = qw(
+MBEDTLS_SSL_CIPHERSUITES
+MBEDTLS_PARAM_FAILED
+);
+my $excluded_re = join '|', @excluded;
+
+open(CONFIG_FILE, "$config_file") or die "Opening config file '$config_file': $!";
+
+# This variable will contain the string to replace in the CHECK_CONFIG of the
+# format file
+my $config_check = "";
+
+while (my $line = <CONFIG_FILE>) {
+ if ($line =~ /^(\/\/)?\s*#\s*define\s+(MBEDTLS_\w+).*/) {
+ my $name = $2;
+
+ # Skip over the macro that prevents multiple inclusion
+ next if "MBEDTLS_CONFIG_H" eq $name;
+
+ # Skip over the macro if it is in the ecluded list
+ next if $name =~ /$excluded_re/;
+
+ $config_check .= "#if defined($name)\n";
+ $config_check .= " if( strcmp( \"$name\", config ) == 0 )\n";
+ $config_check .= " {\n";
+ $config_check .= " MACRO_EXPANSION_TO_STR( $name );\n";
+ $config_check .= " return( 0 );\n";
+ $config_check .= " }\n";
+ $config_check .= "#endif /* $name */\n";
+ $config_check .= "\n";
+ }
+}
+
+# Read the full format file into a string
+local $/;
+open(FORMAT_FILE, "$query_config_format_file") or die "Opening query config format file '$query_config_format_file': $!";
+my $query_config_format = <FORMAT_FILE>;
+close(FORMAT_FILE);
+
+# Replace the body of the query_config() function with the code we just wrote
+$query_config_format =~ s/CHECK_CONFIG/$config_check/g;
+
+# Rewrite the query_config.c file
+open(QUERY_CONFIG_FILE, ">$query_config_file") or die "Opening destination file '$query_config_file': $!";
+print QUERY_CONFIG_FILE $query_config_format;
+close(QUERY_CONFIG_FILE);
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index 811c71f..5cfefe1 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -4,7 +4,8 @@
# 2010
#
# Must be run from mbedTLS root or scripts directory.
-# Takes no argument.
+# Takes "include_crypto" as an argument that can be either 0 (don't include) or
+# 1 (include). On by default.
use warnings;
use strict;
@@ -18,11 +19,29 @@
my $vsx_sln_tpl_file = "scripts/data_files/vs2010-sln-template.sln";
my $vsx_sln_file = "$vsx_dir/mbedTLS.sln";
+my $include_crypto = 1;
+if( @ARGV ) {
+ die "Invalid number of arguments" if scalar @ARGV != 1;
+ ($include_crypto) = @ARGV;
+}
+
my $programs_dir = 'programs';
my $header_dir = 'include/mbedtls';
+my $crypto_headers_dir = 'include/psa';
my $source_dir = 'library';
+my $crypto_dir = 'crypto';
# Need windows line endings!
+my $include_directories = <<EOT;
+../../include\r
+EOT
+
+if ($include_crypto) {
+ $include_directories = <<EOT;
+../../include;../../crypto/include\r
+EOT
+}
+
my $vsx_hdr_tpl = <<EOT;
<ClInclude Include="..\\..\\{NAME}" />\r
EOT
@@ -55,7 +74,9 @@
return -d $vsx_dir
&& -d $header_dir
&& -d $source_dir
- && -d $programs_dir;
+ && -d $programs_dir
+ && -d $crypto_dir
+ && -d "$crypto_dir/$crypto_headers_dir";
}
sub slurp_file {
@@ -93,10 +114,17 @@
$path =~ s!/!\\!g;
(my $appname = $path) =~ s/.*\\//;
+ my $srcs = "\n <ClCompile Include=\"..\\..\\programs\\$path.c\" \/>\r";
+ if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or
+ $appname eq "query_compile_time_config" ) {
+ $srcs .= "\n <ClCompile Include=\"..\\..\\programs\\ssl\\query_config.c\" \/>\r";
+ }
+
my $content = $template;
- $content =~ s/<PATHNAME>/$path/g;
+ $content =~ s/<SOURCES>/$srcs/g;
$content =~ s/<APPNAME>/$appname/g;
$content =~ s/<GUID>/$guid/g;
+ $content =~ s/INCLUDE_DIRECTORIES\r\n/$include_directories/g;
content_to_file( $content, "$dir/$appname.$ext" );
}
@@ -139,6 +167,7 @@
my $out = slurp_file( $main_tpl );
$out =~ s/SOURCE_ENTRIES\r\n/$source_entries/m;
$out =~ s/HEADER_ENTRIES\r\n/$header_entries/m;
+ $out =~ s/INCLUDE_DIRECTORIES\r\n/$include_directories/g;
content_to_file( $out, $main_out );
}
@@ -188,7 +217,19 @@
my @app_list = get_app_list();
my @headers = <$header_dir/*.h>;
- my @sources = <$source_dir/*.c>;
+
+ my @sources = ();
+ if ($include_crypto) {
+ @sources = <$crypto_dir/$source_dir/*.c>;
+ foreach my $file (<$source_dir/*.c>) {
+ my $basename = $file; $basename =~ s!.*/!!;
+ push @sources, $file unless -e "$crypto_dir/$source_dir/$basename";
+ }
+ push @headers, <$crypto_dir/$crypto_headers_dir/*.h>;
+ } else {
+ @sources = <$source_dir/*.c>;
+ }
+
map { s!/!\\!g } @headers;
map { s!/!\\!g } @sources;
diff --git a/tests/.jenkins/Jenkinsfile b/tests/.jenkins/Jenkinsfile
new file mode 100644
index 0000000..ed04053
--- /dev/null
+++ b/tests/.jenkins/Jenkinsfile
@@ -0,0 +1 @@
+mbedtls.run_job()
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 52632f8..ecf6f34 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -20,6 +20,13 @@
# on non-POSIX platforms.
add_definitions("-D_POSIX_C_SOURCE=200809L")
+# Test suites caught by SKIP_TEST_SUITES are built but not executed.
+# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"
+# but not "test_suite_foobar".
+string(REGEX REPLACE "[ ,;]" "|" SKIP_TEST_SUITES_REGEX "${SKIP_TEST_SUITES}")
+string(REPLACE "." "\\." SKIP_TEST_SUITES_REGEX "${SKIP_TEST_SUITES_REGEX}")
+set(SKIP_TEST_SUITES_REGEX "^(${SKIP_TEST_SUITES_REGEX})(\$|\\.)")
+
function(add_test_suite suite_name)
if(ARGV1)
set(data_name ${ARGV1})
@@ -29,14 +36,18 @@
add_custom_command(
OUTPUT test_suite_${data_name}.c
- COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl ${CMAKE_CURRENT_SOURCE_DIR}/suites test_suite_${suite_name} test_suite_${data_name}
- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl mbedtls suites/helpers.function suites/main_test.function suites/test_suite_${suite_name}.function suites/test_suite_${data_name}.data
+ COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o .
+ DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
)
include_directories(${CMAKE_CURRENT_SOURCE_DIR})
add_executable(test_suite_${data_name} test_suite_${data_name}.c)
target_link_libraries(test_suite_${data_name} ${libs})
- add_test(${data_name}-suite test_suite_${data_name} --verbose)
+ if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX})
+ message(STATUS "The test suite ${data_name} will not be executed.")
+ else()
+ add_test(${data_name}-suite test_suite_${data_name} --verbose)
+ endif()
endfunction(add_test_suite)
if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)
@@ -49,79 +60,18 @@
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-")
endif(MSVC)
-add_test_suite(aes aes.ecb)
-add_test_suite(aes aes.cbc)
-add_test_suite(aes aes.cfb)
-add_test_suite(aes aes.rest)
-add_test_suite(aes aes.xts)
-add_test_suite(arc4)
-add_test_suite(aria)
-add_test_suite(asn1write)
-add_test_suite(base64)
-add_test_suite(blowfish)
-add_test_suite(camellia)
-add_test_suite(ccm)
-add_test_suite(chacha20)
-add_test_suite(chachapoly)
-add_test_suite(cipher cipher.aes)
-add_test_suite(cipher cipher.arc4)
-add_test_suite(cipher cipher.blowfish)
-add_test_suite(cipher cipher.camellia)
-add_test_suite(cipher cipher.ccm)
-add_test_suite(cipher cipher.chacha20)
-add_test_suite(cipher cipher.chachapoly)
-add_test_suite(cipher cipher.des)
-add_test_suite(cipher cipher.gcm)
-add_test_suite(cipher cipher.null)
-add_test_suite(cipher cipher.padding)
-add_test_suite(cmac)
-add_test_suite(ctr_drbg)
add_test_suite(debug)
-add_test_suite(des)
-add_test_suite(dhm)
-add_test_suite(ecdh)
-add_test_suite(ecdsa)
-add_test_suite(ecjpake)
-add_test_suite(ecp)
-add_test_suite(entropy)
-add_test_suite(error)
-add_test_suite(gcm gcm.aes128_en)
-add_test_suite(gcm gcm.aes192_en)
-add_test_suite(gcm gcm.aes256_en)
-add_test_suite(gcm gcm.aes128_de)
-add_test_suite(gcm gcm.aes192_de)
-add_test_suite(gcm gcm.aes256_de)
-add_test_suite(gcm gcm.camellia)
-add_test_suite(hkdf)
-add_test_suite(hmac_drbg hmac_drbg.misc)
-add_test_suite(hmac_drbg hmac_drbg.no_reseed)
-add_test_suite(hmac_drbg hmac_drbg.nopr)
-add_test_suite(hmac_drbg hmac_drbg.pr)
-add_test_suite(md)
-add_test_suite(mdx)
-add_test_suite(memory_buffer_alloc)
-add_test_suite(mpi)
-add_test_suite(nist_kw)
-add_test_suite(pem)
-add_test_suite(pkcs1_v15)
-add_test_suite(pkcs1_v21)
-add_test_suite(pkcs5)
-add_test_suite(pk)
-add_test_suite(pkparse)
-add_test_suite(pkwrite)
-add_test_suite(poly1305)
-add_test_suite(shax)
add_test_suite(ssl)
-add_test_suite(timing)
-add_test_suite(rsa)
add_test_suite(version)
-add_test_suite(xtea)
add_test_suite(x509parse)
add_test_suite(x509write)
# Make scripts and data files needed for testing available in an
# out-of-source build.
if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
+ if(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/seedfile")
+ link_to_source(seedfile)
+ endif()
link_to_source(compat.sh)
link_to_source(data_files)
link_to_source(scripts)
diff --git a/tests/Makefile b/tests/Makefile
index 3632554..1679ee4 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -3,24 +3,28 @@
# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
CFLAGS ?= -O2
-WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wno-unused-function -Wno-unused-value
+WARNING_CFLAGS ?= -Wall -Wextra
LDFLAGS ?=
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
-LOCAL_LDFLAGS = -L../library \
+LOCAL_LDFLAGS = -L../library \
-lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX)
+LOCAL_LDFLAGS += -L../crypto/library
+LOCAL_CFLAGS += -I../crypto/include
+CRYPTO := ../crypto/library/
+
# Enable definition of various functions used throughout the testsuite
# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless
# on non-POSIX platforms.
LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L
ifndef SHARED
-DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
+DEP=$(CRYPTO)libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
else
-DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT)
+DEP=$(CRYPTO)libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT)
endif
ifdef DEBUG
@@ -39,10 +43,13 @@
ifdef SHARED
SHARED_SUFFIX=.$(DLEXT)
endif
+PYTHON ?= python
else
DLEXT ?= so
EXEXT=
SHARED_SUFFIX=
+# python2 for POSIX since FreeBSD has only python2 as default.
+PYTHON ?= python2
endif
# Zlib shared library extensions:
@@ -50,474 +57,132 @@
LOCAL_LDFLAGS += -lz
endif
-APPS = test_suite_aes.ecb$(EXEXT) test_suite_aes.cbc$(EXEXT) \
- test_suite_aes.cfb$(EXEXT) test_suite_aes.ofb$(EXEXT) \
- test_suite_aes.xts$(EXEXT) \
- test_suite_aes.rest$(EXEXT) test_suite_arc4$(EXEXT) \
- test_suite_aria$(EXEXT) test_suite_asn1write$(EXEXT) \
- test_suite_base64$(EXEXT) test_suite_blowfish$(EXEXT) \
- test_suite_camellia$(EXEXT) test_suite_ccm$(EXEXT) \
- test_suite_chacha20$(EXEXT) test_suite_chachapoly$(EXEXT) \
- test_suite_cmac$(EXEXT) \
- test_suite_cipher.chachapoly$(EXEXT) \
- test_suite_cipher.aes$(EXEXT) \
- test_suite_cipher.arc4$(EXEXT) test_suite_cipher.ccm$(EXEXT) \
- test_suite_cipher.chacha20$(EXEXT) \
- test_suite_cipher.gcm$(EXEXT) \
- test_suite_cipher.blowfish$(EXEXT) \
- test_suite_cipher.camellia$(EXEXT) \
- test_suite_cipher.des$(EXEXT) test_suite_cipher.null$(EXEXT) \
- test_suite_cipher.padding$(EXEXT) \
- test_suite_ctr_drbg$(EXEXT) test_suite_debug$(EXEXT) \
- test_suite_des$(EXEXT) test_suite_dhm$(EXEXT) \
- test_suite_ecdh$(EXEXT) test_suite_ecdsa$(EXEXT) \
- test_suite_ecjpake$(EXEXT) test_suite_ecp$(EXEXT) \
- test_suite_error$(EXEXT) test_suite_entropy$(EXEXT) \
- test_suite_gcm.aes128_de$(EXEXT) \
- test_suite_gcm.aes192_de$(EXEXT) \
- test_suite_gcm.aes256_de$(EXEXT) \
- test_suite_gcm.aes128_en$(EXEXT) \
- test_suite_gcm.aes192_en$(EXEXT) \
- test_suite_gcm.aes256_en$(EXEXT) \
- test_suite_gcm.camellia$(EXEXT) \
- test_suite_hkdf$(EXEXT) \
- test_suite_hmac_drbg.misc$(EXEXT) \
- test_suite_hmac_drbg.no_reseed$(EXEXT) \
- test_suite_hmac_drbg.nopr$(EXEXT) \
- test_suite_hmac_drbg.pr$(EXEXT) \
- test_suite_md$(EXEXT) test_suite_mdx$(EXEXT) \
- test_suite_memory_buffer_alloc$(EXEXT) \
- test_suite_mpi$(EXEXT) \
- test_suite_nist_kw$(EXEXT) \
- test_suite_pem$(EXEXT) test_suite_pkcs1_v15$(EXEXT) \
- test_suite_pkcs1_v21$(EXEXT) test_suite_pkcs5$(EXEXT) \
- test_suite_pkparse$(EXEXT) test_suite_pkwrite$(EXEXT) \
- test_suite_pk$(EXEXT) \
- test_suite_poly1305$(EXEXT) \
- test_suite_rsa$(EXEXT) test_suite_shax$(EXEXT) \
- test_suite_ssl$(EXEXT) test_suite_timing$(EXEXT) \
- test_suite_x509parse$(EXEXT) test_suite_x509write$(EXEXT) \
- test_suite_xtea$(EXEXT) test_suite_version$(EXEXT)
+# A test application is built for each suites/test_suite_*.data file.
+# Application name is same as .data file's base name and can be
+# constructed by stripping path 'suites/' and extension .data.
+APPS = $(basename $(subst suites/,,$(wildcard suites/test_suite_*.data)))
+
+APPS := $(filter-out \
+ test_suite_aes.% \
+ test_suite_arc4 \
+ test_suite_aria \
+ test_suite_asn1write \
+ test_suite_base64 \
+ test_suite_blowfish \
+ test_suite_camellia \
+ test_suite_ccm \
+ test_suite_chacha20 \
+ test_suite_chachapoly \
+ test_suite_cipher.% \
+ test_suite_cmac \
+ test_suite_ctr_drbg \
+ test_suite_des \
+ test_suite_dhm \
+ test_suite_ecdh \
+ test_suite_ecdsa \
+ test_suite_ecjpake \
+ test_suite_ecp \
+ test_suite_entropy \
+ test_suite_error \
+ test_suite_gcm.% \
+ test_suite_hkdf \
+ test_suite_hmac_drbg.% \
+ test_suite_md \
+ test_suite_mdx \
+ test_suite_memory_buffer_alloc \
+ test_suite_mpi \
+ test_suite_nist_kw \
+ test_suite_oid \
+ test_suite_pem \
+ test_suite_pk \
+ test_suite_pkcs1_v15 \
+ test_suite_pkcs1_v21 \
+ test_suite_pkcs5 \
+ test_suite_pkparse \
+ test_suite_pkwrite \
+ test_suite_poly1305 \
+ test_suite_rsa \
+ test_suite_shax \
+ test_suite_timing \
+ test_suite_xtea \
+ ,$(APPS))
+
+# Construct executable name by adding OS specific suffix $(EXEXT).
+BINARIES := $(addsuffix $(EXEXT),$(APPS))
.SILENT:
.PHONY: all check test clean
-all: $(APPS)
+all: $(BINARIES)
$(DEP):
$(MAKE) -C ../library
-# invoke perl explicitly for the sake of mingw32-make
+C_FILES := $(addsuffix .c,$(APPS))
-test_suite_aes.ecb.c : suites/test_suite_aes.function suites/test_suite_aes.ecb.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
+# Wildcard target for test code generation:
+# A .c file is generated for each .data file in the suites/ directory. Each .c
+# file depends on a .data and .function file from suites/ directory. Following
+# nameing convention is followed:
+#
+# C file | Depends on
+#-----------------------------------------------------------------------------
+# foo.c | suites/foo.function suites/foo.data
+# foo.bar.c | suites/foo.function suites/foo.bar.data
+#
+# Note above that .c and .data files have same base name.
+# However, corresponding .function file's base name is the word before first
+# dot in .c file's base name.
+#
+.SECONDEXPANSION:
+%.c: suites/$$(firstword $$(subst ., ,$$*)).function suites/%.data scripts/generate_test_code.py suites/helpers.function suites/main_test.function suites/host_test.function
echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_aes test_suite_aes.ecb
+ $(PYTHON) scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \
+ -d suites/$*.data \
+ -t suites/main_test.function \
+ -p suites/host_test.function \
+ -s suites \
+ --helpers-file suites/helpers.function \
+ -o .
-test_suite_aes.cbc.c : suites/test_suite_aes.function suites/test_suite_aes.cbc.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_aes test_suite_aes.cbc
-test_suite_aes.cfb.c : suites/test_suite_aes.function suites/test_suite_aes.cfb.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_aes test_suite_aes.cfb
-
-test_suite_aes.ofb.c : suites/test_suite_aes.function suites/test_suite_aes.ofb.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_aes test_suite_aes.ofb
-
-test_suite_aes.rest.c : suites/test_suite_aes.function suites/test_suite_aes.rest.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_aes test_suite_aes.rest
-
-test_suite_aes.xts.c : suites/test_suite_aes.function suites/test_suite_aes.xts.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_aes test_suite_aes.xts
-
-test_suite_cipher.aes.c : suites/test_suite_cipher.function suites/test_suite_cipher.aes.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.aes
-
-test_suite_cipher.arc4.c : suites/test_suite_cipher.function suites/test_suite_cipher.arc4.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.arc4
-
-test_suite_cipher.ccm.c : suites/test_suite_cipher.function suites/test_suite_cipher.ccm.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.ccm
-
-test_suite_cipher.chacha20.c : suites/test_suite_cipher.function suites/test_suite_cipher.chacha20.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.chacha20
-
-test_suite_cipher.chachapoly.c : suites/test_suite_cipher.function suites/test_suite_cipher.chachapoly.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.chachapoly
-
-test_suite_cipher.gcm.c : suites/test_suite_cipher.function suites/test_suite_cipher.gcm.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.gcm
-
-test_suite_cipher.blowfish.c : suites/test_suite_cipher.function suites/test_suite_cipher.blowfish.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.blowfish
-
-test_suite_cipher.camellia.c : suites/test_suite_cipher.function suites/test_suite_cipher.camellia.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.camellia
-
-test_suite_cipher.des.c : suites/test_suite_cipher.function suites/test_suite_cipher.des.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.des
-
-test_suite_cipher.null.c : suites/test_suite_cipher.function suites/test_suite_cipher.null.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.null
-
-test_suite_cipher.padding.c : suites/test_suite_cipher.function suites/test_suite_cipher.padding.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.padding
-
-test_suite_gcm.aes128_de.c : suites/test_suite_gcm.function suites/test_suite_gcm.aes128_de.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_gcm test_suite_gcm.aes128_de
-
-test_suite_gcm.aes192_de.c : suites/test_suite_gcm.function suites/test_suite_gcm.aes192_de.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_gcm test_suite_gcm.aes192_de
-
-test_suite_gcm.aes256_de.c : suites/test_suite_gcm.function suites/test_suite_gcm.aes256_de.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_gcm test_suite_gcm.aes256_de
-
-test_suite_gcm.aes128_en.c : suites/test_suite_gcm.function suites/test_suite_gcm.aes128_en.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_gcm test_suite_gcm.aes128_en
-
-test_suite_gcm.aes192_en.c : suites/test_suite_gcm.function suites/test_suite_gcm.aes192_en.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_gcm test_suite_gcm.aes192_en
-
-test_suite_gcm.aes256_en.c : suites/test_suite_gcm.function suites/test_suite_gcm.aes256_en.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_gcm test_suite_gcm.aes256_en
-
-test_suite_gcm.camellia.c : suites/test_suite_gcm.function suites/test_suite_gcm.camellia.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_gcm test_suite_gcm.camellia
-
-test_suite_hkdf.c : suites/test_suite_hkdf.function suites/test_suite_hkdf.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_hkdf test_suite_hkdf
-
-test_suite_hmac_drbg.misc.c : suites/test_suite_hmac_drbg.function suites/test_suite_hmac_drbg.misc.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_hmac_drbg test_suite_hmac_drbg.misc
-
-test_suite_hmac_drbg.no_reseed.c : suites/test_suite_hmac_drbg.function suites/test_suite_hmac_drbg.no_reseed.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_hmac_drbg test_suite_hmac_drbg.no_reseed
-
-test_suite_hmac_drbg.nopr.c : suites/test_suite_hmac_drbg.function suites/test_suite_hmac_drbg.nopr.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_hmac_drbg test_suite_hmac_drbg.nopr
-
-test_suite_hmac_drbg.pr.c : suites/test_suite_hmac_drbg.function suites/test_suite_hmac_drbg.pr.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites test_suite_hmac_drbg test_suite_hmac_drbg.pr
-
-%.c : suites/%.function suites/%.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
- echo " Gen $@"
- perl scripts/generate_code.pl suites $* $*
-
-test_suite_aes.ecb$(EXEXT): test_suite_aes.ecb.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_aes.cbc$(EXEXT): test_suite_aes.cbc.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_aes.cfb$(EXEXT): test_suite_aes.cfb.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_aes.ofb$(EXEXT): test_suite_aes.ofb.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_aes.rest$(EXEXT): test_suite_aes.rest.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_aes.xts$(EXEXT): test_suite_aes.xts.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_arc4$(EXEXT): test_suite_arc4.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_asn1write$(EXEXT): test_suite_asn1write.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_base64$(EXEXT): test_suite_base64.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_blowfish$(EXEXT): test_suite_blowfish.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_camellia$(EXEXT): test_suite_camellia.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_ccm$(EXEXT): test_suite_ccm.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_chacha20$(EXEXT): test_suite_chacha20.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_chachapoly$(EXEXT): test_suite_chachapoly.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cmac$(EXEXT): test_suite_cmac.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.aes$(EXEXT): test_suite_cipher.aes.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.arc4$(EXEXT): test_suite_cipher.arc4.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.ccm$(EXEXT): test_suite_cipher.ccm.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.chacha20$(EXEXT): test_suite_cipher.chacha20.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.chachapoly$(EXEXT): test_suite_cipher.chachapoly.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.gcm$(EXEXT): test_suite_cipher.gcm.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.blowfish$(EXEXT): test_suite_cipher.blowfish.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.camellia$(EXEXT): test_suite_cipher.camellia.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.des$(EXEXT): test_suite_cipher.des.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.null$(EXEXT): test_suite_cipher.null.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.padding$(EXEXT): test_suite_cipher.padding.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_ctr_drbg$(EXEXT): test_suite_ctr_drbg.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_des$(EXEXT): test_suite_des.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_dhm$(EXEXT): test_suite_dhm.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_ecdh$(EXEXT): test_suite_ecdh.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_ecdsa$(EXEXT): test_suite_ecdsa.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_ecjpake$(EXEXT): test_suite_ecjpake.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_ecp$(EXEXT): test_suite_ecp.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_entropy$(EXEXT): test_suite_entropy.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_error$(EXEXT): test_suite_error.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_gcm.aes128_de$(EXEXT): test_suite_gcm.aes128_de.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_gcm.aes192_de$(EXEXT): test_suite_gcm.aes192_de.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_gcm.aes256_de$(EXEXT): test_suite_gcm.aes256_de.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_gcm.aes128_en$(EXEXT): test_suite_gcm.aes128_en.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_gcm.aes192_en$(EXEXT): test_suite_gcm.aes192_en.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_gcm.aes256_en$(EXEXT): test_suite_gcm.aes256_en.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_gcm.camellia$(EXEXT): test_suite_gcm.camellia.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_hkdf$(EXEXT): test_suite_hkdf.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_hmac_drbg.misc$(EXEXT): test_suite_hmac_drbg.misc.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_hmac_drbg.no_reseed$(EXEXT): test_suite_hmac_drbg.no_reseed.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_hmac_drbg.nopr$(EXEXT): test_suite_hmac_drbg.nopr.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_hmac_drbg.pr$(EXEXT): test_suite_hmac_drbg.pr.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_md$(EXEXT): test_suite_md.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_mdx$(EXEXT): test_suite_mdx.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_memory_buffer_alloc$(EXEXT): test_suite_memory_buffer_alloc.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_mpi$(EXEXT): test_suite_mpi.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_nist_kw$(EXEXT): test_suite_nist_kw.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_pem$(EXEXT): test_suite_pem.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_pkcs1_v15$(EXEXT): test_suite_pkcs1_v15.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_pkcs1_v21$(EXEXT): test_suite_pkcs1_v21.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_pkcs5$(EXEXT): test_suite_pkcs5.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_pkparse$(EXEXT): test_suite_pkparse.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_pkwrite$(EXEXT): test_suite_pkwrite.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_pk$(EXEXT): test_suite_pk.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_poly1305$(EXEXT): test_suite_poly1305.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_rsa$(EXEXT): test_suite_rsa.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_shax$(EXEXT): test_suite_shax.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_ssl$(EXEXT): test_suite_ssl.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_timing$(EXEXT): test_suite_timing.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_x509parse$(EXEXT): test_suite_x509parse.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_x509write$(EXEXT): test_suite_x509write.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_xtea$(EXEXT): test_suite_xtea.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_debug$(EXEXT): test_suite_debug.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_version$(EXEXT): test_suite_version.c $(DEP)
+$(BINARIES): %$(EXEXT): %.c $(DEP)
echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-test_suite_aria$(EXEXT): test_suite_aria.c $(DEP)
- echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
clean:
ifndef WINDOWS
- rm -f $(APPS) *.c
+ rm -rf $(BINARIES) *.c *.datax TESTS
else
- del /Q /F *.c *.exe
+ del /Q /F *.c *.exe *.datax
+ifneq ($(wildcard TESTS/.*),)
+ rmdir /Q /S TESTS
+endif
endif
-check: $(APPS)
- perl scripts/run-test-suites.pl
+# Test suites caught by SKIP_TEST_SUITES are built but not executed.
+check: $(BINARIES)
+ perl scripts/run-test-suites.pl --skip=$(SKIP_TEST_SUITES)
test: check
+
+# Create separate targets for generating embedded tests.
+EMBEDDED_TESTS := $(addprefix embedded_,$(APPS))
+
+# Generate test code for target.
+
+.SECONDEXPANSION:
+$(EMBEDDED_TESTS): embedded_%: suites/$$(firstword $$(subst ., ,$$*)).function suites/%.data scripts/generate_test_code.py suites/helpers.function suites/main_test.function suites/target_test.function
+ echo " Gen ./TESTS/mbedtls/$*/$*.c"
+ $(PYTHON) scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \
+ -d suites/$*.data \
+ -t suites/main_test.function \
+ -p suites/target_test.function \
+ -s suites \
+ --helpers-file suites/helpers.function \
+ -o ./TESTS/mbedtls/$*
+
+generate-target-tests: $(EMBEDDED_TESTS)
+
diff --git a/tests/compat-in-docker.sh b/tests/compat-in-docker.sh
new file mode 100755
index 0000000..67a0807
--- /dev/null
+++ b/tests/compat-in-docker.sh
@@ -0,0 +1,65 @@
+#!/bin/bash -eu
+
+# compat-in-docker.sh
+#
+# Purpose
+# -------
+# This runs compat.sh in a Docker container.
+#
+# Notes for users
+# ---------------
+# If OPENSSL_CMD, GNUTLS_CLI, or GNUTLS_SERV are specified the path must
+# correspond to an executable inside the Docker container. The special
+# values "next" (OpenSSL only) and "legacy" are also allowed as shorthand
+# for the installations inside the container.
+#
+# See also:
+# - scripts/docker_env.sh for general Docker prerequisites and other information.
+# - compat.sh for notes about invocation of that script.
+
+# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
+source tests/scripts/docker_env.sh
+
+case "${OPENSSL_CMD:-default}" in
+ "legacy") export OPENSSL_CMD="/usr/local/openssl-1.0.1j/bin/openssl";;
+ "next") export OPENSSL_CMD="/usr/local/openssl-1.1.1a/bin/openssl";;
+ *) ;;
+esac
+
+case "${GNUTLS_CLI:-default}" in
+ "legacy") export GNUTLS_CLI="/usr/local/gnutls-3.3.8/bin/gnutls-cli";;
+ "next") export GNUTLS_CLI="/usr/local/gnutls-3.6.5/bin/gnutls-cli";;
+ *) ;;
+esac
+
+case "${GNUTLS_SERV:-default}" in
+ "legacy") export GNUTLS_SERV="/usr/local/gnutls-3.3.8/bin/gnutls-serv";;
+ "next") export GNUTLS_SERV="/usr/local/gnutls-3.6.5/bin/gnutls-serv";;
+ *) ;;
+esac
+
+run_in_docker \
+ -e M_CLI \
+ -e M_SRV \
+ -e GNUTLS_CLI \
+ -e GNUTLS_SERV \
+ -e OPENSSL_CMD \
+ -e OSSL_NO_DTLS \
+ tests/compat.sh \
+ $@
diff --git a/tests/compat.sh b/tests/compat.sh
index bf65e5e..80c2d31 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -15,13 +15,17 @@
set -u
+# Limit the size of each log to 10 GiB, in case of failures with this script
+# where it may output seemingly unlimited length error logs.
+ulimit -f 20971520
+
# initialise counters
TESTS=0
FAILED=0
SKIPPED=0
SRVMEM=0
-# default commands, can be overriden by the environment
+# default commands, can be overridden by the environment
: ${M_SRV:=../programs/ssl/ssl_server2}
: ${M_CLI:=../programs/ssl/ssl_client2}
: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
@@ -62,7 +66,8 @@
# avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
# - ARIA: not in default config.h + requires OpenSSL >= 1.1.1
# - ChachaPoly: requires OpenSSL >= 1.1.0
-EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR\|ARIA\|CHACHA20-POLY1305'
+# - 3DES: not in default config
+EXCLUDE='NULL\|DES\|RC4\|ARCFOUR\|ARIA\|CHACHA20-POLY1305'
VERBOSE=""
MEMCHECK=0
PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 4a24352..e75bf81 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -14,6 +14,8 @@
OPENSSL ?= openssl
FAKETIME ?= faketime
MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write
+MBEDTLS_CERT_REQ ?= $(PWD)/../../programs/x509/cert_req
+
## Build the generated test data. Note that since the final outputs
## are committed to the repository, this target should do nothing on a
@@ -37,19 +39,59 @@
test_ca_pwd_rsa = PolarSSLTest
test_ca_config_file = test-ca.opensslconf
-test-ca.csr: $(test_ca_key_file_rsa) $(test_ca_config_file)
- $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
-all_intermediate += test-ca.csr
-test-ca-sha1.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr
- $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha1 -in test-ca.csr -out $@
+test-ca.req.sha256: $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256
+all_intermediate += test-ca.req.sha256
+
+test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
+ $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
+all_final += test-ca.crt
+
+test-ca.crt.der: test-ca.crt
+ $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+all_final += test-ca.crt.der
+
+test-ca.key.der: $(test_ca_key_file_rsa)
+ $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)"
+all_final += test-ca.key.der
+
+test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
+ $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
all_final += test-ca-sha1.crt
-test-ca-sha256.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr
- $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.csr -out $@
+
+test-ca-sha1.crt.der: test-ca-sha1.crt
+ $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
+all_final += test-ca-sha1.crt.der
+
+test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
+ $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
all_final += test-ca-sha256.crt
+test-ca-sha256.crt.der: test-ca-sha256.crt
+ $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
+all_final += test-ca-sha256.crt.der
+
+test-ca_utf8.crt: $(test_ca_key_file_rsa)
+ $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -utf8 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
+all_final += test-ca_utf8.crt
+
+test-ca_printable.crt: $(test_ca_key_file_rsa)
+ $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
+all_final += test-ca_printable.crt
+
+test-ca_uppercase.crt: $(test_ca_key_file_rsa)
+ $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
+all_final += test-ca_uppercase.crt
+
test_ca_key_file_rsa_alt = test-ca-alt.key
-$(test_ca_key_file_rsa_alt):
+cert_example_multi.csr: rsa_pkcs1_1024_clear.pem
+ $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=www.example.com" -set_serial 17 -config $(test_ca_config_file) -extensions dns_alt_names -days 3650 -key rsa_pkcs1_1024_clear.pem -out $@
+
+cert_example_multi.crt: cert_example_multi.csr
+ $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -extensions dns_alt_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@
+
+$(test_ca_key_file_rsa_alt):test-ca.opensslconf
$(OPENSSL) genrsa -out $@ 2048
test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file)
$(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
@@ -67,6 +109,68 @@
test_ca_crt_file_ec = test-ca2.crt
test_ca_key_file_ec = test-ca2.key
+test-ca2.req.sha256: $(test_ca_key_file_ec)
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256
+all_intermediate += test-ca2.req.sha256
+
+test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
+ $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
+all_final += test-ca.crt
+
+test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
+ $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
+all_final += test-ca-any_policy.crt
+
+test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
+ $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
+all_final += test-ca-any_policy_ec.crt
+
+test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
+ $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
+all_final += test-ca-any_policy_with_qualifier.crt
+
+test-ca-any_policy_with_qualifier_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
+ $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
+all_final += test-ca-any_policy_with_qualifier_ec.crt
+
+test-ca-multi_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
+ $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
+all_final += test-ca-multi_policy.crt
+
+test-ca-multi_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
+ $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
+all_final += test-ca-multi_policy_ec.crt
+
+test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
+ $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
+all_final += test-ca-unsupported_policy.crt
+
+test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
+ $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
+all_final += test-ca-unsupported_policy_ec.crt
+
+test-ca.req_ec.sha256: $(test_ca_key_file_ec)
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256
+all_intermediate += test-ca.req_ec.sha256
+
+test-ca2.crt.der: $(test_ca_crt_file_ec)
+ $(OPENSSL) x509 -in $(test_ca_crt_file_ec) -out $@ -inform PEM -outform DER
+all_final += test-ca2.crt.der
+
+test-ca2.key.der: $(test_ca_key_file_ec)
+ $(OPENSSL) pkey -in $(test_ca_key_file_ec) -out $@ -inform PEM -outform DER
+all_final += test-ca2.key.der
+
+test_ca_crt_cat12 = test-ca_cat12.crt
+$(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec)
+ cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@
+all_final += $(test_ca_crt_cat12)
+
+test_ca_crt_cat21 = test-ca_cat21.crt
+$(test_ca_crt_cat21): $(test_ca_crt) $(test_ca_crt_file_ec)
+ cat $(test_ca_crt_file_ec) $(test_ca_crt) > $@
+all_final += $(test_ca_crt_cat21)
+
test-int-ca.csr: test-int-ca.key $(test_ca_config_file)
$(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@
all_intermediate += test-int-ca.csr
@@ -74,6 +178,9 @@
$(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
all_final += test-int-ca-exp.crt
+enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem
+ $(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+
crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
$(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@
all_final += crl-idp.pem
@@ -85,21 +192,23 @@
cli_crt_extensions_file = cli.opensslconf
cli-rsa.csr: $(cli_crt_key_file_rsa)
- $(OPENSSL) req -new -key $(cli_crt_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Client 2" -out $@
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Client 2" md=SHA1
all_intermediate += cli-rsa.csr
-cli-rsa-sha1.crt: $(cli_crt_key_file_rsa) test-ca-sha1.crt cli-rsa.csr
- $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha1.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha1 -in cli-rsa.csr -out $@
-all_final += cli-rsa-sha1.crt
-cli-rsa-sha256.crt: $(cli_crt_key_file_rsa) test-ca-sha256.crt cli-rsa.csr
- $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in cli-rsa.csr -out $@
+
+cli-rsa-sha1.crt: cli-rsa.csr
+ $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+
+cli-rsa-sha256.crt: cli-rsa.csr
+ $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
all_final += cli-rsa-sha256.crt
-server2-rsa.csr: server2.key
- $(OPENSSL) req -new -key server2.key -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
-all_intermediate += server2-rsa.csr
-server2-sha256.crt: server2-rsa.csr
- $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@
-all_final += server2-sha256.crt
+cli-rsa-sha256.crt.der: cli-rsa-sha256.crt
+ $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
+all_final += cli-rsa-sha256.crt.der
+
+ cli-rsa.key.der: $(cli_crt_key_file_rsa)
+ $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
+all_final += cli-rsa.key.der
test_ca_int_rsa1 = test-int-ca.crt
@@ -113,12 +222,36 @@
$(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
all_final += server7-future.crt
server7-badsign.crt: server7.crt $(test_ca_int_rsa1)
- { head -n-2 server7.crt; tail -n-2 server7.crt | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat test-int-ca.crt; } > server7-badsign.crt
+ { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@
all_final += server7-badsign.crt
server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt
cat server7.crt test-int-ca-exp.crt > $@
all_final += server7_int-ca-exp.crt
+cli2.req.sha256: cli2.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256
+
+all_final += server1.req.sha1
+cli2.crt: cli2.req.sha256
+ $(MBEDTLS_CERT_WRITE) request_file=cli2.req.sha256 serial=13 selfsign=0 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test EC CA" issuer_key=$(test_ca_key_file_ec) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
+all_final += cli2.crt
+
+cli2.crt.der: cli2.crt
+ $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
+all_final += cli2.crt.der
+
+cli2.key.der: cli2.key
+ $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
+all_final += cli2.key.der
+
+server5.crt.der: server5.crt
+ $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
+all_final += server5.crt.der
+
+server5.key.der: server5.key
+ $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
+all_final += server5.key.der
+
server5-ss-expired.crt: server5.key
$(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@
all_final += server5-ss-expired.crt
@@ -128,6 +261,28 @@
$(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@
all_final += server5-ss-forgeca.crt
+server5-othername.crt: server5.key
+ $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@
+
+server5-unsupported_othername.crt: server5.key
+ $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@
+
+server5-fan.crt: server5.key
+ $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -out $@
+
+server10-badsign.crt: server10.crt
+ { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
+all_final += server10-badsign.crt
+server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt
+ cat server10-badsign.crt test-int-ca3.crt > $@
+all_final += server10-bs_int3.pem
+test-int-ca3-badsign.crt: test-int-ca3.crt
+ { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
+all_final += test-int-ca3-badsign.crt
+server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt
+ cat server10.crt test-int-ca3-badsign.crt > $@
+all_final += server10_int3-bs.pem
+
rsa_pkcs1_2048_public.pem: server8.key
$(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@
all_final += rsa_pkcs1_2048_public.pem
@@ -714,6 +869,91 @@
$(OPENSSL) pkey -in $< -inform DER -out $@
all_final += ec_prv.pk8param.pem
+###
+### A generic SECP521R1 private key
+###
+
+secp521r1_prv.der:
+ $(OPENSSL) ecparam -genkey -name secp521r1 -noout -out secp521r1_prv.der
+all_final += secp521r1_prv.der
+
+################################################################
+### Generate CSRs for X.509 write test suite
+################################################################
+
+server1.req.sha1: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
+all_final += server1.req.sha1
+
+server1.req.md4: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD4
+all_final += server1.req.md4
+
+server1.req.md5: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5
+all_final += server1.req.md5
+
+server1.req.sha224: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224
+all_final += server1.req.sha224
+
+server1.req.sha256: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256
+all_final += server1.req.sha256
+
+server1.req.sha384: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384
+all_final += server1.req.sha384
+
+server1.req.sha512: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512
+all_final += server1.req.sha512
+
+server1.req.cert_type: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
+all_final += server1.req.cert_type
+
+server1.req.key_usage: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
+all_final += server1.req.key_usage
+
+server1.req.ku-ct: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
+all_final += server1.req.ku-ct
+
+server1.req.key_usage_empty: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1
+all_final += server1.req.key_usage_empty
+
+server1.req.cert_type_empty: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1
+all_final += server1.req.cert_type_empty
+
+# server2*
+
+server2.req.sha256: server2.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256
+all_intermediate += server2.req.sha256
+
+server2.crt.der: server2.crt
+ $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+all_final += server2.crt.der
+
+server2-sha256.crt.der: server2-sha256.crt
+ $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+all_final += server2-sha256.crt.der
+
+server2.key.der: server2.key
+ $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
+all_final += server2.key.der
+
+# server5*
+
+# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.'
+server5.req.ku.sha1: server5.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
+all_final += server5.req.ku.sha1
+
################################################################
### Generate certificates for CRT write check tests
################################################################
@@ -730,48 +970,76 @@
test_ca_server1_serial = test-ca.server1.serial
test_ca_server1_config_file = test-ca.server1.opensslconf
-server1.csr: server1.key server1_csr.opensslconf
- $(OPENSSL) req -keyform PEM -key server1.key -config server1_csr.opensslconf -out $@ -new
-all_final += server1.csr
+# server1*
-server1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
- $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
-server1.noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
- $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
+server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
+server1.crt.der: server1.crt
+ $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
server1.der: server1.crt
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
-all_final += server1.crt server1.noauthid.crt server1.der
+all_final += server1.crt server1.noauthid.crt server1.crt.der
-server1.key_usage.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
- $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
-server1.key_usage_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
- $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@
+server1.key_usage.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
+server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@
server1.key_usage.der: server1.key_usage.crt
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der
-server1.cert_type.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
- $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@
-server1.cert_type_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
- $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@
+server1.cert_type.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@
+server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@
server1.cert_type.der: server1.cert_type.crt
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der
-server1.v1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
- $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=1 output_file=$@
+server1.v1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=1 output_file=$@
server1.v1.der: server1.v1.crt
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
all_final += server1.v1.crt server1.v1.der
+server1_ca.crt: server1.crt $(test_ca_crt)
+ cat server1.crt $(test_ca_crt) > $@
+all_final += server1_ca.crt
+
+cert_sha1.crt: server1.key
+ $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1" serial=7 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+all_final += cert_sha1.crt
+
+cert_sha224.crt: server1.key
+ $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224" serial=8 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA224 version=3 output_file=$@
+all_final += cert_sha224.crt
+
+cert_sha256.crt: server1.key
+ $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256" serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
+all_final += cert_sha256.crt
+
+cert_sha384.crt: server1.key
+ $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384" serial=10 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA384 version=3 output_file=$@
+all_final += cert_sha384.crt
+
+cert_sha512.crt: server1.key
+ $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512" serial=11 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA512 version=3 output_file=$@
+all_final += cert_sha512.crt
+
+cert_example_wildcard.crt: server1.key
+ $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=*.example.com" serial=12 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+all_final += cert_example_wildcard.crt
+
# OpenSSL-generated certificates for comparison
# Also provide certificates in DER format to allow
# direct binary comparison using e.g. dumpasn1
-server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
+server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
echo "01" > $(test_ca_server1_serial)
rm -f $(test_ca_server1_db)
touch $(test_ca_server1_db)
- $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -extensions v3_ext -extfile $@.v3_ext -out $@
+ $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -extensions v3_ext -extfile $@.v3_ext -out $@
server1.der.openssl: server1.crt.openssl
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
server1.key_usage.der.openssl: server1.key_usage.crt.openssl
@@ -779,17 +1047,64 @@
server1.cert_type.der.openssl: server1.cert_type.crt.openssl
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
-server1.v1.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
+server1.v1.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
echo "01" > $(test_ca_server1_serial)
rm -f $(test_ca_server1_db)
touch $(test_ca_server1_db)
- $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -out $@
+ $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -out $@
server1.v1.der.openssl: server1.v1.crt.openssl
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
-server1_all: server1.csr server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
+# To revoke certificate in the openssl database:
+#
+# $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha256 -crldays 365 -revoke server1.crt
+crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
+ $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@
+server1_all: crl.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
+
+# server2*
+
+server2.crt: server2.req.sha256
+ $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+all_final += server2.crt
+
+server2.der: server2.crt
+ $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+all_final += server2.crt server2.der
+
+server2-sha256.crt: server2.req.sha256
+ $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
+all_final += server2-sha256.crt
+
+# MD2, MD4, MD5 test certificates
+
+cert_md_test_key = $(cli_crt_key_file_rsa)
+
+cert_md2.csr: $(cert_md_test_key)
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD2" md=MD2
+all_intermediate += cert_md2.csr
+
+cert_md2.crt: cert_md2.csr
+ $(MBEDTLS_CERT_WRITE) request_file=$< serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD2 version=3 output_file=$@
+all_final += cert_md2.crt
+
+cert_md4.csr: $(cert_md_test_key)
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD4" md=MD4
+all_intermediate += cert_md4.csr
+
+cert_md4.crt: cert_md4.csr
+ $(MBEDTLS_CERT_WRITE) request_file=$< serial=5 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD4 version=3 output_file=$@
+all_final += cert_md4.crt
+
+cert_md5.csr: $(cert_md_test_key)
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5
+all_intermediate += cert_md5.csr
+
+cert_md5.crt: cert_md5.csr
+ $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD5 version=3 output_file=$@
+all_final += cert_md5.crt
################################################################
#### Meta targets
diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt
index b56346a..6f54ed0 100644
--- a/tests/data_files/Readme-x509.txt
+++ b/tests/data_files/Readme-x509.txt
@@ -16,11 +16,13 @@
Two intermediate CAs are signed by them:
- test-int-ca.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA"
uses RSA-4096, signed by test-ca2
+ - test-int-ca-exp.crt is a copy that is expired
- test-int-ca2.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA"
- uses an EC key with NIST P-256, signed by test-ca
+ uses an EC key with NIST P-384, signed by test-ca
A third intermediate CA is signed by test-int-ca2.crt:
- test-int-ca3.crt "C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3"
+ uses an EC key with NIST P-256, signed by test-int-ca2
Finally, other CAs for specific purposes:
- enco-ca-prstr.pem: has its CN encoded as a printable string, but child cert
@@ -65,21 +67,41 @@
- server2*.crt: 1 R L: misc
- server3.crt: 1 E L: EC cert signed by RSA CA
- server4.crt: 2 R L: RSA cert signed by EC CA
-- server5*.crt: 2* E L: misc *(except server5-selfsigned)
+- server5*.crt: 2* E L: misc *(except -selfsigned and -ss-*)
-sha*: hashes
- -eku*: extendeKeyUsage (cli/srv = www client/server, cs = codesign, etc)
- -ku*: keyUsage (ds = signatures, ke/ka = key exchange/agreement)
+ .eku*: extendeKeyUsage (cli/srv = www client/server, cs = codesign, etc)
+ .ku*: keyUsage (ds = signatures, ke/ka = key exchange/agreement)
+ .req*: CSR, not certificate
+ -der*: trailing bytes in der (?)
+ -badsign.crt: S5 with corrupted signature
+ -expired.crt: S5 with "not after" date in the past
+ -future.crt: S5 with "not before" date in the future
+ -selfsigned.crt: Self-signed cert with S5 key
+ -ss-expired.crt: Self-signed cert with S5 key, expired
+ -ss-forgeca.crt: Copy of test-int-ca3 self-signed with S5 key
- server6-ss-child.crt: O E: "child" of non-CA server5-selfsigned
- server6.crt, server6.pem: 2 E L C: revoked
-- server7*.crt: I1 E L P1*: EC signed by RSA signed by EC
- *P1 except 7.crt, P2 _int-ca_ca2.crt
- *_space: with PEM error(s)
- _spurious: has spurious cert in its chain (S7 + I2 + I1)
+- server7.crt: I1 E L P1(usually): EC signed by RSA signed by EC
+ -badsign.crt: S7 with corrupted signature + I1
+ -expired.crt: S7 with "not after" date in the past + I1
+ -future.crt: S7 with "not before" date in the future + I1
+ _int-ca-exp.crt: S7 + expired I1
+ _int-ca.crt: S7 + I1
+ _int-ca_ca2.crt: S7 + I1 + 2
+ _all_space.crt: S7 + I1 both with misplaced spaces (invalid PEM)
+ _pem_space.crt: S7 with misplace space (invalid PEM) + I1
+ _trailing_space.crt: S7 + I1 both with trainling space (valid PEM)
+ _spurious_int-ca.crt: S7 + I2(spurious) + I1
- server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2)
- server9*.crt: 1 R C* L P1*: signed using RSASSA-PSS
*CRL for: 9.crt, -badsign, -with-ca (P1)
-- server10*.crt: I3 E L P2/P3
- _spurious: S10 + I3 + I1(spurious) + I2
+- server10.crt: I3 E L
+ -badsign.crt: S10 with corrupted signature
+ -bs_int3.pem: S10-badsign + I3
+ _int3-bs.pem: S10 + I3-badsign
+ _int3_int-ca2.crt: S10 + I3 + I2
+ _int3_int-ca2_ca.crt: S10 + I3 + I2 + 1
+ _int3_spurious_int-ca2.crt: S10 + I3 + I1(spurious) + I2
Certificate revocation lists
----------------------------
diff --git a/tests/data_files/cert_example_multi.crt b/tests/data_files/cert_example_multi.crt
index c1e1998..0e3295d 100644
--- a/tests/data_files/cert_example_multi.crt
+++ b/tests/data_files/cert_example_multi.crt
@@ -1,80 +1,17 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 17 (0x11)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: May 10 13:23:41 2012 GMT
- Not After : May 11 13:23:41 2022 GMT
- Subject: C=NL, O=PolarSSL, CN=www.example.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- X509v3 Subject Alternative Name:
- DNS:example.com, DNS:example.net, DNS:*.example.org
- Signature Algorithm: sha1WithRSAEncryption
- 4f:09:cb:7a:d5:ee:f5:ef:62:0d:dc:7b:a2:85:d6:8c:ca:95:
- b4:6b:da:11:5b:92:00:75:13:b9:ca:0b:ce:ea:fb:c3:1f:e2:
- 3f:7f:21:74:79:e2:e6:bc:da:06:e5:2f:6f:f6:55:c6:73:39:
- cf:48:bc:0d:2f:0c:d2:7a:06:c3:4a:4c:d9:48:5d:a0:d0:73:
- 89:e4:d4:85:1d:96:9a:0e:57:99:c6:6f:1d:21:27:1f:8d:05:
- 29:e8:40:ae:82:39:68:c3:97:07:cf:3c:93:4c:1a:df:2f:a6:
- a4:55:48:7f:7c:8c:1a:c9:22:da:24:cd:92:39:c6:8a:ec:b0:
- 8d:f5:69:82:67:cb:04:ee:de:53:41:96:c1:27:dc:2f:fe:33:
- fa:d3:0e:b8:d4:32:a9:84:28:53:a5:f0:d1:89:d5:a2:98:e7:
- 16:91:bb:9c:c0:41:8e:8c:58:ac:ff:e3:dd:2e:7a:ab:b0:b9:
- 71:76:ad:0f:27:33:f7:a9:29:d3:c0:76:c0:bf:06:40:7c:0e:
- d5:a4:7c:8a:e2:32:6e:16:ae:da:64:1f:b0:55:7c:db:dd:f1:
- a4:ba:44:7c:b3:99:58:d2:34:6e:00:ea:97:6c:14:3a:f2:10:
- 1e:0a:a2:49:10:76:01:f4:f2:c8:18:fd:cc:63:46:12:8b:09:
- 1b:f1:94:e6
-----BEGIN CERTIFICATE-----
-MIIDcjCCAlqgAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTIwNTEwMTMyMzQxWhcNMjIwNTExMTMyMzQxWjA6MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfHtW2M
-/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgYLYAb
-VPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZhZ7ou
-B2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8kq7r
-3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTVwd+4
-Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEAAaOB
-gTB/MAkGA1UdEwQCMAAwHQYDVR0OBBYEFH3knGvm+XF9RtISPa1rHf3CqnhMMB8G
-A1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MDIGA1UdEQQrMCmCC2V4YW1w
-bGUuY29tggtleGFtcGxlLm5ldIINKi5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQUF
-AAOCAQEATwnLetXu9e9iDdx7ooXWjMqVtGvaEVuSAHUTucoLzur7wx/iP38hdHni
-5rzaBuUvb/ZVxnM5z0i8DS8M0noGw0pM2UhdoNBzieTUhR2Wmg5XmcZvHSEnH40F
-KehAroI5aMOXB888k0wa3y+mpFVIf3yMGski2iTNkjnGiuywjfVpgmfLBO7eU0GW
-wSfcL/4z+tMOuNQyqYQoU6Xw0YnVopjnFpG7nMBBjoxYrP/j3S56q7C5cXatDycz
-96kp08B2wL8GQHwO1aR8iuIybhau2mQfsFV8293xpLpEfLOZWNI0bgDql2wUOvIQ
-HgqiSRB2AfTyyBj9zGNGEosJG/GU5g==
+MIICojCCAYqgAwIBAgIBETANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwNzEwMTEyNzUyWhcNMjkwNzEwMTEyNzUyWjA6MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEAxziSxcP0cBAIa/gTNezzARyKJQ+VgjYeqh6W
+ElUarPh7dTMLcFcznNmV8U1MRDfIvsSgP+RkPNPzyQJDPcN8W455qgmEroITNwq/
+hWm9KjVibLH+5KzgQrJBfHvknScUmywHa45DPT9sdjpGmhxwDSWdvAjHQPzYAjdi
+/33r/C0CAwEAAaM2MDQwMgYDVR0RBCswKYILZXhhbXBsZS5jb22CC2V4YW1wbGUu
+bmV0gg0qLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQCJbFizurHz804x
+6NbsvsPPgLcESq0OcGOEXOCOe8seZqomhSYTXtHBzrFtRp2/gmtORq2oapoDDiq+
+I+xRLJYsUBut2NdkZmEIRSW4n4sXJwqb0fXTTkd7EAXBvGNWbERab5Sbf84oqd4t
+yjjz2u+Hvx8hZCHJG2V9qg3zaw5zJT1AfAsMbjXqi8CfU7U+Fcor+O3GeuUVgpJC
+QCXb2Qjj3ZmrCvGZA9x59XtnEN6m2O4pWkmqR/Z7MlQrZzQ80vcQMk9+qoKIr2EJ
+RcJhAtE+dLV19IlccwsDlGx5kT5N5zSYLK9nARV1/AjK48bUxGH353A1Y2MCfy0E
+dXDReJa1
-----END CERTIFICATE-----
diff --git a/tests/data_files/cert_example_wildcard.crt b/tests/data_files/cert_example_wildcard.crt
index 4895e8a..ab417c5 100644
--- a/tests/data_files/cert_example_wildcard.crt
+++ b/tests/data_files/cert_example_wildcard.crt
@@ -1,77 +1,20 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 12 (0xc)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 7 16:06:36 2012 GMT
- Not After : Feb 7 16:06:36 2022 GMT
- Subject: C=NL, O=PolarSSL, CN=*.example.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- 91:b3:84:5c:5d:60:f2:a5:0a:4a:dc:d6:c6:75:da:34:52:72:
- 6c:0e:60:4f:ef:0e:55:f3:4b:bf:d0:40:e7:91:2c:a7:94:8f:
- 3d:db:0a:ec:b2:f5:83:a7:a1:33:61:96:37:57:14:80:5b:e7:
- bc:e1:d3:2c:36:32:6f:ef:7a:00:99:33:15:fc:38:20:df:74:
- 7d:3d:0f:81:d0:b4:fd:b6:46:f1:c5:b8:bc:de:74:a2:41:a7:
- c8:51:da:20:12:82:3e:0c:8c:48:da:19:b6:52:e9:4f:67:c1:
- 28:9e:20:b6:ce:be:89:bd:64:d7:05:3e:87:af:ba:2b:5d:aa:
- fe:62:66:fb:a6:75:ad:89:a1:18:e8:78:54:ea:df:0a:85:e9:
- 32:32:a8:1a:cd:35:81:f8:a8:da:d1:16:8a:63:e7:67:da:6e:
- e1:3b:1c:31:20:99:ee:e2:b2:fb:82:c5:21:e2:63:4c:61:15:
- 4d:53:ad:dd:15:7f:0b:b6:33:43:ad:27:8a:b1:af:93:17:72:
- c4:be:31:26:93:3c:7d:fc:d5:3d:cf:0b:be:c5:7b:e9:b4:f8:
- f3:30:f2:f5:a2:27:eb:9a:71:fc:7f:79:5e:88:c5:a6:2d:33:
- 57:ba:38:06:e6:ad:0b:96:97:9d:cc:94:7b:83:09:17:a6:ee:
- ce:bb:0f:36
-----BEGIN CERTIFICATE-----
MIIDOzCCAiOgAwIBAgIBDDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTIwMjA3MTYwNjM2WhcNMjIwMjA3MTYwNjM2WjA4MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxFjAUBgNVBAMUDSouZXhhbXBsZS5jb20wggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5PErFyKOOkBeknlKqcXUmYYDnx7VtjP+q
-tkEmt74RrVxzFgxkEUgE/9bhOwXbibuzlwnVHBTdaIc5sD1xy+J20BrYGC2AG1T2
-5USa8cuvYS7fSQ2dCbftsf08/Tz6JM9dv3zkU+cltepEIukm0+oglJ7mYWe6Lgdn
-CwMvognt8DOPC84Q72ekxgjawe3CP9dK3RU9+V4cgWBGPrWzPS+m3kccvJKu698n
-axZWt9zs0VVXpW7sdSX1t3vfq9I6WpGYfZcXCxMKp2tKi8FHMPs6+EEE1cHfuB2/
-ewGlZaLgHja3plzMMFr4zW/N8RliJcoB4zV/+iD13P1psmoAfRf3AgMBAAGjTTBL
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFH3knGvm+XF9RtISPa1rHf3CqnhMMB8GA1Ud
-IwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUAA4IBAQCR
-s4RcXWDypQpK3NbGddo0UnJsDmBP7w5V80u/0EDnkSynlI892wrssvWDp6EzYZY3
-VxSAW+e84dMsNjJv73oAmTMV/Dgg33R9PQ+B0LT9tkbxxbi83nSiQafIUdogEoI+
-DIxI2hm2UulPZ8EoniC2zr6JvWTXBT6Hr7orXar+Ymb7pnWtiaEY6HhU6t8Kheky
-MqgazTWB+Kja0RaKY+dn2m7hOxwxIJnu4rL7gsUh4mNMYRVNU63dFX8LtjNDrSeK
-sa+TF3LEvjEmkzx9/NU9zwu+xXvptPjzMPL1oifrmnH8f3leiMWmLTNXujgG5q0L
-lpedzJR7gwkXpu7Ouw82
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA4MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxFjAUBgNVBAMMDSouZXhhbXBsZS5jb20wggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAh89QGrVVVOL/TbugmUuFWFeib+46EWQ
+2+6IFlLT8UNQR5YSWWSHa/0r4Eb5c77dz5LhkVvtZqBviSl5RYDQg2rVQUN3Xzl8
+CQRHgrBXOXDto+wVGR6oMwhHwQVCqf1Mw7Tf3QYfTRBRQGdzEw9A+G2BJV8KsVPG
+MH4VOaz5Wu5/kp6mBVvnE5eFtSOS2dQkBtUJJYl1B92mGo8/CRm+rWUsZOuVm9z+
+QV4XptpsW2nMAroULBYknErczdD3Umdz8S2gI/1+9DHKLXDKiQsE2y6mT3Buns69
+WIniU1meblqSZeKIPwyUGaPd5eidlRPtKdurcBLcWsprF6tSglSxAgMBAAGjTTBL
+MAkGA1UdEwQCMAAwHQYDVR0OBBYEFB901j8pwXR0RTsFEiw9qL1DWQKmMB8GA1Ud
+IwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUAA4IBAQBx
+d7aXXhUG1EM6HrkN6XOOXykuDIgh8iQi7+D9TANwbXtPJk0hiCqtChOC31Hao79U
+5E23Y2LsFP+Ap/jLRpZYvxkk9kcBjgcp0GTxPHLu2n7ijsGuj/765FGG4wTVTtrF
+uU8ZNI3uGoz2SjLyvNLz7aulavagcLt0P32TzURezJH47RN8JxriEXGbxVf0CCNl
+Zw/hWy+g5yT12AT0dYwX1UeFT6JMXwwDrCG+W1uBY35wgTovrh5YYvNc1JFpzh+o
+vvu9Tq7rsX7P4f7/gu8f4MMDuzMryUyGCYMexQkXJNBz2S/igLFbuX1VmsLlX8zm
+iDqWV5xLtVuLbgQGKa4q
-----END CERTIFICATE-----
diff --git a/tests/data_files/cert_md2.crt b/tests/data_files/cert_md2.crt
index bfea77b..94b89af 100644
--- a/tests/data_files/cert_md2.crt
+++ b/tests/data_files/cert_md2.crt
@@ -1,77 +1,20 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 9 (0x9)
- Signature Algorithm: md2WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Jul 12 10:56:59 2009 GMT
- Not After : Jul 12 10:56:59 2011 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc:
- 79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b:
- 99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a:
- 1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49:
- 2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92:
- 2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5:
- ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10:
- 29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83:
- 98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74:
- 1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2:
- 5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35:
- c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84:
- cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e:
- 25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50:
- 9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74:
- 96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d:
- 72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29:
- b2:27
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6
- X509v3 Authority Key Identifier:
- keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21
-
- Signature Algorithm: md2WithRSAEncryption
- 28:5a:dd:48:fb:ec:80:fe:de:b7:20:c0:4c:05:a9:4b:51:e9:
- a7:d1:4b:5e:76:42:d2:5d:9a:14:19:3b:cb:f9:91:d7:0f:11:
- c9:cd:dd:00:8b:2c:76:73:22:a0:19:49:81:63:40:30:48:27:
- 62:90:ca:b8:dc:33:35:b3:4b:58:ca:dc:07:66:87:2e:ea:44:
- 2a:6a:13:67:7a:32:5e:48:1d:88:88:c5:70:e6:e7:ec:1b:2f:
- a7:f4:61:71:29:f6:66:93:30:60:7e:b3:4c:01:c8:2c:53:ce:
- 00:11:ec:bf:f6:f2:ce:51:97:d8:ed:ed:dc:c9:6b:b8:19:15:
- c8:9a:61:6d:12:9a:99:25:d8:03:1d:a6:4c:20:a5:f8:46:a3:
- 05:32:bb:1a:8e:1a:65:0d:f3:13:35:1d:6f:73:28:31:12:d7:
- c4:9e:73:a0:a7:ce:82:25:d1:40:e8:1b:77:60:f3:3e:81:7f:
- 19:ee:cf:97:4d:c8:c3:35:9b:72:98:3b:c3:35:43:14:0a:04:
- 21:7b:f7:db:e6:5f:ce:21:d1:ce:bf:b7:ef:c1:63:21:c2:78:
- e1:37:aa:b1:e0:31:b3:b6:63:4c:fd:66:c8:e6:cf:f8:d9:97:
- 2f:cf:92:81:3f:d4:bf:ec:e2:ad:6e:39:c7:a6:a8:e0:32:b0:
- 2e:0d:e1:30
-----BEGIN CERTIFICATE-----
MIIDPzCCAiegAwIBAgIBCTANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MDkwNzEyMTA1NjU5WhcNMTEwNzEyMTA1NjU5WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENlcnQgTUQyMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BN0gcYS9mddoWZy7dx5tlhcMliz
-1BT9bAJhnguZRmOjCkHUQjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtgYjGD
-J39LlZIuoNbGhJRLs+SmzP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KHqHza
-CYOYnXplXiBSBy5lpTH92XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP6zXJ
-8apGTnR//h2wkR+JSoTL33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCeJF1y
-leCiBkGMYeRQV3SWsSm1oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwIDAQAB
-o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBS3UdTlINVFVPTFURvggrVhBa+btjAf
-BgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQIFAAOC
-AQEAKFrdSPvsgP7etyDATAWpS1Hpp9FLXnZC0l2aFBk7y/mR1w8Ryc3dAIssdnMi
-oBlJgWNAMEgnYpDKuNwzNbNLWMrcB2aHLupEKmoTZ3oyXkgdiIjFcObn7Bsvp/Rh
-cSn2ZpMwYH6zTAHILFPOABHsv/byzlGX2O3t3MlruBkVyJphbRKamSXYAx2mTCCl
-+EajBTK7Go4aZQ3zEzUdb3MoMRLXxJ5zoKfOgiXRQOgbd2DzPoF/Ge7Pl03IwzWb
-cpg7wzVDFAoEIXv32+ZfziHRzr+378FjIcJ44TeqseAxs7ZjTP1myObP+NmXL8+S
-gT/Uv+zirW45x6ao4DKwLg3hMA==
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDAwMTAxMTIxMjEyWhcNMzAwMTAxMTIxMjEyWjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENlcnQgTUQyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
+M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
+1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw
+MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
+4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
+/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQIFAAOC
+AQEAXLWqy34iaZ2YV+5eE1QMV/9m9nQI2X/yumRH1MT1R3oYde/YDV7+HSOM6qLs
+qSgH1DSyXv1YnJww2OyTtAVhPalICLjVjUQCyeUCiFpAIO6Xz1VE6v4GMFLqhlV1
+Nox9dDtR5Go2zwPaH64Ze9GxuDZfW+VnPRNgYOrqqCBnuhnp2uPRfOewus2AAo50
+dx1XTooCEqElQlB9EIPWbvPdJZjRjruCUtDbz+oxG4J4Ml4KCYm+/MyXNPqxV9+H
+5A9oQltuHMWasMWSfXeimQI5PPpdjndmJOhfT4RGmvTw/uNC/Xuy1kPxXQKoocz6
+93U8RQvyJxdIPtQuARNMRZ7G+Q==
-----END CERTIFICATE-----
diff --git a/tests/data_files/cert_md4.crt b/tests/data_files/cert_md4.crt
index 16f166b..7d0f7cb 100644
--- a/tests/data_files/cert_md4.crt
+++ b/tests/data_files/cert_md4.crt
@@ -1,77 +1,20 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 5 (0x5)
- Signature Algorithm: md4WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: md4WithRSAEncryption
- 94:db:e1:86:71:2d:43:d6:51:61:a7:95:bc:e8:73:da:ff:e4:
- fd:41:0f:5c:de:14:f4:c4:ba:5d:2c:30:2c:a6:dc:2d:e8:87:
- 45:f1:c5:fe:d1:4a:64:99:19:09:2f:72:7c:3f:8d:c8:31:22:
- dd:0a:69:03:3d:12:8c:4d:c3:f7:a3:c5:d1:5d:c9:ff:4b:83:
- 6b:d6:b4:e5:d8:ce:94:5e:ec:bf:68:c5:b2:63:8e:5c:cb:f3:
- 8d:62:73:82:62:7e:df:db:7d:0b:8d:21:10:db:9a:a1:62:4d:
- 46:42:d1:bb:38:32:ef:c1:fc:a1:e2:7f:60:08:37:32:20:2c:
- 7c:a2:c9:12:0d:89:fe:2b:15:08:91:79:e2:a9:79:a4:da:cd:
- 81:43:01:e2:09:2d:1a:f4:16:ef:af:4d:50:46:5e:2d:dd:48:
- 27:10:c0:42:b7:a5:9e:c2:1f:6e:50:36:03:ed:95:77:9a:a3:
- d9:4c:d7:23:93:b1:24:2a:63:27:28:7a:de:3d:59:d2:92:c8:
- 8f:f6:39:1d:65:ab:09:78:05:46:90:a9:f6:10:b1:ef:c8:8c:
- 4d:7d:8d:f2:78:b7:88:15:09:7e:df:e9:87:a8:64:c1:95:53:
- fb:da:05:b7:62:bc:ad:fb:d9:a4:a9:06:6c:6b:98:01:b9:39:
- 78:d3:4e:87
-----BEGIN CERTIFICATE-----
MIIDPzCCAiegAwIBAgIBBTANBgkqhkiG9w0BAQMFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENlcnQgTUQ0MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA58e1
-bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa2Bgt
-gBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe5mFn
-ui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5HHLyS
-ruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhBBNXB
-37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wIDAQAB
-o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAf
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDAwMTAxMTIxMjEyWhcNMzAwMTAxMTIxMjEyWjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENlcnQgTUQ0MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
+M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
+1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw
+MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
+4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
+/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQMFAAOC
-AQEAlNvhhnEtQ9ZRYaeVvOhz2v/k/UEPXN4U9MS6XSwwLKbcLeiHRfHF/tFKZJkZ
-CS9yfD+NyDEi3QppAz0SjE3D96PF0V3J/0uDa9a05djOlF7sv2jFsmOOXMvzjWJz
-gmJ+39t9C40hENuaoWJNRkLRuzgy78H8oeJ/YAg3MiAsfKLJEg2J/isVCJF54ql5
-pNrNgUMB4gktGvQW769NUEZeLd1IJxDAQrelnsIfblA2A+2Vd5qj2UzXI5OxJCpj
-Jyh63j1Z0pLIj/Y5HWWrCXgFRpCp9hCx78iMTX2N8ni3iBUJft/ph6hkwZVT+9oF
-t2K8rfvZpKkGbGuYAbk5eNNOhw==
+AQEArXIW7Dy1hBXMKY8/TAfACqkFZzbGDJdD5ohQknENk6FzUHVw9SVibhi5J+nh
+/mhUhoczFg78T8ZopDcsPHKQTuy0LNcLWhZDD4S4CJCibmsf+8BWmPcSp1tsS9Zj
+etO5qNuUarL74W+rRa3qQcCXcglYTubv/PcCV+LGVqZ4XDlO5EBFJJREAREzG+iK
+Epm2y0mi1WTwjy7m7rxYHs5i5ybDHDDwU55H5wh50Vs4/vDx2kZab2K9gx6V2ggY
+CCYmRWKQHdI4XZBkpYFbbREZxMY4Y5c2PUMlr8GUq6s6eu9/GvmnIx/+EySSfxgv
+9GpN+gnyx03hjYNGO7iX8nPnXA==
-----END CERTIFICATE-----
diff --git a/tests/data_files/cert_md5.crt b/tests/data_files/cert_md5.crt
index 13d43f1..e514fd6 100644
--- a/tests/data_files/cert_md5.crt
+++ b/tests/data_files/cert_md5.crt
@@ -1,77 +1,20 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 6 (0x6)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: md5WithRSAEncryption
- 92:13:81:0c:ff:ac:ab:98:52:6c:28:c9:c6:3e:80:c6:ec:77:
- d0:13:e1:a2:29:1d:2f:b7:c5:95:41:83:60:d9:50:9c:d0:d6:
- 09:f7:0f:97:cd:c0:e6:b2:68:fa:31:c9:2a:a3:d3:1e:53:ae:
- 79:dc:35:ba:b0:d9:e5:7a:37:1b:2a:92:fa:d2:59:90:43:1b:
- 6a:91:c1:db:36:da:e9:39:d3:f5:ac:e3:46:01:ca:55:04:17:
- 1a:b1:97:28:e8:ff:1b:e7:e1:10:c9:b5:31:d8:ce:a6:89:6a:
- 4a:df:78:7b:02:2f:83:b3:41:d5:ef:0b:b6:44:ff:32:a6:cf:
- 1b:c2:f4:b0:75:66:a9:da:6f:7c:a5:e3:c6:c1:3a:2f:bf:f8:
- 12:6f:04:2c:37:f2:4e:fc:b9:09:ff:a4:5b:40:19:e9:58:91:
- 64:82:d6:ad:b9:7f:c0:12:c2:ce:b7:b6:ba:fb:10:a2:3f:74:
- 97:10:39:d4:dc:4a:e5:5c:f7:e5:3a:d9:68:d7:17:6b:f5:51:
- 08:b4:a2:30:0d:cc:36:10:6d:4e:1d:22:cc:48:d1:38:44:ba:
- cc:2b:47:99:f7:c6:8b:41:24:f3:f1:2c:10:1a:f2:88:bb:b2:
- e0:fd:44:26:3d:ad:ea:af:1d:d0:00:56:41:4e:f4:b0:3b:9d:
- 32:6f:48:c7
-----BEGIN CERTIFICATE-----
MIIDPzCCAiegAwIBAgIBBjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENlcnQgTUQ1MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA58e1
-bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa2Bgt
-gBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe5mFn
-ui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5HHLyS
-ruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhBBNXB
-37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wIDAQAB
-o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAf
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDAwMTAxMTIxMjEyWhcNMzAwMTAxMTIxMjEyWjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENlcnQgTUQ1MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
+M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
+1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw
+MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
+4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
+/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQQFAAOC
-AQEAkhOBDP+sq5hSbCjJxj6Axux30BPhoikdL7fFlUGDYNlQnNDWCfcPl83A5rJo
-+jHJKqPTHlOuedw1urDZ5Xo3GyqS+tJZkEMbapHB2zba6TnT9azjRgHKVQQXGrGX
-KOj/G+fhEMm1MdjOpolqSt94ewIvg7NB1e8LtkT/MqbPG8L0sHVmqdpvfKXjxsE6
-L7/4Em8ELDfyTvy5Cf+kW0AZ6ViRZILWrbl/wBLCzre2uvsQoj90lxA51NxK5Vz3
-5TrZaNcXa/VRCLSiMA3MNhBtTh0izEjROES6zCtHmffGi0Ek8/EsEBryiLuy4P1E
-Jj2t6q8d0ABWQU70sDudMm9Ixw==
+AQEAF4QcMshVtVbYgvvU7f2lWakubbAISM/k+FW/f7u63m0MSSoSFeYflBOC1Wf4
+imgDEnWcWTH5V7sxsLNogxfpfTuFUaKfHeQmRhAK4UgqbDEs4dZvgo3wZ/w92G0/
+QNntJefnqaFiITXZTn6J8hxeoEq4QbucbWgeY6fTAwXtIv40BvMOSakkuIFAyIvV
+90VY1j4vnx0/xv5lIBAxah1HdtXhqtDu/sUfdCtWX5SCcVUwwM3gZ4Q1ZdWQmlvF
+737ZG7XaINxsDaI04sJxc7qvuRYhLdCwUPnZL5TGEQJ8jNa/39eEbnkvs7hbTU98
+6qG8UAYsSI7aMe1j7DZpkoPL9w==
-----END CERTIFICATE-----
diff --git a/tests/data_files/cert_sha1.crt b/tests/data_files/cert_sha1.crt
index 718b2f2..1e23585 100644
--- a/tests/data_files/cert_sha1.crt
+++ b/tests/data_files/cert_sha1.crt
@@ -1,77 +1,20 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 7 (0x7)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- 93:26:40:68:3d:e7:62:ea:d1:6a:78:2b:c2:07:f3:0d:3b:f6:
- 69:18:cd:08:5e:31:e7:48:60:08:2a:46:b6:de:d1:35:0a:ec:
- 31:36:83:7d:eb:7c:d8:63:09:c3:e4:c5:10:ca:7c:7b:2f:20:
- 4d:d2:0e:5f:ee:09:e3:84:4f:28:cc:08:74:9a:11:23:5f:de:
- 0e:3a:0f:8b:2d:64:91:05:f6:d5:c7:30:c8:20:ee:6c:c4:62:
- 7c:8d:a8:4d:2e:70:8c:ac:b5:5d:de:9b:10:5c:98:fd:a1:78:
- 9b:9c:f0:73:33:de:2f:8c:59:fa:dc:af:4c:df:97:e3:9d:00:
- 37:9a:fa:d3:67:77:b9:2f:b9:4a:23:ad:f9:b4:a1:b7:ac:c5:
- a8:0f:62:8c:e6:7e:b4:94:2a:db:f2:fc:52:92:a4:9e:4e:51:
- 4f:9d:c0:ce:ae:3d:17:1c:94:6c:5f:e8:16:b5:ce:2e:e2:5a:
- cf:6a:db:dd:b0:d4:be:62:a5:46:92:30:7c:7c:fc:05:f8:78:
- 30:93:30:28:ab:69:a1:72:31:dc:3b:97:63:3a:5b:b3:e1:34:
- 86:80:4a:28:f5:dc:d5:84:8c:13:a4:6c:d2:c1:2d:a6:25:d7:
- 6f:c9:93:78:a5:16:ba:d9:17:6e:3e:ca:96:f2:9e:5c:e3:ae:
- 12:2e:a5:11
-----BEGIN CERTIFICATE-----
MIIDQDCCAiigAwIBAgIBBzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA9MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGzAZBgNVBAMTElBvbGFyU1NMIENlcnQgU0hBMTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALk8SsXIo46QF6SeUqpxdSZhgOfH
-tW2M/6q2QSa3vhGtXHMWDGQRSAT/1uE7BduJu7OXCdUcFN1ohzmwPXHL4nbQGtgY
-LYAbVPblRJrxy69hLt9JDZ0Jt+2x/Tz9PPokz12/fORT5yW16kQi6SbT6iCUnuZh
-Z7ouB2cLAy+iCe3wM48LzhDvZ6TGCNrB7cI/10rdFT35XhyBYEY+tbM9L6beRxy8
-kq7r3ydrFla33OzRVVelbux1JfW3e9+r0jpakZh9lxcLEwqna0qLwUcw+zr4QQTV
-wd+4Hb97AaVlouAeNremXMwwWvjNb83xGWIlygHjNX/6IPXc/WmyagB9F/cCAwEA
-AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUfeSca+b5cX1G0hI9rWsd/cKqeEww
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA9MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGzAZBgNVBAMMElBvbGFyU1NMIENlcnQgU0hBMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J
+v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB
+Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl
+XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk
+65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP
+cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA
+AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TWPynBdHRFOwUSLD2ovUNZAqYw
HwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQAD
-ggEBAJMmQGg952Lq0Wp4K8IH8w079mkYzQheMedIYAgqRrbe0TUK7DE2g33rfNhj
-CcPkxRDKfHsvIE3SDl/uCeOETyjMCHSaESNf3g46D4stZJEF9tXHMMgg7mzEYnyN
-qE0ucIystV3emxBcmP2heJuc8HMz3i+MWfrcr0zfl+OdADea+tNnd7kvuUojrfm0
-obesxagPYozmfrSUKtvy/FKSpJ5OUU+dwM6uPRcclGxf6Ba1zi7iWs9q292w1L5i
-pUaSMHx8/AX4eDCTMCiraaFyMdw7l2M6W7PhNIaASij13NWEjBOkbNLBLaYl12/J
-k3ilFrrZF24+ypbynlzjrhIupRE=
+ggEBAFAHuWfjOp+GaM5dP3NBaUayXmjbrsY5fo/ysfOVV9xipzbPWvE2Bu679iU1
+Eg+5hME9VlMmQejGzG09ReXE+30gyhtO3vWA8U21YrsL3ybvS6EREHGKk238bIBh
+yDP/b0VuoNsS3xRn9WyH3TRu5re0vK68OSkLIWPd01fgvcfl6YyUY+WuuSrpYcDv
+nrgKvFZws/EE4RNldtRC1Blwy497AtmWBQWs65zj5JkNdNnm4JJqXZAArNh2GSZo
+83C/1ZSFrNo9GONsCJ0GVGEt7IK7FPqXYW7rXi30BRse33ziU7RPWGDT13bh9Rdz
+RqsoZ5h5VjtHOnMUUD99gIWinBE=
-----END CERTIFICATE-----
diff --git a/tests/data_files/cert_sha224.crt b/tests/data_files/cert_sha224.crt
index 7283c28..c8a209d 100644
--- a/tests/data_files/cert_sha224.crt
+++ b/tests/data_files/cert_sha224.crt
@@ -1,77 +1,20 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 8 (0x8)
- Signature Algorithm: sha224WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha224WithRSAEncryption
- b8:9b:0a:d1:b4:d1:a4:ce:05:39:42:7a:3b:7b:5e:fd:97:57:
- 8a:36:60:42:39:d0:e6:0c:9c:7e:2f:2b:be:ef:e7:45:34:77:
- 48:7a:10:4a:fd:76:ca:42:39:25:3c:fa:19:f8:63:6c:e7:36:
- 27:9a:ec:06:ce:e4:f7:2c:2e:c6:36:c1:25:bd:ab:09:aa:e2:
- da:4e:de:ae:b5:f5:ba:9e:90:24:52:34:96:96:61:4c:26:b5:
- 57:65:b1:10:ed:13:2b:54:90:ce:d3:21:cb:8c:d3:4c:6c:e5:
- e1:78:22:16:3f:e1:be:f1:ee:5d:39:48:a1:e6:80:46:f4:46:
- f2:79:03:3e:f1:fc:51:47:d9:05:e8:85:81:1b:0b:4f:fa:85:
- 9d:ce:e7:76:5a:6f:da:98:9f:43:f1:f3:2f:2f:57:28:aa:70:
- 14:82:7f:d5:69:14:8c:f9:82:b6:2f:a6:df:b5:6b:0e:43:c9:
- 96:91:64:3d:8b:a8:17:15:9a:88:42:a4:d0:90:c0:a3:a2:e1:
- dd:f6:95:6d:3b:9d:71:a6:1e:9e:2c:1e:db:f6:5f:93:43:2c:
- ed:53:70:55:50:56:df:cd:96:6c:d5:91:0f:b1:a7:f4:b7:17:
- 9d:1f:0b:f6:0b:f8:fe:e7:7c:de:c1:20:b7:fc:69:13:ba:e2:
- 61:9b:a5:62
-----BEGIN CERTIFICATE-----
MIIDQjCCAiqgAwIBAgIBCDANBgkqhkiG9w0BAQ4FADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA/MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMjI0MIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA
-58e1bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa
-2BgtgBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe
-5mFnui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5H
-HLySruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhB
-BNXB37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wID
-AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4
-TDAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQ4F
-AAOCAQEAuJsK0bTRpM4FOUJ6O3te/ZdXijZgQjnQ5gycfi8rvu/nRTR3SHoQSv12
-ykI5JTz6GfhjbOc2J5rsBs7k9ywuxjbBJb2rCari2k7errX1up6QJFI0lpZhTCa1
-V2WxEO0TK1SQztMhy4zTTGzl4XgiFj/hvvHuXTlIoeaARvRG8nkDPvH8UUfZBeiF
-gRsLT/qFnc7ndlpv2pifQ/HzLy9XKKpwFIJ/1WkUjPmCti+m37VrDkPJlpFkPYuo
-FxWaiEKk0JDAo6Lh3faVbTudcaYeniwe2/Zfk0Ms7VNwVVBW382WbNWRD7Gn9LcX
-nR8L9gv4/ud83sEgt/xpE7riYZulYg==
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBMjI0MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh
+Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq
+1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht
+gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l
+LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu
+pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC
+pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQ4F
+AAOCAQEATdo7p7dok8gcxS0dYGluXMOsAEALyHAgvAJSZUt0x8RxemJfpquv4XG/
+rppQmtA5aPf59Fo0z5GcS0zzYFLTQIcLHKnuuG0W6yjhx3e+5J1hjLbv///vvKGN
+jq55z+CANkragMk6XQ/t+iXkh/Fq00FS+zbf1JLaMXOLst5dfv3uPQaJHwzX/EaE
+VdognXxWudNQgIvemindk9TTQon27zBS/z6nwcBCIXMDfesAjcHuBCfxl6pofK6E
+28qs4up/JayptG2CX98LGsEyAgegwTMSYGLJoWcHhrUcbF0fNOcXPgQKGTcZO4Tg
+yPYGbkG9FjgaASc2gTrYVPRZ6mY19g==
-----END CERTIFICATE-----
diff --git a/tests/data_files/cert_sha256.crt b/tests/data_files/cert_sha256.crt
index 03a7521..e56d428 100644
--- a/tests/data_files/cert_sha256.crt
+++ b/tests/data_files/cert_sha256.crt
@@ -1,77 +1,20 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 9 (0x9)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha256WithRSAEncryption
- 69:ce:f9:a9:d5:e2:32:db:fe:a9:f9:92:7a:d6:76:37:05:51:
- c9:e3:a1:03:72:b2:bc:2c:86:4b:31:16:02:10:e8:43:d4:c0:
- 33:3c:4f:ea:9d:12:6b:57:51:bc:d7:d9:42:56:cf:c7:29:e7:
- d7:52:24:49:29:ac:9c:de:8f:cc:ab:1a:a9:62:07:5a:6b:f7:
- fb:19:ab:f5:b1:2c:a4:aa:dc:5d:03:73:17:7c:ea:52:44:80:
- ca:70:d3:10:c5:2e:fd:9f:d2:0d:65:c4:f2:cc:ef:1b:18:e1:
- 0a:08:4e:67:d0:56:7f:24:54:2e:73:31:b5:4d:22:74:f8:30:
- f9:92:c4:64:c9:46:80:d4:e1:bd:d6:e7:26:ea:bb:c4:fe:6f:
- a2:c5:10:e4:64:2f:b0:44:04:2c:b3:44:39:cf:b4:de:ac:83:
- 43:5e:0b:ca:cd:fb:4e:18:e6:38:39:e7:10:3f:d6:59:17:e7:
- 42:ef:00:e3:88:c6:43:bc:21:12:bf:20:a8:64:c6:30:dc:8c:
- 6b:b8:6a:ce:6b:8a:22:3b:d8:af:0c:b4:bb:4d:be:96:dd:40:
- d9:87:3e:95:2e:1a:27:23:62:e8:6e:bd:e0:89:d0:a7:28:16:
- 95:ea:cb:89:a3:f7:7f:fb:0f:ac:ab:d6:a8:b4:cb:43:92:d9:
- cb:3e:8a:11
-----BEGIN CERTIFICATE-----
MIIDQjCCAiqgAwIBAgIBCTANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA/MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMjU2MIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA
-58e1bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa
-2BgtgBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe
-5mFnui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5H
-HLySruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhB
-BNXB37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wID
-AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4
-TDAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsF
-AAOCAQEAac75qdXiMtv+qfmSetZ2NwVRyeOhA3KyvCyGSzEWAhDoQ9TAMzxP6p0S
-a1dRvNfZQlbPxynn11IkSSmsnN6PzKsaqWIHWmv3+xmr9bEspKrcXQNzF3zqUkSA
-ynDTEMUu/Z/SDWXE8szvGxjhCghOZ9BWfyRULnMxtU0idPgw+ZLEZMlGgNThvdbn
-Juq7xP5vosUQ5GQvsEQELLNEOc+03qyDQ14Lys37ThjmODnnED/WWRfnQu8A44jG
-Q7whEr8gqGTGMNyMa7hqzmuKIjvYrwy0u02+lt1A2Yc+lS4aJyNi6G694InQpygW
-lerLiaP3f/sPrKvWqLTLQ5LZyz6KEQ==
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBMjU2MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh
+Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq
+1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht
+gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l
+LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu
+pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC
+pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsF
+AAOCAQEAuo8kRDdQj3+rgqbz7bS3ZfBVCqgbQfruRZncP0s3IQJ6g7k6BNfCTO+N
+tIgnCDhnhjK9DS4l1LTkQJKfcd6sfuwBxjHKWGZUqTqHWFm/O5MJwfMpxI305xXE
+evDzh8LK1W3moX5OcT4bx3QsY9I4nqXQkOzjGidxhOXYA2v+X5OhRt3IJ2dzmQQu
+BVXnDbzuchUfP5aeCwW6l7VX+RJOE2zlqO5yt0ejT02E44qtC5sBf24V9ko5LORw
+1J7Zk34QwsKrSPSGxOuoWNwH3fJpgZQImKgJIQCsksJ+A45CK6iz0km8oTiI3Hoo
+2LpE6UNx2M8jiZWVzH1L4tkg4fcCoQ==
-----END CERTIFICATE-----
diff --git a/tests/data_files/cert_sha384.crt b/tests/data_files/cert_sha384.crt
index 73caac9..f8ec10b 100644
--- a/tests/data_files/cert_sha384.crt
+++ b/tests/data_files/cert_sha384.crt
@@ -1,77 +1,20 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 10 (0xa)
- Signature Algorithm: sha384WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha384WithRSAEncryption
- 68:e6:03:f0:ba:44:e7:cc:e1:b2:07:6c:56:c8:be:b7:ba:80:
- 61:c8:f9:66:57:e1:cb:60:7d:cd:8d:0f:66:b0:f2:61:45:fd:
- fc:c8:93:95:bb:b4:14:00:76:c7:e1:57:a6:e2:60:31:8b:fc:
- e1:0f:68:24:4c:bb:1d:c5:b6:77:ec:23:e1:5b:4f:10:6c:6a:
- e0:6d:e7:34:f8:72:14:ae:16:57:25:8b:e8:b9:71:a1:d0:78:
- ea:18:c1:51:c4:2e:26:6d:cb:80:8d:a5:b9:de:e7:37:c1:2b:
- ec:e8:98:c6:f9:1a:bf:fe:a3:de:3d:d6:59:98:45:dc:4a:a6:
- ad:0a:af:73:50:43:23:5a:9b:9a:f9:8f:ff:41:15:e5:9c:12:
- 9e:29:55:5c:79:9c:89:0c:c8:8a:82:86:b1:96:ae:7c:7d:4f:
- 0b:fd:e3:9e:8b:a5:4d:88:55:05:ad:6c:63:aa:74:0c:41:0d:
- 47:22:cc:1a:45:02:92:5e:d1:e0:b9:31:52:ff:f6:30:f0:87:
- 2c:dd:fa:fa:b9:cc:45:cb:36:33:5b:35:7f:5f:05:4f:e0:8f:
- 9a:e4:d2:fa:c9:d4:fc:62:99:ac:59:fb:fd:04:bc:5a:c0:47:
- 5e:5d:3d:df:31:8c:7f:dc:00:cb:cb:c0:f4:62:41:44:db:1d:
- ba:c0:ad:8a
-----BEGIN CERTIFICATE-----
MIIDQjCCAiqgAwIBAgIBCjANBgkqhkiG9w0BAQwFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA/MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBMzg0MIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA
-58e1bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa
-2BgtgBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe
-5mFnui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5H
-HLySruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhB
-BNXB37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wID
-AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4
-TDAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQwF
-AAOCAQEAaOYD8LpE58zhsgdsVsi+t7qAYcj5Zlfhy2B9zY0PZrDyYUX9/MiTlbu0
-FAB2x+FXpuJgMYv84Q9oJEy7HcW2d+wj4VtPEGxq4G3nNPhyFK4WVyWL6LlxodB4
-6hjBUcQuJm3LgI2lud7nN8Er7OiYxvkav/6j3j3WWZhF3EqmrQqvc1BDI1qbmvmP
-/0EV5ZwSnilVXHmciQzIioKGsZaufH1PC/3jnoulTYhVBa1sY6p0DEENRyLMGkUC
-kl7R4LkxUv/2MPCHLN36+rnMRcs2M1s1f18FT+CPmuTS+snU/GKZrFn7/QS8WsBH
-Xl093zGMf9wAy8vA9GJBRNsdusCtig==
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBMzg0MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh
+Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq
+1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht
+gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l
+LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu
+pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC
+pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQwF
+AAOCAQEAeyHm+emo4/QHqEVKj/MYPOsPrrcr5MupNE7WmoUA7SilVUlceIy8ApWR
+MUdwnh7UPkCa6K1yvayknEbHzD2Lv9BLEf5A1/a+F/LmFXiV0kXIFue13u+z7laV
+N/s/jphPVgjPwZiC1ZtOoD7WvSkIInB53j4Q3VCH6EpZxZuDO/u8CGBQ0g+9Eqhn
+W3+4GFnxUPYeN17u/opt16mEPx6WFbRl9hs5wUvND/FCDEJ/9uVNiVYlPYyHKzzq
+e3WXCHLYUKGESQX+85IrnmlwbAb33bM+sAM6naFafXTZEimeEpX3iYrHzhoU7aR7
+piojwAE+Yb3Ac+Hu1fY4CRO4ZHL6Zg==
-----END CERTIFICATE-----
diff --git a/tests/data_files/cert_sha512.crt b/tests/data_files/cert_sha512.crt
index 4bb4eed..b2254fa 100644
--- a/tests/data_files/cert_sha512.crt
+++ b/tests/data_files/cert_sha512.crt
@@ -1,77 +1,20 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 11 (0xb)
- Signature Algorithm: sha512WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:07 2011 GMT
- Not After : Feb 12 14:44:07 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71:
- 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7:
- be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b:
- 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0:
- 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5:
- 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1:
- fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5:
- ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e:
- 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef:
- 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9:
- 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc:
- 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5:
- 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d:
- 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8:
- 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e:
- 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25:
- ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d:
- 17:f7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha512WithRSAEncryption
- 84:68:78:72:54:00:bf:8a:45:28:35:be:18:47:d8:69:f6:67:
- de:a6:f8:a6:d0:fd:9f:79:f7:e8:02:8a:c3:83:5d:85:45:cc:
- b6:98:77:a7:18:3f:6b:d2:e4:d0:af:d5:52:d9:db:7e:4a:d3:
- 68:b0:08:64:14:de:c2:3b:1d:7b:ac:79:ad:49:5a:4c:f6:d2:
- 35:ef:a4:8c:b7:5b:d1:0b:7b:50:c6:9c:48:3e:96:3b:1b:0b:
- 0e:e8:10:3f:8c:3b:4f:6b:1d:5c:3a:27:f3:43:22:ac:37:11:
- 71:b8:07:66:b0:f8:71:c3:22:cf:f4:96:83:93:fb:42:b0:1a:
- 43:f9:4b:df:cb:5f:0f:ba:9e:80:f1:ff:08:3a:46:51:dc:d0:
- 36:bd:b1:c4:ca:fb:00:12:e7:e0:37:70:40:0e:73:19:63:c2:
- e5:da:56:77:07:68:a5:40:9e:d6:0f:ad:b5:b3:b2:f5:3f:01:
- e8:68:e7:a3:b0:d7:f3:dd:ff:b6:d7:8f:75:4e:25:ab:12:32:
- 99:45:ad:57:40:de:d7:b4:0d:d0:c3:66:89:47:f2:0c:b2:b5:
- df:52:0e:fa:63:62:65:89:07:4a:80:69:0e:4e:ba:c0:43:5d:
- 05:75:22:cf:50:f9:ac:bd:ef:8d:8c:10:08:b6:8b:62:4f:a1:
- 60:55:a3:0d
-----BEGIN CERTIFICATE-----
MIIDQjCCAiqgAwIBAgIBCzANBgkqhkiG9w0BAQ0FADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA/MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHTAbBgNVBAMTFFBvbGFyU1NMIENlcnQgU0hBNTEyMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA
-58e1bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa
-2BgtgBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe
-5mFnui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5H
-HLySruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhB
-BNXB37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wID
-AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4
-TDAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQ0F
-AAOCAQEAhGh4clQAv4pFKDW+GEfYafZn3qb4ptD9n3n36AKKw4NdhUXMtph3pxg/
-a9Lk0K/VUtnbfkrTaLAIZBTewjsde6x5rUlaTPbSNe+kjLdb0Qt7UMacSD6WOxsL
-DugQP4w7T2sdXDon80MirDcRcbgHZrD4ccMiz/SWg5P7QrAaQ/lL38tfD7qegPH/
-CDpGUdzQNr2xxMr7ABLn4DdwQA5zGWPC5dpWdwdopUCe1g+ttbOy9T8B6Gjno7DX
-893/ttePdU4lqxIymUWtV0De17QN0MNmiUfyDLK131IO+mNiZYkHSoBpDk66wENd
-BXUiz1D5rL3vjYwQCLaLYk+hYFWjDQ==
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBNTEyMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh
+Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq
+1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht
+gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l
+LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu
+pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC
+pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQ0F
+AAOCAQEABnuq7gMU6EWqcmEcj2/wiqOFUBeH9ro0tni9JZzaDAKkBMwoeJ3RP/59
+wY92UZC/SoWPm0yLK25KTwxJhd645a5ZeRk+yi1SG+oXNgZFS03F1Orat0bM5u94
+RtzLRInGzTxhlVS8HPRya2+nEaPT9YNO25vORczPDjtrI82UnysaWiKx1OCPhdP3
+ZySAkX/zE1U8Te0+948C0vmg2aTWCSk5zutryFgHH5UojmmWAkBHpX3tIm8JMRG9
+tvp6fbIDan0LmSsVK8rq5OPSwAKMso6GF4Iuxou/jP2gI+NutenX26wrffSjlPiW
+KksLNj8oL6vIUap28Oh+Gwph02biSQ==
-----END CERTIFICATE-----
diff --git a/tests/data_files/cli-rsa-sha1.crt b/tests/data_files/cli-rsa-sha1.crt
index 906f6df..60952e6 100644
--- a/tests/data_files/cli-rsa-sha1.crt
+++ b/tests/data_files/cli-rsa-sha1.crt
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTcwNTA1MTMwNzEwWhcNMjcwNTA2MTMwNzEwWjA8MQswCQYDVQQGEwJOTDERMA8G
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
@@ -9,13 +9,12 @@
MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
-o4GSMIGPMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITBjBgNVHSMEXDBa
-gBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNV
-BAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEAMAkGA1Ud
-EwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAE/yq2fOqjI0jm52TwdVsTUvZ+B2s16u
-C4Qj/c89iZ7VfplpOAEV9+G6gHm/gf2O7Jgj0yXfFugQ2d+lR70cH64JFn9N1Rg9
-gCo5EDBLourI8R0Kkg9zdlShBv7giwqg667Qjsu+oEWVerICOqNQGolotYSZvmtJ
-7RiD8I4MXB4Qt0sSjxE897pvc4ODem10zXzvedv/q11q1mUn2L1fFc1dGIguk1fn
-I/XP87FCapRobUTYrF6IvdqFaUMQ7lF3GiUIvjDPb4Wt1CyHhi/tu/SfV3fmX3rs
-19UeGnvC7AdQ+OwLt3nEIlSpqVKPXHKfRKZg1WzZNgCQtNB1SrZAzFc=
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC
+AQEAvhU1q5bKpkuxcYjjASRCARDUZz6X0BLr/j5S1bvdnHCzyLt30wViDNnAyO+Z
+FW5S3t+WMU80nyvZ+q+WQWx9u8yHkPx1Mkju9kxrBNiFRSKKq4U7nvB0bEp1Coij
+kaPkK6i4qpPQ4+CrPxoERIez4yqJUY5xaVMa8JIKEJPU3UX1P3AHCmIM97IbZ55m
+xqG3gus0hL6I93ou0kxMF1G5DJP4kpa/UIvXG962EXYeKfBK3MPV/yL/5tXpyjqX
+9mH7DmL3Haa2AVajx/5NGr/DKyL2aN4mG+IWO1NErUfOoR0aIDVd7q6LwD8DuKlI
+e6dcSTeYJ8CzzzPXVfwnHjDi/g==
-----END CERTIFICATE-----
diff --git a/tests/data_files/cli-rsa-sha256.crt b/tests/data_files/cli-rsa-sha256.crt
index a0fc11e..3b3d9bc 100644
--- a/tests/data_files/cli-rsa-sha256.crt
+++ b/tests/data_files/cli-rsa-sha256.crt
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTcwNTA1MTMwNzU5WhcNMjcwNTA2MTMwNzU5WjA8MQswCQYDVQQGEwJOTDERMA8G
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
@@ -9,13 +9,12 @@
MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
-o4GSMIGPMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITBjBgNVHSMEXDBa
-gBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNV
-BAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEAMAkGA1Ud
-EwQCMAAwDQYJKoZIhvcNAQELBQADggEBAC7yO786NvcHpK8UovKIG9cB32oSQQom
-LoR0eHDRzdqEkoq7yGZufHFiRAAzbMqJfogRtxlrWAeB4y/jGaMBV25IbFOIcH2W
-iCEaMMbG+VQLKNvuC63kmw/Zewc9ThM6Pa1Hcy0axT0faf1B/U01j0FIcw/6mTfK
-D8w48OIwc1yr0JtutCVjig5DC0yznGMt32RyseOLcUe+lfq005v2PAiCozr5X8rE
-ofGZpiM2NqRPePgYy+Vc75Zk28xkRQq1ncprgQb3S4vTsZdScpM9hLf+eMlrgqlj
-c5PLSkXBeLE5+fedkyfTaLxxQlgCpuoOhKBm04/R1pWNzUHyqagjO9Q=
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsFAAOC
+AQEAXidv1d4pLlBiKWED95rMycBdgDcgyNqJxakFkRfRyA2y1mlyTn7uBXRkNLY5
+ZFzK82GCjk2Q2OD4RZSCPAJJqLpHHU34t71ciffvy2KK81YvrxczRhMAE64i+qna
+yP3Td2XuWJR05PVPoSemsNELs9gWttdnYy3ce+EY2Y0n7Rsi7982EeLIAA7H6ca4
+2Es/NUH//JZJT32OP0doMxeDRA+vplkKqTLLWf7dX26LIriBkBaRCgR5Yv9LBPFc
+NOtpzu/LbrY7QFXKJMI+JXDudCsOn8KCmiA4d6Emisqfh3V3485l7HEQNcvLTxlD
+6zDQyi0/ykYUYZkwQTK1N2Nvlw==
-----END CERTIFICATE-----
diff --git a/tests/data_files/cli-rsa-sha256.crt.der b/tests/data_files/cli-rsa-sha256.crt.der
new file mode 100644
index 0000000..e2739e9
--- /dev/null
+++ b/tests/data_files/cli-rsa-sha256.crt.der
Binary files differ
diff --git a/tests/data_files/cli-rsa-sha256.key.der b/tests/data_files/cli-rsa-sha256.key.der
new file mode 100644
index 0000000..8ef5a04
--- /dev/null
+++ b/tests/data_files/cli-rsa-sha256.key.der
Binary files differ
diff --git a/tests/data_files/cli-rsa.key.der b/tests/data_files/cli-rsa.key.der
new file mode 100644
index 0000000..8ef5a04
--- /dev/null
+++ b/tests/data_files/cli-rsa.key.der
Binary files differ
diff --git a/tests/data_files/cli2.crt b/tests/data_files/cli2.crt
index 2dfa516..f287a19 100644
--- a/tests/data_files/cli2.crt
+++ b/tests/data_files/cli2.crt
@@ -1,14 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIICLDCCAbKgAwIBAgIBDTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjBBMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHzAdBgNVBAMTFlBvbGFyU1NMIFRlc3QgQ2xpZW50IDIw
-WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARX5a6xc9/TrLuTuIH/Eq7u5lOszlVT
-9jQOzC7jYyUL35ji81xgNpbA1RgUcOV/n9VLRRjlsGzVXPiWj4dwo+THo4GdMIGa
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMG4GA1Ud
-IwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
-CQDBQ+J+YkPM6DAKBggqhkjOPQQDAgNoADBlAjBKZQ17IIOimbmoD/yN7o89u3BM
-lgOsjnhw3fIOoLIWy2WOGsk/LGF++DzvrRzuNiACMQCd8iem1XS4JK7haj8xocpU
-LwjQje5PDGHfd3h9tP38Qknu5bJqws0md2KOKHyeV0U=
+MIIB3zCCAWOgAwIBAgIBDTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJTU0wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMEExCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEfMB0GA1UEAwwWUG9sYXJTU0wgVGVzdCBDbGllbnQg
+MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFflrrFz39Osu5O4gf8Sru7mU6zO
+VVP2NA7MLuNjJQvfmOLzXGA2lsDVGBRw5X+f1UtFGOWwbNVc+JaPh3Cj5MejTTBL
+MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMB8GA1Ud
+IwQYMBaAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8MAwGCCqGSM49BAMCBQADaAAwZQIx
+AMqme4DKMldUlplDET9Q6Eptre7uUWKhsLOF+zPkKDlfzpIkJYEFgcloDHGYw80u
+IgIwNftyPXsabTqMM7iEHgVpX/GRozKklY9yQI/5eoA6gGW7Y+imuGR/oao5ySOb
+a9Vk
-----END CERTIFICATE-----
diff --git a/tests/data_files/cli2.crt.der b/tests/data_files/cli2.crt.der
new file mode 100644
index 0000000..56a0a1b
--- /dev/null
+++ b/tests/data_files/cli2.crt.der
Binary files differ
diff --git a/tests/data_files/cli2.key.der b/tests/data_files/cli2.key.der
new file mode 100644
index 0000000..acba6a0
--- /dev/null
+++ b/tests/data_files/cli2.key.der
Binary files differ
diff --git a/tests/data_files/crl.pem b/tests/data_files/crl.pem
index 2bd1096..df7417e 100644
--- a/tests/data_files/crl.pem
+++ b/tests/data_files/crl.pem
@@ -1,11 +1,11 @@
-----BEGIN X509 CRL-----
-MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
-OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
-MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
-dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
-//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
-yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
-NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
-5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU=
+MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI
+UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTE5MDIwNjE2MzQ0
+NloXDTI5MDIwNjE2MzQ0NlowKDASAgEBFw0xMTAyMTIxMjQ0MDdaMBICAQMXDTEx
+MDIxMjEyNDQwN1owDQYJKoZIhvcNAQEFBQADggEBAGHkRHGDz2HsoiXzfJDBpkfg
+I+yK34O9zoHMyGcDZbF9fj4NVyyNA6XCgY3IgQYe3boA1edO6+8ImjqiZjYK+GWt
+4ne7YhapRFAoFbKQY5hgy8mlpSRlNfmRVVCDDKannMac4tQff1LCFHN8msk/uG1b
+WHWAsL6dzLVojhbUFY6mZTb6nqjm5YgqcsNsz37n4dyrCDftB99FQdE/aAec2RXP
+Jgy9DnY5jMotPqHLZtMyfVNEoivDb7YJA5Vv6NSyiYVTjyWyTHNRsFEXRtHqjpqs
+oZdBgLZAAQsUvuVpMbDKQ4FrZjOaOW/xLtKPlh/HNA5p7hNtwIiCAIvp7uQti0w=
-----END X509 CRL-----
diff --git a/tests/data_files/crl_cat_ecfut-rsa.pem b/tests/data_files/crl_cat_ecfut-rsa.pem
index 87b8c29..f503a5b 100644
--- a/tests/data_files/crl_cat_ecfut-rsa.pem
+++ b/tests/data_files/crl_cat_ecfut-rsa.pem
@@ -10,13 +10,13 @@
+cE+lWxhCQ==
-----END X509 CRL-----
-----BEGIN X509 CRL-----
-MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
-OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
-MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
-dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
-//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
-yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
-NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
-5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU=
+MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI
+UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTE5MDIwNjE2MzQ0
+NloXDTI5MDIwNjE2MzQ0NlowKDASAgEBFw0xMTAyMTIxMjQ0MDdaMBICAQMXDTEx
+MDIxMjEyNDQwN1owDQYJKoZIhvcNAQEFBQADggEBAGHkRHGDz2HsoiXzfJDBpkfg
+I+yK34O9zoHMyGcDZbF9fj4NVyyNA6XCgY3IgQYe3boA1edO6+8ImjqiZjYK+GWt
+4ne7YhapRFAoFbKQY5hgy8mlpSRlNfmRVVCDDKannMac4tQff1LCFHN8msk/uG1b
+WHWAsL6dzLVojhbUFY6mZTb6nqjm5YgqcsNsz37n4dyrCDftB99FQdE/aAec2RXP
+Jgy9DnY5jMotPqHLZtMyfVNEoivDb7YJA5Vv6NSyiYVTjyWyTHNRsFEXRtHqjpqs
+oZdBgLZAAQsUvuVpMbDKQ4FrZjOaOW/xLtKPlh/HNA5p7hNtwIiCAIvp7uQti0w=
-----END X509 CRL-----
diff --git a/tests/data_files/enco-ca-prstr.pem b/tests/data_files/enco-ca-prstr.pem
index 6503314..80e2aeb 100644
--- a/tests/data_files/enco-ca-prstr.pem
+++ b/tests/data_files/enco-ca-prstr.pem
@@ -1,14 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICDTCCAXagAwIBAgIETZt8lzANBgkqhkiG9w0BAQUFADBCMUAwPgYDVQQDEzdP
-cGVuVlBOIFdlYiBDQSAyMDExLjA0LjA1IDIwOjMzOjI3IFVUQyBhc2RlbW8ueW9u
-YW4ubmV0MB4XDTExMDMyOTIwMzMyN1oXDTIxMDQwMjIwMzMyN1owQjFAMD4GA1UE
-AxM3T3BlblZQTiBXZWIgQ0EgMjAxMS4wNC4wNSAyMDozMzoyNyBVVEMgYXNkZW1v
-LnlvbmFuLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA38U3wA/eTGN/
-/AJHo2OsEHjLdO9k3Mo5QcShvg+6IoAThD7HEyOYm4Ild8s4+eEy2i9ecWvMKG6M
-YSO+GwG9xOd9wDFtODpF+z6rIt8a4bLbQHcsp9Ccu+ZmjxkJkmxOCz774lxETArX
-SaksAB5P6Web/LwKUv/Iy9crRM9HzSECAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQARCDFYCb9n151hgwitxzbuacIVDqIH8EouV2VBqlNR
-tj8q1maliDE3pW7WRAwMi5i3+5c0auKwhTGESsBPjasd5QnjqXOkRbcZhkeVQ1ln
-6NEn6xC+M+H2LGVHSSropcGa8olLlo98LrsFuHVHMewTs7SK2lc+7rU/ILec3ymj
-og==
+MIICSjCCAbOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMUAwPgYDVQQDEzdPcGVu
+VlBOIFdlYiBDQSAyMDExLjA0LjA1IDIwOjMzOjI3IFVUQyBhc2RlbW8ueW9uYW4u
+bmV0MB4XDTE5MDIxMDE0NDQwNloXDTI5MDIxMDE0NDQwNlowQjFAMD4GA1UEAxM3
+T3BlblZQTiBXZWIgQ0EgMjAxMS4wNC4wNSAyMDozMzoyNyBVVEMgYXNkZW1vLnlv
+bmFuLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxziSxcP0cBAIa/gT
+NezzARyKJQ+VgjYeqh6WElUarPh7dTMLcFcznNmV8U1MRDfIvsSgP+RkPNPzyQJD
+PcN8W455qgmEroITNwq/hWm9KjVibLH+5KzgQrJBfHvknScUmywHa45DPT9sdjpG
+mhxwDSWdvAjHQPzYAjdi/33r/C0CAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNV
+HQ4EFgQUILPajoA0fsMvfl7M6EmikEJzPEQwHwYDVR0jBBgwFoAUILPajoA0fsMv
+fl7M6EmikEJzPEQwDQYJKoZIhvcNAQEFBQADgYEAGSIhSbecGUgKc7EuhkMMcAij
+clrZ8niK+UPvJ5jSM5TnbfwKXFlmeS6MHurjzM/D693wO6eMjxLpt8/+9/5aygGm
+WAOAa5MZ+5B8Pun8cNppSSPB1L1GtXzRWECCaGko73P/r92iQc3Yd64tJ3iR6WYZ
+wK2nf23jLgbWLCXHzoA=
-----END CERTIFICATE-----
diff --git a/tests/data_files/enco-cert-utf8str.pem b/tests/data_files/enco-cert-utf8str.pem
index 7d613d9..fb4947a 100644
--- a/tests/data_files/enco-cert-utf8str.pem
+++ b/tests/data_files/enco-cert-utf8str.pem
@@ -1,13 +1,14 @@
-----BEGIN CERTIFICATE-----
-MIIB8jCCAVugAwIBAgIETZt8+zANBgkqhkiG9w0BAQUFADBCMUAwPgYDVQQDDDdP
-cGVuVlBOIFdlYiBDQSAyMDExLjA0LjA1IDIwOjMzOjI3IFVUQyBhc2RlbW8ueW9u
-YW4ubmV0MB4XDTE0MDcyOTAzNTMzM1oXDTI0MDgwMjAzNTMzM1owFzEVMBMGA1UE
-AwwMZHcueW9uYW4ubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHYW8q
-ZZ/HIIlU8j/YIyTh3h59JcJF0Es7RsPg25QVJkDkfhMn6l15f2neB2KPLKxCLpLD
-ozYD4s/If8aq74A1C2vvOLo/Gq1erNS4b9IS5xLs3Lu643XGxS93Rf6jrsGa8lfb
-Wa7DsQrp7FLT5GApwCp6CebmZq7jEImj0pDFRwIDAQABoyAwHjAJBgNVHRMEAjAA
-MBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQUFAAOBgQAS1Ulo7iBABpm/
-S23mCnIFRY1+eFfYg4h8EiK9f8kWDwduXSYGVUqRHqh4LcNSdTOIaSEG4RGyV/EA
-5RfTviaQ9PxPiSFegNja8/aHel/nORfsEk4rwBCPGKDveL5KYhAtyAs865ZzLtv+
-kEkfhaTgrBIikwlnquoX5UHOdL/iaw==
+MIICHDCCAYWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMUAwPgYDVQQDDDdPcGVu
+VlBOIFdlYiBDQSAyMDExLjA0LjA1IDIwOjMzOjI3IFVUQyBhc2RlbW8ueW9uYW4u
+bmV0MB4XDTE5MDIxMDE0NDQwNloXDTI5MDIxMDE0NDQwNlowFzEVMBMGA1UEAwwM
+ZHcueW9uYW4ubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHOJLFw/Rw
+EAhr+BM17PMBHIolD5WCNh6qHpYSVRqs+Ht1MwtwVzOc2ZXxTUxEN8i+xKA/5GQ8
+0/PJAkM9w3xbjnmqCYSughM3Cr+Fab0qNWJssf7krOBCskF8e+SdJxSbLAdrjkM9
+P2x2OkaaHHANJZ28CMdA/NgCN2L/fev8LQIDAQABo00wSzAJBgNVHRMEAjAAMB0G
+A1UdDgQWBBQgs9qOgDR+wy9+XszoSaKQQnM8RDAfBgNVHSMEGDAWgBQgs9qOgDR+
+wy9+XszoSaKQQnM8RDANBgkqhkiG9w0BAQUFAAOBgQCSqWP8WfM4tDzkqAe595w4
+erGt64AnMO/ZKZNXNMjMnuTtT5GRj2mMjtDuo8vCN3k1hNtb2KI66Fc9wasiQNkI
+2vwre8FnlctaB/riGUx6f6taV3lVaakB6wXKrO1x2ejT4vWO+1GQX2bWQ0Mg2znO
+zu1Gh3d+wrcqBAsFGnvcdA==
-----END CERTIFICATE-----
diff --git a/tests/data_files/multiple_san.crt b/tests/data_files/multiple_san.crt
new file mode 100644
index 0000000..8cdc730
--- /dev/null
+++ b/tests/data_files/multiple_san.crt
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB2jCCAYCgAwIBAgIBBDAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
+A1UECgwITWJlZCBUTFMxKDAmBgNVBAMMH01iZWQgVExTIG11bHRpcGxlIG90aGVy
+bmFtZSBTQU4wHhcNMTkwNDIyMTYxMDQ4WhcNMjkwNDE5MTYxMDQ4WjBKMQswCQYD
+VQQGEwJVSzERMA8GA1UECgwITWJlZCBUTFMxKDAmBgNVBAMMH01iZWQgVExTIG11
+bHRpcGxlIG90aGVybmFtZSBTQU4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3
+zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI
+wmt3DVXNiioO+gHItO3/o1cwVTBTBgNVHREETDBKggtleGFtcGxlLmNvbaAfBggr
+BgEFBQcIBKATMBEGBysGAQQBEQMEBjEyMzQ1NoILZXhhbXBsZS5uZXSCDSouZXhh
+bXBsZS5vcmcwCgYIKoZIzj0EAwIDSAAwRQIhAMZUkp+pcuFQ3WWdgvV4Y+tIXOyS
+L6p0RtEAOi/GgigVAiB50n3rIUKjapYstPp3yOpGZGyRxnc6uRdSiMH5wLA4yw==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/rsa_pkcs1_1024_clear.pem b/tests/data_files/rsa_pkcs1_1024_clear.pem
index 2d1a176..e26eac3 100644
--- a/tests/data_files/rsa_pkcs1_1024_clear.pem
+++ b/tests/data_files/rsa_pkcs1_1024_clear.pem
@@ -1,15 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQCvBX05buhPt1/btcKxPH/lplSqiqJHC1Qe4f6wsS0lx5cRUxJJ
-4RKWKAQtu7bBINFENSTvTA5uHYlW7rIHevEjSd3u5USDvAbCxhlIzQKyAueWrr2U
-06fL+FnCwYGcMky4K5zTTt4mOiq//kcz8HeGnoZg99aDTaU9aQ73mF9rwwIDAQAB
-AoGBAIdL8P/C8qcdFGcd3QFxyVTX/b9QKB5PbZnqDh68+C+qWOe1lf+yk9Gr4X8R
-CzfEjMDzbDfoTYdmIdMn9ku+CEV9PsQJi6L6CjGfukEcKEHte+gxlqjN+dql0AaU
-vDNfxMMiF/4EiLzpy3IC5ZRoserRGQAEd9ssp5f6wZ7aP1jBAkEA4qt2CEG7nTCo
-HSIt4etzgdgiFEB/G5dcu/5OGpRn/ZitvXj2B4Nspb4ZKLnRYNl/1FwS1rUuLJhx
-oXTGa0iBEwJBAMWrJ2AhWa59byDDwu6FHkbcES5onijV/Lv5kKme+KkLi7RP02Rn
-5/wXic62Y6vaM4ZSw8c/ERd0kC6EBWWScJECQQC2zb01T331eaY7SLNkPjU7hImH
-d7SLFflOC/wFZ6auWRHVetZAnPdke/liZOm9h+uV4mO3EQuaH5+UrM7Q+vpNAkBx
-GV7sN+jSV97PxnKweuY58Qy7mwxznQyAmWjWRKlOP9btkocHehRYPzeQWPdqiuzU
-PGLcjA9BdmZQ1yUnWsShAkEAuzLRM+3C4EjUYziLe+nLS+KfS2JQvmA+cONkdQHJ
-fd3iCk5xvpX9XnF4TiWspLryW+Vziq5Zu/4cmXeBRHorJA==
+MIICXAIBAAKBgQDHOJLFw/RwEAhr+BM17PMBHIolD5WCNh6qHpYSVRqs+Ht1Mwtw
+VzOc2ZXxTUxEN8i+xKA/5GQ80/PJAkM9w3xbjnmqCYSughM3Cr+Fab0qNWJssf7k
+rOBCskF8e+SdJxSbLAdrjkM9P2x2OkaaHHANJZ28CMdA/NgCN2L/fev8LQIDAQAB
+AoGBAL2/t6Qf6PDXhH350apaHnYfjcCQ4FEeZQSZj0y0vGylW0mcrbd5hxJM+BDW
+E98h1tVEiHFygrqhEiCRRCROzmDhjlPVymxBXP+Jev4xeV5mvf2PzgwOR8MTdbFo
+dOSI6t9bhpCyp0Ln8eQzGXtuWsH6arJsyJJ9JzCrzeI48sjNAkEA+lgGSPNyWHZW
+E0zdtznvGphYKPMuDUTGzm1gTZ0oes6qjr4OA9rD3NTGHVW1FVLq63leTiqK8sOS
+uJduIauW4wJBAMu4214tyhB720BuLH7vD0mCKipzD0cEuAdf3NEel3KZxnHD4AK+
+xeiEfFCstMg5uMCNLkShGjMZ5zNfRIqxfa8CQDJjW0h9r6s8jlCuLQY/I/A/b6c2
+YzOKf1V3UGXu1wH47P10JZADDV86eHHZGWykVuJ0eFXVXEhGsxZybFlcly8CQDet
+Ks7fZsUAhJhkQ+bhAOWPHGUDkx5OrNjfGyNP4AYi/rgi1zsI1l/IrY0C1lmOZO7C
+5u08tkNXBfflRn89KOMCQAwCFgbZqd/VDFyemqwMZAXp+Y1HvGeZI0pr3vBJzO3W
+OvIa0KckJ793UjS6Iijfnyy9pWmKJLdKEMe/AtSRDi0=
-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/secp521r1_prv.der b/tests/data_files/secp521r1_prv.der
new file mode 100644
index 0000000..4d342bd
--- /dev/null
+++ b/tests/data_files/secp521r1_prv.der
Binary files differ
diff --git a/tests/data_files/server1-ms.req.sha256 b/tests/data_files/server1-ms.req.sha256
new file mode 100644
index 0000000..b0d9414
--- /dev/null
+++ b/tests/data_files/server1-ms.req.sha256
@@ -0,0 +1,16 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
+GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBCwUA
+A4IBAQBY/1nnYQ3ThVyeZb1Z2wLYoHZ5rfeJCedyP7N/gjJZjhrMbwioUft2uHpb
++OZQfxRXJTbtj/1wpRMCoUMLWzapS7/xGx3IjoPtl42aM4M+xVYvbLjExL13kUAr
+eE4JWcMIbTEPol2zSdX/LuB+m27jEp5VsvM2ty9qOw/T4iKwjFSe6pcYZ2spks19
+3ltgjnaamwqKcN9zUA3IERTsWjr5exKYgfXm2OeeuSP0tHr7Dh+w/2XA9dGcLhrm
+TA4P8QjIgSDlyzmhYYmsrioFPuCfdi1uzs8bxmbLXbiCGZ8TDMy5oLqLo1K+j2pF
+ox+ATHKxQ/XpRQP+2OTb9sw1kM59
+-----END NEW CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.cert_type.crt b/tests/data_files/server1.cert_type.crt
index 91c3a90..34fe4f6 100644
--- a/tests/data_files/server1.cert_type.crt
+++ b/tests/data_files/server1.cert_type.crt
@@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE-----
MIIDUjCCAjqgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
@@ -11,10 +11,10 @@
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
o2AwXjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zARBglghkgBhvhCAQEEBAMC
-AEAwDQYJKoZIhvcNAQEFBQADggEBAJ28VuktjDGkUWcVpM/W+YjohFDay676Yozx
-BbBLU3QZiDkcdXZbX/jOaKKBGWrjWiB6txchV4XrlvEtVtPgPrQLil2xaD20LOqJ
-e/ZEFIAIndf06CAcimdQaPD6mww04v3gZw3cwPQd/aMQCw9tm93tyf6YU4uIh/o8
-evG1ZBrNHRyiW18kbuueLNZ2daYQIISRJSIFrAERacfOvA8r7yXJCqZnB6AU5j9u
-V+ySNW3sdZIOTfs1nWKU6SECWo72dd89Yvs7wCf3NSZNM2UemLeOjQOmZIHBiR8L
-PAhDxhra5B/QBKaWeTVQohEvKz75pLAWouUGIKlgHiqJ4cvBGcg=
+BkAwDQYJKoZIhvcNAQEFBQADggEBAElJPaCG6aFHoymoCrzckPfjENxgXW2czh5t
+TsMPshkzX5p2AU89GBGdy0gQwoPuMtcznsDe4adM6Na8f30YDffATsgDECMIWtV1
+XVYKQIwFmZzEt4B+5sUmyMOLtTuuZBThOLPwOw8e4RnILKOYPHnQNRf6Eap4lFDx
+lp2pAaiXMDWH88gmWoU5XrGTppllYV0IorzJ4xV9Sg3ittNwNO40ehVQDAseFwZH
+iyh9iHz4BqtWjElmQ3hL8N/Cbqp3iN15h2pUgIj8JIt9rCsIZrsG3K42iSlPzEn2
+DCzWQSj9cQNCRVJnwgJAWnC1Hx0YYFQMgQquVxnK15THTGQAeB8=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.cert_type_noauthid.crt b/tests/data_files/server1.cert_type_noauthid.crt
index ed8b80b..c3a66ea 100644
--- a/tests/data_files/server1.cert_type_noauthid.crt
+++ b/tests/data_files/server1.cert_type_noauthid.crt
@@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE-----
MIIDMTCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
@@ -10,11 +10,11 @@
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
oz8wPTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAR
-BglghkgBhvhCAQEEBAMCAEAwDQYJKoZIhvcNAQEFBQADggEBABNT+r+6vvlpjtyz
-mewrGOKPt5iwb8w2aReJ0AWuyQzTiduN26MhXq93cXHV0pHj2rD7MfiBEwBSWnf9
-FcxkE0g77GVyM9Vs9Uy/MspIqOce7JD0c36G4EI8lYce2TYwQLE9CGNl+LDxqkLy
-prijXBl/FaD+IO/SNMr3VVnfFEZqPUxg+BSTaGgD+52Z7B4nPP0xGPjlW367RGDv
-9dIkr1thve2WOeC9ixxl9K/864I7/0GdbgKSf77xl3/5vnQUOY7kugRvkvxWIgHS
-HNVnmEN2I2Nb0M8lQNF1sFDbpFwVbh9CkBF5LJNesy0VWd67Ho6EntPEb7vBFF/x
-jz0b2l4=
+BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADggEBAEPc9VSJK60+WkAw
+GZX3/AWJE8h31fZ++2Zu7O1V2ddI68Qoha41bORXdizfQFjTJkV/QHjbaCZKqpt0
+riGKvRpXfl3VDlf9fEZUnQEfIk612AjLwkHoNIKbCitrVoWu+p2V4kuKQpFky/so
+wr/sl29fWa4innFUVgmQC52l4UiIU2rCV0RTpLofVKWRZPlzIi+AlMFkvz3JqRP0
+raKw8DHdGlrLg22VelrY0dXjUriWrSTDi2QdB+yn0FdrPap2nZiFctW1S0/wOCy+
+r0uVYQ+IsebJYST9dUuQNhWSZOhsjxOo+Gp36tywQzrjXFk7Jai8AkHoBmZVmx6b
+a0/J7/w=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.crt b/tests/data_files/server1.crt
index d81b26a..258da5e 100644
--- a/tests/data_files/server1.crt
+++ b/tests/data_files/server1.crt
@@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE-----
MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
@@ -11,10 +11,10 @@
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC
-AQEAvc+WwZUemsJu2IiI2Cp6liA+UAvIx98dQe3kZs2zAoF9VwQbXcYzWQ/BILkj
-NImKbPL9x0g2jIDn4ZvGYFywMwIO/d++YbwYiQw42/v7RiMy94zBPnzeHi86dy/0
-jpOOJUx3IXRsGLdyjb/1T11klcFqGnARiK+8VYolMPP6afKvLXX7K4kiUpsFQhUp
-E5VeM5pV1Mci2ETOJau2cO40FJvI/C9W/wR+GAArMaw2fxG77E3laaa0LAOlexM6
-A4KOb5f5cGTM5Ih6tEF5FVq3/9vzNIYMa1FqzacBLZF8zSHYLEimXBdzjBoN4qDU
-/WzRyYRBRjAI49mzHX6raleqnw==
+AQEAf2k5OiORp60gBNqioC2mIqSXA0CU/qzllt8IvlcMv1V0PAP9f4IEm5mdkERr
+UXjnB1Tr3edrsvXLgZ9vEosbFpNMsKfsmBkpjgWG2ui8pdn8cJiws4k4h5fuueSw
+Ps1FLK5Tfpi+GJyPqk4ha9Ojp2p9opuA0aIfLuxI+0UzXH4wgrEW/Yydowv959gf
+gGSl766CRdUvJbXOeVryFjFTRfLFFNfTvrftZk1dl8tas1nim8xfWet+BZVvq2zY
+C7LeCI9nrfuAxfMJTrWFp17y72+hCDk7NEaB2ZLVuAM/ri7LWrr2V2hLFdIAhfC2
+nUaulRRpGt/ZTISw6uSIumNoNA==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.crt.der b/tests/data_files/server1.crt.der
new file mode 100644
index 0000000..f9f58a0
--- /dev/null
+++ b/tests/data_files/server1.crt.der
Binary files differ
diff --git a/tests/data_files/server1.key_usage.crt b/tests/data_files/server1.key_usage.crt
index 8f4e59f..9d70b00 100644
--- a/tests/data_files/server1.key_usage.crt
+++ b/tests/data_files/server1.key_usage.crt
@@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE-----
MIIDTzCCAjegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
@@ -10,11 +10,11 @@
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
o10wWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
-BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCAeAw
-DQYJKoZIhvcNAQEFBQADggEBABKC/1x0m57EY4H412ue3ghCWgg07VcRKamnUSTs
-tnqI5T0mSvuPrxhINdQB6360ibctBkXP3S9rxGHiUdeK/JqxYs2YamCs50TSWpon
-p4Hzcmjsw1YgXsQ6pmYwkzU03zqs361gt7JSOzL2dN0IjwIy47qfLQb/AXhX2Ims
-7gBuqVpYqJuSHR0qsN/c6WgIE3IrbK1MB6CJTkxBfcSc5E4oUIBHmww+RSVLOczM
-nGk3U13dmfG0ndhMtrMyyxBZZSUwoZLjRZ6J5mHSv+k8oo1PYQeiivNEP53mgVaY
-ha0gLUIk6zNBRpY1uUmxQ+RQSMIyYPBb1RedHn2s8El2mlo=
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCBeAw
+DQYJKoZIhvcNAQEFBQADggEBAHM8eESmE8CQvuCw2/w1JSWKaU9cJIvrtpJXavRC
+yMEv6SQL0hxrNZBhFPM8vAiq6zBdic2HwuiZ9N/iEXuCf92SOcK4b/2/Flos0JI5
+quu4eGkwoNrOvfZUcO7SB8JHUvmJtTP+avF3QeRfHo9bHRtnyOs9GXqq+CMZiNgO
+Bw+/tAOml3tV1Uf+yjp6XroWLRNMbvY1Sor4UW6FFMpOii/vlJ4450OlpcJdRU70
+LpHfxjmPNvc9YOPWve75/+CNF9lMi29UoEUYslxMPylZ/L0vYxi+xuvQBTaLiZeP
+CJ59Mc63LEmJNSAwnnV8s2KXL/Okm32lf6sy0fjsrvAdoCc=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.key_usage_noauthid.crt b/tests/data_files/server1.key_usage_noauthid.crt
index d66e515..b2d5d83 100644
--- a/tests/data_files/server1.key_usage_noauthid.crt
+++ b/tests/data_files/server1.key_usage_noauthid.crt
@@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE-----
MIIDLjCCAhagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
@@ -10,11 +10,11 @@
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
ozwwOjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAO
-BgNVHQ8BAf8EBAMCAeAwDQYJKoZIhvcNAQEFBQADggEBAJZRIISo4+rDvHXXaS43
-shfSkyJyur588mNJFzty1WVfhaIkwjMIGHeGlHS29fwgPsBUgelZ3Qv3J7wsm42+
-3BwQet0l36FIBIJtFhcrTGlaCFUo/5bZJUPGgiOFB9ec/8lOszVlX8cH34UimWqg
-q2wXRGoXWPbuRnUWlJhI2bAv5ri9Mt7Rs4nK4wyS1ZjC8ByXMn4tk3yMjkUEqu0o
-37zoQiF+FJApu0eTKK5goA2hisyfCX9eJMppAbcyvJwoj/AmiBkXW8J3kEMJtLmZ
-VoxXYknnXumxBLxUrGuamR/3cmbaJHIHE1Dqox7hB+9miyp4lue1/uXHCocGAIeF
-JTo=
+BgNVHQ8BAf8EBAMCBeAwDQYJKoZIhvcNAQEFBQADggEBAJVYcBoNiXBLOY53sJcH
+1X0oQA/KMVODJP1+rr/e6SuyROVgqUfFA/7Hn5evb94Ftxlb0d8uOlpoHWtyaRVw
+JR3tKCGiyiSzAS5tXiioOYt6fLDg9B2mpvFqa9ISqsvzbR3aNj/8uM7ni/aSxjhf
+L40SvCHbAsN5N087K55wiqUvkJFs2Ifl9IqCYjjq32Wuroi8lnPXSY1LTQ3DZqdj
+yogX+HWj+Psd+U8BLyFnfuqKeQ0U2xpJiFMbdG+IkzPYj+IjNZo6+rcK0LQkEcZm
+l4oQaDEaXi+7SqNbdpBJ5K3ZrSNNdt8pc1xhue2XXMFLEqO94ERTwnxiTg9TGRZ0
+u2U=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.noauthid.crt b/tests/data_files/server1.noauthid.crt
index 99c004f..ba195eb 100644
--- a/tests/data_files/server1.noauthid.crt
+++ b/tests/data_files/server1.noauthid.crt
@@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE-----
MIIDHjCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
@@ -10,10 +10,10 @@
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
oywwKjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAN
-BgkqhkiG9w0BAQUFAAOCAQEAUMDKviuchRc4ICoVwi9LFyfQjxFQLgjnX1UYSqc5
-UptiJsDpbJ+TMbOhNBs7YRV7ju61J33ax1fqgcFWkc2M2Vsqzz9+3zJlQoQuOLxH
-5C6v5/rhUEV9HMy3K5SIa/BVem9osWvMwDnB8g5k3wCZAnOuFcT6ttvzRqz6Oh9d
-avozrYHsATzPXBal41Gf95cNVcJ1pn/JgE4EOijMqmAPldVbCqfXLl6TB0nJS6dm
-q9z73DGrVQlOwmCVI+qD2POJI67LuQ0g6Y0WVMxsWilMppt+UrEknMzk4O4qOaUs
-1B20vI/bN4XPDnw58psazdoBxFL+fAk5MbTNKETNHjBsIg==
+BgkqhkiG9w0BAQUFAAOCAQEAwEHP5IyPK/D9CEXfyQqE72RHl8uqMQCl6LcHiv9C
+pTnu7hsbGgP0j8BIgBxHcpiJzPuCLNzOsCsfMfgfE9H0c50ePqNXpyOl6bLcQaw5
+TJapUFWtrZmC/nZWYZOvQ01/0QVKkgW2aXnQWV0EBqdwRHtJs3F1wBpKv/4bR31p
+kzDMP+WOdIvMzxh5o0lSi++Tx6h7mk61PU/sw0K5NwxF6X7AIvla0sbOcEa9lH8W
+bnkuieYbLA6euNPha1gjltT3aEkP5ZdnL/Vy/paCsT17bs6MNfeh99dd+WBvyBzQ
+Hx9XRgMLRd1bZv0sli9q7Yz3V+d+cmv3D/3nRYVI/+wUmw==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.req.cert_type b/tests/data_files/server1.req.cert_type
index 5677f32..39ff3fd 100644
--- a/tests/data_files/server1.req.cert_type
+++ b/tests/data_files/server1.req.cert_type
@@ -1,17 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIICpTCCAY0CAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
-GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+MIICpTCCAY0CAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAkMCIGCSqGSIb3DQEJDjEV
-MBMwEQYJYIZIAYb4QgEBBAQDAgBAMA0GCSqGSIb3DQEBBQUAA4IBAQB95Pkjpg/N
-Jbgl5nZcAk8maGMpUFlrhJS4kGutQKZugNX9v8cfABW905IHYXV1dm6zxVcyeqZM
-FiOgbV943fu5JbufoazdYXnnR2/iKMigqX4CzZrK3F5ZzegxkfDIfDrn/shC+rWb
-SS5WBVLJ3QNj9vwn3/b66IRbp/ViOwHx7+9JT4K/rLId/ynjYf2T57AsmNd/jptc
-Zs19fGgtrUXweWkliEZN2zE47Cc53jkx6+Li4TNs4Bjk5P/aXrCP0fBwgGt2K6YW
-dQ/nr0PwIbXzVlgUukSTHkJJfhF4Y/WqcUfOPrRdw+zxOLusJ9nzJBR0FOohcBxM
-kPBVna0dze/o
+MBMwEQYJYIZIAYb4QgEBBAQDAgZAMA0GCSqGSIb3DQEBBQUAA4IBAQBErZcEaEEO
+hLbRVuB3+N5by0mogdJsatJFSgW2/VztLvQBYu0O+VmTbZwCAWejA8U+cr6uPlyf
+b4lDqj3W+XykeK9bSzoSr1yNO2VAcE74Y0ZrSz2yXMfT5R9IyKqQZspaKD8MOmYH
+BqUH9o/phnGcaEG5xeSfhM1O/YNZuGnlLDQBGwT5puHOaLfjECvs8eZLopIWEBlD
+QkRlhYqZBwhGZ8D/TxqG4teFtnBX5FG7UoSSVuneBrkREQM7ElhtD9jCWjfMnqm1
+59G84OycClwaKU7/Dm6zeMGDyFoMksBud7lyDHMhxvwSbzb1JR5v8iBsmVY2dhHt
+Ot3Fx2be0gIr
-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.req.cert_type_empty b/tests/data_files/server1.req.cert_type_empty
new file mode 100644
index 0000000..70fd111
--- /dev/null
+++ b/tests/data_files/server1.req.cert_type_empty
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICpDCCAYwCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAjMCEGCSqGSIb3DQEJDjEU
+MBIwEAYJYIZIAYb4QgEBBAMDAQAwDQYJKoZIhvcNAQEFBQADggEBACU0LLDBIMgG
+B7gyNANHv42RovhQdzmUulqJPHNHx3v9G17F00bEykJb/r3awW6l5fhY/6oPydsY
+hnWEM6VVCUkJ6Zqm2/wE49uaNTbFd9JU4OywRBfjHHSTOGnYFg+BYSfwaIkSCkx2
+kVhyklFm7My5wkyDPpFSU2tTfgsgaQMyTm93a2kxM7qJ/X3gFDG8o7R0vyojFVSI
+mwsF9QsC6N9cygdFx23zCB0KsJ9KfmBqaTsdbKh8BsocYm5FJCw4WS/CBrCWBj+z
+N7yEJj4SR5F+P7sFc5I0HANov5wQe8E3+WxxQt8jcqIje6DlaaGja44cXOzvFQyx
+Hg/6H5EtBQc=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.req.key_usage b/tests/data_files/server1.req.key_usage
index 053aed9..30e4812 100644
--- a/tests/data_files/server1.req.key_usage
+++ b/tests/data_files/server1.req.key_usage
@@ -1,17 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIICnzCCAYcCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
-GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+MIICnzCCAYcCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAeMBwGCSqGSIb3DQEJDjEP
-MA0wCwYDVR0PBAQDAgHgMA0GCSqGSIb3DQEBBQUAA4IBAQCj6jCu0wE5OQ1JGQwZ
-FNwPqZrvKntSq2yLIbgmGxwlvDLxOzn0KmidSFiKRqh0KXwj9siodlz5C0d9tUqq
-7xUXg+j+wDHqUV8zo42Jke+UmWXFPpnXx/fDFGTITdLSn8ZDxkt31ESLTEVZvPFD
-odm+C+zWJtKpyL+9op4KvyBQ1MZ9nWZpwMaK4g4mdtOIsz75gMa74w8ZT7VzhGMY
-cZGmafsl7x++GDDtf0oCPgrj9xy+Ovv/GyUBaB+6lweflTfPDTRSoN0meFlP5ynF
-vqcBM5JKH2FUQIizfc9o6Z8tKxe9FCov3x8szAuoMRA7bjhVngeQIrEkTcaQBvBY
-NalC
+MA0wCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBBQUAA4IBAQBsJ3v1Ar2X28GJsRSJ
+WRQwFQwIbR/D0cHrwTf0ZfZttClytuc18JZlwkH3EG/rNkWaFp6MKIZoRMOBuSPc
+MNvvKIo4nPaeouDPruymx0gNenlyRL3D4OZpBO/BmQIQjbUKWFbzEnEqvwvMDUnG
+8w7UjPSFcxj2HzENr62HLPKKnVpL3nDXWK1a2A77KF9aMxyoWQ6FXb2xPD9cJjdo
+c1jwskQbgosQzKKwwp5yxq0zRD3EAGw4A78mgHMfgFprq9e9azaB0JeyFG2Vn0t0
+L+vfiDEVQ3eJXSCen1kEVyHRju8g53UcSgd+JicWFboFj2/mJBuyW6yM++RGA9B5
+Zd62
-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.req.key_usage_empty b/tests/data_files/server1.req.key_usage_empty
new file mode 100644
index 0000000..47e56bf
--- /dev/null
+++ b/tests/data_files/server1.req.key_usage_empty
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICnjCCAYYCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAdMBsGCSqGSIb3DQEJDjEO
+MAwwCgYDVR0PBAMDAQAwDQYJKoZIhvcNAQEFBQADggEBAAqQ/EU/3oMt7YW4vWgm
+0Q7F4v7DrFEoVMWfBzNWhMNIijzoaWKY8jwseZMzu8aCNQlJnM7c9FJF+OCgS7L5
+0ctwzjfCOi5I5cKgqv8WpuMZWHXNtB7YtjUWIZVri/RazCncZEwJGCKQjmQYrGJm
+Qmu2+D+DWY+nEW47ZfDH9jOJtatnREjSNsKzc44L9zUaEy3bi+m455XGH+ABmeb7
+Iqmguh10xUyY6rEOFEuqvFyFr5g1eb53Rr5CQxGfw1j+2bbSh+rVb6Ehf9LAijyu
+Ygqa91hGab/CjykS6HMrD91ouWtt2Rt3zCKo4Xxe8dlAszKB4W83M9OgDVVpiCfC
+t3A=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.req.ku-ct b/tests/data_files/server1.req.ku-ct
index 0e057d5..ebd01f5 100644
--- a/tests/data_files/server1.req.ku-ct
+++ b/tests/data_files/server1.req.ku-ct
@@ -1,17 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIICsjCCAZoCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
-GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+MIICsjCCAZoCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAxMC8GCSqGSIb3DQEJDjEi
-MCAwCwYDVR0PBAQDAgHgMBEGCWCGSAGG+EIBAQQEAwIAQDANBgkqhkiG9w0BAQUF
-AAOCAQEANlNG9hW852OzVKj2Z8TtU9jxstAoSCH9yc9Coj4Vw2TTjs1zcuBWsMl1
-2bf2I6ZvEH6ZhcQY7i7nyHQyPlqE4l6U9D8ct967QN7smuAHNY2HiQ2++eCBTHck
-PdtGJAzIvNlXcoqNi8UC5fGepNtI1usNo41SKMvbg6nGA5gdcQKk7CVlk8lrD0qI
-Xn/HvjSRoDE4ZGxAtNvPXWorGSxtgcy8EMPoXVUab5fNt8q//x/NQ4yEQKPrexmR
-IuOiQ8VW8QZtkORGpZbGSvskU0WfKANui4zCcXYRc4mVR4Wf0C+fyHeihhjslSnT
-RbC7nQn5HSHp31qJlr80QodywaK1Dg==
+MCAwCwYDVR0PBAQDAgXgMBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQUF
+AAOCAQEAWUMyIXHi4BbIxOeCD/Vtu9LGV8ENMV7dwYVEQcwrt1AHahtYgUtkoGcP
+lOPqg1lbg22bu8dLPoY4HAzxCOAGs27otWL5LlE9M5QPH1RedEycmOuYrMl6K988
+hfDBJ+OkgCShcM91+udrc0gpDEI7N01A+fmukQ6EiaQjIf7HME/EKQqhEuEQMXHC
+GBvdNuEF5BfV3aAYuT+xfdXDU2ZWwXXWAHGmVh3ntnhtEG6SnXSnBATU2wa4tpBd
+KLbEbcsiy2uj0OLJlvG6LqsNggtkD58GCGpLpaVxdW80yw+f/krwLpeyocE1KGcT
+7eX+9yhLe9NIZojvevw+53dNE7BUfw==
-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.req.md4 b/tests/data_files/server1.req.md4
index 44c53d7..1558549 100644
--- a/tests/data_files/server1.req.md4
+++ b/tests/data_files/server1.req.md4
@@ -1,16 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
-GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBAwUA
-A4IBAQAPPUzYvUA+HQTteMhkGcuD6XtsZ3i2gQdDGgLUxtMAVFw+/5ZS6l+WqPgq
-WQIOsEINPHnjUAMz5pjbFdFqu7X5G29THa2da0Ua2bJO/bu3CZ6EksGmclqaQ2Zl
-vfkWaI3bfPFh8eKHF+F5oaVp0gHviCakNqxot4rrZdL8pnJC5JJ+f76y6SgHYOao
-SGCv1gYURhIsX0gWCqldsCwxJQFEig9HISUcXViGGVnLdshUtuKL9yNZ/HNAOuOk
-7N7a7ur8KMmvar1jkTq+zKSSuSrzmU2JvxFdqU0Gr7A35jgnVG8sj66L4lAcwdoG
-sP8OmC1hWh4U3avH6EHdEG8lw0U7
+A4IBAQAu8SbWDi5udXrs/lljV+jdHky2BFuVFNxZgj5QvLslffdx2/Tj4MVCsqkY
+tAcy5g/urW1WwHcnJ20PRgt60m3BSUJffdKF/kgRyTN1oBFpApHGAJEHPahR/3Mz
+hMBk4D/r6lga60iUhIfky8o8KU+ovHXROHzGfYaVySatpyJW6tkJOz/1ZKLI4s4K
+HGLFxKBd6bvyuMSCpV31J7ZHPQfSH38VEEaTLJ2QOltWDX5k4DlL/F3I5K4VFWOm
+DMndMXkb7LhL9jcaJJRzEmbX3aMdt2aXhQt2LDFMnMCeSHI014URnQd6IzRQYZPp
+qGZf2UmuJdLeIMzSNX2rZ+SVDX9o
-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.req.md5 b/tests/data_files/server1.req.md5
index 950f5c4..57714ed 100644
--- a/tests/data_files/server1.req.md5
+++ b/tests/data_files/server1.req.md5
@@ -1,16 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
-GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBBAUA
-A4IBAQAQx+EjsPUUYac3t1v24lPOYqrKM52XYDwSnwW5Okjn+YxJowZyd8gfzmfp
-vp4+//h5P3VlQDwaXeMTgKCizjf+jdACNJe60/RxYpYFKrvy67ZSr/h7fhdm52Jz
-/tSCbh6FwH1075loBuWLuzD7Pvm1X1FJmbp2ceaJozDnXTAKFdVTqdiRYwyg4iPl
-krhONGNe132aYZtFssdjSCim+bB+/sagR3SuJPoQ+8EjDXYG75n4ZVa4dAcjVoYk
-pg0YK5cuH1FHCXOBO4N1+G0skL8AZwlv+rhKQk6lpGt+AQ8LSjCz2zHUnfpaXXWp
-s1dq9ufjbJdaHDjkBY1gZ3BMmXPw
+A4IBAQCEiv3QM4xyKhYTsoOjyzQdXMhsXK3Kpw+Rh874Hf6pXHxUaYy7xLUZUx6K
+x5Bvem1HMHAdmOqYTzsE9ZblAMZNRwv/CKGS3pvMkx/VZwXQhFGlHLFG//fPrgl3
+j4dt20QsWP8LnL4LweYSYI1wt1rjgYRHeF6bG/VIck6BIYQhKOGlzIwWUmfAGym6
+q4SYrd+ObZullSarGGSfNKjIUEpYtfQBz31f5tRsyzSps7oG4uc7Xba4qnl2o9FN
+lWOMEER79QGwr7+T41FTHFztFddfJ06CCjoRCfEn0Tcsg11tSMS0851oLkMm8RyY
+aozIzO82R3Em7aPhZBiBDy3wZC2l
-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.req.sha1 b/tests/data_files/server1.req.sha1
index f4c61bc..578ec7f 100644
--- a/tests/data_files/server1.req.sha1
+++ b/tests/data_files/server1.req.sha1
@@ -1,16 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
-GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBBQUA
-A4IBAQCACO1GoBxMdGoWLtk0USbZIJkJidvraTyuuVMMvTaRHAseepNZWtbI2VjZ
-8BYFKnY9uSX4uozODi5Tkv2dCSwAFFJs7bsALqpjqfU1kwQSbfLoT8twf7o51Zw8
-LAEKW0GpifhI4NJAaIeh5EyfMeXH5RFAz31T95Eat56eLcewDK5nWUdQx/KkkSIb
-AFKqPKz8F9KS1tEty5UYmC1QV+q7NG1aOrWcuqvszpyUbsz/u32QH0Lp7E3lXMt1
-vyFfAsA6KBLTUmyTVQHz4snQAb5CFNLOrXnHbtjem7ZmhDzE1DS/7o8NK49zuXUW
-YUMPRpZDSNUpIBmZs2NBTARSEc04
+A4IBAQCiYQMOv2ALPUeg8wHKn9L5SdDbNxOzuMwhYsCYTw2TJMQO7NLUq6icEzxY
+pUIIFt60JUQjZHxQSY3y9cSivwKXQA7pPfaPaFC/aMA2GxG23t2eaIWNQX8MfcWf
+XAa8bl/vmC1MTov+mP2DGoXRiKYORrEInyDS2RaTathvHckcAv25nCIx7wYO9tC9
+LUwyoE9bhiQ7fo3KFlz4dK1HukyCM/FoPbJuL7NgdzmKVPyYCLh5Ah+TTD6+sltz
+dFc4fj28w1v3jsBXz+tLrgFQidzuUI2poxt5UwU9TKY0dAJaTCtfIRcXW3h6DGG7
+EDR6rim6sbIQkGzYvGqs4TNoJOR+
-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.req.sha224 b/tests/data_files/server1.req.sha224
index e52196d..a4f2af4 100644
--- a/tests/data_files/server1.req.sha224
+++ b/tests/data_files/server1.req.sha224
@@ -1,16 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
-GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDgUA
-A4IBAQAed2cYY9P/xJNHBrHDxjeh5uFyDskCvw06Kvy8FJt6G/0ncnfhSpPnevao
-UPf2jk07iMIFiaDDKc3yg4H2Uh44+Ud2YdAxHYWttKnvj43XSoWSnmUDEiUqgPAP
-C4EmgPEfsxtj+nI5fwIGEvfb3mJ31FJxnSJREcaH8uqyXW4vfF8e0o+9gdM+aTw/
-OJj+dYvepfIpB+1jIq1srr9NLJjKlvHBhQFbIcIgQXJKcw5z04hgjdoSuQckMO5z
-3gVaaHfjCJQT1tDWfjLTCceDoJPskeo7xbDvXnCho+ZLtyMesoCvOEeZLJhDYTlw
-H5jw6f9GW8Q9XP+EQcf6ZhtmYLrU
+A4IBAQArYR2mLKU5lsHyAyGHr4PlmC/cfePmCRyC/mj1riGTjDlNC2X3J1VZDqKb
+U/uUxLudP7sbuttRksIAREATT74Pa40bMWiPUlBfA/M2mFTmKb/91uXeIISW8DL3
+xM/5BCDrhnZ/cjP23gKDgJRk+IGBNhYZDGz50TIBbDJ2e4GDkFjzANngUW64UcCQ
+7hZOYtnYLBnoRvPwtal5jZqHwsgaPPePXu+SQ8mfuAJwJ78MOCAaKw0IP1h1OnPG
+iubdl34lSIaYWwbHTdjaqUSQG3SSs4oxEvluYymrpZ6XGKXtphJXEPdTRiLu9d9l
+A5NYVgvqHFQPmuXS92zrGzB788pV
-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.req.sha256 b/tests/data_files/server1.req.sha256
index 804c4a5..6d21dc5 100644
--- a/tests/data_files/server1.req.sha256
+++ b/tests/data_files/server1.req.sha256
@@ -1,16 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
-GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBCwUA
-A4IBAQBY/1nnYQ3ThVyeZb1Z2wLYoHZ5rfeJCedyP7N/gjJZjhrMbwioUft2uHpb
-+OZQfxRXJTbtj/1wpRMCoUMLWzapS7/xGx3IjoPtl42aM4M+xVYvbLjExL13kUAr
-eE4JWcMIbTEPol2zSdX/LuB+m27jEp5VsvM2ty9qOw/T4iKwjFSe6pcYZ2spks19
-3ltgjnaamwqKcN9zUA3IERTsWjr5exKYgfXm2OeeuSP0tHr7Dh+w/2XA9dGcLhrm
-TA4P8QjIgSDlyzmhYYmsrioFPuCfdi1uzs8bxmbLXbiCGZ8TDMy5oLqLo1K+j2pF
-ox+ATHKxQ/XpRQP+2OTb9sw1kM59
+A4IBAQCVlSU7qeKri7E3u8JCZbCyjsGJTH9iHYyeDZ/nDLig7iKGYvyNmyzJ76Qu
++EntSmL2OtL95Yqooc6h1AQHzoCs+SO2wPoTUs3Ypi9r7vNNVO3ZnnxVtGgqCRVA
+W+z9W4p2mHXQhgW1HkuLa5JD1SvJViyZbx9z3ie1BQ9NVKfv++ArPIv70zBtA7O3
+PZNG1JYN30Esz7RsCDRHbz6Npvu9ggUQL/U3mvQQ+Yo+xhwu1yFV+dRH7PebBeQv
+vjcD2fXDabeofK3zztIpUIyUULX0GGClM9jslgJ/ZHUlArWKpLZph0AgF1Dzts//
+M6c/sRw7gtjXmV0zq2tf2fL4+e2b
-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.req.sha384 b/tests/data_files/server1.req.sha384
index 7c764f7..b857af7 100644
--- a/tests/data_files/server1.req.sha384
+++ b/tests/data_files/server1.req.sha384
@@ -1,16 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
-GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDAUA
-A4IBAQA/XVYxhCWWWExy+O5y/zI1121L5MPjrlLypgP+ZDU8TUq8fusryYAgVATo
-njpff6RF9QTKZhouFmgwicEnE6Xuw1LZt4SWskEyISMsTemx3eiY3YSu7uqpMIIh
-h5ht1qGxkFZaLG0REIlUWqVTKk9oWLOg6pv+qees00SAn031Vc2C3++ctQONUrko
-fc8aAGAi9DvSuFkfjhZkp8Fr4d7buHQPmJiYxRp27K5NbVxrr0GCB3wh7ruGc8Mc
-K+PNQvoz425dHK3dHzeoIWD2Ka25mbjglbW1rqAdTkZSYH2QqZTHsKCr0u5iPtSD
-gF7K0AMuT2LIeSs1p82n+cLF78fz
+A4IBAQBy35zHYLiYaScq1niQkzQ/BScUbdiWd2V90isBsB5Q3NjVoJl/yCaMrla3
+2XfrutpFpdqwenl5jM0o6+enKCmfur+z2/ije69Dju2aBd6A62cx1AEvFiMq7lyF
+4DYJ32+2ty6KA8EhzE3NFs7zKXxmD5ybp+oXNEvXoeU3W8a+Ld5c1K/n+Ipa0TUy
+cFBs6dCsbYO9wI6npwWqC5Hc9r/0zziMFO+4N5VORdYUFqObq4vCYOMXETpl8ryu
+lGZorNUoJ7vV55T31CDqEtb0EE+nO+nT4agfDobncYjvc3WpQuLtUB4UwR5gpZl6
+ZI+j4uwikOgGO9gcx4IjaRP3q63F
-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.req.sha512 b/tests/data_files/server1.req.sha512
index 43d7095..85d5246 100644
--- a/tests/data_files/server1.req.sha512
+++ b/tests/data_files/server1.req.sha512
@@ -1,16 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
-GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDQUA
-A4IBAQBH78JrIboWUlOiUzEwxuYkaRBr22DfdSHlNVjnenrTsSsSdfPenfrUbs42
-NfzhJtvLBnDMs9olsiyPNKZnROmjl/4Da5ScVBfdA7oSImwdsaL0krAju8lJosy7
-ypqNejQQDgjL00HkaVyqjnEWY68enAkaK64suQ4w0pkGmtdZyg0nBiH1VI72PcPR
-Fu2wxSkvvYj+BcHVAY/GWRMTHw1mkmsQna7AsZ1MFIF3ycIW5Fom6d0wpB6clJ3M
-vNTBc7kZIR1BQyblyU96acesxJURJn5xO9Yf9OSsTbd7Xm5xK6DpQWxFFEgdVtir
-hSAqtp54nVnLe4QihmVAlM8zt2ON
+A4IBAQBb8jNpt0nkNVWstVoOCepQSF5R1R9hF0yEr7mk3HB9oO/nK07R1Oamgjw+
+CHQReTSjIKUX53o7ZwNZB5E+jBDsGz/2Yyj/vxNHJFk2exELtW30he8K2omVHE1F
+XESbftCssWLNpTSDq6ME12+llkEDtgCtkv69oRUkuuF5ESUSZRGIZN4Vledm8SM1
+uGFtaG/PXbBbtUaNwNISDeIWDKRtbuca5web+QEi1djiUH21ZWIGEpOy7mtkYmRs
+Qt1D32FoaqFNhafiaxNIXO11yd4lgpaDDlmrOSBsELcTIF9916o3DwMeVXy0GONW
+BrwaO8q8rg+C+xvMY7858Kk8kwjb
-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.v1.crt b/tests/data_files/server1.v1.crt
index b13be43..47e3813 100644
--- a/tests/data_files/server1.v1.crt
+++ b/tests/data_files/server1.v1.crt
@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC6zCCAdMCAQEwDQYJKoZIhvcNAQEFBQAwOzELMAkGA1UEBhMCTkwxETAPBgNV
-BAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4XDTExMDIx
-MjE0NDQwNloXDTIxMDIxMjE0NDQwNlowPDELMAkGA1UEBhMCTkwxETAPBgNVBAoT
-CFBvbGFyU1NMMRowGAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZI
+BAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBMB4XDTE5MDIx
+MDE0NDQwNloXDTI5MDIxMDE0NDQwNlowPDELMAkGA1UEBhMCTkwxETAPBgNVBAoM
+CFBvbGFyU1NMMRowGAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb
7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJ
BEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8Yw
fhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5B
Xhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1Y
ieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAATANBgkq
-hkiG9w0BAQUFAAOCAQEAPMRfR9ql7b06b5DdNyJhD96lBzuVSUOW2MgVHT2Vs7NB
-tk5L1htpA5N4uaIeyt6YM0xU0nHdHUKaywNcDiXcnzvRoctGWiWdpcEvdA0rYRF5
-T4MGPpjEuLJcG3aTU8mV8wUEbrY6IEnSpC1G9iasjhkwAF7pb/Ic8+/riwmPD/Fh
-zBrRfBCgi5VXbX9IvY+yQHRVRal8y+n4eh9/hFxBKDbvuidFropGzcuparEwCIRi
-U7L/7aZ3A5wsQp9GPDliSjpeYCf5tok/bvjG4xU041pGQ7yVNpu2mEIoqDz9v+Ay
-IKqsWradEnFG/1ov78a2RB+2+iIPE4iCDtmKUkgPjQ==
+hkiG9w0BAQUFAAOCAQEAfuGhX2pcmQglXcslzRuastNUW8AGatDsjssDec27L/c6
+bCz/yQCaZtw2gk9QLsYMOtef/hfb7Rbu5fLwCn4zcQdmuh17nHcWh7fmtXsoebiz
+kzV4GMEaU+Cc6ws1h8GuLTLKpr/iMYFBhT1cjVGmi0C2FHBj8vbWv7sEEIUovrMQ
+7eh1Y1NkZa+w0sagiMfhWs2DTzNikby9mmJYUSmKTX1dI23YYPEIG+3shkY88VC0
+IBuH2i+pUXKN+xKhh9bbwLGdHIfNHhuIvfkkALhDuAOvqAis1buEAUoHR3qahHkh
+2nzY/ROBG3+NCSDggHEf6xxCDg8xZpkdbKKRFMGBCA==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server10-badsign.crt b/tests/data_files/server10-badsign.crt
new file mode 100644
index 0000000..eca171f
--- /dev/null
+++ b/tests/data_files/server10-badsign.crt
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
+A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
+YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
+VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
+oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
+Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
+rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
+AzO3pJx7WJAApZuBX10=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server10-bs_int3.pem b/tests/data_files/server10-bs_int3.pem
new file mode 100644
index 0000000..b84cee7
--- /dev/null
+++ b/tests/data_files/server10-bs_int3.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
+A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
+YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
+VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
+oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
+Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
+rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
+AzO3pJx7WJAApZuBX10=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
+732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
+ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
+Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
+pz590JvGWfM=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server10.crt b/tests/data_files/server10.crt
new file mode 100644
index 0000000..96a4040
--- /dev/null
+++ b/tests/data_files/server10.crt
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
+A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
+YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
+VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
+oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
+Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
+rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
+AzO3pJx7WJAApZuBX1Q=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server10_int3-bs.pem b/tests/data_files/server10_int3-bs.pem
new file mode 100644
index 0000000..a9e0615
--- /dev/null
+++ b/tests/data_files/server10_int3-bs.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
+A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
+YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
+VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
+oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
+Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
+rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
+AzO3pJx7WJAApZuBX1Q=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
+732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
+ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
+Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
+pz590JvGWf0=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server1_ca.crt b/tests/data_files/server1_ca.crt
index 748d944..a597732 100644
--- a/tests/data_files/server1_ca.crt
+++ b/tests/data_files/server1_ca.crt
@@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE-----
MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
@@ -11,31 +11,30 @@
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC
-AQEAvc+WwZUemsJu2IiI2Cp6liA+UAvIx98dQe3kZs2zAoF9VwQbXcYzWQ/BILkj
-NImKbPL9x0g2jIDn4ZvGYFywMwIO/d++YbwYiQw42/v7RiMy94zBPnzeHi86dy/0
-jpOOJUx3IXRsGLdyjb/1T11klcFqGnARiK+8VYolMPP6afKvLXX7K4kiUpsFQhUp
-E5VeM5pV1Mci2ETOJau2cO40FJvI/C9W/wR+GAArMaw2fxG77E3laaa0LAOlexM6
-A4KOb5f5cGTM5Ih6tEF5FVq3/9vzNIYMa1FqzacBLZF8zSHYLEimXBdzjBoN4qDU
-/WzRyYRBRjAI49mzHX6raleqnw==
+AQEAf2k5OiORp60gBNqioC2mIqSXA0CU/qzllt8IvlcMv1V0PAP9f4IEm5mdkERr
+UXjnB1Tr3edrsvXLgZ9vEosbFpNMsKfsmBkpjgWG2ui8pdn8cJiws4k4h5fuueSw
+Ps1FLK5Tfpi+GJyPqk4ha9Ojp2p9opuA0aIfLuxI+0UzXH4wgrEW/Yydowv959gf
+gGSl766CRdUvJbXOeVryFjFTRfLFFNfTvrftZk1dl8tas1nim8xfWet+BZVvq2zY
+C7LeCI9nrfuAxfMJTrWFp17y72+hCDk7NEaB2ZLVuAM/ri7LWrr2V2hLFdIAhfC2
+nUaulRRpGt/ZTISw6uSIumNoNA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
-/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
-BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
-dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
-SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
-DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
-pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
-m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
-7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
+UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/
+MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA
+A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL
+hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm
+8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD
+zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ
+0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/
+mtxyUALj2pQxRitopORFQdn7AOY5
-----END CERTIFICATE-----
diff --git a/tests/data_files/server2-badsign.crt b/tests/data_files/server2-badsign.crt
index 7e32d3b..a9e40ba 100644
--- a/tests/data_files/server2-badsign.crt
+++ b/tests/data_files/server2-badsign.crt
@@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE-----
MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
@@ -10,11 +10,11 @@
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD
VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
-FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJxnXClY
-oHkbp70cqBrsGXLybA74czbO5RdLEgFs7rHVS9r+c293luS/KdliLScZqAzYVylw
-UfRWvKMoWhHYKp3dEIS4xTXk6/5zXxhv9Rw8SGc8qn6vITHk1S1mPevtekgasY5Y
-iWQuM3h4YVlRH3HHEMAD1TnAexfXHHDFQGe+Bd1iAbz1/sH9H8l4StwX6egvTK3M
-wXRwkKkvjKaEDA9ATbZx0mI8LGsxSuCqe9r9dyjmttd47J1p1Rulz3CLzaRcVIuS
-RRQfaD8neM9c1S/iJ/amTVqJxA1KOdOS5780WhPfSArA+g4qAmSjelc3p4wWpha8
-zhuYwjVuX6JHG08=
+FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3T/
+////7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A
+O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc
+KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE
+iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp
+HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap
+Awgk0+4m0T25cNs=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server2-sha256.crt b/tests/data_files/server2-sha256.crt
index 006d9db..b31be6b 100644
--- a/tests/data_files/server2-sha256.crt
+++ b/tests/data_files/server2-sha256.crt
@@ -1,21 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIIDfTCCAmWgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTcwNTA5MTM1MTA1WhcNMjcwNTEwMTM1MTA1WjA0MQswCQYDVQQGEwJOTDERMA8G
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
-HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaOBkjCBjzAd
-BgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwYwYDVR0jBFwwWoAUtFrkpbPe
-0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
-clNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBDQYIBADAJBgNVHRMEAjAAMA0G
-CSqGSIb3DQEBCwUAA4IBAQAQf85QSjAeP+l6hirPorUL+k/3BznAh/6RXdveBO3K
-uwtqK5qI59+3N+ZLXP7fr2Z5eO8qpchRgNNwT0LKglAEXGWn30PYI1GKSiqAaK0X
-CUNIrxV3qKqOLbtqP1dMdiwsmiHYrN8E9UdysObedE2yDNLpTMHPJBZ+k6FowTyZ
-IpUuabkxMBFxmLv+nOBDOiaCzintEcdJdY4F6p5j8jwMvVNVAXNfxAEwa0MoVRTt
-/GORvq4ZEfsatVA+HRi602m+dZETTWKSODrj8AuQcG8/i1AOhk3C1WNOFKj/ZSfB
-2P6EQmhLeRp4bO+3rG73T3R2yn0PZYQ7ZrjFPPKqgu+n
+HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD
+VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
+FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJh
+Pqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6U
+HoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq9
+1C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sv
+a1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0
+e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbo
+pMZqLmbBm/7WPLc=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server2-sha256.crt.der b/tests/data_files/server2-sha256.crt.der
new file mode 100644
index 0000000..699270b
--- /dev/null
+++ b/tests/data_files/server2-sha256.crt.der
Binary files differ
diff --git a/tests/data_files/server2.crt b/tests/data_files/server2.crt
index dca4c24..0745196 100644
--- a/tests/data_files/server2.crt
+++ b/tests/data_files/server2.crt
@@ -1,65 +1,8 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 2 (0x2)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:06 2011 GMT
- Not After : Feb 12 14:44:06 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=localhost
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:c1:4d:a3:dd:e7:cd:1d:d1:04:d7:49:72:b8:99:
- ac:0e:78:e4:3a:3c:4a:cf:3a:13:16:d0:5a:e4:cd:
- a3:00:88:a7:ee:1e:6b:96:a7:52:b4:90:ef:2d:72:
- 7a:3e:24:9a:fc:b6:34:ac:24:f5:77:e0:26:64:8c:
- 9c:b0:28:7d:a1:da:ea:8c:e6:c9:1c:96:bc:fe:c1:
- 04:52:b3:36:d4:a3:fa:e1:b1:76:d8:90:c1:61:b4:
- 66:52:36:a2:26:53:aa:ab:74:5e:07:7d:19:82:db:
- 2a:d8:1f:a0:d9:0d:1c:2d:49:66:f7:5b:25:73:46:
- e8:0b:8a:4f:69:0c:b5:00:90:e1:da:82:10:66:7d:
- ae:54:2b:8b:65:79:91:a1:e2:61:c3:cd:40:49:08:
- ee:68:0c:f1:8b:86:d2:46:bf:d0:b8:aa:11:03:1e:
- 7f:56:a8:1a:1e:44:18:0f:0f:85:8b:da:8b:44:5e:
- e2:18:c6:62:2f:c7:66:8d:fa:5d:d8:7d:f3:27:89:
- 29:01:c5:90:0e:3f:27:f1:30:c8:4a:0e:ef:d6:de:
- c7:c7:27:6b:c7:05:3d:7a:c4:02:3c:9a:1d:3e:0f:
- e8:34:98:5b:cb:73:4b:52:96:d8:11:a2:2c:80:88:
- 69:39:5a:d3:0f:b0:de:59:2f:11:c7:f7:ea:12:01:
- 30:97
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- A5:05:E8:64:B8:DC:DF:60:0F:50:12:4D:60:A8:64:AF:4D:8B:43:93
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
-
- Signature Algorithm: sha1WithRSAEncryption
- 9c:67:5c:29:58:a0:79:1b:a7:bd:1c:a8:1a:ec:19:72:f2:6c:
- 0e:f8:73:36:ce:e5:17:4b:12:01:6c:ee:b1:d5:4b:da:fe:73:
- 6f:77:96:e4:bf:29:d9:62:2d:27:19:a8:0c:d8:57:29:70:51:
- f4:56:bc:a3:28:5a:11:d8:2a:9d:dd:10:84:b8:c5:35:e4:eb:
- fe:73:5f:18:6f:f5:1c:3c:48:67:3c:aa:7e:af:21:31:e4:d5:
- 2d:66:3d:eb:ed:7a:48:1a:b1:8e:58:89:64:2e:33:78:78:61:
- 59:51:1f:71:c7:10:c0:03:d5:39:c0:7b:17:d7:1c:70:c5:40:
- 67:be:05:dd:62:01:bc:f5:fe:c1:fd:1f:c9:78:4a:dc:17:e9:
- e8:2f:4c:ad:cc:c1:74:70:90:a9:2f:8c:a6:84:0c:0f:40:4d:
- b6:71:d2:62:3c:2c:6b:31:4a:e0:aa:7b:da:fd:77:28:e6:b6:
- d7:78:ec:9d:69:d5:1b:a5:cf:70:8b:cd:a4:5c:54:8b:92:45:
- 14:1f:68:3f:27:78:cf:5c:d5:2f:e2:27:f6:a6:4d:5a:89:c4:
- 0d:4a:39:d3:92:e7:bf:34:5a:13:df:48:0a:c0:fa:0e:2a:02:
- 64:a3:7a:57:37:a7:8c:16:a6:16:bc:ce:1b:98:c2:35:6e:5f:
- a2:47:1b:47
-----BEGIN CERTIFICATE-----
MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
@@ -67,11 +10,11 @@
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD
VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
-FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJxnXClY
-oHkbp70cqBrsGXLybA74czbO5RdLEgFs7rHVS9r+c293luS/KdliLScZqAzYVylw
-UfRWvKMoWhHYKp3dEIS4xTXk6/5zXxhv9Rw8SGc8qn6vITHk1S1mPevtekgasY5Y
-iWQuM3h4YVlRH3HHEMAD1TnAexfXHHDFQGe+Bd1iAbz1/sH9H8l4StwX6egvTK3M
-wXRwkKkvjKaEDA9ATbZx0mI8LGsxSuCqe9r9dyjmttd47J1p1Rulz3CLzaRcVIuS
-RRQfaD8neM9c1S/iJ/amTVqJxA1KOdOS5780WhPfSArA+g4qAmSjelc3p4wWpha8
-zhuYwjVuX6JHG0c=
+FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4
+cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A
+O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc
+KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE
+iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp
+HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap
+Awgk0+4m0T25cNs=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server2.crt.der b/tests/data_files/server2.crt.der
new file mode 100644
index 0000000..9cfa9ab
--- /dev/null
+++ b/tests/data_files/server2.crt.der
Binary files differ
diff --git a/tests/data_files/server2.key.der b/tests/data_files/server2.key.der
new file mode 100644
index 0000000..9905ce7
--- /dev/null
+++ b/tests/data_files/server2.key.der
Binary files differ
diff --git a/tests/data_files/server5-fan.crt b/tests/data_files/server5-fan.crt
new file mode 100644
index 0000000..dc1eb38
--- /dev/null
+++ b/tests/data_files/server5-fan.crt
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBdTCCARugAwIBAgIBTTAKBggqhkjOPQQDAjA3MQswCQYDVQQGEwJVSzERMA8G
+A1UECgwITWJlZCBUTFMxFTATBgNVBAMMDE1iZWQgVExTIEZBTjAeFw0xOTAzMjUw
+OTAzNDZaFw0yOTAzMjIwOTAzNDZaMDcxCzAJBgNVBAYTAlVLMREwDwYDVQQKDAhN
+YmVkIFRMUzEVMBMGA1UEAwwMTWJlZCBUTFMgRkFOMFkwEwYHKoZIzj0CAQYIKoZI
+zj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/
+6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6MYMBYwFAYDVR0lBA0wCwYJKwYBBAGC
+5CUBMAoGCCqGSM49BAMCA0gAMEUCIQDp/Q5FaVy3YNeJflQKLGycQZoH6V3FQnLq
+ERUCeimLIAIgdyiA4KdHxkpQhC1L1KfmxG8YJqu31FBjmNw00Sv8J9k=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-othername.crt b/tests/data_files/server5-othername.crt
new file mode 100644
index 0000000..3be1a77
--- /dev/null
+++ b/tests/data_files/server5-othername.crt
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBnzCCAUWgAwIBAgIBTTAKBggqhkjOPQQDAjBBMQswCQYDVQQGEwJVSzERMA8G
+A1UECgwITWJlZCBUTFMxHzAdBgNVBAMMFk1iZWQgVExTIG90aGVybmFtZSBTQU4w
+HhcNMTkwMzI0MDkwNjAyWhcNMjkwMzIxMDkwNjAyWjBBMQswCQYDVQQGEwJVSzER
+MA8GA1UECgwITWJlZCBUTFMxHzAdBgNVBAMMFk1iZWQgVExTIG90aGVybmFtZSBT
+QU4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3zFbZdgkeWnI+x1kt/yBu7nz5
+BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqIwmt3DVXNiioO+gHItO3/oy4w
+LDAqBgNVHREEIzAhoB8GCCsGAQUFBwgEoBMwEQYHKwYBBAERAwQGMTIzNDU2MAoG
+CCqGSM49BAMCA0gAMEUCIQCijdm1AfArx2p4cLCVciHCTE8UXRiTm8f85k4aNzzf
+sgIgCdmLyfZB9jsSPH3A3O1GATAR3O9OTtEDC+YSc+lvxSw=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-ss-forgeca.crt b/tests/data_files/server5-ss-forgeca.crt
index bfd7b70..2265bf5 100644
--- a/tests/data_files/server5-ss-forgeca.crt
+++ b/tests/data_files/server5-ss-forgeca.crt
@@ -1,11 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBlDCCATmgAwIBAgIBTTAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
A1UECgwIbWJlZCBUTFMxKDAmBgNVBAMMH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTIwODQzWhcNMjUwODI5MTIwODQzWjBKMQswCQYD
+YXRlIENBIDMwHhcNMTUwOTAxMTEwODQzWhcNMjUwODI5MTEwODQzWjBKMQswCQYD
VQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMxKDAmBgNVBAMMH21iZWQgVExTIFRl
c3QgaW50ZXJtZWRpYXRlIENBIDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3
zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI
wmt3DVXNiioO+gHItO3/oxAwDjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kA
-MEYCIQDF5pY54AUMNbhy3jk+8sdgsZS6bmeH/QI4D0I6UiIhXQIhAO7Y8V7Z8bx2
-gZyyk/wZpswb53ZaIP2XsJiJ/CPMCCVq
+MEYCIQDBFcXh+IloVYbMiHfCFhw6cYJsj7PZXuTdDMMkNbyJNAIhALz7fBVAMYz9
+/g48bLdYT47LOc9QNuaboLIxsq5RseJL
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-unsupported_othername.crt b/tests/data_files/server5-unsupported_othername.crt
new file mode 100644
index 0000000..b46fc2d
--- /dev/null
+++ b/tests/data_files/server5-unsupported_othername.crt
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBtjCCAVygAwIBAgIBTTAKBggqhkjOPQQDAjBNMQswCQYDVQQGEwJVSzERMA8G
+A1UECgwITWJlZCBUTFMxKzApBgNVBAMMIk1iZWQgVExTIHVuc3VwcG9ydGVkIG90
+aGVybmFtZSBTQU4wHhcNMTkwNTAxMDkxMDM1WhcNMjkwNDI4MDkxMDM1WjBNMQsw
+CQYDVQQGEwJVSzERMA8GA1UECgwITWJlZCBUTFMxKzApBgNVBAMMIk1iZWQgVExT
+IHVuc3VwcG9ydGVkIG90aGVybmFtZSBTQU4wWTATBgcqhkjOPQIBBggqhkjOPQMB
+BwNCAAQ3zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0
+XV0WvYqIwmt3DVXNiioO+gHItO3/oy0wKzApBgNVHREEIjAgoB4GAyoDBKAXDBVz
+b21lIG90aGVyIGlkZW50aWZpZXIwCgYIKoZIzj0EAwIDSAAwRQIhANkj6n9qHYVi
+FLfb0IRZpIsvvuNCjSgT8yBLVjJYQj3nAiBffQKZ7y/F6rfon6L1GZU0BBja8BLX
+rXp8WpY7Bc8myQ==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.crt.der b/tests/data_files/server5.crt.der
new file mode 100644
index 0000000..08d8dd3
--- /dev/null
+++ b/tests/data_files/server5.crt.der
Binary files differ
diff --git a/tests/data_files/server5.key.der b/tests/data_files/server5.key.der
new file mode 100644
index 0000000..6bd4ebb
--- /dev/null
+++ b/tests/data_files/server5.key.der
Binary files differ
diff --git a/tests/data_files/server5.req.ku.sha1 b/tests/data_files/server5.req.ku.sha1
index 7556d1a..3281c94 100644
--- a/tests/data_files/server5.req.ku.sha1
+++ b/tests/data_files/server5.req.ku.sha1
@@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIBFjCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGjAY
-BgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
+MIIBFjCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGjAY
+BgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/6i/SNF1d
Fr2KiMJrdw1VzYoqDvoByLTt/6AeMBwGCSqGSIb3DQEJDjEPMA0wCwYDVR0PBAQD
-AgHAMAsGByqGSM49BAEFAANIADBFAiBjnnD7nwsFnCL+MpPPFJE3K/Tgj+5rAgXj
-e5UejDX2CAIhAKdbigWJL/ZatvG9CFHq7ykrRns2x8JEXehWu8DsXdx9
+AgbAMAsGByqGSM49BAEFAANIADBFAiEAnIKF+xKk0iEuN4MHd4FZWNvrznLQgkeg
+2n8ejjreTzcCIAH34z2TycuMpWQRhpV+YT988pBWR67LAg7REyZnjSAB
-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/test-ca-alt-good.crt b/tests/data_files/test-ca-alt-good.crt
index 50c1453..eebecd6 100644
--- a/tests/data_files/test-ca-alt-good.crt
+++ b/tests/data_files/test-ca-alt-good.crt
@@ -1,28 +1,28 @@
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTcwNzAzMTU1MzQxWhcNMjcwNzA0MTU1MzQxWjA7MQswCQYDVQQGEwJOTDERMA8G
+MTkwMjExMTIwMzI5WhcNMjkwMjExMTIwMzI5WjA7MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2crirFCFKa5J4yx4gC+/Pe2kkIpoT
-/SEvzefxJ8siPJl2XQVDrUFenNC8Uzw87/3Z7tW3uLKebn5++QEVYDtz5HAWfck1
-wwanGFL6noHw7qgQ5ak6HMoipPChD7Z6bKbBRgx2IVKoIbaXh0QmJ4qlaYc9rKGZ
-aH9vms5pwPwDTlQqnm+VenG6ThFajWLeL/MlvcGd4pLHAWjL6S2E0vU5WQR6rev7
-He9pdtD/vLO30nOPJ6JuDp+1gB5UIm1+jP9Ww8OsQVJHGyp729dvIvEicgp8NSNB
-UBtBZHpSVJM+BPlzKpXIVbiI7pU01q3xu0mleveUzL0tE0n9YT5uIcenAgMBAAGj
-gZUwgZIwHQYDVR0OBBYEFJSaOPcahiGKvsg629IQvHh34EuwMGMGA1UdIwRcMFqA
-FJSaOPcahiGKvsg629IQvHh34EuwoT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVMGU/SScKXxyxwJfcxL4xSnkSqfvk
+F+3jczKU+d5MlKcivkP9Rm/wLEKAcFJxG8ECZMHhxxT8YD+DSUEA5SI2G2xFu84f
+mNCKP4ojcBrzLVYuGg+D+vrp6mi9Q51TIMxQawxkYuU89v9R9ReQorwoDGASrTpC
+6bBvXiMnkFxFlpN07jkoUj34+6vL2350gRXGUGnMcfS4e13P2Sm2KRRvyppz8CkT
+yG1Wta3Ixeb7EuZsmsdTPs3nl+bI/6gcfrhOOmWPJVGiBNvM4YpCxsnbrFsT8U0k
+s1Ys+1JSVx0ekzRAUTCs7AB6Lo/iphsTJs3BfvT5w8PSx8wtsvbc/1dLAgMBAAGj
+gZUwgZIwHQYDVR0OBBYEFIYHI4jii/4CYv4qY+nw3ynWlQJIMGMGA1UdIwRcMFqA
+FIYHI4jii/4CYv4qY+nw3ynWlQJIoT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T
-BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWsyH6AZdugfP40tiXH5PKD93QCuV
-dAm9c2oUKbNfsAJMHOsWWp+b7hSNRMvKz4jcPAIQnMGNp/U4PuESp16uS0O9szud
-X4HS8SD8GEto9d8uEF9J3fY6ZalCmgRrgwVpChy+MQmfqMr30OLTANsmoksA4ON3
-zdm5xDInPPjOq7emtdXoNOhv4rkM7dmeztC8DhO0n1PGeeY1CMCr93TcQzx1UVtl
-QHOkQQQJM9UoV0fEA1N5lsc9uSQxPmZCVMw/W+MFIEkH6nbgh0bM/qjcaqDsWXyT
-n5RutVDPESLLKaZxeR7J8srX/0nzhOiPIX+hDRWqhwQLxVkkRs6MxVDoiw==
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEABPGZwsyeHNp8hKqnOIafQsi4zrES
+izIUntfkCglgHKg+cdmzqUyXrtfrwcVJtz/farfVooeRdfY6kOYNmTihYdHiffoX
+5tOhYV1Rh+exD4mtl2xhw69YPXkUTDStzQTTTxZ/yIxWqmYdrZycmywM6v1Hxdzk
+JnvthTvEthWfrSdMQ2ssdqVgB0h/WZztBCZhLL2mCCG/eNu+5ktJTLFDdjp/IPrn
+/APQt7GjQ1rFFmRAeOHezsSINhQHjH44DiMeL+lU66nUxSrovrVoI2undwBXpl18
++7/oa+et6+1UktN669P1BnNxLfY6J41P79+S+mA8gP4EA95/AObQyoUPpw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G
+MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
@@ -30,13 +30,12 @@
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA
-FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
-CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T
-BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHK/HHrTZMnnVMpde1io+voAtql7j
-4sRhLrjD7o3THtwRbDa2diCvpq0Sq23Ng2LMYoXsOxoL/RQK3iN7UKxV3MKPEr0w
-XQS+kKQqiT2bsfrjnWMVHZtUOMpm6FNqcdGm/Rss3vKda2lcKl8kUnq/ylc1+QbB
-G6A6tUvQcr2ZyWfVg+mM5XkhTrOOXus2OLikb4WwEtJTJRNE0f+yPODSUz0/vT57
-ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY
-n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==
+UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/
+MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA
+A4IBAQA4qFSCth2q22uJIdE4KGHJsJjVEfw2/xn+MkTvCMfxVrvmRvqCtjE4tKDl
+oK4MxFOek07oDZwvtAT9ijn1hHftTNS7RH9zd/fxNpfcHnMZXVC4w4DNA1fSANtW
+5sY1JB5Je9jScrsLSS+mAjyv0Ow3Hb2Bix8wu7xNNrV5fIf7Ubm+wt6SqEBxu3Kb
++EfObAT4huf3czznhH3C17ed6NSbXwoXfby7stWUDeRJv08RaFOykf/Aae7bY5PL
+yTVrkAnikMntJ9YI+hNNYt3inqq11A5cN0+rVTst8UKCxzQ4GpvroSwPKTFkbMw4
+/anT1dVxr/BtwJfiESoK3/4CeXR1
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-alt.crt b/tests/data_files/test-ca-alt.crt
index 7399e43..4dad3c3 100644
--- a/tests/data_files/test-ca-alt.crt
+++ b/tests/data_files/test-ca-alt.crt
@@ -1,21 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTcwNzAzMTU1MzQxWhcNMjcwNzA0MTU1MzQxWjA7MQswCQYDVQQGEwJOTDERMA8G
+MTkwMjExMTIwMzI5WhcNMjkwMjExMTIwMzI5WjA7MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2crirFCFKa5J4yx4gC+/Pe2kkIpoT
-/SEvzefxJ8siPJl2XQVDrUFenNC8Uzw87/3Z7tW3uLKebn5++QEVYDtz5HAWfck1
-wwanGFL6noHw7qgQ5ak6HMoipPChD7Z6bKbBRgx2IVKoIbaXh0QmJ4qlaYc9rKGZ
-aH9vms5pwPwDTlQqnm+VenG6ThFajWLeL/MlvcGd4pLHAWjL6S2E0vU5WQR6rev7
-He9pdtD/vLO30nOPJ6JuDp+1gB5UIm1+jP9Ww8OsQVJHGyp729dvIvEicgp8NSNB
-UBtBZHpSVJM+BPlzKpXIVbiI7pU01q3xu0mleveUzL0tE0n9YT5uIcenAgMBAAGj
-gZUwgZIwHQYDVR0OBBYEFJSaOPcahiGKvsg629IQvHh34EuwMGMGA1UdIwRcMFqA
-FJSaOPcahiGKvsg629IQvHh34EuwoT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVMGU/SScKXxyxwJfcxL4xSnkSqfvk
+F+3jczKU+d5MlKcivkP9Rm/wLEKAcFJxG8ECZMHhxxT8YD+DSUEA5SI2G2xFu84f
+mNCKP4ojcBrzLVYuGg+D+vrp6mi9Q51TIMxQawxkYuU89v9R9ReQorwoDGASrTpC
+6bBvXiMnkFxFlpN07jkoUj34+6vL2350gRXGUGnMcfS4e13P2Sm2KRRvyppz8CkT
+yG1Wta3Ixeb7EuZsmsdTPs3nl+bI/6gcfrhOOmWPJVGiBNvM4YpCxsnbrFsT8U0k
+s1Ys+1JSVx0ekzRAUTCs7AB6Lo/iphsTJs3BfvT5w8PSx8wtsvbc/1dLAgMBAAGj
+gZUwgZIwHQYDVR0OBBYEFIYHI4jii/4CYv4qY+nw3ynWlQJIMGMGA1UdIwRcMFqA
+FIYHI4jii/4CYv4qY+nw3ynWlQJIoT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T
-BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWsyH6AZdugfP40tiXH5PKD93QCuV
-dAm9c2oUKbNfsAJMHOsWWp+b7hSNRMvKz4jcPAIQnMGNp/U4PuESp16uS0O9szud
-X4HS8SD8GEto9d8uEF9J3fY6ZalCmgRrgwVpChy+MQmfqMr30OLTANsmoksA4ON3
-zdm5xDInPPjOq7emtdXoNOhv4rkM7dmeztC8DhO0n1PGeeY1CMCr93TcQzx1UVtl
-QHOkQQQJM9UoV0fEA1N5lsc9uSQxPmZCVMw/W+MFIEkH6nbgh0bM/qjcaqDsWXyT
-n5RutVDPESLLKaZxeR7J8srX/0nzhOiPIX+hDRWqhwQLxVkkRs6MxVDoiw==
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEABPGZwsyeHNp8hKqnOIafQsi4zrES
+izIUntfkCglgHKg+cdmzqUyXrtfrwcVJtz/farfVooeRdfY6kOYNmTihYdHiffoX
+5tOhYV1Rh+exD4mtl2xhw69YPXkUTDStzQTTTxZ/yIxWqmYdrZycmywM6v1Hxdzk
+JnvthTvEthWfrSdMQ2ssdqVgB0h/WZztBCZhLL2mCCG/eNu+5ktJTLFDdjp/IPrn
+/APQt7GjQ1rFFmRAeOHezsSINhQHjH44DiMeL+lU66nUxSrovrVoI2undwBXpl18
++7/oa+et6+1UktN669P1BnNxLfY6J41P79+S+mA8gP4EA95/AObQyoUPpw==
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-alt.csr b/tests/data_files/test-ca-alt.csr
index 898c9e6..09bf678 100644
--- a/tests/data_files/test-ca-alt.csr
+++ b/tests/data_files/test-ca-alt.csr
@@ -1,16 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICgDCCAWgCAQAwOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw
FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAtnK4qxQhSmuSeMseIAvvz3tpJCKaE/0hL83n8SfLIjyZdl0FQ61B
-XpzQvFM8PO/92e7Vt7iynm5+fvkBFWA7c+RwFn3JNcMGpxhS+p6B8O6oEOWpOhzK
-IqTwoQ+2emymwUYMdiFSqCG2l4dEJieKpWmHPayhmWh/b5rOacD8A05UKp5vlXpx
-uk4RWo1i3i/zJb3BneKSxwFoy+kthNL1OVkEeq3r+x3vaXbQ/7yzt9Jzjyeibg6f
-tYAeVCJtfoz/VsPDrEFSRxsqe9vXbyLxInIKfDUjQVAbQWR6UlSTPgT5cyqVyFW4
-iO6VNNat8btJpXr3lMy9LRNJ/WE+biHHpwIDAQABoAAwDQYJKoZIhvcNAQELBQAD
-ggEBAGHWUwqKMe+XwZ44u+1RKsH3jCXmxkBW4rwJwqtkrW8dzjCqFGmQoJeFivOA
-o0TPchkpQXGUNssFPbXZZsq7OBt1hPkH7wMxknztu+D4F9wJ2Oxpy8x44WeUr3pI
-rnl/VivUaywiIPMwR3W+7IIFTmzKfcSYf0l6uv4/A8BiSvtI4U9InfSvU+ENHuNH
-rb0ynhYEqy9NHA2exD0A/gQb40CAHtJL+sTVTRgxOx8xT8K8WAQufk0HSB6iel6M
-I+6VLnVjGJ5P/t6zPI4jcLzyg4V9DS282a/SadRFGc0uwPWxJW906BO5g6PNMaA8
-BdcuWaWwa2KQ/LuUCmumy+fC68E=
+MIIBCgKCAQEA1TBlP0knCl8cscCX3MS+MUp5Eqn75Bft43MylPneTJSnIr5D/UZv
+8CxCgHBScRvBAmTB4ccU/GA/g0lBAOUiNhtsRbvOH5jQij+KI3Aa8y1WLhoPg/r6
+6epovUOdUyDMUGsMZGLlPPb/UfUXkKK8KAxgEq06Qumwb14jJ5BcRZaTdO45KFI9
++Pury9t+dIEVxlBpzHH0uHtdz9kptikUb8qac/ApE8htVrWtyMXm+xLmbJrHUz7N
+55fmyP+oHH64TjpljyVRogTbzOGKQsbJ26xbE/FNJLNWLPtSUlcdHpM0QFEwrOwA
+ei6P4qYbEybNwX70+cPD0sfMLbL23P9XSwIDAQABoAAwDQYJKoZIhvcNAQELBQAD
+ggEBALje0yFtL/IqLip/X6NVc1oJ+2PgxOzVhEdZPcQ7F+mbDa9w6SvQN9pH4HXp
+P8AGLYnzQgmAlhsSOn7nhJSfQXlcuLdA/oVjhuRqiA+ZrlByeMfSiaBmCvLOWkwl
+FzF+/8HJRlV8B0mq0dIE3pWczAVFcTxRtIONUfmg3p0RWYkdg8y2S3H1n7OPKmM0
+DNC2o226ZFJEDVsQHfkFn3YO6HFLrPRi5jqTGgiNRH7KepZtppu59ZAAHmYzH02v
+PCrxD1MIMCpFfVTbdfPgC0S8TFY8GO5H0Gzy2ixaJVst2RwuGbp/3DK5ixDulV4R
+zbd5qcS3RXE5eQb6LwwNzOUpqLw=
-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/test-ca-alt.key b/tests/data_files/test-ca-alt.key
index 84b8fab..7df19a0 100644
--- a/tests/data_files/test-ca-alt.key
+++ b/tests/data_files/test-ca-alt.key
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAtnK4qxQhSmuSeMseIAvvz3tpJCKaE/0hL83n8SfLIjyZdl0F
-Q61BXpzQvFM8PO/92e7Vt7iynm5+fvkBFWA7c+RwFn3JNcMGpxhS+p6B8O6oEOWp
-OhzKIqTwoQ+2emymwUYMdiFSqCG2l4dEJieKpWmHPayhmWh/b5rOacD8A05UKp5v
-lXpxuk4RWo1i3i/zJb3BneKSxwFoy+kthNL1OVkEeq3r+x3vaXbQ/7yzt9Jzjyei
-bg6ftYAeVCJtfoz/VsPDrEFSRxsqe9vXbyLxInIKfDUjQVAbQWR6UlSTPgT5cyqV
-yFW4iO6VNNat8btJpXr3lMy9LRNJ/WE+biHHpwIDAQABAoIBAAT6+rmI0iPS7euo
-N8lOKhyy1LrsyuHyzf4dE9DMckob92B4x5UCXL91bmlFqGZNctOJJoJeY1nZ0FAt
-Ae+Qce8G9FxY0K5MBZl4G4PF4ewux522dzkj4gyyDfOHl0aeQqsR+3MaE8SNLwvR
-4HVeLPW4/L0dQkgKxzfHtQzD/N0mMW2/iywyiLYmvLBSHl3eZ+te0Q+5/JEm8fjU
-FkVytSvJ6Z/c5U2PR0N6ampVgB7X7Uf6nEhDJW21q+u85JC60ujIn7TEZKd4bfIM
-dMZF8LFczSzQ4mWISfhfRKVRew457tJalA/8qwg14jeggEuiDBE1FnR2f/JdHA9I
-e/VyrnkCgYEA32bBltrgz9V6Z1x9XD2+T2aot/u1XHORM7EPZJMA9gP4wMBcbyy8
-zdpGf1hrJX3JMoKBDy6Xty8Cs9WJytWUwfwd92Sz01It4XeLsIeqYBq51gjGN+Fp
-auw/8zifKdAEPMJXNhUX9sSuUz1LaT6wFI3vatWliliMPPbdgyoRmKMCgYEA0RIj
-+huEwNkHWEaj47aDafekpRoVs81IjUjrXx6c0cabco10YR+TPX9+dwmjV4O5Y2f2
-Ph+ivXlPiOpf7Psx0PFlMPawWeoKIZjKPR92bMiLDXC0uF9frTujKm7VRNbAVjFE
-7tvrVJnoDITSHMGXMui69o844klJUMwNpGFOcS0CgYEAkENaBiHIBU5VIgQvC+7v
-Q3UGxPCtmEsk3B2d1BO+DiBYdZiC2GQqdEBdQAUIBAjrcUunLfenj2qzMxBVT/+G
-dZJqg4SrP26VJEE/mrqxAiigEyBNaG6O1bZEQbsxxR2IbvgMu2b5t6gg7q3pUchi
-ipNxpSrcIK+3t/Ku7vGutUMCgYEAl5t0A1YZOk8nCFiRV/tt6FXwStlTi4L9bZbH
-N77XMTe4WaVCE3v2Jc5iQqf2juuyb+dfpUUDmipyBnMPBKZTRZUHMC5zS4BvwFUv
-sosyMUhrrV9hbaGbm993ProIZVblOpuXxS4sxLimkQ1v3/JyVjR1/310XoOOaszN
-x7nYTDECgYEAoLAWorWXzAO5GOAc3sf51dtTNnm2gJQ8v4FlJ0kWrjStUmb+aLR0
-20MCjIDuW/zWP5bVcD+pw8YW6UN0C5m45vTpUQgF59Ic1UMC+0H4z31N+QafaRfJ
-yk5Nd2sIrJSkwuI23CnEh5khhiNTE2zvgNaHs5vkJu57xDxjg0GH45k=
+MIIEpQIBAAKCAQEA1TBlP0knCl8cscCX3MS+MUp5Eqn75Bft43MylPneTJSnIr5D
+/UZv8CxCgHBScRvBAmTB4ccU/GA/g0lBAOUiNhtsRbvOH5jQij+KI3Aa8y1WLhoP
+g/r66epovUOdUyDMUGsMZGLlPPb/UfUXkKK8KAxgEq06Qumwb14jJ5BcRZaTdO45
+KFI9+Pury9t+dIEVxlBpzHH0uHtdz9kptikUb8qac/ApE8htVrWtyMXm+xLmbJrH
+Uz7N55fmyP+oHH64TjpljyVRogTbzOGKQsbJ26xbE/FNJLNWLPtSUlcdHpM0QFEw
+rOwAei6P4qYbEybNwX70+cPD0sfMLbL23P9XSwIDAQABAoIBAHO1/844s0Ly2s0z
+vnlqI9z3Ef3qWzizMEA6v2KSuHCSYqD96kMnHwyZyUKTNHwF112oOH+GIcLVrsNg
+WDLXKxl5CuxSgg8uT0oqMJ0JdOc2XUdKh89XwyaBP3Yyo8qBy8N+RsyZzNipK21d
+fPvZCA0oomCguzWkR0o7KxOHTD3L/ZGwiqOqzMRfaRznLxjsZZ3RoNF1fkmXtdXH
+I+T8rWxFeZYN3LaRI/viCPF8yYgFUvOPL1R9Yzq5Z/jSyyUPN+IhSqL/zb/NyLiY
+ttdwmMA/yackChlfp06D4Xlrbf2hFxmvnCnE4bh/CINhjfjKyz88KUAKR9xEQifc
+FAb5CzkCgYEA9/5hlSAqR6guf5orz9jgqhaNcWGpU3rzYmUlISFhzArym41w4a4a
+9rAi5QEraEA1WR/Ymr5Xvt7mqwKlGkaKwyPbVqdXFOaQp2vKZNPmHWbLVYW49IZt
+hx5CreMpy0lVU2SLA/+g/DPse2wx85wgx8kpudEmU91ThuxBdF0IHr0CgYEA3BJc
+Y/pqAw9fluvlYpgAyGyG0k8d3xb0uUnV1u+rvMZiOiJQerNawMc/PoYkhhRPKXkM
+DQS8oMM858kgT1qCcvFZZzWDqGhRqbxmtjJ2w1nWIi9q+0z0/X9qbxiZbZr0Iklx
+MeYtQuRIGois/D7GQjyI5rHXVj9k3b39pepSEqcCgYEA1AHxtIZB/u6FieroR5E2
+R9Jt6x89nbN/vH+RpWgfbktxqo/Zj+XDAWAFBNfiHwa9VMsH5wqQgwmWE154fSUP
+XdIaolL+/Ew8IBTjex04HaySajOesdT2b8vr3zJTuYmg22EaAzoXi2RsZ/tQHN49
+m+6asFNgO9P7o134ex1JYtUCgYEAuU2gi/Kb9y2nsH267TTOW/S95TIHFgTPVYEt
+VMkEU3S72vVvzJFe1jovL6dl85wAOAybsA6QAdHDY+v/j7HHa597RyNRU6lbMc/Y
+sIt3YvAvFSPWMfnPw+/Yn+kXr6ms7X3nmTuWWt+7MtRozBDTgYxVPeL7Tb0dYnUK
+sfzG1LsCgYEAvxhLJHYTKtjus8h/xVpj3Kto0j0AvtXtd1DUsQ2kKGRT/B1AFbVs
+zSNjR4vJg+iotbiIq6JBxHyWxZsHQUNIXjoTqEgQpBbneEnb1ilO1DEGDK7vwlFn
+M4tHi5neEiGI55WQduJ2ha/tc0KbDcxw/VBZAmKVmpeXaUNZAiMMFB0=
-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/test-ca-any_policy.crt b/tests/data_files/test-ca-any_policy.crt
new file mode 100644
index 0000000..af87439
--- /dev/null
+++ b/tests/data_files/test-ca-any_policy.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFDCCAfygAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMzIxMTY0MDU5WhcNMjkwMzIxMTY0MDU5WjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+IzAhMAwGA1UdEwQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEB
+CwUAA4IBAQCHadUDZiIjJhcrG+rYrpOVgMu548rc5kHLC7zVSVfszfdOJq/TdXQT
+Lbn9i+AAVRYJU2kHWKD2fvgOYIIBeEGFJKohlKZ82irWxt0Ltph31cuygLcpqNq9
+KRQ/dh3S0w9vn1A1ubYGKTzTnZGELTVzMlXZGTRbAOylMu4eWac6LHymE2EBqmOq
+fPCuWdFB62ewQWRa+dRO92Aphh870u43/iLbw7hs4s8hokZP7Ewg6AHb4qjVePdF
+jjxAO6x5VCj/WQRnw7muAy0P3l5AhYXAIUdnkdYca5Ja6LfdEJiVeTdE3IU6UJg+
+gAu9swDhUlEuIlCrOdC3tOPDslsOIgTV
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-any_policy_ec.crt b/tests/data_files/test-ca-any_policy_ec.crt
new file mode 100644
index 0000000..821a92c
--- /dev/null
+++ b/tests/data_files/test-ca-any_policy_ec.crt
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBzDCCAVGgAwIBAgIBADAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTkwMzI1MDkwMjQ1WhcNMjkwMzI1MDkwMjQ1WjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjU
+UrSRlTkLI99fFyRiSPwalSnOLC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0
+X3WnR2/VGSlVaZpTOyC0ZhZgMx6jIzAhMAwGA1UdEwQFMAMBAf8wEQYDVR0gBAow
+CDAGBgRVHSAAMAoGCCqGSM49BAMCA2kAMGYCMQDWHgmWMckbGLd7XREnJVAv+XRp
+XANOCbWLDu+Fik6c28S+qR6zGEKKGiPHYeDpjRACMQDnYcFBwlfuAB6td3fteG0P
+AWngOaGHmUFEA6h24b5Z6/GSFD9FK9rVRdxQc4Olz7U=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-any_policy_with_qualifier.crt b/tests/data_files/test-ca-any_policy_with_qualifier.crt
new file mode 100644
index 0000000..a052bc6
--- /dev/null
+++ b/tests/data_files/test-ca-any_policy_with_qualifier.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMjCCAhqgAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwNDI4MTMxNDMxWhcNMjkwNDI4MTMxNDMxWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+QTA/MAwGA1UdEwQFMAMBAf8wLwYDVR0gBCgwJjAkBgRVHSAAMBwwGgYIKwYBBQUH
+AgEWDkNQUyB1cmkgc3RyaW5nMA0GCSqGSIb3DQEBCwUAA4IBAQBo3CLwvTakVDWs
+XUZz3ehGgk39KzmYOb3m9bBfMpOplDfE8Zaj8TDZZsxXpNCXT85GgbrAdr6pONQJ
+Mqd3TzTXCs6tmmIOVDToOj6nKtm2nNSf+1TUuLRgeavgCoicoQZOtW5tAehw/RTE
+4VQXSm+ZWotYwK1jvlHS0LaehUy53GsNxWBJHCc3exD+iyutXTZ89jczIKuWpEIN
+pTdI/EYVD2r6r/IITRnJpGjNXOhGB4zvgFlwv88GeF5lG6Si9YD+swO8JuJP35q6
+7cPA/vtrjoiyM3kXmmN1LZGIfEMKNwEcyVhvl+d6sReomI3HAKOj9IIG7umFKi6t
+axMwzK3Y
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-any_policy_with_qualifier_ec.crt b/tests/data_files/test-ca-any_policy_with_qualifier_ec.crt
new file mode 100644
index 0000000..5e1491d
--- /dev/null
+++ b/tests/data_files/test-ca-any_policy_with_qualifier_ec.crt
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB6DCCAW+gAwIBAgIBADAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTkwNDI4MTAxNjA1WhcNMjkwNDI4MTAxNjA1WjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjU
+UrSRlTkLI99fFyRiSPwalSnOLC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0
+X3WnR2/VGSlVaZpTOyC0ZhZgMx6jQTA/MAwGA1UdEwQFMAMBAf8wLwYDVR0gBCgw
+JjAkBgRVHSAAMBwwGgYIKwYBBQUHAgEWDkNQUyB1cmkgc3RyaW5nMAoGCCqGSM49
+BAMCA2cAMGQCMDvi5bBVplU3Gct+iYRmRW9ewty5b+1OX0ggzA+ExXpL1Obo6A16
+a2h1kb7Oy4+BSAIwXZHYb6OEWkOngISfwSZxDiiNXOTwvCu2/oFGC8xTENn0B88m
+2WwPzh4jnvXhNh0w
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-good-alt.crt b/tests/data_files/test-ca-good-alt.crt
index 9edf4c2..3d15ea7 100644
--- a/tests/data_files/test-ca-good-alt.crt
+++ b/tests/data_files/test-ca-good-alt.crt
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G
+MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
@@ -9,34 +9,33 @@
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA
-FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
-CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T
-BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHK/HHrTZMnnVMpde1io+voAtql7j
-4sRhLrjD7o3THtwRbDa2diCvpq0Sq23Ng2LMYoXsOxoL/RQK3iN7UKxV3MKPEr0w
-XQS+kKQqiT2bsfrjnWMVHZtUOMpm6FNqcdGm/Rss3vKda2lcKl8kUnq/ylc1+QbB
-G6A6tUvQcr2ZyWfVg+mM5XkhTrOOXus2OLikb4WwEtJTJRNE0f+yPODSUz0/vT57
-ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY
-n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==
+UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/
+MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA
+A4IBAQA4qFSCth2q22uJIdE4KGHJsJjVEfw2/xn+MkTvCMfxVrvmRvqCtjE4tKDl
+oK4MxFOek07oDZwvtAT9ijn1hHftTNS7RH9zd/fxNpfcHnMZXVC4w4DNA1fSANtW
+5sY1JB5Je9jScrsLSS+mAjyv0Ow3Hb2Bix8wu7xNNrV5fIf7Ubm+wt6SqEBxu3Kb
++EfObAT4huf3czznhH3C17ed6NSbXwoXfby7stWUDeRJv08RaFOykf/Aae7bY5PL
+yTVrkAnikMntJ9YI+hNNYt3inqq11A5cN0+rVTst8UKCxzQ4GpvroSwPKTFkbMw4
+/anT1dVxr/BtwJfiESoK3/4CeXR1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTcwNzAzMTU1MzQxWhcNMjcwNzA0MTU1MzQxWjA7MQswCQYDVQQGEwJOTDERMA8G
+MTkwMjExMTIwMzI5WhcNMjkwMjExMTIwMzI5WjA7MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2crirFCFKa5J4yx4gC+/Pe2kkIpoT
-/SEvzefxJ8siPJl2XQVDrUFenNC8Uzw87/3Z7tW3uLKebn5++QEVYDtz5HAWfck1
-wwanGFL6noHw7qgQ5ak6HMoipPChD7Z6bKbBRgx2IVKoIbaXh0QmJ4qlaYc9rKGZ
-aH9vms5pwPwDTlQqnm+VenG6ThFajWLeL/MlvcGd4pLHAWjL6S2E0vU5WQR6rev7
-He9pdtD/vLO30nOPJ6JuDp+1gB5UIm1+jP9Ww8OsQVJHGyp729dvIvEicgp8NSNB
-UBtBZHpSVJM+BPlzKpXIVbiI7pU01q3xu0mleveUzL0tE0n9YT5uIcenAgMBAAGj
-gZUwgZIwHQYDVR0OBBYEFJSaOPcahiGKvsg629IQvHh34EuwMGMGA1UdIwRcMFqA
-FJSaOPcahiGKvsg629IQvHh34EuwoT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVMGU/SScKXxyxwJfcxL4xSnkSqfvk
+F+3jczKU+d5MlKcivkP9Rm/wLEKAcFJxG8ECZMHhxxT8YD+DSUEA5SI2G2xFu84f
+mNCKP4ojcBrzLVYuGg+D+vrp6mi9Q51TIMxQawxkYuU89v9R9ReQorwoDGASrTpC
+6bBvXiMnkFxFlpN07jkoUj34+6vL2350gRXGUGnMcfS4e13P2Sm2KRRvyppz8CkT
+yG1Wta3Ixeb7EuZsmsdTPs3nl+bI/6gcfrhOOmWPJVGiBNvM4YpCxsnbrFsT8U0k
+s1Ys+1JSVx0ekzRAUTCs7AB6Lo/iphsTJs3BfvT5w8PSx8wtsvbc/1dLAgMBAAGj
+gZUwgZIwHQYDVR0OBBYEFIYHI4jii/4CYv4qY+nw3ynWlQJIMGMGA1UdIwRcMFqA
+FIYHI4jii/4CYv4qY+nw3ynWlQJIoT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T
-BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWsyH6AZdugfP40tiXH5PKD93QCuV
-dAm9c2oUKbNfsAJMHOsWWp+b7hSNRMvKz4jcPAIQnMGNp/U4PuESp16uS0O9szud
-X4HS8SD8GEto9d8uEF9J3fY6ZalCmgRrgwVpChy+MQmfqMr30OLTANsmoksA4ON3
-zdm5xDInPPjOq7emtdXoNOhv4rkM7dmeztC8DhO0n1PGeeY1CMCr93TcQzx1UVtl
-QHOkQQQJM9UoV0fEA1N5lsc9uSQxPmZCVMw/W+MFIEkH6nbgh0bM/qjcaqDsWXyT
-n5RutVDPESLLKaZxeR7J8srX/0nzhOiPIX+hDRWqhwQLxVkkRs6MxVDoiw==
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEABPGZwsyeHNp8hKqnOIafQsi4zrES
+izIUntfkCglgHKg+cdmzqUyXrtfrwcVJtz/farfVooeRdfY6kOYNmTihYdHiffoX
+5tOhYV1Rh+exD4mtl2xhw69YPXkUTDStzQTTTxZ/yIxWqmYdrZycmywM6v1Hxdzk
+JnvthTvEthWfrSdMQ2ssdqVgB0h/WZztBCZhLL2mCCG/eNu+5ktJTLFDdjp/IPrn
+/APQt7GjQ1rFFmRAeOHezsSINhQHjH44DiMeL+lU66nUxSrovrVoI2undwBXpl18
++7/oa+et6+1UktN669P1BnNxLfY6J41P79+S+mA8gP4EA95/AObQyoUPpw==
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-multi_policy.crt b/tests/data_files/test-ca-multi_policy.crt
new file mode 100644
index 0000000..168e99f
--- /dev/null
+++ b/tests/data_files/test-ca-multi_policy.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGzCCAgOgAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwNDI4MTI1OTE5WhcNMjkwNDI4MTI1OTE5WjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+KjAoMAwGA1UdEwQFMAMBAf8wGAYDVR0gBBEwDzAFBgMqAwQwBgYEVR0gADANBgkq
+hkiG9w0BAQsFAAOCAQEAPwOUmjnrcBA7dt5drCakEz9HOpj8gZQd1fyVGv221LCL
+h2W1Ngd2WlcADhPQcTdqNx4Dk+KPiBjPEooE9M7d3K33Qn/dVkmOYiW6E/4wU2tM
+cqFj7rg8Now4lBaEqEmBP+cpv+mYqavPcKy3tz4wn1SnA3MpT1hEazhNe4yInNAY
+4YqRBbWuBGkePjbce6Lf+rTfaA7kJnyuC9SHguQRmWtV3xzNzLUFn+V/jYSqYvYU
+2MjDFgCYCmW0xl5Wo8wMWWAvMbO2mRJ37OLUkSOkxgeEL6OihY1GPkbfxC2qV6mR
+4VjmfclwXumiDAvVLhW8hWjCxg8gc69G7kCkVbljLA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-multi_policy_ec.crt b/tests/data_files/test-ca-multi_policy_ec.crt
new file mode 100644
index 0000000..70ea2eb
--- /dev/null
+++ b/tests/data_files/test-ca-multi_policy_ec.crt
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB0zCCAVigAwIBAgIBADAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTkwNDI4MTI1OTUxWhcNMjkwNDI4MTI1OTUxWjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjU
+UrSRlTkLI99fFyRiSPwalSnOLC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0
+X3WnR2/VGSlVaZpTOyC0ZhZgMx6jKjAoMAwGA1UdEwQFMAMBAf8wGAYDVR0gBBEw
+DzAFBgMqAwQwBgYEVR0gADAKBggqhkjOPQQDAgNpADBmAjEAqyz2v+6i3xXF4qlr
+o89qxwlpIn9sR0xU+qo9tgcM6Fa7IDdAU1lhweN8MpkJTtrGAjEAmgNI/08M8n6/
+sMM0Xutt5u9EUHb+4y0uyOfYMcEPr+pCUM4GPxBP6RdqI8Wu9OQf
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-sha1.crt b/tests/data_files/test-ca-sha1.crt
index 7cb35d4..31790b5 100644
--- a/tests/data_files/test-ca-sha1.crt
+++ b/tests/data_files/test-ca-sha1.crt
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G
+MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
@@ -9,13 +9,12 @@
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA
-FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
-CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T
-BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAfDd5khSv/+K3De9qmH/ID3CVapGS
-EN5MlXS5vvGCjZSA41MuXkUl11akKHXQ9aLlp85OZUdGbfQ5wwCoj/MymbT4fES2
-1dI8O1oI3PZI/0dqEvQETlIwSoZV2c/oaPRfh2E99v2+8FNIaZOfV2MX1n9+6AdO
-W2nlK2oklozXSYg6KWtISr8N8Ofew2LQ9+riFlrrdaxsr8CoJqPqMDTq7FUmkDmO
-oHize/h9bFksIunKoVQHa8P4w/W9bnR69nziyhZotbwOOkAWVnIyEM9QnaKWXeIy
-rP6ewcTQjNYkguHJ8RY9rW+5bdaSY4EljSqZ3P3F+zo8P6sVi3qSlai5lQ==
+UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/
+MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA
+A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL
+hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm
+8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD
+zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ
+0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/
+mtxyUALj2pQxRitopORFQdn7AOY5
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-sha1.crt.der b/tests/data_files/test-ca-sha1.crt.der
new file mode 100644
index 0000000..5d94810
--- /dev/null
+++ b/tests/data_files/test-ca-sha1.crt.der
Binary files differ
diff --git a/tests/data_files/test-ca-sha256.crt b/tests/data_files/test-ca-sha256.crt
index b14e405..9c71cef 100644
--- a/tests/data_files/test-ca-sha256.crt
+++ b/tests/data_files/test-ca-sha256.crt
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G
+MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
@@ -9,13 +9,12 @@
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA
-FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
-CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T
-BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHK/HHrTZMnnVMpde1io+voAtql7j
-4sRhLrjD7o3THtwRbDa2diCvpq0Sq23Ng2LMYoXsOxoL/RQK3iN7UKxV3MKPEr0w
-XQS+kKQqiT2bsfrjnWMVHZtUOMpm6FNqcdGm/Rss3vKda2lcKl8kUnq/ylc1+QbB
-G6A6tUvQcr2ZyWfVg+mM5XkhTrOOXus2OLikb4WwEtJTJRNE0f+yPODSUz0/vT57
-ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY
-n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==
+UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/
+MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA
+A4IBAQA4qFSCth2q22uJIdE4KGHJsJjVEfw2/xn+MkTvCMfxVrvmRvqCtjE4tKDl
+oK4MxFOek07oDZwvtAT9ijn1hHftTNS7RH9zd/fxNpfcHnMZXVC4w4DNA1fSANtW
+5sY1JB5Je9jScrsLSS+mAjyv0Ow3Hb2Bix8wu7xNNrV5fIf7Ubm+wt6SqEBxu3Kb
++EfObAT4huf3czznhH3C17ed6NSbXwoXfby7stWUDeRJv08RaFOykf/Aae7bY5PL
+yTVrkAnikMntJ9YI+hNNYt3inqq11A5cN0+rVTst8UKCxzQ4GpvroSwPKTFkbMw4
+/anT1dVxr/BtwJfiESoK3/4CeXR1
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-sha256.crt.der b/tests/data_files/test-ca-sha256.crt.der
new file mode 100644
index 0000000..aefec20
--- /dev/null
+++ b/tests/data_files/test-ca-sha256.crt.der
Binary files differ
diff --git a/tests/data_files/test-ca-unsupported_policy.crt b/tests/data_files/test-ca-unsupported_policy.crt
new file mode 100644
index 0000000..bf47d95
--- /dev/null
+++ b/tests/data_files/test-ca-unsupported_policy.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDEzCCAfugAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwNDI4MTMwMDEzWhcNMjkwNDI4MTMwMDEzWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+IjAgMAwGA1UdEwQFMAMBAf8wEAYDVR0gBAkwBzAFBgMqAwQwDQYJKoZIhvcNAQEL
+BQADggEBAGvARX2orRXDmc2a7nSrbRFkdw/7qbL8Y+wLeM94SsZVgzGcxzRx1KvG
+2H5nBvPKgAzBqWVPU7eDPjrETIfsCxSu+yklBIg5QYRuOcprLtQPkFVfl+WLd31F
+lS1uMgZkahIr57aHoJLYPrEjW4CBHoliT8xfrvVZi4+ym7i/vFqXL7IJ+PIklNF8
+2/b4SAB9hRI5oPw1TV9Q0v2PqMXL/0cp/9Roe+H28Tcrody6jTtEdsU2wbaxhxMd
+YK4Ak1FkhKItumINbtAUnHgBVwO2IivGZgsYulC/9y1uh5NU1HxMzqh04UEMgre+
+9SeEjhwFkq16Njc5Cdt/7iFLeiaHcNU=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-unsupported_policy_ec.crt b/tests/data_files/test-ca-unsupported_policy_ec.crt
new file mode 100644
index 0000000..161e83c
--- /dev/null
+++ b/tests/data_files/test-ca-unsupported_policy_ec.crt
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIByjCCAVCgAwIBAgIBADAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTkwNDI4MTMwMDE5WhcNMjkwNDI4MTMwMDE5WjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjU
+UrSRlTkLI99fFyRiSPwalSnOLC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0
+X3WnR2/VGSlVaZpTOyC0ZhZgMx6jIjAgMAwGA1UdEwQFMAMBAf8wEAYDVR0gBAkw
+BzAFBgMqAwQwCgYIKoZIzj0EAwIDaAAwZQIwKUY3aTL6UR2H1Q1OzIJw7vxUso4P
+2PksCWb62kQeAnhYK85t1VGQiA49iHCXVKuXAjEAq+1qvlmwHX1E99ha/rvxcAYp
+UmxXLmSb53RT0NvhEKnUVGGUp2pBNAVVJOH+G0NI
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca.crt b/tests/data_files/test-ca.crt
index f0eee2b..31790b5 100644
--- a/tests/data_files/test-ca.crt
+++ b/tests/data_files/test-ca.crt
@@ -1,80 +1,20 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 0 (0x0)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:00 2011 GMT
- Not After : Feb 12 14:44:00 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
- 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
- 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
- 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
- e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
- cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
- ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
- 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
- c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
- 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
- e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
- 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
- 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
- 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
- e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
- 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
- ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
- a2:d5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- X509v3 Subject Key Identifier:
- B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
- DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
- serial:00
-
- Signature Algorithm: sha1WithRSAEncryption
- b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
- 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
- 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
- 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
- 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
- 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
- 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
- e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
- e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
- 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
- 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
- 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
- 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
- e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
- f7:e0:e9:54
-----BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
-/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
-BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
-dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
-SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
-DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
-pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
-m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
-7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
+UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/
+MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA
+A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL
+hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm
+8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD
+zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ
+0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/
+mtxyUALj2pQxRitopORFQdn7AOY5
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca.crt.der b/tests/data_files/test-ca.crt.der
new file mode 100644
index 0000000..5d94810
--- /dev/null
+++ b/tests/data_files/test-ca.crt.der
Binary files differ
diff --git a/tests/data_files/test-ca.key.der b/tests/data_files/test-ca.key.der
new file mode 100644
index 0000000..4678a1a
--- /dev/null
+++ b/tests/data_files/test-ca.key.der
Binary files differ
diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf
index f66b39e..9d34ed6 100644
--- a/tests/data_files/test-ca.opensslconf
+++ b/tests/data_files/test-ca.opensslconf
@@ -12,6 +12,51 @@
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
+[othername_san]
+subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
+
+[unsupoported_othername_san]
+subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
+
+[dns_alt_names]
+subjectAltName=DNS:example.com, DNS:example.net, DNS:*.example.org
+
+[alt_names]
+DNS.1=example.com
+otherName.1=1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
+DNS.2=example.net
+DNS.3=*.example.org
+
+[multiple_san]
+subjectAltName=@alt_names
+
+[hw_module_name]
+hwtype = OID:1.3.6.1.4.1.17.3
+hwserial = OCT:123456
+
+[v3_any_policy_ca]
+basicConstraints = CA:true
+certificatePolicies = 2.5.29.32.0
+
+[v3_any_policy_qualifier_ca]
+basicConstraints = CA:true
+certificatePolicies = @policy_info
+
+[v3_multi_policy_ca]
+basicConstraints = CA:true
+certificatePolicies = 1.2.3.4,2.5.29.32.0
+
+[v3_unsupported_policy_ca]
+basicConstraints = CA:true
+certificatePolicies = 1.2.3.4
+
+[policy_info]
+policyIdentifier = 2.5.29.32.0
+CPS.1 ="CPS uri string"
+
+[fan_cert]
+extendedKeyUsage = 1.3.6.1.4.1.45605.1
+
[noext_ca]
basicConstraints = CA:true
diff --git a/tests/data_files/test-ca.server1.db b/tests/data_files/test-ca.server1.db
new file mode 100644
index 0000000..3c0e012
--- /dev/null
+++ b/tests/data_files/test-ca.server1.db
@@ -0,0 +1,2 @@
+R 210212144406Z 110212124407Z 01 unknown /C=NL/O=PolarSSL/CN=PolarSSL Server 1
+R 210212144400Z 110212124407Z 03 unknown /C=NL/O=PolarSSL/CN=PolarSSL Test CA
diff --git a/tests/data_files/test-ca2.crt b/tests/data_files/test-ca2.crt
index d41a420..7ac79e4 100644
--- a/tests/data_files/test-ca2.crt
+++ b/tests/data_files/test-ca2.crt
@@ -1,15 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
-JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
-t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
-uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/
+MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk
+SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a
+LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ
+hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2.crt.der b/tests/data_files/test-ca2.crt.der
new file mode 100644
index 0000000..2c8e217
--- /dev/null
+++ b/tests/data_files/test-ca2.crt.der
Binary files differ
diff --git a/tests/data_files/test-ca2.key.der b/tests/data_files/test-ca2.key.der
new file mode 100644
index 0000000..bf64141
--- /dev/null
+++ b/tests/data_files/test-ca2.key.der
Binary files differ
diff --git a/tests/data_files/test-ca2.key.enc b/tests/data_files/test-ca2.key.enc
new file mode 100644
index 0000000..bb70990
--- /dev/null
+++ b/tests/data_files/test-ca2.key.enc
@@ -0,0 +1,9 @@
+-----BEGIN EC PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,307EAB469933D64E
+
+IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG
+ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq
+UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb
+a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm
+-----END EC PRIVATE KEY-----
diff --git a/tests/data_files/test-ca_cat12.crt b/tests/data_files/test-ca_cat12.crt
index 5e4bf06..8928144 100644
--- a/tests/data_files/test-ca_cat12.crt
+++ b/tests/data_files/test-ca_cat12.crt
@@ -1,82 +1,22 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 0 (0x0)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:00 2011 GMT
- Not After : Feb 12 14:44:00 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
- 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
- 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
- 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
- e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
- cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
- ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
- 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
- c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
- 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
- e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
- 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
- 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
- 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
- e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
- 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
- ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
- a2:d5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- X509v3 Subject Key Identifier:
- B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
- DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
- serial:00
-
- Signature Algorithm: sha1WithRSAEncryption
- b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
- 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
- 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
- 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
- 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
- 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
- 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
- e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
- e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
- 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
- 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
- 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
- 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
- e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
- f7:e0:e9:54
-----BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
-/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
-BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
-dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
-SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
-DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
-pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
-m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
-7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
+UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/
+MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA
+A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL
+hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm
+8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD
+zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ
+0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/
+mtxyUALj2pQxRitopORFQdn7AOY5
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
diff --git a/tests/data_files/test-ca_cat21.crt b/tests/data_files/test-ca_cat21.crt
index 5630789..7234863 100644
--- a/tests/data_files/test-ca_cat21.crt
+++ b/tests/data_files/test-ca_cat21.crt
@@ -13,83 +13,23 @@
t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
-----END CERTIFICATE-----
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 0 (0x0)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:00 2011 GMT
- Not After : Feb 12 14:44:00 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
- 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
- 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
- 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
- e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
- cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
- ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
- 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
- c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
- 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
- e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
- 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
- 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
- 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
- e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
- 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
- ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
- a2:d5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- X509v3 Subject Key Identifier:
- B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
- DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
- serial:00
-
- Signature Algorithm: sha1WithRSAEncryption
- b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
- 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
- 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
- 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
- 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
- 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
- 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
- e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
- e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
- 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
- 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
- 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
- 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
- e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
- f7:e0:e9:54
-----BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
-/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
-BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
-dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
-SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
-DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
-pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
-m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
-7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
+UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/
+MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA
+A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL
+hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm
+8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD
+zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ
+0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/
+mtxyUALj2pQxRitopORFQdn7AOY5
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca_printable.crt b/tests/data_files/test-ca_printable.crt
new file mode 100644
index 0000000..1e95b6d
--- /dev/null
+++ b/tests/data_files/test-ca_printable.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjExMTM0NTI5WhcNMjkwMjExMTM0NTI5WjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA
+FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
+CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQMwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAbhaFBCuqOenkJdwQvr3B3hX8MGER
+s0PWgKwSkrkfaRp8Vg2GBaVt+GdqtL+wpo9NYoeoPrEOjWHm7grdolhcKOs9SdKq
+XsiQKCJqvwqiJ0PfIwSA30ZqIGtb3I9WLXBXregk/ku9se2GhKlLCYeW09Tq3pex
+tGottVVypNJuMed+yX2MUMHrAW7+/ZJhxfTVTv6YYqqr6eufvLiYPhUgihTndqj9
+Keko1kOb7XyYMGKGEmLYFXS4oJc5uvwhkyTIjIZr6enYRzjLTkmhVpznSXdERKjl
+b8Jh/hzdws8yQOCk+NlqZPKz9LDQiI5p5tT4eGmX5w4fD30QYzgTQWLSKQ==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca_uppercase.crt b/tests/data_files/test-ca_uppercase.crt
new file mode 100644
index 0000000..3126a11
--- /dev/null
+++ b/tests/data_files/test-ca_uppercase.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjExMTM0NTQ3WhcNMjkwMjExMTM0NTQ3WjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA
+FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
+CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQMwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAFs2TDNHnSAONhAJcaz4W5gi9Gzdq
+PgG30wTf2FWCtbmY7b/tPfXi+O8zn42cmuVC6m7lp5akisN34bubQNjrMYvhkg9o
+PK+mIJw9/JxfMX8JYCQaU8UV4K+xaBY9Gu9jNhZklt0RUKgdhr/9r217R9ClX5XZ
++HBmQCUG1AXlD8qmMxu2VVkgBubMLZQQxsy6L3b3x0NKXx0SiO7YBVtFTB9KpwlG
+0R6lso+XfrQK3Q0g/kASyhuaaDfIGNPtNG+wEe/gA9K3NUY99TwKWpHhz5Yd+mfW
+rJcP89L7thXizripRT22b/ElPIgLSYarjKA317wkQJxYQ3ElkpgNbhaKHg==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca_utf8.crt b/tests/data_files/test-ca_utf8.crt
new file mode 100644
index 0000000..2dadc77
--- /dev/null
+++ b/tests/data_files/test-ca_utf8.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjExMTM0NTE0WhcNMjkwMjExMTM0NTE0WjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA
+FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
+CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQMwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAKePyGUC4+Ehb1/e0ldwipj8SZZPe
+QEXwUfF2T3Km/Bgo7tRhCMoRkMbqtGhhWM/nVfHlsFj68nQisxpGyuFzMdb/56aX
+Zh5KSocnlvvFeD3nQCQClnCRiboReuasIpH7UrFSLJgk30O+7mAWHLRD3n51hOTy
+50seLBgBUbXw/wYcxpS718DTUw9tSuRDxB/uGB5iwhz1lOnnslL0vswKacNFisGd
+7H7Vyn6YQFFuw6W04V4RzClXEyPTJg5QRMKR+vGMtoMTCNUG+sAwwM5NiAM4CDXc
+0vPALzpvlXnf2pi1WWSZSLgGMgn99N+7XXaA5W1FJ97fTzprTnOG6kl0YA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-int-ca3-badsign.crt b/tests/data_files/test-int-ca3-badsign.crt
new file mode 100644
index 0000000..2087056
--- /dev/null
+++ b/tests/data_files/test-int-ca3-badsign.crt
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
+732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
+ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
+Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
+pz590JvGWf0=
+-----END CERTIFICATE-----
diff --git a/tests/docker/bionic/Dockerfile b/tests/docker/bionic/Dockerfile
new file mode 100644
index 0000000..1b2d40f
--- /dev/null
+++ b/tests/docker/bionic/Dockerfile
@@ -0,0 +1,168 @@
+# Dockerfile
+#
+# Purpose
+# -------
+# Defines a Docker container suitable to build and run all tests (all.sh),
+# except for those that use a proprietary toolchain.
+
+# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+ARG MAKEFLAGS_PARALLEL=""
+ARG MY_REGISTRY=
+
+FROM ${MY_REGISTRY}ubuntu:bionic
+
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update \
+ && apt-get -y install software-properties-common \
+ && rm -rf /var/lib/apt/lists
+
+RUN add-apt-repository -y ppa:team-gcc-arm-embedded/ppa
+
+RUN apt-get update \
+ && apt-get -y install \
+ # mbedtls build/test dependencies
+ build-essential \
+ clang \
+ cmake \
+ doxygen \
+ gcc-arm-none-eabi \
+ gcc-mingw-w64-i686 \
+ gcc-multilib \
+ g++-multilib \
+ gdb \
+ git \
+ graphviz \
+ lsof \
+ python \
+ python3-pip \
+ python3 \
+ pylint3 \
+ valgrind \
+ wget \
+ # libnettle build dependencies
+ libgmp-dev \
+ m4 \
+ pkg-config \
+ && rm -rf /var/lib/apt/lists/*
+
+# Build a static, legacy openssl from sources with sslv3 enabled
+# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh)
+# Note: openssl-1.0.2 and earlier has known build issues with parallel make.
+RUN cd /tmp \
+ && wget https://www.openssl.org/source/old/1.0.1/openssl-1.0.1j.tar.gz -qO- | tar xz \
+ && cd openssl-1.0.1j \
+ && ./config --openssldir=/usr/local/openssl-1.0.1j no-shared \
+ && (make ${MAKEFLAGS_PARALLEL} || make -j 1) \
+ && make install_sw \
+ && rm -rf /tmp/openssl*
+ENV OPENSSL_LEGACY=/usr/local/openssl-1.0.1j/bin/openssl
+
+# Build OPENSSL as 1.0.2g
+RUN cd /tmp \
+ && wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2g.tar.gz -qO- | tar xz \
+ && cd openssl-1.0.2g \
+ && ./config --openssldir=/usr/local/openssl-1.0.2g no-shared \
+ && (make ${MAKEFLAGS_PARALLEL} || make -j 1) \
+ && make install_sw \
+ && rm -rf /tmp/openssl*
+ENV OPENSSL=/usr/local/openssl-1.0.2g/bin/openssl
+
+# Build a new openssl binary for ARIA/CHACHA20 support
+# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh)
+RUN cd /tmp \
+ && wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz -qO- | tar xz \
+ && cd openssl-1.1.1a \
+ && ./config --prefix=/usr/local/openssl-1.1.1a -Wl,--enable-new-dtags,-rpath,'${LIBRPATH}' no-shared \
+ && make ${MAKEFLAGS_PARALLEL} \
+ && make install_sw \
+ && rm -rf /tmp/openssl*
+ENV OPENSSL_NEXT=/usr/local/openssl-1.1.1a/bin/openssl
+
+# Build libnettle 2.7.1 (needed by legacy gnutls)
+RUN cd /tmp \
+ && wget https://ftp.gnu.org/gnu/nettle/nettle-2.7.1.tar.gz -qO- | tar xz \
+ && cd nettle-2.7.1 \
+ && ./configure --disable-documentation \
+ && make ${MAKEFLAGS_PARALLEL} \
+ && make install \
+ && /sbin/ldconfig \
+ && rm -rf /tmp/nettle*
+
+# Build legacy gnutls (3.3.8)
+RUN cd /tmp \
+ && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.3/gnutls-3.3.8.tar.xz -qO- | tar xJ \
+ && cd gnutls-3.3.8 \
+ && ./configure --prefix=/usr/local/gnutls-3.3.8 --exec_prefix=/usr/local/gnutls-3.3.8 --disable-shared --disable-guile --disable-doc \
+ && make ${MAKEFLAGS_PARALLEL} \
+ && make install \
+ && rm -rf /tmp/gnutls*
+ENV GNUTLS_LEGACY_CLI=/usr/local/gnutls-3.3.8/bin/gnutls-cli
+ENV GNUTLS_LEGACY_SERV=/usr/local/gnutls-3.3.8/bin/gnutls-serv
+
+# Build libnettle 3.1 (needed by gnutls)
+RUN cd /tmp \
+ && wget https://ftp.gnu.org/gnu/nettle/nettle-3.1.tar.gz -qO- | tar xz \
+ && cd nettle-3.1 \
+ && ./configure --disable-documentation \
+ && make ${MAKEFLAGS_PARALLEL} \
+ && make install \
+ && /sbin/ldconfig \
+ && rm -rf /tmp/nettle*
+
+# Build gnutls (3.4.10)
+RUN cd /tmp \
+ && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.4/gnutls-3.4.10.tar.xz -qO- | tar xJ \
+ && cd gnutls-3.4.10 \
+ && ./configure --prefix=/usr/local/gnutls-3.4.10 --exec_prefix=/usr/local/gnutls-3.4.10 \
+ --with-included-libtasn1 --without-p11-kit \
+ --disable-shared --disable-guile --disable-doc \
+ && make ${MAKEFLAGS_PARALLEL} \
+ && make install \
+ && rm -rf /tmp/gnutls*
+ENV GNUTLS_CLI=/usr/local/gnutls-3.4.10/bin/gnutls-cli
+ENV GNUTLS_SERV=/usr/local/gnutls-3.4.10/bin/gnutls-serv
+
+# Build libnettle 3.4 (needed by gnutls next)
+RUN cd /tmp \
+ && wget https://ftp.gnu.org/gnu/nettle/nettle-3.4.1.tar.gz -qO- | tar xz \
+ && cd nettle-3.4.1 \
+ && ./configure --disable-documentation \
+ && make ${MAKEFLAGS_PARALLEL} \
+ && make install \
+ && /sbin/ldconfig \
+ && rm -rf /tmp/nettle*
+
+# Build gnutls next (3.6.5)
+RUN cd /tmp \
+ && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.5.tar.xz -qO- | tar xJ \
+ && cd gnutls-3.6.5 \
+ && ./configure --prefix=/usr/local/gnutls-3.6.5 --exec_prefix=/usr/local/gnutls-3.6.5 \
+ --with-included-libtasn1 --with-included-unistring --without-p11-kit \
+ --disable-shared --disable-guile --disable-doc \
+ && make ${MAKEFLAGS_PARALLEL} \
+ && make install \
+ && rm -rf /tmp/gnutls*
+
+ENV GNUTLS_NEXT_CLI=/usr/local/gnutls-3.6.5/bin/gnutls-cli
+ENV GNUTLS_NEXT_SERV=/usr/local/gnutls-3.6.5/bin/gnutls-serv
+
+RUN pip3 install --no-cache-dir \
+ mbed-host-tests \
+ mock
diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh
index 7407f44..86edf5a 100755
--- a/tests/git-scripts/pre-push.sh
+++ b/tests/git-scripts/pre-push.sh
@@ -46,3 +46,4 @@
run_test ./tests/scripts/check-names.sh
run_test ./tests/scripts/check-generated-files.sh
run_test ./tests/scripts/check-files.py
+run_test ./tests/scripts/doxygen.sh
diff --git a/tests/make-in-docker.sh b/tests/make-in-docker.sh
new file mode 100755
index 0000000..4fbfe1c
--- /dev/null
+++ b/tests/make-in-docker.sh
@@ -0,0 +1,31 @@
+#!/bin/bash -eu
+
+# make-in-docker.sh
+#
+# Purpose
+# -------
+# This runs make in a Docker container.
+#
+# See also:
+# - scripts/docker_env.sh for general Docker prerequisites and other information.
+
+# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
+source tests/scripts/docker_env.sh
+
+run_in_docker make $@
diff --git a/tests/scripts/all-in-docker.sh b/tests/scripts/all-in-docker.sh
new file mode 100755
index 0000000..ee9a092
--- /dev/null
+++ b/tests/scripts/all-in-docker.sh
@@ -0,0 +1,37 @@
+#!/bin/bash -eu
+
+# all-in-docker.sh
+#
+# Purpose
+# -------
+# This runs all.sh (except for armcc) in a Docker container.
+#
+# Notes for users
+# ---------------
+# See docker_env.sh for prerequisites and other information.
+#
+# See also all.sh for notes about invocation of that script.
+
+# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
+source tests/scripts/docker_env.sh
+
+# Run tests that are possible with openly available compilers
+run_in_docker tests/scripts/all.sh \
+ --no-armcc \
+ $@
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index d7d5a8c..1b799f7 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -24,7 +24,8 @@
# configurations, and can and will arbitrarily change the current CMake
# configuration. The following files must be committed into git:
# * include/mbedtls/config.h
-# * Makefile, library/Makefile, programs/Makefile, tests/Makefile
+# * Makefile, library/Makefile, programs/Makefile, tests/Makefile,
+# programs/fuzz/Makefile
# After running this script, the CMake cache will be lost and CMake
# will no longer be initialised.
#
@@ -38,7 +39,6 @@
# * G++
# * arm-gcc and mingw-gcc
# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
-# * Yotta build dependencies, unless invoked with --no-yotta
# * OpenSSL and GnuTLS command line tools, recent enough for the
# interoperability tests. If they don't support SSLv3 then a legacy
# version of these tools must be present as well (search for LEGACY
@@ -56,21 +56,46 @@
# Notes for maintainers
# ---------------------
#
+# The bulk of the code is organized into functions that follow one of the
+# following naming conventions:
+# * pre_XXX: things to do before running the tests, in order.
+# * component_XXX: independent components. They can be run in any order.
+# * component_check_XXX: quick tests that aren't worth parallelizing.
+# * component_build_XXX: build things but don't run them.
+# * component_test_XXX: build and test.
+# * support_XXX: if support_XXX exists and returns false then
+# component_XXX is not run by default.
+# * post_XXX: things to do after running the tests.
+# * other: miscellaneous support functions.
+#
+# Each component must start by invoking `msg` with a short informative message.
+#
+# The framework performs some cleanup tasks after each component. This
+# means that components can assume that the working directory is in a
+# cleaned-up state, and don't need to perform the cleanup themselves.
+# * Run `make clean`.
+# * Restore `include/mbedtks/config.h` from a backup made before running
+# the component.
+# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`,
+# `tests/Makefile` and `programs/fuzz/Makefile` from git.
+# This cleans up after an in-tree use of CMake.
+#
+# Any command that is expected to fail must be protected so that the
+# script keeps running in --keep-going mode despite `set -e`. In keep-going
+# mode, if a protected command fails, this is logged as a failure and the
+# script will exit with a failure status once it has run all components.
+# Commands can be protected in any of the following ways:
+# * `make` is a function which runs the `make` command with protection.
+# Note that you must write `make VAR=value`, not `VAR=value make`,
+# because the `VAR=value make` syntax doesn't work with functions.
+# * Put `report_status` before the command to protect it.
+# * Put `if_build_successful` before a command. This protects it, and
+# additionally skips it if a prior invocation of `make` in the same
+# component failed.
+#
# The tests are roughly in order from fastest to slowest. This doesn't
# have to be exact, but in general you should add slower tests towards
# the end and fast checks near the beginning.
-#
-# Sanity checks have the following form:
-# 1. msg "short description of what is about to be done"
-# 2. run sanity check (failure stops the script)
-#
-# Build or build-and-test steps have the following form:
-# 1. msg "short description of what is about to be done"
-# 2. cleanup
-# 3. preparation (config.pl, cmake, ...) (failure stops the script)
-# 4. make
-# 5. Run tests if relevant. All tests must be prefixed with
-# if_build_successful for the sake of --keep-going.
@@ -81,61 +106,101 @@
# Abort on errors (and uninitialised variables)
set -eu
-if [ "$( uname )" != "Linux" ]; then
- echo "This script only works in Linux" >&2
- exit 1
-elif [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
- exit 1
-fi
+pre_check_environment () {
+ if [ -d library -a -d include -a -d tests ]; then :; else
+ echo "Must be run from mbed TLS root" >&2
+ exit 1
+ fi
+}
-CONFIG_H='include/mbedtls/config.h'
-CONFIG_BAK="$CONFIG_H.bak"
+pre_initialize_variables () {
+ CONFIG_H='include/mbedtls/config.h'
+ CONFIG_BAK="$CONFIG_H.bak"
-MEMORY=0
-FORCE=0
-KEEP_GOING=0
-RUN_ARMCC=1
-YOTTA=1
+ MEMORY=0
+ FORCE=0
+ KEEP_GOING=0
-# Default commands, can be overriden by the environment
-: ${OPENSSL:="openssl"}
-: ${OPENSSL_LEGACY:="$OPENSSL"}
-: ${OPENSSL_NEXT:="$OPENSSL"}
-: ${GNUTLS_CLI:="gnutls-cli"}
-: ${GNUTLS_SERV:="gnutls-serv"}
-: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
-: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
-: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
-: ${ARMC5_BIN_DIR:=/usr/bin}
-: ${ARMC6_BIN_DIR:=/usr/bin}
+ # Default commands, can be overridden by the environment
+ : ${OPENSSL:="openssl"}
+ : ${OPENSSL_LEGACY:="$OPENSSL"}
+ : ${OPENSSL_NEXT:="$OPENSSL"}
+ : ${GNUTLS_CLI:="gnutls-cli"}
+ : ${GNUTLS_SERV:="gnutls-serv"}
+ : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
+ : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
+ : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
+ : ${ARMC5_BIN_DIR:=/usr/bin}
+ : ${ARMC6_BIN_DIR:=/usr/bin}
-# if MAKEFLAGS is not set add the -j option to speed up invocations of make
-if [ -n "${MAKEFLAGS+set}" ]; then
- export MAKEFLAGS="-j"
-fi
+ # if MAKEFLAGS is not set add the -j option to speed up invocations of make
+ if [ -z "${MAKEFLAGS+set}" ]; then
+ export MAKEFLAGS="-j"
+ fi
+
+ # Gather the list of available components. These are the functions
+ # defined in this script whose name starts with "component_".
+ # Parse the script with sed, because in sh there is no way to list
+ # defined functions.
+ ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0")
+
+ # Exclude components that are not supported on this platform.
+ SUPPORTED_COMPONENTS=
+ for component in $ALL_COMPONENTS; do
+ case $(type "support_$component" 2>&1) in
+ *' function'*)
+ if ! support_$component; then continue; fi;;
+ esac
+ SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component"
+ done
+}
+
+# Test whether the component $1 is included in the command line patterns.
+is_component_included()
+{
+ set -f
+ for pattern in $COMMAND_LINE_COMPONENTS; do
+ set +f
+ case ${1#component_} in $pattern) return 0;; esac
+ done
+ set +f
+ return 1
+}
usage()
{
cat <<EOF
-Usage: $0 [OPTION]...
- -h|--help Print this help.
+Usage: $0 [OPTION]... [COMPONENT]...
+Run mbedtls release validation tests.
+By default, run all tests. With one or more COMPONENT, run only those.
+COMPONENT can be the name of a component or a shell wildcard pattern.
+
+Examples:
+ $0 "check_*"
+ Run all sanity checks.
+ $0 --no-armcc --except test_memsan
+ Run everything except builds that require armcc and MemSan.
+
+Special options:
+ -h|--help Print this help and exit.
+ --list-all-components List all available test components and exit.
+ --list-components List components supported on this platform and exit.
General options:
-f|--force Force the tests to overwrite any modified files.
-k|--keep-going Run all tests and report errors at the end.
-m|--memory Additional optional memory tests.
--armcc Run ARM Compiler builds (on by default).
+ --except Exclude the COMPONENTs listed on the command line,
+ instead of running only those.
--no-armcc Skip ARM Compiler builds.
--no-force Refuse to overwrite modified files (default).
--no-keep-going Stop at the first error (default).
--no-memory No additional memory tests (default).
- --no-yotta Skip yotta module build.
--out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
--random-seed Use a random seed value for randomized tests (default).
-r|--release-test Run this script in release mode. This fixes the seed value to 1.
-s|--seed Integer seed value to use for this test run.
- --yotta Build yotta module (on by default).
Tool path options:
--armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
@@ -158,17 +223,30 @@
fi
command make clean
+ cd crypto
+ command make clean
+ cd ..
# Remove CMake artefacts
- find . -name .git -prune -o -name yotta -prune -o \
+ find . -name .git -prune -o \
-iname CMakeFiles -exec rm -rf {} \+ -o \
\( -iname cmake_install.cmake -o \
-iname CTestTestfile.cmake -o \
-iname CMakeCache.txt \) -exec rm {} \+
# Recover files overwritten by in-tree CMake builds
rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile
+ git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
+ git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
+ cd crypto
+ rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile
git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile
git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile
+ cd ..
+
+ # Remove any artifacts from the component_test_cmake_as_subdirectory test.
+ rm -rf programs/test/cmake_subproject/build
+ rm -f programs/test/cmake_subproject/Makefile
+ rm -f programs/test/cmake_subproject/cmake_subproject
if [ -f "$CONFIG_BAK" ]; then
mv "$CONFIG_BAK" "$CONFIG_H"
@@ -193,25 +271,27 @@
msg()
{
+ if [ -n "${current_component:-}" ]; then
+ current_section="${current_component#component_}: $1"
+ else
+ current_section="$1"
+ fi
echo ""
echo "******************************************************************"
- echo "* $1 "
+ echo "* $current_section "
printf "* "; date
echo "******************************************************************"
- current_section=$1
}
-if [ $RUN_ARMCC -ne 0 ]; then
- armc6_build_test()
- {
- FLAGS="$1"
+armc6_build_test()
+{
+ FLAGS="$1"
- msg "build: ARM Compiler 6 ($FLAGS), make"
- ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
- WARNING_CFLAGS='-xc -std=c99' make lib
- make clean
- }
-fi
+ msg "build: ARM Compiler 6 ($FLAGS), make"
+ ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
+ WARNING_CFLAGS='-xc -std=c99' make lib
+ make clean
+}
err_msg()
{
@@ -229,80 +309,115 @@
}
check_headers_in_cpp () {
- ls include/mbedtls >headers.txt
+ ls include/mbedtls | grep "\.h$" >headers.txt
<programs/test/cpp_dummy_build.cpp sed -n 's/"$//; s!^#include "mbedtls/!!p' |
sort |
diff headers.txt -
rm headers.txt
}
-while [ $# -gt 0 ]; do
- case "$1" in
- --armcc) RUN_ARMCC=1;;
- --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
- --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
- --force|-f) FORCE=1;;
- --gnutls-cli) shift; GNUTLS_CLI="$1";;
- --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";;
- --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";;
- --gnutls-serv) shift; GNUTLS_SERV="$1";;
- --help|-h) usage; exit;;
- --keep-going|-k) KEEP_GOING=1;;
- --memory|-m) MEMORY=1;;
- --no-armcc) RUN_ARMCC=0;;
- --no-force) FORCE=0;;
- --no-keep-going) KEEP_GOING=0;;
- --no-memory) MEMORY=0;;
- --no-yotta) YOTTA=0;;
- --openssl) shift; OPENSSL="$1";;
- --openssl-legacy) shift; OPENSSL_LEGACY="$1";;
- --openssl-next) shift; OPENSSL_NEXT="$1";;
- --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
- --random-seed) unset SEED;;
- --release-test|-r) SEED=1;;
- --seed|-s) shift; SEED="$1";;
- --yotta) YOTTA=1;;
- *)
- echo >&2 "Unknown option: $1"
- echo >&2 "Run $0 --help for usage."
- exit 120
- ;;
- esac
- shift
-done
+pre_parse_command_line () {
+ COMMAND_LINE_COMPONENTS=
+ all_except=0
+ no_armcc=
-if [ $FORCE -eq 1 ]; then
- if [ $YOTTA -eq 1 ]; then
- rm -rf yotta/module "$OUT_OF_SOURCE_DIR"
+ while [ $# -gt 0 ]; do
+ case "$1" in
+ --armcc) no_armcc=;;
+ --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
+ --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
+ --except) all_except=1;;
+ --force|-f) FORCE=1;;
+ --gnutls-cli) shift; GNUTLS_CLI="$1";;
+ --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";;
+ --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";;
+ --gnutls-serv) shift; GNUTLS_SERV="$1";;
+ --help|-h) usage; exit;;
+ --keep-going|-k) KEEP_GOING=1;;
+ --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
+ --list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;;
+ --memory|-m) MEMORY=1;;
+ --no-armcc) no_armcc=1;;
+ --no-force) FORCE=0;;
+ --no-keep-going) KEEP_GOING=0;;
+ --no-memory) MEMORY=0;;
+ --openssl) shift; OPENSSL="$1";;
+ --openssl-legacy) shift; OPENSSL_LEGACY="$1";;
+ --openssl-next) shift; OPENSSL_NEXT="$1";;
+ --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
+ --random-seed) unset SEED;;
+ --release-test|-r) SEED=1;;
+ --seed|-s) shift; SEED="$1";;
+ -*)
+ echo >&2 "Unknown option: $1"
+ echo >&2 "Run $0 --help for usage."
+ exit 120
+ ;;
+ *) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";;
+ esac
+ shift
+ done
+
+ # With no list of components, run everything.
+ if [ -z "$COMMAND_LINE_COMPONENTS" ]; then
+ all_except=1
fi
- git checkout-index -f -q $CONFIG_H
- cleanup
-else
- if [ $YOTTA -ne 0 ] && [ -d yotta/module ]; then
- err_msg "Warning - there is an existing yotta module in the directory 'yotta/module'"
- echo "You can either delete your work and retry, or force the test to overwrite the"
- echo "test by rerunning the script as: $0 --force"
+ # --no-armcc is a legacy option. The modern way is --except '*_armcc*'.
+ # Ignore it if components are listed explicitly on the command line.
+ if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then
+ COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*"
+ fi
+
+ # Build the list of components to run.
+ RUN_COMPONENTS=
+ for component in $SUPPORTED_COMPONENTS; do
+ if is_component_included "$component"; [ $? -eq $all_except ]; then
+ RUN_COMPONENTS="$RUN_COMPONENTS $component"
+ fi
+ done
+
+ unset all_except
+ unset no_armcc
+}
+
+pre_check_git () {
+ if [ $FORCE -eq 1 ]; then
+ rm -rf "$OUT_OF_SOURCE_DIR"
+ git checkout-index -f -q $CONFIG_H
+ cleanup
+ else
+
+ if [ -d "$OUT_OF_SOURCE_DIR" ]; then
+ echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2
+ echo "You can either delete this directory manually, or force the test by rerunning"
+ echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR"
+ exit 1
+ fi
+
+ if ! git diff --quiet include/mbedtls/config.h; then
+ err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. "
+ echo "You can either delete or preserve your work, or force the test by rerunning the"
+ echo "script as: $0 --force"
+ exit 1
+ fi
+ fi
+ if ! [ -f crypto/Makefile ]; then
+ echo "Please initialize the crypto submodule" >&2
exit 1
fi
+}
- if [ -d "$OUT_OF_SOURCE_DIR" ]; then
- echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2
- echo "You can either delete this directory manually, or force the test by rerunning"
- echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR"
- exit 1
+pre_check_seedfile () {
+ if [ ! -f "./tests/seedfile" ]; then
+ dd if=/dev/urandom of=./tests/seedfile bs=32 count=1
fi
-
- if ! git diff-files --quiet include/mbedtls/config.h; then
- err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. "
- echo "You can either delete or preserve your work, or force the test by rerunning the"
- echo "script as: $0 --force"
- exit 1
+ if [ ! -f "./crypto/tests/seedfile" ]; then
+ dd if=/dev/urandom of=./crypto/tests/seedfile bs=32 count=1
fi
-fi
+}
-build_status=0
-if [ $KEEP_GOING -eq 1 ]; then
+pre_setup_keep_going () {
failure_summary=
failure_count=0
start_red=
@@ -356,11 +471,8 @@
echo "Killed by SIG$1."
fi
}
-else
- record_status () {
- "$@"
- }
-fi
+}
+
if_build_succeeded () {
if [ $build_status -eq 0 ]; then
record_status "$@"
@@ -373,44 +485,84 @@
! "$@"
}
-msg "info: $0 configuration"
-echo "MEMORY: $MEMORY"
-echo "FORCE: $FORCE"
-echo "SEED: ${SEED-"UNSET"}"
-echo "OPENSSL: $OPENSSL"
-echo "OPENSSL_LEGACY: $OPENSSL_LEGACY"
-echo "OPENSSL_NEXT: $OPENSSL_NEXT"
-echo "GNUTLS_CLI: $GNUTLS_CLI"
-echo "GNUTLS_SERV: $GNUTLS_SERV"
-echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI"
-echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV"
-echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
-echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
-
-ARMC5_CC="$ARMC5_BIN_DIR/armcc"
-ARMC5_AR="$ARMC5_BIN_DIR/armar"
-ARMC6_CC="$ARMC6_BIN_DIR/armclang"
-ARMC6_AR="$ARMC6_BIN_DIR/armar"
-
-# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh
-# we just export the variables they require
-export OPENSSL_CMD="$OPENSSL"
-export GNUTLS_CLI="$GNUTLS_CLI"
-export GNUTLS_SERV="$GNUTLS_SERV"
-
-# Avoid passing --seed flag in every call to ssl-opt.sh
-if [ -n "${SEED-}" ]; then
- export SEED
-fi
+pre_print_configuration () {
+ msg "info: $0 configuration"
+ echo "MEMORY: $MEMORY"
+ echo "FORCE: $FORCE"
+ echo "SEED: ${SEED-"UNSET"}"
+ echo "OPENSSL: $OPENSSL"
+ echo "OPENSSL_LEGACY: $OPENSSL_LEGACY"
+ echo "OPENSSL_NEXT: $OPENSSL_NEXT"
+ echo "GNUTLS_CLI: $GNUTLS_CLI"
+ echo "GNUTLS_SERV: $GNUTLS_SERV"
+ echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI"
+ echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV"
+ echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
+ echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
+}
# Make sure the tools we need are available.
-check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \
- "$GNUTLS_CLI" "$GNUTLS_SERV" \
- "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \
- "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" "gdb"
-if [ $RUN_ARMCC -ne 0 ]; then
- check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR"
-fi
+pre_check_tools () {
+ # Build the list of variables to pass to output_env.sh.
+ set env
+
+ case " $RUN_COMPONENTS " in
+ # Require OpenSSL and GnuTLS if running any tests (as opposed to
+ # only doing builds). Not all tests run OpenSSL and GnuTLS, but this
+ # is a good enough approximation in practice.
+ *" test_"*)
+ # To avoid setting OpenSSL and GnuTLS for each call to compat.sh
+ # and ssl-opt.sh, we just export the variables they require.
+ export OPENSSL_CMD="$OPENSSL"
+ export GNUTLS_CLI="$GNUTLS_CLI"
+ export GNUTLS_SERV="$GNUTLS_SERV"
+ # Avoid passing --seed flag in every call to ssl-opt.sh
+ if [ -n "${SEED-}" ]; then
+ export SEED
+ fi
+ set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY"
+ set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV"
+ set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI"
+ set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV"
+ check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \
+ "$GNUTLS_CLI" "$GNUTLS_SERV" \
+ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV"
+ ;;
+ esac
+
+ case " $RUN_COMPONENTS " in
+ *_doxygen[_\ ]*) check_tools "doxygen" "dot";;
+ esac
+
+ case " $RUN_COMPONENTS " in
+ *_arm_none_eabi_gcc[_\ ]*) check_tools "arm-none-eabi-gcc";;
+ esac
+
+ case " $RUN_COMPONENTS " in
+ *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";;
+ esac
+
+ case " $RUN_COMPONENTS " in
+ *" test_zeroize "*) check_tools "gdb";;
+ esac
+
+ case " $RUN_COMPONENTS " in
+ *_armcc*)
+ ARMC5_CC="$ARMC5_BIN_DIR/armcc"
+ ARMC5_AR="$ARMC5_BIN_DIR/armar"
+ ARMC6_CC="$ARMC6_BIN_DIR/armclang"
+ ARMC6_AR="$ARMC6_BIN_DIR/armar"
+ check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR";;
+ esac
+
+ msg "info: output_env.sh"
+ case $RUN_COMPONENTS in
+ *_armcc*)
+ set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;;
+ *) set "$@" RUN_ARMCC=0;;
+ esac
+ "$@" scripts/output_env.sh
+}
@@ -429,32 +581,35 @@
#
# Indicative running times are given for reference.
-msg "info: output_env.sh"
-OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \
- GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \
- GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" ARMC5_CC="$ARMC5_CC" \
- ARMC6_CC="$ARMC6_CC" RUN_ARMCC="$RUN_ARMCC" scripts/output_env.sh
+component_check_recursion () {
+ msg "test: recursion.pl" # < 1s
+ record_status tests/scripts/recursion.pl library/*.c
+}
-msg "test: recursion.pl" # < 1s
-tests/scripts/recursion.pl library/*.c
+component_check_generated_files () {
+ msg "test: freshness of generated source files" # < 1s
+ record_status tests/scripts/check-generated-files.sh
+}
-msg "test: freshness of generated source files" # < 1s
-tests/scripts/check-generated-files.sh
+component_check_doxy_blocks () {
+ msg "test: doxygen markup outside doxygen blocks" # < 1s
+ record_status tests/scripts/check-doxy-blocks.pl
+}
-msg "test: doxygen markup outside doxygen blocks" # < 1s
-tests/scripts/check-doxy-blocks.pl
+component_check_files () {
+ msg "test: check-files.py" # < 1s
+ record_status tests/scripts/check-files.py
+}
-msg "test: check-files.py" # < 1s
-cleanup
-tests/scripts/check-files.py
+component_check_names () {
+ msg "test/build: declared and exported names" # < 3s
+ record_status tests/scripts/check-names.sh -v
+}
-msg "test/build: declared and exported names" # < 3s
-cleanup
-tests/scripts/check-names.sh
-
-msg "test: doxygen warnings" # ~ 3s
-cleanup
-tests/scripts/doxygen.sh
+component_check_doxygen_warnings () {
+ msg "test: doxygen warnings" # ~ 3s
+ record_status tests/scripts/doxygen.sh
+}
@@ -462,450 +617,516 @@
#### Build and test many configurations and targets
################################################################
-if [ $RUN_ARMCC -ne 0 ] && [ $YOTTA -ne 0 ]; then
- # Note - use of yotta is deprecated, and yotta also requires armcc to be on the
- # path, and uses whatever version of armcc it finds there.
- msg "build: create and build yotta module" # ~ 30s
- cleanup
- record_status tests/scripts/yotta-build.sh
-fi
+component_test_large_ecdsa_key_signature () {
-msg "build: cmake, gcc, ASan" # ~ 1 min 50s
-cleanup
-CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
-make
+ SMALL_MPI_MAX_SIZE=136 # Small enough to interfere with the EC signatures
-msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
-make test
+ msg "build: cmake + MBEDTLS_MPI_MAX_SIZE=${SMALL_MPI_MAX_SIZE}, gcc, ASan" # ~ 1 min 50s
+ scripts/config.pl set MBEDTLS_MPI_MAX_SIZE $SMALL_MPI_MAX_SIZE
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
-msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
-if_build_succeeded tests/ssl-opt.sh
+ INEVITABLY_PRESENT_FILE=Makefile
+ SIGNATURE_FILE="${INEVITABLY_PRESENT_FILE}.sig" # Warning, this is rm -f'ed below
-msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
-record_status tests/scripts/test-ref-configs.pl
+ msg "test: pk_sign secp521r1_prv.der for MBEDTLS_MPI_MAX_SIZE=${SMALL_MPI_MAX_SIZE} (ASan build)" # ~ 5s
+ if_build_succeeded programs/pkey/pk_sign tests/data_files/secp521r1_prv.der $INEVITABLY_PRESENT_FILE
+ rm -f $SIGNATURE_FILE
+}
-msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min
-make
+component_test_default_out_of_box () {
+ msg "build: make, default config (out-of-box)" # ~1min
+ make
-msg "test: compat.sh (ASan build)" # ~ 6 min
-if_build_succeeded tests/compat.sh
+ msg "test: main suites make, default config (out-of-box)" # ~10s
+ make test
-msg "build: Default + SSLv3 (ASan build)" # ~ 6 min
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3
-CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
-make
+ msg "selftest: make, default config (out-of-box)" # ~10s
+ programs/test/selftest
+}
-msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s
-make test
+component_test_default_cmake_gcc_asan () {
+ msg "build: cmake, gcc, ASan" # ~ 1 min 50s
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
-msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min
-if_build_succeeded tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
-if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
+ msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
+ make test
-msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
-if_build_succeeded tests/ssl-opt.sh
+ msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
+ if_build_succeeded tests/ssl-opt.sh
-msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION
-CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
-make
+ msg "test: compat.sh (ASan build)" # ~ 6 min
+ if_build_succeeded tests/compat.sh
+}
-msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s
-make test
+component_test_ref_configs () {
+ msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ record_status tests/scripts/test-ref-configs.pl
+}
-msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
-if_build_succeeded tests/ssl-opt.sh
+component_test_sslv3 () {
+ msg "build: Default + SSLv3 (ASan build)" # ~ 6 min
+ scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
-msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl set MBEDTLS_RSA_NO_CRT
-CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
-make
+ msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s
+ make test
-msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
-make test
+ msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min
+ if_build_succeeded tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
+ if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
-msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
-tests/ssl-opt.sh -f RSA
+ msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
+ if_build_succeeded tests/ssl-opt.sh
+}
-msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
-tests/compat.sh -t RSA
+component_test_no_renegotiation () {
+ msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
+ scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
-msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
-scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
-CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
-make
+ msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s
+ make test
-msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
-if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet"
+ msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
+ if_build_succeeded tests/ssl-opt.sh
+}
-msg "build: small SSL_IN_CONTENT_LEN (ASan build)"
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096
-scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384
-CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
-make
+component_test_no_pem_no_fs () {
+ msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)"
+ scripts/config.pl unset MBEDTLS_PEM_PARSE_C
+ scripts/config.pl unset MBEDTLS_FS_IO
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
-msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
-if_build_succeeded tests/ssl-opt.sh -f "Max fragment"
+ msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s
+ make test
-msg "build: cmake, full config, clang" # ~ 50s
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl full
-scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
-CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On .
-make
+ msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min
+ if_build_succeeded tests/ssl-opt.sh
+}
-msg "test: main suites (full config)" # ~ 5s
-make test
+component_test_rsa_no_crt () {
+ msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
+ scripts/config.pl set MBEDTLS_RSA_NO_CRT
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
-msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
-if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
+ msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
+ make test
-msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min
-if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
+ msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
+ if_build_succeeded tests/ssl-opt.sh -f RSA
-msg "test: compat.sh ARIA + ChachaPoly"
-if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
+ msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
+ if_build_succeeded tests/compat.sh -t RSA
+}
-msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl full
-scripts/config.pl set MBEDTLS_DEPRECATED_WARNING
-# Build with -O -Wextra to catch a maximum of issues.
-make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs
-make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
+component_test_small_ssl_out_content_len () {
+ msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
+ scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
+ scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
-msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s
-# No cleanup, just tweak the configuration and rebuild
-make clean
-scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING
-scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED
-# Build with -O -Wextra to catch a maximum of issues.
-make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs
-make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
+ msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
+ if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet"
+}
-msg "test/build: curves.pl (gcc)" # ~ 4 min
-cleanup
-record_status tests/scripts/curves.pl
+component_test_small_ssl_in_content_len () {
+ msg "build: small SSL_IN_CONTENT_LEN (ASan build)"
+ scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096
+ scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
-msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min
-cleanup
-record_status tests/scripts/depends-hashes.pl
+ msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
+ if_build_succeeded tests/ssl-opt.sh -f "Max fragment"
+}
-msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min
-cleanup
-record_status tests/scripts/depends-pkalgs.pl
+component_test_small_ssl_dtls_max_buffering () {
+ msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0"
+ scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
-msg "test/build: key-exchanges (gcc)" # ~ 1 min
-cleanup
-record_status tests/scripts/key-exchanges.pl
+ msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
+ if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg"
+}
-msg "build: Unix make, -Os (gcc)" # ~ 30s
-cleanup
-make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
+component_test_small_mbedtls_ssl_dtls_max_buffering () {
+ msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1"
+ scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
-msg "test: verify header list in cpp_dummy_build.cpp"
-record_status check_headers_in_cpp
+ msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
+ if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket"
+}
-msg "build: Unix make, incremental g++"
-make TEST_CPP=1
+component_test_full_cmake_clang () {
+ msg "build: cmake, full config, clang" # ~ 50s
+ scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On .
+ make
-# Full configuration build, without platform support, file IO and net sockets.
-# This should catch missing mbedtls_printf definitions, and by disabling file
-# IO, it should catch missing '#include <stdio.h>'
-msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl full
-scripts/config.pl unset MBEDTLS_PLATFORM_C
-scripts/config.pl unset MBEDTLS_NET_C
-scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY
-scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT
-scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
-scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
-scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
-scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
-scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
-scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
-scripts/config.pl unset MBEDTLS_FS_IO
-# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
-# to re-enable platform integration features otherwise disabled in C99 builds
-make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs
-make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' test
+ msg "test: main suites (full config)" # ~ 5s
+ make test
-# catch compile bugs in _uninit functions
-msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl full
-scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
-make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
+ msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
+ if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
-msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl full
-scripts/config.pl unset MBEDTLS_SSL_SRV_C
-make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
+ msg "test: compat.sh RC4, DES, 3DES & NULL (full config)" # ~ 2 min
+ if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR'
-msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl full
-scripts/config.pl unset MBEDTLS_SSL_CLI_C
-make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
+ msg "test: compat.sh ARIA + ChachaPoly"
+ if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
+}
-# Note, C99 compliance can also be tested with the sockets support disabled,
-# as that requires a POSIX platform (which isn't the same as C99).
-msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl full
-scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
-scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
-make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib
+component_build_deprecated () {
+ msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
+ scripts/config.pl full
+ scripts/config.pl set MBEDTLS_DEPRECATED_WARNING
+ # Build with -O -Wextra to catch a maximum of issues.
+ make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs
+ make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
-# Run max fragment length tests with MFL disabled
-msg "build: default config except MFL extension (ASan build)" # ~ 30s
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
-make
+ msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s
+ # No cleanup, just tweak the configuration and rebuild
+ make clean
+ scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING
+ scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED
+ # Build with -O -Wextra to catch a maximum of issues.
+ make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs
+ make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
+}
-msg "test: ssl-opt.sh, MFL-related tests"
-if_build_succeeded tests/ssl-opt.sh -f "Max fragment length"
+component_test_depends_curves () {
+ msg "test/build: curves.pl (gcc)" # ~ 4 min
+ record_status tests/scripts/curves.pl
+}
-msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)"
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
-scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
-CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
-make
+component_test_depends_hashes () {
+ msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min
+ record_status tests/scripts/depends-hashes.pl
+}
-msg "test: MFL tests (disabled MFL extension case) & large packet tests"
-if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
+component_test_depends_pkalgs () {
+ msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min
+ record_status tests/scripts/depends-pkalgs.pl
+}
-msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY
-scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-scripts/config.pl set MBEDTLS_ENTROPY_C
-scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
-scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT
-scripts/config.pl unset MBEDTLS_HAVEGE_C
-CC=gcc cmake -D UNSAFE_BUILD=ON -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" .
-make
+component_build_key_exchanges () {
+ msg "test/build: key-exchanges (gcc)" # ~ 1 min
+ record_status tests/scripts/key-exchanges.pl
+}
-msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)"
-make test
+component_build_default_make_gcc_and_cxx () {
+ msg "build: Unix make, -Os (gcc)" # ~ 30s
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
-msg "build: default config with AES_FEWER_TABLES enabled"
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl set MBEDTLS_AES_FEWER_TABLES
-make CC=gcc CFLAGS='-Werror -Wall -Wextra'
+ msg "test: verify header list in cpp_dummy_build.cpp"
+ record_status check_headers_in_cpp
-msg "test: AES_FEWER_TABLES"
-make test
+ msg "build: Unix make, incremental g++"
+ make TEST_CPP=1
+}
-msg "build: default config with AES_ROM_TABLES enabled"
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl set MBEDTLS_AES_ROM_TABLES
-make CC=gcc CFLAGS='-Werror -Wall -Wextra'
+component_test_no_use_psa_crypto_full_cmake_asan() {
+ # full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
+ msg "build: cmake, full config + MBEDTLS_USE_PSA_CRYPTO, ASan"
+ scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ scripts/config.pl set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC
+ scripts/config.pl set MBEDTLS_PSA_CRYPTO_C
+ scripts/config.pl unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
-msg "test: AES_ROM_TABLES"
-make test
+ msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)"
+ make test
-msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled"
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl set MBEDTLS_AES_FEWER_TABLES
-scripts/config.pl set MBEDTLS_AES_ROM_TABLES
-make CC=gcc CFLAGS='-Werror -Wall -Wextra'
+ msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)"
+ if_build_succeeded tests/ssl-opt.sh
-msg "test: AES_FEWER_TABLES + AES_ROM_TABLES"
-make test
+ msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)"
+ if_build_succeeded tests/compat.sh
-if uname -a | grep -F Linux >/dev/null; then
+ msg "test: compat.sh ssl3 (full minus MBEDTLS_USE_PSA_CRYPTO)"
+ if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
+
+ msg "test: compat.sh RC4, DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
+ if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
+
+ msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
+ if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
+}
+
+component_test_check_params_functionality () {
+ msg "build+test: MBEDTLS_CHECK_PARAMS functionality"
+ scripts/config.pl full # includes CHECK_PARAMS
+ # Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed().
+ scripts/config.pl unset MBEDTLS_CHECK_PARAMS_ASSERT
+ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ # Only build and run tests. Do not build sample programs, because
+ # they don't have a mbedtls_param_failed() function.
+ make CC=gcc CFLAGS='-Werror -O1' lib test
+}
+
+component_test_check_params_without_platform () {
+ msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C"
+ scripts/config.pl full # includes CHECK_PARAMS
+ # Keep MBEDTLS_PARAM_FAILED as assert.
+ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
+ scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
+ scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
+ scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY
+ scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT
+ scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
+ scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
+ scripts/config.pl unset MBEDTLS_PLATFORM_C
+ make CC=gcc CFLAGS='-Werror -O1' all test
+}
+
+component_test_check_params_silent () {
+ msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()"
+ scripts/config.pl full # includes CHECK_PARAMS
+ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ # Set MBEDTLS_PARAM_FAILED to nothing.
+ sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H"
+ make CC=gcc CFLAGS='-Werror -O1' all test
+}
+
+component_test_no_platform () {
+ # Full configuration build, without platform support, file IO and net sockets.
+ # This should catch missing mbedtls_printf definitions, and by disabling file
+ # IO, it should catch missing '#include <stdio.h>'
+ msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s
+ scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_PLATFORM_C
+ scripts/config.pl unset MBEDTLS_NET_C
+ scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY
+ scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT
+ scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT
+ scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT
+ scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
+ scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
+ scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
+ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ scripts/config.pl unset MBEDTLS_FS_IO
+ scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
+ scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
+ # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
+ # to re-enable platform integration features otherwise disabled in C99 builds
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' test
+}
+
+component_build_no_std_function () {
+ # catch compile bugs in _uninit functions
+ msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s
+ scripts/config.pl full
+ scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+ scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
+}
+
+component_build_no_ssl_srv () {
+ msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s
+ scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_SSL_SRV_C
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
+}
+
+component_build_no_ssl_cli () {
+ msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s
+ scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_SSL_CLI_C
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
+}
+
+component_build_no_sockets () {
+ # Note, C99 compliance can also be tested with the sockets support disabled,
+ # as that requires a POSIX platform (which isn't the same as C99).
+ msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s
+ scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
+ scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib
+}
+
+component_test_no_max_fragment_length () {
+ # Run max fragment length tests with MFL disabled
+ msg "build: default config except MFL extension (ASan build)" # ~ 30s
+ scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: ssl-opt.sh, MFL-related tests"
+ if_build_succeeded tests/ssl-opt.sh -f "Max fragment length"
+}
+
+component_test_asan_remove_peer_certificate () {
+ msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)"
+ scripts/config.pl unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
+ make test
+
+ msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
+ if_build_succeeded tests/ssl-opt.sh
+
+ msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
+ if_build_succeeded tests/compat.sh
+}
+
+component_test_no_max_fragment_length_small_ssl_out_content_len () {
+ msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)"
+ scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+ scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
+ scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: MFL tests (disabled MFL extension case) & large packet tests"
+ if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
+}
+
+component_test_when_no_ciphersuites_have_mac () {
+ msg "build: when no ciphersuites have MAC"
+ scripts/config.pl unset MBEDTLS_CIPHER_NULL_CIPHER
+ scripts/config.pl unset MBEDTLS_ARC4_C
+ scripts/config.pl unset MBEDTLS_CIPHER_MODE_CBC
+ make
+
+ msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
+ make test
+
+ msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
+ if_build_succeeded tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM'
+}
+
+component_test_null_entropy () {
+ msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
+ scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY
+ scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ scripts/config.pl set MBEDTLS_ENTROPY_C
+ scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
+ scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT
+ scripts/config.pl unset MBEDTLS_HAVEGE_C
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON .
+ make
+
+ msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)"
+ make test
+}
+
+component_test_platform_calloc_macro () {
+ msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
+ scripts/config.pl set MBEDTLS_PLATFORM_MEMORY
+ scripts/config.pl set MBEDTLS_PLATFORM_CALLOC_MACRO calloc
+ scripts/config.pl set MBEDTLS_PLATFORM_FREE_MACRO free
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)"
+ make test
+}
+
+component_test_make_shared () {
msg "build/test: make shared" # ~ 40s
- cleanup
- make SHARED=1 all check
-fi
+ make SHARED=1 all check -j1
+}
-if uname -a | grep -F x86_64 >/dev/null; then
+component_test_m32_o0 () {
# Build once with -O0, to compile out the i386 specific inline assembly
msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
- cleanup
- cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
- make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address'
+ make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
msg "test: i386, make, gcc -O0 (ASan build)"
make test
+}
+support_test_m32_o0 () {
+ case $(uname -m) in
+ *64*) true;;
+ *) false;;
+ esac
+}
+component_test_m32_o1 () {
# Build again with -O1, to compile in the i386 specific inline assembly
msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s
- cleanup
- cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
- make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address'
+ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
+ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ scripts/config.pl unset MBEDTLS_MEMORY_DEBUG
+ make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
msg "test: i386, make, gcc -O1 (ASan build)"
make test
+ msg "test ssl-opt.sh, i386, make, gcc-O1"
+ if_build_succeeded tests/ssl-opt.sh
+}
+support_test_m32_o1 () {
+ support_test_m32_o0 "$@"
+}
+
+component_test_mx32 () {
msg "build: 64-bit ILP32, make, gcc" # ~ 30s
- cleanup
- cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32'
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32'
msg "test: 64-bit ILP32, make, gcc"
make test
-fi # x86_64
+}
+support_test_mx32 () {
+ case $(uname -m) in
+ amd64|x86_64) true;;
+ *) false;;
+ esac
+}
-msg "build: gcc, force 32-bit bignum limbs"
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl unset MBEDTLS_HAVE_ASM
-scripts/config.pl unset MBEDTLS_AESNI_C
-scripts/config.pl unset MBEDTLS_PADLOCK_C
-make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32'
+component_build_arm_none_eabi_gcc () {
+ msg "build: arm-none-eabi-gcc, make" # ~ 10s
+ scripts/config.pl baremetal
+ make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
+}
-msg "test: gcc, force 32-bit bignum limbs"
-make test
+component_build_arm_none_eabi_gcc_no_udbl_division () {
+ msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
+ scripts/config.pl baremetal
+ scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
+ make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
+ echo "Checking that software 64-bit division is not required"
+ if_build_succeeded not grep __aeabi_uldiv library/*.o
+}
-msg "build: gcc, force 64-bit bignum limbs"
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl unset MBEDTLS_HAVE_ASM
-scripts/config.pl unset MBEDTLS_AESNI_C
-scripts/config.pl unset MBEDTLS_PADLOCK_C
-make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64'
+component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
+ msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
+ scripts/config.pl baremetal
+ scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
+ make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib
+ echo "Checking that software 64-bit multiplication is not required"
+ if_build_succeeded not grep __aeabi_lmul library/*.o
+}
-msg "test: gcc, force 64-bit bignum limbs"
-make test
+component_build_armcc () {
+ msg "build: ARM Compiler 5, make"
+ scripts/config.pl baremetal
-
-msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl full
-scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
-scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
-make CFLAGS='-Werror -O1'
-
-msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
-make test
-
-
-msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl full
-scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
-scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
-make CFLAGS='-Werror -O1'
-
-msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
-make test
-
-
-msg "build: arm-none-eabi-gcc, make" # ~ 10s
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl full
-scripts/config.pl unset MBEDTLS_NET_C
-scripts/config.pl unset MBEDTLS_TIMING_C
-scripts/config.pl unset MBEDTLS_FS_IO
-scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
-scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
-# following things are not in the default config
-scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
-scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
-scripts/config.pl unset MBEDTLS_THREADING_C
-scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
-scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
-make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
-
-msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl full
-scripts/config.pl unset MBEDTLS_NET_C
-scripts/config.pl unset MBEDTLS_TIMING_C
-scripts/config.pl unset MBEDTLS_FS_IO
-scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
-scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
-# following things are not in the default config
-scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
-scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
-scripts/config.pl unset MBEDTLS_THREADING_C
-scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
-scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
-scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
-make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
-echo "Checking that software 64-bit division is not required"
-if_build_succeeded not grep __aeabi_uldiv library/*.o
-
-msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl full
-scripts/config.pl unset MBEDTLS_NET_C
-scripts/config.pl unset MBEDTLS_TIMING_C
-scripts/config.pl unset MBEDTLS_FS_IO
-scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
-scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
-# following things are not in the default config
-scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
-scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
-scripts/config.pl unset MBEDTLS_THREADING_C
-scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
-scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
-scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
-make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib
-echo "Checking that software 64-bit multiplication is not required"
-if_build_succeeded not grep __aeabi_lmul library/*.o
-
-msg "build: ARM Compiler 5, make"
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl full
-scripts/config.pl unset MBEDTLS_NET_C
-scripts/config.pl unset MBEDTLS_TIMING_C
-scripts/config.pl unset MBEDTLS_FS_IO
-scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
-scripts/config.pl unset MBEDTLS_HAVE_TIME
-scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE
-scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
-# following things are not in the default config
-scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING
-scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
-scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
-scripts/config.pl unset MBEDTLS_THREADING_C
-scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
-scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
-scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME
-
-if [ $RUN_ARMCC -ne 0 ]; then
make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
make clean
@@ -923,46 +1144,39 @@
# ARM Compiler 6 - Target ARMv8-A - AArch64
armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
-fi
+}
-msg "build: allow SHA1 in certificates by default"
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-make CFLAGS='-Werror -Wall -Wextra'
-msg "test: allow SHA1 in certificates by default"
-make test
-if_build_succeeded tests/ssl-opt.sh -f SHA-1
+component_test_allow_sha1 () {
+ msg "build: allow SHA1 in certificates by default"
+ scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+ make CFLAGS='-Werror -Wall -Wextra'
+ msg "test: allow SHA1 in certificates by default"
+ make test
+ if_build_succeeded tests/ssl-opt.sh -f SHA-1
+}
-msg "build: Default + MBEDTLS_RSA_NO_CRT (ASan build)" # ~ 6 min
-cleanup
-cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl set MBEDTLS_RSA_NO_CRT
-CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
-make
+component_build_mingw () {
+ msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs -j1
-msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)"
-make test
+ # note Make tests only builds the tests, but doesn't run them
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests -j1
+ make WINDOWS_BUILD=1 clean
-msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
-cleanup
-make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs
+ msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs -j1
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests -j1
+ make WINDOWS_BUILD=1 clean
+}
+support_build_mingw() {
+ case $(i686-w64-mingw32-gcc -dumpversion) in
+ [0-5]*) false;;
+ *) true;;
+ esac
+}
-# note Make tests only builds the tests, but doesn't run them
-make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests
-make WINDOWS_BUILD=1 clean
-
-msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
-make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs
-make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests
-make WINDOWS_BUILD=1 clean
-
-# MemSan currently only available on Linux 64 bits
-if uname -a | grep 'Linux.*x86_64' >/dev/null; then
-
+component_test_memsan () {
msg "build: MSan (clang)" # ~ 1 min 20s
- cleanup
- cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl unset MBEDTLS_AESNI_C # memsan doesn't grok asm
CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
make
@@ -979,21 +1193,18 @@
msg "test: compat.sh (MSan)" # ~ 6 min 20s
if_build_succeeded tests/compat.sh
fi
+}
-else # no MemSan
-
+component_test_valgrind () {
msg "build: Release (clang)"
- cleanup
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
make
msg "test: main suites valgrind (Release)"
make memcheck
- # Optional part(s)
- # Currently broken, programs don't seem to receive signals
- # under valgrind on OS X
-
+ # Optional parts (slow; currently broken on OS X because programs don't
+ # seem to receive signals under valgrind on OS X).
if [ "$MEMORY" -gt 0 ]; then
msg "test: ssl-opt.sh --memcheck (Release)"
if_build_succeeded tests/ssl-opt.sh --memcheck
@@ -1003,60 +1214,141 @@
msg "test: compat.sh --memcheck (Release)"
if_build_succeeded tests/compat.sh --memcheck
fi
+}
-fi # MemSan
+component_test_cmake_out_of_source () {
+ msg "build: cmake 'out-of-source' build"
+ MBEDTLS_ROOT_DIR="$PWD"
+ mkdir "$OUT_OF_SOURCE_DIR"
+ cd "$OUT_OF_SOURCE_DIR"
+ cmake "$MBEDTLS_ROOT_DIR"
+ make
-msg "build: cmake 'out-of-source' build"
-cleanup
-MBEDTLS_ROOT_DIR="$PWD"
-mkdir "$OUT_OF_SOURCE_DIR"
-cd "$OUT_OF_SOURCE_DIR"
-cmake "$MBEDTLS_ROOT_DIR"
-make
+ msg "test: cmake 'out-of-source' build"
+ make test
+ # Test an SSL option that requires an auxiliary script in test/scripts/.
+ # Also ensure that there are no error messages such as
+ # "No such file or directory", which would indicate that some required
+ # file is missing (ssl-opt.sh tolerates the absence of some files so
+ # may exit with status 0 but emit errors).
+ if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err
+ if [ -s ssl-opt.err ]; then
+ cat ssl-opt.err >&2
+ record_status [ ! -s ssl-opt.err ]
+ rm ssl-opt.err
+ fi
+ cd "$MBEDTLS_ROOT_DIR"
+ rm -rf "$OUT_OF_SOURCE_DIR"
+ unset MBEDTLS_ROOT_DIR
+}
-msg "test: cmake 'out-of-source' build"
-make test
-# Test an SSL option that requires an auxiliary script in test/scripts/.
-# Also ensure that there are no error messages such as
-# "No such file or directory", which would indicate that some required
-# file is missing (ssl-opt.sh tolerates the absence of some files so
-# may exit with status 0 but emit errors).
-if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err
-if [ -s ssl-opt.err ]; then
- cat ssl-opt.err >&2
- record_status [ ! -s ssl-opt.err ]
- rm ssl-opt.err
-fi
-cd "$MBEDTLS_ROOT_DIR"
-rm -rf "$OUT_OF_SOURCE_DIR"
-unset MBEDTLS_ROOT_DIR
+component_test_cmake_as_subdirectory () {
+ msg "build: cmake 'as-subdirectory' build"
+ MBEDTLS_ROOT_DIR="$PWD"
-# Test that the function mbedtls_platform_zeroize() is not optimized away by
-# different combinations of compilers and optimization flags by using an
-# auxiliary GDB script. Unfortunately, GDB does not return error values to the
-# system in all cases that the script fails, so we must manually search the
-# output to check whether the pass string is present and no failure strings
-# were printed.
-for optimization_flag in -O2 -O3 -Ofast -Os; do
- for compiler in clang gcc; do
- msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
- cleanup
- make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag"
- if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
- if_build_succeeded [ -s test_zeroize.log ]
- if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log
- if_build_succeeded not grep -i "error" test_zeroize.log
- rm -f test_zeroize.log
+ cd programs/test/cmake_subproject
+ cmake .
+ make
+ if_build_succeeded ./cmake_subproject
+
+ cd "$MBEDTLS_ROOT_DIR"
+ unset MBEDTLS_ROOT_DIR
+}
+
+component_test_zeroize () {
+ # Test that the function mbedtls_platform_zeroize() is not optimized away by
+ # different combinations of compilers and optimization flags by using an
+ # auxiliary GDB script. Unfortunately, GDB does not return error values to the
+ # system in all cases that the script fails, so we must manually search the
+ # output to check whether the pass string is present and no failure strings
+ # were printed.
+
+ # Don't try to disable ASLR. We don't care about ASLR here. We do care
+ # about a spurious message if Gdb tries and fails, so suppress that.
+ gdb_disable_aslr=
+ if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then
+ gdb_disable_aslr='set disable-randomization off'
+ fi
+
+ for optimization_flag in -O2 -O3 -Ofast -Os; do
+ for compiler in clang gcc; do
+ msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
+ make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag"
+ if_build_succeeded gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
+ if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log
+ if_build_succeeded not grep -i "error" test_zeroize.log
+ rm -f test_zeroize.log
+ make clean
+ done
done
-done
+ unset gdb_disable_aslr
+}
+support_check_python_files () {
+ type pylint3 >/dev/null 2>/dev/null
+}
+component_check_python_files () {
+ msg "Lint: Python scripts"
+ record_status tests/scripts/check-python-files.sh
+}
+
+component_check_generate_test_code () {
+ msg "uint test: generate_test_code.py"
+ record_status ./tests/scripts/test_generate_test_code.py
+}
################################################################
#### Termination
################################################################
-msg "Done, cleaning up"
+post_report () {
+ msg "Done, cleaning up"
+ cleanup
+
+ final_report
+}
+
+
+
+################################################################
+#### Run all the things
+################################################################
+
+# Run one component and clean up afterwards.
+run_component () {
+ # Back up the configuration in case the component modifies it.
+ # The cleanup function will restore it.
+ cp -p "$CONFIG_H" "$CONFIG_BAK"
+ current_component="$1"
+ "$@"
+ cleanup
+}
+
+# Preliminary setup
+pre_check_environment
+pre_initialize_variables
+pre_parse_command_line "$@"
+
+pre_check_git
+pre_check_seedfile
+
+build_status=0
+if [ $KEEP_GOING -eq 1 ]; then
+ pre_setup_keep_going
+else
+ record_status () {
+ "$@"
+ }
+fi
+pre_print_configuration
+pre_check_tools
cleanup
-final_report
+# Run the requested tests.
+for component in $RUN_COMPONENTS; do
+ run_component "component_$component"
+done
+
+# We're done.
+post_report
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index b405871..4b71ff6 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -64,6 +64,7 @@
# Step 1 - Make and instrumented build for code coverage
export CFLAGS=' --coverage -g3 -O0 '
+export LDFLAGS=' --coverage'
make clean
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
@@ -74,9 +75,12 @@
# Step 2 - Execute the tests
TEST_OUTPUT=out_${PPID}
cd tests
+if [ ! -f "seedfile" ]; then
+ dd if=/dev/urandom of="seedfile" bs=32 count=1
+fi
# Step 2a - Unit Tests
-perl scripts/run-test-suites.pl -v |tee unit-test-$TEST_OUTPUT
+perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT
echo
# Step 2b - System Tests
@@ -91,7 +95,10 @@
OPENSSL_CMD="$OPENSSL_LEGACY" \
GNUTLS_CLI="$GNUTLS_LEGACY_CLI" \
GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
- sh compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' | \
+ sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' | \
+ tee -a compat-test-$TEST_OUTPUT
+OPENSSL_CMD="$OPENSSL_NEXT" \
+ sh compat.sh -e '^$' -f 'ARIA\|CHACHA' | \
tee -a compat-test-$TEST_OUTPUT
echo
diff --git a/tests/scripts/basic-in-docker.sh b/tests/scripts/basic-in-docker.sh
new file mode 100755
index 0000000..37ed5ea
--- /dev/null
+++ b/tests/scripts/basic-in-docker.sh
@@ -0,0 +1,50 @@
+#!/bin/bash -eu
+
+# basic-in-docker.sh
+#
+# Purpose
+# -------
+# This runs a rough equivalent of the travis.yml in a Docker container.
+# The tests are run for both clang and gcc.
+#
+# Notes for users
+# ---------------
+# See docker_env.sh for prerequisites and other information.
+
+# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
+source tests/scripts/docker_env.sh
+
+run_in_docker tests/scripts/recursion.pl library/*.c
+run_in_docker tests/scripts/check-generated-files.sh
+run_in_docker tests/scripts/check-doxy-blocks.pl
+run_in_docker tests/scripts/check-names.sh
+run_in_docker tests/scripts/check-files.py
+run_in_docker tests/scripts/doxygen.sh
+
+for compiler in clang gcc; do
+ run_in_docker -e CC=${compiler} cmake -D CMAKE_BUILD_TYPE:String="Check" .
+ run_in_docker -e CC=${compiler} make
+ run_in_docker -e CC=${compiler} make test
+ run_in_docker programs/test/selftest
+ run_in_docker -e OSSL_NO_DTLS=1 tests/compat.sh
+ run_in_docker tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl'
+ run_in_docker tests/scripts/test-ref-configs.pl
+ run_in_docker tests/scripts/curves.pl
+ run_in_docker tests/scripts/key-exchanges.pl
+done
diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py
index f560d03..255bed8 100755
--- a/tests/scripts/check-files.py
+++ b/tests/scripts/check-files.py
@@ -1,14 +1,12 @@
#!/usr/bin/env python3
+
+# This file is part of Mbed TLS (https://tls.mbed.org)
+# Copyright (c) 2018, Arm Limited, All Rights Reserved
+
"""
-This file is part of Mbed TLS (https://tls.mbed.org)
-
-Copyright (c) 2018, Arm Limited, All Rights Reserved
-
-Purpose
-
This script checks the current state of the source code for minor issues,
including incorrect file permissions, presence of tabs, non-Unix line endings,
-trailing whitespace, presence of UTF-8 BOM, and TODO comments.
+trailing whitespace, and presence of UTF-8 BOM.
Note: requires python 3, must be run from Mbed TLS root.
"""
@@ -19,14 +17,23 @@
import sys
-class IssueTracker(object):
- """Base class for issue tracking. Issues should inherit from this and
- overwrite either issue_with_line if they check the file line by line, or
- overwrite check_file_for_issue if they check the file as a whole."""
+class FileIssueTracker(object):
+ """Base class for file-wide issue tracking.
+
+ To implement a checker that processes a file as a whole, inherit from
+ this class and implement `check_file_for_issue` and define ``heading``.
+
+ ``files_exemptions``: files whose name ends with a string in this set
+ will not be checked.
+
+ ``heading``: human-readable description of the issue
+ """
+
+ files_exemptions = frozenset()
+ # heading must be defined in derived classes.
+ # pylint: disable=no-member
def __init__(self):
- self.heading = ""
- self.files_exemptions = []
self.files_with_issues = {}
def should_check_file(self, filepath):
@@ -35,19 +42,13 @@
return False
return True
- def issue_with_line(self, line):
+ def check_file_for_issue(self, filepath):
raise NotImplementedError
- def check_file_for_issue(self, filepath):
- with open(filepath, "rb") as f:
- for i, line in enumerate(iter(f.readline, b"")):
- self.check_file_line(filepath, line, i + 1)
-
- def check_file_line(self, filepath, line, line_number):
- if self.issue_with_line(line):
- if filepath not in self.files_with_issues.keys():
- self.files_with_issues[filepath] = []
- self.files_with_issues[filepath].append(line_number)
+ def record_issue(self, filepath, line_number):
+ if filepath not in self.files_with_issues.keys():
+ self.files_with_issues[filepath] = []
+ self.files_with_issues[filepath].append(line_number)
def output_file_issues(self, logger):
if self.files_with_issues.values():
@@ -61,24 +62,44 @@
logger.info(filename)
logger.info("")
+class LineIssueTracker(FileIssueTracker):
+ """Base class for line-by-line issue tracking.
-class PermissionIssueTracker(IssueTracker):
+ To implement a checker that processes files line by line, inherit from
+ this class and implement `line_with_issue`.
+ """
- def __init__(self):
- super().__init__()
- self.heading = "Incorrect permissions:"
+ def issue_with_line(self, line, filepath):
+ raise NotImplementedError
+
+ def check_file_line(self, filepath, line, line_number):
+ if self.issue_with_line(line, filepath):
+ self.record_issue(filepath, line_number)
def check_file_for_issue(self, filepath):
- if not (os.access(filepath, os.X_OK) ==
- filepath.endswith((".sh", ".pl", ".py"))):
+ with open(filepath, "rb") as f:
+ for i, line in enumerate(iter(f.readline, b"")):
+ self.check_file_line(filepath, line, i + 1)
+
+class PermissionIssueTracker(FileIssueTracker):
+ """Track files with bad permissions.
+
+ Files that are not executable scripts must not be executable."""
+
+ heading = "Incorrect permissions:"
+
+ def check_file_for_issue(self, filepath):
+ is_executable = os.access(filepath, os.X_OK)
+ should_be_executable = filepath.endswith((".sh", ".pl", ".py"))
+ if is_executable != should_be_executable:
self.files_with_issues[filepath] = None
-class EndOfFileNewlineIssueTracker(IssueTracker):
+class EndOfFileNewlineIssueTracker(FileIssueTracker):
+ """Track files that end with an incomplete line
+ (no newline character at the end of the last line)."""
- def __init__(self):
- super().__init__()
- self.heading = "Missing newline at end of file:"
+ heading = "Missing newline at end of file:"
def check_file_for_issue(self, filepath):
with open(filepath, "rb") as f:
@@ -86,11 +107,11 @@
self.files_with_issues[filepath] = None
-class Utf8BomIssueTracker(IssueTracker):
+class Utf8BomIssueTracker(FileIssueTracker):
+ """Track files that start with a UTF-8 BOM.
+ Files should be ASCII or UTF-8. Valid UTF-8 does not start with a BOM."""
- def __init__(self):
- super().__init__()
- self.heading = "UTF-8 BOM present:"
+ heading = "UTF-8 BOM present:"
def check_file_for_issue(self, filepath):
with open(filepath, "rb") as f:
@@ -98,56 +119,63 @@
self.files_with_issues[filepath] = None
-class LineEndingIssueTracker(IssueTracker):
+class LineEndingIssueTracker(LineIssueTracker):
+ """Track files with non-Unix line endings (i.e. files with CR)."""
- def __init__(self):
- super().__init__()
- self.heading = "Non Unix line endings:"
+ heading = "Non Unix line endings:"
- def issue_with_line(self, line):
+ def issue_with_line(self, line, _filepath):
return b"\r" in line
-class TrailingWhitespaceIssueTracker(IssueTracker):
+class TrailingWhitespaceIssueTracker(LineIssueTracker):
+ """Track lines with trailing whitespace."""
- def __init__(self):
- super().__init__()
- self.heading = "Trailing whitespace:"
- self.files_exemptions = [".md"]
+ heading = "Trailing whitespace:"
+ files_exemptions = frozenset(".md")
- def issue_with_line(self, line):
+ def issue_with_line(self, line, _filepath):
return line.rstrip(b"\r\n") != line.rstrip()
-class TabIssueTracker(IssueTracker):
+class TabIssueTracker(LineIssueTracker):
+ """Track lines with tabs."""
- def __init__(self):
- super().__init__()
- self.heading = "Tabs present:"
- self.files_exemptions = [
- "Makefile", "generate_visualc_files.pl"
- ]
+ heading = "Tabs present:"
+ files_exemptions = frozenset([
+ "Makefile",
+ "generate_visualc_files.pl",
+ ])
- def issue_with_line(self, line):
+ def issue_with_line(self, line, _filepath):
return b"\t" in line
-class TodoIssueTracker(IssueTracker):
+class MergeArtifactIssueTracker(LineIssueTracker):
+ """Track lines with merge artifacts.
+ These are leftovers from a ``git merge`` that wasn't fully edited."""
- def __init__(self):
- super().__init__()
- self.heading = "TODO present:"
- self.files_exemptions = [
- __file__, "benchmark.c", "pull_request_template.md"
- ]
+ heading = "Merge artifact:"
- def issue_with_line(self, line):
- return b"todo" in line.lower()
+ def issue_with_line(self, line, _filepath):
+ # Detect leftover git conflict markers.
+ if line.startswith(b'<<<<<<< ') or line.startswith(b'>>>>>>> '):
+ return True
+ if line.startswith(b'||||||| '): # from merge.conflictStyle=diff3
+ return True
+ if line.rstrip(b'\r\n') == b'=======' and \
+ not _filepath.endswith('.md'):
+ return True
+ return False
class IntegrityChecker(object):
+ """Sanity-check files under the current directory."""
def __init__(self, log_file):
+ """Instantiate the sanity checker.
+ Check files under the current directory.
+ Write a report of issues to log_file."""
self.check_repo_path()
self.logger = None
self.setup_logger(log_file)
@@ -155,6 +183,11 @@
".c", ".h", ".sh", ".pl", ".py", ".md", ".function", ".data",
"Makefile", "CMakeLists.txt", "ChangeLog"
)
+ self.excluded_directories = ['.git', 'mbed-os']
+ self.excluded_paths = list(map(os.path.normpath, [
+ 'cov-int',
+ 'examples',
+ ]))
self.issues_to_check = [
PermissionIssueTracker(),
EndOfFileNewlineIssueTracker(),
@@ -162,10 +195,11 @@
LineEndingIssueTracker(),
TrailingWhitespaceIssueTracker(),
TabIssueTracker(),
- TodoIssueTracker(),
+ MergeArtifactIssueTracker(),
]
- def check_repo_path(self):
+ @staticmethod
+ def check_repo_path():
if not all(os.path.isdir(d) for d in ["include", "library", "tests"]):
raise Exception("Must be run from Mbed TLS root")
@@ -179,12 +213,19 @@
console = logging.StreamHandler()
self.logger.addHandler(console)
+ def prune_branch(self, root, d):
+ if d in self.excluded_directories:
+ return True
+ if os.path.normpath(os.path.join(root, d)) in self.excluded_paths:
+ return True
+ return False
+
def check_files(self):
- for root, dirs, files in sorted(os.walk(".")):
+ for root, dirs, files in os.walk("."):
+ dirs[:] = sorted(d for d in dirs if not self.prune_branch(root, d))
for filename in sorted(files):
filepath = os.path.join(root, filename)
- if (os.path.join("yotta", "module") in filepath or
- not filepath.endswith(self.files_to_check)):
+ if not filepath.endswith(self.files_to_check):
continue
for issue_to_check in self.issues_to_check:
if issue_to_check.should_check_file(filepath):
@@ -200,15 +241,7 @@
def run_main():
- parser = argparse.ArgumentParser(
- description=(
- "This script checks the current state of the source code for "
- "minor issues, including incorrect file permissions, "
- "presence of tabs, non-Unix line endings, trailing whitespace, "
- "presence of UTF-8 BOM, and TODO comments. "
- "Note: requires python 3, must be run from Mbed TLS root."
- )
- )
+ parser = argparse.ArgumentParser(description=__doc__)
parser.add_argument(
"-l", "--log_file", type=str, help="path to optional output log",
)
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 4976bac..065ea33 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -65,5 +65,6 @@
}
check scripts/generate_errors.pl library/error.c
+check scripts/generate_query_config.pl programs/ssl/query_config.c
check scripts/generate_features.pl library/version_features.c
check scripts/generate_visualc_files.pl visualc/VS2010
diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh
index 4c66440..90ecfd2 100755
--- a/tests/scripts/check-names.sh
+++ b/tests/scripts/check-names.sh
@@ -2,26 +2,42 @@
#
# This file is part of mbed TLS (https://tls.mbed.org)
#
-# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# This script confirms that the naming of all symbols and identifiers in mbed
-# TLS are consistent with the house style and are also self-consistent.
-#
+# Copyright (c) 2015-2019, ARM Limited, All Rights Reserved
+
set -eu
+if [ $# -ne 0 ] && [ "$1" = "--help" ]; then
+ cat <<EOF
+$0 [-v]
+This script confirms that the naming of all symbols and identifiers in mbed
+TLS are consistent with the house style and are also self-consistent.
+
+ -v If the script fails unexpectedly, print a command trace.
+EOF
+ exit
+fi
+
if grep --version|head -n1|grep GNU >/dev/null; then :; else
echo "This script requires GNU grep.">&2
exit 1
fi
+trace=
+if [ $# -ne 0 ] && [ "$1" = "-v" ]; then
+ shift
+ trace='-x'
+ exec 2>check-names.err
+ trap 'echo "FAILED UNEXPECTEDLY, status=$?";
+ cat check-names.err' EXIT
+ set -x
+fi
+
printf "Analysing source code...\n"
-tests/scripts/list-macros.sh
+sh $trace tests/scripts/list-macros.sh
tests/scripts/list-enum-consts.pl
-tests/scripts/list-identifiers.sh
-tests/scripts/list-symbols.sh
+sh $trace tests/scripts/list-identifiers.sh
+sh $trace tests/scripts/list-symbols.sh
FAIL=0
@@ -40,7 +56,7 @@
for THING in actual-macros enum-consts; do
printf "Names of $THING: "
test -r $THING
- BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$\|^YOTTA_[0-9A-Z_]*[0-9A-Z]$' $THING || true )
+ BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$' $THING || true )
if [ "x$BAD" = "x" ]; then
echo "PASS"
else
@@ -82,6 +98,12 @@
FAIL=1
fi
+if [ -n "$trace" ]; then
+ set +x
+ trap - EXIT
+ rm check-names.err
+fi
+
printf "\nOverall: "
if [ "$FAIL" -eq 0 ]; then
rm macros actual-macros enum-consts identifiers exported-symbols
diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh
new file mode 100755
index 0000000..9290418
--- /dev/null
+++ b/tests/scripts/check-python-files.sh
@@ -0,0 +1,12 @@
+#! /usr/bin/env sh
+
+# This file is part of Mbed TLS (https://tls.mbed.org)
+#
+# Copyright (c) 2018, Arm Limited, All Rights Reserved
+#
+# Purpose:
+#
+# Run 'pylint' on Python files for programming errors and helps enforcing
+# PEP8 coding standards.
+
+pylint3 -j 2 scripts/*.py tests/scripts/*.py
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
index ddc90c5..4791d55 100755
--- a/tests/scripts/curves.pl
+++ b/tests/scripts/curves.pl
@@ -57,7 +57,7 @@
system( "CFLAGS='-Werror -Wall -Wextra' make lib" )
and abort "Failed to build lib: $curve\n";
- system( "cd tests && make" ) and abort "Failed to build tests: $curve\n";
+ system( "make" ) and abort "Failed to build tests: $curve\n";
system( "make test" ) and abort "Failed test suite: $curve\n";
}
diff --git a/tests/scripts/docker_env.sh b/tests/scripts/docker_env.sh
new file mode 100755
index 0000000..8bdc425
--- /dev/null
+++ b/tests/scripts/docker_env.sh
@@ -0,0 +1,93 @@
+#!/bin/bash -eu
+
+# docker_env.sh
+#
+# Purpose
+# -------
+#
+# This is a helper script to enable running tests under a Docker container,
+# thus making it easier to get set up as well as isolating test dependencies
+# (which include legacy/insecure configurations of openssl and gnutls).
+#
+# Notes for users
+# ---------------
+# This script expects a Linux x86_64 system with a recent version of Docker
+# installed and available for use, as well as http/https access. If a proxy
+# server must be used, invoke this script with the usual environment variables
+# (http_proxy and https_proxy) set appropriately. If an alternate Docker
+# registry is needed, specify MBEDTLS_DOCKER_REGISTRY to point at the
+# host name.
+#
+#
+# Running this script directly will check for Docker availability and set up
+# the Docker image.
+
+# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
+
+# default values, can be overridden by the environment
+: ${MBEDTLS_DOCKER_GUEST:=bionic}
+
+
+DOCKER_IMAGE_TAG="armmbed/mbedtls-test:${MBEDTLS_DOCKER_GUEST}"
+
+# Make sure docker is available
+if ! which docker > /dev/null; then
+ echo "Docker is required but doesn't seem to be installed. See https://www.docker.com/ to get started"
+ exit 1
+fi
+
+# Figure out if we need to 'sudo docker'
+if groups | grep docker > /dev/null; then
+ DOCKER="docker"
+else
+ echo "Using sudo to invoke docker since you're not a member of the docker group..."
+ DOCKER="sudo docker"
+fi
+
+# Build the Docker image
+echo "Getting docker image up to date (this may take a few minutes)..."
+${DOCKER} image build \
+ -t ${DOCKER_IMAGE_TAG} \
+ --cache-from=${DOCKER_IMAGE_TAG} \
+ --build-arg MAKEFLAGS_PARALLEL="-j $(nproc)" \
+ --network host \
+ ${http_proxy+--build-arg http_proxy=${http_proxy}} \
+ ${https_proxy+--build-arg https_proxy=${https_proxy}} \
+ ${MBEDTLS_DOCKER_REGISTRY+--build-arg MY_REGISTRY="${MBEDTLS_DOCKER_REGISTRY}/"} \
+ tests/docker/${MBEDTLS_DOCKER_GUEST}
+
+run_in_docker()
+{
+ ENV_ARGS=""
+ while [ "$1" == "-e" ]; do
+ ENV_ARGS="${ENV_ARGS} $1 $2"
+ shift 2
+ done
+
+ ${DOCKER} container run -it --rm \
+ --cap-add SYS_PTRACE \
+ --user "$(id -u):$(id -g)" \
+ --volume $PWD:$PWD \
+ --workdir $PWD \
+ -e MAKEFLAGS \
+ -e PYLINTHOME=/tmp/.pylintd \
+ ${ENV_ARGS} \
+ ${DOCKER_IMAGE_TAG} \
+ $@
+}
diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl
deleted file mode 100755
index e489a00..0000000
--- a/tests/scripts/generate_code.pl
+++ /dev/null
@@ -1,411 +0,0 @@
-#!/usr/bin/env perl
-
-# generate_code.pl
-#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
-# Copyright (c) 2009-2016, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# Generates the test suite code given inputs of the test suite directory that
-# contain the test suites, and the test suite file names for the test code and
-# test data.
-#
-# Usage: generate_code.pl <suite dir> <code file> <data file> [main code file]
-#
-# Structure of files
-#
-# - main code file - 'main_test.function'
-# Template file that contains the main() function for the test suite,
-# test dispatch code as well as support functions. It contains the
-# following symbols which are substituted by this script during
-# processing:
-# TESTCASE_FILENAME
-# TESTCODE_FILENAME
-# SUITE_PRE_DEP
-# MAPPING_CODE
-# FUNCTION CODE
-# SUITE_POST_DEP
-# DEP_CHECK_CODE
-# DISPATCH_FUNCTION
-# !LINE_NO!
-#
-# - common helper code file - 'helpers.function'
-# Common helper functions
-#
-# - test suite code file - file name in the form 'test_suite_xxx.function'
-# Code file that contains the actual test cases. The file contains a
-# series of code sequences delimited by the following:
-# BEGIN_HEADER / END_HEADER - list of headers files
-# BEGIN_SUITE_HELPERS / END_SUITE_HELPERS - helper functions common to
-# the test suite
-# BEGIN_CASE / END_CASE - the test cases in the test suite. Each test
-# case contains at least one function that is used to create the
-# dispatch code.
-#
-# - test data file - file name in the form 'test_suite_xxxx.data'
-# The test case parameters to to be used in execution of the test. The
-# file name is used to replace the symbol 'TESTCASE_FILENAME' in the main
-# code file above.
-#
-# A test data file consists of a sequence of paragraphs separated by
-# a single empty line. Line breaks may be in Unix (LF) or Windows (CRLF)
-# format. Lines starting with the character '#' are ignored
-# (the parser behaves as if they were not present).
-#
-# Each paragraph describes one test case and must consist of: (1) one
-# line which is the test case name; (2) an optional line starting with
-# the 11-character prefix "depends_on:"; (3) a line containing the test
-# function to execute and its parameters.
-#
-# A depends_on: line consists of a list of compile-time options
-# separated by the character ':', with no whitespace. The test case
-# is executed only if this compilation option is enabled in config.h.
-#
-# The last line of each paragraph contains a test function name and
-# a list of parameters separated by the character ':'. Running the
-# test case calls this function with the specified parameters. Each
-# parameter may either be an integer written in decimal or hexadecimal,
-# or a string surrounded by double quotes which may not contain the
-# ':' character.
-#
-
-use strict;
-
-my $suite_dir = shift or die "Missing suite directory";
-my $suite_name = shift or die "Missing suite name";
-my $data_name = shift or die "Missing data name";
-my $test_main_file = do { my $arg = shift; defined($arg) ? $arg : $suite_dir."/main_test.function" };
-my $test_file = $data_name.".c";
-my $test_common_helper_file = $suite_dir."/helpers.function";
-my $test_case_file = $suite_dir."/".$suite_name.".function";
-my $test_case_data = $suite_dir."/".$data_name.".data";
-
-my $line_separator = $/;
-undef $/;
-
-
-#
-# Open and read in the input files
-#
-
-open(TEST_HELPERS, "$test_common_helper_file") or die "Opening test helpers
-'$test_common_helper_file': $!";
-my $test_common_helpers = <TEST_HELPERS>;
-close(TEST_HELPERS);
-
-open(TEST_MAIN, "$test_main_file") or die "Opening test main '$test_main_file': $!";
-my @test_main_lines = split/^/, <TEST_MAIN>;
-my $test_main;
-my $index = 2;
-for my $line (@test_main_lines) {
- $line =~ s/!LINE_NO!/$index/;
- $test_main = $test_main.$line;
- $index++;
-}
-close(TEST_MAIN);
-
-open(TEST_CASES, "$test_case_file") or die "Opening test cases '$test_case_file': $!";
-my @test_cases_lines = split/^/, <TEST_CASES>;
-my $test_cases;
-my $index = 2;
-for my $line (@test_cases_lines) {
- if ($line =~ /^\/\* BEGIN_SUITE_HELPERS .*\*\//)
- {
- $line = $line."#line $index \"$test_case_file\"\n";
- }
-
- if ($line =~ /^\/\* BEGIN_CASE .*\*\//)
- {
- $line = $line."#line $index \"$test_case_file\"\n";
- }
-
- $line =~ s/!LINE_NO!/$index/;
-
- $test_cases = $test_cases.$line;
- $index++;
-}
-
-close(TEST_CASES);
-
-open(TEST_DATA, "$test_case_data") or die "Opening test data '$test_case_data': $!";
-my $test_data = <TEST_DATA>;
-close(TEST_DATA);
-
-
-#
-# Find the headers, dependencies, and suites in the test cases file
-#
-
-my ( $suite_header ) = $test_cases =~ /\/\* BEGIN_HEADER \*\/\n(.*?)\n\/\* END_HEADER \*\//s;
-my ( $suite_defines ) = $test_cases =~ /\/\* BEGIN_DEPENDENCIES\n \* (.*?)\n \* END_DEPENDENCIES/s;
-my ( $suite_helpers ) = $test_cases =~ /\/\* BEGIN_SUITE_HELPERS \*\/\n(.*?)\n\/\* END_SUITE_HELPERS \*\//s;
-
-my $requirements;
-if ($suite_defines =~ /^depends_on:/)
-{
- ( $requirements ) = $suite_defines =~ /^depends_on:(.*)$/;
-}
-
-my @var_req_arr = split(/:/, $requirements);
-my $suite_pre_code;
-my $suite_post_code;
-my $dispatch_code;
-my $mapping_code;
-my %mapping_values;
-
-while (@var_req_arr)
-{
- my $req = shift @var_req_arr;
- $req =~ s/(!?)(.*)/$1defined($2)/;
-
- $suite_pre_code .= "#if $req\n";
- $suite_post_code .= "#endif /* $req */\n";
-}
-
-$/ = $line_separator;
-
-open(TEST_FILE, ">$test_file") or die "Opening destination file '$test_file': $!";
-print TEST_FILE << "END";
-/*
- * *** THIS FILE HAS BEEN MACHINE GENERATED ***
- *
- * This file has been machine generated using the script: $0
- *
- * Test file : $test_file
- *
- * The following files were used to create this file.
- *
- * Main code file : $test_main_file
- * Helper file : $test_common_helper_file
- * Test suite file : $test_case_file
- * Test suite data : $test_case_data
- *
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include <mbedtls/config.h>
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-
-/*----------------------------------------------------------------------------*/
-/* Common helper code */
-
-$test_common_helpers
-
-
-/*----------------------------------------------------------------------------*/
-/* Test Suite Code */
-
-$suite_pre_code
-$suite_header
-$suite_helpers
-$suite_post_code
-
-END
-
-$test_main =~ s/SUITE_PRE_DEP/$suite_pre_code/;
-$test_main =~ s/SUITE_POST_DEP/$suite_post_code/;
-
-while($test_cases =~ /\/\* BEGIN_CASE *([\w:]*) \*\/\n(.*?)\n\/\* END_CASE \*\//msg)
-{
- my $function_deps = $1;
- my $function_decl = $2;
-
- # Sanity checks of function
- if ($function_decl !~ /^#line\s*.*\nvoid /)
- {
- die "Test function does not have 'void' as return type.\n" .
- "Function declaration:\n" .
- $function_decl;
- }
- if ($function_decl !~ /^(#line\s*.*)\nvoid (\w+)\(\s*(.*?)\s*\)\s*{(.*)}/ms)
- {
- die "Function declaration not in expected format\n";
- }
- my $line_directive = $1;
- my $function_name = $2;
- my $function_params = $3;
- my $function_pre_code;
- my $function_post_code;
- my $param_defs;
- my $param_checks;
- my @dispatch_params;
- my @var_def_arr = split(/,\s*/, $function_params);
- my $i = 1;
- my $mapping_regex = "".$function_name;
- my $mapping_count = 0;
-
- $function_decl =~ s/(^#line\s*.*)\nvoid /$1\nvoid test_suite_/;
-
- # Add exit label if not present
- if ($function_decl !~ /^exit:$/m)
- {
- $function_decl =~ s/}\s*$/\nexit:\n return;\n}/;
- }
-
- if ($function_deps =~ /^depends_on:/)
- {
- ( $function_deps ) = $function_deps =~ /^depends_on:(.*)$/;
- }
-
- foreach my $req (split(/:/, $function_deps))
- {
- $function_pre_code .= "#ifdef $req\n";
- $function_post_code .= "#endif /* $req */\n";
- }
-
- foreach my $def (@var_def_arr)
- {
- # Handle the different parameter types
- if( substr($def, 0, 4) eq "int " )
- {
- $param_defs .= " int param$i;\n";
- $param_checks .= " if( verify_int( params[$i], ¶m$i ) != 0 ) return( DISPATCH_INVALID_TEST_DATA );\n";
- push @dispatch_params, "param$i";
-
- $mapping_regex .= ":([\\d\\w |\\+\\-\\(\\)]+)";
- $mapping_count++;
- }
- elsif( substr($def, 0, 6) eq "char *" )
- {
- $param_defs .= " char *param$i = params[$i];\n";
- $param_checks .= " if( verify_string( ¶m$i ) != 0 ) return( DISPATCH_INVALID_TEST_DATA );\n";
- push @dispatch_params, "param$i";
- $mapping_regex .= ":(?:\\\\.|[^:\n])+";
- }
- else
- {
- die "Parameter declaration not of supported type (int, char *)\n";
- }
- $i++;
-
- }
-
- # Find non-integer values we should map for this function
- if( $mapping_count)
- {
- my @res = $test_data =~ /^$mapping_regex/msg;
- foreach my $value (@res)
- {
- next unless ($value !~ /^\d+$/);
- if ( $mapping_values{$value} ) {
- ${ $mapping_values{$value} }{$function_pre_code} = 1;
- } else {
- $mapping_values{$value} = { $function_pre_code => 1 };
- }
- }
- }
-
- my $call_params = join ", ", @dispatch_params;
- my $param_count = @var_def_arr + 1;
- $dispatch_code .= << "END";
-if( strcmp( params[0], "$function_name" ) == 0 )
-{
-$function_pre_code
-$param_defs
- if( cnt != $param_count )
- {
- mbedtls_fprintf( stderr, "\\nIncorrect argument count (%d != %d)\\n", cnt, $param_count );
- return( DISPATCH_INVALID_TEST_DATA );
- }
-
-$param_checks
- test_suite_$function_name( $call_params );
- return ( DISPATCH_TEST_SUCCESS );
-$function_post_code
- return ( DISPATCH_UNSUPPORTED_SUITE );
-}
-else
-END
-
- my $function_code = $function_pre_code . $function_decl . "\n" .
- $function_post_code;
- $test_main =~ s/FUNCTION_CODE/$function_code\nFUNCTION_CODE/;
-}
-
-# Find specific case dependencies that we should be able to check
-# and make check code
-my $dep_check_code;
-
-my @res = $test_data =~ /^depends_on:([!:\w]+)/msg;
-my %case_deps;
-foreach my $deps (@res)
-{
- foreach my $dep (split(/:/, $deps))
- {
- $case_deps{$dep} = 1;
- }
-}
-while( my ($key, $value) = each(%case_deps) )
-{
- if( substr($key, 0, 1) eq "!" )
- {
- my $key = substr($key, 1);
- $dep_check_code .= << "END";
- if( strcmp( str, "!$key" ) == 0 )
- {
-#if !defined($key)
- return( DEPENDENCY_SUPPORTED );
-#else
- return( DEPENDENCY_NOT_SUPPORTED );
-#endif
- }
-END
- }
- else
- {
- $dep_check_code .= << "END";
- if( strcmp( str, "$key" ) == 0 )
- {
-#if defined($key)
- return( DEPENDENCY_SUPPORTED );
-#else
- return( DEPENDENCY_NOT_SUPPORTED );
-#endif
- }
-END
- }
-}
-
-# Make mapping code
-while( my ($key, $value) = each(%mapping_values) )
-{
- my $key_mapping_code = << "END";
- if( strcmp( str, "$key" ) == 0 )
- {
- *value = ( $key );
- return( KEY_VALUE_MAPPING_FOUND );
- }
-END
-
- # handle depenencies, unless used at least one without depends
- if ($value->{""}) {
- $mapping_code .= $key_mapping_code;
- next;
- }
- for my $ifdef ( keys %$value ) {
- (my $endif = $ifdef) =~ s!ifdef!endif //!g;
- $mapping_code .= $ifdef . $key_mapping_code . $endif;
- }
-}
-
-$dispatch_code =~ s/^(.+)/ $1/mg;
-
-$test_main =~ s/TESTCASE_FILENAME/$test_case_data/g;
-$test_main =~ s/TESTCODE_FILENAME/$test_case_file/g;
-$test_main =~ s/FUNCTION_CODE//;
-$test_main =~ s/DEP_CHECK_CODE/$dep_check_code/;
-$test_main =~ s/DISPATCH_FUNCTION/$dispatch_code/;
-$test_main =~ s/MAPPING_CODE/$mapping_code/;
-
-print TEST_FILE << "END";
-$test_main
-END
-
-close(TEST_FILE);
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
new file mode 100755
index 0000000..1fff099
--- /dev/null
+++ b/tests/scripts/generate_test_code.py
@@ -0,0 +1,1152 @@
+#!/usr/bin/env python3
+# Test suites code generator.
+#
+# Copyright (C) 2018, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
+"""
+This script is a key part of Mbed TLS test suites framework. For
+understanding the script it is important to understand the
+framework. This doc string contains a summary of the framework
+and explains the function of this script.
+
+Mbed TLS test suites:
+=====================
+Scope:
+------
+The test suites focus on unit testing the crypto primitives and also
+include x509 parser tests. Tests can be added to test any Mbed TLS
+module. However, the framework is not capable of testing SSL
+protocol, since that requires full stack execution and that is best
+tested as part of the system test.
+
+Test case definition:
+---------------------
+Tests are defined in a test_suite_<module>[.<optional sub module>].data
+file. A test definition contains:
+ test name
+ optional build macro dependencies
+ test function
+ test parameters
+
+Test dependencies are build macros that can be specified to indicate
+the build config in which the test is valid. For example if a test
+depends on a feature that is only enabled by defining a macro. Then
+that macro should be specified as a dependency of the test.
+
+Test function is the function that implements the test steps. This
+function is specified for different tests that perform same steps
+with different parameters.
+
+Test parameters are specified in string form separated by ':'.
+Parameters can be of type string, binary data specified as hex
+string and integer constants specified as integer, macro or
+as an expression. Following is an example test definition:
+
+ AES 128 GCM Encrypt and decrypt 8 bytes
+ depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+ enc_dec_buf:MBEDTLS_CIPHER_AES_128_GCM:"AES-128-GCM":128:8:-1
+
+Test functions:
+---------------
+Test functions are coded in C in test_suite_<module>.function files.
+Functions file is itself not compilable and contains special
+format patterns to specify test suite dependencies, start and end
+of functions and function dependencies. Check any existing functions
+file for example.
+
+Execution:
+----------
+Tests are executed in 3 steps:
+- Generating test_suite_<module>[.<optional sub module>].c file
+ for each corresponding .data file.
+- Building each source file into executables.
+- Running each executable and printing report.
+
+Generating C test source requires more than just the test functions.
+Following extras are required:
+- Process main()
+- Reading .data file and dispatching test cases.
+- Platform specific test case execution
+- Dependency checking
+- Integer expression evaluation
+- Test function dispatch
+
+Build dependencies and integer expressions (in the test parameters)
+are specified as strings in the .data file. Their run time value is
+not known at the generation stage. Hence, they need to be translated
+into run time evaluations. This script generates the run time checks
+for dependencies and integer expressions.
+
+Similarly, function names have to be translated into function calls.
+This script also generates code for function dispatch.
+
+The extra code mentioned here is either generated by this script
+or it comes from the input files: helpers file, platform file and
+the template file.
+
+Helper file:
+------------
+Helpers file contains common helper/utility functions and data.
+
+Platform file:
+--------------
+Platform file contains platform specific setup code and test case
+dispatch code. For example, host_test.function reads test data
+file from host's file system and dispatches tests.
+In case of on-target target_test.function tests are not dispatched
+on target. Target code is kept minimum and only test functions are
+dispatched. Test case dispatch is done on the host using tools like
+Greentea.
+
+Template file:
+---------
+Template file for example main_test.function is a template C file in
+which generated code and code from input files is substituted to
+generate a compilable C file. It also contains skeleton functions for
+dependency checks, expression evaluation and function dispatch. These
+functions are populated with checks and return codes by this script.
+
+Template file contains "replacement" fields that are formatted
+strings processed by Python string.Template.substitute() method.
+
+This script:
+============
+Core function of this script is to fill the template file with
+code that is generated or read from helpers and platform files.
+
+This script replaces following fields in the template and generates
+the test source file:
+
+$test_common_helpers <-- All common code from helpers.function
+ is substituted here.
+$functions_code <-- Test functions are substituted here
+ from the input test_suit_xyz.function
+ file. C preprocessor checks are generated
+ for the build dependencies specified
+ in the input file. This script also
+ generates wrappers for the test
+ functions with code to expand the
+ string parameters read from the data
+ file.
+$expression_code <-- This script enumerates the
+ expressions in the .data file and
+ generates code to handle enumerated
+ expression Ids and return the values.
+$dep_check_code <-- This script enumerates all
+ build dependencies and generate
+ code to handle enumerated build
+ dependency Id and return status: if
+ the dependency is defined or not.
+$dispatch_code <-- This script enumerates the functions
+ specified in the input test data file
+ and generates the initializer for the
+ function table in the template
+ file.
+$platform_code <-- Platform specific setup and test
+ dispatch code.
+
+"""
+
+
+import io
+import os
+import re
+import sys
+import string
+import argparse
+
+
+BEGIN_HEADER_REGEX = r'/\*\s*BEGIN_HEADER\s*\*/'
+END_HEADER_REGEX = r'/\*\s*END_HEADER\s*\*/'
+
+BEGIN_SUITE_HELPERS_REGEX = r'/\*\s*BEGIN_SUITE_HELPERS\s*\*/'
+END_SUITE_HELPERS_REGEX = r'/\*\s*END_SUITE_HELPERS\s*\*/'
+
+BEGIN_DEP_REGEX = r'BEGIN_DEPENDENCIES'
+END_DEP_REGEX = r'END_DEPENDENCIES'
+
+BEGIN_CASE_REGEX = r'/\*\s*BEGIN_CASE\s*(?P<depends_on>.*?)\s*\*/'
+END_CASE_REGEX = r'/\*\s*END_CASE\s*\*/'
+
+DEPENDENCY_REGEX = r'depends_on:(?P<dependencies>.*)'
+C_IDENTIFIER_REGEX = r'!?[a-z_][a-z0-9_]*'
+CONDITION_OPERATOR_REGEX = r'[!=]=|[<>]=?'
+# forbid 0ddd which might be accidentally octal or accidentally decimal
+CONDITION_VALUE_REGEX = r'[-+]?(0x[0-9a-f]+|0|[1-9][0-9]*)'
+CONDITION_REGEX = r'({})(?:\s*({})\s*({}))?$'.format(C_IDENTIFIER_REGEX,
+ CONDITION_OPERATOR_REGEX,
+ CONDITION_VALUE_REGEX)
+TEST_FUNCTION_VALIDATION_REGEX = r'\s*void\s+(?P<func_name>\w+)\s*\('
+INT_CHECK_REGEX = r'int\s+.*'
+CHAR_CHECK_REGEX = r'char\s*\*\s*.*'
+DATA_T_CHECK_REGEX = r'data_t\s*\*\s*.*'
+FUNCTION_ARG_LIST_END_REGEX = r'.*\)'
+EXIT_LABEL_REGEX = r'^exit:'
+
+
+class GeneratorInputError(Exception):
+ """
+ Exception to indicate error in the input files to this script.
+ This includes missing patterns, test function names and other
+ parsing errors.
+ """
+ pass
+
+
+class FileWrapper(io.FileIO, object):
+ """
+ This class extends built-in io.FileIO class with attribute line_no,
+ that indicates line number for the line that is read.
+ """
+
+ def __init__(self, file_name):
+ """
+ Instantiate the base class and initialize the line number to 0.
+
+ :param file_name: File path to open.
+ """
+ super(FileWrapper, self).__init__(file_name, 'r')
+ self._line_no = 0
+
+ def next(self):
+ """
+ Python 2 iterator method. This method overrides base class's
+ next method and extends the next method to count the line
+ numbers as each line is read.
+
+ It works for both Python 2 and Python 3 by checking iterator
+ method name in the base iterator object.
+
+ :return: Line read from file.
+ """
+ parent = super(FileWrapper, self)
+ if hasattr(parent, '__next__'):
+ line = parent.__next__() # Python 3
+ else:
+ line = parent.next() # Python 2 # pylint: disable=no-member
+ if line is not None:
+ self._line_no += 1
+ # Convert byte array to string with correct encoding and
+ # strip any whitespaces added in the decoding process.
+ return line.decode(sys.getdefaultencoding()).rstrip() + '\n'
+ return None
+
+ # Python 3 iterator method
+ __next__ = next
+
+ def get_line_no(self):
+ """
+ Gives current line number.
+ """
+ return self._line_no
+
+ line_no = property(get_line_no)
+
+
+def split_dep(dep):
+ """
+ Split NOT character '!' from dependency. Used by gen_dependencies()
+
+ :param dep: Dependency list
+ :return: string tuple. Ex: ('!', MACRO) for !MACRO and ('', MACRO) for
+ MACRO.
+ """
+ return ('!', dep[1:]) if dep[0] == '!' else ('', dep)
+
+
+def gen_dependencies(dependencies):
+ """
+ Test suite data and functions specifies compile time dependencies.
+ This function generates C preprocessor code from the input
+ dependency list. Caller uses the generated preprocessor code to
+ wrap dependent code.
+ A dependency in the input list can have a leading '!' character
+ to negate a condition. '!' is separated from the dependency using
+ function split_dep() and proper preprocessor check is generated
+ accordingly.
+
+ :param dependencies: List of dependencies.
+ :return: if defined and endif code with macro annotations for
+ readability.
+ """
+ dep_start = ''.join(['#if %sdefined(%s)\n' % (x, y) for x, y in
+ map(split_dep, dependencies)])
+ dep_end = ''.join(['#endif /* %s */\n' %
+ x for x in reversed(dependencies)])
+
+ return dep_start, dep_end
+
+
+def gen_dependencies_one_line(dependencies):
+ """
+ Similar to gen_dependencies() but generates dependency checks in one line.
+ Useful for generating code with #else block.
+
+ :param dependencies: List of dependencies.
+ :return: Preprocessor check code
+ """
+ defines = '#if ' if dependencies else ''
+ defines += ' && '.join(['%sdefined(%s)' % (x, y) for x, y in map(
+ split_dep, dependencies)])
+ return defines
+
+
+def gen_function_wrapper(name, local_vars, args_dispatch):
+ """
+ Creates test function wrapper code. A wrapper has the code to
+ unpack parameters from parameters[] array.
+
+ :param name: Test function name
+ :param local_vars: Local variables declaration code
+ :param args_dispatch: List of dispatch arguments.
+ Ex: ['(char *)params[0]', '*((int *)params[1])']
+ :return: Test function wrapper.
+ """
+ # Then create the wrapper
+ wrapper = '''
+void {name}_wrapper( void ** params )
+{{
+{unused_params}{locals}
+ {name}( {args} );
+}}
+'''.format(name=name,
+ unused_params='' if args_dispatch else ' (void)params;\n',
+ args=', '.join(args_dispatch),
+ locals=local_vars)
+ return wrapper
+
+
+def gen_dispatch(name, dependencies):
+ """
+ Test suite code template main_test.function defines a C function
+ array to contain test case functions. This function generates an
+ initializer entry for a function in that array. The entry is
+ composed of a compile time check for the test function
+ dependencies. At compile time the test function is assigned when
+ dependencies are met, else NULL is assigned.
+
+ :param name: Test function name
+ :param dependencies: List of dependencies
+ :return: Dispatch code.
+ """
+ if dependencies:
+ preprocessor_check = gen_dependencies_one_line(dependencies)
+ dispatch_code = '''
+{preprocessor_check}
+ {name}_wrapper,
+#else
+ NULL,
+#endif
+'''.format(preprocessor_check=preprocessor_check, name=name)
+ else:
+ dispatch_code = '''
+ {name}_wrapper,
+'''.format(name=name)
+
+ return dispatch_code
+
+
+def parse_until_pattern(funcs_f, end_regex):
+ """
+ Matches pattern end_regex to the lines read from the file object.
+ Returns the lines read until end pattern is matched.
+
+ :param funcs_f: file object for .function file
+ :param end_regex: Pattern to stop parsing
+ :return: Lines read before the end pattern
+ """
+ headers = '#line %d "%s"\n' % (funcs_f.line_no + 1, funcs_f.name)
+ for line in funcs_f:
+ if re.search(end_regex, line):
+ break
+ headers += line
+ else:
+ raise GeneratorInputError("file: %s - end pattern [%s] not found!" %
+ (funcs_f.name, end_regex))
+
+ return headers
+
+
+def validate_dependency(dependency):
+ """
+ Validates a C macro and raises GeneratorInputError on invalid input.
+ :param dependency: Input macro dependency
+ :return: input dependency stripped of leading & trailing white spaces.
+ """
+ dependency = dependency.strip()
+ if not re.match(CONDITION_REGEX, dependency, re.I):
+ raise GeneratorInputError('Invalid dependency %s' % dependency)
+ return dependency
+
+
+def parse_dependencies(inp_str):
+ """
+ Parses dependencies out of inp_str, validates them and returns a
+ list of macros.
+
+ :param inp_str: Input string with macros delimited by ':'.
+ :return: list of dependencies
+ """
+ dependencies = [dep for dep in map(validate_dependency,
+ inp_str.split(':'))]
+ return dependencies
+
+
+def parse_suite_dependencies(funcs_f):
+ """
+ Parses test suite dependencies specified at the top of a
+ .function file, that starts with pattern BEGIN_DEPENDENCIES
+ and end with END_DEPENDENCIES. Dependencies are specified
+ after pattern 'depends_on:' and are delimited by ':'.
+
+ :param funcs_f: file object for .function file
+ :return: List of test suite dependencies.
+ """
+ dependencies = []
+ for line in funcs_f:
+ match = re.search(DEPENDENCY_REGEX, line.strip())
+ if match:
+ try:
+ dependencies = parse_dependencies(match.group('dependencies'))
+ except GeneratorInputError as error:
+ raise GeneratorInputError(
+ str(error) + " - %s:%d" % (funcs_f.name, funcs_f.line_no))
+ if re.search(END_DEP_REGEX, line):
+ break
+ else:
+ raise GeneratorInputError("file: %s - end dependency pattern [%s]"
+ " not found!" % (funcs_f.name,
+ END_DEP_REGEX))
+
+ return dependencies
+
+
+def parse_function_dependencies(line):
+ """
+ Parses function dependencies, that are in the same line as
+ comment BEGIN_CASE. Dependencies are specified after pattern
+ 'depends_on:' and are delimited by ':'.
+
+ :param line: Line from .function file that has dependencies.
+ :return: List of dependencies.
+ """
+ dependencies = []
+ match = re.search(BEGIN_CASE_REGEX, line)
+ dep_str = match.group('depends_on')
+ if dep_str:
+ match = re.search(DEPENDENCY_REGEX, dep_str)
+ if match:
+ dependencies += parse_dependencies(match.group('dependencies'))
+
+ return dependencies
+
+
+def parse_function_arguments(line):
+ """
+ Parses test function signature for validation and generates
+ a dispatch wrapper function that translates input test vectors
+ read from the data file into test function arguments.
+
+ :param line: Line from .function file that has a function
+ signature.
+ :return: argument list, local variables for
+ wrapper function and argument dispatch code.
+ """
+ args = []
+ local_vars = ''
+ args_dispatch = []
+ arg_idx = 0
+ # Remove characters before arguments
+ line = line[line.find('(') + 1:]
+ # Process arguments, ex: <type> arg1, <type> arg2 )
+ # This script assumes that the argument list is terminated by ')'
+ # i.e. the test functions will not have a function pointer
+ # argument.
+ for arg in line[:line.find(')')].split(','):
+ arg = arg.strip()
+ if arg == '':
+ continue
+ if re.search(INT_CHECK_REGEX, arg.strip()):
+ args.append('int')
+ args_dispatch.append('*( (int *) params[%d] )' % arg_idx)
+ elif re.search(CHAR_CHECK_REGEX, arg.strip()):
+ args.append('char*')
+ args_dispatch.append('(char *) params[%d]' % arg_idx)
+ elif re.search(DATA_T_CHECK_REGEX, arg.strip()):
+ args.append('hex')
+ # create a structure
+ pointer_initializer = '(uint8_t *) params[%d]' % arg_idx
+ len_initializer = '*( (uint32_t *) params[%d] )' % (arg_idx+1)
+ local_vars += """ data_t data%d = {%s, %s};
+""" % (arg_idx, pointer_initializer, len_initializer)
+
+ args_dispatch.append('&data%d' % arg_idx)
+ arg_idx += 1
+ else:
+ raise ValueError("Test function arguments can only be 'int', "
+ "'char *' or 'data_t'\n%s" % line)
+ arg_idx += 1
+
+ return args, local_vars, args_dispatch
+
+
+def generate_function_code(name, code, local_vars, args_dispatch,
+ dependencies):
+ """
+ Generate function code with preprocessor checks and parameter dispatch
+ wrapper.
+
+ :param name: Function name
+ :param code: Function code
+ :param local_vars: Local variables for function wrapper
+ :param args_dispatch: Argument dispatch code
+ :param dependencies: Preprocessor dependencies list
+ :return: Final function code
+ """
+ # Add exit label if not present
+ if code.find('exit:') == -1:
+ split_code = code.rsplit('}', 1)
+ if len(split_code) == 2:
+ code = """exit:
+ ;
+}""".join(split_code)
+
+ code += gen_function_wrapper(name, local_vars, args_dispatch)
+ preprocessor_check_start, preprocessor_check_end = \
+ gen_dependencies(dependencies)
+ return preprocessor_check_start + code + preprocessor_check_end
+
+
+def parse_function_code(funcs_f, dependencies, suite_dependencies):
+ """
+ Parses out a function from function file object and generates
+ function and dispatch code.
+
+ :param funcs_f: file object of the functions file.
+ :param dependencies: List of dependencies
+ :param suite_dependencies: List of test suite dependencies
+ :return: Function name, arguments, function code and dispatch code.
+ """
+ line_directive = '#line %d "%s"\n' % (funcs_f.line_no + 1, funcs_f.name)
+ code = ''
+ has_exit_label = False
+ for line in funcs_f:
+ # Check function signature. Function signature may be split
+ # across multiple lines. Here we try to find the start of
+ # arguments list, then remove '\n's and apply the regex to
+ # detect function start.
+ up_to_arg_list_start = code + line[:line.find('(') + 1]
+ match = re.match(TEST_FUNCTION_VALIDATION_REGEX,
+ up_to_arg_list_start.replace('\n', ' '), re.I)
+ if match:
+ # check if we have full signature i.e. split in more lines
+ name = match.group('func_name')
+ if not re.match(FUNCTION_ARG_LIST_END_REGEX, line):
+ for lin in funcs_f:
+ line += lin
+ if re.search(FUNCTION_ARG_LIST_END_REGEX, line):
+ break
+ args, local_vars, args_dispatch = parse_function_arguments(
+ line)
+ code += line
+ break
+ code += line
+ else:
+ raise GeneratorInputError("file: %s - Test functions not found!" %
+ funcs_f.name)
+
+ # Prefix test function name with 'test_'
+ code = code.replace(name, 'test_' + name, 1)
+ name = 'test_' + name
+
+ for line in funcs_f:
+ if re.search(END_CASE_REGEX, line):
+ break
+ if not has_exit_label:
+ has_exit_label = \
+ re.search(EXIT_LABEL_REGEX, line.strip()) is not None
+ code += line
+ else:
+ raise GeneratorInputError("file: %s - end case pattern [%s] not "
+ "found!" % (funcs_f.name, END_CASE_REGEX))
+
+ code = line_directive + code
+ code = generate_function_code(name, code, local_vars, args_dispatch,
+ dependencies)
+ dispatch_code = gen_dispatch(name, suite_dependencies + dependencies)
+ return (name, args, code, dispatch_code)
+
+
+def parse_functions(funcs_f):
+ """
+ Parses a test_suite_xxx.function file and returns information
+ for generating a C source file for the test suite.
+
+ :param funcs_f: file object of the functions file.
+ :return: List of test suite dependencies, test function dispatch
+ code, function code and a dict with function identifiers
+ and arguments info.
+ """
+ suite_helpers = ''
+ suite_dependencies = []
+ suite_functions = ''
+ func_info = {}
+ function_idx = 0
+ dispatch_code = ''
+ for line in funcs_f:
+ if re.search(BEGIN_HEADER_REGEX, line):
+ suite_helpers += parse_until_pattern(funcs_f, END_HEADER_REGEX)
+ elif re.search(BEGIN_SUITE_HELPERS_REGEX, line):
+ suite_helpers += parse_until_pattern(funcs_f,
+ END_SUITE_HELPERS_REGEX)
+ elif re.search(BEGIN_DEP_REGEX, line):
+ suite_dependencies += parse_suite_dependencies(funcs_f)
+ elif re.search(BEGIN_CASE_REGEX, line):
+ try:
+ dependencies = parse_function_dependencies(line)
+ except GeneratorInputError as error:
+ raise GeneratorInputError(
+ "%s:%d: %s" % (funcs_f.name, funcs_f.line_no,
+ str(error)))
+ func_name, args, func_code, func_dispatch =\
+ parse_function_code(funcs_f, dependencies, suite_dependencies)
+ suite_functions += func_code
+ # Generate dispatch code and enumeration info
+ if func_name in func_info:
+ raise GeneratorInputError(
+ "file: %s - function %s re-declared at line %d" %
+ (funcs_f.name, func_name, funcs_f.line_no))
+ func_info[func_name] = (function_idx, args)
+ dispatch_code += '/* Function Id: %d */\n' % function_idx
+ dispatch_code += func_dispatch
+ function_idx += 1
+
+ func_code = (suite_helpers +
+ suite_functions).join(gen_dependencies(suite_dependencies))
+ return suite_dependencies, dispatch_code, func_code, func_info
+
+
+def escaped_split(inp_str, split_char):
+ """
+ Split inp_str on character split_char but ignore if escaped.
+ Since, return value is used to write back to the intermediate
+ data file, any escape characters in the input are retained in the
+ output.
+
+ :param inp_str: String to split
+ :param split_char: Split character
+ :return: List of splits
+ """
+ if len(split_char) > 1:
+ raise ValueError('Expected split character. Found string!')
+ out = re.sub(r'(\\.)|' + split_char,
+ lambda m: m.group(1) or '\n', inp_str,
+ len(inp_str)).split('\n')
+ out = [x for x in out if x]
+ return out
+
+
+def parse_test_data(data_f):
+ """
+ Parses .data file for each test case name, test function name,
+ test dependencies and test arguments. This information is
+ correlated with the test functions file for generating an
+ intermediate data file replacing the strings for test function
+ names, dependencies and integer constant expressions with
+ identifiers. Mainly for optimising space for on-target
+ execution.
+
+ :param data_f: file object of the data file.
+ :return: Generator that yields test name, function name,
+ dependency list and function argument list.
+ """
+ __state_read_name = 0
+ __state_read_args = 1
+ state = __state_read_name
+ dependencies = []
+ name = ''
+ for line in data_f:
+ line = line.strip()
+ # Skip comments
+ if line.startswith('#'):
+ continue
+
+ # Blank line indicates end of test
+ if not line:
+ if state == __state_read_args:
+ raise GeneratorInputError("[%s:%d] Newline before arguments. "
+ "Test function and arguments "
+ "missing for %s" %
+ (data_f.name, data_f.line_no, name))
+ continue
+
+ if state == __state_read_name:
+ # Read test name
+ name = line
+ state = __state_read_args
+ elif state == __state_read_args:
+ # Check dependencies
+ match = re.search(DEPENDENCY_REGEX, line)
+ if match:
+ try:
+ dependencies = parse_dependencies(
+ match.group('dependencies'))
+ except GeneratorInputError as error:
+ raise GeneratorInputError(
+ str(error) + " - %s:%d" %
+ (data_f.name, data_f.line_no))
+ else:
+ # Read test vectors
+ parts = escaped_split(line, ':')
+ test_function = parts[0]
+ args = parts[1:]
+ yield name, test_function, dependencies, args
+ dependencies = []
+ state = __state_read_name
+ if state == __state_read_args:
+ raise GeneratorInputError("[%s:%d] Newline before arguments. "
+ "Test function and arguments missing for "
+ "%s" % (data_f.name, data_f.line_no, name))
+
+
+def gen_dep_check(dep_id, dep):
+ """
+ Generate code for checking dependency with the associated
+ identifier.
+
+ :param dep_id: Dependency identifier
+ :param dep: Dependency macro
+ :return: Dependency check code
+ """
+ if dep_id < 0:
+ raise GeneratorInputError("Dependency Id should be a positive "
+ "integer.")
+ _not, dep = ('!', dep[1:]) if dep[0] == '!' else ('', dep)
+ if not dep:
+ raise GeneratorInputError("Dependency should not be an empty string.")
+
+ dependency = re.match(CONDITION_REGEX, dep, re.I)
+ if not dependency:
+ raise GeneratorInputError('Invalid dependency %s' % dep)
+
+ _defined = '' if dependency.group(2) else 'defined'
+ _cond = dependency.group(2) if dependency.group(2) else ''
+ _value = dependency.group(3) if dependency.group(3) else ''
+
+ dep_check = '''
+ case {id}:
+ {{
+#if {_not}{_defined}({macro}{_cond}{_value})
+ ret = DEPENDENCY_SUPPORTED;
+#else
+ ret = DEPENDENCY_NOT_SUPPORTED;
+#endif
+ }}
+ break;'''.format(_not=_not, _defined=_defined,
+ macro=dependency.group(1), id=dep_id,
+ _cond=_cond, _value=_value)
+ return dep_check
+
+
+def gen_expression_check(exp_id, exp):
+ """
+ Generates code for evaluating an integer expression using
+ associated expression Id.
+
+ :param exp_id: Expression Identifier
+ :param exp: Expression/Macro
+ :return: Expression check code
+ """
+ if exp_id < 0:
+ raise GeneratorInputError("Expression Id should be a positive "
+ "integer.")
+ if not exp:
+ raise GeneratorInputError("Expression should not be an empty string.")
+ exp_code = '''
+ case {exp_id}:
+ {{
+ *out_value = {expression};
+ }}
+ break;'''.format(exp_id=exp_id, expression=exp)
+ return exp_code
+
+
+def write_dependencies(out_data_f, test_dependencies, unique_dependencies):
+ """
+ Write dependencies to intermediate test data file, replacing
+ the string form with identifiers. Also, generates dependency
+ check code.
+
+ :param out_data_f: Output intermediate data file
+ :param test_dependencies: Dependencies
+ :param unique_dependencies: Mutable list to track unique dependencies
+ that are global to this re-entrant function.
+ :return: returns dependency check code.
+ """
+ dep_check_code = ''
+ if test_dependencies:
+ out_data_f.write('depends_on')
+ for dep in test_dependencies:
+ if dep not in unique_dependencies:
+ unique_dependencies.append(dep)
+ dep_id = unique_dependencies.index(dep)
+ dep_check_code += gen_dep_check(dep_id, dep)
+ else:
+ dep_id = unique_dependencies.index(dep)
+ out_data_f.write(':' + str(dep_id))
+ out_data_f.write('\n')
+ return dep_check_code
+
+
+def write_parameters(out_data_f, test_args, func_args, unique_expressions):
+ """
+ Writes test parameters to the intermediate data file, replacing
+ the string form with identifiers. Also, generates expression
+ check code.
+
+ :param out_data_f: Output intermediate data file
+ :param test_args: Test parameters
+ :param func_args: Function arguments
+ :param unique_expressions: Mutable list to track unique
+ expressions that are global to this re-entrant function.
+ :return: Returns expression check code.
+ """
+ expression_code = ''
+ for i, _ in enumerate(test_args):
+ typ = func_args[i]
+ val = test_args[i]
+
+ # check if val is a non literal int val (i.e. an expression)
+ if typ == 'int' and not re.match(r'(\d+|0x[0-9a-f]+)$',
+ val, re.I):
+ typ = 'exp'
+ if val not in unique_expressions:
+ unique_expressions.append(val)
+ # exp_id can be derived from len(). But for
+ # readability and consistency with case of existing
+ # let's use index().
+ exp_id = unique_expressions.index(val)
+ expression_code += gen_expression_check(exp_id, val)
+ val = exp_id
+ else:
+ val = unique_expressions.index(val)
+ out_data_f.write(':' + typ + ':' + str(val))
+ out_data_f.write('\n')
+ return expression_code
+
+
+def gen_suite_dep_checks(suite_dependencies, dep_check_code, expression_code):
+ """
+ Generates preprocessor checks for test suite dependencies.
+
+ :param suite_dependencies: Test suite dependencies read from the
+ .function file.
+ :param dep_check_code: Dependency check code
+ :param expression_code: Expression check code
+ :return: Dependency and expression code guarded by test suite
+ dependencies.
+ """
+ if suite_dependencies:
+ preprocessor_check = gen_dependencies_one_line(suite_dependencies)
+ dep_check_code = '''
+{preprocessor_check}
+{code}
+#endif
+'''.format(preprocessor_check=preprocessor_check, code=dep_check_code)
+ expression_code = '''
+{preprocessor_check}
+{code}
+#endif
+'''.format(preprocessor_check=preprocessor_check, code=expression_code)
+ return dep_check_code, expression_code
+
+
+def gen_from_test_data(data_f, out_data_f, func_info, suite_dependencies):
+ """
+ This function reads test case name, dependencies and test vectors
+ from the .data file. This information is correlated with the test
+ functions file for generating an intermediate data file replacing
+ the strings for test function names, dependencies and integer
+ constant expressions with identifiers. Mainly for optimising
+ space for on-target execution.
+ It also generates test case dependency check code and expression
+ evaluation code.
+
+ :param data_f: Data file object
+ :param out_data_f: Output intermediate data file
+ :param func_info: Dict keyed by function and with function id
+ and arguments info
+ :param suite_dependencies: Test suite dependencies
+ :return: Returns dependency and expression check code
+ """
+ unique_dependencies = []
+ unique_expressions = []
+ dep_check_code = ''
+ expression_code = ''
+ for test_name, function_name, test_dependencies, test_args in \
+ parse_test_data(data_f):
+ out_data_f.write(test_name + '\n')
+
+ # Write dependencies
+ dep_check_code += write_dependencies(out_data_f, test_dependencies,
+ unique_dependencies)
+
+ # Write test function name
+ test_function_name = 'test_' + function_name
+ if test_function_name not in func_info:
+ raise GeneratorInputError("Function %s not found!" %
+ test_function_name)
+ func_id, func_args = func_info[test_function_name]
+ out_data_f.write(str(func_id))
+
+ # Write parameters
+ if len(test_args) != len(func_args):
+ raise GeneratorInputError("Invalid number of arguments in test "
+ "%s. See function %s signature." %
+ (test_name, function_name))
+ expression_code += write_parameters(out_data_f, test_args, func_args,
+ unique_expressions)
+
+ # Write a newline as test case separator
+ out_data_f.write('\n')
+
+ dep_check_code, expression_code = gen_suite_dep_checks(
+ suite_dependencies, dep_check_code, expression_code)
+ return dep_check_code, expression_code
+
+
+def add_input_info(funcs_file, data_file, template_file,
+ c_file, snippets):
+ """
+ Add generator input info in snippets.
+
+ :param funcs_file: Functions file object
+ :param data_file: Data file object
+ :param template_file: Template file object
+ :param c_file: Output C file object
+ :param snippets: Dictionary to contain code pieces to be
+ substituted in the template.
+ :return:
+ """
+ snippets['test_file'] = c_file
+ snippets['test_main_file'] = template_file
+ snippets['test_case_file'] = funcs_file
+ snippets['test_case_data_file'] = data_file
+
+
+def read_code_from_input_files(platform_file, helpers_file,
+ out_data_file, snippets):
+ """
+ Read code from input files and create substitutions for replacement
+ strings in the template file.
+
+ :param platform_file: Platform file object
+ :param helpers_file: Helper functions file object
+ :param out_data_file: Output intermediate data file object
+ :param snippets: Dictionary to contain code pieces to be
+ substituted in the template.
+ :return:
+ """
+ # Read helpers
+ with open(helpers_file, 'r') as help_f, open(platform_file, 'r') as \
+ platform_f:
+ snippets['test_common_helper_file'] = helpers_file
+ snippets['test_common_helpers'] = help_f.read()
+ snippets['test_platform_file'] = platform_file
+ snippets['platform_code'] = platform_f.read().replace(
+ 'DATA_FILE', out_data_file.replace('\\', '\\\\')) # escape '\'
+
+
+def write_test_source_file(template_file, c_file, snippets):
+ """
+ Write output source file with generated source code.
+
+ :param template_file: Template file name
+ :param c_file: Output source file
+ :param snippets: Generated and code snippets
+ :return:
+ """
+ with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f:
+ for line_no, line in enumerate(template_f.readlines(), 1):
+ # Update line number. +1 as #line directive sets next line number
+ snippets['line_no'] = line_no + 1
+ code = string.Template(line).substitute(**snippets)
+ c_f.write(code)
+
+
+def parse_function_file(funcs_file, snippets):
+ """
+ Parse function file and generate function dispatch code.
+
+ :param funcs_file: Functions file name
+ :param snippets: Dictionary to contain code pieces to be
+ substituted in the template.
+ :return:
+ """
+ with FileWrapper(funcs_file) as funcs_f:
+ suite_dependencies, dispatch_code, func_code, func_info = \
+ parse_functions(funcs_f)
+ snippets['functions_code'] = func_code
+ snippets['dispatch_code'] = dispatch_code
+ return suite_dependencies, func_info
+
+
+def generate_intermediate_data_file(data_file, out_data_file,
+ suite_dependencies, func_info, snippets):
+ """
+ Generates intermediate data file from input data file and
+ information read from functions file.
+
+ :param data_file: Data file name
+ :param out_data_file: Output/Intermediate data file
+ :param suite_dependencies: List of suite dependencies.
+ :param func_info: Function info parsed from functions file.
+ :param snippets: Dictionary to contain code pieces to be
+ substituted in the template.
+ :return:
+ """
+ with FileWrapper(data_file) as data_f, \
+ open(out_data_file, 'w') as out_data_f:
+ dep_check_code, expression_code = gen_from_test_data(
+ data_f, out_data_f, func_info, suite_dependencies)
+ snippets['dep_check_code'] = dep_check_code
+ snippets['expression_code'] = expression_code
+
+
+def generate_code(**input_info):
+ """
+ Generates C source code from test suite file, data file, common
+ helpers file and platform file.
+
+ input_info expands to following parameters:
+ funcs_file: Functions file object
+ data_file: Data file object
+ template_file: Template file object
+ platform_file: Platform file object
+ helpers_file: Helper functions file object
+ suites_dir: Test suites dir
+ c_file: Output C file object
+ out_data_file: Output intermediate data file object
+ :return:
+ """
+ funcs_file = input_info['funcs_file']
+ data_file = input_info['data_file']
+ template_file = input_info['template_file']
+ platform_file = input_info['platform_file']
+ helpers_file = input_info['helpers_file']
+ suites_dir = input_info['suites_dir']
+ c_file = input_info['c_file']
+ out_data_file = input_info['out_data_file']
+ for name, path in [('Functions file', funcs_file),
+ ('Data file', data_file),
+ ('Template file', template_file),
+ ('Platform file', platform_file),
+ ('Helpers code file', helpers_file),
+ ('Suites dir', suites_dir)]:
+ if not os.path.exists(path):
+ raise IOError("ERROR: %s [%s] not found!" % (name, path))
+
+ snippets = {'generator_script': os.path.basename(__file__)}
+ read_code_from_input_files(platform_file, helpers_file,
+ out_data_file, snippets)
+ add_input_info(funcs_file, data_file, template_file,
+ c_file, snippets)
+ suite_dependencies, func_info = parse_function_file(funcs_file, snippets)
+ generate_intermediate_data_file(data_file, out_data_file,
+ suite_dependencies, func_info, snippets)
+ write_test_source_file(template_file, c_file, snippets)
+
+
+def main():
+ """
+ Command line parser.
+
+ :return:
+ """
+ parser = argparse.ArgumentParser(
+ description='Dynamically generate test suite code.')
+
+ parser.add_argument("-f", "--functions-file",
+ dest="funcs_file",
+ help="Functions file",
+ metavar="FUNCTIONS_FILE",
+ required=True)
+
+ parser.add_argument("-d", "--data-file",
+ dest="data_file",
+ help="Data file",
+ metavar="DATA_FILE",
+ required=True)
+
+ parser.add_argument("-t", "--template-file",
+ dest="template_file",
+ help="Template file",
+ metavar="TEMPLATE_FILE",
+ required=True)
+
+ parser.add_argument("-s", "--suites-dir",
+ dest="suites_dir",
+ help="Suites dir",
+ metavar="SUITES_DIR",
+ required=True)
+
+ parser.add_argument("--helpers-file",
+ dest="helpers_file",
+ help="Helpers file",
+ metavar="HELPERS_FILE",
+ required=True)
+
+ parser.add_argument("-p", "--platform-file",
+ dest="platform_file",
+ help="Platform code file",
+ metavar="PLATFORM_FILE",
+ required=True)
+
+ parser.add_argument("-o", "--out-dir",
+ dest="out_dir",
+ help="Dir where generated code and scripts are copied",
+ metavar="OUT_DIR",
+ required=True)
+
+ args = parser.parse_args()
+
+ data_file_name = os.path.basename(args.data_file)
+ data_name = os.path.splitext(data_file_name)[0]
+
+ out_c_file = os.path.join(args.out_dir, data_name + '.c')
+ out_data_file = os.path.join(args.out_dir, data_name + '.datax')
+
+ out_c_file_dir = os.path.dirname(out_c_file)
+ out_data_file_dir = os.path.dirname(out_data_file)
+ for directory in [out_c_file_dir, out_data_file_dir]:
+ if not os.path.exists(directory):
+ os.makedirs(directory)
+
+ generate_code(funcs_file=args.funcs_file, data_file=args.data_file,
+ template_file=args.template_file,
+ platform_file=args.platform_file,
+ helpers_file=args.helpers_file, suites_dir=args.suites_dir,
+ c_file=out_c_file, out_data_file=out_data_file)
+
+
+if __name__ == "__main__":
+ try:
+ main()
+ except GeneratorInputError as err:
+ sys.exit("%s: input error: %s" %
+ (os.path.basename(sys.argv[0]), str(err)))
diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh
index 130d9d6..cc9c54f 100755
--- a/tests/scripts/list-identifiers.sh
+++ b/tests/scripts/list-identifiers.sh
@@ -1,4 +1,10 @@
-#!/bin/sh
+#!/bin/bash
+#
+# Create a file named identifiers containing identifiers from internal header
+# files or all header files, based on --internal flag.
+# Outputs the line count of the file to stdout.
+#
+# Usage: list-identifiers.sh [ -i | --internal ]
set -eu
@@ -7,7 +13,29 @@
exit 1
fi
-HEADERS=$( ls include/mbedtls/*.h | egrep -v 'compat-1\.3\.h|bn_mul' )
+INTERNAL=""
+
+until [ -z "${1-}" ]
+do
+ case "$1" in
+ -i|--internal)
+ INTERNAL="1"
+ ;;
+ *)
+ # print error
+ echo "Unknown argument: '$1'"
+ exit 1
+ ;;
+ esac
+ shift
+done
+
+if [ $INTERNAL ]
+then
+ HEADERS=$( ls include/mbedtls/*_internal.h | egrep -v 'compat-1\.3\.h|bn_mul' )
+else
+ HEADERS=$( ls include/mbedtls/*.h | egrep -v 'compat-1\.3\.h|bn_mul' )
+fi
rm -f identifiers
diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh
index c258719..930722c 100755
--- a/tests/scripts/list-symbols.sh
+++ b/tests/scripts/list-symbols.sh
@@ -14,8 +14,21 @@
cp include/mbedtls/config.h include/mbedtls/config.h.bak
scripts/config.pl full
-CFLAGS=-fno-asynchronous-unwind-tables make clean lib >/dev/null 2>&1
+make clean
+make_ret=
+CFLAGS=-fno-asynchronous-unwind-tables make lib \
+ >list-symbols.make.log 2>&1 ||
+ {
+ make_ret=$?
+ echo "Build failure: CFLAGS=-fno-asynchronous-unwind-tables make lib"
+ cat list-symbols.make.log >&2
+ }
+rm list-symbols.make.log
mv include/mbedtls/config.h.bak include/mbedtls/config.h
+if [ -n "$make_ret" ]; then
+ exit "$make_ret"
+fi
+
if uname | grep -F Darwin >/dev/null; then
nm -gUj library/libmbed*.a 2>/dev/null | sed -n -e 's/^_//p'
elif uname | grep -F Linux >/dev/null; then
diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
new file mode 100755
index 0000000..6ac68a4
--- /dev/null
+++ b/tests/scripts/mbedtls_test.py
@@ -0,0 +1,379 @@
+# Greentea host test script for Mbed TLS on-target test suite testing.
+#
+# Copyright (C) 2018, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
+
+"""
+Mbed TLS on-target test suite tests are implemented as Greentea
+tests. Greentea tests are implemented in two parts: target test and
+host test. Target test is a C application that is built for the
+target platform and executes on the target. Host test is a Python
+class derived from mbed_host_tests.BaseHostTest. Target communicates
+with the host over serial for the test data and sends back the result.
+
+Python tool mbedgt (Greentea) is responsible for flashing the test
+binary on to the target and dynamically loading this host test module.
+
+Greentea documentation can be found here:
+https://github.com/ARMmbed/greentea
+"""
+
+
+import re
+import os
+import binascii
+
+from mbed_host_tests import BaseHostTest, event_callback # pylint: disable=import-error
+
+
+class TestDataParserError(Exception):
+ """Indicates error in test data, read from .data file."""
+ pass
+
+
+class TestDataParser(object):
+ """
+ Parses test name, dependencies, test function name and test parameters
+ from the data file.
+ """
+
+ def __init__(self):
+ """
+ Constructor
+ """
+ self.tests = []
+
+ def parse(self, data_file):
+ """
+ Data file parser.
+
+ :param data_file: Data file path
+ """
+ with open(data_file, 'r') as data_f:
+ self.__parse(data_f)
+
+ @staticmethod
+ def __escaped_split(inp_str, split_char):
+ """
+ Splits inp_str on split_char except when escaped.
+
+ :param inp_str: String to split
+ :param split_char: Split character
+ :return: List of splits
+ """
+ split_colon_fn = lambda x: re.sub(r'\\' + split_char, split_char, x)
+ if len(split_char) > 1:
+ raise ValueError('Expected split character. Found string!')
+ out = list(map(split_colon_fn, re.split(r'(?<!\\)' + split_char, inp_str)))
+ out = [x for x in out if x]
+ return out
+
+ def __parse(self, data_f):
+ """
+ Parses data file using supplied file object.
+
+ :param data_f: Data file object
+ :return:
+ """
+ for line in data_f:
+ line = line.strip()
+ if not line:
+ continue
+ # Read test name
+ name = line
+
+ # Check dependencies
+ dependencies = []
+ line = next(data_f).strip()
+ match = re.search('depends_on:(.*)', line)
+ if match:
+ dependencies = [int(x) for x in match.group(1).split(':')]
+ line = next(data_f).strip()
+
+ # Read test vectors
+ line = line.replace('\\n', '\n')
+ parts = self.__escaped_split(line, ':')
+ function_name = int(parts[0])
+ args = parts[1:]
+ args_count = len(args)
+ if args_count % 2 != 0:
+ err_str_fmt = "Number of test arguments({}) should be even: {}"
+ raise TestDataParserError(err_str_fmt.format(args_count, line))
+ grouped_args = [(args[i * 2], args[(i * 2) + 1])
+ for i in range(int(len(args)/2))]
+ self.tests.append((name, function_name, dependencies,
+ grouped_args))
+
+ def get_test_data(self):
+ """
+ Returns test data.
+ """
+ return self.tests
+
+
+class MbedTlsTest(BaseHostTest):
+ """
+ Host test for Mbed TLS unit tests. This script is loaded at
+ run time by Greentea for executing Mbed TLS test suites. Each
+ communication from the target is received in this object as
+ an event, which is then handled by the event handler method
+ decorated by the associated event. Ex: @event_callback('GO').
+
+ Target test sends requests for dispatching next test. It reads
+ tests from the intermediate data file and sends test function
+ identifier, dependency identifiers, expression identifiers and
+ the test data in binary form. Target test checks dependencies
+ , evaluate integer constant expressions and dispatches the test
+ function with received test parameters. After test function is
+ finished, target sends the result. This class handles the result
+ event and prints verdict in the form that Greentea understands.
+
+ """
+ # status/error codes from suites/helpers.function
+ DEPENDENCY_SUPPORTED = 0
+ KEY_VALUE_MAPPING_FOUND = DEPENDENCY_SUPPORTED
+ DISPATCH_TEST_SUCCESS = DEPENDENCY_SUPPORTED
+
+ KEY_VALUE_MAPPING_NOT_FOUND = -1 # Expression Id not found.
+ DEPENDENCY_NOT_SUPPORTED = -2 # Dependency not supported.
+ DISPATCH_TEST_FN_NOT_FOUND = -3 # Test function not found.
+ DISPATCH_INVALID_TEST_DATA = -4 # Invalid parameter type.
+ DISPATCH_UNSUPPORTED_SUITE = -5 # Test suite not supported/enabled.
+
+ def __init__(self):
+ """
+ Constructor initialises test index to 0.
+ """
+ super(MbedTlsTest, self).__init__()
+ self.tests = []
+ self.test_index = -1
+ self.dep_index = 0
+ self.suite_passed = True
+ self.error_str = dict()
+ self.error_str[self.DEPENDENCY_SUPPORTED] = \
+ 'DEPENDENCY_SUPPORTED'
+ self.error_str[self.KEY_VALUE_MAPPING_NOT_FOUND] = \
+ 'KEY_VALUE_MAPPING_NOT_FOUND'
+ self.error_str[self.DEPENDENCY_NOT_SUPPORTED] = \
+ 'DEPENDENCY_NOT_SUPPORTED'
+ self.error_str[self.DISPATCH_TEST_FN_NOT_FOUND] = \
+ 'DISPATCH_TEST_FN_NOT_FOUND'
+ self.error_str[self.DISPATCH_INVALID_TEST_DATA] = \
+ 'DISPATCH_INVALID_TEST_DATA'
+ self.error_str[self.DISPATCH_UNSUPPORTED_SUITE] = \
+ 'DISPATCH_UNSUPPORTED_SUITE'
+
+ def setup(self):
+ """
+ Setup hook implementation. Reads test suite data file and parses out
+ tests.
+ """
+ binary_path = self.get_config_item('image_path')
+ script_dir = os.path.split(os.path.abspath(__file__))[0]
+ suite_name = os.path.splitext(os.path.basename(binary_path))[0]
+ data_file = ".".join((suite_name, 'datax'))
+ data_file = os.path.join(script_dir, '..', 'mbedtls',
+ suite_name, data_file)
+ if os.path.exists(data_file):
+ self.log("Running tests from %s" % data_file)
+ parser = TestDataParser()
+ parser.parse(data_file)
+ self.tests = parser.get_test_data()
+ self.print_test_info()
+ else:
+ self.log("Data file not found: %s" % data_file)
+ self.notify_complete(False)
+
+ def print_test_info(self):
+ """
+ Prints test summary read by Greentea to detect test cases.
+ """
+ self.log('{{__testcase_count;%d}}' % len(self.tests))
+ for name, _, _, _ in self.tests:
+ self.log('{{__testcase_name;%s}}' % name)
+
+ @staticmethod
+ def align_32bit(data_bytes):
+ """
+ 4 byte aligns input byte array.
+
+ :return:
+ """
+ data_bytes += bytearray((4 - (len(data_bytes))) % 4)
+
+ @staticmethod
+ def hex_str_bytes(hex_str):
+ """
+ Converts Hex string representation to byte array
+
+ :param hex_str: Hex in string format.
+ :return: Output Byte array
+ """
+ if hex_str[0] != '"' or hex_str[len(hex_str) - 1] != '"':
+ raise TestDataParserError("HEX test parameter missing '\"':"
+ " %s" % hex_str)
+ hex_str = hex_str.strip('"')
+ if len(hex_str) % 2 != 0:
+ raise TestDataParserError("HEX parameter len should be mod of "
+ "2: %s" % hex_str)
+
+ data_bytes = binascii.unhexlify(hex_str)
+ return data_bytes
+
+ @staticmethod
+ def int32_to_big_endian_bytes(i):
+ """
+ Coverts i to byte array in big endian format.
+
+ :param i: Input integer
+ :return: Output bytes array in big endian or network order
+ """
+ data_bytes = bytearray([((i >> x) & 0xff) for x in [24, 16, 8, 0]])
+ return data_bytes
+
+ def test_vector_to_bytes(self, function_id, dependencies, parameters):
+ """
+ Converts test vector into a byte array that can be sent to the target.
+
+ :param function_id: Test Function Identifier
+ :param dependencies: Dependency list
+ :param parameters: Test function input parameters
+ :return: Byte array and its length
+ """
+ data_bytes = bytearray([len(dependencies)])
+ if dependencies:
+ data_bytes += bytearray(dependencies)
+ data_bytes += bytearray([function_id, len(parameters)])
+ for typ, param in parameters:
+ if typ == 'int' or typ == 'exp':
+ i = int(param, 0)
+ data_bytes += b'I' if typ == 'int' else b'E'
+ self.align_32bit(data_bytes)
+ data_bytes += self.int32_to_big_endian_bytes(i)
+ elif typ == 'char*':
+ param = param.strip('"')
+ i = len(param) + 1 # + 1 for null termination
+ data_bytes += b'S'
+ self.align_32bit(data_bytes)
+ data_bytes += self.int32_to_big_endian_bytes(i)
+ data_bytes += bytearray(param, encoding='ascii')
+ data_bytes += b'\0' # Null terminate
+ elif typ == 'hex':
+ binary_data = self.hex_str_bytes(param)
+ data_bytes += b'H'
+ self.align_32bit(data_bytes)
+ i = len(binary_data)
+ data_bytes += self.int32_to_big_endian_bytes(i)
+ data_bytes += binary_data
+ length = self.int32_to_big_endian_bytes(len(data_bytes))
+ return data_bytes, length
+
+ def run_next_test(self):
+ """
+ Fetch next test information and execute the test.
+
+ """
+ self.test_index += 1
+ self.dep_index = 0
+ if self.test_index < len(self.tests):
+ name, function_id, dependencies, args = self.tests[self.test_index]
+ self.run_test(name, function_id, dependencies, args)
+ else:
+ self.notify_complete(self.suite_passed)
+
+ def run_test(self, name, function_id, dependencies, args):
+ """
+ Execute the test on target by sending next test information.
+
+ :param name: Test name
+ :param function_id: function identifier
+ :param dependencies: Dependencies list
+ :param args: test parameters
+ :return:
+ """
+ self.log("Running: %s" % name)
+
+ param_bytes, length = self.test_vector_to_bytes(function_id,
+ dependencies, args)
+ self.send_kv(''.join('{:02x}'.format(x) for x in length), ''.join('{:02x}'.format(x) for x in param_bytes))
+
+ @staticmethod
+ def get_result(value):
+ """
+ Converts result from string type to integer
+ :param value: Result code in string
+ :return: Integer result code. Value is from the test status
+ constants defined under the MbedTlsTest class.
+ """
+ try:
+ return int(value)
+ except ValueError:
+ ValueError("Result should return error number. "
+ "Instead received %s" % value)
+
+ @event_callback('GO')
+ def on_go(self, _key, _value, _timestamp):
+ """
+ Sent by the target to start first test.
+
+ :param _key: Event key
+ :param _value: Value. ignored
+ :param _timestamp: Timestamp ignored.
+ :return:
+ """
+ self.run_next_test()
+
+ @event_callback("R")
+ def on_result(self, _key, value, _timestamp):
+ """
+ Handle result. Prints test start, finish required by Greentea
+ to detect test execution.
+
+ :param _key: Event key
+ :param value: Value. ignored
+ :param _timestamp: Timestamp ignored.
+ :return:
+ """
+ int_val = self.get_result(value)
+ name, _, _, _ = self.tests[self.test_index]
+ self.log('{{__testcase_start;%s}}' % name)
+ self.log('{{__testcase_finish;%s;%d;%d}}' % (name, int_val == 0,
+ int_val != 0))
+ if int_val != 0:
+ self.suite_passed = False
+ self.run_next_test()
+
+ @event_callback("F")
+ def on_failure(self, _key, value, _timestamp):
+ """
+ Handles test execution failure. That means dependency not supported or
+ Test function not supported. Hence marking test as skipped.
+
+ :param _key: Event key
+ :param value: Value. ignored
+ :param _timestamp: Timestamp ignored.
+ :return:
+ """
+ int_val = self.get_result(value)
+ if int_val in self.error_str:
+ err = self.error_str[int_val]
+ else:
+ err = 'Unknown error'
+ # For skip status, do not write {{__testcase_finish;...}}
+ self.log("Error: %s" % err)
+ self.run_next_test()
diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl
index 6279358..329ed14 100755
--- a/tests/scripts/run-test-suites.pl
+++ b/tests/scripts/run-test-suites.pl
@@ -4,19 +4,24 @@
#
# This file is part of mbed TLS (https://tls.mbed.org)
#
-# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# Executes all the available test suites, and provides a basic summary of the
-# results.
-#
-# Usage: run-test-suites.pl [-v]
-#
-# Options :
-# -v|--verbose - Provide a pass/fail/skip breakdown per test suite and
-# in total
-#
+# Copyright (c) 2015-2018, ARM Limited, All Rights Reserved
+
+=head1 SYNOPSIS
+
+Execute all the test suites and print a summary of the results.
+
+ run-test-suites.pl [[-v|--verbose] [VERBOSITY]] [--skip=SUITE[...]]
+
+Options:
+
+ -v|--verbose Print detailed failure information.
+ -v 2|--verbose=2 Print detailed failure information and summary messages.
+ -v 3|--verbose=3 Print detailed information about every test case.
+ --skip=SUITE[,SUITE...]
+ Skip the specified SUITE(s). This option can be used
+ multiple times.
+
+=cut
use warnings;
use strict;
@@ -24,35 +29,65 @@
use utf8;
use open qw(:std utf8);
-use constant FALSE => 0;
-use constant TRUE => 1;
+use Getopt::Long qw(:config auto_help gnu_compat);
+use Pod::Usage;
-my $verbose;
-my $switch = shift;
-if ( defined($switch) && ( $switch eq "-v" || $switch eq "--verbose" ) ) {
- $verbose = TRUE;
-}
+my $verbose = 0;
+my @skip_patterns = ();
+GetOptions(
+ 'skip=s' => \@skip_patterns,
+ 'verbose|v:1' => \$verbose,
+ ) or die;
# All test suites = executable files, excluding source files, debug
# and profiling information, etc. We can't just grep {! /\./} because
-#some of our test cases' base names contain a dot.
+# some of our test cases' base names contain a dot.
my @suites = grep { -x $_ || /\.exe$/ } glob 'test_suite_*';
+@suites = grep { !/\.c$/ && !/\.data$/ && -f } @suites;
die "$0: no test suite found\n" unless @suites;
+# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"
+# but not "test_suite_foobar".
+my $skip_re =
+ ( '\Atest_suite_(' .
+ join('|', map {
+ s/[ ,;]/|/g; # allow any of " ,;|" as separators
+ s/\./\./g; # "." in the input means ".", not "any character"
+ $_
+ } @skip_patterns) .
+ ')(\z|\.)' );
+
# in case test suites are linked dynamically
-$ENV{'LD_LIBRARY_PATH'} = '../library';
-$ENV{'DYLD_LIBRARY_PATH'} = '../library';
+$ENV{'LD_LIBRARY_PATH'} = '../library:../crypto/library';
+$ENV{'DYLD_LIBRARY_PATH'} = '../library:../crypto/library';
my $prefix = $^O eq "MSWin32" ? '' : './';
my ($failed_suites, $total_tests_run, $failed, $suite_cases_passed,
$suite_cases_failed, $suite_cases_skipped, $total_cases_passed,
$total_cases_failed, $total_cases_skipped );
+my $suites_skipped = 0;
+
+sub pad_print_center {
+ my( $width, $padchar, $string ) = @_;
+ my $padlen = ( $width - length( $string ) - 2 ) / 2;
+ print $padchar x( $padlen ), " $string ", $padchar x( $padlen ), "\n";
+}
for my $suite (@suites)
{
print "$suite ", "." x ( 72 - length($suite) - 2 - 4 ), " ";
- my $result = `$prefix$suite`;
+ if( $suite =~ /$skip_re/o ) {
+ print "SKIP\n";
+ ++$suites_skipped;
+ next;
+ }
+
+ my $command = "$prefix$suite";
+ if( $verbose ) {
+ $command .= ' -v';
+ }
+ my $result = `$command`;
$suite_cases_passed = () = $result =~ /.. PASS/g;
$suite_cases_failed = () = $result =~ /.. FAILED/g;
@@ -60,15 +95,25 @@
if( $result =~ /PASSED/ ) {
print "PASS\n";
+ if( $verbose > 2 ) {
+ pad_print_center( 72, '-', "Begin $suite" );
+ print $result;
+ pad_print_center( 72, '-', "End $suite" );
+ }
} else {
$failed_suites++;
print "FAIL\n";
+ if( $verbose ) {
+ pad_print_center( 72, '-', "Begin $suite" );
+ print $result;
+ pad_print_center( 72, '-', "End $suite" );
+ }
}
my ($passed, $tests, $skipped) = $result =~ /([0-9]*) \/ ([0-9]*) tests.*?([0-9]*) skipped/;
$total_tests_run += $tests - $skipped;
- if ( $verbose ) {
+ if( $verbose > 1 ) {
print "(test cases passed:", $suite_cases_passed,
" failed:", $suite_cases_failed,
" skipped:", $suite_cases_skipped,
@@ -84,9 +129,12 @@
print "-" x 72, "\n";
print $failed_suites ? "FAILED" : "PASSED";
-printf " (%d suites, %d tests run)\n", scalar @suites, $total_tests_run;
+printf( " (%d suites, %d tests run%s)\n",
+ scalar(@suites) - $suites_skipped,
+ $total_tests_run,
+ $suites_skipped ? ", $suites_skipped suites skipped" : "" );
-if ( $verbose ) {
+if( $verbose > 1 ) {
print " test cases passed :", $total_cases_passed, "\n";
print " failed :", $total_cases_failed, "\n";
print " skipped :", $total_cases_skipped, "\n";
@@ -94,8 +142,11 @@
"\n";
print " of available tests :",
( $total_cases_passed + $total_cases_failed + $total_cases_skipped ),
- "\n"
+ "\n";
+ if( $suites_skipped != 0 ) {
+ print "Note: $suites_skipped suites were skipped.\n";
}
+}
exit( $failed_suites ? 1 : 0 );
diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
new file mode 100755
index 0000000..6d7113e
--- /dev/null
+++ b/tests/scripts/test_generate_test_code.py
@@ -0,0 +1,1755 @@
+#!/usr/bin/env python3
+# Unit test for generate_test_code.py
+#
+# Copyright (C) 2018, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
+"""
+Unit tests for generate_test_code.py
+"""
+
+# pylint: disable=wrong-import-order
+try:
+ # Python 2
+ from StringIO import StringIO
+except ImportError:
+ # Python 3
+ from io import StringIO
+from unittest import TestCase, main as unittest_main
+try:
+ # Python 2
+ from mock import patch
+except ImportError:
+ # Python 3
+ from unittest.mock import patch
+# pylint: enable=wrong-import-order
+from generate_test_code import gen_dependencies, gen_dependencies_one_line
+from generate_test_code import gen_function_wrapper, gen_dispatch
+from generate_test_code import parse_until_pattern, GeneratorInputError
+from generate_test_code import parse_suite_dependencies
+from generate_test_code import parse_function_dependencies
+from generate_test_code import parse_function_arguments, parse_function_code
+from generate_test_code import parse_functions, END_HEADER_REGEX
+from generate_test_code import END_SUITE_HELPERS_REGEX, escaped_split
+from generate_test_code import parse_test_data, gen_dep_check
+from generate_test_code import gen_expression_check, write_dependencies
+from generate_test_code import write_parameters, gen_suite_dep_checks
+from generate_test_code import gen_from_test_data
+
+
+class GenDep(TestCase):
+ """
+ Test suite for function gen_dep()
+ """
+
+ def test_dependencies_list(self):
+ """
+ Test that gen_dep() correctly creates dependencies for given
+ dependency list.
+ :return:
+ """
+ dependencies = ['DEP1', 'DEP2']
+ dep_start, dep_end = gen_dependencies(dependencies)
+ preprocessor1, preprocessor2 = dep_start.splitlines()
+ endif1, endif2 = dep_end.splitlines()
+ self.assertEqual(preprocessor1, '#if defined(DEP1)',
+ 'Preprocessor generated incorrectly')
+ self.assertEqual(preprocessor2, '#if defined(DEP2)',
+ 'Preprocessor generated incorrectly')
+ self.assertEqual(endif1, '#endif /* DEP2 */',
+ 'Preprocessor generated incorrectly')
+ self.assertEqual(endif2, '#endif /* DEP1 */',
+ 'Preprocessor generated incorrectly')
+
+ def test_disabled_dependencies_list(self):
+ """
+ Test that gen_dep() correctly creates dependencies for given
+ dependency list.
+ :return:
+ """
+ dependencies = ['!DEP1', '!DEP2']
+ dep_start, dep_end = gen_dependencies(dependencies)
+ preprocessor1, preprocessor2 = dep_start.splitlines()
+ endif1, endif2 = dep_end.splitlines()
+ self.assertEqual(preprocessor1, '#if !defined(DEP1)',
+ 'Preprocessor generated incorrectly')
+ self.assertEqual(preprocessor2, '#if !defined(DEP2)',
+ 'Preprocessor generated incorrectly')
+ self.assertEqual(endif1, '#endif /* !DEP2 */',
+ 'Preprocessor generated incorrectly')
+ self.assertEqual(endif2, '#endif /* !DEP1 */',
+ 'Preprocessor generated incorrectly')
+
+ def test_mixed_dependencies_list(self):
+ """
+ Test that gen_dep() correctly creates dependencies for given
+ dependency list.
+ :return:
+ """
+ dependencies = ['!DEP1', 'DEP2']
+ dep_start, dep_end = gen_dependencies(dependencies)
+ preprocessor1, preprocessor2 = dep_start.splitlines()
+ endif1, endif2 = dep_end.splitlines()
+ self.assertEqual(preprocessor1, '#if !defined(DEP1)',
+ 'Preprocessor generated incorrectly')
+ self.assertEqual(preprocessor2, '#if defined(DEP2)',
+ 'Preprocessor generated incorrectly')
+ self.assertEqual(endif1, '#endif /* DEP2 */',
+ 'Preprocessor generated incorrectly')
+ self.assertEqual(endif2, '#endif /* !DEP1 */',
+ 'Preprocessor generated incorrectly')
+
+ def test_empty_dependencies_list(self):
+ """
+ Test that gen_dep() correctly creates dependencies for given
+ dependency list.
+ :return:
+ """
+ dependencies = []
+ dep_start, dep_end = gen_dependencies(dependencies)
+ self.assertEqual(dep_start, '', 'Preprocessor generated incorrectly')
+ self.assertEqual(dep_end, '', 'Preprocessor generated incorrectly')
+
+ def test_large_dependencies_list(self):
+ """
+ Test that gen_dep() correctly creates dependencies for given
+ dependency list.
+ :return:
+ """
+ dependencies = []
+ count = 10
+ for i in range(count):
+ dependencies.append('DEP%d' % i)
+ dep_start, dep_end = gen_dependencies(dependencies)
+ self.assertEqual(len(dep_start.splitlines()), count,
+ 'Preprocessor generated incorrectly')
+ self.assertEqual(len(dep_end.splitlines()), count,
+ 'Preprocessor generated incorrectly')
+
+
+class GenDepOneLine(TestCase):
+ """
+ Test Suite for testing gen_dependencies_one_line()
+ """
+
+ def test_dependencies_list(self):
+ """
+ Test that gen_dep() correctly creates dependencies for given
+ dependency list.
+ :return:
+ """
+ dependencies = ['DEP1', 'DEP2']
+ dep_str = gen_dependencies_one_line(dependencies)
+ self.assertEqual(dep_str, '#if defined(DEP1) && defined(DEP2)',
+ 'Preprocessor generated incorrectly')
+
+ def test_disabled_dependencies_list(self):
+ """
+ Test that gen_dep() correctly creates dependencies for given
+ dependency list.
+ :return:
+ """
+ dependencies = ['!DEP1', '!DEP2']
+ dep_str = gen_dependencies_one_line(dependencies)
+ self.assertEqual(dep_str, '#if !defined(DEP1) && !defined(DEP2)',
+ 'Preprocessor generated incorrectly')
+
+ def test_mixed_dependencies_list(self):
+ """
+ Test that gen_dep() correctly creates dependencies for given
+ dependency list.
+ :return:
+ """
+ dependencies = ['!DEP1', 'DEP2']
+ dep_str = gen_dependencies_one_line(dependencies)
+ self.assertEqual(dep_str, '#if !defined(DEP1) && defined(DEP2)',
+ 'Preprocessor generated incorrectly')
+
+ def test_empty_dependencies_list(self):
+ """
+ Test that gen_dep() correctly creates dependencies for given
+ dependency list.
+ :return:
+ """
+ dependencies = []
+ dep_str = gen_dependencies_one_line(dependencies)
+ self.assertEqual(dep_str, '', 'Preprocessor generated incorrectly')
+
+ def test_large_dependencies_list(self):
+ """
+ Test that gen_dep() correctly creates dependencies for given
+ dependency list.
+ :return:
+ """
+ dependencies = []
+ count = 10
+ for i in range(count):
+ dependencies.append('DEP%d' % i)
+ dep_str = gen_dependencies_one_line(dependencies)
+ expected = '#if ' + ' && '.join(['defined(%s)' %
+ x for x in dependencies])
+ self.assertEqual(dep_str, expected,
+ 'Preprocessor generated incorrectly')
+
+
+class GenFunctionWrapper(TestCase):
+ """
+ Test Suite for testing gen_function_wrapper()
+ """
+
+ def test_params_unpack(self):
+ """
+ Test that params are properly unpacked in the function call.
+
+ :return:
+ """
+ code = gen_function_wrapper('test_a', '', ('a', 'b', 'c', 'd'))
+ expected = '''
+void test_a_wrapper( void ** params )
+{
+
+ test_a( a, b, c, d );
+}
+'''
+ self.assertEqual(code, expected)
+
+ def test_local(self):
+ """
+ Test that params are properly unpacked in the function call.
+
+ :return:
+ """
+ code = gen_function_wrapper('test_a',
+ 'int x = 1;', ('x', 'b', 'c', 'd'))
+ expected = '''
+void test_a_wrapper( void ** params )
+{
+int x = 1;
+ test_a( x, b, c, d );
+}
+'''
+ self.assertEqual(code, expected)
+
+ def test_empty_params(self):
+ """
+ Test that params are properly unpacked in the function call.
+
+ :return:
+ """
+ code = gen_function_wrapper('test_a', '', ())
+ expected = '''
+void test_a_wrapper( void ** params )
+{
+ (void)params;
+
+ test_a( );
+}
+'''
+ self.assertEqual(code, expected)
+
+
+class GenDispatch(TestCase):
+ """
+ Test suite for testing gen_dispatch()
+ """
+
+ def test_dispatch(self):
+ """
+ Test that dispatch table entry is generated correctly.
+ :return:
+ """
+ code = gen_dispatch('test_a', ['DEP1', 'DEP2'])
+ expected = '''
+#if defined(DEP1) && defined(DEP2)
+ test_a_wrapper,
+#else
+ NULL,
+#endif
+'''
+ self.assertEqual(code, expected)
+
+ def test_empty_dependencies(self):
+ """
+ Test empty dependency list.
+ :return:
+ """
+ code = gen_dispatch('test_a', [])
+ expected = '''
+ test_a_wrapper,
+'''
+ self.assertEqual(code, expected)
+
+
+class StringIOWrapper(StringIO, object):
+ """
+ file like class to mock file object in tests.
+ """
+ def __init__(self, file_name, data, line_no=0):
+ """
+ Init file handle.
+
+ :param file_name:
+ :param data:
+ :param line_no:
+ """
+ super(StringIOWrapper, self).__init__(data)
+ self.line_no = line_no
+ self.name = file_name
+
+ def next(self):
+ """
+ Iterator method. This method overrides base class's
+ next method and extends the next method to count the line
+ numbers as each line is read.
+
+ :return: Line read from file.
+ """
+ parent = super(StringIOWrapper, self)
+ if getattr(parent, 'next', None):
+ # Python 2
+ line = parent.next()
+ else:
+ # Python 3
+ line = parent.__next__()
+ return line
+
+ # Python 3
+ __next__ = next
+
+ def readline(self, length=0):
+ """
+ Wrap the base class readline.
+
+ :param length:
+ :return:
+ """
+ # pylint: disable=unused-argument
+ line = super(StringIOWrapper, self).readline()
+ if line is not None:
+ self.line_no += 1
+ return line
+
+
+class ParseUntilPattern(TestCase):
+ """
+ Test Suite for testing parse_until_pattern().
+ """
+
+ def test_suite_headers(self):
+ """
+ Test that suite headers are parsed correctly.
+
+ :return:
+ """
+ data = '''#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN -1
+/* END_HEADER */
+'''
+ expected = '''#line 1 "test_suite_ut.function"
+#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN -1
+'''
+ stream = StringIOWrapper('test_suite_ut.function', data, line_no=0)
+ headers = parse_until_pattern(stream, END_HEADER_REGEX)
+ self.assertEqual(headers, expected)
+
+ def test_line_no(self):
+ """
+ Test that #line is set to correct line no. in source .function file.
+
+ :return:
+ """
+ data = '''#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN -1
+/* END_HEADER */
+'''
+ offset_line_no = 5
+ expected = '''#line %d "test_suite_ut.function"
+#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN -1
+''' % (offset_line_no + 1)
+ stream = StringIOWrapper('test_suite_ut.function', data,
+ offset_line_no)
+ headers = parse_until_pattern(stream, END_HEADER_REGEX)
+ self.assertEqual(headers, expected)
+
+ def test_no_end_header_comment(self):
+ """
+ Test that InvalidFileFormat is raised when end header comment is
+ missing.
+ :return:
+ """
+ data = '''#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN -1
+
+'''
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ self.assertRaises(GeneratorInputError, parse_until_pattern, stream,
+ END_HEADER_REGEX)
+
+
+class ParseSuiteDependencies(TestCase):
+ """
+ Test Suite for testing parse_suite_dependencies().
+ """
+
+ def test_suite_dependencies(self):
+ """
+
+ :return:
+ """
+ data = '''
+ * depends_on:MBEDTLS_ECP_C
+ * END_DEPENDENCIES
+ */
+'''
+ expected = ['MBEDTLS_ECP_C']
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ dependencies = parse_suite_dependencies(stream)
+ self.assertEqual(dependencies, expected)
+
+ def test_no_end_dep_comment(self):
+ """
+ Test that InvalidFileFormat is raised when end dep comment is missing.
+ :return:
+ """
+ data = '''
+* depends_on:MBEDTLS_ECP_C
+'''
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ self.assertRaises(GeneratorInputError, parse_suite_dependencies,
+ stream)
+
+ def test_dependencies_split(self):
+ """
+ Test that InvalidFileFormat is raised when end dep comment is missing.
+ :return:
+ """
+ data = '''
+ * depends_on:MBEDTLS_ECP_C:A:B: C : D :F : G: !H
+ * END_DEPENDENCIES
+ */
+'''
+ expected = ['MBEDTLS_ECP_C', 'A', 'B', 'C', 'D', 'F', 'G', '!H']
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ dependencies = parse_suite_dependencies(stream)
+ self.assertEqual(dependencies, expected)
+
+
+class ParseFuncDependencies(TestCase):
+ """
+ Test Suite for testing parse_function_dependencies()
+ """
+
+ def test_function_dependencies(self):
+ """
+ Test that parse_function_dependencies() correctly parses function
+ dependencies.
+ :return:
+ """
+ line = '/* BEGIN_CASE ' \
+ 'depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */'
+ expected = ['MBEDTLS_ENTROPY_NV_SEED', 'MBEDTLS_FS_IO']
+ dependencies = parse_function_dependencies(line)
+ self.assertEqual(dependencies, expected)
+
+ def test_no_dependencies(self):
+ """
+ Test that parse_function_dependencies() correctly parses function
+ dependencies.
+ :return:
+ """
+ line = '/* BEGIN_CASE */'
+ dependencies = parse_function_dependencies(line)
+ self.assertEqual(dependencies, [])
+
+ def test_tolerance(self):
+ """
+ Test that parse_function_dependencies() correctly parses function
+ dependencies.
+ :return:
+ """
+ line = '/* BEGIN_CASE depends_on:MBEDTLS_FS_IO: A : !B:C : F*/'
+ dependencies = parse_function_dependencies(line)
+ self.assertEqual(dependencies, ['MBEDTLS_FS_IO', 'A', '!B', 'C', 'F'])
+
+
+class ParseFuncSignature(TestCase):
+ """
+ Test Suite for parse_function_arguments().
+ """
+
+ def test_int_and_char_params(self):
+ """
+ Test int and char parameters parsing
+ :return:
+ """
+ line = 'void entropy_threshold( char * a, int b, int result )'
+ args, local, arg_dispatch = parse_function_arguments(line)
+ self.assertEqual(args, ['char*', 'int', 'int'])
+ self.assertEqual(local, '')
+ self.assertEqual(arg_dispatch, ['(char *) params[0]',
+ '*( (int *) params[1] )',
+ '*( (int *) params[2] )'])
+
+ def test_hex_params(self):
+ """
+ Test hex parameters parsing
+ :return:
+ """
+ line = 'void entropy_threshold( char * a, data_t * h, int result )'
+ args, local, arg_dispatch = parse_function_arguments(line)
+ self.assertEqual(args, ['char*', 'hex', 'int'])
+ self.assertEqual(local,
+ ' data_t data1 = {(uint8_t *) params[1], '
+ '*( (uint32_t *) params[2] )};\n')
+ self.assertEqual(arg_dispatch, ['(char *) params[0]',
+ '&data1',
+ '*( (int *) params[3] )'])
+
+ def test_unsupported_arg(self):
+ """
+ Test unsupported arguments (not among int, char * and data_t)
+ :return:
+ """
+ line = 'void entropy_threshold( char * a, data_t * h, char result )'
+ self.assertRaises(ValueError, parse_function_arguments, line)
+
+ def test_no_params(self):
+ """
+ Test no parameters.
+ :return:
+ """
+ line = 'void entropy_threshold()'
+ args, local, arg_dispatch = parse_function_arguments(line)
+ self.assertEqual(args, [])
+ self.assertEqual(local, '')
+ self.assertEqual(arg_dispatch, [])
+
+
+class ParseFunctionCode(TestCase):
+ """
+ Test suite for testing parse_function_code()
+ """
+
+ def assert_raises_regex(self, exp, regex, func, *args):
+ """
+ Python 2 & 3 portable wrapper of assertRaisesRegex(p)? function.
+
+ :param exp: Exception type expected to be raised by cb.
+ :param regex: Expected exception message
+ :param func: callable object under test
+ :param args: variable positional arguments
+ """
+ parent = super(ParseFunctionCode, self)
+
+ # Pylint does not appreciate that the super method called
+ # conditionally can be available in other Python version
+ # then that of Pylint.
+ # Workaround is to call the method via getattr.
+ # Pylint ignores that the method got via getattr is
+ # conditionally executed. Method has to be a callable.
+ # Hence, using a dummy callable for getattr default.
+ dummy = lambda *x: None
+ # First Python 3 assertRaisesRegex is checked, since Python 2
+ # assertRaisesRegexp is also available in Python 3 but is
+ # marked deprecated.
+ for name in ('assertRaisesRegex', 'assertRaisesRegexp'):
+ method = getattr(parent, name, dummy)
+ if method is not dummy:
+ method(exp, regex, func, *args)
+ break
+ else:
+ raise AttributeError(" 'ParseFunctionCode' object has no attribute"
+ " 'assertRaisesRegex' or 'assertRaisesRegexp'"
+ )
+
+ def test_no_function(self):
+ """
+ Test no test function found.
+ :return:
+ """
+ data = '''
+No
+test
+function
+'''
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ err_msg = 'file: test_suite_ut.function - Test functions not found!'
+ self.assert_raises_regex(GeneratorInputError, err_msg,
+ parse_function_code, stream, [], [])
+
+ def test_no_end_case_comment(self):
+ """
+ Test missing end case.
+ :return:
+ """
+ data = '''
+void test_func()
+{
+}
+'''
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ err_msg = r'file: test_suite_ut.function - '\
+ 'end case pattern .*? not found!'
+ self.assert_raises_regex(GeneratorInputError, err_msg,
+ parse_function_code, stream, [], [])
+
+ @patch("generate_test_code.parse_function_arguments")
+ def test_function_called(self,
+ parse_function_arguments_mock):
+ """
+ Test parse_function_code()
+ :return:
+ """
+ parse_function_arguments_mock.return_value = ([], '', [])
+ data = '''
+void test_func()
+{
+}
+'''
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ self.assertRaises(GeneratorInputError, parse_function_code,
+ stream, [], [])
+ self.assertTrue(parse_function_arguments_mock.called)
+ parse_function_arguments_mock.assert_called_with('void test_func()\n')
+
+ @patch("generate_test_code.gen_dispatch")
+ @patch("generate_test_code.gen_dependencies")
+ @patch("generate_test_code.gen_function_wrapper")
+ @patch("generate_test_code.parse_function_arguments")
+ def test_return(self, parse_function_arguments_mock,
+ gen_function_wrapper_mock,
+ gen_dependencies_mock,
+ gen_dispatch_mock):
+ """
+ Test generated code.
+ :return:
+ """
+ parse_function_arguments_mock.return_value = ([], '', [])
+ gen_function_wrapper_mock.return_value = ''
+ gen_dependencies_mock.side_effect = gen_dependencies
+ gen_dispatch_mock.side_effect = gen_dispatch
+ data = '''
+void func()
+{
+ ba ba black sheep
+ have you any wool
+}
+/* END_CASE */
+'''
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ name, arg, code, dispatch_code = parse_function_code(stream, [], [])
+
+ self.assertTrue(parse_function_arguments_mock.called)
+ parse_function_arguments_mock.assert_called_with('void func()\n')
+ gen_function_wrapper_mock.assert_called_with('test_func', '', [])
+ self.assertEqual(name, 'test_func')
+ self.assertEqual(arg, [])
+ expected = '''#line 1 "test_suite_ut.function"
+
+void test_func()
+{
+ ba ba black sheep
+ have you any wool
+exit:
+ ;
+}
+'''
+ self.assertEqual(code, expected)
+ self.assertEqual(dispatch_code, "\n test_func_wrapper,\n")
+
+ @patch("generate_test_code.gen_dispatch")
+ @patch("generate_test_code.gen_dependencies")
+ @patch("generate_test_code.gen_function_wrapper")
+ @patch("generate_test_code.parse_function_arguments")
+ def test_with_exit_label(self, parse_function_arguments_mock,
+ gen_function_wrapper_mock,
+ gen_dependencies_mock,
+ gen_dispatch_mock):
+ """
+ Test when exit label is present.
+ :return:
+ """
+ parse_function_arguments_mock.return_value = ([], '', [])
+ gen_function_wrapper_mock.return_value = ''
+ gen_dependencies_mock.side_effect = gen_dependencies
+ gen_dispatch_mock.side_effect = gen_dispatch
+ data = '''
+void func()
+{
+ ba ba black sheep
+ have you any wool
+exit:
+ yes sir yes sir
+ 3 bags full
+}
+/* END_CASE */
+'''
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ _, _, code, _ = parse_function_code(stream, [], [])
+
+ expected = '''#line 1 "test_suite_ut.function"
+
+void test_func()
+{
+ ba ba black sheep
+ have you any wool
+exit:
+ yes sir yes sir
+ 3 bags full
+}
+'''
+ self.assertEqual(code, expected)
+
+ def test_non_void_function(self):
+ """
+ Test invalid signature (non void).
+ :return:
+ """
+ data = 'int entropy_threshold( char * a, data_t * h, int result )'
+ err_msg = 'file: test_suite_ut.function - Test functions not found!'
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ self.assert_raises_regex(GeneratorInputError, err_msg,
+ parse_function_code, stream, [], [])
+
+ @patch("generate_test_code.gen_dispatch")
+ @patch("generate_test_code.gen_dependencies")
+ @patch("generate_test_code.gen_function_wrapper")
+ @patch("generate_test_code.parse_function_arguments")
+ def test_functio_name_on_newline(self, parse_function_arguments_mock,
+ gen_function_wrapper_mock,
+ gen_dependencies_mock,
+ gen_dispatch_mock):
+ """
+ Test when exit label is present.
+ :return:
+ """
+ parse_function_arguments_mock.return_value = ([], '', [])
+ gen_function_wrapper_mock.return_value = ''
+ gen_dependencies_mock.side_effect = gen_dependencies
+ gen_dispatch_mock.side_effect = gen_dispatch
+ data = '''
+void
+
+
+func()
+{
+ ba ba black sheep
+ have you any wool
+exit:
+ yes sir yes sir
+ 3 bags full
+}
+/* END_CASE */
+'''
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ _, _, code, _ = parse_function_code(stream, [], [])
+
+ expected = '''#line 1 "test_suite_ut.function"
+
+void
+
+
+test_func()
+{
+ ba ba black sheep
+ have you any wool
+exit:
+ yes sir yes sir
+ 3 bags full
+}
+'''
+ self.assertEqual(code, expected)
+
+
+class ParseFunction(TestCase):
+ """
+ Test Suite for testing parse_functions()
+ """
+
+ @patch("generate_test_code.parse_until_pattern")
+ def test_begin_header(self, parse_until_pattern_mock):
+ """
+ Test that begin header is checked and parse_until_pattern() is called.
+ :return:
+ """
+ def stop(*_unused):
+ """Stop when parse_until_pattern is called."""
+ raise Exception
+ parse_until_pattern_mock.side_effect = stop
+ data = '''/* BEGIN_HEADER */
+#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN -1
+/* END_HEADER */
+'''
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ self.assertRaises(Exception, parse_functions, stream)
+ parse_until_pattern_mock.assert_called_with(stream, END_HEADER_REGEX)
+ self.assertEqual(stream.line_no, 1)
+
+ @patch("generate_test_code.parse_until_pattern")
+ def test_begin_helper(self, parse_until_pattern_mock):
+ """
+ Test that begin helper is checked and parse_until_pattern() is called.
+ :return:
+ """
+ def stop(*_unused):
+ """Stop when parse_until_pattern is called."""
+ raise Exception
+ parse_until_pattern_mock.side_effect = stop
+ data = '''/* BEGIN_SUITE_HELPERS */
+void print_hello_world()
+{
+ printf("Hello World!\n");
+}
+/* END_SUITE_HELPERS */
+'''
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ self.assertRaises(Exception, parse_functions, stream)
+ parse_until_pattern_mock.assert_called_with(stream,
+ END_SUITE_HELPERS_REGEX)
+ self.assertEqual(stream.line_no, 1)
+
+ @patch("generate_test_code.parse_suite_dependencies")
+ def test_begin_dep(self, parse_suite_dependencies_mock):
+ """
+ Test that begin dep is checked and parse_suite_dependencies() is
+ called.
+ :return:
+ """
+ def stop(*_unused):
+ """Stop when parse_until_pattern is called."""
+ raise Exception
+ parse_suite_dependencies_mock.side_effect = stop
+ data = '''/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_ECP_C
+ * END_DEPENDENCIES
+ */
+'''
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ self.assertRaises(Exception, parse_functions, stream)
+ parse_suite_dependencies_mock.assert_called_with(stream)
+ self.assertEqual(stream.line_no, 1)
+
+ @patch("generate_test_code.parse_function_dependencies")
+ def test_begin_function_dep(self, func_mock):
+ """
+ Test that begin dep is checked and parse_function_dependencies() is
+ called.
+ :return:
+ """
+ def stop(*_unused):
+ """Stop when parse_until_pattern is called."""
+ raise Exception
+ func_mock.side_effect = stop
+
+ dependencies_str = '/* BEGIN_CASE ' \
+ 'depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */\n'
+ data = '''%svoid test_func()
+{
+}
+''' % dependencies_str
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ self.assertRaises(Exception, parse_functions, stream)
+ func_mock.assert_called_with(dependencies_str)
+ self.assertEqual(stream.line_no, 1)
+
+ @patch("generate_test_code.parse_function_code")
+ @patch("generate_test_code.parse_function_dependencies")
+ def test_return(self, func_mock1, func_mock2):
+ """
+ Test that begin case is checked and parse_function_code() is called.
+ :return:
+ """
+ func_mock1.return_value = []
+ in_func_code = '''void test_func()
+{
+}
+'''
+ func_dispatch = '''
+ test_func_wrapper,
+'''
+ func_mock2.return_value = 'test_func', [],\
+ in_func_code, func_dispatch
+ dependencies_str = '/* BEGIN_CASE ' \
+ 'depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */\n'
+ data = '''%svoid test_func()
+{
+}
+''' % dependencies_str
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ suite_dependencies, dispatch_code, func_code, func_info = \
+ parse_functions(stream)
+ func_mock1.assert_called_with(dependencies_str)
+ func_mock2.assert_called_with(stream, [], [])
+ self.assertEqual(stream.line_no, 5)
+ self.assertEqual(suite_dependencies, [])
+ expected_dispatch_code = '''/* Function Id: 0 */
+
+ test_func_wrapper,
+'''
+ self.assertEqual(dispatch_code, expected_dispatch_code)
+ self.assertEqual(func_code, in_func_code)
+ self.assertEqual(func_info, {'test_func': (0, [])})
+
+ def test_parsing(self):
+ """
+ Test case parsing.
+ :return:
+ """
+ data = '''/* BEGIN_HEADER */
+#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN -1
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_ECP_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
+void func1()
+{
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
+void func2()
+{
+}
+/* END_CASE */
+'''
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ suite_dependencies, dispatch_code, func_code, func_info = \
+ parse_functions(stream)
+ self.assertEqual(stream.line_no, 23)
+ self.assertEqual(suite_dependencies, ['MBEDTLS_ECP_C'])
+
+ expected_dispatch_code = '''/* Function Id: 0 */
+
+#if defined(MBEDTLS_ECP_C) && defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_FS_IO)
+ test_func1_wrapper,
+#else
+ NULL,
+#endif
+/* Function Id: 1 */
+
+#if defined(MBEDTLS_ECP_C) && defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_FS_IO)
+ test_func2_wrapper,
+#else
+ NULL,
+#endif
+'''
+ self.assertEqual(dispatch_code, expected_dispatch_code)
+ expected_func_code = '''#if defined(MBEDTLS_ECP_C)
+#line 2 "test_suite_ut.function"
+#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN -1
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+#if defined(MBEDTLS_FS_IO)
+#line 13 "test_suite_ut.function"
+void test_func1()
+{
+exit:
+ ;
+}
+
+void test_func1_wrapper( void ** params )
+{
+ (void)params;
+
+ test_func1( );
+}
+#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_ENTROPY_NV_SEED */
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+#if defined(MBEDTLS_FS_IO)
+#line 19 "test_suite_ut.function"
+void test_func2()
+{
+exit:
+ ;
+}
+
+void test_func2_wrapper( void ** params )
+{
+ (void)params;
+
+ test_func2( );
+}
+#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_ENTROPY_NV_SEED */
+#endif /* MBEDTLS_ECP_C */
+'''
+ self.assertEqual(func_code, expected_func_code)
+ self.assertEqual(func_info, {'test_func1': (0, []),
+ 'test_func2': (1, [])})
+
+ def test_same_function_name(self):
+ """
+ Test name conflict.
+ :return:
+ """
+ data = '''/* BEGIN_HEADER */
+#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN -1
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_ECP_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
+void func()
+{
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
+void func()
+{
+}
+/* END_CASE */
+'''
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ self.assertRaises(GeneratorInputError, parse_functions, stream)
+
+
+class EscapedSplit(TestCase):
+ """
+ Test suite for testing escaped_split().
+ Note: Since escaped_split() output is used to write back to the
+ intermediate data file. Any escape characters in the input are
+ retained in the output.
+ """
+
+ def test_invalid_input(self):
+ """
+ Test when input split character is not a character.
+ :return:
+ """
+ self.assertRaises(ValueError, escaped_split, '', 'string')
+
+ def test_empty_string(self):
+ """
+ Test empty string input.
+ :return:
+ """
+ splits = escaped_split('', ':')
+ self.assertEqual(splits, [])
+
+ def test_no_escape(self):
+ """
+ Test with no escape character. The behaviour should be same as
+ str.split()
+ :return:
+ """
+ test_str = 'yahoo:google'
+ splits = escaped_split(test_str, ':')
+ self.assertEqual(splits, test_str.split(':'))
+
+ def test_escaped_input(self):
+ """
+ Test input that has escaped delimiter.
+ :return:
+ """
+ test_str = r'yahoo\:google:facebook'
+ splits = escaped_split(test_str, ':')
+ self.assertEqual(splits, [r'yahoo\:google', 'facebook'])
+
+ def test_escaped_escape(self):
+ """
+ Test input that has escaped delimiter.
+ :return:
+ """
+ test_str = r'yahoo\\:google:facebook'
+ splits = escaped_split(test_str, ':')
+ self.assertEqual(splits, [r'yahoo\\', 'google', 'facebook'])
+
+ def test_all_at_once(self):
+ """
+ Test input that has escaped delimiter.
+ :return:
+ """
+ test_str = r'yahoo\\:google:facebook\:instagram\\:bbc\\:wikipedia'
+ splits = escaped_split(test_str, ':')
+ self.assertEqual(splits, [r'yahoo\\', r'google',
+ r'facebook\:instagram\\',
+ r'bbc\\', r'wikipedia'])
+
+
+class ParseTestData(TestCase):
+ """
+ Test suite for parse test data.
+ """
+
+ def test_parser(self):
+ """
+ Test that tests are parsed correctly from data file.
+ :return:
+ """
+ data = """
+Diffie-Hellman full exchange #1
+dhm_do_dhm:10:"23":10:"5"
+
+Diffie-Hellman full exchange #2
+dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
+
+Diffie-Hellman full exchange #3
+dhm_do_dhm:10:"9345098382739712938719287391879381271":10:"9345098792137312973297123912791271"
+
+Diffie-Hellman selftest
+dhm_selftest:
+"""
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ tests = [(name, test_function, dependencies, args)
+ for name, test_function, dependencies, args in
+ parse_test_data(stream)]
+ test1, test2, test3, test4 = tests
+ self.assertEqual(test1[0], 'Diffie-Hellman full exchange #1')
+ self.assertEqual(test1[1], 'dhm_do_dhm')
+ self.assertEqual(test1[2], [])
+ self.assertEqual(test1[3], ['10', '"23"', '10', '"5"'])
+
+ self.assertEqual(test2[0], 'Diffie-Hellman full exchange #2')
+ self.assertEqual(test2[1], 'dhm_do_dhm')
+ self.assertEqual(test2[2], [])
+ self.assertEqual(test2[3], ['10', '"93450983094850938450983409623"',
+ '10', '"9345098304850938450983409622"'])
+
+ self.assertEqual(test3[0], 'Diffie-Hellman full exchange #3')
+ self.assertEqual(test3[1], 'dhm_do_dhm')
+ self.assertEqual(test3[2], [])
+ self.assertEqual(test3[3], ['10',
+ '"9345098382739712938719287391879381271"',
+ '10',
+ '"9345098792137312973297123912791271"'])
+
+ self.assertEqual(test4[0], 'Diffie-Hellman selftest')
+ self.assertEqual(test4[1], 'dhm_selftest')
+ self.assertEqual(test4[2], [])
+ self.assertEqual(test4[3], [])
+
+ def test_with_dependencies(self):
+ """
+ Test that tests with dependencies are parsed.
+ :return:
+ """
+ data = """
+Diffie-Hellman full exchange #1
+depends_on:YAHOO
+dhm_do_dhm:10:"23":10:"5"
+
+Diffie-Hellman full exchange #2
+dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
+
+"""
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ tests = [(name, function_name, dependencies, args)
+ for name, function_name, dependencies, args in
+ parse_test_data(stream)]
+ test1, test2 = tests
+ self.assertEqual(test1[0], 'Diffie-Hellman full exchange #1')
+ self.assertEqual(test1[1], 'dhm_do_dhm')
+ self.assertEqual(test1[2], ['YAHOO'])
+ self.assertEqual(test1[3], ['10', '"23"', '10', '"5"'])
+
+ self.assertEqual(test2[0], 'Diffie-Hellman full exchange #2')
+ self.assertEqual(test2[1], 'dhm_do_dhm')
+ self.assertEqual(test2[2], [])
+ self.assertEqual(test2[3], ['10', '"93450983094850938450983409623"',
+ '10', '"9345098304850938450983409622"'])
+
+ def test_no_args(self):
+ """
+ Test GeneratorInputError is raised when test function name and
+ args line is missing.
+ :return:
+ """
+ data = """
+Diffie-Hellman full exchange #1
+depends_on:YAHOO
+
+
+Diffie-Hellman full exchange #2
+dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
+
+"""
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ err = None
+ try:
+ for _, _, _, _ in parse_test_data(stream):
+ pass
+ except GeneratorInputError as err:
+ self.assertEqual(type(err), GeneratorInputError)
+
+ def test_incomplete_data(self):
+ """
+ Test GeneratorInputError is raised when test function name
+ and args line is missing.
+ :return:
+ """
+ data = """
+Diffie-Hellman full exchange #1
+depends_on:YAHOO
+"""
+ stream = StringIOWrapper('test_suite_ut.function', data)
+ err = None
+ try:
+ for _, _, _, _ in parse_test_data(stream):
+ pass
+ except GeneratorInputError as err:
+ self.assertEqual(type(err), GeneratorInputError)
+
+
+class GenDepCheck(TestCase):
+ """
+ Test suite for gen_dep_check(). It is assumed this function is
+ called with valid inputs.
+ """
+
+ def test_gen_dep_check(self):
+ """
+ Test that dependency check code generated correctly.
+ :return:
+ """
+ expected = """
+ case 5:
+ {
+#if defined(YAHOO)
+ ret = DEPENDENCY_SUPPORTED;
+#else
+ ret = DEPENDENCY_NOT_SUPPORTED;
+#endif
+ }
+ break;"""
+ out = gen_dep_check(5, 'YAHOO')
+ self.assertEqual(out, expected)
+
+ def test_not_defined_dependency(self):
+ """
+ Test dependency with !.
+ :return:
+ """
+ expected = """
+ case 5:
+ {
+#if !defined(YAHOO)
+ ret = DEPENDENCY_SUPPORTED;
+#else
+ ret = DEPENDENCY_NOT_SUPPORTED;
+#endif
+ }
+ break;"""
+ out = gen_dep_check(5, '!YAHOO')
+ self.assertEqual(out, expected)
+
+ def test_empty_dependency(self):
+ """
+ Test invalid dependency input.
+ :return:
+ """
+ self.assertRaises(GeneratorInputError, gen_dep_check, 5, '!')
+
+ def test_negative_dep_id(self):
+ """
+ Test invalid dependency input.
+ :return:
+ """
+ self.assertRaises(GeneratorInputError, gen_dep_check, -1, 'YAHOO')
+
+
+class GenExpCheck(TestCase):
+ """
+ Test suite for gen_expression_check(). It is assumed this function
+ is called with valid inputs.
+ """
+
+ def test_gen_exp_check(self):
+ """
+ Test that expression check code generated correctly.
+ :return:
+ """
+ expected = """
+ case 5:
+ {
+ *out_value = YAHOO;
+ }
+ break;"""
+ out = gen_expression_check(5, 'YAHOO')
+ self.assertEqual(out, expected)
+
+ def test_invalid_expression(self):
+ """
+ Test invalid expression input.
+ :return:
+ """
+ self.assertRaises(GeneratorInputError, gen_expression_check, 5, '')
+
+ def test_negative_exp_id(self):
+ """
+ Test invalid expression id.
+ :return:
+ """
+ self.assertRaises(GeneratorInputError, gen_expression_check,
+ -1, 'YAHOO')
+
+
+class WriteDependencies(TestCase):
+ """
+ Test suite for testing write_dependencies.
+ """
+
+ def test_no_test_dependencies(self):
+ """
+ Test when test dependencies input is empty.
+ :return:
+ """
+ stream = StringIOWrapper('test_suite_ut.data', '')
+ unique_dependencies = []
+ dep_check_code = write_dependencies(stream, [], unique_dependencies)
+ self.assertEqual(dep_check_code, '')
+ self.assertEqual(len(unique_dependencies), 0)
+ self.assertEqual(stream.getvalue(), '')
+
+ def test_unique_dep_ids(self):
+ """
+
+ :return:
+ """
+ stream = StringIOWrapper('test_suite_ut.data', '')
+ unique_dependencies = []
+ dep_check_code = write_dependencies(stream, ['DEP3', 'DEP2', 'DEP1'],
+ unique_dependencies)
+ expect_dep_check_code = '''
+ case 0:
+ {
+#if defined(DEP3)
+ ret = DEPENDENCY_SUPPORTED;
+#else
+ ret = DEPENDENCY_NOT_SUPPORTED;
+#endif
+ }
+ break;
+ case 1:
+ {
+#if defined(DEP2)
+ ret = DEPENDENCY_SUPPORTED;
+#else
+ ret = DEPENDENCY_NOT_SUPPORTED;
+#endif
+ }
+ break;
+ case 2:
+ {
+#if defined(DEP1)
+ ret = DEPENDENCY_SUPPORTED;
+#else
+ ret = DEPENDENCY_NOT_SUPPORTED;
+#endif
+ }
+ break;'''
+ self.assertEqual(dep_check_code, expect_dep_check_code)
+ self.assertEqual(len(unique_dependencies), 3)
+ self.assertEqual(stream.getvalue(), 'depends_on:0:1:2\n')
+
+ def test_dep_id_repeat(self):
+ """
+
+ :return:
+ """
+ stream = StringIOWrapper('test_suite_ut.data', '')
+ unique_dependencies = []
+ dep_check_code = ''
+ dep_check_code += write_dependencies(stream, ['DEP3', 'DEP2'],
+ unique_dependencies)
+ dep_check_code += write_dependencies(stream, ['DEP2', 'DEP1'],
+ unique_dependencies)
+ dep_check_code += write_dependencies(stream, ['DEP1', 'DEP3'],
+ unique_dependencies)
+ expect_dep_check_code = '''
+ case 0:
+ {
+#if defined(DEP3)
+ ret = DEPENDENCY_SUPPORTED;
+#else
+ ret = DEPENDENCY_NOT_SUPPORTED;
+#endif
+ }
+ break;
+ case 1:
+ {
+#if defined(DEP2)
+ ret = DEPENDENCY_SUPPORTED;
+#else
+ ret = DEPENDENCY_NOT_SUPPORTED;
+#endif
+ }
+ break;
+ case 2:
+ {
+#if defined(DEP1)
+ ret = DEPENDENCY_SUPPORTED;
+#else
+ ret = DEPENDENCY_NOT_SUPPORTED;
+#endif
+ }
+ break;'''
+ self.assertEqual(dep_check_code, expect_dep_check_code)
+ self.assertEqual(len(unique_dependencies), 3)
+ self.assertEqual(stream.getvalue(),
+ 'depends_on:0:1\ndepends_on:1:2\ndepends_on:2:0\n')
+
+
+class WriteParams(TestCase):
+ """
+ Test Suite for testing write_parameters().
+ """
+
+ def test_no_params(self):
+ """
+ Test with empty test_args
+ :return:
+ """
+ stream = StringIOWrapper('test_suite_ut.data', '')
+ unique_expressions = []
+ expression_code = write_parameters(stream, [], [], unique_expressions)
+ self.assertEqual(len(unique_expressions), 0)
+ self.assertEqual(expression_code, '')
+ self.assertEqual(stream.getvalue(), '\n')
+
+ def test_no_exp_param(self):
+ """
+ Test when there is no macro or expression in the params.
+ :return:
+ """
+ stream = StringIOWrapper('test_suite_ut.data', '')
+ unique_expressions = []
+ expression_code = write_parameters(stream, ['"Yahoo"', '"abcdef00"',
+ '0'],
+ ['char*', 'hex', 'int'],
+ unique_expressions)
+ self.assertEqual(len(unique_expressions), 0)
+ self.assertEqual(expression_code, '')
+ self.assertEqual(stream.getvalue(),
+ ':char*:"Yahoo":hex:"abcdef00":int:0\n')
+
+ def test_hex_format_int_param(self):
+ """
+ Test int parameter in hex format.
+ :return:
+ """
+ stream = StringIOWrapper('test_suite_ut.data', '')
+ unique_expressions = []
+ expression_code = write_parameters(stream,
+ ['"Yahoo"', '"abcdef00"', '0xAA'],
+ ['char*', 'hex', 'int'],
+ unique_expressions)
+ self.assertEqual(len(unique_expressions), 0)
+ self.assertEqual(expression_code, '')
+ self.assertEqual(stream.getvalue(),
+ ':char*:"Yahoo":hex:"abcdef00":int:0xAA\n')
+
+ def test_with_exp_param(self):
+ """
+ Test when there is macro or expression in the params.
+ :return:
+ """
+ stream = StringIOWrapper('test_suite_ut.data', '')
+ unique_expressions = []
+ expression_code = write_parameters(stream,
+ ['"Yahoo"', '"abcdef00"', '0',
+ 'MACRO1', 'MACRO2', 'MACRO3'],
+ ['char*', 'hex', 'int',
+ 'int', 'int', 'int'],
+ unique_expressions)
+ self.assertEqual(len(unique_expressions), 3)
+ self.assertEqual(unique_expressions, ['MACRO1', 'MACRO2', 'MACRO3'])
+ expected_expression_code = '''
+ case 0:
+ {
+ *out_value = MACRO1;
+ }
+ break;
+ case 1:
+ {
+ *out_value = MACRO2;
+ }
+ break;
+ case 2:
+ {
+ *out_value = MACRO3;
+ }
+ break;'''
+ self.assertEqual(expression_code, expected_expression_code)
+ self.assertEqual(stream.getvalue(),
+ ':char*:"Yahoo":hex:"abcdef00":int:0:exp:0:exp:1'
+ ':exp:2\n')
+
+ def test_with_repeat_calls(self):
+ """
+ Test when write_parameter() is called with same macro or expression.
+ :return:
+ """
+ stream = StringIOWrapper('test_suite_ut.data', '')
+ unique_expressions = []
+ expression_code = ''
+ expression_code += write_parameters(stream,
+ ['"Yahoo"', 'MACRO1', 'MACRO2'],
+ ['char*', 'int', 'int'],
+ unique_expressions)
+ expression_code += write_parameters(stream,
+ ['"abcdef00"', 'MACRO2', 'MACRO3'],
+ ['hex', 'int', 'int'],
+ unique_expressions)
+ expression_code += write_parameters(stream,
+ ['0', 'MACRO3', 'MACRO1'],
+ ['int', 'int', 'int'],
+ unique_expressions)
+ self.assertEqual(len(unique_expressions), 3)
+ self.assertEqual(unique_expressions, ['MACRO1', 'MACRO2', 'MACRO3'])
+ expected_expression_code = '''
+ case 0:
+ {
+ *out_value = MACRO1;
+ }
+ break;
+ case 1:
+ {
+ *out_value = MACRO2;
+ }
+ break;
+ case 2:
+ {
+ *out_value = MACRO3;
+ }
+ break;'''
+ self.assertEqual(expression_code, expected_expression_code)
+ expected_data_file = ''':char*:"Yahoo":exp:0:exp:1
+:hex:"abcdef00":exp:1:exp:2
+:int:0:exp:2:exp:0
+'''
+ self.assertEqual(stream.getvalue(), expected_data_file)
+
+
+class GenTestSuiteDependenciesChecks(TestCase):
+ """
+ Test suite for testing gen_suite_dep_checks()
+ """
+ def test_empty_suite_dependencies(self):
+ """
+ Test with empty suite_dependencies list.
+
+ :return:
+ """
+ dep_check_code, expression_code = \
+ gen_suite_dep_checks([], 'DEP_CHECK_CODE', 'EXPRESSION_CODE')
+ self.assertEqual(dep_check_code, 'DEP_CHECK_CODE')
+ self.assertEqual(expression_code, 'EXPRESSION_CODE')
+
+ def test_suite_dependencies(self):
+ """
+ Test with suite_dependencies list.
+
+ :return:
+ """
+ dep_check_code, expression_code = \
+ gen_suite_dep_checks(['SUITE_DEP'], 'DEP_CHECK_CODE',
+ 'EXPRESSION_CODE')
+ expected_dep_check_code = '''
+#if defined(SUITE_DEP)
+DEP_CHECK_CODE
+#endif
+'''
+ expected_expression_code = '''
+#if defined(SUITE_DEP)
+EXPRESSION_CODE
+#endif
+'''
+ self.assertEqual(dep_check_code, expected_dep_check_code)
+ self.assertEqual(expression_code, expected_expression_code)
+
+ def test_no_dep_no_exp(self):
+ """
+ Test when there are no dependency and expression code.
+ :return:
+ """
+ dep_check_code, expression_code = gen_suite_dep_checks([], '', '')
+ self.assertEqual(dep_check_code, '')
+ self.assertEqual(expression_code, '')
+
+
+class GenFromTestData(TestCase):
+ """
+ Test suite for gen_from_test_data()
+ """
+
+ @staticmethod
+ @patch("generate_test_code.write_dependencies")
+ @patch("generate_test_code.write_parameters")
+ @patch("generate_test_code.gen_suite_dep_checks")
+ def test_intermediate_data_file(func_mock1,
+ write_parameters_mock,
+ write_dependencies_mock):
+ """
+ Test that intermediate data file is written with expected data.
+ :return:
+ """
+ data = '''
+My test
+depends_on:DEP1
+func1:0
+'''
+ data_f = StringIOWrapper('test_suite_ut.data', data)
+ out_data_f = StringIOWrapper('test_suite_ut.datax', '')
+ func_info = {'test_func1': (1, ('int',))}
+ suite_dependencies = []
+ write_parameters_mock.side_effect = write_parameters
+ write_dependencies_mock.side_effect = write_dependencies
+ func_mock1.side_effect = gen_suite_dep_checks
+ gen_from_test_data(data_f, out_data_f, func_info, suite_dependencies)
+ write_dependencies_mock.assert_called_with(out_data_f,
+ ['DEP1'], ['DEP1'])
+ write_parameters_mock.assert_called_with(out_data_f, ['0'],
+ ('int',), [])
+ expected_dep_check_code = '''
+ case 0:
+ {
+#if defined(DEP1)
+ ret = DEPENDENCY_SUPPORTED;
+#else
+ ret = DEPENDENCY_NOT_SUPPORTED;
+#endif
+ }
+ break;'''
+ func_mock1.assert_called_with(
+ suite_dependencies, expected_dep_check_code, '')
+
+ def test_function_not_found(self):
+ """
+ Test that AssertError is raised when function info in not found.
+ :return:
+ """
+ data = '''
+My test
+depends_on:DEP1
+func1:0
+'''
+ data_f = StringIOWrapper('test_suite_ut.data', data)
+ out_data_f = StringIOWrapper('test_suite_ut.datax', '')
+ func_info = {'test_func2': (1, ('int',))}
+ suite_dependencies = []
+ self.assertRaises(GeneratorInputError, gen_from_test_data,
+ data_f, out_data_f, func_info, suite_dependencies)
+
+ def test_different_func_args(self):
+ """
+ Test that AssertError is raised when no. of parameters and
+ function args differ.
+ :return:
+ """
+ data = '''
+My test
+depends_on:DEP1
+func1:0
+'''
+ data_f = StringIOWrapper('test_suite_ut.data', data)
+ out_data_f = StringIOWrapper('test_suite_ut.datax', '')
+ func_info = {'test_func2': (1, ('int', 'hex'))}
+ suite_dependencies = []
+ self.assertRaises(GeneratorInputError, gen_from_test_data, data_f,
+ out_data_f, func_info, suite_dependencies)
+
+ def test_output(self):
+ """
+ Test that intermediate data file is written with expected data.
+ :return:
+ """
+ data = '''
+My test 1
+depends_on:DEP1
+func1:0:0xfa:MACRO1:MACRO2
+
+My test 2
+depends_on:DEP1:DEP2
+func2:"yahoo":88:MACRO1
+'''
+ data_f = StringIOWrapper('test_suite_ut.data', data)
+ out_data_f = StringIOWrapper('test_suite_ut.datax', '')
+ func_info = {'test_func1': (0, ('int', 'int', 'int', 'int')),
+ 'test_func2': (1, ('char*', 'int', 'int'))}
+ suite_dependencies = []
+ dep_check_code, expression_code = \
+ gen_from_test_data(data_f, out_data_f, func_info,
+ suite_dependencies)
+ expected_dep_check_code = '''
+ case 0:
+ {
+#if defined(DEP1)
+ ret = DEPENDENCY_SUPPORTED;
+#else
+ ret = DEPENDENCY_NOT_SUPPORTED;
+#endif
+ }
+ break;
+ case 1:
+ {
+#if defined(DEP2)
+ ret = DEPENDENCY_SUPPORTED;
+#else
+ ret = DEPENDENCY_NOT_SUPPORTED;
+#endif
+ }
+ break;'''
+ expected_data = '''My test 1
+depends_on:0
+0:int:0:int:0xfa:exp:0:exp:1
+
+My test 2
+depends_on:0:1
+1:char*:"yahoo":int:88:exp:0
+
+'''
+ expected_expression_code = '''
+ case 0:
+ {
+ *out_value = MACRO1;
+ }
+ break;
+ case 1:
+ {
+ *out_value = MACRO2;
+ }
+ break;'''
+ self.assertEqual(dep_check_code, expected_dep_check_code)
+ self.assertEqual(out_data_f.getvalue(), expected_data)
+ self.assertEqual(expression_code, expected_expression_code)
+
+
+if __name__ == '__main__':
+ unittest_main()
diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb
index 617ab55..c929c88 100644
--- a/tests/scripts/test_zeroize.gdb
+++ b/tests/scripts/test_zeroize.gdb
@@ -17,7 +17,7 @@
# seem to be a mechanism to reliably check whether the zeroize calls are being
# eliminated by compiler optimizations from within the compiled program. The
# problem is that a compiler would typically remove what it considers to be
-# "unecessary" assignments as part of redundant code elimination. To identify
+# "unnecessary" assignments as part of redundant code elimination. To identify
# such code, the compilar will create some form dependency graph between
# reads and writes to variables (among other situations). It will then use this
# data structure to remove redundant code that does not have an impact on the
@@ -41,6 +41,7 @@
# number does not need to be updated often.
set confirm off
+
file ./programs/test/zeroize
break zeroize.c:100
diff --git a/tests/scripts/yotta-build.sh b/tests/scripts/yotta-build.sh
deleted file mode 100755
index 4bae34a..0000000
--- a/tests/scripts/yotta-build.sh
+++ /dev/null
@@ -1,61 +0,0 @@
-#!/bin/sh
-
-# yotta-build.sh
-#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
-# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# To run test builds of the yotta module for all supported targets.
-
-set -eu
-
-check_tools()
-{
- for TOOL in "$@"; do
- if ! `hash "$TOOL" >/dev/null 2>&1`; then
- echo "$TOOL not found!" >&2
- exit 1
- fi
- done
-}
-
-yotta_build()
-{
- TARGET=$1
-
- echo; echo "*** $TARGET (release) ***"
- yt -t $TARGET build
-
- echo; echo "*** $TARGET (debug) ***"
- yt -t $TARGET build -d
-}
-
-# Make sure the tools we need are available.
-check_tools "arm-none-eabi-gcc" "armcc" "yotta"
-
-yotta/create-module.sh
-cd yotta/module
-yt update || true # needs network
-
-if uname -a | grep 'Linux.*x86' >/dev/null; then
- yotta_build x86-linux-native
-fi
-if uname -a | grep 'Darwin.*x86' >/dev/null; then
- yotta_build x86-osx-native
-fi
-
-# armcc build tests.
-yotta_build frdm-k64f-armcc
-#yotta_build nordic-nrf51822-16k-armcc
-
-# arm-none-eabi-gcc build tests.
-yotta_build frdm-k64f-gcc
-#yotta_build st-nucleo-f401re-gcc # dirent
-#yotta_build stm32f429i-disco-gcc # fails in mbed-hal-st-stm32f4
-#yotta_build nordic-nrf51822-16k-gcc # fails in minar-platform
-#yotta_build bbc-microbit-classic-gcc # fails in minar-platform
-#yotta_build st-stm32f439zi-gcc # fails in mbed-hal-st-stm32f4
-#yotta_build st-stm32f429i-disco-gcc # fails in mbed-hal-st-stm32f4
diff --git a/tests/ssl-opt-in-docker.sh b/tests/ssl-opt-in-docker.sh
new file mode 100755
index 0000000..e6e469d
--- /dev/null
+++ b/tests/ssl-opt-in-docker.sh
@@ -0,0 +1,65 @@
+#!/bin/bash -eu
+
+# ssl-opt-in-docker.sh
+#
+# Purpose
+# -------
+# This runs ssl-opt.sh in a Docker container.
+#
+# Notes for users
+# ---------------
+# If OPENSSL_CMD, GNUTLS_CLI, or GNUTLS_SERV are specified, the path must
+# correspond to an executable inside the Docker container. The special
+# values "next" and "legacy" are also allowed as shorthand for the
+# installations inside the container.
+#
+# See also:
+# - scripts/docker_env.sh for general Docker prerequisites and other information.
+# - ssl-opt.sh for notes about invocation of that script.
+
+# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
+source tests/scripts/docker_env.sh
+
+case "${OPENSSL_CMD:-default}" in
+ "legacy") export OPENSSL_CMD="/usr/local/openssl-1.0.1j/bin/openssl";;
+ "next") export OPENSSL_CMD="/usr/local/openssl-1.1.1a/bin/openssl";;
+ *) ;;
+esac
+
+case "${GNUTLS_CLI:-default}" in
+ "legacy") export GNUTLS_CLI="/usr/local/gnutls-3.3.8/bin/gnutls-cli";;
+ "next") export GNUTLS_CLI="/usr/local/gnutls-3.6.5/bin/gnutls-cli";;
+ *) ;;
+esac
+
+case "${GNUTLS_SERV:-default}" in
+ "legacy") export GNUTLS_SERV="/usr/local/gnutls-3.3.8/bin/gnutls-serv";;
+ "next") export GNUTLS_SERV="/usr/local/gnutls-3.6.5/bin/gnutls-serv";;
+ *) ;;
+esac
+
+run_in_docker \
+ -e P_SRV \
+ -e P_CLI \
+ -e P_PXY \
+ -e GNUTLS_CLI \
+ -e GNUTLS_SERV \
+ -e OPENSSL_CMD \
+ tests/ssl-opt.sh \
+ $@
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index a1c7d04..ed97f23 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -21,12 +21,16 @@
set -u
+# Limit the size of each log to 10 GiB, in case of failures with this script
+# where it may output seemingly unlimited length error logs.
+ulimit -f 20971520
+
if cd $( dirname $0 ); then :; else
echo "cd $( dirname $0 ) failed" >&2
exit 1
fi
-# default values, can be overriden by the environment
+# default values, can be overridden by the environment
: ${P_SRV:=../programs/ssl/ssl_server2}
: ${P_CLI:=../programs/ssl/ssl_client2}
: ${P_PXY:=../programs/test/udp_proxy}
@@ -41,6 +45,28 @@
G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile data_files/test-ca_cat12.crt"
TCP_CLIENT="$PERL scripts/tcp_client.pl"
+# alternative versions of OpenSSL and GnuTLS (no default path)
+
+if [ -n "${OPENSSL_LEGACY:-}" ]; then
+ O_LEGACY_SRV="$OPENSSL_LEGACY s_server -www -cert data_files/server5.crt -key data_files/server5.key"
+ O_LEGACY_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_LEGACY s_client"
+else
+ O_LEGACY_SRV=false
+ O_LEGACY_CLI=false
+fi
+
+if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
+ G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
+else
+ G_NEXT_SRV=false
+fi
+
+if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
+ G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile data_files/test-ca_cat12.crt"
+else
+ G_NEXT_CLI=false
+fi
+
TESTS=0
FAILS=0
SKIPS=0
@@ -120,6 +146,14 @@
done
}
+# Skip next test; use this macro to skip tests which are legitimate
+# in theory and expected to be re-introduced at some point, but
+# aren't expected to succeed at the moment due to problems outside
+# our control (such as bugs in other TLS implementations).
+skip_next_test() {
+ SKIP_NEXT="YES"
+}
+
# skip next test if the flag is not enabled in config.h
requires_config_enabled() {
if grep "^#define $1" $CONFIG_H > /dev/null; then :; else
@@ -134,6 +168,45 @@
fi
}
+get_config_value_or_default() {
+ # This function uses the query_config command line option to query the
+ # required Mbed TLS compile time configuration from the ssl_server2
+ # program. The command will always return a success value if the
+ # configuration is defined and the value will be printed to stdout.
+ #
+ # Note that if the configuration is not defined or is defined to nothing,
+ # the output of this function will be an empty string.
+ ${P_SRV} "query_config=${1}"
+}
+
+requires_config_value_at_least() {
+ VAL="$( get_config_value_or_default "$1" )"
+ if [ -z "$VAL" ]; then
+ # Should never happen
+ echo "Mbed TLS configuration $1 is not defined"
+ exit 1
+ elif [ "$VAL" -lt "$2" ]; then
+ SKIP_NEXT="YES"
+ fi
+}
+
+requires_config_value_at_most() {
+ VAL=$( get_config_value_or_default "$1" )
+ if [ -z "$VAL" ]; then
+ # Should never happen
+ echo "Mbed TLS configuration $1 is not defined"
+ exit 1
+ elif [ "$VAL" -gt "$2" ]; then
+ SKIP_NEXT="YES"
+ fi
+}
+
+requires_ciphersuite_enabled() {
+ if [ -z "$($P_CLI --help | grep $1)" ]; then
+ SKIP_NEXT="YES"
+ fi
+}
+
# skip next test if OpenSSL doesn't support FALLBACK_SCSV
requires_openssl_with_fallback_scsv() {
if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
@@ -163,6 +236,34 @@
fi
}
+# skip next test if GnuTLS-next isn't available
+requires_gnutls_next() {
+ if [ -z "${GNUTLS_NEXT_AVAILABLE:-}" ]; then
+ if ( which "${GNUTLS_NEXT_CLI:-}" && which "${GNUTLS_NEXT_SERV:-}" ) >/dev/null 2>&1; then
+ GNUTLS_NEXT_AVAILABLE="YES"
+ else
+ GNUTLS_NEXT_AVAILABLE="NO"
+ fi
+ fi
+ if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
+ SKIP_NEXT="YES"
+ fi
+}
+
+# skip next test if OpenSSL-legacy isn't available
+requires_openssl_legacy() {
+ if [ -z "${OPENSSL_LEGACY_AVAILABLE:-}" ]; then
+ if which "${OPENSSL_LEGACY:-}" >/dev/null 2>&1; then
+ OPENSSL_LEGACY_AVAILABLE="YES"
+ else
+ OPENSSL_LEGACY_AVAILABLE="NO"
+ fi
+ fi
+ if [ "$OPENSSL_LEGACY_AVAILABLE" = "NO" ]; then
+ SKIP_NEXT="YES"
+ fi
+}
+
# skip next test if IPv6 isn't available on this host
requires_ipv6() {
if [ -z "${HAS_IPV6:-}" ]; then
@@ -183,6 +284,21 @@
fi
}
+# skip next test if it's i686 or uname is not available
+requires_not_i686() {
+ if [ -z "${IS_I686:-}" ]; then
+ IS_I686="YES"
+ if which "uname" >/dev/null 2>&1; then
+ if [ -z "$(uname -a | grep i686)" ]; then
+ IS_I686="NO"
+ fi
+ fi
+ fi
+ if [ "$IS_I686" = "YES" ]; then
+ SKIP_NEXT="YES"
+ fi
+}
+
# Calculate the input & output maximum content lengths set in the config
MAX_CONTENT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384")
MAX_IN_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
@@ -425,14 +541,6 @@
SKIP_NEXT="YES"
fi
- # should we skip?
- if [ "X$SKIP_NEXT" = "XYES" ]; then
- SKIP_NEXT="NO"
- echo "SKIP"
- SKIPS=$(( $SKIPS + 1 ))
- return
- fi
-
# does this test use a proxy?
if [ "X$1" = "X-p" ]; then
PXY_CMD="$2"
@@ -447,6 +555,32 @@
CLI_EXPECT="$3"
shift 3
+ # Check if test uses files
+ TEST_USES_FILES=$(echo "$SRV_CMD $CLI_CMD" | grep "\.\(key\|crt\|pem\)" )
+ if [ ! -z "$TEST_USES_FILES" ]; then
+ requires_config_enabled MBEDTLS_FS_IO
+ fi
+
+ # Check if server forces ciphersuite
+ FORCE_CIPHERSUITE=$(echo "$SRV_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p')
+ if [ ! -z "$FORCE_CIPHERSUITE" ]; then
+ requires_ciphersuite_enabled $FORCE_CIPHERSUITE
+ fi
+
+ # Check if client forces ciphersuite
+ FORCE_CIPHERSUITE=$(echo "$CLI_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p')
+ if [ ! -z "$FORCE_CIPHERSUITE" ]; then
+ requires_ciphersuite_enabled $FORCE_CIPHERSUITE
+ fi
+
+ # should we skip?
+ if [ "X$SKIP_NEXT" = "XYES" ]; then
+ SKIP_NEXT="NO"
+ echo "SKIP"
+ SKIPS=$(( $SKIPS + 1 ))
+ return
+ fi
+
# fix client port
if [ -n "$PXY_CMD" ]; then
CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g )
@@ -577,7 +711,7 @@
# The filtering in the following two options (-u and -U) do the following
# - ignore valgrind output
- # - filter out everything but lines right after the pattern occurances
+ # - filter out everything but lines right after the pattern occurrences
# - keep one of each non-unique line
# - count how many lines remain
# A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1
@@ -632,11 +766,60 @@
if [ "$PRESERVE_LOGS" -gt 0 ]; then
mv $SRV_OUT o-srv-${TESTS}.log
mv $CLI_OUT o-cli-${TESTS}.log
+ if [ -n "$PXY_CMD" ]; then
+ mv $PXY_OUT o-pxy-${TESTS}.log
+ fi
fi
rm -f $SRV_OUT $CLI_OUT $PXY_OUT
}
+run_test_psa() {
+ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+ run_test "PSA-supported ciphersuite: $1" \
+ "$P_SRV debug_level=3 force_version=tls1_2" \
+ "$P_CLI debug_level=3 force_version=tls1_2 force_ciphersuite=$1" \
+ 0 \
+ -c "Successfully setup PSA-based decryption cipher context" \
+ -c "Successfully setup PSA-based encryption cipher context" \
+ -c "PSA calc verify" \
+ -c "calc PSA finished" \
+ -s "Successfully setup PSA-based decryption cipher context" \
+ -s "Successfully setup PSA-based encryption cipher context" \
+ -s "PSA calc verify" \
+ -s "calc PSA finished" \
+ -C "Failed to setup PSA-based cipher context"\
+ -S "Failed to setup PSA-based cipher context"\
+ -s "Protocol is TLSv1.2" \
+ -c "Perform PSA-based ECDH computation."\
+ -c "Perform PSA-based computation of digest of ServerKeyExchange" \
+ -S "error" \
+ -C "error"
+}
+
+run_test_psa_force_curve() {
+ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+ run_test "PSA - ECDH with $1" \
+ "$P_SRV debug_level=4 force_version=tls1_2" \
+ "$P_CLI debug_level=4 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \
+ 0 \
+ -c "Successfully setup PSA-based decryption cipher context" \
+ -c "Successfully setup PSA-based encryption cipher context" \
+ -c "PSA calc verify" \
+ -c "calc PSA finished" \
+ -s "Successfully setup PSA-based decryption cipher context" \
+ -s "Successfully setup PSA-based encryption cipher context" \
+ -s "PSA calc verify" \
+ -s "calc PSA finished" \
+ -C "Failed to setup PSA-based cipher context"\
+ -S "Failed to setup PSA-based cipher context"\
+ -s "Protocol is TLSv1.2" \
+ -c "Perform PSA-based ECDH computation."\
+ -c "Perform PSA-based computation of digest of ServerKeyExchange" \
+ -S "error" \
+ -C "error"
+}
+
cleanup() {
rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION
test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1
@@ -715,7 +898,20 @@
O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
O_CLI="$O_CLI -connect localhost:+SRV_PORT"
G_SRV="$G_SRV -p $SRV_PORT"
-G_CLI="$G_CLI -p +SRV_PORT localhost"
+G_CLI="$G_CLI -p +SRV_PORT"
+
+if [ -n "${OPENSSL_LEGACY:-}" ]; then
+ O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
+ O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT"
+fi
+
+if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
+ G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
+fi
+
+if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
+ G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT"
+fi
# Allow SHA-1, because many of our test certificates use it
P_SRV="$P_SRV allow_sha1=1"
@@ -755,6 +951,79 @@
-s "Protocol is DTLSv1.2" \
-s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
+requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+run_test "CA callback on client" \
+ "$P_SRV debug_level=3" \
+ "$P_CLI ca_callback=1 debug_level=3 " \
+ 0 \
+ -c "use CA callback for X.509 CRT verification" \
+ -S "error" \
+ -C "error"
+
+requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+run_test "CA callback on server" \
+ "$P_SRV auth_mode=required" \
+ "$P_CLI ca_callback=1 debug_level=3 crt_file=data_files/server5.crt \
+ key_file=data_files/server5.key" \
+ 0 \
+ -c "use CA callback for X.509 CRT verification" \
+ -s "Verifying peer X.509 certificate... ok" \
+ -S "error" \
+ -C "error"
+
+# Test using an opaque private key for client authentication
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+run_test "Opaque key for client authentication" \
+ "$P_SRV auth_mode=required" \
+ "$P_CLI key_opaque=1 crt_file=data_files/server5.crt \
+ key_file=data_files/server5.key" \
+ 0 \
+ -c "key type: Opaque" \
+ -s "Verifying peer X.509 certificate... ok" \
+ -S "error" \
+ -C "error"
+
+# Test ciphersuites which we expect to be fully supported by PSA Crypto
+# and check that we don't fall back to Mbed TLS' internal crypto primitives.
+run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM
+run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8
+run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM
+run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8
+run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
+run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
+run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
+run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
+run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
+
+requires_config_enabled MBEDTLS_ECP_DP_SECP521R1_ENABLED
+run_test_psa_force_curve "secp521r1"
+requires_config_enabled MBEDTLS_ECP_DP_BP512R1_ENABLED
+run_test_psa_force_curve "brainpoolP512r1"
+requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED
+run_test_psa_force_curve "secp384r1"
+requires_config_enabled MBEDTLS_ECP_DP_BP384R1_ENABLED
+run_test_psa_force_curve "brainpoolP384r1"
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+run_test_psa_force_curve "secp256r1"
+requires_config_enabled MBEDTLS_ECP_DP_SECP256K1_ENABLED
+run_test_psa_force_curve "secp256k1"
+requires_config_enabled MBEDTLS_ECP_DP_BP256R1_ENABLED
+run_test_psa_force_curve "brainpoolP256r1"
+requires_config_enabled MBEDTLS_ECP_DP_SECP224R1_ENABLED
+run_test_psa_force_curve "secp224r1"
+requires_config_enabled MBEDTLS_ECP_DP_SECP224K1_ENABLED
+run_test_psa_force_curve "secp224k1"
+requires_config_enabled MBEDTLS_ECP_DP_SECP192R1_ENABLED
+run_test_psa_force_curve "secp192r1"
+requires_config_enabled MBEDTLS_ECP_DP_SECP192K1_ENABLED
+run_test_psa_force_curve "secp192k1"
+
# Test current time in ServerHello
requires_config_enabled MBEDTLS_HAVE_TIME
run_test "ServerHello contains gmt_unix_time" \
@@ -772,6 +1041,27 @@
-u "IV used" \
-U "IV used"
+# Tests for certificate verification callback
+run_test "Configuration-specific CRT verification callback" \
+ "$P_SRV debug_level=3" \
+ "$P_CLI context_crt_cb=0 debug_level=3" \
+ 0 \
+ -S "error" \
+ -c "Verify requested for " \
+ -c "Use configuration-specific verification callback" \
+ -C "Use context-specific verification callback" \
+ -C "error"
+
+run_test "Context-specific CRT verification callback" \
+ "$P_SRV debug_level=3" \
+ "$P_CLI context_crt_cb=1 debug_level=3" \
+ 0 \
+ -S "error" \
+ -c "Verify requested for " \
+ -c "Use context-specific verification callback" \
+ -C "Use configuration-specific verification callback" \
+ -C "error"
+
# Tests for rc4 option
requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES
@@ -801,6 +1091,22 @@
-S "SSL - None of the common ciphersuites is usable" \
-S "SSL - The server has no ciphersuites in common"
+# Test empty CA list in CertificateRequest in TLS 1.1 and earlier
+
+requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+run_test "CertificateRequest with empty CA list, TLS 1.1 (GnuTLS server)" \
+ "$G_SRV"\
+ "$P_CLI force_version=tls1_1" \
+ 0
+
+requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
+run_test "CertificateRequest with empty CA list, TLS 1.0 (GnuTLS server)" \
+ "$G_SRV"\
+ "$P_CLI force_version=tls1" \
+ 0
+
# Tests for SHA-1 support
requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
@@ -849,6 +1155,35 @@
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
0
+# Tests for datagram packing
+run_test "DTLS: multiple records in same datagram, client and server" \
+ "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
+ "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
+ 0 \
+ -c "next record in same datagram" \
+ -s "next record in same datagram"
+
+run_test "DTLS: multiple records in same datagram, client only" \
+ "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
+ "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
+ 0 \
+ -s "next record in same datagram" \
+ -C "next record in same datagram"
+
+run_test "DTLS: multiple records in same datagram, server only" \
+ "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
+ "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
+ 0 \
+ -S "next record in same datagram" \
+ -c "next record in same datagram"
+
+run_test "DTLS: multiple records in same datagram, neither client nor server" \
+ "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
+ "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
+ 0 \
+ -S "next record in same datagram" \
+ -C "next record in same datagram"
+
# Tests for Truncated HMAC extension
run_test "Truncated HMAC: client default, server default" \
@@ -945,6 +1280,567 @@
-S "dumping 'expected mac' (20 bytes)" \
-s "dumping 'expected mac' (10 bytes)"
+# Tests for DTLS Connection ID extension
+
+# So far, the CID API isn't implemented, so we can't
+# grep for output witnessing its use. This needs to be
+# changed once the CID extension is implemented.
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli enabled, Srv disabled" \
+ "$P_SRV debug_level=3 dtls=1 cid=0" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
+ 0 \
+ -s "Disable use of CID extension." \
+ -s "found CID extension" \
+ -s "Client sent CID extension, but CID disabled" \
+ -c "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -S "server hello, adding CID extension" \
+ -C "found CID extension" \
+ -S "Copy CIDs into SSL transform" \
+ -C "Copy CIDs into SSL transform" \
+ -c "Use of Connection ID was rejected by the server"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli disabled, Srv enabled" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
+ "$P_CLI debug_level=3 dtls=1 cid=0" \
+ 0 \
+ -c "Disable use of CID extension." \
+ -C "client hello, adding CID extension" \
+ -S "found CID extension" \
+ -s "Enable use of CID extension." \
+ -S "server hello, adding CID extension" \
+ -C "found CID extension" \
+ -S "Copy CIDs into SSL transform" \
+ -C "Copy CIDs into SSL transform" \
+ -s "Use of Connection ID was not offered by client"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 2 Bytes): de ad" \
+ -s "Peer CID (length 2 Bytes): be ef" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID, 3D: Cli+Srv enabled, Cli+Srv CID nonempty" \
+ -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 2 Bytes): de ad" \
+ -s "Peer CID (length 2 Bytes): be ef" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated" \
+ -c "ignoring unexpected CID" \
+ -s "ignoring unexpected CID"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID, MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \
+ -p "$P_PXY mtu=800" \
+ "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \
+ "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 2 Bytes): de ad" \
+ -s "Peer CID (length 2 Bytes): be ef" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID, 3D+MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \
+ -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \
+ "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \
+ "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 2 Bytes): de ad" \
+ -s "Peer CID (length 2 Bytes): be ef" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated" \
+ -c "ignoring unexpected CID" \
+ -s "ignoring unexpected CID"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli CID empty" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
+ "$P_CLI debug_level=3 dtls=1 cid=1" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 4 Bytes): de ad be ef" \
+ -s "Peer CID (length 0 Bytes):" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Srv CID empty" \
+ "$P_SRV debug_level=3 dtls=1 cid=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -s "Peer CID (length 4 Bytes): de ad be ef" \
+ -c "Peer CID (length 0 Bytes):" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty" \
+ "$P_SRV debug_level=3 dtls=1 cid=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -S "Use of Connection ID has been negotiated" \
+ -C "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CCM-8" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 2 Bytes): de ad" \
+ -s "Peer CID (length 2 Bytes): be ef" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CCM-8" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 4 Bytes): de ad be ef" \
+ -s "Peer CID (length 0 Bytes):" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CCM-8" \
+ "$P_SRV debug_level=3 dtls=1 cid=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -s "Peer CID (length 4 Bytes): de ad be ef" \
+ -c "Peer CID (length 0 Bytes):" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CCM-8" \
+ "$P_SRV debug_level=3 dtls=1 cid=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -S "Use of Connection ID has been negotiated" \
+ -C "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CBC" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 2 Bytes): de ad" \
+ -s "Peer CID (length 2 Bytes): be ef" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CBC" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 4 Bytes): de ad be ef" \
+ -s "Peer CID (length 0 Bytes):" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CBC" \
+ "$P_SRV debug_level=3 dtls=1 cid=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -s "Peer CID (length 4 Bytes): de ad be ef" \
+ -c "Peer CID (length 0 Bytes):" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CBC" \
+ "$P_SRV debug_level=3 dtls=1 cid=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -S "Use of Connection ID has been negotiated" \
+ -C "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID: Cli+Srv enabled, renegotiate without change of CID" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -s "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID: Cli+Srv enabled, renegotiate with different CID" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -s "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate with different CID" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead cid_val_renego=beef renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -s "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate with different CID" \
+ -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \
+ "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \
+ "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -s "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "ignoring unexpected CID" \
+ -s "ignoring unexpected CID"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID: Cli+Srv enabled, renegotiate without CID" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -C "(after renegotiation) Use of Connection ID has been negotiated" \
+ -S "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate without CID" \
+ "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -C "(after renegotiation) Use of Connection ID has been negotiated" \
+ -S "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate without CID" \
+ -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
+ "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
+ "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -C "(after renegotiation) Use of Connection ID has been negotiated" \
+ -S "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "ignoring unexpected CID" \
+ -s "ignoring unexpected CID"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID: Cli+Srv enabled, CID on renegotiation" \
+ "$P_SRV debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \
+ 0 \
+ -S "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -c "(after renegotiation) Use of Connection ID has been negotiated" \
+ -s "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID, no packing: Cli+Srv enabled, CID on renegotiation" \
+ "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \
+ 0 \
+ -S "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -c "(after renegotiation) Use of Connection ID has been negotiated" \
+ -s "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID, 3D+MTU: Cli+Srv enabled, CID on renegotiation" \
+ -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \
+ "$P_SRV debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \
+ "$P_CLI debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \
+ 0 \
+ -S "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -c "(after renegotiation) Use of Connection ID has been negotiated" \
+ -s "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "ignoring unexpected CID" \
+ -s "ignoring unexpected CID"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID: Cli+Srv enabled, Cli disables on renegotiation" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -C "(after renegotiation) Use of Connection ID has been negotiated" \
+ -S "(after renegotiation) Use of Connection ID has been negotiated" \
+ -s "(after renegotiation) Use of Connection ID was not offered by client"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID, 3D: Cli+Srv enabled, Cli disables on renegotiation" \
+ -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -C "(after renegotiation) Use of Connection ID has been negotiated" \
+ -S "(after renegotiation) Use of Connection ID has been negotiated" \
+ -s "(after renegotiation) Use of Connection ID was not offered by client" \
+ -c "ignoring unexpected CID" \
+ -s "ignoring unexpected CID"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID: Cli+Srv enabled, Srv disables on renegotiation" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -C "(after renegotiation) Use of Connection ID has been negotiated" \
+ -S "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Use of Connection ID was rejected by the server"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation" \
+ -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -C "(after renegotiation) Use of Connection ID has been negotiated" \
+ -S "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Use of Connection ID was rejected by the server" \
+ -c "ignoring unexpected CID" \
+ -s "ignoring unexpected CID"
+
# Tests for Encrypt-then-MAC extension
run_test "Encrypt then MAC: default" \
@@ -1364,6 +2260,71 @@
-s "session successfully restored from ticket" \
-s "a session has been resumed"
+# Tests for Session Tickets with DTLS
+
+run_test "Session resume using tickets, DTLS: basic" \
+ "$P_SRV debug_level=3 dtls=1 tickets=1" \
+ "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+run_test "Session resume using tickets, DTLS: cache disabled" \
+ "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
+ "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+run_test "Session resume using tickets, DTLS: timeout" \
+ "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \
+ "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 reco_delay=2" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -S "session successfully restored from ticket" \
+ -S "a session has been resumed" \
+ -C "a session has been resumed"
+
+run_test "Session resume using tickets, DTLS: openssl server" \
+ "$O_SRV -dtls1" \
+ "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -c "a session has been resumed"
+
+run_test "Session resume using tickets, DTLS: openssl client" \
+ "$P_SRV dtls=1 debug_level=3 tickets=1" \
+ "( $O_CLI -dtls1 -sess_out $SESSION; \
+ $O_CLI -dtls1 -sess_in $SESSION; \
+ rm -f $SESSION )" \
+ 0 \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed"
+
# Tests for Session Resume based on session-ID and cache
run_test "Session resume using cache: tickets enabled on client" \
@@ -1459,6 +2420,101 @@
-C "parse new session ticket" \
-c "a session has been resumed"
+# Tests for Session Resume based on session-ID and cache, DTLS
+
+run_test "Session resume using cache, DTLS: tickets enabled on client" \
+ "$P_SRV dtls=1 debug_level=3 tickets=0" \
+ "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -S "server hello, adding session ticket extension" \
+ -C "found session_ticket extension" \
+ -C "parse new session ticket" \
+ -s "session successfully restored from cache" \
+ -S "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+run_test "Session resume using cache, DTLS: tickets enabled on server" \
+ "$P_SRV dtls=1 debug_level=3 tickets=1" \
+ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
+ 0 \
+ -C "client hello, adding session ticket extension" \
+ -S "found session ticket extension" \
+ -S "server hello, adding session ticket extension" \
+ -C "found session_ticket extension" \
+ -C "parse new session ticket" \
+ -s "session successfully restored from cache" \
+ -S "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+run_test "Session resume using cache, DTLS: cache_max=0" \
+ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \
+ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
+ 0 \
+ -S "session successfully restored from cache" \
+ -S "session successfully restored from ticket" \
+ -S "a session has been resumed" \
+ -C "a session has been resumed"
+
+run_test "Session resume using cache, DTLS: cache_max=1" \
+ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \
+ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
+ 0 \
+ -s "session successfully restored from cache" \
+ -S "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+run_test "Session resume using cache, DTLS: timeout > delay" \
+ "$P_SRV dtls=1 debug_level=3 tickets=0" \
+ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
+ 0 \
+ -s "session successfully restored from cache" \
+ -S "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+run_test "Session resume using cache, DTLS: timeout < delay" \
+ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \
+ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
+ 0 \
+ -S "session successfully restored from cache" \
+ -S "session successfully restored from ticket" \
+ -S "a session has been resumed" \
+ -C "a session has been resumed"
+
+run_test "Session resume using cache, DTLS: no timeout" \
+ "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \
+ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
+ 0 \
+ -s "session successfully restored from cache" \
+ -S "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+run_test "Session resume using cache, DTLS: openssl client" \
+ "$P_SRV dtls=1 debug_level=3 tickets=0" \
+ "( $O_CLI -dtls1 -sess_out $SESSION; \
+ $O_CLI -dtls1 -sess_in $SESSION; \
+ rm -f $SESSION )" \
+ 0 \
+ -s "found session ticket extension" \
+ -S "server hello, adding session ticket extension" \
+ -s "session successfully restored from cache" \
+ -S "session successfully restored from ticket" \
+ -s "a session has been resumed"
+
+run_test "Session resume using cache, DTLS: openssl server" \
+ "$O_SRV -dtls1" \
+ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
+ 0 \
+ -C "found session_ticket extension" \
+ -C "parse new session ticket" \
+ -c "a session has been resumed"
+
# Tests for Max Fragment Length extension
if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then
@@ -2055,7 +3111,7 @@
requires_gnutls
run_test "Renego ext: gnutls client strict, server default" \
"$P_SRV debug_level=3" \
- "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION" \
+ "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \
0 \
-s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
-s "server hello, secure renegotiation extension"
@@ -2063,7 +3119,7 @@
requires_gnutls
run_test "Renego ext: gnutls client unsafe, server default" \
"$P_SRV debug_level=3" \
- "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
+ "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
0 \
-S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
-S "server hello, secure renegotiation extension"
@@ -2071,7 +3127,7 @@
requires_gnutls
run_test "Renego ext: gnutls client unsafe, server break legacy" \
"$P_SRV debug_level=3 allow_legacy=-1" \
- "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
+ "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
1 \
-S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
-S "server hello, secure renegotiation extension"
@@ -2082,7 +3138,7 @@
run_test "DER format: no trailing bytes" \
"$P_SRV crt_file=data_files/server5-der0.crt \
key_file=data_files/server5.key" \
- "$G_CLI " \
+ "$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -2090,7 +3146,7 @@
run_test "DER format: with a trailing zero byte" \
"$P_SRV crt_file=data_files/server5-der1a.crt \
key_file=data_files/server5.key" \
- "$G_CLI " \
+ "$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -2098,7 +3154,7 @@
run_test "DER format: with a trailing random byte" \
"$P_SRV crt_file=data_files/server5-der1b.crt \
key_file=data_files/server5.key" \
- "$G_CLI " \
+ "$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -2106,7 +3162,7 @@
run_test "DER format: with 2 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der2.crt \
key_file=data_files/server5.key" \
- "$G_CLI " \
+ "$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -2114,7 +3170,7 @@
run_test "DER format: with 4 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der4.crt \
key_file=data_files/server5.key" \
- "$G_CLI " \
+ "$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -2122,7 +3178,7 @@
run_test "DER format: with 8 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der8.crt \
key_file=data_files/server5.key" \
- "$G_CLI " \
+ "$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -2130,11 +3186,12 @@
run_test "DER format: with 9 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der9.crt \
key_file=data_files/server5.key" \
- "$G_CLI " \
+ "$G_CLI localhost" \
0 \
-c "Handshake was completed" \
-# Tests for auth_mode
+# Tests for auth_mode, there are duplicated tests using ca callback for authentication
+# When updating these tests, modify the matching authentication tests accordingly
run_test "Authentication: server badcert, client required" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
@@ -2425,7 +3482,7 @@
key_file=data_files/dir-maxpath/09.key" \
"$P_CLI server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \
0 \
- -C "X509 - A fatal error occured"
+ -C "X509 - A fatal error occurred"
requires_full_size_output_buffer
run_test "Authentication: server max_int+1 chain, client default" \
@@ -2433,7 +3490,7 @@
key_file=data_files/dir-maxpath/10.key" \
"$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \
1 \
- -c "X509 - A fatal error occured"
+ -c "X509 - A fatal error occurred"
requires_full_size_output_buffer
run_test "Authentication: server max_int+1 chain, client optional" \
@@ -2442,7 +3499,7 @@
"$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
auth_mode=optional" \
1 \
- -c "X509 - A fatal error occured"
+ -c "X509 - A fatal error occurred"
requires_full_size_output_buffer
run_test "Authentication: server max_int+1 chain, client none" \
@@ -2451,7 +3508,7 @@
"$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
auth_mode=none" \
0 \
- -C "X509 - A fatal error occured"
+ -C "X509 - A fatal error occurred"
requires_full_size_output_buffer
run_test "Authentication: client max_int+1 chain, server default" \
@@ -2459,7 +3516,7 @@
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
0 \
- -S "X509 - A fatal error occured"
+ -S "X509 - A fatal error occurred"
requires_full_size_output_buffer
run_test "Authentication: client max_int+1 chain, server optional" \
@@ -2467,7 +3524,7 @@
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
1 \
- -s "X509 - A fatal error occured"
+ -s "X509 - A fatal error occurred"
requires_full_size_output_buffer
run_test "Authentication: client max_int+1 chain, server required" \
@@ -2475,7 +3532,7 @@
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
1 \
- -s "X509 - A fatal error occured"
+ -s "X509 - A fatal error occurred"
requires_full_size_output_buffer
run_test "Authentication: client max_int chain, server required" \
@@ -2483,7 +3540,7 @@
"$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \
0 \
- -S "X509 - A fatal error occured"
+ -S "X509 - A fatal error occurred"
# Tests for CA list in CertificateRequest messages
@@ -2513,6 +3570,208 @@
-c "! mbedtls_ssl_handshake returned" \
-s "X509 - Certificate verification failed"
+# Tests for auth_mode, using CA callback, these are duplicated from the authentication tests
+# When updating these tests, modify the matching authentication tests accordingly
+
+requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+run_test "Authentication, CA callback: server badcert, client required" \
+ "$P_SRV crt_file=data_files/server5-badsign.crt \
+ key_file=data_files/server5.key" \
+ "$P_CLI ca_callback=1 debug_level=3 auth_mode=required" \
+ 1 \
+ -c "use CA callback for X.509 CRT verification" \
+ -c "x509_verify_cert() returned" \
+ -c "! The certificate is not correctly signed by the trusted CA" \
+ -c "! mbedtls_ssl_handshake returned" \
+ -c "X509 - Certificate verification failed"
+
+requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+run_test "Authentication, CA callback: server badcert, client optional" \
+ "$P_SRV crt_file=data_files/server5-badsign.crt \
+ key_file=data_files/server5.key" \
+ "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional" \
+ 0 \
+ -c "use CA callback for X.509 CRT verification" \
+ -c "x509_verify_cert() returned" \
+ -c "! The certificate is not correctly signed by the trusted CA" \
+ -C "! mbedtls_ssl_handshake returned" \
+ -C "X509 - Certificate verification failed"
+
+# The purpose of the next two tests is to test the client's behaviour when receiving a server
+# certificate with an unsupported elliptic curve. This should usually not happen because
+# the client informs the server about the supported curves - it does, though, in the
+# corner case of a static ECDH suite, because the server doesn't check the curve on that
+# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a
+# different means to have the server ignoring the client's supported curve list.
+
+requires_config_enabled MBEDTLS_ECP_C
+requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
+ "$P_SRV debug_level=1 key_file=data_files/server5.key \
+ crt_file=data_files/server5.ku-ka.crt" \
+ "$P_CLI ca_callback=1 debug_level=3 auth_mode=required curves=secp521r1" \
+ 1 \
+ -c "use CA callback for X.509 CRT verification" \
+ -c "bad certificate (EC key curve)" \
+ -c "! Certificate verification flags" \
+ -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
+
+requires_config_enabled MBEDTLS_ECP_C
+requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
+ "$P_SRV debug_level=1 key_file=data_files/server5.key \
+ crt_file=data_files/server5.ku-ka.crt" \
+ "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional curves=secp521r1" \
+ 1 \
+ -c "use CA callback for X.509 CRT verification" \
+ -c "bad certificate (EC key curve)"\
+ -c "! Certificate verification flags"\
+ -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
+
+requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+run_test "Authentication, CA callback: client SHA256, server required" \
+ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
+ "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
+ key_file=data_files/server6.key \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
+ 0 \
+ -s "use CA callback for X.509 CRT verification" \
+ -c "Supported Signature Algorithm found: 4," \
+ -c "Supported Signature Algorithm found: 5,"
+
+requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+run_test "Authentication, CA callback: client SHA384, server required" \
+ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
+ "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
+ key_file=data_files/server6.key \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
+ 0 \
+ -s "use CA callback for X.509 CRT verification" \
+ -c "Supported Signature Algorithm found: 4," \
+ -c "Supported Signature Algorithm found: 5,"
+
+requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+run_test "Authentication, CA callback: client badcert, server required" \
+ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
+ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
+ key_file=data_files/server5.key" \
+ 1 \
+ -s "use CA callback for X.509 CRT verification" \
+ -S "skip write certificate request" \
+ -C "skip parse certificate request" \
+ -c "got a certificate request" \
+ -C "skip write certificate" \
+ -C "skip write certificate verify" \
+ -S "skip parse certificate verify" \
+ -s "x509_verify_cert() returned" \
+ -s "! The certificate is not correctly signed by the trusted CA" \
+ -s "! mbedtls_ssl_handshake returned" \
+ -s "send alert level=2 message=48" \
+ -c "! mbedtls_ssl_handshake returned" \
+ -s "X509 - Certificate verification failed"
+# We don't check that the client receives the alert because it might
+# detect that its write end of the connection is closed and abort
+# before reading the alert message.
+
+requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+run_test "Authentication, CA callback: client cert not trusted, server required" \
+ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
+ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
+ key_file=data_files/server5.key" \
+ 1 \
+ -s "use CA callback for X.509 CRT verification" \
+ -S "skip write certificate request" \
+ -C "skip parse certificate request" \
+ -c "got a certificate request" \
+ -C "skip write certificate" \
+ -C "skip write certificate verify" \
+ -S "skip parse certificate verify" \
+ -s "x509_verify_cert() returned" \
+ -s "! The certificate is not correctly signed by the trusted CA" \
+ -s "! mbedtls_ssl_handshake returned" \
+ -c "! mbedtls_ssl_handshake returned" \
+ -s "X509 - Certificate verification failed"
+
+requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+run_test "Authentication, CA callback: client badcert, server optional" \
+ "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \
+ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
+ key_file=data_files/server5.key" \
+ 0 \
+ -s "use CA callback for X.509 CRT verification" \
+ -S "skip write certificate request" \
+ -C "skip parse certificate request" \
+ -c "got a certificate request" \
+ -C "skip write certificate" \
+ -C "skip write certificate verify" \
+ -S "skip parse certificate verify" \
+ -s "x509_verify_cert() returned" \
+ -s "! The certificate is not correctly signed by the trusted CA" \
+ -S "! mbedtls_ssl_handshake returned" \
+ -C "! mbedtls_ssl_handshake returned" \
+ -S "X509 - Certificate verification failed"
+
+requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+run_test "Authentication, CA callback: server max_int chain, client default" \
+ "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
+ key_file=data_files/dir-maxpath/09.key" \
+ "$P_CLI ca_callback=1 debug_level=3 server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \
+ 0 \
+ -c "use CA callback for X.509 CRT verification" \
+ -C "X509 - A fatal error occurred"
+
+requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+run_test "Authentication, CA callback: server max_int+1 chain, client default" \
+ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
+ key_file=data_files/dir-maxpath/10.key" \
+ "$P_CLI debug_level=3 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \
+ 1 \
+ -c "use CA callback for X.509 CRT verification" \
+ -c "X509 - A fatal error occurred"
+
+requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
+ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
+ key_file=data_files/dir-maxpath/10.key" \
+ "$P_CLI ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
+ debug_level=3 auth_mode=optional" \
+ 1 \
+ -c "use CA callback for X.509 CRT verification" \
+ -c "X509 - A fatal error occurred"
+
+requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
+ "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
+ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
+ key_file=data_files/dir-maxpath/10.key" \
+ 1 \
+ -s "use CA callback for X.509 CRT verification" \
+ -s "X509 - A fatal error occurred"
+
+requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+run_test "Authentication, CA callback: client max_int+1 chain, server required" \
+ "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
+ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
+ key_file=data_files/dir-maxpath/10.key" \
+ 1 \
+ -s "use CA callback for X.509 CRT verification" \
+ -s "X509 - A fatal error occurred"
+
+requires_full_size_output_buffer
+requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+run_test "Authentication, CA callback: client max_int chain, server required" \
+ "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
+ "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
+ key_file=data_files/dir-maxpath/09.key" \
+ 0 \
+ -s "use CA callback for X.509 CRT verification" \
+ -S "X509 - A fatal error occurred"
+
# Tests for certificate selection based on SHA verson
run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
@@ -3515,6 +4774,240 @@
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test "PSK callback: opaque psk on client, no callback" \
+ "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
+ "$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
+ psk_identity=foo psk=abc123 psk_opaque=1" \
+ 0 \
+ -c "skip PMS generation for opaque PSK"\
+ -S "skip PMS generation for opaque PSK"\
+ -C "using extended master secret"\
+ -S "using extended master secret"\
+ -S "SSL - None of the common ciphersuites is usable" \
+ -S "SSL - Unknown identity received" \
+ -S "SSL - Verification of the message MAC failed"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test "PSK callback: opaque psk on client, no callback, SHA-384" \
+ "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
+ "$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
+ psk_identity=foo psk=abc123 psk_opaque=1" \
+ 0 \
+ -c "skip PMS generation for opaque PSK"\
+ -S "skip PMS generation for opaque PSK"\
+ -C "using extended master secret"\
+ -S "using extended master secret"\
+ -S "SSL - None of the common ciphersuites is usable" \
+ -S "SSL - Unknown identity received" \
+ -S "SSL - Verification of the message MAC failed"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test "PSK callback: opaque psk on client, no callback, EMS" \
+ "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
+ "$P_CLI extended_ms=1 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
+ psk_identity=foo psk=abc123 psk_opaque=1" \
+ 0 \
+ -c "skip PMS generation for opaque PSK"\
+ -S "skip PMS generation for opaque PSK"\
+ -c "using extended master secret"\
+ -s "using extended master secret"\
+ -S "SSL - None of the common ciphersuites is usable" \
+ -S "SSL - Unknown identity received" \
+ -S "SSL - Verification of the message MAC failed"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
+ "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
+ "$P_CLI extended_ms=1 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
+ psk_identity=foo psk=abc123 psk_opaque=1" \
+ 0 \
+ -c "skip PMS generation for opaque PSK"\
+ -S "skip PMS generation for opaque PSK"\
+ -c "using extended master secret"\
+ -s "using extended master secret"\
+ -S "SSL - None of the common ciphersuites is usable" \
+ -S "SSL - Unknown identity received" \
+ -S "SSL - Verification of the message MAC failed"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test "PSK callback: raw psk on client, static opaque on server, no callback" \
+ "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+ "$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
+ psk_identity=foo psk=abc123" \
+ 0 \
+ -C "skip PMS generation for opaque PSK"\
+ -s "skip PMS generation for opaque PSK"\
+ -C "using extended master secret"\
+ -S "using extended master secret"\
+ -S "SSL - None of the common ciphersuites is usable" \
+ -S "SSL - Unknown identity received" \
+ -S "SSL - Verification of the message MAC failed"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \
+ "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
+ "$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
+ psk_identity=foo psk=abc123" \
+ 0 \
+ -C "skip PMS generation for opaque PSK"\
+ -s "skip PMS generation for opaque PSK"\
+ -C "using extended master secret"\
+ -S "using extended master secret"\
+ -S "SSL - None of the common ciphersuites is usable" \
+ -S "SSL - Unknown identity received" \
+ -S "SSL - Verification of the message MAC failed"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \
+ "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 \
+ force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
+ "$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
+ psk_identity=foo psk=abc123 extended_ms=1" \
+ 0 \
+ -c "using extended master secret"\
+ -s "using extended master secret"\
+ -C "skip PMS generation for opaque PSK"\
+ -s "skip PMS generation for opaque PSK"\
+ -S "SSL - None of the common ciphersuites is usable" \
+ -S "SSL - Unknown identity received" \
+ -S "SSL - Verification of the message MAC failed"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \
+ "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 \
+ force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
+ "$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
+ psk_identity=foo psk=abc123 extended_ms=1" \
+ 0 \
+ -c "using extended master secret"\
+ -s "using extended master secret"\
+ -C "skip PMS generation for opaque PSK"\
+ -s "skip PMS generation for opaque PSK"\
+ -S "SSL - None of the common ciphersuites is usable" \
+ -S "SSL - Unknown identity received" \
+ -S "SSL - Verification of the message MAC failed"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \
+ "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+ "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
+ psk_identity=def psk=beef" \
+ 0 \
+ -C "skip PMS generation for opaque PSK"\
+ -s "skip PMS generation for opaque PSK"\
+ -C "using extended master secret"\
+ -S "using extended master secret"\
+ -S "SSL - None of the common ciphersuites is usable" \
+ -S "SSL - Unknown identity received" \
+ -S "SSL - Verification of the message MAC failed"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \
+ "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
+ "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
+ psk_identity=def psk=beef" \
+ 0 \
+ -C "skip PMS generation for opaque PSK"\
+ -s "skip PMS generation for opaque PSK"\
+ -C "using extended master secret"\
+ -S "using extended master secret"\
+ -S "SSL - None of the common ciphersuites is usable" \
+ -S "SSL - Unknown identity received" \
+ -S "SSL - Verification of the message MAC failed"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \
+ "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 \
+ force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
+ "$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
+ psk_identity=abc psk=dead extended_ms=1" \
+ 0 \
+ -c "using extended master secret"\
+ -s "using extended master secret"\
+ -C "skip PMS generation for opaque PSK"\
+ -s "skip PMS generation for opaque PSK"\
+ -S "SSL - None of the common ciphersuites is usable" \
+ -S "SSL - Unknown identity received" \
+ -S "SSL - Verification of the message MAC failed"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \
+ "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 \
+ force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
+ "$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
+ psk_identity=abc psk=dead extended_ms=1" \
+ 0 \
+ -c "using extended master secret"\
+ -s "using extended master secret"\
+ -C "skip PMS generation for opaque PSK"\
+ -s "skip PMS generation for opaque PSK"\
+ -S "SSL - None of the common ciphersuites is usable" \
+ -S "SSL - Unknown identity received" \
+ -S "SSL - Verification of the message MAC failed"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \
+ "$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+ "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
+ psk_identity=def psk=beef" \
+ 0 \
+ -C "skip PMS generation for opaque PSK"\
+ -s "skip PMS generation for opaque PSK"\
+ -C "using extended master secret"\
+ -S "using extended master secret"\
+ -S "SSL - None of the common ciphersuites is usable" \
+ -S "SSL - Unknown identity received" \
+ -S "SSL - Verification of the message MAC failed"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \
+ "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+ "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
+ psk_identity=def psk=beef" \
+ 0 \
+ -C "skip PMS generation for opaque PSK"\
+ -s "skip PMS generation for opaque PSK"\
+ -C "using extended master secret"\
+ -S "using extended master secret"\
+ -S "SSL - None of the common ciphersuites is usable" \
+ -S "SSL - Unknown identity received" \
+ -S "SSL - Verification of the message MAC failed"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \
+ "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+ "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
+ psk_identity=def psk=beef" \
+ 0 \
+ -C "skip PMS generation for opaque PSK"\
+ -C "using extended master secret"\
+ -S "using extended master secret"\
+ -S "SSL - None of the common ciphersuites is usable" \
+ -S "SSL - Unknown identity received" \
+ -S "SSL - Verification of the message MAC failed"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \
+ "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+ "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
+ psk_identity=def psk=beef" \
+ 0 \
+ -C "skip PMS generation for opaque PSK"\
+ -C "using extended master secret"\
+ -S "using extended master secret"\
+ -S "SSL - None of the common ciphersuites is usable" \
+ -S "SSL - Unknown identity received" \
+ -S "SSL - Verification of the message MAC failed"
+
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \
+ "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+ "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
+ psk_identity=def psk=beef" \
+ 1 \
+ -s "SSL - Verification of the message MAC failed"
+
run_test "PSK callback: no psk, no callback" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
@@ -3666,26 +5159,37 @@
# Tests for ciphersuites per version
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
+requires_config_enabled MBEDTLS_CAMELLIA_C
+requires_config_enabled MBEDTLS_AES_C
run_test "Per-version suites: SSL3" \
- "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
+ "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=ssl3" \
0 \
- -c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA"
+ -c "Ciphersuite is TLS-RSA-WITH-CAMELLIA-128-CBC-SHA"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
+requires_config_enabled MBEDTLS_CAMELLIA_C
+requires_config_enabled MBEDTLS_AES_C
run_test "Per-version suites: TLS 1.0" \
- "$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
+ "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=tls1 arc4=1" \
0 \
-c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+requires_config_enabled MBEDTLS_CAMELLIA_C
+requires_config_enabled MBEDTLS_AES_C
run_test "Per-version suites: TLS 1.1" \
- "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
+ "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=tls1_1" \
0 \
-c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_CAMELLIA_C
+requires_config_enabled MBEDTLS_AES_C
run_test "Per-version suites: TLS 1.2" \
- "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
+ "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=tls1_2" \
0 \
-c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
@@ -3694,15 +5198,15 @@
requires_gnutls
run_test "ClientHello without extensions, SHA-1 allowed" \
- "$P_SRV debug_level=3" \
- "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
+ "$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt" \
+ "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
0 \
-s "dumping 'client hello extensions' (0 bytes)"
requires_gnutls
run_test "ClientHello without extensions, SHA-1 forbidden in certificates on server" \
"$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt allow_sha1=0" \
- "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
+ "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
0 \
-s "dumping 'client hello extensions' (0 bytes)"
@@ -3720,10 +5224,10 @@
0 \
-s "Read from client: 500 bytes read (.*+.*)"
-# Tests for small packets
+# Tests for small client packets
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Small packet SSLv3 BlockCipher" \
+run_test "Small client packet SSLv3 BlockCipher" \
"$P_SRV min_version=ssl3" \
"$P_CLI request_size=1 force_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@@ -3731,21 +5235,21 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Small packet SSLv3 StreamCipher" \
+run_test "Small client packet SSLv3 StreamCipher" \
"$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.0 BlockCipher" \
+run_test "Small client packet TLS 1.0 BlockCipher" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.0 BlockCipher, without EtM" \
+run_test "Small client packet TLS 1.0 BlockCipher, without EtM" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1 etm=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@@ -3753,7 +5257,7 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.0 BlockCipher, truncated MAC" \
+run_test "Small client packet TLS 1.0 BlockCipher, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
@@ -3761,21 +5265,21 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
+run_test "Small client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.0 StreamCipher" \
+run_test "Small client packet TLS 1.0 StreamCipher" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.0 StreamCipher, without EtM" \
+run_test "Small client packet TLS 1.0 StreamCipher, without EtM" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
@@ -3783,7 +5287,7 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.0 StreamCipher, truncated MAC" \
+run_test "Small client packet TLS 1.0 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
@@ -3791,21 +5295,21 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
+run_test "Small client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1 etm=0" \
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.1 BlockCipher" \
+run_test "Small client packet TLS 1.1 BlockCipher" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.1 BlockCipher, without EtM" \
+run_test "Small client packet TLS 1.1 BlockCipher, without EtM" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
@@ -3813,7 +5317,7 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.1 BlockCipher, truncated MAC" \
+run_test "Small client packet TLS 1.1 BlockCipher, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
@@ -3821,21 +5325,21 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
+run_test "Small client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.1 StreamCipher" \
+run_test "Small client packet TLS 1.1 StreamCipher" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.1 StreamCipher, without EtM" \
+run_test "Small client packet TLS 1.1 StreamCipher, without EtM" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
@@ -3843,7 +5347,7 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.1 StreamCipher, truncated MAC" \
+run_test "Small client packet TLS 1.1 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
@@ -3851,28 +5355,28 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
+run_test "Small client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.2 BlockCipher" \
+run_test "Small client packet TLS 1.2 BlockCipher" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.2 BlockCipher, without EtM" \
+run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.2 BlockCipher larger MAC" \
+run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
@@ -3880,7 +5384,7 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.2 BlockCipher, truncated MAC" \
+run_test "Small client packet TLS 1.2 BlockCipher, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
@@ -3888,21 +5392,21 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
+run_test "Small client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.2 StreamCipher" \
+run_test "Small client packet TLS 1.2 StreamCipher" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.2 StreamCipher, without EtM" \
+run_test "Small client packet TLS 1.2 StreamCipher, without EtM" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
@@ -3910,7 +5414,7 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.2 StreamCipher, truncated MAC" \
+run_test "Small client packet TLS 1.2 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
@@ -3918,31 +5422,31 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
+run_test "Small client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.2 AEAD" \
+run_test "Small client packet TLS 1.2 AEAD" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.2 AEAD shorter tag" \
+run_test "Small client packet TLS 1.2 AEAD shorter tag" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
0 \
-s "Read from client: 1 bytes read"
-# Tests for small packets in DTLS
+# Tests for small client packets in DTLS
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test "Small packet DTLS 1.0" \
+run_test "Small client packet DTLS 1.0" \
"$P_SRV dtls=1 force_version=dtls1" \
"$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@@ -3950,7 +5454,7 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test "Small packet DTLS 1.0, without EtM" \
+run_test "Small client packet DTLS 1.0, without EtM" \
"$P_SRV dtls=1 force_version=dtls1 etm=0" \
"$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@@ -3959,7 +5463,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet DTLS 1.0, truncated hmac" \
+run_test "Small client packet DTLS 1.0, truncated hmac" \
"$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1" \
"$P_CLI dtls=1 request_size=1 trunc_hmac=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@@ -3968,7 +5472,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet DTLS 1.0, without EtM, truncated MAC" \
+run_test "Small client packet DTLS 1.0, without EtM, truncated MAC" \
"$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1 etm=0" \
"$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
@@ -3976,7 +5480,7 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test "Small packet DTLS 1.2" \
+run_test "Small client packet DTLS 1.2" \
"$P_SRV dtls=1 force_version=dtls1_2" \
"$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@@ -3984,7 +5488,7 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-run_test "Small packet DTLS 1.2, without EtM" \
+run_test "Small client packet DTLS 1.2, without EtM" \
"$P_SRV dtls=1 force_version=dtls1_2 etm=0" \
"$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@@ -3993,7 +5497,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet DTLS 1.2, truncated hmac" \
+run_test "Small client packet DTLS 1.2, truncated hmac" \
"$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \
"$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
@@ -4002,13 +5506,302 @@
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet DTLS 1.2, without EtM, truncated MAC" \
+run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \
"$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \
"$P_CLI dtls=1 request_size=1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
0 \
-s "Read from client: 1 bytes read"
+# Tests for small server packets
+
+requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
+run_test "Small server packet SSLv3 BlockCipher" \
+ "$P_SRV response_size=1 min_version=ssl3" \
+ "$P_CLI force_version=ssl3 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
+run_test "Small server packet SSLv3 StreamCipher" \
+ "$P_SRV response_size=1 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI force_version=ssl3 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+run_test "Small server packet TLS 1.0 BlockCipher" \
+ "$P_SRV response_size=1" \
+ "$P_CLI force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+run_test "Small server packet TLS 1.0 BlockCipher, without EtM" \
+ "$P_SRV response_size=1" \
+ "$P_CLI force_version=tls1 etm=0 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small server packet TLS 1.0 BlockCipher, truncated MAC" \
+ "$P_SRV response_size=1 trunc_hmac=1" \
+ "$P_CLI force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small server packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
+ "$P_SRV response_size=1 trunc_hmac=1" \
+ "$P_CLI force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+run_test "Small server packet TLS 1.0 StreamCipher" \
+ "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+run_test "Small server packet TLS 1.0 StreamCipher, without EtM" \
+ "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small server packet TLS 1.0 StreamCipher, truncated MAC" \
+ "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
+ "$P_CLI force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
+ "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
+ "$P_CLI force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1 etm=0" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+run_test "Small server packet TLS 1.1 BlockCipher" \
+ "$P_SRV response_size=1" \
+ "$P_CLI force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+run_test "Small server packet TLS 1.1 BlockCipher, without EtM" \
+ "$P_SRV response_size=1" \
+ "$P_CLI force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small server packet TLS 1.1 BlockCipher, truncated MAC" \
+ "$P_SRV response_size=1 trunc_hmac=1" \
+ "$P_CLI force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
+ "$P_SRV response_size=1 trunc_hmac=1" \
+ "$P_CLI force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+run_test "Small server packet TLS 1.1 StreamCipher" \
+ "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+run_test "Small server packet TLS 1.1 StreamCipher, without EtM" \
+ "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small server packet TLS 1.1 StreamCipher, truncated MAC" \
+ "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
+ "$P_CLI force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
+ "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
+ "$P_CLI force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+run_test "Small server packet TLS 1.2 BlockCipher" \
+ "$P_SRV response_size=1" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \
+ "$P_SRV response_size=1" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \
+ "$P_SRV response_size=1" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small server packet TLS 1.2 BlockCipher, truncated MAC" \
+ "$P_SRV response_size=1 trunc_hmac=1" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
+ "$P_SRV response_size=1 trunc_hmac=1" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+run_test "Small server packet TLS 1.2 StreamCipher" \
+ "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+run_test "Small server packet TLS 1.2 StreamCipher, without EtM" \
+ "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small server packet TLS 1.2 StreamCipher, truncated MAC" \
+ "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
+ "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+run_test "Small server packet TLS 1.2 AEAD" \
+ "$P_SRV response_size=1" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+run_test "Small server packet TLS 1.2 AEAD shorter tag" \
+ "$P_SRV response_size=1" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+# Tests for small server packets in DTLS
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+run_test "Small server packet DTLS 1.0" \
+ "$P_SRV dtls=1 response_size=1 force_version=dtls1" \
+ "$P_CLI dtls=1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+run_test "Small server packet DTLS 1.0, without EtM" \
+ "$P_SRV dtls=1 response_size=1 force_version=dtls1 etm=0" \
+ "$P_CLI dtls=1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small server packet DTLS 1.0, truncated hmac" \
+ "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1" \
+ "$P_CLI dtls=1 trunc_hmac=1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small server packet DTLS 1.0, without EtM, truncated MAC" \
+ "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1 etm=0" \
+ "$P_CLI dtls=1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+run_test "Small server packet DTLS 1.2" \
+ "$P_SRV dtls=1 response_size=1 force_version=dtls1_2" \
+ "$P_CLI dtls=1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+run_test "Small server packet DTLS 1.2, without EtM" \
+ "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 etm=0" \
+ "$P_CLI dtls=1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small server packet DTLS 1.2, truncated hmac" \
+ "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1" \
+ "$P_CLI dtls=1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
+ 0 \
+ -c "Read from server: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \
+ "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \
+ "$P_CLI dtls=1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
+ 0 \
+ -c "Read from server: 1 bytes read"
+
# A test for extensions in SSLv3
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
@@ -4019,7 +5812,7 @@
-S "dumping 'client hello extensions'" \
-S "server hello, total extension length:"
-# Test for large packets
+# Test for large client packets
# How many fragments do we expect to write $1 bytes?
fragments_for_write() {
@@ -4027,7 +5820,7 @@
}
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Large packet SSLv3 BlockCipher" \
+run_test "Large client packet SSLv3 BlockCipher" \
"$P_SRV min_version=ssl3" \
"$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@@ -4036,7 +5829,7 @@
-s "Read from client: $MAX_CONTENT_LEN bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
-run_test "Large packet SSLv3 StreamCipher" \
+run_test "Large client packet SSLv3 StreamCipher" \
"$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
@@ -4044,7 +5837,7 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
-run_test "Large packet TLS 1.0 BlockCipher" \
+run_test "Large client packet TLS 1.0 BlockCipher" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@@ -4052,7 +5845,7 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
-run_test "Large packet TLS 1.0 BlockCipher, without EtM" \
+run_test "Large client packet TLS 1.0 BlockCipher, without EtM" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@@ -4060,7 +5853,7 @@
-s "Read from client: $MAX_CONTENT_LEN bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large packet TLS 1.0 BlockCipher, truncated MAC" \
+run_test "Large client packet TLS 1.0 BlockCipher, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
@@ -4069,21 +5862,21 @@
-s "Read from client: $MAX_CONTENT_LEN bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
+run_test "Large client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
0 \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
-run_test "Large packet TLS 1.0 StreamCipher" \
+run_test "Large client packet TLS 1.0 StreamCipher" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
-run_test "Large packet TLS 1.0 StreamCipher, without EtM" \
+run_test "Large client packet TLS 1.0 StreamCipher, without EtM" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
@@ -4091,7 +5884,7 @@
-s "Read from client: $MAX_CONTENT_LEN bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large packet TLS 1.0 StreamCipher, truncated MAC" \
+run_test "Large client packet TLS 1.0 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
@@ -4099,7 +5892,7 @@
-s "Read from client: $MAX_CONTENT_LEN bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
+run_test "Large client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
@@ -4107,7 +5900,7 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
-run_test "Large packet TLS 1.1 BlockCipher" \
+run_test "Large client packet TLS 1.1 BlockCipher" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@@ -4115,7 +5908,7 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
-run_test "Large packet TLS 1.1 BlockCipher, without EtM" \
+run_test "Large client packet TLS 1.1 BlockCipher, without EtM" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_1 etm=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@@ -4123,7 +5916,7 @@
-s "Read from client: $MAX_CONTENT_LEN bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large packet TLS 1.1 BlockCipher, truncated MAC" \
+run_test "Large client packet TLS 1.1 BlockCipher, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
@@ -4131,14 +5924,14 @@
-s "Read from client: $MAX_CONTENT_LEN bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
+run_test "Large client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
0 \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
-run_test "Large packet TLS 1.1 StreamCipher" \
+run_test "Large client packet TLS 1.1 StreamCipher" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
@@ -4146,7 +5939,7 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
-run_test "Large packet TLS 1.1 StreamCipher, without EtM" \
+run_test "Large client packet TLS 1.1 StreamCipher, without EtM" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
@@ -4155,7 +5948,7 @@
-s "Read from client: $MAX_CONTENT_LEN bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large packet TLS 1.1 StreamCipher, truncated MAC" \
+run_test "Large client packet TLS 1.1 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
@@ -4163,7 +5956,7 @@
-s "Read from client: $MAX_CONTENT_LEN bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
+run_test "Large client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
@@ -4171,7 +5964,7 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
-run_test "Large packet TLS 1.2 BlockCipher" \
+run_test "Large client packet TLS 1.2 BlockCipher" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@@ -4179,14 +5972,14 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
-run_test "Large packet TLS 1.2 BlockCipher, without EtM" \
+run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 etm=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
-run_test "Large packet TLS 1.2 BlockCipher larger MAC" \
+run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
@@ -4195,7 +5988,7 @@
-s "Read from client: $MAX_CONTENT_LEN bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large packet TLS 1.2 BlockCipher, truncated MAC" \
+run_test "Large client packet TLS 1.2 BlockCipher, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
@@ -4203,7 +5996,7 @@
-s "Read from client: $MAX_CONTENT_LEN bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
+run_test "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
@@ -4211,7 +6004,7 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
-run_test "Large packet TLS 1.2 StreamCipher" \
+run_test "Large client packet TLS 1.2 StreamCipher" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
@@ -4219,7 +6012,7 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
-run_test "Large packet TLS 1.2 StreamCipher, without EtM" \
+run_test "Large client packet TLS 1.2 StreamCipher, without EtM" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
@@ -4227,7 +6020,7 @@
-s "Read from client: $MAX_CONTENT_LEN bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large packet TLS 1.2 StreamCipher, truncated MAC" \
+run_test "Large client packet TLS 1.2 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
@@ -4235,7 +6028,7 @@
-s "Read from client: $MAX_CONTENT_LEN bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Large packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
+run_test "Large client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
@@ -4243,7 +6036,7 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
-run_test "Large packet TLS 1.2 AEAD" \
+run_test "Large client packet TLS 1.2 AEAD" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
@@ -4251,7 +6044,7 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
-run_test "Large packet TLS 1.2 AEAD shorter tag" \
+run_test "Large client packet TLS 1.2 AEAD shorter tag" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
@@ -4259,6 +6052,386 @@
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
-s "Read from client: $MAX_CONTENT_LEN bytes read"
+# Test for large server packets
+requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
+run_test "Large server packet SSLv3 StreamCipher" \
+ "$P_SRV response_size=16384 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI force_version=ssl3 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -c "Read from server: 16384 bytes read"
+
+# Checking next 4 tests logs for 1n-1 split against BEAST too
+requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
+run_test "Large server packet SSLv3 BlockCipher" \
+ "$P_SRV response_size=16384 min_version=ssl3" \
+ "$P_CLI force_version=ssl3 recsplit=0 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -c "Read from server: 1 bytes read"\
+ -c "16383 bytes read"\
+ -C "Read from server: 16384 bytes read"
+
+run_test "Large server packet TLS 1.0 BlockCipher" \
+ "$P_SRV response_size=16384" \
+ "$P_CLI force_version=tls1 recsplit=0 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -c "Read from server: 1 bytes read"\
+ -c "16383 bytes read"\
+ -C "Read from server: 16384 bytes read"
+
+run_test "Large server packet TLS 1.0 BlockCipher, without EtM" \
+ "$P_SRV response_size=16384" \
+ "$P_CLI force_version=tls1 etm=0 recsplit=0 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -c "Read from server: 1 bytes read"\
+ -c "16383 bytes read"\
+ -C "Read from server: 16384 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Large server packet TLS 1.0 BlockCipher truncated MAC" \
+ "$P_SRV response_size=16384" \
+ "$P_CLI force_version=tls1 recsplit=0 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -c "Read from server: 1 bytes read"\
+ -c "16383 bytes read"\
+ -C "Read from server: 16384 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Large server packet TLS 1.0 StreamCipher truncated MAC" \
+ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -s "16384 bytes written in 1 fragments" \
+ -c "Read from server: 16384 bytes read"
+
+run_test "Large server packet TLS 1.0 StreamCipher" \
+ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -s "16384 bytes written in 1 fragments" \
+ -c "Read from server: 16384 bytes read"
+
+run_test "Large server packet TLS 1.0 StreamCipher, without EtM" \
+ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
+ 0 \
+ -s "16384 bytes written in 1 fragments" \
+ -c "Read from server: 16384 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Large server packet TLS 1.0 StreamCipher, truncated MAC" \
+ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
+ "$P_CLI force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
+ 0 \
+ -s "16384 bytes written in 1 fragments" \
+ -c "Read from server: 16384 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Large server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
+ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
+ "$P_CLI force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
+ 0 \
+ -s "16384 bytes written in 1 fragments" \
+ -c "Read from server: 16384 bytes read"
+
+run_test "Large server packet TLS 1.1 BlockCipher" \
+ "$P_SRV response_size=16384" \
+ "$P_CLI force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -c "Read from server: 16384 bytes read"
+
+run_test "Large server packet TLS 1.1 BlockCipher, without EtM" \
+ "$P_SRV response_size=16384" \
+ "$P_CLI force_version=tls1_1 etm=0 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -s "16384 bytes written in 1 fragments" \
+ -c "Read from server: 16384 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Large server packet TLS 1.1 BlockCipher truncated MAC" \
+ "$P_SRV response_size=16384" \
+ "$P_CLI force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -c "Read from server: 16384 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Large server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
+ "$P_SRV response_size=16384 trunc_hmac=1" \
+ "$P_CLI force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
+ 0 \
+ -s "16384 bytes written in 1 fragments" \
+ -c "Read from server: 16384 bytes read"
+
+run_test "Large server packet TLS 1.1 StreamCipher" \
+ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -c "Read from server: 16384 bytes read"
+
+run_test "Large server packet TLS 1.1 StreamCipher, without EtM" \
+ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
+ 0 \
+ -s "16384 bytes written in 1 fragments" \
+ -c "Read from server: 16384 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Large server packet TLS 1.1 StreamCipher truncated MAC" \
+ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -c "Read from server: 16384 bytes read"
+
+run_test "Large server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
+ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
+ "$P_CLI force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
+ 0 \
+ -s "16384 bytes written in 1 fragments" \
+ -c "Read from server: 16384 bytes read"
+
+run_test "Large server packet TLS 1.2 BlockCipher" \
+ "$P_SRV response_size=16384" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -c "Read from server: 16384 bytes read"
+
+run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \
+ "$P_SRV response_size=16384" \
+ "$P_CLI force_version=tls1_2 etm=0 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ 0 \
+ -s "16384 bytes written in 1 fragments" \
+ -c "Read from server: 16384 bytes read"
+
+run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \
+ "$P_SRV response_size=16384" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
+ 0 \
+ -c "Read from server: 16384 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \
+ "$P_SRV response_size=16384" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -c "Read from server: 16384 bytes read"
+
+run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
+ "$P_SRV response_size=16384 trunc_hmac=1" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
+ 0 \
+ -s "16384 bytes written in 1 fragments" \
+ -c "Read from server: 16384 bytes read"
+
+run_test "Large server packet TLS 1.2 StreamCipher" \
+ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -s "16384 bytes written in 1 fragments" \
+ -c "Read from server: 16384 bytes read"
+
+run_test "Large server packet TLS 1.2 StreamCipher, without EtM" \
+ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
+ 0 \
+ -s "16384 bytes written in 1 fragments" \
+ -c "Read from server: 16384 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Large server packet TLS 1.2 StreamCipher truncated MAC" \
+ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -c "Read from server: 16384 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Large server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
+ "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
+ 0 \
+ -s "16384 bytes written in 1 fragments" \
+ -c "Read from server: 16384 bytes read"
+
+run_test "Large server packet TLS 1.2 AEAD" \
+ "$P_SRV response_size=16384" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
+ 0 \
+ -c "Read from server: 16384 bytes read"
+
+run_test "Large server packet TLS 1.2 AEAD shorter tag" \
+ "$P_SRV response_size=16384" \
+ "$P_CLI force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
+ 0 \
+ -c "Read from server: 16384 bytes read"
+
+# Tests for restartable ECC
+
+requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+run_test "EC restart: TLS, default" \
+ "$P_SRV auth_mode=required" \
+ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ debug_level=1" \
+ 0 \
+ -C "x509_verify_cert.*4b00" \
+ -C "mbedtls_pk_verify.*4b00" \
+ -C "mbedtls_ecdh_make_public.*4b00" \
+ -C "mbedtls_pk_sign.*4b00"
+
+requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+run_test "EC restart: TLS, max_ops=0" \
+ "$P_SRV auth_mode=required" \
+ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ debug_level=1 ec_max_ops=0" \
+ 0 \
+ -C "x509_verify_cert.*4b00" \
+ -C "mbedtls_pk_verify.*4b00" \
+ -C "mbedtls_ecdh_make_public.*4b00" \
+ -C "mbedtls_pk_sign.*4b00"
+
+requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+run_test "EC restart: TLS, max_ops=65535" \
+ "$P_SRV auth_mode=required" \
+ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ debug_level=1 ec_max_ops=65535" \
+ 0 \
+ -C "x509_verify_cert.*4b00" \
+ -C "mbedtls_pk_verify.*4b00" \
+ -C "mbedtls_ecdh_make_public.*4b00" \
+ -C "mbedtls_pk_sign.*4b00"
+
+requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+run_test "EC restart: TLS, max_ops=1000" \
+ "$P_SRV auth_mode=required" \
+ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ debug_level=1 ec_max_ops=1000" \
+ 0 \
+ -c "x509_verify_cert.*4b00" \
+ -c "mbedtls_pk_verify.*4b00" \
+ -c "mbedtls_ecdh_make_public.*4b00" \
+ -c "mbedtls_pk_sign.*4b00"
+
+requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+run_test "EC restart: TLS, max_ops=1000, badsign" \
+ "$P_SRV auth_mode=required \
+ crt_file=data_files/server5-badsign.crt \
+ key_file=data_files/server5.key" \
+ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ debug_level=1 ec_max_ops=1000" \
+ 1 \
+ -c "x509_verify_cert.*4b00" \
+ -C "mbedtls_pk_verify.*4b00" \
+ -C "mbedtls_ecdh_make_public.*4b00" \
+ -C "mbedtls_pk_sign.*4b00" \
+ -c "! The certificate is not correctly signed by the trusted CA" \
+ -c "! mbedtls_ssl_handshake returned" \
+ -c "X509 - Certificate verification failed"
+
+requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
+ "$P_SRV auth_mode=required \
+ crt_file=data_files/server5-badsign.crt \
+ key_file=data_files/server5.key" \
+ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ debug_level=1 ec_max_ops=1000 auth_mode=optional" \
+ 0 \
+ -c "x509_verify_cert.*4b00" \
+ -c "mbedtls_pk_verify.*4b00" \
+ -c "mbedtls_ecdh_make_public.*4b00" \
+ -c "mbedtls_pk_sign.*4b00" \
+ -c "! The certificate is not correctly signed by the trusted CA" \
+ -C "! mbedtls_ssl_handshake returned" \
+ -C "X509 - Certificate verification failed"
+
+requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
+ "$P_SRV auth_mode=required \
+ crt_file=data_files/server5-badsign.crt \
+ key_file=data_files/server5.key" \
+ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ debug_level=1 ec_max_ops=1000 auth_mode=none" \
+ 0 \
+ -C "x509_verify_cert.*4b00" \
+ -c "mbedtls_pk_verify.*4b00" \
+ -c "mbedtls_ecdh_make_public.*4b00" \
+ -c "mbedtls_pk_sign.*4b00" \
+ -C "! The certificate is not correctly signed by the trusted CA" \
+ -C "! mbedtls_ssl_handshake returned" \
+ -C "X509 - Certificate verification failed"
+
+requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+run_test "EC restart: DTLS, max_ops=1000" \
+ "$P_SRV auth_mode=required dtls=1" \
+ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ dtls=1 debug_level=1 ec_max_ops=1000" \
+ 0 \
+ -c "x509_verify_cert.*4b00" \
+ -c "mbedtls_pk_verify.*4b00" \
+ -c "mbedtls_ecdh_make_public.*4b00" \
+ -c "mbedtls_pk_sign.*4b00"
+
+requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+run_test "EC restart: TLS, max_ops=1000 no client auth" \
+ "$P_SRV" \
+ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ debug_level=1 ec_max_ops=1000" \
+ 0 \
+ -c "x509_verify_cert.*4b00" \
+ -c "mbedtls_pk_verify.*4b00" \
+ -c "mbedtls_ecdh_make_public.*4b00" \
+ -C "mbedtls_pk_sign.*4b00"
+
+requires_config_enabled MBEDTLS_ECP_RESTARTABLE
+run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \
+ "$P_SRV psk=abc123" \
+ "$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
+ psk=abc123 debug_level=1 ec_max_ops=1000" \
+ 0 \
+ -C "x509_verify_cert.*4b00" \
+ -C "mbedtls_pk_verify.*4b00" \
+ -C "mbedtls_ecdh_make_public.*4b00" \
+ -C "mbedtls_pk_sign.*4b00"
+
# Tests of asynchronous private key support in SSL
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
@@ -4607,6 +6780,56 @@
-s "Async decrypt callback: using key slot " \
-s "Async resume (slot [0-9]): decrypt done, status=0"
+# Tests for ECC extensions (rfc 4492)
+
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+run_test "Force a non ECC ciphersuite in the client side" \
+ "$P_SRV debug_level=3" \
+ "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
+ 0 \
+ -C "client hello, adding supported_elliptic_curves extension" \
+ -C "client hello, adding supported_point_formats extension" \
+ -S "found supported elliptic curves extension" \
+ -S "found supported point formats extension"
+
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+run_test "Force a non ECC ciphersuite in the server side" \
+ "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
+ "$P_CLI debug_level=3" \
+ 0 \
+ -C "found supported_point_formats extension" \
+ -S "server hello, supported_point_formats extension"
+
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+run_test "Force an ECC ciphersuite in the client side" \
+ "$P_SRV debug_level=3" \
+ "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
+ 0 \
+ -c "client hello, adding supported_elliptic_curves extension" \
+ -c "client hello, adding supported_point_formats extension" \
+ -s "found supported elliptic curves extension" \
+ -s "found supported point formats extension"
+
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+run_test "Force an ECC ciphersuite in the server side" \
+ "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
+ "$P_CLI debug_level=3" \
+ 0 \
+ -c "found supported_point_formats extension" \
+ -s "server hello, supported_point_formats extension"
+
# Tests for DTLS HelloVerifyRequest
run_test "DTLS cookie: enabled" \
@@ -4827,6 +7050,951 @@
-c "found fragmented DTLS handshake message" \
-C "error"
+# Tests for sending fragmented handshake messages with DTLS
+#
+# Use client auth when we need the client to send large messages,
+# and use large cert chains on both sides too (the long chains we have all use
+# both RSA and ECDSA, but ideally we should have long chains with either).
+# Sizes reached (UDP payload):
+# - 2037B for server certificate
+# - 1542B for client certificate
+# - 1013B for newsessionticket
+# - all others below 512B
+# All those tests assume MAX_CONTENT_LEN is at least 2048
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "DTLS fragmenting: none (for reference)" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=2500-60000 \
+ max_frag_len=4096" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=2500-60000 \
+ max_frag_len=4096" \
+ 0 \
+ -S "found fragmented DTLS handshake message" \
+ -C "found fragmented DTLS handshake message" \
+ -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "DTLS fragmenting: server only (max_frag_len)" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=2500-60000 \
+ max_frag_len=1024" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=2500-60000 \
+ max_frag_len=2048" \
+ 0 \
+ -S "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# With the MFL extension, the server has no way of forcing
+# the client to not exceed a certain MTU; hence, the following
+# test can't be replicated with an MTU proxy such as the one
+# `client-initiated, server only (max_frag_len)` below.
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "DTLS fragmenting: server only (more) (max_frag_len)" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=2500-60000 \
+ max_frag_len=512" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=2500-60000 \
+ max_frag_len=4096" \
+ 0 \
+ -S "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=none \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=2500-60000 \
+ max_frag_len=2048" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=2500-60000 \
+ max_frag_len=1024" \
+ 0 \
+ -S "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# While not required by the standard defining the MFL extension
+# (according to which it only applies to records, not to datagrams),
+# Mbed TLS will never send datagrams larger than MFL + { Max record expansion },
+# as otherwise there wouldn't be any means to communicate MTU restrictions
+# to the peer.
+# The next test checks that no datagrams significantly larger than the
+# negotiated MFL are sent.
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \
+ -p "$P_PXY mtu=1110" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=none \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=2500-60000 \
+ max_frag_len=2048" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=2500-60000 \
+ max_frag_len=1024" \
+ 0 \
+ -S "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=2500-60000 \
+ max_frag_len=2048" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=2500-60000 \
+ max_frag_len=1024" \
+ 0 \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# While not required by the standard defining the MFL extension
+# (according to which it only applies to records, not to datagrams),
+# Mbed TLS will never send datagrams larger than MFL + { Max record expansion },
+# as otherwise there wouldn't be any means to communicate MTU restrictions
+# to the peer.
+# The next test checks that no datagrams significantly larger than the
+# negotiated MFL are sent.
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \
+ -p "$P_PXY mtu=1110" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=2500-60000 \
+ max_frag_len=2048" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=2500-60000 \
+ max_frag_len=1024" \
+ 0 \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+run_test "DTLS fragmenting: none (for reference) (MTU)" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=2500-60000 \
+ mtu=4096" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=2500-60000 \
+ mtu=4096" \
+ 0 \
+ -S "found fragmented DTLS handshake message" \
+ -C "found fragmented DTLS handshake message" \
+ -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+run_test "DTLS fragmenting: client (MTU)" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=3500-60000 \
+ mtu=4096" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=3500-60000 \
+ mtu=1024" \
+ 0 \
+ -s "found fragmented DTLS handshake message" \
+ -C "found fragmented DTLS handshake message" \
+ -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+run_test "DTLS fragmenting: server (MTU)" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=2500-60000 \
+ mtu=512" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=2500-60000 \
+ mtu=2048" \
+ 0 \
+ -S "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+run_test "DTLS fragmenting: both (MTU=1024)" \
+ -p "$P_PXY mtu=1024" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=2500-60000 \
+ mtu=1024" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=2500-60000 \
+ mtu=1024" \
+ 0 \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_GCM_C
+run_test "DTLS fragmenting: both (MTU=512)" \
+ -p "$P_PXY mtu=512" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=2500-60000 \
+ mtu=512" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ hs_timeout=2500-60000 \
+ mtu=512" \
+ 0 \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# Test for automatic MTU reduction on repeated resend.
+# Forcing ciphersuite for this test to fit the MTU of 508 with full config.
+# The ratio of max/min timeout should ideally equal 4 to accept two
+# retransmissions, but in some cases (like both the server and client using
+# fragmentation and auto-reduction) an extra retransmission might occur,
+# hence the ratio of 8.
+not_with_valgrind
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_GCM_C
+run_test "DTLS fragmenting: proxy MTU: auto-reduction" \
+ -p "$P_PXY mtu=508" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=400-3200" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ hs_timeout=400-3200" \
+ 0 \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# Forcing ciphersuite for this test to fit the MTU of 508 with full config.
+only_with_valgrind
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_GCM_C
+run_test "DTLS fragmenting: proxy MTU: auto-reduction" \
+ -p "$P_PXY mtu=508" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=250-10000" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ hs_timeout=250-10000" \
+ 0 \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
+# OTOH the client might resend if the server is to slow to reset after sending
+# a HelloVerifyRequest, so only check for no retransmission server-side
+not_with_valgrind # spurious autoreduction due to timeout
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
+ -p "$P_PXY mtu=1024" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=10000-60000 \
+ mtu=1024" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=10000-60000 \
+ mtu=1024" \
+ 0 \
+ -S "autoreduction" \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
+# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
+# OTOH the client might resend if the server is to slow to reset after sending
+# a HelloVerifyRequest, so only check for no retransmission server-side
+not_with_valgrind # spurious autoreduction due to timeout
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_GCM_C
+run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
+ -p "$P_PXY mtu=512" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=10000-60000 \
+ mtu=512" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ hs_timeout=10000-60000 \
+ mtu=512" \
+ 0 \
+ -S "autoreduction" \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+not_with_valgrind # spurious autoreduction due to timeout
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
+ -p "$P_PXY mtu=1024" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=10000-60000 \
+ mtu=1024 nbio=2" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=10000-60000 \
+ mtu=1024 nbio=2" \
+ 0 \
+ -S "autoreduction" \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
+not_with_valgrind # spurious autoreduction due to timeout
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_GCM_C
+run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
+ -p "$P_PXY mtu=512" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=10000-60000 \
+ mtu=512 nbio=2" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ hs_timeout=10000-60000 \
+ mtu=512 nbio=2" \
+ 0 \
+ -S "autoreduction" \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# Forcing ciphersuite for this test to fit the MTU of 1450 with full config.
+# This ensures things still work after session_reset().
+# It also exercises the "resumed handshake" flow.
+# Since we don't support reading fragmented ClientHello yet,
+# up the MTU to 1450 (larger than ClientHello with session ticket,
+# but still smaller than client's Certificate to ensure fragmentation).
+# An autoreduction on the client-side might happen if the server is
+# slow to reset, therefore omitting '-C "autoreduction"' below.
+# reco_delay avoids races where the client reconnects before the server has
+# resumed listening, which would result in a spurious autoreduction.
+not_with_valgrind # spurious autoreduction due to timeout
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_GCM_C
+run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
+ -p "$P_PXY mtu=1450" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=10000-60000 \
+ mtu=1450" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=10000-60000 \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ mtu=1450 reconnect=1 reco_delay=1" \
+ 0 \
+ -S "autoreduction" \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# An autoreduction on the client-side might happen if the server is
+# slow to reset, therefore omitting '-C "autoreduction"' below.
+not_with_valgrind # spurious autoreduction due to timeout
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_CHACHAPOLY_C
+run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
+ -p "$P_PXY mtu=512" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ exchanges=2 renegotiation=1 \
+ hs_timeout=10000-60000 \
+ mtu=512" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ exchanges=2 renegotiation=1 renegotiate=1 \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ hs_timeout=10000-60000 \
+ mtu=512" \
+ 0 \
+ -S "autoreduction" \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# An autoreduction on the client-side might happen if the server is
+# slow to reset, therefore omitting '-C "autoreduction"' below.
+not_with_valgrind # spurious autoreduction due to timeout
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_GCM_C
+run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
+ -p "$P_PXY mtu=512" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ exchanges=2 renegotiation=1 \
+ hs_timeout=10000-60000 \
+ mtu=512" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ exchanges=2 renegotiation=1 renegotiate=1 \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ hs_timeout=10000-60000 \
+ mtu=512" \
+ 0 \
+ -S "autoreduction" \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# An autoreduction on the client-side might happen if the server is
+# slow to reset, therefore omitting '-C "autoreduction"' below.
+not_with_valgrind # spurious autoreduction due to timeout
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_CCM_C
+run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
+ -p "$P_PXY mtu=1024" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ exchanges=2 renegotiation=1 \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
+ hs_timeout=10000-60000 \
+ mtu=1024" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ exchanges=2 renegotiation=1 renegotiate=1 \
+ hs_timeout=10000-60000 \
+ mtu=1024" \
+ 0 \
+ -S "autoreduction" \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# An autoreduction on the client-side might happen if the server is
+# slow to reset, therefore omitting '-C "autoreduction"' below.
+not_with_valgrind # spurious autoreduction due to timeout
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
+requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
+run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
+ -p "$P_PXY mtu=1024" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ exchanges=2 renegotiation=1 \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
+ hs_timeout=10000-60000 \
+ mtu=1024" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ exchanges=2 renegotiation=1 renegotiate=1 \
+ hs_timeout=10000-60000 \
+ mtu=1024" \
+ 0 \
+ -S "autoreduction" \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# An autoreduction on the client-side might happen if the server is
+# slow to reset, therefore omitting '-C "autoreduction"' below.
+not_with_valgrind # spurious autoreduction due to timeout
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
+run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
+ -p "$P_PXY mtu=1024" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ exchanges=2 renegotiation=1 \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \
+ hs_timeout=10000-60000 \
+ mtu=1024" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ exchanges=2 renegotiation=1 renegotiate=1 \
+ hs_timeout=10000-60000 \
+ mtu=1024" \
+ 0 \
+ -S "autoreduction" \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_GCM_C
+client_needs_more_time 2
+run_test "DTLS fragmenting: proxy MTU + 3d" \
+ -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
+ "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=250-10000 mtu=512" \
+ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ hs_timeout=250-10000 mtu=512" \
+ 0 \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_GCM_C
+client_needs_more_time 2
+run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
+ -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
+ "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=250-10000 mtu=512 nbio=2" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ hs_timeout=250-10000 mtu=512 nbio=2" \
+ 0 \
+ -s "found fragmented DTLS handshake message" \
+ -c "found fragmented DTLS handshake message" \
+ -C "error"
+
+# interop tests for DTLS fragmentating with reliable connection
+#
+# here and below we just want to test that the we fragment in a way that
+# pleases other implementations, so we don't need the peer to fragment
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_gnutls
+run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
+ "$G_SRV -u" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ mtu=512 force_version=dtls1_2" \
+ 0 \
+ -c "fragmenting handshake message" \
+ -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+requires_gnutls
+run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \
+ "$G_SRV -u" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ mtu=512 force_version=dtls1" \
+ 0 \
+ -c "fragmenting handshake message" \
+ -C "error"
+
+# We use --insecure for the GnuTLS client because it expects
+# the hostname / IP it connects to to be the name used in the
+# certificate obtained from the server. Here, however, it
+# connects to 127.0.0.1 while our test certificates use 'localhost'
+# as the server name in the certificate. This will make the
+# certifiate validation fail, but passing --insecure makes
+# GnuTLS continue the connection nonetheless.
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_gnutls
+requires_not_i686
+run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
+ "$P_SRV dtls=1 debug_level=2 \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ mtu=512 force_version=dtls1_2" \
+ "$G_CLI -u --insecure 127.0.0.1" \
+ 0 \
+ -s "fragmenting handshake message"
+
+# See previous test for the reason to use --insecure
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+requires_gnutls
+requires_not_i686
+run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \
+ "$P_SRV dtls=1 debug_level=2 \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ mtu=512 force_version=dtls1" \
+ "$G_CLI -u --insecure 127.0.0.1" \
+ 0 \
+ -s "fragmenting handshake message"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
+ "$O_SRV -dtls1_2 -verify 10" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ mtu=512 force_version=dtls1_2" \
+ 0 \
+ -c "fragmenting handshake message" \
+ -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+run_test "DTLS fragmenting: openssl server, DTLS 1.0" \
+ "$O_SRV -dtls1 -verify 10" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ mtu=512 force_version=dtls1" \
+ 0 \
+ -c "fragmenting handshake message" \
+ -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
+ "$P_SRV dtls=1 debug_level=2 \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ mtu=512 force_version=dtls1_2" \
+ "$O_CLI -dtls1_2" \
+ 0 \
+ -s "fragmenting handshake message"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+run_test "DTLS fragmenting: openssl client, DTLS 1.0" \
+ "$P_SRV dtls=1 debug_level=2 \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ mtu=512 force_version=dtls1" \
+ "$O_CLI -dtls1" \
+ 0 \
+ -s "fragmenting handshake message"
+
+# interop tests for DTLS fragmentating with unreliable connection
+#
+# again we just want to test that the we fragment in a way that
+# pleases other implementations, so we don't need the peer to fragment
+requires_gnutls_next
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+client_needs_more_time 4
+run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
+ -p "$P_PXY drop=8 delay=8 duplicate=8" \
+ "$G_NEXT_SRV -u" \
+ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
+ 0 \
+ -c "fragmenting handshake message" \
+ -C "error"
+
+requires_gnutls_next
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+client_needs_more_time 4
+run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
+ -p "$P_PXY drop=8 delay=8 duplicate=8" \
+ "$G_NEXT_SRV -u" \
+ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=250-60000 mtu=512 force_version=dtls1" \
+ 0 \
+ -c "fragmenting handshake message" \
+ -C "error"
+
+requires_gnutls_next
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+client_needs_more_time 4
+run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
+ -p "$P_PXY drop=8 delay=8 duplicate=8" \
+ "$P_SRV dtls=1 debug_level=2 \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
+ "$G_NEXT_CLI -u --insecure 127.0.0.1" \
+ 0 \
+ -s "fragmenting handshake message"
+
+requires_gnutls_next
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+client_needs_more_time 4
+run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
+ -p "$P_PXY drop=8 delay=8 duplicate=8" \
+ "$P_SRV dtls=1 debug_level=2 \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=250-60000 mtu=512 force_version=dtls1" \
+ "$G_NEXT_CLI -u --insecure 127.0.0.1" \
+ 0 \
+ -s "fragmenting handshake message"
+
+## Interop test with OpenSSL might trigger a bug in recent versions (including
+## all versions installed on the CI machines), reported here:
+## Bug report: https://github.com/openssl/openssl/issues/6902
+## They should be re-enabled once a fixed version of OpenSSL is available
+## (this should happen in some 1.1.1_ release according to the ticket).
+skip_next_test
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+client_needs_more_time 4
+run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
+ -p "$P_PXY drop=8 delay=8 duplicate=8" \
+ "$O_SRV -dtls1_2 -verify 10" \
+ "$P_CLI dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
+ 0 \
+ -c "fragmenting handshake message" \
+ -C "error"
+
+skip_next_test
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+client_needs_more_time 4
+run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
+ -p "$P_PXY drop=8 delay=8 duplicate=8" \
+ "$O_SRV -dtls1 -verify 10" \
+ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
+ crt_file=data_files/server8_int-ca2.crt \
+ key_file=data_files/server8.key \
+ hs_timeout=250-60000 mtu=512 force_version=dtls1" \
+ 0 \
+ -c "fragmenting handshake message" \
+ -C "error"
+
+skip_next_test
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+client_needs_more_time 4
+run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
+ -p "$P_PXY drop=8 delay=8 duplicate=8" \
+ "$P_SRV dtls=1 debug_level=2 \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
+ "$O_CLI -dtls1_2" \
+ 0 \
+ -s "fragmenting handshake message"
+
+# -nbio is added to prevent s_client from blocking in case of duplicated
+# messages at the end of the handshake
+skip_next_test
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+client_needs_more_time 4
+run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
+ -p "$P_PXY drop=8 delay=8 duplicate=8" \
+ "$P_SRV dgram_packing=0 dtls=1 debug_level=2 \
+ crt_file=data_files/server7_int-ca.crt \
+ key_file=data_files/server7.key \
+ hs_timeout=250-60000 mtu=512 force_version=dtls1" \
+ "$O_CLI -nbio -dtls1" \
+ 0 \
+ -s "fragmenting handshake message"
+
# Tests for specific things with "unreliable" UDP connection
not_with_valgrind # spurious resend due to timeout
@@ -4848,8 +8016,8 @@
not_with_valgrind # spurious resend due to timeout
run_test "DTLS proxy: duplicate every packet" \
-p "$P_PXY duplicate=1" \
- "$P_SRV dtls=1 debug_level=2" \
- "$P_CLI dtls=1 debug_level=2" \
+ "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
+ "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
0 \
-c "replayed record" \
-s "replayed record" \
@@ -4861,8 +8029,8 @@
run_test "DTLS proxy: duplicate every packet, server anti-replay off" \
-p "$P_PXY duplicate=1" \
- "$P_SRV dtls=1 debug_level=2 anti_replay=0" \
- "$P_CLI dtls=1 debug_level=2" \
+ "$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \
+ "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
0 \
-c "replayed record" \
-S "replayed record" \
@@ -4875,24 +8043,24 @@
run_test "DTLS proxy: multiple records in same datagram" \
-p "$P_PXY pack=50" \
- "$P_SRV dtls=1 debug_level=2" \
- "$P_CLI dtls=1 debug_level=2" \
+ "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
+ "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
0 \
-c "next record in same datagram" \
-s "next record in same datagram"
run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \
-p "$P_PXY pack=50 duplicate=1" \
- "$P_SRV dtls=1 debug_level=2" \
- "$P_CLI dtls=1 debug_level=2" \
+ "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
+ "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
0 \
-c "next record in same datagram" \
-s "next record in same datagram"
run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \
-p "$P_PXY bad_ad=1" \
- "$P_SRV dtls=1 debug_level=1" \
- "$P_CLI dtls=1 debug_level=1 read_timeout=100" \
+ "$P_SRV dtls=1 dgram_packing=0 debug_level=1" \
+ "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
0 \
-c "discarding invalid record (mac)" \
-s "discarding invalid record (mac)" \
@@ -4903,8 +8071,8 @@
run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \
-p "$P_PXY bad_ad=1" \
- "$P_SRV dtls=1 debug_level=1 badmac_limit=1" \
- "$P_CLI dtls=1 debug_level=1 read_timeout=100" \
+ "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \
+ "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
1 \
-C "discarding invalid record (mac)" \
-S "discarding invalid record (mac)" \
@@ -4915,8 +8083,8 @@
run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \
-p "$P_PXY bad_ad=1" \
- "$P_SRV dtls=1 debug_level=1 badmac_limit=2" \
- "$P_CLI dtls=1 debug_level=1 read_timeout=100" \
+ "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \
+ "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
0 \
-c "discarding invalid record (mac)" \
-s "discarding invalid record (mac)" \
@@ -4927,8 +8095,8 @@
run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\
-p "$P_PXY bad_ad=1" \
- "$P_SRV dtls=1 debug_level=1 badmac_limit=2 exchanges=2" \
- "$P_CLI dtls=1 debug_level=1 read_timeout=100 exchanges=2" \
+ "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \
+ "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100 exchanges=2" \
1 \
-c "discarding invalid record (mac)" \
-s "discarding invalid record (mac)" \
@@ -4939,22 +8107,190 @@
run_test "DTLS proxy: delay ChangeCipherSpec" \
-p "$P_PXY delay_ccs=1" \
- "$P_SRV dtls=1 debug_level=1" \
- "$P_CLI dtls=1 debug_level=1" \
+ "$P_SRV dtls=1 debug_level=1 dgram_packing=0" \
+ "$P_CLI dtls=1 debug_level=1 dgram_packing=0" \
0 \
-c "record from another epoch" \
-s "record from another epoch" \
-s "Extra-header:" \
-c "HTTP/1.0 200 OK"
+# Tests for reordering support with DTLS
+
+run_test "DTLS reordering: Buffer out-of-order handshake message on client" \
+ -p "$P_PXY delay_srv=ServerHello" \
+ "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
+ hs_timeout=2500-60000" \
+ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
+ hs_timeout=2500-60000" \
+ 0 \
+ -c "Buffering HS message" \
+ -c "Next handshake message has been buffered - load"\
+ -S "Buffering HS message" \
+ -S "Next handshake message has been buffered - load"\
+ -C "Injecting buffered CCS message" \
+ -C "Remember CCS message" \
+ -S "Injecting buffered CCS message" \
+ -S "Remember CCS message"
+
+run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \
+ -p "$P_PXY delay_srv=ServerHello" \
+ "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
+ hs_timeout=2500-60000" \
+ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
+ hs_timeout=2500-60000" \
+ 0 \
+ -c "Buffering HS message" \
+ -c "found fragmented DTLS handshake message"\
+ -c "Next handshake message 1 not or only partially bufffered" \
+ -c "Next handshake message has been buffered - load"\
+ -S "Buffering HS message" \
+ -S "Next handshake message has been buffered - load"\
+ -C "Injecting buffered CCS message" \
+ -C "Remember CCS message" \
+ -S "Injecting buffered CCS message" \
+ -S "Remember CCS message"
+
+# The client buffers the ServerKeyExchange before receiving the fragmented
+# Certificate message; at the time of writing, together these are aroudn 1200b
+# in size, so that the bound below ensures that the certificate can be reassembled
+# while keeping the ServerKeyExchange.
+requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300
+run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \
+ -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
+ "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
+ hs_timeout=2500-60000" \
+ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
+ hs_timeout=2500-60000" \
+ 0 \
+ -c "Buffering HS message" \
+ -c "Next handshake message has been buffered - load"\
+ -C "attempt to make space by freeing buffered messages" \
+ -S "Buffering HS message" \
+ -S "Next handshake message has been buffered - load"\
+ -C "Injecting buffered CCS message" \
+ -C "Remember CCS message" \
+ -S "Injecting buffered CCS message" \
+ -S "Remember CCS message"
+
+# The size constraints ensure that the delayed certificate message can't
+# be reassembled while keeping the ServerKeyExchange message, but it can
+# when dropping it first.
+requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900
+requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299
+run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \
+ -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
+ "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
+ hs_timeout=2500-60000" \
+ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
+ hs_timeout=2500-60000" \
+ 0 \
+ -c "Buffering HS message" \
+ -c "attempt to make space by freeing buffered future messages" \
+ -c "Enough space available after freeing buffered HS messages" \
+ -S "Buffering HS message" \
+ -S "Next handshake message has been buffered - load"\
+ -C "Injecting buffered CCS message" \
+ -C "Remember CCS message" \
+ -S "Injecting buffered CCS message" \
+ -S "Remember CCS message"
+
+run_test "DTLS reordering: Buffer out-of-order handshake message on server" \
+ -p "$P_PXY delay_cli=Certificate" \
+ "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \
+ hs_timeout=2500-60000" \
+ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
+ hs_timeout=2500-60000" \
+ 0 \
+ -C "Buffering HS message" \
+ -C "Next handshake message has been buffered - load"\
+ -s "Buffering HS message" \
+ -s "Next handshake message has been buffered - load" \
+ -C "Injecting buffered CCS message" \
+ -C "Remember CCS message" \
+ -S "Injecting buffered CCS message" \
+ -S "Remember CCS message"
+
+run_test "DTLS reordering: Buffer out-of-order CCS message on client"\
+ -p "$P_PXY delay_srv=NewSessionTicket" \
+ "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
+ hs_timeout=2500-60000" \
+ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
+ hs_timeout=2500-60000" \
+ 0 \
+ -C "Buffering HS message" \
+ -C "Next handshake message has been buffered - load"\
+ -S "Buffering HS message" \
+ -S "Next handshake message has been buffered - load" \
+ -c "Injecting buffered CCS message" \
+ -c "Remember CCS message" \
+ -S "Injecting buffered CCS message" \
+ -S "Remember CCS message"
+
+run_test "DTLS reordering: Buffer out-of-order CCS message on server"\
+ -p "$P_PXY delay_cli=ClientKeyExchange" \
+ "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
+ hs_timeout=2500-60000" \
+ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
+ hs_timeout=2500-60000" \
+ 0 \
+ -C "Buffering HS message" \
+ -C "Next handshake message has been buffered - load"\
+ -S "Buffering HS message" \
+ -S "Next handshake message has been buffered - load" \
+ -C "Injecting buffered CCS message" \
+ -C "Remember CCS message" \
+ -s "Injecting buffered CCS message" \
+ -s "Remember CCS message"
+
+run_test "DTLS reordering: Buffer encrypted Finished message" \
+ -p "$P_PXY delay_ccs=1" \
+ "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
+ hs_timeout=2500-60000" \
+ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
+ hs_timeout=2500-60000" \
+ 0 \
+ -s "Buffer record from epoch 1" \
+ -s "Found buffered record from current epoch - load" \
+ -c "Buffer record from epoch 1" \
+ -c "Found buffered record from current epoch - load"
+
+# In this test, both the fragmented NewSessionTicket and the ChangeCipherSpec
+# from the server are delayed, so that the encrypted Finished message
+# is received and buffered. When the fragmented NewSessionTicket comes
+# in afterwards, the encrypted Finished message must be freed in order
+# to make space for the NewSessionTicket to be reassembled.
+# This works only in very particular circumstances:
+# - MBEDTLS_SSL_DTLS_MAX_BUFFERING must be large enough to allow buffering
+# of the NewSessionTicket, but small enough to also allow buffering of
+# the encrypted Finished message.
+# - The MTU setting on the server must be so small that the NewSessionTicket
+# needs to be fragmented.
+# - All messages sent by the server must be small enough to be either sent
+# without fragmentation or be reassembled within the bounds of
+# MBEDTLS_SSL_DTLS_MAX_BUFFERING. Achieve this by testing with a PSK-based
+# handshake, omitting CRTs.
+requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 240
+requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 280
+run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \
+ -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \
+ "$P_SRV mtu=190 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
+ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \
+ 0 \
+ -s "Buffer record from epoch 1" \
+ -s "Found buffered record from current epoch - load" \
+ -c "Buffer record from epoch 1" \
+ -C "Found buffered record from current epoch - load" \
+ -c "Enough space available after freeing future epoch record"
+
# Tests for "randomly unreliable connection": try a variety of flows and peers
client_needs_more_time 2
run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
+ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
psk=abc123" \
- "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
0 \
-s "Extra-header:" \
@@ -4963,8 +8299,8 @@
client_needs_more_time 2
run_test "DTLS proxy: 3d, \"short\" RSA handshake" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none" \
- "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 \
+ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
-s "Extra-header:" \
@@ -4973,8 +8309,8 @@
client_needs_more_time 2
run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none" \
- "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0" \
+ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \
0 \
-s "Extra-header:" \
-c "HTTP/1.0 200 OK"
@@ -4982,8 +8318,8 @@
client_needs_more_time 2
run_test "DTLS proxy: 3d, FS, client auth" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=required" \
- "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0" \
+ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \
0 \
-s "Extra-header:" \
-c "HTTP/1.0 200 OK"
@@ -4991,8 +8327,8 @@
client_needs_more_time 2
run_test "DTLS proxy: 3d, FS, ticket" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 hs_timeout=250-10000 tickets=1 auth_mode=none" \
- "$P_CLI dtls=1 hs_timeout=250-10000 tickets=1" \
+ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \
0 \
-s "Extra-header:" \
-c "HTTP/1.0 200 OK"
@@ -5000,8 +8336,8 @@
client_needs_more_time 2
run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 hs_timeout=250-10000 tickets=1 auth_mode=required" \
- "$P_CLI dtls=1 hs_timeout=250-10000 tickets=1" \
+ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \
0 \
-s "Extra-header:" \
-c "HTTP/1.0 200 OK"
@@ -5009,9 +8345,9 @@
client_needs_more_time 2
run_test "DTLS proxy: 3d, max handshake, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 hs_timeout=250-10000 nbio=2 tickets=1 \
+ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \
auth_mode=required" \
- "$P_CLI dtls=1 hs_timeout=250-10000 nbio=2 tickets=1" \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1" \
0 \
-s "Extra-header:" \
-c "HTTP/1.0 200 OK"
@@ -5019,9 +8355,9 @@
client_needs_more_time 4
run_test "DTLS proxy: 3d, min handshake, resumption" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
+ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
psk=abc123 debug_level=3" \
- "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
0 \
@@ -5033,9 +8369,9 @@
client_needs_more_time 4
run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
+ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
psk=abc123 debug_level=3 nbio=2" \
- "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \
0 \
@@ -5048,9 +8384,9 @@
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
+ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
psk=abc123 renegotiation=1 debug_level=2" \
- "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
renegotiate=1 debug_level=2 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
0 \
@@ -5063,9 +8399,9 @@
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
+ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
psk=abc123 renegotiation=1 debug_level=2" \
- "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
renegotiate=1 debug_level=2 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
0 \
@@ -5078,10 +8414,10 @@
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
+ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
debug_level=2" \
- "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
renegotiation=1 exchanges=4 debug_level=2 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
0 \
@@ -5094,10 +8430,10 @@
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
+ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
debug_level=2 nbio=2" \
- "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
renegotiation=1 exchanges=4 debug_level=2 nbio=2 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
0 \
@@ -5106,30 +8442,38 @@
-s "Extra-header:" \
-c "HTTP/1.0 200 OK"
+## Interop tests with OpenSSL might trigger a bug in recent versions (including
+## all versions installed on the CI machines), reported here:
+## Bug report: https://github.com/openssl/openssl/issues/6902
+## They should be re-enabled once a fixed version of OpenSSL is available
+## (this should happen in some 1.1.1_ release according to the ticket).
+skip_next_test
client_needs_more_time 6
not_with_valgrind # risk of non-mbedtls peer timing out
run_test "DTLS proxy: 3d, openssl server" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_SRV -dtls1 -mtu 2048" \
- "$P_CLI dtls=1 hs_timeout=250-60000 tickets=0" \
+ "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \
0 \
-c "HTTP/1.0 200 OK"
+skip_next_test # see above
client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out
run_test "DTLS proxy: 3d, openssl server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_SRV -dtls1 -mtu 768" \
- "$P_CLI dtls=1 hs_timeout=250-60000 tickets=0" \
+ "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \
0 \
-c "HTTP/1.0 200 OK"
+skip_next_test # see above
client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out
run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_SRV -dtls1 -mtu 768" \
- "$P_CLI dtls=1 hs_timeout=250-60000 nbio=2 tickets=0" \
+ "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \
0 \
-c "HTTP/1.0 200 OK"
@@ -5139,33 +8483,45 @@
run_test "DTLS proxy: 3d, gnutls server" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_SRV -u --mtu 2048 -a" \
- "$P_CLI dtls=1 hs_timeout=250-60000" \
+ "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \
0 \
-s "Extra-header:" \
-c "Extra-header:"
-requires_gnutls
+requires_gnutls_next
client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out
run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$G_SRV -u --mtu 512" \
- "$P_CLI dtls=1 hs_timeout=250-60000" \
+ "$G_NEXT_SRV -u --mtu 512" \
+ "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \
0 \
-s "Extra-header:" \
-c "Extra-header:"
-requires_gnutls
+requires_gnutls_next
client_needs_more_time 8
not_with_valgrind # risk of non-mbedtls peer timing out
run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
- "$G_SRV -u --mtu 512" \
- "$P_CLI dtls=1 hs_timeout=250-60000 nbio=2" \
+ "$G_NEXT_SRV -u --mtu 512" \
+ "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \
0 \
-s "Extra-header:" \
-c "Extra-header:"
+requires_config_enabled MBEDTLS_SSL_EXPORT_KEYS
+run_test "export keys functionality" \
+ "$P_SRV eap_tls=1 debug_level=3" \
+ "$P_CLI eap_tls=1 debug_level=3" \
+ 0 \
+ -s "exported maclen is " \
+ -s "exported keylen is " \
+ -s "exported ivlen is " \
+ -c "exported maclen is " \
+ -c "exported keylen is " \
+ -c "exported ivlen is "
+
# Final report
echo "------------------------------------------------------------------------"
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 8f04885..b4b6d72 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -1,4 +1,4 @@
-#line 1 "helpers.function"
+#line 2 "suites/helpers.function"
/*----------------------------------------------------------------------------*/
/* Headers */
@@ -23,8 +23,15 @@
#include "mbedtls/memory_buffer_alloc.h"
#endif
+#if defined(MBEDTLS_CHECK_PARAMS)
+#include "mbedtls/platform_util.h"
+#include <setjmp.h>
+#endif
+
#ifdef _MSC_VER
#include <basetsd.h>
+typedef UINT8 uint8_t;
+typedef INT32 int32_t;
typedef UINT32 uint32_t;
#define strncasecmp _strnicmp
#define strcasecmp _stricmp
@@ -39,34 +46,191 @@
#include <strings.h>
#endif
+/* Type for Hex parameters */
+typedef struct data_tag
+{
+ uint8_t * x;
+ uint32_t len;
+} data_t;
+
/*----------------------------------------------------------------------------*/
-/* Constants */
+/* Status and error constants */
-#define DEPENDENCY_SUPPORTED 0
-#define DEPENDENCY_NOT_SUPPORTED 1
+#define DEPENDENCY_SUPPORTED 0 /* Dependency supported by build */
+#define KEY_VALUE_MAPPING_FOUND 0 /* Integer expression found */
+#define DISPATCH_TEST_SUCCESS 0 /* Test dispatch successful */
-#define KEY_VALUE_MAPPING_FOUND 0
-#define KEY_VALUE_MAPPING_NOT_FOUND -1
+#define KEY_VALUE_MAPPING_NOT_FOUND -1 /* Integer expression not found */
+#define DEPENDENCY_NOT_SUPPORTED -2 /* Dependency not supported */
+#define DISPATCH_TEST_FN_NOT_FOUND -3 /* Test function not found */
+#define DISPATCH_INVALID_TEST_DATA -4 /* Invalid test parameter type.
+ Only int, string, binary data
+ and integer expressions are
+ allowed */
+#define DISPATCH_UNSUPPORTED_SUITE -5 /* Test suite not supported by the
+ build */
-#define DISPATCH_TEST_SUCCESS 0
-#define DISPATCH_TEST_FN_NOT_FOUND 1
-#define DISPATCH_INVALID_TEST_DATA 2
-#define DISPATCH_UNSUPPORTED_SUITE 3
+typedef enum
+{
+ PARAMFAIL_TESTSTATE_IDLE = 0, /* No parameter failure call test */
+ PARAMFAIL_TESTSTATE_PENDING, /* Test call to the parameter failure
+ * is pending */
+ PARAMFAIL_TESTSTATE_CALLED /* The test call to the parameter
+ * failure function has been made */
+} paramfail_test_state_t;
/*----------------------------------------------------------------------------*/
/* Macros */
-#define TEST_ASSERT( TEST ) \
+/**
+ * \brief This macro tests the expression passed to it as a test step or
+ * individual test in a test case.
+ *
+ * It allows a library function to return a value and return an error
+ * code that can be tested.
+ *
+ * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
+ * callback, MBEDTLS_PARAM_FAILED(), will be assumed to be a test
+ * failure.
+ *
+ * This macro is not suitable for negative parameter validation tests,
+ * as it assumes the test step will not create an error.
+ *
+ * Failing the test means:
+ * - Mark this test case as failed.
+ * - Print a message identifying the failure.
+ * - Jump to the \c exit label.
+ *
+ * This macro expands to an instruction, not an expression.
+ * It may jump to the \c exit label.
+ *
+ * \param TEST The test expression to be tested.
+ */
+#define TEST_ASSERT( TEST ) \
+ do { \
+ if( ! (TEST) ) \
+ { \
+ test_fail( #TEST, __LINE__, __FILE__ ); \
+ goto exit; \
+ } \
+ } while( 0 )
+
+/**
+ * \brief This macro tests the expression passed to it and skips the
+ * running test if it doesn't evaluate to 'true'.
+ *
+ * \param TEST The test expression to be tested.
+ */
+#define TEST_ASSUME( TEST ) \
do { \
if( ! (TEST) ) \
{ \
- test_fail( #TEST, __LINE__, __FILE__ ); \
+ test_skip( #TEST, __LINE__, __FILE__ ); \
goto exit; \
} \
} while( 0 )
-#define assert(a) if( !( a ) ) \
+#if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT)
+/**
+ * \brief This macro tests the statement passed to it as a test step or
+ * individual test in a test case. The macro assumes the test will fail
+ * and will generate an error.
+ *
+ * It allows a library function to return a value and tests the return
+ * code on return to confirm the given error code was returned.
+ *
+ * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
+ * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
+ * expected failure, and the test will pass.
+ *
+ * This macro is intended for negative parameter validation tests,
+ * where the failing function may return an error value or call
+ * MBEDTLS_PARAM_FAILED() to indicate the error.
+ *
+ * \param PARAM_ERROR_VALUE The expected error code.
+ *
+ * \param TEST The test expression to be tested.
+ */
+#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \
+ do { \
+ test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_PENDING; \
+ if( (TEST) != (PARAM_ERR_VALUE) || \
+ test_info.paramfail_test_state != PARAMFAIL_TESTSTATE_CALLED ) \
+ { \
+ test_fail( #TEST, __LINE__, __FILE__ ); \
+ goto exit; \
+ } \
+ } while( 0 )
+
+/**
+ * \brief This macro tests the statement passed to it as a test step or
+ * individual test in a test case. The macro assumes the test will fail
+ * and will generate an error.
+ *
+ * It assumes the library function under test cannot return a value and
+ * assumes errors can only be indicated byt calls to
+ * MBEDTLS_PARAM_FAILED().
+ *
+ * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
+ * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
+ * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test
+ * can be made.
+ *
+ * This macro is intended for negative parameter validation tests,
+ * where the failing function can only return an error by calling
+ * MBEDTLS_PARAM_FAILED() to indicate the error.
+ *
+ * \param TEST The test expression to be tested.
+ */
+#define TEST_INVALID_PARAM( TEST ) \
+ do { \
+ memcpy(jmp_tmp, param_fail_jmp, sizeof(jmp_buf)); \
+ if( setjmp( param_fail_jmp ) == 0 ) \
+ { \
+ TEST; \
+ test_fail( #TEST, __LINE__, __FILE__ ); \
+ goto exit; \
+ } \
+ memcpy(param_fail_jmp, jmp_tmp, sizeof(jmp_buf)); \
+ } while( 0 )
+#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */
+
+/**
+ * \brief This macro tests the statement passed to it as a test step or
+ * individual test in a test case. The macro assumes the test will not fail.
+ *
+ * It assumes the library function under test cannot return a value and
+ * assumes errors can only be indicated by calls to
+ * MBEDTLS_PARAM_FAILED().
+ *
+ * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
+ * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
+ * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test
+ * can be made.
+ *
+ * This macro is intended to test that functions returning void
+ * accept all of the parameter values they're supposed to accept - eg
+ * that they don't call MBEDTLS_PARAM_FAILED() when a parameter
+ * that's allowed to be NULL happens to be NULL.
+ *
+ * Note: for functions that return something other that void,
+ * checking that they accept all the parameters they're supposed to
+ * accept is best done by using TEST_ASSERT() and checking the return
+ * value as well.
+ *
+ * Note: this macro is available even when #MBEDTLS_CHECK_PARAMS is
+ * disabled, as it makes sense to check that the functions accept all
+ * legal values even if this option is disabled - only in that case,
+ * the test is more about whether the function segfaults than about
+ * whether it invokes MBEDTLS_PARAM_FAILED().
+ *
+ * \param TEST The test expression to be tested.
+ */
+#define TEST_VALID_PARAM( TEST ) \
+ TEST_ASSERT( ( TEST, 1 ) );
+
+#define TEST_HELPER_ASSERT(a) if( !( a ) ) \
{ \
mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \
__FILE__, __LINE__, #a ); \
@@ -100,10 +264,17 @@
/*----------------------------------------------------------------------------*/
/* Global variables */
+typedef enum
+{
+ TEST_RESULT_SUCCESS = 0,
+ TEST_RESULT_FAILED,
+ TEST_RESULT_SKIPPED
+} test_result_t;
static struct
{
- int failed;
+ paramfail_test_state_t paramfail_test_state;
+ test_result_t result;
const char *test;
const char *filename;
int line_no;
@@ -114,6 +285,11 @@
mbedtls_platform_context platform_ctx;
#endif
+#if defined(MBEDTLS_CHECK_PARAMS)
+jmp_buf param_fail_jmp;
+jmp_buf jmp_tmp;
+#endif
+
/*----------------------------------------------------------------------------*/
/* Helper flags for complex dependencies */
@@ -131,6 +307,23 @@
/*----------------------------------------------------------------------------*/
/* Helper Functions */
+
+void test_fail( const char *test, int line_no, const char* filename )
+{
+ test_info.result = TEST_RESULT_FAILED;
+ test_info.test = test;
+ test_info.line_no = line_no;
+ test_info.filename = filename;
+}
+
+void test_skip( const char *test, int line_no, const char* filename )
+{
+ test_info.result = TEST_RESULT_SKIPPED;
+ test_info.test = test;
+ test_info.line_no = line_no;
+ test_info.filename = filename;
+}
+
static int platform_setup()
{
int ret = 0;
@@ -147,6 +340,30 @@
#endif /* MBEDTLS_PLATFORM_C */
}
+#if defined(MBEDTLS_CHECK_PARAMS)
+void mbedtls_param_failed( const char *failure_condition,
+ const char *file,
+ int line )
+{
+ /* If we are testing the callback function... */
+ if( test_info.paramfail_test_state == PARAMFAIL_TESTSTATE_PENDING )
+ {
+ test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_CALLED;
+ }
+ else
+ {
+ /* ...else we treat this as an error */
+
+ /* Record the location of the failure, but not as a failure yet, in case
+ * it was part of the test */
+ test_fail( failure_condition, line, file );
+ test_info.result = TEST_RESULT_SUCCESS;
+
+ longjmp( param_fail_jmp, 1 );
+ }
+}
+#endif
+
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
static int redirect_output( FILE** out_stream, const char* path )
{
@@ -163,6 +380,7 @@
if( *out_stream == NULL )
{
+ close( stdout_fd );
return -1;
}
@@ -189,11 +407,11 @@
}
#endif /* __unix__ || __APPLE__ __MACH__ */
-static int unhexify( unsigned char *obuf, const char *ibuf )
+int unhexify( unsigned char *obuf, const char *ibuf )
{
unsigned char c, c2;
int len = strlen( ibuf ) / 2;
- assert( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */
+ TEST_HELPER_ASSERT( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */
while( *ibuf != 0 )
{
@@ -205,7 +423,7 @@
else if( c >= 'A' && c <= 'F' )
c -= 'A' - 10;
else
- assert( 0 );
+ TEST_HELPER_ASSERT( 0 );
c2 = *ibuf++;
if( c2 >= '0' && c2 <= '9' )
@@ -215,7 +433,7 @@
else if( c2 >= 'A' && c2 <= 'F' )
c2 -= 'A' - 10;
else
- assert( 0 );
+ TEST_HELPER_ASSERT( 0 );
*obuf++ = ( c << 4 ) | c2;
}
@@ -223,7 +441,7 @@
return len;
}
-static void hexify( unsigned char *obuf, const unsigned char *ibuf, int len )
+void hexify( unsigned char *obuf, const unsigned char *ibuf, int len )
{
unsigned char l, h;
@@ -260,7 +478,7 @@
size_t actual_len = ( len != 0 ) ? len : 1;
p = mbedtls_calloc( 1, actual_len );
- assert( p != NULL );
+ TEST_HELPER_ASSERT( p != NULL );
memset( p, 0x00, actual_len );
@@ -277,7 +495,7 @@
*
* For convenience, dies if allocation fails.
*/
-static unsigned char *unhexify_alloc( const char *ibuf, size_t *olen )
+unsigned char *unhexify_alloc( const char *ibuf, size_t *olen )
{
unsigned char *obuf;
@@ -287,7 +505,7 @@
return( zero_alloc( *olen ) );
obuf = mbedtls_calloc( 1, *olen );
- assert( obuf != NULL );
+ TEST_HELPER_ASSERT( obuf != NULL );
(void) unhexify( obuf, ibuf );
@@ -328,7 +546,7 @@
*
* rng_state shall be NULL.
*/
-static int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len )
+int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len )
{
if( rng_state != NULL )
rng_state = NULL;
@@ -355,7 +573,7 @@
*
* After the buffer is empty it will return rand();
*/
-static int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len )
+int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len )
{
rnd_buf_info *info = (rnd_buf_info *) rng_state;
size_t use_len;
@@ -401,7 +619,7 @@
*
* rng_state shall be a pointer to a rnd_pseudo_info structure.
*/
-static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
+int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
{
rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state;
uint32_t i, *k, sum, delta=0x9E3779B9;
@@ -435,10 +653,21 @@
return( 0 );
}
-static void test_fail( const char *test, int line_no, const char* filename )
+int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len )
{
- test_info.failed = 1;
- test_info.test = test;
- test_info.line_no = line_no;
- test_info.filename = filename;
+ int ret = 0;
+ uint32_t i = 0;
+
+ if( a_len != b_len )
+ return( -1 );
+
+ for( i = 0; i < a_len; i++ )
+ {
+ if( a[i] != b[i] )
+ {
+ ret = -1;
+ break;
+ }
+ }
+ return ret;
}
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
new file mode 100644
index 0000000..0f98d23
--- /dev/null
+++ b/tests/suites/host_test.function
@@ -0,0 +1,678 @@
+#line 2 "suites/host_test.function"
+
+/**
+ * \brief Verifies that string is in string parameter format i.e. "<str>"
+ * It also strips enclosing '"' from the input string.
+ *
+ * \param str String parameter.
+ *
+ * \return 0 if success else 1
+ */
+int verify_string( char **str )
+{
+ if( ( *str )[0] != '"' ||
+ ( *str )[strlen( *str ) - 1] != '"' )
+ {
+ mbedtls_fprintf( stderr,
+ "Expected string (with \"\") for parameter and got: %s\n", *str );
+ return( -1 );
+ }
+
+ ( *str )++;
+ ( *str )[strlen( *str ) - 1] = '\0';
+
+ return( 0 );
+}
+
+/**
+ * \brief Verifies that string is an integer. Also gives the converted
+ * integer value.
+ *
+ * \param str Input string.
+ * \param value Pointer to int for output value.
+ *
+ * \return 0 if success else 1
+ */
+int verify_int( char *str, int *value )
+{
+ size_t i;
+ int minus = 0;
+ int digits = 1;
+ int hex = 0;
+
+ for( i = 0; i < strlen( str ); i++ )
+ {
+ if( i == 0 && str[i] == '-' )
+ {
+ minus = 1;
+ continue;
+ }
+
+ if( ( ( minus && i == 2 ) || ( !minus && i == 1 ) ) &&
+ str[i - 1] == '0' && ( str[i] == 'x' || str[i] == 'X' ) )
+ {
+ hex = 1;
+ continue;
+ }
+
+ if( ! ( ( str[i] >= '0' && str[i] <= '9' ) ||
+ ( hex && ( ( str[i] >= 'a' && str[i] <= 'f' ) ||
+ ( str[i] >= 'A' && str[i] <= 'F' ) ) ) ) )
+ {
+ digits = 0;
+ break;
+ }
+ }
+
+ if( digits )
+ {
+ if( hex )
+ *value = strtol( str, NULL, 16 );
+ else
+ *value = strtol( str, NULL, 10 );
+
+ return( 0 );
+ }
+
+ mbedtls_fprintf( stderr,
+ "Expected integer for parameter and got: %s\n", str );
+ return( KEY_VALUE_MAPPING_NOT_FOUND );
+}
+
+
+/**
+ * \brief Usage string.
+ *
+ */
+#define USAGE \
+ "Usage: %s [OPTIONS] files...\n\n" \
+ " Command line arguments:\n" \
+ " files... One or more test data files. If no file is\n" \
+ " specified the following default test case\n" \
+ " file is used:\n" \
+ " %s\n\n" \
+ " Options:\n" \
+ " -v | --verbose Display full information about each test\n" \
+ " -h | --help Display this information\n\n", \
+ argv[0], \
+ "TESTCASE_FILENAME"
+
+
+/**
+ * \brief Read a line from the passed file pointer.
+ *
+ * \param f FILE pointer
+ * \param buf Pointer to memory to hold read line.
+ * \param len Length of the buf.
+ *
+ * \return 0 if success else -1
+ */
+int get_line( FILE *f, char *buf, size_t len )
+{
+ char *ret;
+ int i = 0, str_len = 0, has_string = 0;
+
+ /* Read until we get a valid line */
+ do
+ {
+ ret = fgets( buf, len, f );
+ if( ret == NULL )
+ return( -1 );
+
+ str_len = strlen( buf );
+
+ /* Skip empty line and comment */
+ if ( str_len == 0 || buf[0] == '#' )
+ continue;
+ has_string = 0;
+ for ( i = 0; i < str_len; i++ )
+ {
+ char c = buf[i];
+ if ( c != ' ' && c != '\t' && c != '\n' &&
+ c != '\v' && c != '\f' && c != '\r' )
+ {
+ has_string = 1;
+ break;
+ }
+ }
+ } while( !has_string );
+
+ /* Strip new line and carriage return */
+ ret = buf + strlen( buf );
+ if( ret-- > buf && *ret == '\n' )
+ *ret = '\0';
+ if( ret-- > buf && *ret == '\r' )
+ *ret = '\0';
+
+ return( 0 );
+}
+
+/**
+ * \brief Splits string delimited by ':'. Ignores '\:'.
+ *
+ * \param buf Input string
+ * \param len Input string length
+ * \param params Out params found
+ * \param params_len Out params array len
+ *
+ * \return Count of strings found.
+ */
+static int parse_arguments( char *buf, size_t len, char **params,
+ size_t params_len )
+{
+ size_t cnt = 0, i;
+ char *cur = buf;
+ char *p = buf, *q;
+
+ params[cnt++] = cur;
+
+ while( *p != '\0' && p < ( buf + len ) )
+ {
+ if( *p == '\\' )
+ {
+ p++;
+ p++;
+ continue;
+ }
+ if( *p == ':' )
+ {
+ if( p + 1 < buf + len )
+ {
+ cur = p + 1;
+ TEST_HELPER_ASSERT( cnt < params_len );
+ params[cnt++] = cur;
+ }
+ *p = '\0';
+ }
+
+ p++;
+ }
+
+ /* Replace newlines, question marks and colons in strings */
+ for( i = 0; i < cnt; i++ )
+ {
+ p = params[i];
+ q = params[i];
+
+ while( *p != '\0' )
+ {
+ if( *p == '\\' && *( p + 1 ) == 'n' )
+ {
+ p += 2;
+ *( q++ ) = '\n';
+ }
+ else if( *p == '\\' && *( p + 1 ) == ':' )
+ {
+ p += 2;
+ *( q++ ) = ':';
+ }
+ else if( *p == '\\' && *( p + 1 ) == '?' )
+ {
+ p += 2;
+ *( q++ ) = '?';
+ }
+ else
+ *( q++ ) = *( p++ );
+ }
+ *q = '\0';
+ }
+
+ return( cnt );
+}
+
+/**
+ * \brief Converts parameters into test function consumable parameters.
+ * Example: Input: {"int", "0", "char*", "Hello",
+ * "hex", "abef", "exp", "1"}
+ * Output: {
+ * 0, // Verified int
+ * "Hello", // Verified string
+ * 2, { 0xab, 0xef },// Converted len,hex pair
+ * 9600 // Evaluated expression
+ * }
+ *
+ *
+ * \param cnt Parameter array count.
+ * \param params Out array of found parameters.
+ * \param int_params_store Memory for storing processed integer parameters.
+ *
+ * \return 0 for success else 1
+ */
+static int convert_params( size_t cnt , char ** params , int * int_params_store )
+{
+ char ** cur = params;
+ char ** out = params;
+ int ret = DISPATCH_TEST_SUCCESS;
+
+ while ( cur < params + cnt )
+ {
+ char * type = *cur++;
+ char * val = *cur++;
+
+ if ( strcmp( type, "char*" ) == 0 )
+ {
+ if ( verify_string( &val ) == 0 )
+ {
+ *out++ = val;
+ }
+ else
+ {
+ ret = ( DISPATCH_INVALID_TEST_DATA );
+ break;
+ }
+ }
+ else if ( strcmp( type, "int" ) == 0 )
+ {
+ if ( verify_int( val, int_params_store ) == 0 )
+ {
+ *out++ = (char *) int_params_store++;
+ }
+ else
+ {
+ ret = ( DISPATCH_INVALID_TEST_DATA );
+ break;
+ }
+ }
+ else if ( strcmp( type, "hex" ) == 0 )
+ {
+ if ( verify_string( &val ) == 0 )
+ {
+ *int_params_store = unhexify( (unsigned char *) val, val );
+ *out++ = val;
+ *out++ = (char *)(int_params_store++);
+ }
+ else
+ {
+ ret = ( DISPATCH_INVALID_TEST_DATA );
+ break;
+ }
+ }
+ else if ( strcmp( type, "exp" ) == 0 )
+ {
+ int exp_id = strtol( val, NULL, 10 );
+ if ( get_expression ( exp_id, int_params_store ) == 0 )
+ {
+ *out++ = (char *)int_params_store++;
+ }
+ else
+ {
+ ret = ( DISPATCH_INVALID_TEST_DATA );
+ break;
+ }
+ }
+ else
+ {
+ ret = ( DISPATCH_INVALID_TEST_DATA );
+ break;
+ }
+ }
+ return( ret );
+}
+
+/**
+ * \brief Tests snprintf implementation with test input.
+ *
+ * \note
+ * At high optimization levels (e.g. gcc -O3), this function may be
+ * inlined in run_test_snprintf. This can trigger a spurious warning about
+ * potential misuse of snprintf from gcc -Wformat-truncation (observed with
+ * gcc 7.2). This warning makes tests in run_test_snprintf redundant on gcc
+ * only. They are still valid for other compilers. Avoid this warning by
+ * forbidding inlining of this function by gcc.
+ *
+ * \param n Buffer test length.
+ * \param ref_buf Expected buffer.
+ * \param ref_ret Expected snprintf return value.
+ *
+ * \return 0 for success else 1
+ */
+#if defined(__GNUC__)
+__attribute__((__noinline__))
+#endif
+static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret )
+{
+ int ret;
+ char buf[10] = "xxxxxxxxx";
+ const char ref[10] = "xxxxxxxxx";
+
+ if( n >= sizeof( buf ) )
+ return( -1 );
+ ret = mbedtls_snprintf( buf, n, "%s", "123" );
+ if( ret < 0 || (size_t) ret >= n )
+ ret = -1;
+
+ if( strncmp( ref_buf, buf, sizeof( buf ) ) != 0 ||
+ ref_ret != ret ||
+ memcmp( buf + n, ref + n, sizeof( buf ) - n ) != 0 )
+ {
+ return( 1 );
+ }
+
+ return( 0 );
+}
+
+/**
+ * \brief Tests snprintf implementation.
+ *
+ * \param none
+ *
+ * \return 0 for success else 1
+ */
+static int run_test_snprintf( void )
+{
+ return( test_snprintf( 0, "xxxxxxxxx", -1 ) != 0 ||
+ test_snprintf( 1, "", -1 ) != 0 ||
+ test_snprintf( 2, "1", -1 ) != 0 ||
+ test_snprintf( 3, "12", -1 ) != 0 ||
+ test_snprintf( 4, "123", 3 ) != 0 ||
+ test_snprintf( 5, "123", 3 ) != 0 );
+}
+
+
+/**
+ * \brief Desktop implementation of execute_tests().
+ * Parses command line and executes tests from
+ * supplied or default data file.
+ *
+ * \param argc Command line argument count.
+ * \param argv Argument array.
+ *
+ * \return Program exit status.
+ */
+int execute_tests( int argc , const char ** argv )
+{
+ /* Local Configurations and options */
+ const char *default_filename = "DATA_FILE";
+ const char *test_filename = NULL;
+ const char **test_files = NULL;
+ int testfile_count = 0;
+ int option_verbose = 0;
+ int function_id = 0;
+
+ /* Other Local variables */
+ int arg_index = 1;
+ const char *next_arg;
+ int testfile_index, ret, i, cnt;
+ int total_errors = 0, total_tests = 0, total_skipped = 0;
+ FILE *file;
+ char buf[5000];
+ char *params[50];
+ /* Store for proccessed integer params. */
+ int int_params[50];
+ void *pointer;
+#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
+ int stdout_fd = -1;
+#endif /* __unix__ || __APPLE__ __MACH__ */
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
+ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
+ unsigned char alloc_buf[1000000];
+ mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof( alloc_buf ) );
+#endif
+
+ /*
+ * The C standard doesn't guarantee that all-bits-0 is the representation
+ * of a NULL pointer. We do however use that in our code for initializing
+ * structures, which should work on every modern platform. Let's be sure.
+ */
+ memset( &pointer, 0, sizeof( void * ) );
+ if( pointer != NULL )
+ {
+ mbedtls_fprintf( stderr, "all-bits-zero is not a NULL pointer\n" );
+ return( 1 );
+ }
+
+ /*
+ * Make sure we have a snprintf that correctly zero-terminates
+ */
+ if( run_test_snprintf() != 0 )
+ {
+ mbedtls_fprintf( stderr, "the snprintf implementation is broken\n" );
+ return( 1 );
+ }
+
+ while( arg_index < argc )
+ {
+ next_arg = argv[arg_index];
+
+ if( strcmp( next_arg, "--verbose" ) == 0 ||
+ strcmp( next_arg, "-v" ) == 0 )
+ {
+ option_verbose = 1;
+ }
+ else if( strcmp(next_arg, "--help" ) == 0 ||
+ strcmp(next_arg, "-h" ) == 0 )
+ {
+ mbedtls_fprintf( stdout, USAGE );
+ mbedtls_exit( EXIT_SUCCESS );
+ }
+ else
+ {
+ /* Not an option, therefore treat all further arguments as the file
+ * list.
+ */
+ test_files = &argv[ arg_index ];
+ testfile_count = argc - arg_index;
+ }
+
+ arg_index++;
+ }
+
+ /* If no files were specified, assume a default */
+ if ( test_files == NULL || testfile_count == 0 )
+ {
+ test_files = &default_filename;
+ testfile_count = 1;
+ }
+
+ /* Initialize the struct that holds information about the last test */
+ memset( &test_info, 0, sizeof( test_info ) );
+
+ /* Now begin to execute the tests in the testfiles */
+ for ( testfile_index = 0;
+ testfile_index < testfile_count;
+ testfile_index++ )
+ {
+ int unmet_dep_count = 0;
+ char *unmet_dependencies[20];
+
+ test_filename = test_files[ testfile_index ];
+
+ file = fopen( test_filename, "r" );
+ if( file == NULL )
+ {
+ mbedtls_fprintf( stderr, "Failed to open test file: %s\n",
+ test_filename );
+ return( 1 );
+ }
+
+ while( !feof( file ) )
+ {
+ if( unmet_dep_count > 0 )
+ {
+ mbedtls_fprintf( stderr,
+ "FATAL: Dep count larger than zero at start of loop\n" );
+ mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+ }
+ unmet_dep_count = 0;
+
+ if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
+ break;
+ mbedtls_fprintf( stdout, "%s%.66s",
+ test_info.result == TEST_RESULT_FAILED ? "\n" : "", buf );
+ mbedtls_fprintf( stdout, " " );
+ for( i = strlen( buf ) + 1; i < 67; i++ )
+ mbedtls_fprintf( stdout, "." );
+ mbedtls_fprintf( stdout, " " );
+ fflush( stdout );
+
+ total_tests++;
+
+ if( ( ret = get_line( file, buf, sizeof( buf ) ) ) != 0 )
+ break;
+ cnt = parse_arguments( buf, strlen( buf ), params,
+ sizeof( params ) / sizeof( params[0] ) );
+
+ if( strcmp( params[0], "depends_on" ) == 0 )
+ {
+ for( i = 1; i < cnt; i++ )
+ {
+ int dep_id = strtol( params[i], NULL, 10 );
+ if( dep_check( dep_id ) != DEPENDENCY_SUPPORTED )
+ {
+ if( 0 == option_verbose )
+ {
+ /* Only one count is needed if not verbose */
+ unmet_dep_count++;
+ break;
+ }
+
+ unmet_dependencies[ unmet_dep_count ] = strdup( params[i] );
+ if( unmet_dependencies[ unmet_dep_count ] == NULL )
+ {
+ mbedtls_fprintf( stderr, "FATAL: Out of memory\n" );
+ mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+ }
+ unmet_dep_count++;
+ }
+ }
+
+ if( ( ret = get_line( file, buf, sizeof( buf ) ) ) != 0 )
+ break;
+ cnt = parse_arguments( buf, strlen( buf ), params,
+ sizeof( params ) / sizeof( params[0] ) );
+ }
+
+ // If there are no unmet dependencies execute the test
+ if( unmet_dep_count == 0 )
+ {
+ test_info.result = TEST_RESULT_SUCCESS;
+ test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_IDLE;
+
+#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
+ /* Suppress all output from the library unless we're verbose
+ * mode
+ */
+ if( !option_verbose )
+ {
+ stdout_fd = redirect_output( &stdout, "/dev/null" );
+ if( stdout_fd == -1 )
+ {
+ /* Redirection has failed with no stdout so exit */
+ exit( 1 );
+ }
+ }
+#endif /* __unix__ || __APPLE__ __MACH__ */
+
+ function_id = strtol( params[0], NULL, 10 );
+ if ( (ret = check_test( function_id )) == DISPATCH_TEST_SUCCESS )
+ {
+ ret = convert_params( cnt - 1, params + 1, int_params );
+ if ( DISPATCH_TEST_SUCCESS == ret )
+ {
+ ret = dispatch_test( function_id, (void **)( params + 1 ) );
+ }
+ }
+
+#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
+ if( !option_verbose && restore_output( &stdout, stdout_fd ) )
+ {
+ /* Redirection has failed with no stdout so exit */
+ exit( 1 );
+ }
+#endif /* __unix__ || __APPLE__ __MACH__ */
+
+ }
+
+ if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE )
+ {
+ total_skipped++;
+ mbedtls_fprintf( stdout, "----" );
+
+ if( 1 == option_verbose && ret == DISPATCH_UNSUPPORTED_SUITE )
+ {
+ mbedtls_fprintf( stdout, "\n Test Suite not enabled" );
+ }
+
+ if( 1 == option_verbose && unmet_dep_count > 0 )
+ {
+ mbedtls_fprintf( stdout, "\n Unmet dependencies: " );
+ for( i = 0; i < unmet_dep_count; i++ )
+ {
+ mbedtls_fprintf( stdout, "%s ",
+ unmet_dependencies[i] );
+ free( unmet_dependencies[i] );
+ }
+ }
+ mbedtls_fprintf( stdout, "\n" );
+ fflush( stdout );
+
+ unmet_dep_count = 0;
+ }
+ else if( ret == DISPATCH_TEST_SUCCESS )
+ {
+ if( test_info.result == TEST_RESULT_SUCCESS )
+ {
+ mbedtls_fprintf( stdout, "PASS\n" );
+ }
+ else if( test_info.result == TEST_RESULT_SKIPPED )
+ {
+ mbedtls_fprintf( stdout, "----\n" );
+ total_skipped++;
+ }
+ else
+ {
+ total_errors++;
+ mbedtls_fprintf( stdout, "FAILED\n" );
+ mbedtls_fprintf( stdout, " %s\n at line %d, %s\n",
+ test_info.test, test_info.line_no,
+ test_info.filename );
+ }
+ fflush( stdout );
+ }
+ else if( ret == DISPATCH_INVALID_TEST_DATA )
+ {
+ mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" );
+ fclose( file );
+ mbedtls_exit( 2 );
+ }
+ else if( ret == DISPATCH_TEST_FN_NOT_FOUND )
+ {
+ mbedtls_fprintf( stderr, "FAILED: FATAL TEST FUNCTION NOT FUND\n" );
+ fclose( file );
+ mbedtls_exit( 2 );
+ }
+ else
+ total_errors++;
+ }
+ fclose( file );
+
+ /* In case we encounter early end of file */
+ for( i = 0; i < unmet_dep_count; i++ )
+ free( unmet_dependencies[i] );
+ }
+
+ mbedtls_fprintf( stdout, "\n----------------------------------------------------------------------------\n\n");
+ if( total_errors == 0 )
+ mbedtls_fprintf( stdout, "PASSED" );
+ else
+ mbedtls_fprintf( stdout, "FAILED" );
+
+ mbedtls_fprintf( stdout, " (%d / %d tests (%d skipped))\n",
+ total_tests - total_errors, total_tests, total_skipped );
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
+ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
+#if defined(MBEDTLS_MEMORY_DEBUG)
+ mbedtls_memory_buffer_alloc_status();
+#endif
+ mbedtls_memory_buffer_alloc_free();
+#endif
+
+#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
+ if( stdout_fd != -1 )
+ close_output( stdout );
+#endif /* __unix__ || __APPLE__ __MACH__ */
+
+ return( total_errors != 0 );
+}
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index b6e3104..5d15f2b 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -1,300 +1,252 @@
-#line 1 "main_test.function"
-SUITE_PRE_DEP
-#define TEST_SUITE_ACTIVE
+#line 2 "suites/main_test.function"
+/*
+ * *** THIS FILE HAS BEEN MACHINE GENERATED ***
+ *
+ * This file has been machine generated using the script:
+ * $generator_script
+ *
+ * Test file : $test_file
+ *
+ * The following files were used to create this file.
+ *
+ * Main code file : $test_main_file
+ * Platform code file : $test_platform_file
+ * Helper file : $test_common_helper_file
+ * Test suite file : $test_case_file
+ * Test suite data : $test_case_data_file
+ *
+ *
+ * This file is part of Mbed TLS (https://tls.mbed.org)
+ */
-int verify_string( char **str )
-{
- if( (*str)[0] != '"' ||
- (*str)[strlen( *str ) - 1] != '"' )
- {
- mbedtls_fprintf( stderr,
- "Expected string (with \"\") for parameter and got: %s\n", *str );
- return( -1 );
- }
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include <mbedtls/config.h>
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
- (*str)++;
- (*str)[strlen( *str ) - 1] = '\0';
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
- return( 0 );
-}
+/*----------------------------------------------------------------------------*/
+/* Common helper code */
-int verify_int( char *str, int *value )
-{
- size_t i;
- int minus = 0;
- int digits = 1;
- int hex = 0;
+$test_common_helpers
- for( i = 0; i < strlen( str ); i++ )
- {
- if( i == 0 && str[i] == '-' )
- {
- minus = 1;
- continue;
- }
-
- if( ( ( minus && i == 2 ) || ( !minus && i == 1 ) ) &&
- str[i - 1] == '0' && str[i] == 'x' )
- {
- hex = 1;
- continue;
- }
-
- if( ! ( ( str[i] >= '0' && str[i] <= '9' ) ||
- ( hex && ( ( str[i] >= 'a' && str[i] <= 'f' ) ||
- ( str[i] >= 'A' && str[i] <= 'F' ) ) ) ) )
- {
- digits = 0;
- break;
- }
- }
-
- if( digits )
- {
- if( hex )
- *value = strtol( str, NULL, 16 );
- else
- *value = strtol( str, NULL, 10 );
-
- return( 0 );
- }
-
-MAPPING_CODE
-
- mbedtls_fprintf( stderr,
- "Expected integer for parameter and got: %s\n", str );
- return( KEY_VALUE_MAPPING_NOT_FOUND );
-}
+#line $line_no "suites/main_test.function"
/*----------------------------------------------------------------------------*/
-/* Test Case code */
+/* Test Suite Code */
-FUNCTION_CODE
-SUITE_POST_DEP
-#line !LINE_NO! "main_test.function"
+#define TEST_SUITE_ACTIVE
+
+$functions_code
+
+#line $line_no "suites/main_test.function"
/*----------------------------------------------------------------------------*/
/* Test dispatch code */
-int dep_check( char *str )
+
+/**
+ * \brief Evaluates an expression/macro into its literal integer value.
+ * For optimizing space for embedded targets each expression/macro
+ * is identified by a unique identifier instead of string literals.
+ * Identifiers and evaluation code is generated by script:
+ * $generator_script
+ *
+ * \param exp_id Expression identifier.
+ * \param out_value Pointer to int to hold the integer.
+ *
+ * \return 0 if exp_id is found. 1 otherwise.
+ */
+int get_expression( int32_t exp_id, int32_t * out_value )
{
- if( str == NULL )
- return( 1 );
+ int ret = KEY_VALUE_MAPPING_FOUND;
-DEP_CHECK_CODE
-#line !LINE_NO! "main_test.function"
+ (void) exp_id;
+ (void) out_value;
- return( DEPENDENCY_NOT_SUPPORTED );
-}
-
-int dispatch_test(int cnt, char *params[50])
-{
- int ret;
- ((void) cnt);
- ((void) params);
-
-#if defined(TEST_SUITE_ACTIVE)
- ret = DISPATCH_TEST_SUCCESS;
-
- // Cast to void to avoid compiler warnings
- (void)ret;
-
-DISPATCH_FUNCTION
+ switch( exp_id )
{
-#line !LINE_NO! "main_test.function"
- mbedtls_fprintf( stdout,
- "FAILED\nSkipping unknown test function '%s'\n",
- params[0] );
- fflush( stdout );
- ret = DISPATCH_TEST_FN_NOT_FOUND;
+$expression_code
+#line $line_no "suites/main_test.function"
+ default:
+ {
+ ret = KEY_VALUE_MAPPING_NOT_FOUND;
+ }
+ break;
}
-#else
- ret = DISPATCH_UNSUPPORTED_SUITE;
-#endif
return( ret );
}
+/**
+ * \brief Checks if the dependency i.e. the compile flag is set.
+ * For optimizing space for embedded targets each dependency
+ * is identified by a unique identifier instead of string literals.
+ * Identifiers and check code is generated by script:
+ * $generator_script
+ *
+ * \param exp_id Dependency identifier.
+ *
+ * \return DEPENDENCY_SUPPORTED if set else DEPENDENCY_NOT_SUPPORTED
+ */
+int dep_check( int dep_id )
+{
+ int ret = DEPENDENCY_NOT_SUPPORTED;
+
+ (void) dep_id;
+
+ switch( dep_id )
+ {
+$dep_check_code
+#line $line_no "suites/main_test.function"
+ default:
+ break;
+ }
+ return( ret );
+}
+
+
+/**
+ * \brief Function pointer type for test function wrappers.
+ *
+ *
+ * \param void ** Pointer to void pointers. Represents an array of test
+ * function parameters.
+ *
+ * \return void
+ */
+typedef void (*TestWrapper_t)( void ** );
+
+
+/**
+ * \brief Table of test function wrappers. Used by dispatch_test().
+ * This table is populated by script:
+ * $generator_script
+ *
+ */
+TestWrapper_t test_funcs[] =
+{
+$dispatch_code
+#line $line_no "suites/main_test.function"
+};
+
+/**
+ * \brief Execute the test function.
+ *
+ * This is a wrapper function around the test function execution
+ * to allow the setjmp() call used to catch any calls to the
+ * parameter failure callback, to be used. Calls to setjmp()
+ * can invalidate the state of any local auto variables.
+ *
+ * \param fp Function pointer to the test function
+ * \param params Parameters to pass
+ *
+ */
+void execute_function_ptr(TestWrapper_t fp, void **params)
+{
+#if defined(MBEDTLS_CHECK_PARAMS)
+ if ( setjmp( param_fail_jmp ) == 0 )
+ {
+ fp( params );
+ }
+ else
+ {
+ /* Unexpected parameter validation error */
+ test_info.result = TEST_RESULT_FAILED;
+ }
+
+ memset( param_fail_jmp, 0, sizeof(jmp_buf) );
+#else
+ fp( params );
+#endif
+}
+
+/**
+ * \brief Dispatches test functions based on function index.
+ *
+ * \param exp_id Test function index.
+ *
+ * \return DISPATCH_TEST_SUCCESS if found
+ * DISPATCH_TEST_FN_NOT_FOUND if not found
+ * DISPATCH_UNSUPPORTED_SUITE if not compile time enabled.
+ */
+int dispatch_test( int func_idx, void ** params )
+{
+ int ret = DISPATCH_TEST_SUCCESS;
+ TestWrapper_t fp = NULL;
+
+ if ( func_idx < (int)( sizeof( test_funcs ) / sizeof( TestWrapper_t ) ) )
+ {
+ fp = test_funcs[func_idx];
+ if ( fp )
+ execute_function_ptr(fp, params);
+ else
+ ret = DISPATCH_UNSUPPORTED_SUITE;
+ }
+ else
+ {
+ ret = DISPATCH_TEST_FN_NOT_FOUND;
+ }
+
+ return( ret );
+}
+
+
+/**
+ * \brief Checks if test function is supported
+ *
+ * \param exp_id Test function index.
+ *
+ * \return DISPATCH_TEST_SUCCESS if found
+ * DISPATCH_TEST_FN_NOT_FOUND if not found
+ * DISPATCH_UNSUPPORTED_SUITE if not compile time enabled.
+ */
+int check_test( int func_idx )
+{
+ int ret = DISPATCH_TEST_SUCCESS;
+ TestWrapper_t fp = NULL;
+
+ if ( func_idx < (int)( sizeof(test_funcs)/sizeof( TestWrapper_t ) ) )
+ {
+ fp = test_funcs[func_idx];
+ if ( fp == NULL )
+ ret = DISPATCH_UNSUPPORTED_SUITE;
+ }
+ else
+ {
+ ret = DISPATCH_TEST_FN_NOT_FOUND;
+ }
+
+ return( ret );
+}
+
+
+$platform_code
+
+#line $line_no "suites/main_test.function"
+
/*----------------------------------------------------------------------------*/
/* Main Test code */
-#line !LINE_NO! "main_test.function"
-#define USAGE \
- "Usage: %s [OPTIONS] files...\n\n" \
- " Command line arguments:\n" \
- " files... One or more test data file. If no file is specified\n" \
- " the followimg default test case is used:\n" \
- " %s\n\n" \
- " Options:\n" \
- " -v | --verbose Display full information about each test\n" \
- " -h | --help Display this information\n\n", \
- argv[0], \
- "TESTCASE_FILENAME"
-
-
-/** Retrieve one input line into buf, which must have room for len
- * bytes. The trailing line break (if any) is stripped from the result.
- * Lines beginning with the character '#' are skipped. Lines that are
- * more than len-1 bytes long including the trailing line break are
- * truncated; note that the following bytes remain in the input stream.
+/**
+ * \brief Program main. Invokes platform specific execute_tests().
*
- * \return 0 on success, -1 on error or end of file
+ * \param argc Command line arguments count.
+ * \param argv Array of command line arguments.
+ *
+ * \return Exit code.
*/
-int get_line( FILE *f, char *buf, size_t len )
+int main( int argc, const char *argv[] )
{
- char *ret;
-
- do
- {
- ret = fgets( buf, len, f );
- if( ret == NULL )
- return( -1 );
- }
- while( buf[0] == '#' );
-
- ret = buf + strlen( buf );
- if( ret-- > buf && *ret == '\n' )
- *ret = '\0';
- if( ret-- > buf && *ret == '\r' )
- *ret = '\0';
-
- return( 0 );
-}
-
-int parse_arguments( char *buf, size_t len, char *params[50] )
-{
- int cnt = 0, i;
- char *cur = buf;
- char *p = buf, *q;
-
- params[cnt++] = cur;
-
- while( *p != '\0' && p < buf + len )
- {
- if( *p == '\\' )
- {
- p++;
- p++;
- continue;
- }
- if( *p == ':' )
- {
- if( p + 1 < buf + len )
- {
- cur = p + 1;
- params[cnt++] = cur;
- }
- *p = '\0';
- }
-
- p++;
- }
-
- /* Replace newlines, question marks and colons in strings */
- for( i = 0; i < cnt; i++ )
- {
- p = params[i];
- q = params[i];
-
- while( *p != '\0' )
- {
- if( *p == '\\' && *(p + 1) == 'n' )
- {
- p += 2;
- *(q++) = '\n';
- }
- else if( *p == '\\' && *(p + 1) == ':' )
- {
- p += 2;
- *(q++) = ':';
- }
- else if( *p == '\\' && *(p + 1) == '?' )
- {
- p += 2;
- *(q++) = '?';
- }
- else
- *(q++) = *(p++);
- }
- *q = '\0';
- }
-
- return( cnt );
-}
-
-#if defined(__GNUC__)
-/* At high optimization levels (e.g. gcc -O3), this function may be
- * inlined in run_test_snprintf. This can trigger a spurious warning about
- * potential misuse of snprintf from gcc -Wformat-truncation (observed with
- * gcc 7.2). This warning makes tests in run_test_snprintf redundant on gcc
- * only. They are still valid for other compilers. Avoid this warning by
- * forbidding inlining of this function by gcc. */
-__attribute__((__noinline__))
-#endif
-static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret )
-{
- int ret;
- char buf[10] = "xxxxxxxxx";
- const char ref[10] = "xxxxxxxxx";
-
- if( n >= sizeof( buf ) )
- return( -1 );
- ret = mbedtls_snprintf( buf, n, "%s", "123" );
- if( ret < 0 || (size_t) ret >= n )
- ret = -1;
-
- if( strncmp( ref_buf, buf, sizeof( buf ) ) != 0 ||
- ref_ret != ret ||
- memcmp( buf + n, ref + n, sizeof( buf ) - n ) != 0 )
- {
- return( 1 );
- }
-
- return( 0 );
-}
-
-static int run_test_snprintf( void )
-{
- return( test_snprintf( 0, "xxxxxxxxx", -1 ) != 0 ||
- test_snprintf( 1, "", -1 ) != 0 ||
- test_snprintf( 2, "1", -1 ) != 0 ||
- test_snprintf( 3, "12", -1 ) != 0 ||
- test_snprintf( 4, "123", 3 ) != 0 ||
- test_snprintf( 5, "123", 3 ) != 0 );
-}
-
-int main(int argc, const char *argv[])
-{
- /* Local Configurations and options */
- const char *default_filename = "TESTCASE_FILENAME";
- const char *test_filename = NULL;
- const char **test_files = NULL;
- int testfile_count = 0;
- int option_verbose = 0;
-
- /* Other Local variables */
- int arg_index = 1;
- const char *next_arg;
- int testfile_index, ret, i, cnt;
- int total_errors = 0, total_tests = 0, total_skipped = 0;
- FILE *file;
- char buf[5000];
- char *params[50];
- void *pointer;
-#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
- int stdout_fd = -1;
-#endif /* __unix__ || __APPLE__ __MACH__ */
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
- !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
- unsigned char alloc_buf[1000000];
-#endif
- /* Platform setup should be called in the beginning */
- ret = platform_setup();
+ int ret = platform_setup();
if( ret != 0 )
{
mbedtls_fprintf( stderr,
@@ -302,270 +254,8 @@
ret );
return( -1 );
}
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
- !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
- mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
-#endif
- /*
- * The C standard doesn't guarantee that all-bits-0 is the representation
- * of a NULL pointer. We do however use that in our code for initializing
- * structures, which should work on every modern platform. Let's be sure.
- */
- memset( &pointer, 0, sizeof( void * ) );
- if( pointer != NULL )
- {
- mbedtls_fprintf( stderr, "all-bits-zero is not a NULL pointer\n" );
- platform_teardown();
- return( 1 );
- }
-
- /*
- * Make sure we have a snprintf that correctly zero-terminates
- */
- if( run_test_snprintf() != 0 )
- {
- mbedtls_fprintf( stderr, "the snprintf implementation is broken\n" );
- platform_teardown();
- return( 1 );
- }
-
- while( arg_index < argc)
- {
- next_arg = argv[ arg_index ];
-
- if( strcmp(next_arg, "--verbose" ) == 0 ||
- strcmp(next_arg, "-v" ) == 0 )
- {
- option_verbose = 1;
- }
- else if( strcmp(next_arg, "--help" ) == 0 ||
- strcmp(next_arg, "-h" ) == 0 )
- {
- mbedtls_fprintf( stdout, USAGE );
- platform_teardown();
- mbedtls_exit( EXIT_SUCCESS );
- }
- else
- {
- /* Not an option, therefore treat all further arguments as the file
- * list.
- */
- test_files = &argv[ arg_index ];
- testfile_count = argc - arg_index;
- }
-
- arg_index++;
- }
-
- /* If no files were specified, assume a default */
- if ( test_files == NULL || testfile_count == 0 )
- {
- test_files = &default_filename;
- testfile_count = 1;
- }
-
- /* Initialize the struct that holds information about the last test */
- memset( &test_info, 0, sizeof( test_info ) );
-
- /* Now begin to execute the tests in the testfiles */
- for ( testfile_index = 0;
- testfile_index < testfile_count;
- testfile_index++ )
- {
- int unmet_dep_count = 0;
- char *unmet_dependencies[20];
-
- test_filename = test_files[ testfile_index ];
-
- file = fopen( test_filename, "r" );
- if( file == NULL )
- {
- mbedtls_fprintf( stderr, "Failed to open test file: %s\n",
- test_filename );
- platform_teardown();
- return( 1 );
- }
-
- while( !feof( file ) )
- {
- if( unmet_dep_count > 0 )
- {
- mbedtls_fprintf( stderr,
- "FATAL: Dep count larger than zero at start of loop\n" );
- platform_teardown();
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
- }
- unmet_dep_count = 0;
-
- if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
- break;
- mbedtls_fprintf( stdout, "%s%.66s", test_info.failed ? "\n" : "", buf );
- mbedtls_fprintf( stdout, " " );
- for( i = strlen( buf ) + 1; i < 67; i++ )
- mbedtls_fprintf( stdout, "." );
- mbedtls_fprintf( stdout, " " );
- fflush( stdout );
-
- total_tests++;
-
- if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
- break;
- cnt = parse_arguments( buf, strlen(buf), params );
-
- if( strcmp( params[0], "depends_on" ) == 0 )
- {
- for( i = 1; i < cnt; i++ )
- {
- if( dep_check( params[i] ) != DEPENDENCY_SUPPORTED )
- {
- if( 0 == option_verbose )
- {
- /* Only one count is needed if not verbose */
- unmet_dep_count++;
- break;
- }
-
- unmet_dependencies[ unmet_dep_count ] = strdup(params[i]);
- if( unmet_dependencies[ unmet_dep_count ] == NULL )
- {
- mbedtls_fprintf( stderr, "FATAL: Out of memory\n" );
- platform_teardown();
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
- }
- unmet_dep_count++;
- }
- }
-
- if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
- break;
- cnt = parse_arguments( buf, strlen(buf), params );
- }
-
- // If there are no unmet dependencies execute the test
- if( unmet_dep_count == 0 )
- {
- test_info.failed = 0;
-
-#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
- /* Suppress all output from the library unless we're verbose
- * mode
- */
- if( !option_verbose )
- {
- stdout_fd = redirect_output( &stdout, "/dev/null" );
- if( stdout_fd == -1 )
- {
- platform_teardown();
- /* Redirection has failed with no stdout so exit */
- exit( 1 );
- }
- }
-#endif /* __unix__ || __APPLE__ __MACH__ */
-
- ret = dispatch_test( cnt, params );
-
-#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
- if( !option_verbose && restore_output( &stdout, stdout_fd ) )
- {
- /* Redirection has failed with no stdout so exit */
- platform_teardown();
- exit( 1 );
- }
-#endif /* __unix__ || __APPLE__ __MACH__ */
-
- }
-
- if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE )
- {
- total_skipped++;
- mbedtls_fprintf( stdout, "----" );
-
- if( 1 == option_verbose && ret == DISPATCH_UNSUPPORTED_SUITE )
- {
- mbedtls_fprintf( stdout, "\n Test Suite not enabled" );
- }
-
- if( 1 == option_verbose && unmet_dep_count > 0 )
- {
- mbedtls_fprintf( stdout, "\n Unmet dependencies: " );
- for( i = 0; i < unmet_dep_count; i++ )
- {
- mbedtls_fprintf(stdout, "%s ",
- unmet_dependencies[i]);
- free(unmet_dependencies[i]);
- }
- }
- mbedtls_fprintf( stdout, "\n" );
- fflush( stdout );
-
- unmet_dep_count = 0;
- }
- else if( ret == DISPATCH_TEST_SUCCESS )
- {
- if( test_info.failed == 0 )
- {
- mbedtls_fprintf( stdout, "PASS\n" );
- }
- else
- {
- total_errors++;
- mbedtls_fprintf( stdout, "FAILED\n" );
- mbedtls_fprintf( stdout, " %s\n at line %d, %s\n",
- test_info.test, test_info.line_no,
- test_info.filename );
- }
- fflush( stdout );
- }
- else if( ret == DISPATCH_INVALID_TEST_DATA )
- {
- mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" );
- fclose( file );
- platform_teardown();
- mbedtls_exit( 2 );
- }
- else
- total_errors++;
-
- if( ( ret = get_line( file, buf, sizeof( buf ) ) ) != 0 )
- break;
- if( strlen( buf ) != 0 )
- {
- mbedtls_fprintf( stderr, "Should be empty %d\n",
- (int) strlen( buf ) );
- platform_teardown();
- return( 1 );
- }
- }
- fclose( file );
-
- /* In case we encounter early end of file */
- for( i = 0; i < unmet_dep_count; i++ )
- free( unmet_dependencies[i] );
- }
-
- mbedtls_fprintf( stdout, "\n----------------------------------------------------------------------------\n\n");
- if( total_errors == 0 )
- mbedtls_fprintf( stdout, "PASSED" );
- else
- mbedtls_fprintf( stdout, "FAILED" );
-
- mbedtls_fprintf( stdout, " (%d / %d tests (%d skipped))\n",
- total_tests - total_errors, total_tests, total_skipped );
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
- !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
-#if defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_memory_buffer_alloc_status();
-#endif
- mbedtls_memory_buffer_alloc_free();
-#endif
-
-#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
- if( stdout_fd != -1 )
- close_output( stdout );
-#endif /* __unix__ || __APPLE__ __MACH__ */
-
+ ret = execute_tests( argc, argv );
platform_teardown();
- return( total_errors != 0 );
+ return( ret );
}
diff --git a/tests/suites/target_test.function b/tests/suites/target_test.function
new file mode 100644
index 0000000..d430d9d
--- /dev/null
+++ b/tests/suites/target_test.function
@@ -0,0 +1,439 @@
+#line 2 "suites/target_test.function"
+
+#include "greentea-client/test_env.h"
+
+/**
+ * \brief Increments pointer and asserts that it does not overflow.
+ *
+ * \param p Pointer to byte array
+ * \param start Pointer to start of byte array
+ * \param len Length of byte array
+ * \param step Increment size
+ *
+ */
+#define INCR_ASSERT(p, start, len, step) do \
+{ \
+ TEST_HELPER_ASSERT( ( p ) >= ( start ) ); \
+ TEST_HELPER_ASSERT( sizeof( *( p ) ) == sizeof( *( start ) ) ); \
+ /* <= is checked to support use inside a loop where \
+ pointer is incremented after reading data. */ \
+ TEST_HELPER_ASSERT( (uint32_t)( ( ( p ) - ( start ) ) + ( step ) ) <= ( len ) );\
+ ( p ) += ( step ); \
+} \
+while( 0 )
+
+
+/**
+ * \brief 4 byte align unsigned char pointer
+ *
+ * \param p Pointer to byte array
+ * \param start Pointer to start of byte array
+ * \param len Length of byte array
+ *
+ */
+#define ALIGN_32BIT(p, start, len) do \
+{ \
+ uint32_t align = ( - (uintptr_t)( p ) ) % 4; \
+ INCR_ASSERT( ( p ), ( start ), ( len ), align );\
+} \
+while( 0 )
+
+
+/**
+ * \brief Verify dependencies. Dependency identifiers are
+ * encoded in the buffer as 8 bit unsigned integers.
+ *
+ * \param count Number of dependencies.
+ * \param dep_p Pointer to buffer.
+ *
+ * \return DEPENDENCY_SUPPORTED if success else DEPENDENCY_NOT_SUPPORTED.
+ */
+int verify_dependencies( uint8_t count, uint8_t * dep_p )
+{
+ uint8_t i;
+ for ( i = 0; i < count; i++ )
+ {
+ if ( dep_check( (int)(dep_p[i]) ) != DEPENDENCY_SUPPORTED )
+ return( DEPENDENCY_NOT_SUPPORTED );
+ }
+ return( DEPENDENCY_SUPPORTED );
+}
+
+/**
+ * \brief Receives hex string on serial interface, and converts to a byte.
+ *
+ * \param none
+ *
+ * \return unsigned int8
+ */
+uint8_t receive_byte()
+{
+ uint8_t byte;
+ uint8_t c[3];
+ char *endptr;
+ c[0] = greentea_getc();
+ c[1] = greentea_getc();
+ c[2] = '\0';
+
+ assert( unhexify( &byte, c ) != 2 );
+ return( byte );
+}
+
+/**
+ * \brief Receives unsigned integer on serial interface.
+ * Integers are encoded in network order, and sent as hex ascii string.
+ *
+ * \param none
+ *
+ * \return unsigned int
+ */
+uint32_t receive_uint32()
+{
+ uint32_t value;
+ const uint8_t c[9] = { greentea_getc(),
+ greentea_getc(),
+ greentea_getc(),
+ greentea_getc(),
+ greentea_getc(),
+ greentea_getc(),
+ greentea_getc(),
+ greentea_getc(),
+ '\0'
+ };
+ assert( unhexify( &value, c ) != 8 );
+ return( (uint32_t)value );
+}
+
+/**
+ * \brief Parses out an unsigned 32 int value from the byte array.
+ * Integers are encoded in network order.
+ *
+ * \param p Pointer to byte array
+ *
+ * \return unsigned int
+ */
+uint32_t parse_uint32( uint8_t * p )
+{
+ uint32_t value;
+ value = *p++ << 24;
+ value |= *p++ << 16;
+ value |= *p++ << 8;
+ value |= *p;
+ return( value );
+}
+
+
+/**
+ * \brief Receives test data on serial as greentea key,value pair:
+ * {{<length>;<byte array>}}
+ *
+ * \param data_len Out pointer to hold received data length.
+ *
+ * \return Byte array.
+ */
+uint8_t * receive_data( uint32_t * data_len )
+{
+ uint32_t i = 0, errors = 0;
+ char c;
+ uint8_t * data = NULL;
+
+ /* Read opening braces */
+ i = 0;
+ while ( i < 2 )
+ {
+ c = greentea_getc();
+ /* Ignore any prevous CR LF characters */
+ if ( c == '\n' || c == '\r' )
+ continue;
+ i++;
+ if ( c != '{' )
+ return( NULL );
+ }
+
+ /* Read data length */
+ *data_len = receive_uint32();
+ data = (uint8_t *)malloc( *data_len );
+ TEST_HELPER_ASSERT( data != NULL );
+
+ greentea_getc(); // read ';' received after key i.e. *data_len
+
+ for( i = 0; i < *data_len; i++ )
+ data[i] = receive_byte();
+
+ /* Read closing braces */
+ for( i = 0; i < 2; i++ )
+ {
+ c = greentea_getc();
+ if ( c != '}' )
+ {
+ errors++;
+ break;
+ }
+ }
+
+ if ( errors )
+ {
+ free( data );
+ data = NULL;
+ *data_len = 0;
+ }
+
+ return( data );
+}
+
+/**
+ * \brief Parse the received byte array and count the number of arguments
+ * to the test function passed as type hex.
+ *
+ * \param count Parameter count
+ * \param data Received Byte array
+ * \param data_len Byte array length
+ *
+ * \return count of hex params
+ */
+uint32_t find_hex_count( uint8_t count, uint8_t * data, uint32_t data_len )
+{
+ uint32_t i = 0, sz = 0;
+ char c;
+ uint8_t * p = NULL;
+ uint32_t hex_count = 0;
+
+ p = data;
+
+ for( i = 0; i < count; i++ )
+ {
+ c = (char)*p;
+ INCR_ASSERT( p, data, data_len, 1 );
+
+ /* Align p to 4 bytes for int, expression, string len or hex length */
+ ALIGN_32BIT( p, data, data_len );
+
+ /* Network to host conversion */
+ sz = (int32_t)parse_uint32( p );
+
+ INCR_ASSERT( p, data, data_len, sizeof( int32_t ) );
+
+ if ( c == 'H' || c == 'S' )
+ {
+ INCR_ASSERT( p, data, data_len, sz );
+ hex_count += ( c == 'H' )?1:0;
+ }
+ }
+
+ return( hex_count );
+}
+
+/**
+ * \brief Parses received byte array for test parameters.
+ *
+ * \param count Parameter count
+ * \param data Received Byte array
+ * \param data_len Byte array length
+ * \param error Parsing error out variable.
+ *
+ * \return Array of parsed parameters allocated on heap.
+ * Note: Caller has the responsibility to delete
+ * the memory after use.
+ */
+void ** parse_parameters( uint8_t count, uint8_t * data, uint32_t data_len,
+ int * error )
+{
+ uint32_t i = 0, hex_count = 0;
+ char c;
+ void ** params = NULL;
+ void ** cur = NULL;
+ uint8_t * p = NULL;
+
+ hex_count = find_hex_count(count, data, data_len);
+
+ params = (void **)malloc( sizeof( void *) * ( count + hex_count ) );
+ TEST_HELPER_ASSERT( params != NULL );
+ cur = params;
+
+ p = data;
+
+ /* Parameters */
+ for( i = 0; i < count; i++ )
+ {
+ c = (char)*p;
+ INCR_ASSERT( p, data, data_len, 1 );
+
+ /* Align p to 4 bytes for int, expression, string len or hex length */
+ ALIGN_32BIT( p, data, data_len );
+
+ /* Network to host conversion */
+ *( (int32_t *)p ) = (int32_t)parse_uint32( p );
+
+ switch( c )
+ {
+ case 'E':
+ {
+ if ( get_expression( *( (int32_t *)p ), (int32_t *)p ) )
+ {
+ *error = KEY_VALUE_MAPPING_NOT_FOUND;
+ goto exit;
+ }
+ } /* Intentional fall through */
+ case 'I':
+ {
+ *cur++ = (void *)p;
+ INCR_ASSERT( p, data, data_len, sizeof( int32_t ) );
+ }
+ break;
+ case 'H': /* Intentional fall through */
+ case 'S':
+ {
+ uint32_t * sz = (uint32_t *)p;
+ INCR_ASSERT( p, data, data_len, sizeof( int32_t ) );
+ *cur++ = (void *)p;
+ if ( c == 'H' )
+ *cur++ = (void *)sz;
+ INCR_ASSERT( p, data, data_len, ( *sz ) );
+ }
+ break;
+ default:
+ {
+ *error = DISPATCH_INVALID_TEST_DATA;
+ goto exit;
+ }
+ break;
+ }
+ }
+
+exit:
+ if ( *error )
+ {
+ free( params );
+ params = NULL;
+ }
+
+ return( params );
+}
+
+/**
+ * \brief Sends greentea key and int value pair to host.
+ *
+ * \param key key string
+ * \param value integer value
+ *
+ * \return void
+ */
+void send_key_integer( char * key, int value )
+{
+ char str[50];
+ snprintf( str, sizeof( str ), "%d", value );
+ greentea_send_kv( key, str );
+}
+
+/**
+ * \brief Sends test setup failure to the host.
+ *
+ * \param failure Test set failure
+ *
+ * \return void
+ */
+void send_failure( int failure )
+{
+ send_key_integer( "F", failure );
+}
+
+/**
+ * \brief Sends test status to the host.
+ *
+ * \param status Test status (PASS=0/FAIL=!0)
+ *
+ * \return void
+ */
+void send_status( int status )
+{
+ send_key_integer( "R", status );
+}
+
+
+/**
+ * \brief Embedded implementation of execute_tests().
+ * Ignores command line and received test data
+ * on serial.
+ *
+ * \param argc not used
+ * \param argv not used
+ *
+ * \return Program exit status.
+ */
+int execute_tests( int args, const char ** argv )
+{
+ int ret = 0;
+ uint32_t data_len = 0;
+ uint8_t count = 0, function_id;
+ void ** params = NULL;
+ uint8_t * data = NULL, * p = NULL;
+
+ GREENTEA_SETUP( 180, "mbedtls_test" );
+ greentea_send_kv( "GO", " " );
+
+ while ( 1 )
+ {
+ ret = 0;
+ test_info.failed = 0;
+ data_len = 0;
+
+ data = receive_data( &data_len );
+ if ( data == NULL )
+ continue;
+ p = data;
+
+ do
+ {
+ /* Read dependency count */
+ count = *p;
+ TEST_HELPER_ASSERT( count < data_len );
+ INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) );
+ ret = verify_dependencies( count, p );
+ if ( ret != DEPENDENCY_SUPPORTED )
+ break;
+
+ if ( count )
+ INCR_ASSERT( p, data, data_len, count );
+
+ /* Read function id */
+ function_id = *p;
+ INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) );
+ if ( ( ret = check_test( function_id ) ) != DISPATCH_TEST_SUCCESS )
+ break;
+
+ /* Read number of parameters */
+ count = *p;
+ INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) );
+
+ /* Parse parameters if present */
+ if ( count )
+ {
+ params = parse_parameters( count, p, data_len - ( p - data ), &ret );
+ if ( ret )
+ break;
+ }
+
+ ret = dispatch_test( function_id, params );
+ }
+ while ( 0 );
+
+ if ( data )
+ {
+ free( data );
+ data = NULL;
+ }
+
+ if ( params )
+ {
+ free( params );
+ params = NULL;
+ }
+
+ if ( ret )
+ send_failure( ret );
+ else
+ send_status( test_info.failed );
+ }
+ return( 0 );
+}
+
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index e346dc7..da8c1e9 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -8,32 +8,22 @@
*/
/* BEGIN_CASE */
-void aes_encrypt_ecb( char *hex_key_string, char *hex_src_string,
- char *hex_dst_string, int setkey_result )
+void aes_encrypt_ecb( data_t * key_str, data_t * src_str,
+ data_t * hex_dst_string, int setkey_result )
{
- unsigned char key_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_aes_context ctx;
- int key_len;
- memset(key_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+
mbedtls_aes_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( src_str, hex_src_string );
-
- TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 ) == setkey_result );
+ TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
if( setkey_result == 0 )
{
- TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str, output ) == 0 );
- hexify( dst_str, output, 16 );
+ TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
}
exit:
@@ -42,32 +32,22 @@
/* END_CASE */
/* BEGIN_CASE */
-void aes_decrypt_ecb( char *hex_key_string, char *hex_src_string,
- char *hex_dst_string, int setkey_result )
+void aes_decrypt_ecb( data_t * key_str, data_t * src_str,
+ data_t * hex_dst_string, int setkey_result )
{
- unsigned char key_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_aes_context ctx;
- int key_len;
- memset(key_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+
mbedtls_aes_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( src_str, hex_src_string );
-
- TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str, key_len * 8 ) == setkey_result );
+ TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
if( setkey_result == 0 )
{
- TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str, output ) == 0 );
- hexify( dst_str, output, 16 );
+ TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
}
exit:
@@ -76,36 +56,23 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void aes_encrypt_cbc( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string,
+void aes_encrypt_cbc( data_t * key_str, data_t * iv_str,
+ data_t * src_str, data_t * hex_dst_string,
int cbc_result )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_aes_context ctx;
- int key_len, data_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
+
mbedtls_aes_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
-
- mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, data_len, iv_str, src_str, output ) == cbc_result );
+ mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0 )
{
- hexify( dst_str, output, data_len );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
}
exit:
@@ -114,36 +81,22 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void aes_decrypt_cbc( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string,
+void aes_decrypt_cbc( data_t * key_str, data_t * iv_str,
+ data_t * src_str, data_t * hex_dst_string,
int cbc_result )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_aes_context ctx;
- int key_len, data_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_aes_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
-
- mbedtls_aes_setkey_dec( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_DECRYPT, data_len, iv_str, src_str, output ) == cbc_result );
+ mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0)
{
- hexify( dst_str, output, data_len );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
}
exit:
@@ -241,8 +194,8 @@
void aes_crypt_xts_size( int size, int retval )
{
mbedtls_aes_xts_context ctx;
- const unsigned char *src = NULL;
- unsigned char *output = NULL;
+ const unsigned char src[16] = { 0 };
+ unsigned char output[16];
unsigned char data_unit[16];
size_t length = size;
@@ -250,10 +203,8 @@
memset( data_unit, 0x00, sizeof( data_unit ) );
- /* Note that this function will most likely crash on failure, as NULL
- * parameters will be used. In the passing case, the length check in
- * mbedtls_aes_crypt_xts() will prevent any accesses to parameters by
- * exiting the function early. */
+ /* Valid pointers are passed for builds with MBEDTLS_CHECK_PARAMS, as
+ * otherwise we wouldn't get to the size check we're interested in. */
TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, length, data_unit, src, output ) == retval );
}
/* END_CASE */
@@ -262,7 +213,7 @@
void aes_crypt_xts_keysize( int size, int retval )
{
mbedtls_aes_xts_context ctx;
- const unsigned char *key = NULL;
+ const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
size_t key_len = size;
mbedtls_aes_xts_init( &ctx );
@@ -276,34 +227,21 @@
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_encrypt_cfb128( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string )
+void aes_encrypt_cfb128( data_t * key_str, data_t * iv_str,
+ data_t * src_str, data_t * hex_dst_string )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_aes_context ctx;
size_t iv_offset = 0;
- int key_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_aes_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- unhexify( src_str, hex_src_string );
- mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str, src_str, output ) == 0 );
- hexify( dst_str, output, 16 );
+ mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
@@ -311,34 +249,21 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_decrypt_cfb128( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string )
+void aes_decrypt_cfb128( data_t * key_str, data_t * iv_str,
+ data_t * src_str, data_t * hex_dst_string )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_aes_context ctx;
size_t iv_offset = 0;
- int key_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_aes_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- unhexify( src_str, hex_src_string );
- mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str, src_str, output ) == 0 );
- hexify( dst_str, output, 16 );
+ mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
@@ -346,33 +271,20 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_encrypt_cfb8( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string )
+void aes_encrypt_cfb8( data_t * key_str, data_t * iv_str,
+ data_t * src_str, data_t * hex_dst_string )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_aes_context ctx;
- int key_len, src_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_aes_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- src_len = unhexify( src_str, hex_src_string );
- mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_len, iv_str, src_str, output ) == 0 );
- hexify( dst_str, output, src_len );
+ mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
@@ -380,33 +292,20 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_decrypt_cfb8( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string )
+void aes_decrypt_cfb8( data_t * key_str, data_t * iv_str,
+ data_t * src_str, data_t * hex_dst_string )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_aes_context ctx;
- int key_len, src_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_aes_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- src_len = unhexify( src_str, hex_src_string );
- mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_len, iv_str, src_str, output ) == 0 );
- hexify( dst_str, output, src_len );
+ mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
@@ -470,8 +369,261 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void aes_check_params( )
+{
+ mbedtls_aes_context aes_ctx;
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+ mbedtls_aes_xts_context xts_ctx;
+#endif
+ const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
+ const unsigned char in[16] = { 0 };
+ unsigned char out[16];
+ size_t size;
+ const int valid_mode = MBEDTLS_AES_ENCRYPT;
+ const int invalid_mode = 42;
+
+ TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) );
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+ TEST_INVALID_PARAM( mbedtls_aes_xts_init( NULL ) );
+#endif
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_setkey_enc( NULL, key, 128 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_setkey_enc( &aes_ctx, NULL, 128 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_setkey_dec( NULL, key, 128 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_setkey_dec( &aes_ctx, NULL, 128 ) );
+
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_xts_setkey_enc( NULL, key, 128 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_xts_setkey_enc( &xts_ctx, NULL, 128 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_xts_setkey_dec( NULL, key, 128 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_xts_setkey_dec( &xts_ctx, NULL, 128 ) );
+#endif
+
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ecb( NULL,
+ valid_mode, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ecb( &aes_ctx,
+ invalid_mode, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ecb( &aes_ctx,
+ valid_mode, NULL, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ecb( &aes_ctx,
+ valid_mode, in, NULL ) );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cbc( NULL,
+ valid_mode, 16,
+ out, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cbc( &aes_ctx,
+ invalid_mode, 16,
+ out, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cbc( &aes_ctx,
+ valid_mode, 16,
+ NULL, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cbc( &aes_ctx,
+ valid_mode, 16,
+ out, NULL, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cbc( &aes_ctx,
+ valid_mode, 16,
+ out, in, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_xts( NULL,
+ valid_mode, 16,
+ in, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_xts( &xts_ctx,
+ invalid_mode, 16,
+ in, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_xts( &xts_ctx,
+ valid_mode, 16,
+ NULL, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_xts( &xts_ctx,
+ valid_mode, 16,
+ in, NULL, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_xts( &xts_ctx,
+ valid_mode, 16,
+ in, in, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_XTS */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb128( NULL,
+ valid_mode, 16,
+ &size, out, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb128( &aes_ctx,
+ invalid_mode, 16,
+ &size, out, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb128( &aes_ctx,
+ valid_mode, 16,
+ NULL, out, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb128( &aes_ctx,
+ valid_mode, 16,
+ &size, NULL, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb128( &aes_ctx,
+ valid_mode, 16,
+ &size, out, NULL, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb128( &aes_ctx,
+ valid_mode, 16,
+ &size, out, in, NULL ) );
+
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb8( NULL,
+ valid_mode, 16,
+ out, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb8( &aes_ctx,
+ invalid_mode, 16,
+ out, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb8( &aes_ctx,
+ valid_mode, 16,
+ NULL, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb8( &aes_ctx,
+ valid_mode, 16,
+ out, NULL, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb8( &aes_ctx,
+ valid_mode, 16,
+ out, in, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ofb( NULL, 16,
+ &size, out, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ofb( &aes_ctx, 16,
+ NULL, out, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ofb( &aes_ctx, 16,
+ &size, NULL, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ofb( &aes_ctx, 16,
+ &size, out, NULL, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ofb( &aes_ctx, 16,
+ &size, out, in, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_OFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ctr( NULL, 16, &size, out,
+ out, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ctr( &aes_ctx, 16, NULL, out,
+ out, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, NULL,
+ out, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
+ NULL, in, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
+ out, NULL, out ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
+ out, in, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void aes_misc_params( )
+{
+#if defined(MBEDTLS_CIPHER_MODE_CBC) || \
+ defined(MBEDTLS_CIPHER_MODE_XTS) || \
+ defined(MBEDTLS_CIPHER_MODE_CFB) || \
+ defined(MBEDTLS_CIPHER_MODE_OFB)
+ mbedtls_aes_context aes_ctx;
+ const unsigned char in[16] = { 0 };
+ unsigned char out[16];
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+ mbedtls_aes_xts_context xts_ctx;
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB) || \
+ defined(MBEDTLS_CIPHER_MODE_OFB)
+ size_t size;
+#endif
+
+ /* These calls accept NULL */
+ TEST_VALID_PARAM( mbedtls_aes_free( NULL ) );
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+ TEST_VALID_PARAM( mbedtls_aes_xts_free( NULL ) );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+ TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT,
+ 15,
+ out, in, out )
+ == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
+ TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT,
+ 17,
+ out, in, out )
+ == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+ TEST_ASSERT( mbedtls_aes_crypt_xts( &xts_ctx, MBEDTLS_AES_ENCRYPT,
+ 15,
+ in, in, out )
+ == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
+ TEST_ASSERT( mbedtls_aes_crypt_xts( &xts_ctx, MBEDTLS_AES_ENCRYPT,
+ (1 << 24) + 1,
+ in, in, out )
+ == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+ size = 16;
+ TEST_ASSERT( mbedtls_aes_crypt_cfb128( &aes_ctx, MBEDTLS_AES_ENCRYPT, 16,
+ &size, out, in, out )
+ == MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+ size = 16;
+ TEST_ASSERT( mbedtls_aes_crypt_ofb( &aes_ctx, 16, &size, out, in, out )
+ == MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+#endif
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void aes_selftest()
+void aes_selftest( )
{
TEST_ASSERT( mbedtls_aes_self_test( 1 ) == 0 );
}
diff --git a/tests/suites/test_suite_aes.rest.data b/tests/suites/test_suite_aes.rest.data
index bbb222f..6a76b43 100644
--- a/tests/suites/test_suite_aes.rest.data
+++ b/tests/suites/test_suite_aes.rest.data
@@ -10,6 +10,12 @@
AES-256-CBC Decrypt (Invalid input length)
aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+AES - Optional Parameter Validation (MBEDTLS_CHECK_PARAMS)
+aes_check_params:
+
+AES - Mandatory Parameter Validation and Valid Parameters
+aes_misc_params:
+
AES Selftest
depends_on:MBEDTLS_SELF_TEST
aes_selftest:
diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function
index a4b401b..ae3b032 100644
--- a/tests/suites/test_suite_arc4.function
+++ b/tests/suites/test_suite_arc4.function
@@ -8,30 +8,20 @@
*/
/* BEGIN_CASE */
-void mbedtls_arc4_crypt( char *hex_src_string, char *hex_key_string,
- char *hex_dst_string )
+void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str,
+ data_t * hex_dst_string )
{
- unsigned char src_str[1000];
- unsigned char key_str[1000];
unsigned char dst_str[1000];
- unsigned char dst_hexstr[2000];
- int src_len, key_len;
mbedtls_arc4_context ctx;
- memset(src_str, 0x00, 1000);
- memset(key_str, 0x00, 1000);
memset(dst_str, 0x00, 1000);
- memset(dst_hexstr, 0x00, 2000);
mbedtls_arc4_init( &ctx );
- src_len = unhexify( src_str, hex_src_string );
- key_len = unhexify( key_str, hex_key_string );
- mbedtls_arc4_setup(&ctx, key_str, key_len);
- TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_len, src_str, dst_str ) == 0 );
- hexify( dst_hexstr, dst_str, src_len );
+ mbedtls_arc4_setup(&ctx, key_str->x, key_str->len);
+ TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len, src_str->x, dst_str ) == 0 );
- TEST_ASSERT( strcmp( (char *) dst_hexstr, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( dst_str, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
exit:
mbedtls_arc4_free( &ctx );
@@ -39,7 +29,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void arc4_selftest()
+void arc4_selftest( )
{
TEST_ASSERT( mbedtls_arc4_self_test( 1 ) == 0 );
}
diff --git a/tests/suites/test_suite_aria.data b/tests/suites/test_suite_aria.data
index 8cb2d2a..2da0b30 100644
--- a/tests/suites/test_suite_aria.data
+++ b/tests/suites/test_suite_aria.data
@@ -1,3 +1,9 @@
+ARIA - Valid parameters
+aria_valid_param:
+
+ARIA - Invalid parameters
+aria_invalid_param:
+
ARIA-128-ECB Encrypt - RFC 5794
aria_encrypt_ecb:"000102030405060708090a0b0c0d0e0f":"00112233445566778899aabbccddeeff":"d718fbd6ab644c739da95f3be6451778":0
diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function
index 4e39078..7e35f15 100644
--- a/tests/suites/test_suite_aria.function
+++ b/tests/suites/test_suite_aria.function
@@ -17,6 +17,195 @@
*/
/* BEGIN_CASE */
+void aria_valid_param( )
+{
+ TEST_VALID_PARAM( mbedtls_aria_free( NULL ) );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void aria_invalid_param( )
+{
+ mbedtls_aria_context ctx;
+ unsigned char key[128 / 8] = { 0 };
+ unsigned char input[MBEDTLS_ARIA_BLOCKSIZE] = { 0 };
+ unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] = { 0 };
+ unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE] = { 0 };
+ size_t iv_off = 0;
+
+ ((void) iv_off);
+ ((void) iv);
+
+ TEST_INVALID_PARAM( mbedtls_aria_init( NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_setkey_enc( NULL, key,
+ sizeof( key ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_setkey_enc( &ctx, NULL,
+ sizeof( key ) ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_setkey_dec( NULL, key,
+ sizeof( key ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_setkey_dec( &ctx, NULL,
+ sizeof( key ) ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ecb( NULL, input, output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ecb( &ctx, NULL, output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ecb( &ctx, input, NULL ) );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cbc( NULL,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof( input ),
+ iv,
+ input,
+ output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cbc( &ctx,
+ 42 /* invalid mode */,
+ sizeof( input ),
+ iv,
+ input,
+ output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cbc( &ctx,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof( input ),
+ NULL,
+ input,
+ output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cbc( &ctx,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof( input ),
+ iv,
+ NULL,
+ output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cbc( &ctx,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof( input ),
+ iv,
+ input,
+ NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cfb128( NULL,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof( input ),
+ &iv_off,
+ iv,
+ input,
+ output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cfb128( &ctx,
+ 42, /* invalid mode */
+ sizeof( input ),
+ &iv_off,
+ iv,
+ input,
+ output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cfb128( &ctx,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof( input ),
+ NULL,
+ iv,
+ input,
+ output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cfb128( &ctx,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof( input ),
+ &iv_off,
+ NULL,
+ input,
+ output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cfb128( &ctx,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof( input ),
+ &iv_off,
+ iv,
+ NULL,
+ output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_cfb128( &ctx,
+ MBEDTLS_ARIA_ENCRYPT,
+ sizeof( input ),
+ &iv_off,
+ iv,
+ input,
+ NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ctr( NULL,
+ sizeof( input ),
+ &iv_off,
+ iv,
+ iv,
+ input,
+ output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ctr( &ctx,
+ sizeof( input ),
+ NULL,
+ iv,
+ iv,
+ input,
+ output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ctr( &ctx,
+ sizeof( input ),
+ &iv_off,
+ NULL,
+ iv,
+ input,
+ output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ctr( &ctx,
+ sizeof( input ),
+ &iv_off,
+ iv,
+ NULL,
+ input,
+ output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ctr( &ctx,
+ sizeof( input ),
+ &iv_off,
+ iv,
+ iv,
+ NULL,
+ output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ mbedtls_aria_crypt_ctr( &ctx,
+ sizeof( input ),
+ &iv_off,
+ iv,
+ iv,
+ input,
+ NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+exit:
+ return;
+
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string,
char *hex_dst_string, int setkey_result )
{
diff --git a/tests/suites/test_suite_asn1write.data b/tests/suites/test_suite_asn1write.data
index c2a78b1..9982d03 100644
--- a/tests/suites/test_suite_asn1write.data
+++ b/tests/suites/test_suite_asn1write.data
@@ -90,3 +90,75 @@
ASN.1 Write / Read Length #12 (Len = 16909060, buffer too small)
mbedtls_asn1_write_len:16909060:"8401020304":4:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+
+ASN.1 Write Named Bitstring / Unused bits #0
+test_asn1_write_bitstrings:"FF":8:"030200FF":4:1
+
+ASN.1 Write Named Bitstring / Unused bits #1
+test_asn1_write_bitstrings:"FE":8:"030201FE":4:1
+
+ASN.1 Write Named Bitstring / Unused bits #2
+test_asn1_write_bitstrings:"FC":7:"030202FC":4:1
+
+ASN.1 Write Named Bitstring / Unused bits #3
+test_asn1_write_bitstrings:"F8":8:"030203F8":4:1
+
+ASN.1 Write Named Bitstring / Unused bits #4
+test_asn1_write_bitstrings:"F0":6:"030204F0":4:1
+
+ASN.1 Write Named Bitstring / Unused bits #5
+test_asn1_write_bitstrings:"E0":6:"030205E0":4:1
+
+ASN.1 Write Named Bitstring / Unused bits #6
+test_asn1_write_bitstrings:"C0":8:"030206C0":4:1
+
+ASN.1 Write Named Bitstring / Unused bits #7
+test_asn1_write_bitstrings:"80":8:"03020780":4:1
+
+ASN.1 Write Named Bitstring / Empty bitstring
+test_asn1_write_bitstrings:"00":7:"030100":3:1
+
+ASN.1 Write Named Bitstring / Empty bitstring (bits = 16)
+test_asn1_write_bitstrings:"0000":16:"030100":3:1
+
+ASN.1 Write Named Bitstring / Empty bitstring (bits = 24)
+test_asn1_write_bitstrings:"FFFFFF":0:"030100":3:1
+
+ASN.1 Write Named Bitstring / 15 trailing bits all unset
+test_asn1_write_bitstrings:"F88000":24:"030307F880":5:1
+
+ASN.1 Write Named Bitstring / 15 trailing bits all set
+test_asn1_write_bitstrings:"F8FFFF":9:"030307F880":5:1
+
+ASN.1 Write Bitstring / Unused bits #0
+test_asn1_write_bitstrings:"FF":8:"030200FF":4:0
+
+ASN.1 Write Bitstring / Unused bits #1
+test_asn1_write_bitstrings:"FF":7:"030201FE":4:0
+
+ASN.1 Write Bitstring / Unused bits #2
+test_asn1_write_bitstrings:"FF":6:"030202FC":4:0
+
+ASN.1 Write Bitstring / Unused bits #3
+test_asn1_write_bitstrings:"FF":5:"030203F8":4:0
+
+ASN.1 Write Bitstring / Unused bits #4
+test_asn1_write_bitstrings:"FF":4:"030204F0":4:0
+
+ASN.1 Write Bitstring / Unused bits #5
+test_asn1_write_bitstrings:"FF":3:"030205E0":4:0
+
+ASN.1 Write Bitstring / Unused bits #6
+test_asn1_write_bitstrings:"FF":2:"030206C0":4:0
+
+ASN.1 Write Bitstring / Unused bits #7
+test_asn1_write_bitstrings:"FF":1:"03020780":4:0
+
+ASN.1 Write Bitstring / 1 trailing bit (bits 15)
+test_asn1_write_bitstrings:"0003":15:"0303010002":5:0
+
+ASN.1 Write Bitstring / 0 bits
+test_asn1_write_bitstrings:"":0:"030100":3:0
+
+ASN.1 Write Bitstring / long string all bits unset except trailing bits
+test_asn1_write_bitstrings:"000000000007":45:"030703000000000000":9:0
diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function
index fc5fd8a..e45583c 100644
--- a/tests/suites/test_suite_asn1write.function
+++ b/tests/suites/test_suite_asn1write.function
@@ -11,24 +11,20 @@
*/
/* BEGIN_CASE */
-void mbedtls_asn1_write_octet_string( char *hex_str, char *hex_asn1,
- int buf_len, int result )
+void mbedtls_asn1_write_octet_string( data_t * str, data_t * asn1,
+ int buf_len, int result )
{
int ret;
unsigned char buf[150];
- unsigned char str[150] = { 0 };
- unsigned char asn1[150] = { 0 };
- size_t str_len, asn1_len, i;
+ size_t i;
unsigned char *p;
memset( buf, GUARD_VAL, sizeof( buf ) );
- str_len = unhexify( str, hex_str );
- asn1_len = unhexify( asn1, hex_asn1 );
p = buf + GUARD_LEN + buf_len;
- ret = mbedtls_asn1_write_octet_string( &p, buf + GUARD_LEN, str, str_len );
+ ret = mbedtls_asn1_write_octet_string( &p, buf + GUARD_LEN, str->x, str->len );
/* Check for buffer overwrite on both sides */
for( i = 0; i < GUARD_LEN; i++ )
@@ -39,28 +35,27 @@
if( result >= 0 )
{
- TEST_ASSERT( (size_t) ret == asn1_len );
- TEST_ASSERT( p + asn1_len == buf + GUARD_LEN + buf_len );
+ TEST_ASSERT( (size_t) ret == asn1->len );
+ TEST_ASSERT( p + asn1->len == buf + GUARD_LEN + buf_len );
- TEST_ASSERT( memcmp( p, asn1, asn1_len ) == 0 );
+ TEST_ASSERT( memcmp( p, asn1->x, asn1->len ) == 0 );
}
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_asn1_write_ia5_string( char *str, char *hex_asn1,
- int buf_len, int result )
+void mbedtls_asn1_write_ia5_string( char * str, data_t * asn1,
+ int buf_len, int result )
{
int ret;
unsigned char buf[150];
- unsigned char asn1[150] = { 0 };
- size_t str_len, asn1_len, i;
+ size_t str_len;
+ size_t i;
unsigned char *p;
memset( buf, GUARD_VAL, sizeof( buf ) );
str_len = strlen( str );
- asn1_len = unhexify( asn1, hex_asn1 );
p = buf + GUARD_LEN + buf_len;
@@ -75,27 +70,25 @@
if( result >= 0 )
{
- TEST_ASSERT( (size_t) ret == asn1_len );
- TEST_ASSERT( p + asn1_len == buf + GUARD_LEN + buf_len );
+ TEST_ASSERT( (size_t) ret == asn1->len );
+ TEST_ASSERT( p + asn1->len == buf + GUARD_LEN + buf_len );
- TEST_ASSERT( memcmp( p, asn1, asn1_len ) == 0 );
+ TEST_ASSERT( memcmp( p, asn1->x, asn1->len ) == 0 );
}
}
/* END_CASE */
-/* BEGIN_CASE */
-void mbedtls_asn1_write_len( int len, char *check_str, int buf_len,
+/* BEGIN_CASE depends_on:MBEDTLS_ASN1PARSE_C */
+void mbedtls_asn1_write_len( int len, data_t * asn1, int buf_len,
int result )
{
int ret;
unsigned char buf[150];
- unsigned char asn1[150];
unsigned char *p;
- size_t asn1_len, i, read_len;
+ size_t i;
+ size_t read_len;
memset( buf, GUARD_VAL, sizeof( buf ) );
- memset( asn1, 0, sizeof( asn1 ) );
- asn1_len = unhexify( asn1, check_str );
p = buf + GUARD_LEN + buf_len;
@@ -112,10 +105,9 @@
if( result >= 0 )
{
- TEST_ASSERT( (size_t) ret == asn1_len );
- TEST_ASSERT( p + asn1_len == buf + GUARD_LEN + buf_len );
+ TEST_ASSERT( p + asn1->len == buf + GUARD_LEN + buf_len );
- TEST_ASSERT( memcmp( p, asn1, asn1_len ) == 0 );
+ TEST_ASSERT( memcmp( p, asn1->x, asn1->len ) == 0 );
/* Read back with mbedtls_asn1_get_len() to check */
ret = mbedtls_asn1_get_len( &p, buf + GUARD_LEN + buf_len, &read_len );
@@ -136,3 +128,47 @@
}
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void test_asn1_write_bitstrings( data_t *bitstring, int bits,
+ data_t *expected_asn1, int result,
+ int is_named )
+{
+ int ret;
+ size_t i;
+ unsigned char buf[150];
+ unsigned char *p;
+
+ memset( buf, GUARD_VAL, sizeof( buf ) );
+
+ p = buf + GUARD_LEN + expected_asn1->len;
+
+ if ( is_named == 0 )
+ {
+ ret = mbedtls_asn1_write_bitstring( &p,
+ buf,
+ (unsigned char *)bitstring->x,
+ (size_t) bits );
+ }
+ else
+ {
+ ret = mbedtls_asn1_write_named_bitstring( &p,
+ buf,
+ (unsigned char *)bitstring->x,
+ (size_t) bits );
+ }
+ TEST_ASSERT( ret == result );
+
+ /* Check for buffer overwrite on both sides */
+ for( i = 0; i < GUARD_LEN; i++ )
+ {
+ TEST_ASSERT( buf[i] == GUARD_VAL );
+ TEST_ASSERT( buf[GUARD_LEN + expected_asn1->len + i] == GUARD_VAL );
+ }
+
+ if ( result >= 0 )
+ {
+ TEST_ASSERT( memcmp( p, expected_asn1->x, expected_asn1->len ) == 0 );
+ }
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index 77fa7fd..3a8bf43 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -8,8 +8,8 @@
*/
/* BEGIN_CASE */
-void mbedtls_base64_encode( char *src_string, char *dst_string, int dst_buf_size,
- int result )
+void mbedtls_base64_encode( char * src_string, char * dst_string,
+ int dst_buf_size, int result )
{
unsigned char src_str[1000];
unsigned char dst_str[1000];
@@ -28,7 +28,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_base64_decode( char *src_string, char *dst_string, int result )
+void mbedtls_base64_decode( char * src_string, char * dst_string, int result )
{
unsigned char src_str[1000];
unsigned char dst_str[1000];
@@ -49,16 +49,15 @@
/* END_CASE */
/* BEGIN_CASE */
-void base64_encode_hex( char *src_hex, char *dst, int dst_buf_size,
+void base64_encode_hex( data_t * src, char * dst, int dst_buf_size,
int result )
{
- unsigned char *src = NULL, *res = NULL;
- size_t len, src_len;
+ unsigned char *res = NULL;
+ size_t len;
- src = unhexify_alloc( src_hex, &src_len );
res = zero_alloc( dst_buf_size );
- TEST_ASSERT( mbedtls_base64_encode( res, dst_buf_size, &len, src, src_len ) == result );
+ TEST_ASSERT( mbedtls_base64_encode( res, dst_buf_size, &len, src->x, src->len ) == result );
if( result == 0 )
{
TEST_ASSERT( len == strlen( dst ) );
@@ -66,45 +65,39 @@
}
exit:
- mbedtls_free( src );
mbedtls_free( res );
}
/* END_CASE */
/* BEGIN_CASE */
-void base64_decode_hex( char *src, char *dst_hex, int dst_buf_size,
+void base64_decode_hex( char * src, data_t * dst, int dst_buf_size,
int result )
{
- unsigned char *dst = NULL, *res = NULL;
- size_t len, dst_len;
+ unsigned char *res = NULL;
+ size_t len;
- dst = unhexify_alloc( dst_hex, &dst_len );
res = zero_alloc( dst_buf_size );
TEST_ASSERT( mbedtls_base64_decode( res, dst_buf_size, &len, (unsigned char *) src,
strlen( src ) ) == result );
if( result == 0 )
{
- TEST_ASSERT( len == dst_len );
- TEST_ASSERT( memcmp( dst, res, len ) == 0 );
+ TEST_ASSERT( len == dst->len );
+ TEST_ASSERT( memcmp( dst->x, res, len ) == 0 );
}
exit:
- mbedtls_free( dst );
mbedtls_free( res );
}
/* END_CASE */
/* BEGIN_CASE */
-void base64_decode_hex_src( char *src_hex, char *dst_ref, int result )
+void base64_decode_hex_src( data_t * src, char * dst_ref, int result )
{
unsigned char dst[1000] = { 0 };
- unsigned char *src;
- size_t src_len, len;
+ size_t len;
- src = unhexify_alloc( src_hex, &src_len );
-
- TEST_ASSERT( mbedtls_base64_decode( dst, sizeof( dst ), &len, src, src_len ) == result );
+ TEST_ASSERT( mbedtls_base64_decode( dst, sizeof( dst ), &len, src->x, src->len ) == result );
if( result == 0 )
{
TEST_ASSERT( len == strlen( dst_ref ) );
@@ -112,12 +105,12 @@
}
exit:
- mbedtls_free( src );
+ ;;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void base64_selftest()
+void base64_selftest( )
{
TEST_ASSERT( mbedtls_base64_self_test( 1 ) == 0 );
}
diff --git a/tests/suites/test_suite_blowfish.data b/tests/suites/test_suite_blowfish.data
index 1ba311f..fd172d3 100644
--- a/tests/suites/test_suite_blowfish.data
+++ b/tests/suites/test_suite_blowfish.data
@@ -1,3 +1,9 @@
+BLOWFISH - Valid parameters
+blowfish_valid_param:
+
+BLOWFISH - Invalid parameters
+blowfish_invalid_param:
+
BLOWFISH-ECB Encrypt SSLeay reference #1
blowfish_encrypt_ecb:"0000000000000000":"0000000000000000":"4ef997456198dd78":0
@@ -203,13 +209,13 @@
blowfish_decrypt_ecb:"fedcba9876543210":"6b5c5a9c5d9e0a5a":"ffffffffffffffff":0
BLOWFISH-SETKEY Setkey SSLeay reference #1
-blowfish_encrypt_ecb:"f0":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+blowfish_encrypt_ecb:"f0":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
BLOWFISH-SETKEY Setkey SSLeay reference #2
-blowfish_encrypt_ecb:"f0e1":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+blowfish_encrypt_ecb:"f0e1":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
BLOWFISH-SETKEY Setkey SSLeay reference #3
-blowfish_encrypt_ecb:"f0e1d2":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+blowfish_encrypt_ecb:"f0e1d2":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
BLOWFISH-SETKEY Setkey SSLeay reference #4
blowfish_encrypt_ecb:"f0e1d2c3":"fedcba9876543210":"be1e639408640f05":0
@@ -281,7 +287,7 @@
blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fff":"fedcba9876543210":"2fb3ab7f0ee91b69":0
BLOWFISH-SETKEY Setkey 456 bits
-blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fffff":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fffff":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
BLOWFISH-CBC Encrypt
blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F722000000000":"6b77b4d63006dee605b156e27403979358deb9e7154616d959f1652bd5ff92cc":0
diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function
index e3c2252..7a93cd1 100644
--- a/tests/suites/test_suite_blowfish.function
+++ b/tests/suites/test_suite_blowfish.function
@@ -8,32 +8,180 @@
*/
/* BEGIN_CASE */
-void blowfish_encrypt_ecb( char *hex_key_string, char *hex_src_string,
- char *hex_dst_string, int setkey_result )
+void blowfish_valid_param( )
{
- unsigned char key_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
+ TEST_VALID_PARAM( mbedtls_blowfish_free( NULL ) );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void blowfish_invalid_param( )
+{
+ mbedtls_blowfish_context ctx;
+ unsigned char buf[16] = { 0 };
+ size_t const valid_keylength = sizeof( buf ) * 8;
+ size_t valid_mode = MBEDTLS_BLOWFISH_ENCRYPT;
+ size_t invalid_mode = 42;
+ size_t off;
+ ((void) off);
+
+ TEST_INVALID_PARAM( mbedtls_blowfish_init( NULL ) );
+ TEST_VALID_PARAM( mbedtls_blowfish_free( NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_setkey( NULL,
+ buf,
+ valid_keylength ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_setkey( &ctx,
+ NULL,
+ valid_keylength ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ecb( NULL,
+ valid_mode,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ecb( &ctx,
+ invalid_mode,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ecb( &ctx,
+ valid_mode,
+ NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ecb( &ctx,
+ valid_mode,
+ buf, NULL ) );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cbc( NULL,
+ valid_mode,
+ sizeof( buf ),
+ buf, buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cbc( &ctx,
+ invalid_mode,
+ sizeof( buf ),
+ buf, buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cbc( &ctx,
+ valid_mode,
+ sizeof( buf ),
+ NULL, buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cbc( &ctx,
+ valid_mode,
+ sizeof( buf ),
+ buf, NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cbc( &ctx,
+ valid_mode,
+ sizeof( buf ),
+ buf, buf, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cfb64( NULL,
+ valid_mode,
+ sizeof( buf ),
+ &off, buf,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cfb64( &ctx,
+ invalid_mode,
+ sizeof( buf ),
+ &off, buf,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cfb64( &ctx,
+ valid_mode,
+ sizeof( buf ),
+ NULL, buf,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cfb64( &ctx,
+ valid_mode,
+ sizeof( buf ),
+ &off, NULL,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cfb64( &ctx,
+ valid_mode,
+ sizeof( buf ),
+ &off, buf,
+ NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_cfb64( &ctx,
+ valid_mode,
+ sizeof( buf ),
+ &off, buf,
+ buf, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ctr( NULL,
+ sizeof( buf ),
+ &off,
+ buf, buf,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ctr( &ctx,
+ sizeof( buf ),
+ NULL,
+ buf, buf,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ctr( &ctx,
+ sizeof( buf ),
+ &off,
+ NULL, buf,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ctr( &ctx,
+ sizeof( buf ),
+ &off,
+ buf, NULL,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ctr( &ctx,
+ sizeof( buf ),
+ &off,
+ buf, buf,
+ NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ mbedtls_blowfish_crypt_ctr( &ctx,
+ sizeof( buf ),
+ &off,
+ buf, buf,
+ buf, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+exit:
+ return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void blowfish_encrypt_ecb( data_t * key_str, data_t * src_str,
+ data_t * hex_dst_string, int setkey_result )
+{
unsigned char output[100];
mbedtls_blowfish_context ctx;
- int key_len;
- memset(key_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_blowfish_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( src_str, hex_src_string );
- TEST_ASSERT( mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 ) == setkey_result );
+ TEST_ASSERT( mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
if( setkey_result == 0 )
{
- TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str, output ) == 0 );
- hexify( dst_str, output, 8 );
+ TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
}
exit:
@@ -42,32 +190,22 @@
/* END_CASE */
/* BEGIN_CASE */
-void blowfish_decrypt_ecb( char *hex_key_string, char *hex_src_string,
- char *hex_dst_string, int setkey_result )
+void blowfish_decrypt_ecb( data_t * key_str, data_t * src_str,
+ data_t * hex_dst_string, int setkey_result )
{
- unsigned char key_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_blowfish_context ctx;
- int key_len;
- memset(key_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_blowfish_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( src_str, hex_src_string );
- TEST_ASSERT( mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 ) == setkey_result );
+ TEST_ASSERT( mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
if( setkey_result == 0 )
{
- TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str, output ) == 0 );
- hexify( dst_str, output, 8 );
+ TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
}
exit:
@@ -76,37 +214,24 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void blowfish_encrypt_cbc( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string,
+void blowfish_encrypt_cbc( data_t * key_str, data_t * iv_str,
+ data_t * src_str, data_t * hex_dst_string,
int cbc_result )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_blowfish_context ctx;
- int key_len, data_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_blowfish_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
- mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 );
+ mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
- TEST_ASSERT( mbedtls_blowfish_crypt_cbc( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, data_len , iv_str, src_str, output ) == cbc_result );
+ TEST_ASSERT( mbedtls_blowfish_crypt_cbc( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len , iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0 )
{
- hexify( dst_str, output, data_len );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
}
exit:
@@ -115,36 +240,23 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void blowfish_decrypt_cbc( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string,
+void blowfish_decrypt_cbc( data_t * key_str, data_t * iv_str,
+ data_t * src_str, data_t * hex_dst_string,
int cbc_result )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_blowfish_context ctx;
- int key_len, data_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_blowfish_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
- mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_blowfish_crypt_cbc( &ctx, MBEDTLS_BLOWFISH_DECRYPT, data_len , iv_str, src_str, output ) == cbc_result );
+ mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_blowfish_crypt_cbc( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len , iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0)
{
- hexify( dst_str, output, data_len );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
}
exit:
@@ -153,34 +265,22 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void blowfish_encrypt_cfb64( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string )
+void blowfish_encrypt_cfb64( data_t * key_str, data_t * iv_str,
+ data_t * src_str, data_t * hex_dst_string
+ )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_blowfish_context ctx;
size_t iv_offset = 0;
- int key_len, src_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_blowfish_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- src_len = unhexify( src_str, hex_src_string );
- mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_len, &iv_offset, iv_str, src_str, output ) == 0 );
- hexify( dst_str, output, src_len );
+ mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
exit:
mbedtls_blowfish_free( &ctx );
@@ -188,34 +288,22 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void blowfish_decrypt_cfb64( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string )
+void blowfish_decrypt_cfb64( data_t * key_str, data_t * iv_str,
+ data_t * src_str, data_t * hex_dst_string
+ )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_blowfish_context ctx;
size_t iv_offset = 0;
- int key_len, src_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_blowfish_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- src_len = unhexify( src_str, hex_src_string );
- mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_len, &iv_offset, iv_str, src_str, output ) == 0 );
- hexify( dst_str, output, src_len );
+ mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
exit:
mbedtls_blowfish_free( &ctx );
@@ -223,36 +311,23 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */
-void blowfish_encrypt_ctr( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string )
+void blowfish_encrypt_ctr( data_t * key_str, data_t * iv_str,
+ data_t * src_str, data_t * hex_dst_string )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
unsigned char stream_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_blowfish_context ctx;
size_t iv_offset = 0;
- int key_len, src_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
memset(stream_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_blowfish_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- src_len = unhexify( src_str, hex_src_string );
- mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_blowfish_crypt_ctr( &ctx, src_len, &iv_offset, iv_str, stream_str, src_str, output ) == 0 );
- hexify( dst_str, output, src_len );
+ mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_blowfish_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, stream_str, src_str->x, output ) == 0 );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
exit:
mbedtls_blowfish_free( &ctx );
diff --git a/tests/suites/test_suite_camellia.data b/tests/suites/test_suite_camellia.data
index 1429838..671d570 100644
--- a/tests/suites/test_suite_camellia.data
+++ b/tests/suites/test_suite_camellia.data
@@ -1,3 +1,9 @@
+Camellia - Valid parameters
+camellia_valid_param:
+
+Camellia - Invalid parameters
+camellia_invalid_param:
+
Camellia-128-ECB Encrypt RFC3713 #1
camellia_encrypt_ecb:"0123456789abcdeffedcba9876543210":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":0
@@ -185,10 +191,10 @@
camellia_decrypt_cfb128:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"555FC3F34BDD2D54C62D9E3BF338C1C4":"F69F2445DF4F9B17AD2B417BE66C3710":"5953ADCE14DB8C7F39F1BD39F359BFFA"
Camellia-ECB Encrypt (Invalid key length)
-camellia_encrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+camellia_encrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA
Camellia-ECB Decrypt (Invalid key length)
-camellia_decrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+camellia_decrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA
Camellia-256-CBC Encrypt (Invalid input length)
camellia_encrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ffffffffffffffe000000000000000":"":MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index 9df6482..9408348 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function
@@ -8,32 +8,188 @@
*/
/* BEGIN_CASE */
-void camellia_encrypt_ecb( char *hex_key_string, char *hex_src_string,
- char *hex_dst_string, int setkey_result )
+void camellia_valid_param( )
{
- unsigned char key_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
+ TEST_VALID_PARAM( mbedtls_camellia_free( NULL ) );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void camellia_invalid_param( )
+{
+ mbedtls_camellia_context ctx;
+ unsigned char buf[16] = { 0 };
+ const size_t valid_keybits = 128;
+ const int invalid_mode = 42;
+ const int valid_mode = MBEDTLS_CAMELLIA_ENCRYPT;
+ size_t off;
+ ((void) off);
+
+ TEST_INVALID_PARAM( mbedtls_camellia_init( NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_setkey_enc( NULL,
+ buf,
+ valid_keybits ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_setkey_enc( &ctx,
+ NULL,
+ valid_keybits ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_setkey_dec( NULL,
+ buf,
+ valid_keybits ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_setkey_dec( &ctx,
+ NULL,
+ valid_keybits ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ecb( NULL,
+ valid_mode,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ecb( &ctx,
+ invalid_mode,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ecb( &ctx,
+ valid_mode,
+ NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ecb( &ctx,
+ valid_mode,
+ buf, NULL ) );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cbc( NULL,
+ valid_mode,
+ sizeof( buf ),
+ buf, buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cbc( &ctx,
+ invalid_mode,
+ sizeof( buf ),
+ buf, buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cbc( &ctx,
+ valid_mode,
+ sizeof( buf ),
+ NULL, buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cbc( &ctx,
+ valid_mode,
+ sizeof( buf ),
+ buf, NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cbc( &ctx,
+ valid_mode,
+ sizeof( buf ),
+ buf, buf, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cfb128( NULL,
+ valid_mode,
+ sizeof( buf ),
+ &off, buf,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cfb128( &ctx,
+ invalid_mode,
+ sizeof( buf ),
+ &off, buf,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cfb128( &ctx,
+ valid_mode,
+ sizeof( buf ),
+ NULL, buf,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cfb128( &ctx,
+ valid_mode,
+ sizeof( buf ),
+ &off, NULL,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cfb128( &ctx,
+ valid_mode,
+ sizeof( buf ),
+ &off, buf,
+ NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_cfb128( &ctx,
+ valid_mode,
+ sizeof( buf ),
+ &off, buf,
+ buf, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ctr( NULL,
+ sizeof( buf ),
+ &off,
+ buf, buf,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ctr( &ctx,
+ sizeof( buf ),
+ NULL,
+ buf, buf,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ctr( &ctx,
+ sizeof( buf ),
+ &off,
+ NULL, buf,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ctr( &ctx,
+ sizeof( buf ),
+ &off,
+ buf, NULL,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ctr( &ctx,
+ sizeof( buf ),
+ &off,
+ buf, buf,
+ NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ mbedtls_camellia_crypt_ctr( &ctx,
+ sizeof( buf ),
+ &off,
+ buf, buf,
+ buf, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+exit:
+ return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void camellia_encrypt_ecb( data_t * key_str, data_t * src_str,
+ data_t * hex_dst_string, int setkey_result )
+{
unsigned char output[100];
mbedtls_camellia_context ctx;
- int key_len;
- memset(key_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_camellia_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( src_str, hex_src_string );
- TEST_ASSERT( mbedtls_camellia_setkey_enc( &ctx, key_str, key_len * 8 ) == setkey_result );
+ TEST_ASSERT( mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
if( setkey_result == 0 )
{
- TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str, output ) == 0 );
- hexify( dst_str, output, 16 );
+ TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
}
exit:
@@ -42,32 +198,22 @@
/* END_CASE */
/* BEGIN_CASE */
-void camellia_decrypt_ecb( char *hex_key_string, char *hex_src_string,
- char *hex_dst_string, int setkey_result )
+void camellia_decrypt_ecb( data_t * key_str, data_t * src_str,
+ data_t * hex_dst_string, int setkey_result )
{
- unsigned char key_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_camellia_context ctx;
- int key_len;
- memset(key_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_camellia_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( src_str, hex_src_string );
- TEST_ASSERT( mbedtls_camellia_setkey_dec( &ctx, key_str, key_len * 8 ) == setkey_result );
+ TEST_ASSERT( mbedtls_camellia_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
if( setkey_result == 0 )
{
- TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str, output ) == 0 );
- hexify( dst_str, output, 16 );
+ TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
}
exit:
@@ -76,36 +222,23 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void camellia_encrypt_cbc( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string,
+void camellia_encrypt_cbc( data_t * key_str, data_t * iv_str,
+ data_t * src_str, data_t * hex_dst_string,
int cbc_result )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_camellia_context ctx;
- int key_len, data_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_camellia_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
- mbedtls_camellia_setkey_enc( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_camellia_crypt_cbc( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, data_len, iv_str, src_str, output) == cbc_result );
+ mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_camellia_crypt_cbc( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str->len, iv_str->x, src_str->x, output) == cbc_result );
if( cbc_result == 0 )
{
- hexify( dst_str, output, data_len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
}
exit:
@@ -114,36 +247,23 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void camellia_decrypt_cbc( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string,
+void camellia_decrypt_cbc( data_t * key_str, data_t * iv_str,
+ data_t * src_str, data_t * hex_dst_string,
int cbc_result )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_camellia_context ctx;
- int key_len, data_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_camellia_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
- mbedtls_camellia_setkey_dec( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_camellia_crypt_cbc( &ctx, MBEDTLS_CAMELLIA_DECRYPT, data_len, iv_str, src_str, output ) == cbc_result );
+ mbedtls_camellia_setkey_dec( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_camellia_crypt_cbc( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0 )
{
- hexify( dst_str, output, data_len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
}
exit:
@@ -152,34 +272,22 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void camellia_encrypt_cfb128( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string )
+void camellia_encrypt_cfb128( data_t * key_str, data_t * iv_str,
+ data_t * src_str,
+ data_t * hex_dst_string )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_camellia_context ctx;
size_t iv_offset = 0;
- int key_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_camellia_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- unhexify( src_str, hex_src_string );
- mbedtls_camellia_setkey_enc( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, 16, &iv_offset, iv_str, src_str, output ) == 0 );
- hexify( dst_str, output, 16 );
+ mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
exit:
mbedtls_camellia_free( &ctx );
@@ -187,34 +295,22 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void camellia_decrypt_cfb128( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string )
+void camellia_decrypt_cfb128( data_t * key_str, data_t * iv_str,
+ data_t * src_str,
+ data_t * hex_dst_string )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_camellia_context ctx;
size_t iv_offset = 0;
- int key_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_camellia_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- unhexify( src_str, hex_src_string );
- mbedtls_camellia_setkey_enc( &ctx, key_str, key_len * 8 );
- TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_DECRYPT, 16, &iv_offset, iv_str, src_str, output ) == 0 );
- hexify( dst_str, output, 16 );
+ mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
exit:
mbedtls_camellia_free( &ctx );
@@ -222,7 +318,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void camellia_selftest()
+void camellia_selftest( )
{
TEST_ASSERT( mbedtls_camellia_self_test( 1 ) == 0 );
}
diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index cad40d5..46c172b 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -1,6 +1,12 @@
CCM self test
mbedtls_ccm_self_test:
+CCM - Invalid parameters
+ccm_invalid_param:
+
+CCM - Valid parameters
+ccm_valid_param:
+
CCM init #1 AES-128: OK
depends_on:MBEDTLS_AES_C
mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:128:0
@@ -35,7 +41,8 @@
CCM lengths #6 tag length not even
ccm_lengths:5:10:5:7:MBEDTLS_ERR_CCM_BAD_INPUT
-CCM lenghts #7 AD too long (2^16 - 2^8 + 1)
+CCM lengths #7 AD too long (2^16 - 2^8 + 1)
+depends_on:!MBEDTLS_CCM_ALT
ccm_lengths:5:10:65281:8:MBEDTLS_ERR_CCM_BAD_INPUT
CCM lengths #8 msg too long for this IV length (2^16, q = 2)
@@ -1036,387 +1043,387 @@
CCM auth decrypt tag NIST DVPT AES-128 #1 (P=0, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4ae701103c63deca5b5a3939d7d05992":"02209f55":"5a8aa485c316e9":"":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4ae701103c63deca5b5a3939d7d05992":"02209f55":"5a8aa485c316e9":"":4:0:""
CCM auth decrypt tag NIST DVPT AES-128 #2 (P=0, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4ae701103c63deca5b5a3939d7d05992":"9a04c241":"3796cf51b87266":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4ae701103c63deca5b5a3939d7d05992":"9a04c241":"3796cf51b87266":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-128 #3 (P=0, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"75d582db43ce9b13ab4b6f7f14341330":"5a8aa485c316e9":"":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"75d582db43ce9b13ab4b6f7f14341330":"5a8aa485c316e9":"":16:0:""
CCM auth decrypt tag NIST DVPT AES-128 #4 (P=0, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"3a65e03af37b81d05acc7ec1bc39deb0":"3796cf51b87266":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"3a65e03af37b81d05acc7ec1bc39deb0":"3796cf51b87266":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-128 #5 (P=0, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"90156f3f":"5a8aa485c316e9403aff859fbb":"":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"90156f3f":"5a8aa485c316e9403aff859fbb":"":4:0:""
CCM auth decrypt tag NIST DVPT AES-128 #6 (P=0, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"88909016":"a16a2e741f1cd9717285b6d882":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"88909016":"a16a2e741f1cd9717285b6d882":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-128 #7 (P=0, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"fb04dc5a44c6bb000f2440f5154364b4":"5a8aa485c316e9403aff859fbb":"":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"fb04dc5a44c6bb000f2440f5154364b4":"5a8aa485c316e9403aff859fbb":"":16:0:""
CCM auth decrypt tag NIST DVPT AES-128 #8 (P=0, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5447075bf42a59b91f08064738b015ab":"a16a2e741f1cd9717285b6d882":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5447075bf42a59b91f08064738b015ab":"a16a2e741f1cd9717285b6d882":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-128 #9 (P=24, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"a90e8ea44085ced791b2fdb7fd44b5cf0bd7d27718029bb703e1fa6b":"5a8aa485c316e9":"":4:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"a90e8ea44085ced791b2fdb7fd44b5cf0bd7d27718029bb703e1fa6b":"5a8aa485c316e9":"":4:0:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
CCM auth decrypt tag NIST DVPT AES-128 #10 (P=24, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"50aafe0578c115c4a8e126ff7b3ccb64dce8ccaa8ceda69f23e5d81c":"31f8fa25827d48":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"50aafe0578c115c4a8e126ff7b3ccb64dce8ccaa8ceda69f23e5d81c":"31f8fa25827d48":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-128 #11 (P=24, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"24ab9eeb0e5508cae80074f1070ee188a637171860881f1f2d9a3fbc210595b7b8b1b41523111a8e":"5a8aa485c316e9":"":16:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"24ab9eeb0e5508cae80074f1070ee188a637171860881f1f2d9a3fbc210595b7b8b1b41523111a8e":"5a8aa485c316e9":"":16:0:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
CCM auth decrypt tag NIST DVPT AES-128 #12 (P=24, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"7ebfda6fa5da1dbffd82dc29b875798fbcef8ba0084fbd2463af747cc88a001fa94e060290f209c4":"31f8fa25827d48":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"7ebfda6fa5da1dbffd82dc29b875798fbcef8ba0084fbd2463af747cc88a001fa94e060290f209c4":"31f8fa25827d48":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-128 #13 (P=24, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134a3e138b9":"5a8aa485c316e9403aff859fbb":"":4:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134a3e138b9":"5a8aa485c316e9403aff859fbb":"":4:0:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
CCM auth decrypt tag NIST DVPT AES-128 #14 (P=24, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"118ec53dd1bfbe52d5b9fe5dfebecf2ee674ec983eada654091a5ae9":"49004912fdd7269279b1f06a89":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"118ec53dd1bfbe52d5b9fe5dfebecf2ee674ec983eada654091a5ae9":"49004912fdd7269279b1f06a89":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-128 #15 (P=24, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb6a9a970b9beb2ac1bd4fd62168f8378a":"5a8aa485c316e9403aff859fbb":"":16:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb6a9a970b9beb2ac1bd4fd62168f8378a":"5a8aa485c316e9403aff859fbb":"":16:0:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
CCM auth decrypt tag NIST DVPT AES-128 #16 (P=24, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"0c56a503aa2c12e87450d45a7b714db980fd348f327c0065a65666144994bad0c8195bcb4ade1337":"49004912fdd7269279b1f06a89":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"0c56a503aa2c12e87450d45a7b714db980fd348f327c0065a65666144994bad0c8195bcb4ade1337":"49004912fdd7269279b1f06a89":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-128 #17 (P=0, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"782e4318":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"782e4318":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:0:""
CCM auth decrypt tag NIST DVPT AES-128 #18 (P=0, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"a04f270a":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"a04f270a":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-128 #19 (P=0, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"41b476013f45e4a781f253a6f3b1e530":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"41b476013f45e4a781f253a6f3b1e530":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:0:""
CCM auth decrypt tag NIST DVPT AES-128 #20 (P=0, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"f9f018fcd125822616083fffebc4c8e6":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"f9f018fcd125822616083fffebc4c8e6":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-128 #21 (P=0, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"9f69f24f":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"9f69f24f":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:0:""
CCM auth decrypt tag NIST DVPT AES-128 #22 (P=0, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"e17afaa4":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"e17afaa4":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-128 #23 (P=0, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"1859ac36a40a6b28b34266253627797a":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"1859ac36a40a6b28b34266253627797a":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:0:""
CCM auth decrypt tag NIST DVPT AES-128 #24 (P=0, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"edf8b46eb69ac0044116019dec183072":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"edf8b46eb69ac0044116019dec183072":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-128 #25 (P=24, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"6be31860ca271ef448de8f8d8b39346daf4b81d7e92d65b338f125fa":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"6be31860ca271ef448de8f8d8b39346daf4b81d7e92d65b338f125fa":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:0:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
CCM auth decrypt tag NIST DVPT AES-128 #26 (P=24, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"4cc57a9927a6bc401441870d3193bf89ebd163f5c01501c728a66b69":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"4cc57a9927a6bc401441870d3193bf89ebd163f5c01501c728a66b69":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-128 #27 (P=24, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"b351ab96b2e45515254558d5212673ee6c776d42dbca3b512cf3a20b7fd7c49e6e79bef475c2906f":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"b351ab96b2e45515254558d5212673ee6c776d42dbca3b512cf3a20b7fd7c49e6e79bef475c2906f":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:0:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
CCM auth decrypt tag NIST DVPT AES-128 #28 (P=24, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"df1a5285caa41b4bb47f6e5ceceba4e82721828d68427a3081d18ca149d6766bfaccec88f194eb5b":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"df1a5285caa41b4bb47f6e5ceceba4e82721828d68427a3081d18ca149d6766bfaccec88f194eb5b":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-128 #29 (P=24, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"934f893824e880f743d196b22d1f340a52608155087bd28ac25e5329":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"934f893824e880f743d196b22d1f340a52608155087bd28ac25e5329":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:0:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
CCM auth decrypt tag NIST DVPT AES-128 #30 (P=24, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"f43ba9d834ad85dfab3f1c0c27c3441fe4e411a38a261a6559b3b3ee":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"f43ba9d834ad85dfab3f1c0c27c3441fe4e411a38a261a6559b3b3ee":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-128 #31 (P=24, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0e":"50038b5fdd364ee747b70d00bd36840ece4ea19998123375c0a458bfcafa3b2609afe0f825cbf503":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0e":"50038b5fdd364ee747b70d00bd36840ece4ea19998123375c0a458bfcafa3b2609afe0f825cbf503":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:0:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
CCM auth decrypt tag NIST DVPT AES-128 #32 (P=24, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0e":"78ed8ff6b5a1255d0fbd0a719a9c27b059ff5f83d0c4962c390042ba8bb5f6798dab01c5afad7306":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0e":"78ed8ff6b5a1255d0fbd0a719a9c27b059ff5f83d0c4962c390042ba8bb5f6798dab01c5afad7306":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-192 #1 (P=0, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"9d4b7f3b":"5a8aa485c316e9":"":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"9d4b7f3b":"5a8aa485c316e9":"":4:0:""
CCM auth decrypt tag NIST DVPT AES-192 #2 (P=0, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"80745de9":"3796cf51b87266":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"80745de9":"3796cf51b87266":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-192 #3 (P=0, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"17223038fa99d53681ca1beabe78d1b4":"5a8aa485c316e9":"":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"17223038fa99d53681ca1beabe78d1b4":"5a8aa485c316e9":"":16:0:""
CCM auth decrypt tag NIST DVPT AES-192 #4 (P=0, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"d0e1eeef4d2a264536bb1c2c1bde7c35":"3796cf51b87266":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"d0e1eeef4d2a264536bb1c2c1bde7c35":"3796cf51b87266":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-192 #5 (P=0, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"fe69ed84":"5a8aa485c316e9403aff859fbb":"":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"fe69ed84":"5a8aa485c316e9403aff859fbb":"":4:0:""
CCM auth decrypt tag NIST DVPT AES-192 #6 (P=0, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"db7ffc82":"a16a2e741f1cd9717285b6d882":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"db7ffc82":"a16a2e741f1cd9717285b6d882":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-192 #7 (P=0, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"0c66a8e547ed4f8c2c9a9a1eb5d455b9":"5a8aa485c316e9403aff859fbb":"":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"0c66a8e547ed4f8c2c9a9a1eb5d455b9":"5a8aa485c316e9403aff859fbb":"":16:0:""
CCM auth decrypt tag NIST DVPT AES-192 #8 (P=0, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"38757b3a61a4dc97ca3ab88bf1240695":"a16a2e741f1cd9717285b6d882":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"38757b3a61a4dc97ca3ab88bf1240695":"a16a2e741f1cd9717285b6d882":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-192 #9 (P=24, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138cddc93a54":"5a8aa485c316e9":"":4:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138cddc93a54":"5a8aa485c316e9":"":4:0:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
CCM auth decrypt tag NIST DVPT AES-192 #10 (P=24, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"32b649ab56162e55d4148a1292d6a225a988eb1308298273b6889036":"31f8fa25827d48":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"32b649ab56162e55d4148a1292d6a225a988eb1308298273b6889036":"31f8fa25827d48":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-192 #11 (P=24, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"cba4b4aeb85f0492fd8d905c4a6d8233139833373ef188a8c5a5ebecf7ac8607fe412189e83d9d20":"5a8aa485c316e9":"":16:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"cba4b4aeb85f0492fd8d905c4a6d8233139833373ef188a8c5a5ebecf7ac8607fe412189e83d9d20":"5a8aa485c316e9":"":16:0:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
CCM auth decrypt tag NIST DVPT AES-192 #12 (P=24, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"ca62713728b5c9d652504b0ae8fd4fee5d297ee6a8d19cb6e699f15f14d34dcaf9ba8ed4b877c97d":"31f8fa25827d48":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"ca62713728b5c9d652504b0ae8fd4fee5d297ee6a8d19cb6e699f15f14d34dcaf9ba8ed4b877c97d":"31f8fa25827d48":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-192 #13 (P=24, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"042653c674ef2a90f7fb11d30848e530ae59478f1051633a34fad277":"5a8aa485c316e9403aff859fbb":"":4:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"042653c674ef2a90f7fb11d30848e530ae59478f1051633a34fad277":"5a8aa485c316e9403aff859fbb":"":4:0:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
CCM auth decrypt tag NIST DVPT AES-192 #14 (P=24, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"1902d9769a7ba3d3268e1257395c8c2e5f98eef295dcbfa5a35df775":"49004912fdd7269279b1f06a89":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"1902d9769a7ba3d3268e1257395c8c2e5f98eef295dcbfa5a35df775":"49004912fdd7269279b1f06a89":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-192 #15 (P=24, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671ea7ade30a07d185692ab0ebdf4c78cf7a":"5a8aa485c316e9403aff859fbb":"":16:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671ea7ade30a07d185692ab0ebdf4c78cf7a":"5a8aa485c316e9403aff859fbb":"":16:0:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
CCM auth decrypt tag NIST DVPT AES-192 #16 (P=24, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"9a98617fb97a0dfe466be692272dcdaec1c5443a3b51312ef042c86363cc05afb98c66e16be8a445":"49004912fdd7269279b1f06a89":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"9a98617fb97a0dfe466be692272dcdaec1c5443a3b51312ef042c86363cc05afb98c66e16be8a445":"49004912fdd7269279b1f06a89":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-192 #17 (P=0, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"1d089a5f":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"1d089a5f":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:0:""
CCM auth decrypt tag NIST DVPT AES-192 #18 (P=0, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"2f46022a":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"2f46022a":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-192 #19 (P=0, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5280a2137fee3deefcfe9b63a1199fb3":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5280a2137fee3deefcfe9b63a1199fb3":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:0:""
CCM auth decrypt tag NIST DVPT AES-192 #20 (P=0, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"d40a7318c5f2d82f838c0beeefe0d598":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"d40a7318c5f2d82f838c0beeefe0d598":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-192 #21 (P=0, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5e0eaebd":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5e0eaebd":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:0:""
CCM auth decrypt tag NIST DVPT AES-192 #22 (P=0, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"71b7fc33":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"71b7fc33":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-192 #23 (P=0, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"d07ccf9fdc3d33aa94cda3d230da707c":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"d07ccf9fdc3d33aa94cda3d230da707c":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:0:""
CCM auth decrypt tag NIST DVPT AES-192 #24 (P=0, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"65fe32b649dc328c9f531584897e85b3":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"65fe32b649dc328c9f531584897e85b3":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-192 #25 (P=24, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"9f6ca4af9b159148c889a6584d1183ea26e2614874b0504575dea8d1":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"9f6ca4af9b159148c889a6584d1183ea26e2614874b0504575dea8d1":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:0:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
CCM auth decrypt tag NIST DVPT AES-192 #26 (P=24, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"84d8212e9cfc2121252baa3b065b1edcf50497b9594db1ebd7965825":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"84d8212e9cfc2121252baa3b065b1edcf50497b9594db1ebd7965825":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-192 #27 (P=24, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"6aab64c4787599d8f213446beadb16e08dba60e97f56dbd14d1d980d6fe0fb44b421992662b97975":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"6aab64c4787599d8f213446beadb16e08dba60e97f56dbd14d1d980d6fe0fb44b421992662b97975":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:0:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
CCM auth decrypt tag NIST DVPT AES-192 #28 (P=24, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"4980b2ee49b1aaf393175f5ab9bae95ec7904557dfa206603c51d36c826f01384100886198a7f6a3":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"4980b2ee49b1aaf393175f5ab9bae95ec7904557dfa206603c51d36c826f01384100886198a7f6a3":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-192 #29 (P=24, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"16e543d0e20615ff0df15acd9927ddfe40668a54bb854cccc25e9fce":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"16e543d0e20615ff0df15acd9927ddfe40668a54bb854cccc25e9fce":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:0:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
CCM auth decrypt tag NIST DVPT AES-192 #30 (P=24, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"df35b109caf690656ae278bbd8f8bba687a2ce11b105dae98ecedb3e":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"df35b109caf690656ae278bbd8f8bba687a2ce11b105dae98ecedb3e":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-192 #31 (P=24, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"c5b0b2ef17498c5570eb335df4588032958ba3d69bf6f3178464a6f7fa2b76744e8e8d95691cecb8":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"c5b0b2ef17498c5570eb335df4588032958ba3d69bf6f3178464a6f7fa2b76744e8e8d95691cecb8":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:0:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
CCM auth decrypt tag NIST DVPT AES-192 #32 (P=24, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"d1f0518929f4ae2f0543de2a7dfe4bb0110bb3057e524a1c06bd6dc2e6bcc3436cffb969ae900388":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"d1f0518929f4ae2f0543de2a7dfe4bb0110bb3057e524a1c06bd6dc2e6bcc3436cffb969ae900388":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-256 #1 (P=0, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"469c90bb":"a544218dadd3c1":"":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"469c90bb":"a544218dadd3c1":"":4:0:""
CCM auth decrypt tag NIST DVPT AES-256 #2 (P=0, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"46a908ed":"d3d5424e20fbec":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"46a908ed":"d3d5424e20fbec":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-256 #3 (P=0, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"8207eb14d33855a52acceed17dbcbf6e":"a544218dadd3c1":"":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"8207eb14d33855a52acceed17dbcbf6e":"a544218dadd3c1":"":16:0:""
CCM auth decrypt tag NIST DVPT AES-256 #4 (P=0, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"60f8e127cb4d30db6df0622158cd931d":"d3d5424e20fbec":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"60f8e127cb4d30db6df0622158cd931d":"d3d5424e20fbec":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-256 #5 (P=0, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"8a19a133":"a544218dadd3c10583db49cf39":"":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"8a19a133":"a544218dadd3c10583db49cf39":"":4:0:""
CCM auth decrypt tag NIST DVPT AES-256 #6 (P=0, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"2e317f1b":"3c0e2815d37d844f7ac240ba9d":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"2e317f1b":"3c0e2815d37d844f7ac240ba9d":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-256 #7 (P=0, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"97e1a8dd4259ccd2e431e057b0397fcf":"a544218dadd3c10583db49cf39":"":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"97e1a8dd4259ccd2e431e057b0397fcf":"a544218dadd3c10583db49cf39":"":16:0:""
CCM auth decrypt tag NIST DVPT AES-256 #8 (P=0, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"5a9596c511ea6a8671adefc4f2157d8b":"3c0e2815d37d844f7ac240ba9d":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"5a9596c511ea6a8671adefc4f2157d8b":"3c0e2815d37d844f7ac240ba9d":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-256 #9 (P=24, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"64a1341679972dc5869fcf69b19d5c5ea50aa0b5e985f5b722aa8d59":"a544218dadd3c1":"":4:"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"64a1341679972dc5869fcf69b19d5c5ea50aa0b5e985f5b722aa8d59":"a544218dadd3c1":"":4:0:"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
CCM auth decrypt tag NIST DVPT AES-256 #10 (P=24, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"c5b7f802bffc498c1626e3774f1d9f94045dfd8e1a10a20277d00a75":"bfcda8b5a2d0d2":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"c5b7f802bffc498c1626e3774f1d9f94045dfd8e1a10a20277d00a75":"bfcda8b5a2d0d2":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-256 #11 (P=24, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bc51c3925a960e7732533e4ef3a4f69ee6826de952bcb0fd374f3bb6db8377ebfc79674858c4f305":"a544218dadd3c1":"":16:"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bc51c3925a960e7732533e4ef3a4f69ee6826de952bcb0fd374f3bb6db8377ebfc79674858c4f305":"a544218dadd3c1":"":16:0:"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
CCM auth decrypt tag NIST DVPT AES-256 #12 (P=24, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"afa1fa8e8a70e26b02161150556d604101fdf423f332c3363275f2a4907d51b734fe7238cebbd48f":"bfcda8b5a2d0d2":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"afa1fa8e8a70e26b02161150556d604101fdf423f332c3363275f2a4907d51b734fe7238cebbd48f":"bfcda8b5a2d0d2":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-256 #13 (P=24, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f4123d14fb3f":"a544218dadd3c10583db49cf39":"":4:"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f4123d14fb3f":"a544218dadd3c10583db49cf39":"":4:0:"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
CCM auth decrypt tag NIST DVPT AES-256 #14 (P=24, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bb5425b3869b76856ec58e39886fb6f6f2ac13fe44cb132d8d0c0099":"894dcaa61008eb8fb052c60d41":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bb5425b3869b76856ec58e39886fb6f6f2ac13fe44cb132d8d0c0099":"894dcaa61008eb8fb052c60d41":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-256 #15 (P=24, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"f0050ad16392021a3f40207bed3521fb1e9f808f49830c423a578d179902f912f9ea1afbce1120b3":"a544218dadd3c10583db49cf39":"":16:"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"f0050ad16392021a3f40207bed3521fb1e9f808f49830c423a578d179902f912f9ea1afbce1120b3":"a544218dadd3c10583db49cf39":"":16:0:"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
CCM auth decrypt tag NIST DVPT AES-256 #16 (P=24, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"c408190d0fbf5034f83b24a8ed9657331a7ce141de4fae769084607b83bd06e6442eac8dacf583cc":"894dcaa61008eb8fb052c60d41":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"c408190d0fbf5034f83b24a8ed9657331a7ce141de4fae769084607b83bd06e6442eac8dacf583cc":"894dcaa61008eb8fb052c60d41":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-256 #17 (P=0, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"92d00fbe":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"92d00fbe":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":4:0:""
CCM auth decrypt tag NIST DVPT AES-256 #18 (P=0, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"9143e5c4":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"9143e5c4":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-256 #19 (P=0, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"93af11a08379eb37a16aa2837f09d69d":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"93af11a08379eb37a16aa2837f09d69d":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":16:0:""
CCM auth decrypt tag NIST DVPT AES-256 #20 (P=0, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"d19b0c14ec686a7961ca7c386d125a65":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"d19b0c14ec686a7961ca7c386d125a65":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-256 #21 (P=0, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"866d4227":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"866d4227":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":4:0:""
CCM auth decrypt tag NIST DVPT AES-256 #22 (P=0, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"94cb1127":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"94cb1127":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-256 #23 (P=0, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"867b0d87cf6e0f718200a97b4f6d5ad5":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"867b0d87cf6e0f718200a97b4f6d5ad5":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":16:0:""
CCM auth decrypt tag NIST DVPT AES-256 #24 (P=0, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"677a040d46ee3f2b7838273bdad14f16":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"677a040d46ee3f2b7838273bdad14f16":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-256 #25 (P=24, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"c2fe12658139f5d0dd22cadf2e901695b579302a72fc56083ebc7720":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":4:"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"c2fe12658139f5d0dd22cadf2e901695b579302a72fc56083ebc7720":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":4:0:"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
CCM auth decrypt tag NIST DVPT AES-256 #26 (P=24, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"94748ba81229e53c38583a8564b23ebbafc6f6efdf4c2a81c44db2c9":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"94748ba81229e53c38583a8564b23ebbafc6f6efdf4c2a81c44db2c9":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-256 #27 (P=24, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"3341168eb8c48468c414347fb08f71d2086f7c2d1bd581ce1ac68bd42f5ec7fa7e068cc0ecd79c2a":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":16:"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"3341168eb8c48468c414347fb08f71d2086f7c2d1bd581ce1ac68bd42f5ec7fa7e068cc0ecd79c2a":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":16:0:"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
CCM auth decrypt tag NIST DVPT AES-256 #28 (P=24, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"d543acda712b898cbb27b8f598b2e4438ce587a836e2785147c3338a2400809e739b63ba8227d2f9":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"d543acda712b898cbb27b8f598b2e4438ce587a836e2785147c3338a2400809e739b63ba8227d2f9":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-256 #29 (P=24, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"c0ea400b599561e7905b99262b4565d5c3dc49fad84d7c69ef891339":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":4:"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"c0ea400b599561e7905b99262b4565d5c3dc49fad84d7c69ef891339":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":4:0:"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
CCM auth decrypt tag NIST DVPT AES-256 #30 (P=24, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"60871e03ea0eb968536c99f926ea24ef43d41272ad9fb7f63d488623":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"60871e03ea0eb968536c99f926ea24ef43d41272ad9fb7f63d488623":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM auth decrypt tag NIST DVPT AES-256 #31 (P=24, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"8d34cdca37ce77be68f65baf3382e31efa693e63f914a781367f30f2eaad8c063ca50795acd90203":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":16:"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"8d34cdca37ce77be68f65baf3382e31efa693e63f914a781367f30f2eaad8c063ca50795acd90203":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":16:0:"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
CCM auth decrypt tag NIST DVPT AES-256 #32 (P=24, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"516c0095cc3d85fd55e48da17c592e0c7014b9daafb82bdc4b41096dfdbe9cc1ab610f8f3e038d16":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"516c0095cc3d85fd55e48da17c592e0c7014b9daafb82bdc4b41096dfdbe9cc1ab610f8f3e038d16":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
CCM-Camellia encrypt and tag RFC 5528 #1
depends_on:MBEDTLS_CAMELLIA_C
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 58c8569..16f9f8e 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -8,7 +8,7 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */
-void mbedtls_ccm_self_test( )
+void mbedtls_ccm_self_test( )
{
TEST_ASSERT( mbedtls_ccm_self_test( 1 ) == 0 );
}
@@ -116,113 +116,74 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ccm_encrypt_and_tag( int cipher_id,
- char *key_hex, char *msg_hex,
- char *iv_hex, char *add_hex,
- char *result_hex )
+void mbedtls_ccm_encrypt_and_tag( int cipher_id, data_t * key,
+ data_t * msg, data_t * iv,
+ data_t * add, data_t * result )
{
- unsigned char key[32];
- unsigned char msg[50];
- unsigned char iv[13];
- unsigned char add[32];
- unsigned char result[50];
mbedtls_ccm_context ctx;
- size_t key_len, msg_len, iv_len, add_len, tag_len, result_len;
+ size_t tag_len;
+ uint8_t * msg_n_tag = (uint8_t *)malloc( result->len + 2 );
mbedtls_ccm_init( &ctx );
- memset( key, 0x00, sizeof( key ) );
- memset( msg, 0x00, sizeof( msg ) );
- memset( iv, 0x00, sizeof( iv ) );
- memset( add, 0x00, sizeof( add ) );
- memset( result, 0x00, sizeof( result ) );
+ memset( msg_n_tag, 0, result->len + 2 );
+ memcpy( msg_n_tag, msg->x, msg->len );
- key_len = unhexify( key, key_hex );
- msg_len = unhexify( msg, msg_hex );
- iv_len = unhexify( iv, iv_hex );
- add_len = unhexify( add, add_hex );
- result_len = unhexify( result, result_hex );
- tag_len = result_len - msg_len;
+ tag_len = result->len - msg->len;
- TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 );
+ TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 );
/* Test with input == output */
- TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len,
- msg, msg, msg + msg_len, tag_len ) == 0 );
+ TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg->len, iv->x, iv->len, add->x, add->len,
+ msg_n_tag, msg_n_tag, msg_n_tag + msg->len, tag_len ) == 0 );
- TEST_ASSERT( memcmp( msg, result, result_len ) == 0 );
+ TEST_ASSERT( memcmp( msg_n_tag, result->x, result->len ) == 0 );
/* Check we didn't write past the end */
- TEST_ASSERT( msg[result_len] == 0 && msg[result_len + 1] == 0 );
+ TEST_ASSERT( msg_n_tag[result->len] == 0 && msg_n_tag[result->len + 1] == 0 );
exit:
mbedtls_ccm_free( &ctx );
+ free( msg_n_tag );
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ccm_auth_decrypt( int cipher_id,
- char *key_hex, char *msg_hex,
- char *iv_hex, char *add_hex,
- int tag_len, char *result_hex )
+void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key,
+ data_t * msg, data_t * iv,
+ data_t * add, int tag_len, int result,
+ data_t * hex_msg )
{
- unsigned char key[32];
- unsigned char msg[50];
- unsigned char iv[13];
- unsigned char add[32];
unsigned char tag[16];
- unsigned char result[50];
mbedtls_ccm_context ctx;
- size_t key_len, msg_len, iv_len, add_len, result_len;
- int ret;
mbedtls_ccm_init( &ctx );
- memset( key, 0x00, sizeof( key ) );
- memset( msg, 0x00, sizeof( msg ) );
- memset( iv, 0x00, sizeof( iv ) );
- memset( add, 0x00, sizeof( add ) );
memset( tag, 0x00, sizeof( tag ) );
- memset( result, 0x00, sizeof( result ) );
- key_len = unhexify( key, key_hex );
- msg_len = unhexify( msg, msg_hex );
- iv_len = unhexify( iv, iv_hex );
- add_len = unhexify( add, add_hex );
- msg_len -= tag_len;
- memcpy( tag, msg + msg_len, tag_len );
+ msg->len -= tag_len;
+ memcpy( tag, msg->x + msg->len, tag_len );
- if( strcmp( "FAIL", result_hex ) == 0 )
- {
- ret = MBEDTLS_ERR_CCM_AUTH_FAILED;
- result_len = -1;
- }
- else
- {
- ret = 0;
- result_len = unhexify( result, result_hex );
- }
-
- TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 );
+ TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 );
/* Test with input == output */
- TEST_ASSERT( mbedtls_ccm_auth_decrypt( &ctx, msg_len, iv, iv_len, add, add_len,
- msg, msg, msg + msg_len, tag_len ) == ret );
+ TEST_ASSERT( mbedtls_ccm_auth_decrypt( &ctx, msg->len, iv->x, iv->len, add->x, add->len,
+ msg->x, msg->x, msg->x + msg->len, tag_len ) == result );
- if( ret == 0 )
+ if( result == 0 )
{
- TEST_ASSERT( memcmp( msg, result, result_len ) == 0 );
+ TEST_ASSERT( memcmp( msg->x, hex_msg->x, hex_msg->len ) == 0 );
}
else
{
size_t i;
- for( i = 0; i < msg_len; i++ )
- TEST_ASSERT( msg[i] == 0 );
+ for( i = 0; i < msg->len; i++ )
+ TEST_ASSERT( msg->x[i] == 0 );
}
/* Check we didn't write past the end (where the original tag is) */
- TEST_ASSERT( memcmp( msg + msg_len, tag, tag_len ) == 0 );
+ TEST_ASSERT( memcmp( msg->x + msg->len, tag, tag_len ) == 0 );
exit:
mbedtls_ccm_free( &ctx );
@@ -365,3 +326,216 @@
mbedtls_ccm_free( &ctx );
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void ccm_invalid_param( )
+{
+ struct mbedtls_ccm_context ctx;
+ unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
+ mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES;
+ int valid_len = sizeof(valid_buffer);
+ int valid_bitlen = valid_len * 8;
+
+ mbedtls_ccm_init( &ctx );
+
+ /* mbedtls_ccm_init() */
+ TEST_INVALID_PARAM( mbedtls_ccm_init( NULL ) );
+
+ /* mbedtls_ccm_setkey() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) );
+
+ /* mbedtls_ccm_encrypt_and_tag() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_encrypt_and_tag( NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_buffer,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, NULL,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ NULL, valid_len ) );
+
+ /* mbedtls_ccm_star_encrypt_and_tag() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_star_encrypt_and_tag( NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_buffer,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, NULL,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ NULL, valid_len ) );
+
+ /* mbedtls_ccm_auth_decrypt() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_auth_decrypt( NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_auth_decrypt( &ctx, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_auth_decrypt( &ctx, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_auth_decrypt( &ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_buffer,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_auth_decrypt( &ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, NULL,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_auth_decrypt( &ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ NULL, valid_len ) );
+
+ /* mbedtls_ccm_star_auth_decrypt() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_star_auth_decrypt( NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_buffer,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_buffer,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, NULL,
+ valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CCM_BAD_INPUT,
+ mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ NULL, valid_len ) );
+
+exit:
+ mbedtls_ccm_free( &ctx );
+ return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ccm_valid_param( )
+{
+ TEST_VALID_PARAM( mbedtls_ccm_free( NULL ) );
+exit:
+ return;
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function
index 669d91e..49b389c 100644
--- a/tests/suites/test_suite_chacha20.function
+++ b/tests/suites/test_suite_chacha20.function
@@ -82,7 +82,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
void chacha20_bad_params()
{
unsigned char key[32];
@@ -93,42 +93,38 @@
size_t len = sizeof( src );
mbedtls_chacha20_context ctx;
- mbedtls_chacha20_init( NULL );
- mbedtls_chacha20_free( NULL );
+ TEST_INVALID_PARAM( mbedtls_chacha20_init( NULL ) );
+ TEST_VALID_PARAM( mbedtls_chacha20_free( NULL ) );
- mbedtls_chacha20_init( &ctx );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_setkey( NULL, key ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_setkey( &ctx, NULL ) );
- TEST_ASSERT( mbedtls_chacha20_setkey( NULL, key )
- == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chacha20_setkey( &ctx, NULL )
- == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_starts( NULL, nonce, counter ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_starts( &ctx, NULL, counter ) );
- TEST_ASSERT( mbedtls_chacha20_starts( NULL, nonce, counter )
- == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chacha20_starts( &ctx, NULL, counter )
- == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_update( NULL, 0, src, dst ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_update( &ctx, len, NULL, dst ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_update( &ctx, len, src, NULL ) );
- TEST_ASSERT( mbedtls_chacha20_update( NULL, 0, src, dst )
- == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chacha20_update( &ctx, len, NULL, dst )
- == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chacha20_update( &ctx, len, src, NULL )
- == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chacha20_update( &ctx, 0, NULL, NULL )
- == 0 );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_crypt( NULL, nonce, counter, 0, src, dst ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_crypt( key, NULL, counter, 0, src, dst ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_crypt( key, nonce, counter, len, NULL, dst ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
+ mbedtls_chacha20_crypt( key, nonce, counter, len, src, NULL ) );
- mbedtls_chacha20_free( &ctx );
+exit:
+ return;
- TEST_ASSERT( mbedtls_chacha20_crypt( NULL, nonce, counter, 0, src, dst )
- == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chacha20_crypt( key, NULL, counter, 0, src, dst )
- == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chacha20_crypt( key, nonce, counter, len, NULL, dst )
- == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chacha20_crypt( key, nonce, counter, len, src, NULL )
- == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chacha20_crypt( key, nonce, counter, 0, NULL, NULL )
- == 0 );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function
index 95dfd8a..8e56bf6 100644
--- a/tests/suites/test_suite_chachapoly.function
+++ b/tests/suites/test_suite_chachapoly.function
@@ -118,7 +118,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
void chachapoly_bad_params()
{
unsigned char key[32];
@@ -138,124 +138,114 @@
memset( output, 0x00, sizeof( output ) );
memset( mac, 0x00, sizeof( mac ) );
- mbedtls_chachapoly_init( NULL );
- mbedtls_chachapoly_free( NULL );
+ TEST_INVALID_PARAM( mbedtls_chachapoly_init( NULL ) );
+ TEST_VALID_PARAM( mbedtls_chachapoly_free( NULL ) );
- mbedtls_chachapoly_init( &ctx );
+ /* setkey */
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_setkey( NULL, key ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_setkey( &ctx, NULL ) );
- TEST_ASSERT( mbedtls_chachapoly_setkey( NULL, key )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, NULL )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-
- TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( NULL,
+ /* encrypt_and_tag */
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_encrypt_and_tag( NULL,
0, nonce,
aad, 0,
- input, output, mac )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
+ input, output, mac ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_encrypt_and_tag( &ctx,
0, NULL,
aad, 0,
- input, output, mac )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
+ input, output, mac ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_encrypt_and_tag( &ctx,
0, nonce,
NULL, aad_len,
- input, output, mac )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
+ input, output, mac ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_encrypt_and_tag( &ctx,
input_len, nonce,
aad, 0,
- NULL, output, mac )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
+ NULL, output, mac ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_encrypt_and_tag( &ctx,
input_len, nonce,
aad, 0,
- input, NULL, mac )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
+ input, NULL, mac ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_encrypt_and_tag( &ctx,
0, nonce,
aad, 0,
- input, output, NULL )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+ input, output, NULL ) );
- TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( NULL,
+ /* auth_decrypt */
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_auth_decrypt( NULL,
0, nonce,
aad, 0,
- mac, input, output )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
+ mac, input, output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_auth_decrypt( &ctx,
0, NULL,
aad, 0,
- mac, input, output )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
+ mac, input, output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_auth_decrypt( &ctx,
0, nonce,
NULL, aad_len,
- mac, input, output )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
+ mac, input, output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_auth_decrypt( &ctx,
0, nonce,
aad, 0,
- NULL, input, output )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
+ NULL, input, output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_auth_decrypt( &ctx,
input_len, nonce,
aad, 0,
- mac, NULL, output )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
+ mac, NULL, output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_auth_decrypt( &ctx,
input_len, nonce,
aad, 0,
- mac, input, NULL )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+ mac, input, NULL ) );
- TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
- 0, nonce,
- aad, aad_len,
- NULL, NULL, mac )
- == 0 );
- TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
- 0, nonce,
- aad, aad_len,
- mac, NULL, NULL )
- == 0 );
+ /* starts */
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_starts( NULL, nonce,
+ MBEDTLS_CHACHAPOLY_ENCRYPT ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_starts( &ctx, NULL,
+ MBEDTLS_CHACHAPOLY_ENCRYPT ) );
- TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
- input_len, nonce,
- NULL, 0,
- input, output, mac )
- == 0 );
- TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
- input_len, nonce,
- NULL, 0,
- mac, input, output )
- == 0 );
+ /* update_aad */
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_update_aad( NULL, aad,
+ aad_len ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_update_aad( &ctx, NULL,
+ aad_len ) );
- TEST_ASSERT( mbedtls_chachapoly_starts( NULL, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, NULL, MBEDTLS_CHACHAPOLY_ENCRYPT )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+ /* update */
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_update( NULL, input_len,
+ input, output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_update( &ctx, input_len,
+ NULL, output ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_update( &ctx, input_len,
+ input, NULL ) );
- TEST_ASSERT( mbedtls_chachapoly_update_aad( NULL, aad, aad_len )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, NULL, aad_len )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-
- TEST_ASSERT( mbedtls_chachapoly_update( NULL, input_len, input, output )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, NULL, output )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, NULL )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-
- TEST_ASSERT( mbedtls_chachapoly_finish( NULL, mac )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, NULL )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+ /* finish */
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_finish( NULL, mac ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_chachapoly_finish( &ctx, NULL ) );
exit:
- mbedtls_chachapoly_free( &ctx );
+ return;
}
/* END_CASE */
diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data
index baab358..c42fc79 100644
--- a/tests/suites/test_suite_cipher.aes.data
+++ b/tests/suites/test_suite_cipher.aes.data
@@ -1,6 +1,6 @@
Decrypt empty buffer
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-dec_empty_buf:
+dec_empty_buf:MBEDTLS_CIPHER_AES_128_CBC
AES-128 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
@@ -1510,6 +1510,286 @@
depends_on:MBEDTLS_AES_C
test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"9b80eefb7ebe2d2b16247aa0efc72f5d":"e0000000000000000000000000000000":0
+AES-128-ECB crypt Encrypt NIST KAT #1
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:0
+
+AES-128-ECB crypt Encrypt NIST KAT #2
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"f0000000000000000000000000000000":"":"00000000000000000000000000000000":"970014d634e2b7650777e8e84d03ccd8":0:0
+
+AES-128-ECB crypt Encrypt NIST KAT #3
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"ffffffffffffffc00000000000000000":"3a4d354f02bb5a5e47d39666867f246a":0:0
+
+AES-128-ECB crypt Decrypt NIST KAT #1
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":0:0
+
+AES-128-ECB crypt Decrypt NIST KAT #2
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"b69418a85332240dc82492353956ae0c":"":"a303d940ded8f0baff6f75414cac5243":"00000000000000000000000000000000":0:0
+
+AES-128-ECB crypt Decrypt NIST KAT #3
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff8000000000000000":"":"32cd652842926aea4aa6137bb2be2b5e":"00000000000000000000000000000000":0:0
+
+AES-192-ECB crypt Encrypt NIST KAT #1
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"fffffffffffffffffffff80000000000":"156f07767a85a4312321f63968338a01":0:0
+
+AES-192-ECB crypt Encrypt NIST KAT #2
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"51719783d3185a535bd75adc65071ce1":"4f354592ff7c8847d2d0870ca9481b7c":0:0
+
+AES-192-ECB crypt Encrypt NIST KAT #3
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"d2926527e0aa9f37b45e2ec2ade5853ef807576104c7ace3":"":"00000000000000000000000000000000":"dd619e1cf204446112e0af2b9afa8f8c":0:0
+
+AES-192-ECB crypt Encrypt NIST KAT #4
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffff800000000000000000000":"":"00000000000000000000000000000000":"8dd274bd0f1b58ae345d9e7233f9b8f3":0:0
+
+AES-192-ECB crypt Decrypt NIST KAT #1
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff000000000000000":"":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":0:0
+
+AES-192-ECB crypt Decrypt NIST KAT #2
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"61257134a518a0d57d9d244d45f6498cbc32f2bafc522d79":"":"cfe4d74002696ccf7d87b14a2f9cafc9":"00000000000000000000000000000000":0:0
+
+AES-192-ECB crypt Decrypt NIST KAT #3
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:0
+
+AES-192-ECB crypt Decrypt NIST KAT #4
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"b2099795e88cc158fd75ea133d7e7fbe":"ffffffffffffffffffffc00000000000":0:0
+
+AES-256-ECB crypt Encrypt NIST KAT #1
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"":"00000000000000000000000000000000":"352065272169abf9856843927d0674fd":0:0
+
+AES-256-ECB crypt Encrypt NIST KAT #2
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"0b24af36193ce4665f2825d7b4749c98":"a9ff75bd7cf6613d3731c77c3b6d0c04":0:0
+
+AES-256-ECB crypt Encrypt NIST KAT #3
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ffffff80000000000000000000000000":"36aff0ef7bf3280772cf4cac80a0d2b2":0:0
+
+AES-256-ECB crypt Encrypt NIST KAT #4
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffff8000000000000000000000000000":"":"00000000000000000000000000000000":"45d089c36d5c5a4efc689e3b0de10dd5":0:0
+
+AES-256-ECB crypt Decrypt NIST KAT #1
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":0:0
+
+AES-256-ECB crypt Decrypt NIST KAT #2
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"f8be9ba615c5a952cabbca24f68f8593039624d524c816acda2c9183bd917cb9":"":"a3944b95ca0b52043584ef02151926a8":"00000000000000000000000000000000":0:0
+
+AES-256-ECB crypt Decrypt NIST KAT #3
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"623a52fcea5d443e48d9181ab32c7421":"761c1fe41a18acf20d241650611d90f1":0:0
+
+AES-256-ECB crypt Decrypt NIST KAT #4
+depends_on:MBEDTLS_AES_C
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:0
+
+AES-128-CBC crypt Encrypt NIST KAT #1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":0:0
+
+AES-128-CBC crypt Encrypt NIST KAT #2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"00000000000000000000000000000000":"323994cfb9da285a5d9642e1759b224a":0:0
+
+AES-128-CBC crypt Encrypt NIST KAT #3
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"10a58869d74be5a374cf867cfb473859":"00000000000000000000000000000000":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":0:0
+
+AES-128-CBC crypt Encrypt NIST KAT #4
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:0
+
+AES-128-CBC crypt Decrypt NIST KAT #1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":"80000000000000000000000000000000":0:0
+
+AES-128-CBC crypt Decrypt NIST KAT #2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"ffffc000000000000000000000000000":"00000000000000000000000000000000":"df556a33438db87bc41b1752c55e5e49":"00000000000000000000000000000000":0:0
+
+AES-128-CBC crypt Decrypt NIST KAT #3
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"10a58869d74be5a374cf867cfb473859":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":"00000000000000000000000000000000":0:0
+
+AES-128-CBC crypt Decrypt NIST KAT #4
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"0336763e966d92595a567cc9ce537f5e":"f34481ec3cc627bacd5dc3fb08f273e6":0:0
+
+AES-192-CBC crypt Encrypt NIST KAT #1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"6cd02513e8d4dc986b4afe087a60bd0c":0:0
+
+AES-192-CBC crypt Encrypt NIST KAT #2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"ff0000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"833f71258d53036b02952c76c744f5a1":0:0
+
+AES-192-CBC crypt Encrypt NIST KAT #3
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"00000000000000000000000000000000":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":0:0
+
+AES-192-CBC crypt Encrypt NIST KAT #4
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"1b077a6af4b7f98229de786d7516b639":"275cfc0413d8ccb70513c3859b1d0f72":0:0
+
+AES-192-CBC crypt Decrypt NIST KAT #1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"6cd02513e8d4dc986b4afe087a60bd0c":"80000000000000000000000000000000":0:0
+
+AES-192-CBC crypt Decrypt NIST KAT #2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"ffe000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"7ababc4b3f516c9aafb35f4140b548f9":"00000000000000000000000000000000":0:0
+
+AES-192-CBC crypt Decrypt NIST KAT #3
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":"00000000000000000000000000000000":0:0
+
+AES-192-CBC crypt Decrypt NIST KAT #4
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:0
+
+AES-256-CBC crypt Encrypt NIST KAT #1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":0:0
+
+AES-256-CBC crypt Encrypt NIST KAT #2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"ff00000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"ec52a212f80a09df6317021bc2a9819e":0:0
+
+AES-256-CBC crypt Encrypt NIST KAT #3
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"00000000000000000000000000000000":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":0:0
+
+AES-256-CBC crypt Encrypt NIST KAT #4
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"014730f80ac625fe84f026c60bfd547d":"5c9d844ed46f9885085e5d6a4f94c7d7":0:0
+
+AES-256-CBC crypt Decrypt NIST KAT #1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:0
+
+AES-256-CBC crypt Decrypt NIST KAT #2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"ffe0000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"d1ccb9b1337002cbac42c520b5d67722":"00000000000000000000000000000000":0:0
+
+AES-256-CBC crypt Decrypt NIST KAT #3
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":"00000000000000000000000000000000":0:0
+
+AES-256-CBC crypt Decrypt NIST KAT #4
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:0
+
+AES-128-CBC crypt Encrypt NIST KAT #1 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":0:1
+
+AES-128-CBC crypt Encrypt NIST KAT #2 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"00000000000000000000000000000000":"323994cfb9da285a5d9642e1759b224a":0:1
+
+AES-128-CBC crypt Encrypt NIST KAT #3 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"10a58869d74be5a374cf867cfb473859":"00000000000000000000000000000000":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":0:1
+
+AES-128-CBC crypt Encrypt NIST KAT #4 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:1
+
+AES-128-CBC crypt Decrypt NIST KAT #1 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":"80000000000000000000000000000000":0:1
+
+AES-128-CBC crypt Decrypt NIST KAT #2 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"ffffc000000000000000000000000000":"00000000000000000000000000000000":"df556a33438db87bc41b1752c55e5e49":"00000000000000000000000000000000":0:1
+
+AES-128-CBC crypt Decrypt NIST KAT #3 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"10a58869d74be5a374cf867cfb473859":"00000000000000000000000000000000":"6d251e6944b051e04eaa6fb4dbf78465":"00000000000000000000000000000000":0:1
+
+AES-128-CBC crypt Decrypt NIST KAT #4 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"00000000000000000000000000000000":"0336763e966d92595a567cc9ce537f5e":"f34481ec3cc627bacd5dc3fb08f273e6":0:1
+
+AES-192-CBC crypt Encrypt NIST KAT #1 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"6cd02513e8d4dc986b4afe087a60bd0c":0:1
+
+AES-192-CBC crypt Encrypt NIST KAT #2 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"ff0000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"833f71258d53036b02952c76c744f5a1":0:1
+
+AES-192-CBC crypt Encrypt NIST KAT #3 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"00000000000000000000000000000000":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":0:1
+
+AES-192-CBC crypt Encrypt NIST KAT #4 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"1b077a6af4b7f98229de786d7516b639":"275cfc0413d8ccb70513c3859b1d0f72":0:1
+
+AES-192-CBC crypt Decrypt NIST KAT #1 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"6cd02513e8d4dc986b4afe087a60bd0c":"80000000000000000000000000000000":0:1
+
+AES-192-CBC crypt Decrypt NIST KAT #2 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"ffe000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"7ababc4b3f516c9aafb35f4140b548f9":"00000000000000000000000000000000":0:1
+
+AES-192-CBC crypt Decrypt NIST KAT #3 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"00000000000000000000000000000000":"0956259c9cd5cfd0181cca53380cde06":"00000000000000000000000000000000":0:1
+
+AES-192-CBC crypt Decrypt NIST KAT #4 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:1
+
+AES-256-CBC crypt Encrypt NIST KAT #1 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"80000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":0:1
+
+AES-256-CBC crypt Encrypt NIST KAT #2 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"ff00000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000":"ec52a212f80a09df6317021bc2a9819e":0:1
+
+AES-256-CBC crypt Encrypt NIST KAT #3 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"00000000000000000000000000000000":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":0:1
+
+AES-256-CBC crypt Encrypt NIST KAT #4 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"014730f80ac625fe84f026c60bfd547d":"5c9d844ed46f9885085e5d6a4f94c7d7":0:1
+
+AES-256-CBC crypt Decrypt NIST KAT #1 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:1
+
+AES-256-CBC crypt Decrypt NIST KAT #2 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"ffe0000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"d1ccb9b1337002cbac42c520b5d67722":"00000000000000000000000000000000":0:1
+
+AES-256-CBC crypt Decrypt NIST KAT #3 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"00000000000000000000000000000000":"46f2fb342d6f0ab477476fc501242c5f":"00000000000000000000000000000000":0:1
+
+AES-256-CBC crypt Decrypt NIST KAT #4 PSA
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+test_vec_crypt:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:1
+
Cipher Corner Case behaviours
depends_on:MBEDTLS_AES_C
cipher_special_behaviours:
diff --git a/tests/suites/test_suite_cipher.ccm.data b/tests/suites/test_suite_cipher.ccm.data
index dc44091..7972500 100644
--- a/tests/suites/test_suite_cipher.ccm.data
+++ b/tests/suites/test_suite_cipher.ccm.data
@@ -1,480 +1,863 @@
AES-128-CCM test vector NIST #1 (P=0, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4ae701103c63deca5b5a3939d7d05992":"5a8aa485c316e9":"":"":"02209f55":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4ae701103c63deca5b5a3939d7d05992":"5a8aa485c316e9":"":"":"02209f55":"":"":0
AES-128-CCM test vector NIST #2 (P=0, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4ae701103c63deca5b5a3939d7d05992":"3796cf51b87266":"":"":"9a04c241":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4ae701103c63deca5b5a3939d7d05992":"3796cf51b87266":"":"":"9a04c241":"FAIL":"":0
AES-128-CCM test vector NIST #3 (P=0, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"5a8aa485c316e9":"":"":"75d582db43ce9b13ab4b6f7f14341330":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"5a8aa485c316e9":"":"":"75d582db43ce9b13ab4b6f7f14341330":"":"":0
AES-128-CCM test vector NIST #4 (P=0, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"3796cf51b87266":"":"":"3a65e03af37b81d05acc7ec1bc39deb0":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"3796cf51b87266":"":"":"3a65e03af37b81d05acc7ec1bc39deb0":"FAIL":"":0
AES-128-CCM test vector NIST #5 (P=0, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"5a8aa485c316e9403aff859fbb":"":"":"90156f3f":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"5a8aa485c316e9403aff859fbb":"":"":"90156f3f":"":"":0
AES-128-CCM test vector NIST #6 (P=0, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"a16a2e741f1cd9717285b6d882":"":"":"88909016":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"a16a2e741f1cd9717285b6d882":"":"":"88909016":"FAIL":"":0
AES-128-CCM test vector NIST #7 (P=0, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9403aff859fbb":"":"":"fb04dc5a44c6bb000f2440f5154364b4":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9403aff859fbb":"":"":"fb04dc5a44c6bb000f2440f5154364b4":"":"":0
AES-128-CCM test vector NIST #8 (P=0, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"a16a2e741f1cd9717285b6d882":"":"":"5447075bf42a59b91f08064738b015ab":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"a16a2e741f1cd9717285b6d882":"":"":"5447075bf42a59b91f08064738b015ab":"FAIL":"":0
AES-128-CCM test vector NIST #9 (P=24, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"":"a90e8ea44085ced791b2fdb7fd44b5cf0bd7d27718029bb7":"03e1fa6b":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"":"a90e8ea44085ced791b2fdb7fd44b5cf0bd7d27718029bb7":"03e1fa6b":"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":0
AES-128-CCM test vector NIST #10 (P=24, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"31f8fa25827d48":"":"50aafe0578c115c4a8e126ff7b3ccb64dce8ccaa8ceda69f":"23e5d81c":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"31f8fa25827d48":"":"50aafe0578c115c4a8e126ff7b3ccb64dce8ccaa8ceda69f":"23e5d81c":"FAIL":"":0
AES-128-CCM test vector NIST #11 (P=24, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9":"":"24ab9eeb0e5508cae80074f1070ee188a637171860881f1f":"2d9a3fbc210595b7b8b1b41523111a8e":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9":"":"24ab9eeb0e5508cae80074f1070ee188a637171860881f1f":"2d9a3fbc210595b7b8b1b41523111a8e":"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":0
AES-128-CCM test vector NIST #12 (P=24, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"31f8fa25827d48":"":"7ebfda6fa5da1dbffd82dc29b875798fbcef8ba0084fbd24":"63af747cc88a001fa94e060290f209c4":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"31f8fa25827d48":"":"7ebfda6fa5da1dbffd82dc29b875798fbcef8ba0084fbd24":"63af747cc88a001fa94e060290f209c4":"FAIL":"":0
AES-128-CCM test vector NIST #13 (P=24, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9403aff859fbb":"":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134":"a3e138b9":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9403aff859fbb":"":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134":"a3e138b9":"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0
AES-128-CCM test vector NIST #14 (P=24, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"49004912fdd7269279b1f06a89":"":"118ec53dd1bfbe52d5b9fe5dfebecf2ee674ec983eada654":"091a5ae9":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"49004912fdd7269279b1f06a89":"":"118ec53dd1bfbe52d5b9fe5dfebecf2ee674ec983eada654":"091a5ae9":"FAIL":"":0
AES-128-CCM test vector NIST #15 (P=24, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"6a9a970b9beb2ac1bd4fd62168f8378a":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"6a9a970b9beb2ac1bd4fd62168f8378a":"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0
AES-128-CCM test vector NIST #16 (P=24, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"49004912fdd7269279b1f06a89":"":"0c56a503aa2c12e87450d45a7b714db980fd348f327c0065":"a65666144994bad0c8195bcb4ade1337":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"49004912fdd7269279b1f06a89":"":"0c56a503aa2c12e87450d45a7b714db980fd348f327c0065":"a65666144994bad0c8195bcb4ade1337":"FAIL":"":0
AES-128-CCM test vector NIST #17 (P=0, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"782e4318":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"782e4318":"":"":0
AES-128-CCM test vector NIST #18 (P=0, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"a04f270a":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"a04f270a":"FAIL":"":0
AES-128-CCM test vector NIST #19 (P=0, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"41b476013f45e4a781f253a6f3b1e530":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"41b476013f45e4a781f253a6f3b1e530":"":"":0
AES-128-CCM test vector NIST #20 (P=0, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"f9f018fcd125822616083fffebc4c8e6":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"f9f018fcd125822616083fffebc4c8e6":"FAIL":"":0
AES-128-CCM test vector NIST #21 (P=0, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"9f69f24f":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"9f69f24f":"":"":0
AES-128-CCM test vector NIST #22 (P=0, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"e17afaa4":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"e17afaa4":"FAIL":"":0
AES-128-CCM test vector NIST #23 (P=0, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"1859ac36a40a6b28b34266253627797a":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"1859ac36a40a6b28b34266253627797a":"":"":0
AES-128-CCM test vector NIST #24 (P=0, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"edf8b46eb69ac0044116019dec183072":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"edf8b46eb69ac0044116019dec183072":"FAIL":"":0
AES-128-CCM test vector NIST #25 (P=24, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"6be31860ca271ef448de8f8d8b39346daf4b81d7e92d65b3":"38f125fa":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"6be31860ca271ef448de8f8d8b39346daf4b81d7e92d65b3":"38f125fa":"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768":0
AES-128-CCM test vector NIST #26 (P=24, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"4cc57a9927a6bc401441870d3193bf89ebd163f5c01501c7":"28a66b69":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"4cc57a9927a6bc401441870d3193bf89ebd163f5c01501c7":"28a66b69":"FAIL":"":0
AES-128-CCM test vector NIST #27 (P=24, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"b351ab96b2e45515254558d5212673ee6c776d42dbca3b51":"2cf3a20b7fd7c49e6e79bef475c2906f":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"b351ab96b2e45515254558d5212673ee6c776d42dbca3b51":"2cf3a20b7fd7c49e6e79bef475c2906f":"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768":0
AES-128-CCM test vector NIST #28 (P=24, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"df1a5285caa41b4bb47f6e5ceceba4e82721828d68427a30":"81d18ca149d6766bfaccec88f194eb5b":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"df1a5285caa41b4bb47f6e5ceceba4e82721828d68427a30":"81d18ca149d6766bfaccec88f194eb5b":"FAIL":"":0
AES-128-CCM test vector NIST #29 (P=24, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"934f893824e880f743d196b22d1f340a52608155087bd28a":"c25e5329":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"934f893824e880f743d196b22d1f340a52608155087bd28a":"c25e5329":"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5":0
AES-128-CCM test vector NIST #30 (P=24, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"f43ba9d834ad85dfab3f1c0c27c3441fe4e411a38a261a65":"59b3b3ee":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"f43ba9d834ad85dfab3f1c0c27c3441fe4e411a38a261a65":"59b3b3ee":"FAIL":"":0
AES-128-CCM test vector NIST #31 (P=24, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"26511fb51fcfa75cb4b44da75a6e5a0e":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"50038b5fdd364ee747b70d00bd36840ece4ea19998123375":"c0a458bfcafa3b2609afe0f825cbf503":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"26511fb51fcfa75cb4b44da75a6e5a0e":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"50038b5fdd364ee747b70d00bd36840ece4ea19998123375":"c0a458bfcafa3b2609afe0f825cbf503":"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5":0
AES-128-CCM test vector NIST #32 (P=24, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"26511fb51fcfa75cb4b44da75a6e5a0e":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"78ed8ff6b5a1255d0fbd0a719a9c27b059ff5f83d0c4962c":"390042ba8bb5f6798dab01c5afad7306":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"26511fb51fcfa75cb4b44da75a6e5a0e":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"78ed8ff6b5a1255d0fbd0a719a9c27b059ff5f83d0c4962c":"390042ba8bb5f6798dab01c5afad7306":"FAIL":"":0
AES-192-CCM test vector NIST #1 (P=0, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"5a8aa485c316e9":"":"":"9d4b7f3b":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"5a8aa485c316e9":"":"":"9d4b7f3b":"":"":0
AES-192-CCM test vector NIST #2 (P=0, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"3796cf51b87266":"":"":"80745de9":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"3796cf51b87266":"":"":"80745de9":"FAIL":"":0
AES-192-CCM test vector NIST #3 (P=0, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"5a8aa485c316e9":"":"":"17223038fa99d53681ca1beabe78d1b4":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"5a8aa485c316e9":"":"":"17223038fa99d53681ca1beabe78d1b4":"":"":0
AES-192-CCM test vector NIST #4 (P=0, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"3796cf51b87266":"":"":"d0e1eeef4d2a264536bb1c2c1bde7c35":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"3796cf51b87266":"":"":"d0e1eeef4d2a264536bb1c2c1bde7c35":"FAIL":"":0
AES-192-CCM test vector NIST #5 (P=0, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"5a8aa485c316e9403aff859fbb":"":"":"fe69ed84":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"5a8aa485c316e9403aff859fbb":"":"":"fe69ed84":"":"":0
AES-192-CCM test vector NIST #6 (P=0, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"a16a2e741f1cd9717285b6d882":"":"":"db7ffc82":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"a16a2e741f1cd9717285b6d882":"":"":"db7ffc82":"FAIL":"":0
AES-192-CCM test vector NIST #7 (P=0, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"5a8aa485c316e9403aff859fbb":"":"":"0c66a8e547ed4f8c2c9a9a1eb5d455b9":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"5a8aa485c316e9403aff859fbb":"":"":"0c66a8e547ed4f8c2c9a9a1eb5d455b9":"":"":0
AES-192-CCM test vector NIST #8 (P=0, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"a16a2e741f1cd9717285b6d882":"":"":"38757b3a61a4dc97ca3ab88bf1240695":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"a16a2e741f1cd9717285b6d882":"":"":"38757b3a61a4dc97ca3ab88bf1240695":"FAIL":"":0
AES-192-CCM test vector NIST #9 (P=24, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"5a8aa485c316e9":"":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"ddc93a54":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"5a8aa485c316e9":"":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"ddc93a54":"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":0
AES-192-CCM test vector NIST #10 (P=24, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"31f8fa25827d48":"":"32b649ab56162e55d4148a1292d6a225a988eb1308298273":"b6889036":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"31f8fa25827d48":"":"32b649ab56162e55d4148a1292d6a225a988eb1308298273":"b6889036":"FAIL":"":0
AES-192-CCM test vector NIST #11 (P=24, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"5a8aa485c316e9":"":"cba4b4aeb85f0492fd8d905c4a6d8233139833373ef188a8":"c5a5ebecf7ac8607fe412189e83d9d20":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"5a8aa485c316e9":"":"cba4b4aeb85f0492fd8d905c4a6d8233139833373ef188a8":"c5a5ebecf7ac8607fe412189e83d9d20":"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":0
AES-192-CCM test vector NIST #12 (P=24, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"31f8fa25827d48":"":"ca62713728b5c9d652504b0ae8fd4fee5d297ee6a8d19cb6":"e699f15f14d34dcaf9ba8ed4b877c97d":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"31f8fa25827d48":"":"ca62713728b5c9d652504b0ae8fd4fee5d297ee6a8d19cb6":"e699f15f14d34dcaf9ba8ed4b877c97d":"FAIL":"":0
AES-192-CCM test vector NIST #13 (P=24, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"5a8aa485c316e9403aff859fbb":"":"042653c674ef2a90f7fb11d30848e530ae59478f1051633a":"34fad277":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"5a8aa485c316e9403aff859fbb":"":"042653c674ef2a90f7fb11d30848e530ae59478f1051633a":"34fad277":"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0
AES-192-CCM test vector NIST #14 (P=24, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"49004912fdd7269279b1f06a89":"":"1902d9769a7ba3d3268e1257395c8c2e5f98eef295dcbfa5":"a35df775":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"49004912fdd7269279b1f06a89":"":"1902d9769a7ba3d3268e1257395c8c2e5f98eef295dcbfa5":"a35df775":"FAIL":"":0
AES-192-CCM test vector NIST #15 (P=24, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9403aff859fbb":"":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671e":"a7ade30a07d185692ab0ebdf4c78cf7a":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9403aff859fbb":"":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671e":"a7ade30a07d185692ab0ebdf4c78cf7a":"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":0
AES-192-CCM test vector NIST #16 (P=24, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"49004912fdd7269279b1f06a89":"":"9a98617fb97a0dfe466be692272dcdaec1c5443a3b51312e":"f042c86363cc05afb98c66e16be8a445":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"49004912fdd7269279b1f06a89":"":"9a98617fb97a0dfe466be692272dcdaec1c5443a3b51312e":"f042c86363cc05afb98c66e16be8a445":"FAIL":"":0
AES-192-CCM test vector NIST #17 (P=0, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"1d089a5f":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"1d089a5f":"":"":0
AES-192-CCM test vector NIST #18 (P=0, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"2f46022a":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"2f46022a":"FAIL":"":0
AES-192-CCM test vector NIST #19 (P=0, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"5280a2137fee3deefcfe9b63a1199fb3":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"5280a2137fee3deefcfe9b63a1199fb3":"":"":0
AES-192-CCM test vector NIST #20 (P=0, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"d40a7318c5f2d82f838c0beeefe0d598":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"d40a7318c5f2d82f838c0beeefe0d598":"FAIL":"":0
AES-192-CCM test vector NIST #21 (P=0, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"5e0eaebd":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"5e0eaebd":"":"":0
AES-192-CCM test vector NIST #22 (P=0, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"71b7fc33":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"71b7fc33":"FAIL":"":0
AES-192-CCM test vector NIST #23 (P=0, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"d07ccf9fdc3d33aa94cda3d230da707c":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"d07ccf9fdc3d33aa94cda3d230da707c":"":"":0
AES-192-CCM test vector NIST #24 (P=0, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"65fe32b649dc328c9f531584897e85b3":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"65fe32b649dc328c9f531584897e85b3":"FAIL":"":0
AES-192-CCM test vector NIST #25 (P=24, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"9f6ca4af9b159148c889a6584d1183ea26e2614874b05045":"75dea8d1":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"9f6ca4af9b159148c889a6584d1183ea26e2614874b05045":"75dea8d1":"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768":0
AES-192-CCM test vector NIST #26 (P=24, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"84d8212e9cfc2121252baa3b065b1edcf50497b9594db1eb":"d7965825":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"84d8212e9cfc2121252baa3b065b1edcf50497b9594db1eb":"d7965825":"FAIL":"":0
AES-192-CCM test vector NIST #27 (P=24, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"6aab64c4787599d8f213446beadb16e08dba60e97f56dbd1":"4d1d980d6fe0fb44b421992662b97975":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"6aab64c4787599d8f213446beadb16e08dba60e97f56dbd1":"4d1d980d6fe0fb44b421992662b97975":"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768":0
AES-192-CCM test vector NIST #28 (P=24, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"4980b2ee49b1aaf393175f5ab9bae95ec7904557dfa20660":"3c51d36c826f01384100886198a7f6a3":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"4980b2ee49b1aaf393175f5ab9bae95ec7904557dfa20660":"3c51d36c826f01384100886198a7f6a3":"FAIL":"":0
AES-192-CCM test vector NIST #29 (P=24, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"16e543d0e20615ff0df15acd9927ddfe40668a54bb854ccc":"c25e9fce":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"16e543d0e20615ff0df15acd9927ddfe40668a54bb854ccc":"c25e9fce":"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5":0
AES-192-CCM test vector NIST #30 (P=24, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"df35b109caf690656ae278bbd8f8bba687a2ce11b105dae9":"8ecedb3e":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"df35b109caf690656ae278bbd8f8bba687a2ce11b105dae9":"8ecedb3e":"FAIL":"":0
AES-192-CCM test vector NIST #31 (P=24, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"c5b0b2ef17498c5570eb335df4588032958ba3d69bf6f317":"8464a6f7fa2b76744e8e8d95691cecb8":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"c5b0b2ef17498c5570eb335df4588032958ba3d69bf6f317":"8464a6f7fa2b76744e8e8d95691cecb8":"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5":0
AES-192-CCM test vector NIST #32 (P=24, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"d1f0518929f4ae2f0543de2a7dfe4bb0110bb3057e524a1c":"06bd6dc2e6bcc3436cffb969ae900388":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"d1f0518929f4ae2f0543de2a7dfe4bb0110bb3057e524a1c":"06bd6dc2e6bcc3436cffb969ae900388":"FAIL":"":0
AES-256-CCM test vector NIST #1 (P=0, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"a544218dadd3c1":"":"":"469c90bb":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"a544218dadd3c1":"":"":"469c90bb":"":"":0
AES-256-CCM test vector NIST #2 (P=0, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"d3d5424e20fbec":"":"":"46a908ed":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"d3d5424e20fbec":"":"":"46a908ed":"FAIL":"":0
AES-256-CCM test vector NIST #3 (P=0, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"a544218dadd3c1":"":"":"8207eb14d33855a52acceed17dbcbf6e":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"a544218dadd3c1":"":"":"8207eb14d33855a52acceed17dbcbf6e":"":"":0
AES-256-CCM test vector NIST #4 (P=0, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"d3d5424e20fbec":"":"":"60f8e127cb4d30db6df0622158cd931d":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"d3d5424e20fbec":"":"":"60f8e127cb4d30db6df0622158cd931d":"FAIL":"":0
AES-256-CCM test vector NIST #5 (P=0, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"a544218dadd3c10583db49cf39":"":"":"8a19a133":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"a544218dadd3c10583db49cf39":"":"":"8a19a133":"":"":0
AES-256-CCM test vector NIST #6 (P=0, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"3c0e2815d37d844f7ac240ba9d":"":"":"2e317f1b":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"3c0e2815d37d844f7ac240ba9d":"":"":"2e317f1b":"FAIL":"":0
AES-256-CCM test vector NIST #7 (P=0, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"a544218dadd3c10583db49cf39":"":"":"97e1a8dd4259ccd2e431e057b0397fcf":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"a544218dadd3c10583db49cf39":"":"":"97e1a8dd4259ccd2e431e057b0397fcf":"":"":0
AES-256-CCM test vector NIST #8 (P=0, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"3c0e2815d37d844f7ac240ba9d":"":"":"5a9596c511ea6a8671adefc4f2157d8b":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"3c0e2815d37d844f7ac240ba9d":"":"":"5a9596c511ea6a8671adefc4f2157d8b":"FAIL":"":0
AES-256-CCM test vector NIST #9 (P=24, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"a544218dadd3c1":"":"64a1341679972dc5869fcf69b19d5c5ea50aa0b5e985f5b7":"22aa8d59":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"a544218dadd3c1":"":"64a1341679972dc5869fcf69b19d5c5ea50aa0b5e985f5b7":"22aa8d59":"":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98":0
AES-256-CCM test vector NIST #10 (P=24, N=7, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"bfcda8b5a2d0d2":"":"c5b7f802bffc498c1626e3774f1d9f94045dfd8e1a10a202":"77d00a75":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"bfcda8b5a2d0d2":"":"c5b7f802bffc498c1626e3774f1d9f94045dfd8e1a10a202":"77d00a75":"FAIL":"":0
AES-256-CCM test vector NIST #11 (P=24, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c1":"":"bc51c3925a960e7732533e4ef3a4f69ee6826de952bcb0fd":"374f3bb6db8377ebfc79674858c4f305":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c1":"":"bc51c3925a960e7732533e4ef3a4f69ee6826de952bcb0fd":"374f3bb6db8377ebfc79674858c4f305":"":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98":0
AES-256-CCM test vector NIST #12 (P=24, N=7, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bfcda8b5a2d0d2":"":"afa1fa8e8a70e26b02161150556d604101fdf423f332c336":"3275f2a4907d51b734fe7238cebbd48f":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bfcda8b5a2d0d2":"":"afa1fa8e8a70e26b02161150556d604101fdf423f332c336":"3275f2a4907d51b734fe7238cebbd48f":"FAIL":"":0
AES-256-CCM test vector NIST #13 (P=24, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c10583db49cf39":"":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f412":"3d14fb3f":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c10583db49cf39":"":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f412":"3d14fb3f":"":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e":0
AES-256-CCM test vector NIST #14 (P=24, N=13, A=0, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"894dcaa61008eb8fb052c60d41":"":"bb5425b3869b76856ec58e39886fb6f6f2ac13fe44cb132d":"8d0c0099":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"894dcaa61008eb8fb052c60d41":"":"bb5425b3869b76856ec58e39886fb6f6f2ac13fe44cb132d":"8d0c0099":"FAIL":"":0
AES-256-CCM test vector NIST #15 (P=24, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"a544218dadd3c10583db49cf39":"":"f0050ad16392021a3f40207bed3521fb1e9f808f49830c42":"3a578d179902f912f9ea1afbce1120b3":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"a544218dadd3c10583db49cf39":"":"f0050ad16392021a3f40207bed3521fb1e9f808f49830c42":"3a578d179902f912f9ea1afbce1120b3":"":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e":0
AES-256-CCM test vector NIST #16 (P=24, N=13, A=0, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"894dcaa61008eb8fb052c60d41":"":"c408190d0fbf5034f83b24a8ed9657331a7ce141de4fae76":"9084607b83bd06e6442eac8dacf583cc":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"894dcaa61008eb8fb052c60d41":"":"c408190d0fbf5034f83b24a8ed9657331a7ce141de4fae76":"9084607b83bd06e6442eac8dacf583cc":"FAIL":"":0
AES-256-CCM test vector NIST #17 (P=0, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"":"92d00fbe":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"":"92d00fbe":"":"":0
AES-256-CCM test vector NIST #18 (P=0, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":"":"9143e5c4":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":"":"9143e5c4":"FAIL":"":0
AES-256-CCM test vector NIST #19 (P=0, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"":"93af11a08379eb37a16aa2837f09d69d":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"":"93af11a08379eb37a16aa2837f09d69d":"":"":0
AES-256-CCM test vector NIST #20 (P=0, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":"":"d19b0c14ec686a7961ca7c386d125a65":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":"":"d19b0c14ec686a7961ca7c386d125a65":"FAIL":"":0
AES-256-CCM test vector NIST #21 (P=0, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"":"866d4227":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"":"866d4227":"":"":0
AES-256-CCM test vector NIST #22 (P=0, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":"":"94cb1127":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":"":"94cb1127":"FAIL":"":0
AES-256-CCM test vector NIST #23 (P=0, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"":"867b0d87cf6e0f718200a97b4f6d5ad5":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"":"867b0d87cf6e0f718200a97b4f6d5ad5":"":"":0
AES-256-CCM test vector NIST #24 (P=0, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":"":"677a040d46ee3f2b7838273bdad14f16":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":"":"677a040d46ee3f2b7838273bdad14f16":"FAIL":"":0
AES-256-CCM test vector NIST #25 (P=24, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"c2fe12658139f5d0dd22cadf2e901695b579302a72fc5608":"3ebc7720":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"c2fe12658139f5d0dd22cadf2e901695b579302a72fc5608":"3ebc7720":"":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3":0
AES-256-CCM test vector NIST #26 (P=24, N=7, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":"94748ba81229e53c38583a8564b23ebbafc6f6efdf4c2a81":"c44db2c9":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":"94748ba81229e53c38583a8564b23ebbafc6f6efdf4c2a81":"c44db2c9":"FAIL":"":0
AES-256-CCM test vector NIST #27 (P=24, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"3341168eb8c48468c414347fb08f71d2086f7c2d1bd581ce":"1ac68bd42f5ec7fa7e068cc0ecd79c2a":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"3341168eb8c48468c414347fb08f71d2086f7c2d1bd581ce":"1ac68bd42f5ec7fa7e068cc0ecd79c2a":"":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3":0
AES-256-CCM test vector NIST #28 (P=24, N=7, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":"d543acda712b898cbb27b8f598b2e4438ce587a836e27851":"47c3338a2400809e739b63ba8227d2f9":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":"d543acda712b898cbb27b8f598b2e4438ce587a836e27851":"47c3338a2400809e739b63ba8227d2f9":"FAIL":"":0
AES-256-CCM test vector NIST #29 (P=24, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"c0ea400b599561e7905b99262b4565d5c3dc49fad84d7c69":"ef891339":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"c0ea400b599561e7905b99262b4565d5c3dc49fad84d7c69":"ef891339":"":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3":0
AES-256-CCM test vector NIST #30 (P=24, N=13, A=32, T=4)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":"60871e03ea0eb968536c99f926ea24ef43d41272ad9fb7f6":"3d488623":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":"60871e03ea0eb968536c99f926ea24ef43d41272ad9fb7f6":"3d488623":"FAIL":"":0
AES-256-CCM test vector NIST #31 (P=24, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"8d34cdca37ce77be68f65baf3382e31efa693e63f914a781":"367f30f2eaad8c063ca50795acd90203":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"8d34cdca37ce77be68f65baf3382e31efa693e63f914a781":"367f30f2eaad8c063ca50795acd90203":"":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3":0
AES-256-CCM test vector NIST #32 (P=24, N=13, A=32, T=16)
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":"516c0095cc3d85fd55e48da17c592e0c7014b9daafb82bdc":"4b41096dfdbe9cc1ab610f8f3e038d16":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":"516c0095cc3d85fd55e48da17c592e0c7014b9daafb82bdc":"4b41096dfdbe9cc1ab610f8f3e038d16":"FAIL":"":0
Camellia-CCM test vector RFC 5528 #1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"0001020304050607":"BA737185E719310492F38A5F1251DA55FAFBC949848A0D":"FCAECE746B3DB9AD":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"0001020304050607":"BA737185E719310492F38A5F1251DA55FAFBC949848A0D":"FCAECE746B3DB9AD":"":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":0
Camellia-CCM test vector RFC 5528 #2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000004030201A0A1A2A3A4A5":"0001020304050607":"5D2564BF8EAFE1D99526EC016D1BF0424CFBD2CD62848F33":"60B2295DF24283E8":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000004030201A0A1A2A3A4A5":"0001020304050607":"5D2564BF8EAFE1D99526EC016D1BF0424CFBD2CD62848F33":"60B2295DF24283E8":"":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":0
Camellia-CCM test vector RFC 5528 #3
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000005040302A0A1A2A3A4A5":"0001020304050607":"81F663D6C7787817F9203608B982AD15DC2BBD87D756F79204":"F551D6682F23AA46":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000005040302A0A1A2A3A4A5":"0001020304050607":"81F663D6C7787817F9203608B982AD15DC2BBD87D756F79204":"F551D6682F23AA46":"":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20":0
Camellia-CCM test vector RFC 5528 #4
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000006050403A0A1A2A3A4A5":"000102030405060708090A0B":"CAEF1E827211B08F7BD90F08C77288C070A4A0":"8B3A933A63E497A0":"0C0D0E0F101112131415161718191A1B1C1D1E"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000006050403A0A1A2A3A4A5":"000102030405060708090A0B":"CAEF1E827211B08F7BD90F08C77288C070A4A0":"8B3A933A63E497A0":"":"0C0D0E0F101112131415161718191A1B1C1D1E":0
Camellia-CCM test vector RFC 5528 #5
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000007060504A0A1A2A3A4A5":"000102030405060708090A0B":"2AD3BAD94FC52E92BE438E827C1023B96A8A7725":"8FA17BA7F331DB09":"0C0D0E0F101112131415161718191A1B1C1D1E1F"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000007060504A0A1A2A3A4A5":"000102030405060708090A0B":"2AD3BAD94FC52E92BE438E827C1023B96A8A7725":"8FA17BA7F331DB09":"":"0C0D0E0F101112131415161718191A1B1C1D1E1F":0
Camellia-CCM test vector RFC 5528 #6
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000008070605A0A1A2A3A4A5":"000102030405060708090A0B":"FEA5480BA53FA8D3C34422AACE4DE67FFA3BB73BAB":"AB36A1EE4FE0FE28":"0C0D0E0F101112131415161718191A1B1C1D1E1F20"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000008070605A0A1A2A3A4A5":"000102030405060708090A0B":"FEA5480BA53FA8D3C34422AACE4DE67FFA3BB73BAB":"AB36A1EE4FE0FE28":"":"0C0D0E0F101112131415161718191A1B1C1D1E1F20":0
Camellia-CCM test vector RFC 5528 #7
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000009080706A0A1A2A3A4A5":"0001020304050607":"54532026E54C119A8D36D9EC6E1ED97416C8708C4B5C2C":"ACAFA3BCCF7A4EBF9573":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000009080706A0A1A2A3A4A5":"0001020304050607":"54532026E54C119A8D36D9EC6E1ED97416C8708C4B5C2C":"ACAFA3BCCF7A4EBF9573":"":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":0
Camellia-CCM test vector RFC 5528 #8
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000A090807A0A1A2A3A4A5":"0001020304050607":"8AD19B001A87D148F4D92BEF34525CCCE3A63C6512A6F575":"7388E4913EF14701F441":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000A090807A0A1A2A3A4A5":"0001020304050607":"8AD19B001A87D148F4D92BEF34525CCCE3A63C6512A6F575":"7388E4913EF14701F441":"":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":0
Camellia-CCM test vector RFC 5528 #9
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000B0A0908A0A1A2A3A4A5":"0001020304050607":"5DB08D62407E6E31D60F9CA2C60474219AC0BE50C0D4A57787":"94D6E230CD25C9FEBF87":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000B0A0908A0A1A2A3A4A5":"0001020304050607":"5DB08D62407E6E31D60F9CA2C60474219AC0BE50C0D4A57787":"94D6E230CD25C9FEBF87":"":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20":0
Camellia-CCM test vector RFC 5528 #10
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000C0B0A09A0A1A2A3A4A5":"000102030405060708090A0B":"DB118CCEC1B8761C877CD8963A67D6F3BBBC5C":"D09299EB11F312F23237":"0C0D0E0F101112131415161718191A1B1C1D1E"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000C0B0A09A0A1A2A3A4A5":"000102030405060708090A0B":"DB118CCEC1B8761C877CD8963A67D6F3BBBC5C":"D09299EB11F312F23237":"":"0C0D0E0F101112131415161718191A1B1C1D1E":0
Camellia-CCM test vector RFC 5528 #11
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000D0C0B0AA0A1A2A3A4A5":"000102030405060708090A0B":"7CC83D8DC49103525B483DC5CA7EA9AB812B7056":"079DAFFADA16CCCF2C4E":"0C0D0E0F101112131415161718191A1B1C1D1E1F"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000D0C0B0AA0A1A2A3A4A5":"000102030405060708090A0B":"7CC83D8DC49103525B483DC5CA7EA9AB812B7056":"079DAFFADA16CCCF2C4E":"":"0C0D0E0F101112131415161718191A1B1C1D1E1F":0
Camellia-CCM test vector RFC 5528 #12
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000E0D0C0BA0A1A2A3A4A5":"000102030405060708090A0B":"2CD35B8820D23E7AA351B0E92FC79367238B2CC748":"CBB94C2947793D64AF75":"0C0D0E0F101112131415161718191A1B1C1D1E1F20"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000E0D0C0BA0A1A2A3A4A5":"000102030405060708090A0B":"2CD35B8820D23E7AA351B0E92FC79367238B2CC748":"CBB94C2947793D64AF75":"":"0C0D0E0F101112131415161718191A1B1C1D1E1F20":0
Camellia-CCM test vector RFC 5528 #13
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00A970110E1927B160B6A31C1C":"6B7F464507FAE496":"A435D727348DDD22907F7EB8F5FDBB4D939DA6524DB4F6":"4558C02D25B127EE":"C6B5F3E6CA2311AEF7472B203E735EA561ADB17D56C5A3"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00A970110E1927B160B6A31C1C":"6B7F464507FAE496":"A435D727348DDD22907F7EB8F5FDBB4D939DA6524DB4F6":"4558C02D25B127EE":"":"C6B5F3E6CA2311AEF7472B203E735EA561ADB17D56C5A3":0
Camellia-CCM test vector RFC 5528 #14
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"0083CD8CE0CB42B160B6A31C1C":"986605B43DF15DE7":"8AE052508FBECA932E346F05E0DC0DFBCF939EAFFA3E587C":"867D6E1C48703806":"01F6CE6764C574483BB02E6BBF1E0ABD26A22572B4D80EE7"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"0083CD8CE0CB42B160B6A31C1C":"986605B43DF15DE7":"8AE052508FBECA932E346F05E0DC0DFBCF939EAFFA3E587C":"867D6E1C48703806":"":"01F6CE6764C574483BB02E6BBF1E0ABD26A22572B4D80EE7":0
Camellia-CCM test vector RFC 5528 #15
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"005F54950B18F2B160B6A31C1C":"48F2E7E1A7671A51":"08B67EE21C8BF26E473E408599E9C0836D6AF0BB18DF55466C":"A80878A790476DE5":"CDF1D8406FC2E9014953897005FBFB8BA57276F92404608E08"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"005F54950B18F2B160B6A31C1C":"48F2E7E1A7671A51":"08B67EE21C8BF26E473E408599E9C0836D6AF0BB18DF55466C":"A80878A790476DE5":"":"CDF1D8406FC2E9014953897005FBFB8BA57276F92404608E08":0
Camellia-CCM test vector RFC 5528 #16
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00EC600863319AB160B6A31C1C":"DE97DF3B8CBD6D8E5030DA4C":"63B78B4967B19EDBB733CD1114F64EB2260893":"68C354828D950CC5":"B005DCFA0B59181426A961685A993D8C43185B"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00EC600863319AB160B6A31C1C":"DE97DF3B8CBD6D8E5030DA4C":"63B78B4967B19EDBB733CD1114F64EB2260893":"68C354828D950CC5":"":"B005DCFA0B59181426A961685A993D8C43185B":0
Camellia-CCM test vector RFC 5528 #17
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"0060CFF1A31EA1B160B6A31C1C":"A5EE93E457DF05466E782DCF":"0BC6BBE2A8B909F4629EE6DC148DA44410E18AF4":"3147383276F66A9F":"2E20211298105F129D5ED95B93F72D30B2FACCD7"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"0060CFF1A31EA1B160B6A31C1C":"A5EE93E457DF05466E782DCF":"0BC6BBE2A8B909F4629EE6DC148DA44410E18AF4":"3147383276F66A9F":"":"2E20211298105F129D5ED95B93F72D30B2FACCD7":0
Camellia-CCM test vector RFC 5528 #18
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"000F85CD995C97B160B6A31C1C":"24AA1BF9A5CD876182A25074":"222AD632FA31D6AF970C345F7E77CA3BD0DC25B340":"A1A3D31F8D4B44B7":"2645941E75632D3491AF0FC0C9876C3BE4AA7468C9"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"000F85CD995C97B160B6A31C1C":"24AA1BF9A5CD876182A25074":"222AD632FA31D6AF970C345F7E77CA3BD0DC25B340":"A1A3D31F8D4B44B7":"":"2645941E75632D3491AF0FC0C9876C3BE4AA7468C9":0
Camellia-CCM test vector RFC 5528 #19
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00C29B2CAAC4CDB160B6A31C1C":"691946B9CA07BE87":"05B8E1B9C49CFD56CF130AA6251DC2ECC06CCC508FE697":"A0066D57C84BEC182768":"070135A6437C9DB120CD61D8F6C39C3EA125FD95A0D23D"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00C29B2CAAC4CDB160B6A31C1C":"691946B9CA07BE87":"05B8E1B9C49CFD56CF130AA6251DC2ECC06CCC508FE697":"A0066D57C84BEC182768":"":"070135A6437C9DB120CD61D8F6C39C3EA125FD95A0D23D":0
Camellia-CCM test vector RFC 5528 #20
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"002C6B7595EE62B160B6A31C1C":"D0C54ECB84627DC4":"54CEB968DEE23611575EC003DFAA1CD48849BDF5AE2EDB6B":"7FA775B150ED4383C5A9":"C8C0880E6C636E20093DD6594217D2E18877DB264E71A5CC"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"002C6B7595EE62B160B6A31C1C":"D0C54ECB84627DC4":"54CEB968DEE23611575EC003DFAA1CD48849BDF5AE2EDB6B":"7FA775B150ED4383C5A9":"":"C8C0880E6C636E20093DD6594217D2E18877DB264E71A5CC":0
Camellia-CCM test vector RFC 5528 #21
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00C53CD4C2AA24B160B6A31C1C":"E285E0E4808CDA3D":"B1404546BF667210CA28E309B39BD6CA7E9FC8285FE698D43C":"D20A02E0BDCAED2010D3":"F75DAA0710C4E64297794DC2B7D2A20757B1AA4E448002FFAB"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00C53CD4C2AA24B160B6A31C1C":"E285E0E4808CDA3D":"B1404546BF667210CA28E309B39BD6CA7E9FC8285FE698D43C":"D20A02E0BDCAED2010D3":"":"F75DAA0710C4E64297794DC2B7D2A20757B1AA4E448002FFAB":0
Camellia-CCM test vector RFC 5528 #22
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00BEE9267FBADCB160B6A31C1C":"6CAEF9941141570D7C813405":"94C8959C11569A297831A721005857AB61B87A":"2DEA0936B6EB5F625F5D":"C238822FAC5F98FF929405B0AD127A4E41854E"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00BEE9267FBADCB160B6A31C1C":"6CAEF9941141570D7C813405":"94C8959C11569A297831A721005857AB61B87A":"2DEA0936B6EB5F625F5D":"":"C238822FAC5F98FF929405B0AD127A4E41854E":0
Camellia-CCM test vector RFC 5528 #23
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00DFA8B1245007B160B6A31C1C":"36A52CF16B19A2037AB7011E":"5869E3AAD2447C74E0FC05F9A4EA74577F4DE8CA":"8924764296AD04119CE7":"4DBF3E774AD245E5D5891F9D1C32A0AE022C85D7"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00DFA8B1245007B160B6A31C1C":"36A52CF16B19A2037AB7011E":"5869E3AAD2447C74E0FC05F9A4EA74577F4DE8CA":"8924764296AD04119CE7":"":"4DBF3E774AD245E5D5891F9D1C32A0AE022C85D7":0
Camellia-CCM test vector RFC 5528 #24
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"003B8FD8D3A937B160B6A31C1C":"A4D499F78419728C19178B0C":"4B198156393B0F7796086AAFB454F8C3F034CCA966":"945F1FCEA7E11BEE6A2F":"9DC9EDAE2FF5DF8636E8C6DE0EED55F7867E33337D"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"003B8FD8D3A937B160B6A31C1C":"A4D499F78419728C19178B0C":"4B198156393B0F7796086AAFB454F8C3F034CCA966":"945F1FCEA7E11BEE6A2F":"":"9DC9EDAE2FF5DF8636E8C6DE0EED55F7867E33337D":0
+AES-128-CCM test vector NIST #1 PSA (P=0, N=7, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4ae701103c63deca5b5a3939d7d05992":"5a8aa485c316e9":"":"":"02209f55":"":"":1
+
+AES-128-CCM test vector NIST #2 PSA (P=0, N=7, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4ae701103c63deca5b5a3939d7d05992":"3796cf51b87266":"":"":"9a04c241":"FAIL":"":1
+
+AES-128-CCM test vector NIST #3 PSA (P=0, N=7, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"5a8aa485c316e9":"":"":"75d582db43ce9b13ab4b6f7f14341330":"":"":1
+
+AES-128-CCM test vector NIST #4 PSA (P=0, N=7, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"3796cf51b87266":"":"":"3a65e03af37b81d05acc7ec1bc39deb0":"FAIL":"":1
+
+AES-128-CCM test vector NIST #5 PSA (P=0, N=13, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"5a8aa485c316e9403aff859fbb":"":"":"90156f3f":"":"":1
+
+AES-128-CCM test vector NIST #6 PSA (P=0, N=13, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"a16a2e741f1cd9717285b6d882":"":"":"88909016":"FAIL":"":1
+
+AES-128-CCM test vector NIST #7 PSA (P=0, N=13, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9403aff859fbb":"":"":"fb04dc5a44c6bb000f2440f5154364b4":"":"":1
+
+AES-128-CCM test vector NIST #8 PSA (P=0, N=13, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"a16a2e741f1cd9717285b6d882":"":"":"5447075bf42a59b91f08064738b015ab":"FAIL":"":1
+
+AES-128-CCM test vector NIST #9 PSA (P=24, N=7, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"":"a90e8ea44085ced791b2fdb7fd44b5cf0bd7d27718029bb7":"03e1fa6b":"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":1
+
+AES-128-CCM test vector NIST #10 PSA (P=24, N=7, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"31f8fa25827d48":"":"50aafe0578c115c4a8e126ff7b3ccb64dce8ccaa8ceda69f":"23e5d81c":"FAIL":"":1
+
+AES-128-CCM test vector NIST #11 PSA (P=24, N=7, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9":"":"24ab9eeb0e5508cae80074f1070ee188a637171860881f1f":"2d9a3fbc210595b7b8b1b41523111a8e":"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":1
+
+AES-128-CCM test vector NIST #12 PSA (P=24, N=7, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"31f8fa25827d48":"":"7ebfda6fa5da1dbffd82dc29b875798fbcef8ba0084fbd24":"63af747cc88a001fa94e060290f209c4":"FAIL":"":1
+
+AES-128-CCM test vector NIST #13 PSA (P=24, N=13, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9403aff859fbb":"":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134":"a3e138b9":"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":1
+
+AES-128-CCM test vector NIST #14 PSA (P=24, N=13, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"49004912fdd7269279b1f06a89":"":"118ec53dd1bfbe52d5b9fe5dfebecf2ee674ec983eada654":"091a5ae9":"FAIL":"":1
+
+AES-128-CCM test vector NIST #15 PSA (P=24, N=13, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"6a9a970b9beb2ac1bd4fd62168f8378a":"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":1
+
+AES-128-CCM test vector NIST #16 PSA (P=24, N=13, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"49004912fdd7269279b1f06a89":"":"0c56a503aa2c12e87450d45a7b714db980fd348f327c0065":"a65666144994bad0c8195bcb4ade1337":"FAIL":"":1
+
+AES-128-CCM test vector NIST #17 PSA (P=0, N=7, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"782e4318":"":"":1
+
+AES-128-CCM test vector NIST #18 PSA (P=0, N=7, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"a04f270a":"FAIL":"":1
+
+AES-128-CCM test vector NIST #19 PSA (P=0, N=7, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"41b476013f45e4a781f253a6f3b1e530":"":"":1
+
+AES-128-CCM test vector NIST #20 PSA (P=0, N=7, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"f9f018fcd125822616083fffebc4c8e6":"FAIL":"":1
+
+AES-128-CCM test vector NIST #21 PSA (P=0, N=13, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"9f69f24f":"":"":1
+
+AES-128-CCM test vector NIST #22 PSA (P=0, N=13, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"e17afaa4":"FAIL":"":1
+
+AES-128-CCM test vector NIST #23 PSA (P=0, N=13, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"1859ac36a40a6b28b34266253627797a":"":"":1
+
+AES-128-CCM test vector NIST #24 PSA (P=0, N=13, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"edf8b46eb69ac0044116019dec183072":"FAIL":"":1
+
+AES-128-CCM test vector NIST #25 PSA (P=24, N=7, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"6be31860ca271ef448de8f8d8b39346daf4b81d7e92d65b3":"38f125fa":"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768":1
+
+AES-128-CCM test vector NIST #26 PSA (P=24, N=7, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"4cc57a9927a6bc401441870d3193bf89ebd163f5c01501c7":"28a66b69":"FAIL":"":1
+
+AES-128-CCM test vector NIST #27 PSA (P=24, N=7, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"b351ab96b2e45515254558d5212673ee6c776d42dbca3b51":"2cf3a20b7fd7c49e6e79bef475c2906f":"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768":1
+
+AES-128-CCM test vector NIST #28 PSA (P=24, N=7, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"df1a5285caa41b4bb47f6e5ceceba4e82721828d68427a30":"81d18ca149d6766bfaccec88f194eb5b":"FAIL":"":1
+
+AES-128-CCM test vector NIST #29 PSA (P=24, N=13, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"934f893824e880f743d196b22d1f340a52608155087bd28a":"c25e5329":"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5":1
+
+AES-128-CCM test vector NIST #30 PSA (P=24, N=13, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"f43ba9d834ad85dfab3f1c0c27c3441fe4e411a38a261a65":"59b3b3ee":"FAIL":"":1
+
+AES-128-CCM test vector NIST #31 PSA (P=24, N=13, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"26511fb51fcfa75cb4b44da75a6e5a0e":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"50038b5fdd364ee747b70d00bd36840ece4ea19998123375":"c0a458bfcafa3b2609afe0f825cbf503":"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5":1
+
+AES-128-CCM test vector NIST #32 PSA (P=24, N=13, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"26511fb51fcfa75cb4b44da75a6e5a0e":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"78ed8ff6b5a1255d0fbd0a719a9c27b059ff5f83d0c4962c":"390042ba8bb5f6798dab01c5afad7306":"FAIL":"":1
+
+AES-192-CCM test vector NIST #1 PSA (P=0, N=7, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"5a8aa485c316e9":"":"":"9d4b7f3b":"":"":1
+
+AES-192-CCM test vector NIST #2 PSA (P=0, N=7, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"3796cf51b87266":"":"":"80745de9":"FAIL":"":1
+
+AES-192-CCM test vector NIST #3 PSA (P=0, N=7, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"5a8aa485c316e9":"":"":"17223038fa99d53681ca1beabe78d1b4":"":"":1
+
+AES-192-CCM test vector NIST #4 PSA (P=0, N=7, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"3796cf51b87266":"":"":"d0e1eeef4d2a264536bb1c2c1bde7c35":"FAIL":"":1
+
+AES-192-CCM test vector NIST #5 PSA (P=0, N=13, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"5a8aa485c316e9403aff859fbb":"":"":"fe69ed84":"":"":1
+
+AES-192-CCM test vector NIST #6 PSA (P=0, N=13, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"a16a2e741f1cd9717285b6d882":"":"":"db7ffc82":"FAIL":"":1
+
+AES-192-CCM test vector NIST #7 PSA (P=0, N=13, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"5a8aa485c316e9403aff859fbb":"":"":"0c66a8e547ed4f8c2c9a9a1eb5d455b9":"":"":1
+
+AES-192-CCM test vector NIST #8 PSA (P=0, N=13, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"a16a2e741f1cd9717285b6d882":"":"":"38757b3a61a4dc97ca3ab88bf1240695":"FAIL":"":1
+
+AES-192-CCM test vector NIST #9 PSA (P=24, N=7, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"5a8aa485c316e9":"":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"ddc93a54":"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":1
+
+AES-192-CCM test vector NIST #10 PSA (P=24, N=7, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"31f8fa25827d48":"":"32b649ab56162e55d4148a1292d6a225a988eb1308298273":"b6889036":"FAIL":"":1
+
+AES-192-CCM test vector NIST #11 PSA (P=24, N=7, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"5a8aa485c316e9":"":"cba4b4aeb85f0492fd8d905c4a6d8233139833373ef188a8":"c5a5ebecf7ac8607fe412189e83d9d20":"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22":1
+
+AES-192-CCM test vector NIST #12 PSA (P=24, N=7, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"31f8fa25827d48":"":"ca62713728b5c9d652504b0ae8fd4fee5d297ee6a8d19cb6":"e699f15f14d34dcaf9ba8ed4b877c97d":"FAIL":"":1
+
+AES-192-CCM test vector NIST #13 PSA (P=24, N=13, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"5a8aa485c316e9403aff859fbb":"":"042653c674ef2a90f7fb11d30848e530ae59478f1051633a":"34fad277":"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":1
+
+AES-192-CCM test vector NIST #14 PSA (P=24, N=13, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"49004912fdd7269279b1f06a89":"":"1902d9769a7ba3d3268e1257395c8c2e5f98eef295dcbfa5":"a35df775":"FAIL":"":1
+
+AES-192-CCM test vector NIST #15 PSA (P=24, N=13, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9403aff859fbb":"":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671e":"a7ade30a07d185692ab0ebdf4c78cf7a":"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":1
+
+AES-192-CCM test vector NIST #16 PSA (P=24, N=13, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"49004912fdd7269279b1f06a89":"":"9a98617fb97a0dfe466be692272dcdaec1c5443a3b51312e":"f042c86363cc05afb98c66e16be8a445":"FAIL":"":1
+
+AES-192-CCM test vector NIST #17 PSA (P=0, N=7, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"1d089a5f":"":"":1
+
+AES-192-CCM test vector NIST #18 PSA (P=0, N=7, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"2f46022a":"FAIL":"":1
+
+AES-192-CCM test vector NIST #19 PSA (P=0, N=7, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"5280a2137fee3deefcfe9b63a1199fb3":"":"":1
+
+AES-192-CCM test vector NIST #20 PSA (P=0, N=7, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"d40a7318c5f2d82f838c0beeefe0d598":"FAIL":"":1
+
+AES-192-CCM test vector NIST #21 PSA (P=0, N=13, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"5e0eaebd":"":"":1
+
+AES-192-CCM test vector NIST #22 PSA (P=0, N=13, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"71b7fc33":"FAIL":"":1
+
+AES-192-CCM test vector NIST #23 PSA (P=0, N=13, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"d07ccf9fdc3d33aa94cda3d230da707c":"":"":1
+
+AES-192-CCM test vector NIST #24 PSA (P=0, N=13, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"65fe32b649dc328c9f531584897e85b3":"FAIL":"":1
+
+AES-192-CCM test vector NIST #25 PSA (P=24, N=7, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"9f6ca4af9b159148c889a6584d1183ea26e2614874b05045":"75dea8d1":"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768":1
+
+AES-192-CCM test vector NIST #26 PSA (P=24, N=7, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"84d8212e9cfc2121252baa3b065b1edcf50497b9594db1eb":"d7965825":"FAIL":"":1
+
+AES-192-CCM test vector NIST #27 PSA (P=24, N=7, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"6aab64c4787599d8f213446beadb16e08dba60e97f56dbd1":"4d1d980d6fe0fb44b421992662b97975":"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768":1
+
+AES-192-CCM test vector NIST #28 PSA (P=24, N=7, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"4980b2ee49b1aaf393175f5ab9bae95ec7904557dfa20660":"3c51d36c826f01384100886198a7f6a3":"FAIL":"":1
+
+AES-192-CCM test vector NIST #29 PSA (P=24, N=13, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"16e543d0e20615ff0df15acd9927ddfe40668a54bb854ccc":"c25e9fce":"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5":1
+
+AES-192-CCM test vector NIST #30 PSA (P=24, N=13, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"df35b109caf690656ae278bbd8f8bba687a2ce11b105dae9":"8ecedb3e":"FAIL":"":1
+
+AES-192-CCM test vector NIST #31 PSA (P=24, N=13, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"c5b0b2ef17498c5570eb335df4588032958ba3d69bf6f317":"8464a6f7fa2b76744e8e8d95691cecb8":"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5":1
+
+AES-192-CCM test vector NIST #32 PSA (P=24, N=13, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"d1f0518929f4ae2f0543de2a7dfe4bb0110bb3057e524a1c":"06bd6dc2e6bcc3436cffb969ae900388":"FAIL":"":1
+
+AES-256-CCM test vector NIST #1 PSA (P=0, N=7, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"a544218dadd3c1":"":"":"469c90bb":"":"":1
+
+AES-256-CCM test vector NIST #2 PSA (P=0, N=7, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"d3d5424e20fbec":"":"":"46a908ed":"FAIL":"":1
+
+AES-256-CCM test vector NIST #3 PSA (P=0, N=7, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"a544218dadd3c1":"":"":"8207eb14d33855a52acceed17dbcbf6e":"":"":1
+
+AES-256-CCM test vector NIST #4 PSA (P=0, N=7, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"d3d5424e20fbec":"":"":"60f8e127cb4d30db6df0622158cd931d":"FAIL":"":1
+
+AES-256-CCM test vector NIST #5 PSA (P=0, N=13, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"a544218dadd3c10583db49cf39":"":"":"8a19a133":"":"":1
+
+AES-256-CCM test vector NIST #6 PSA (P=0, N=13, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"3c0e2815d37d844f7ac240ba9d":"":"":"2e317f1b":"FAIL":"":1
+
+AES-256-CCM test vector NIST #7 PSA (P=0, N=13, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"a544218dadd3c10583db49cf39":"":"":"97e1a8dd4259ccd2e431e057b0397fcf":"":"":1
+
+AES-256-CCM test vector NIST #8 PSA (P=0, N=13, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"3c0e2815d37d844f7ac240ba9d":"":"":"5a9596c511ea6a8671adefc4f2157d8b":"FAIL":"":1
+
+AES-256-CCM test vector NIST #9 PSA (P=24, N=7, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"a544218dadd3c1":"":"64a1341679972dc5869fcf69b19d5c5ea50aa0b5e985f5b7":"22aa8d59":"":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98":1
+
+AES-256-CCM test vector NIST #10 PSA (P=24, N=7, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"bfcda8b5a2d0d2":"":"c5b7f802bffc498c1626e3774f1d9f94045dfd8e1a10a202":"77d00a75":"FAIL":"":1
+
+AES-256-CCM test vector NIST #11 PSA (P=24, N=7, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c1":"":"bc51c3925a960e7732533e4ef3a4f69ee6826de952bcb0fd":"374f3bb6db8377ebfc79674858c4f305":"":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98":1
+
+AES-256-CCM test vector NIST #12 PSA (P=24, N=7, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bfcda8b5a2d0d2":"":"afa1fa8e8a70e26b02161150556d604101fdf423f332c336":"3275f2a4907d51b734fe7238cebbd48f":"FAIL":"":1
+
+AES-256-CCM test vector NIST #13 PSA (P=24, N=13, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c10583db49cf39":"":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f412":"3d14fb3f":"":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e":1
+
+AES-256-CCM test vector NIST #14 PSA (P=24, N=13, A=0, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"894dcaa61008eb8fb052c60d41":"":"bb5425b3869b76856ec58e39886fb6f6f2ac13fe44cb132d":"8d0c0099":"FAIL":"":1
+
+AES-256-CCM test vector NIST #15 PSA (P=24, N=13, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"a544218dadd3c10583db49cf39":"":"f0050ad16392021a3f40207bed3521fb1e9f808f49830c42":"3a578d179902f912f9ea1afbce1120b3":"":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e":1
+
+AES-256-CCM test vector NIST #16 PSA (P=24, N=13, A=0, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"894dcaa61008eb8fb052c60d41":"":"c408190d0fbf5034f83b24a8ed9657331a7ce141de4fae76":"9084607b83bd06e6442eac8dacf583cc":"FAIL":"":1
+
+AES-256-CCM test vector NIST #17 PSA (P=0, N=7, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"":"92d00fbe":"":"":1
+
+AES-256-CCM test vector NIST #18 PSA (P=0, N=7, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":"":"9143e5c4":"FAIL":"":1
+
+AES-256-CCM test vector NIST #19 PSA (P=0, N=7, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"":"93af11a08379eb37a16aa2837f09d69d":"":"":1
+
+AES-256-CCM test vector NIST #20 PSA (P=0, N=7, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":"":"d19b0c14ec686a7961ca7c386d125a65":"FAIL":"":1
+
+AES-256-CCM test vector NIST #21 PSA (P=0, N=13, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"":"866d4227":"":"":1
+
+AES-256-CCM test vector NIST #22 PSA (P=0, N=13, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":"":"94cb1127":"FAIL":"":1
+
+AES-256-CCM test vector NIST #23 PSA (P=0, N=13, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"":"867b0d87cf6e0f718200a97b4f6d5ad5":"":"":1
+
+AES-256-CCM test vector NIST #24 PSA (P=0, N=13, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":"":"677a040d46ee3f2b7838273bdad14f16":"FAIL":"":1
+
+AES-256-CCM test vector NIST #25 PSA (P=24, N=7, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"c2fe12658139f5d0dd22cadf2e901695b579302a72fc5608":"3ebc7720":"":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3":1
+
+AES-256-CCM test vector NIST #26 PSA (P=24, N=7, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":"94748ba81229e53c38583a8564b23ebbafc6f6efdf4c2a81":"c44db2c9":"FAIL":"":1
+
+AES-256-CCM test vector NIST #27 PSA (P=24, N=7, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"3341168eb8c48468c414347fb08f71d2086f7c2d1bd581ce":"1ac68bd42f5ec7fa7e068cc0ecd79c2a":"":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3":1
+
+AES-256-CCM test vector NIST #28 PSA (P=24, N=7, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":"d543acda712b898cbb27b8f598b2e4438ce587a836e27851":"47c3338a2400809e739b63ba8227d2f9":"FAIL":"":1
+
+AES-256-CCM test vector NIST #29 PSA (P=24, N=13, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"c0ea400b599561e7905b99262b4565d5c3dc49fad84d7c69":"ef891339":"":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3":1
+
+AES-256-CCM test vector NIST #30 PSA (P=24, N=13, A=32, T=4)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":"60871e03ea0eb968536c99f926ea24ef43d41272ad9fb7f6":"3d488623":"FAIL":"":1
+
+AES-256-CCM test vector NIST #31 PSA (P=24, N=13, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"8d34cdca37ce77be68f65baf3382e31efa693e63f914a781":"367f30f2eaad8c063ca50795acd90203":"":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3":1
+
+AES-256-CCM test vector NIST #32 PSA (P=24, N=13, A=32, T=16)
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C:MBEDTLS_CCM_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":"516c0095cc3d85fd55e48da17c592e0c7014b9daafb82bdc":"4b41096dfdbe9cc1ab610f8f3e038d16":"FAIL":"":1
diff --git a/tests/suites/test_suite_cipher.chacha20.data b/tests/suites/test_suite_cipher.chacha20.data
index c67e582..11de103 100644
--- a/tests/suites/test_suite_cipher.chacha20.data
+++ b/tests/suites/test_suite_cipher.chacha20.data
@@ -1,7 +1,3 @@
-Decrypt empty buffer
-depends_on:MBEDTLS_CHACHA20_C
-dec_empty_buf:
-
Chacha20 RFC 7539 Test Vector #1
depends_on:MBEDTLS_CHACHA20_C
decrypt_test_vec:MBEDTLS_CIPHER_CHACHA20:-1:"0000000000000000000000000000000000000000000000000000000000000000":"000000000000000000000000":"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"":"":0:0
diff --git a/tests/suites/test_suite_cipher.chachapoly.data b/tests/suites/test_suite_cipher.chachapoly.data
index 1760dc0..ccd0dfb 100644
--- a/tests/suites/test_suite_cipher.chachapoly.data
+++ b/tests/suites/test_suite_cipher.chachapoly.data
@@ -1,6 +1,6 @@
Decrypt empty buffer
-depends_on:MBEDTLS_CHACHAPOLY_C:
-dec_empty_buf:
+depends_on:MBEDTLS_CHACHAPOLY_C
+dec_empty_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305
ChaCha20+Poly1305 Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_CHACHAPOLY_C
@@ -112,11 +112,11 @@
ChaCha20+Poly1305 RFC 7539 Test Vector #1
depends_on:MBEDTLS_CHACHAPOLY_C
-auth_crypt_tv:MBEDTLS_CIPHER_CHACHA20_POLY1305:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"eead9d67890cbb22392336fea1851f38":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d"
+auth_crypt_tv:MBEDTLS_CIPHER_CHACHA20_POLY1305:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"eead9d67890cbb22392336fea1851f38":"":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d":0
ChaCha20+Poly1305 RFC 7539 Test Vector #1 Unauthentic (1st bit flipped)
depends_on:MBEDTLS_CHACHAPOLY_C
-auth_crypt_tv:MBEDTLS_CIPHER_CHACHA20_POLY1305:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"6ead9d67890cbb22392336fea1851f38":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_CHACHA20_POLY1305:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"6ead9d67890cbb22392336fea1851f38":"FAIL":"":0
Chacha20+Poly1305 RFC 7539 Test Vector #1 (streaming)
depends_on:MBEDTLS_CHACHAPOLY_C
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 52526a8..1ea1408 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -12,7 +12,7 @@
*/
/* BEGIN_CASE */
-void mbedtls_cipher_list( )
+void mbedtls_cipher_list( )
{
const int *cipher_type;
@@ -22,92 +22,487 @@
/* END_CASE */
/* BEGIN_CASE */
-void cipher_null_args( )
+void cipher_invalid_param_unconditional( )
{
- mbedtls_cipher_context_t ctx;
- const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type( *( mbedtls_cipher_list() ) );
- unsigned char buf[1] = { 0 };
- size_t olen;
+ mbedtls_cipher_context_t valid_ctx;
+ mbedtls_cipher_context_t invalid_ctx;
+ mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT;
+ mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS;
+ unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
+ int valid_size = sizeof(valid_buffer);
+ int valid_bitlen = valid_size * 8;
+ const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
+ *( mbedtls_cipher_list() ) );
+ size_t size_t_var;
- mbedtls_cipher_init( &ctx );
+ (void)valid_mode; /* In some configurations this is unused */
- TEST_ASSERT( mbedtls_cipher_get_block_size( NULL ) == 0 );
- TEST_ASSERT( mbedtls_cipher_get_block_size( &ctx ) == 0 );
+ mbedtls_cipher_init( &valid_ctx );
+ mbedtls_cipher_setup( &valid_ctx, valid_info );
+ mbedtls_cipher_init( &invalid_ctx );
- TEST_ASSERT( mbedtls_cipher_get_cipher_mode( NULL ) == MBEDTLS_MODE_NONE );
- TEST_ASSERT( mbedtls_cipher_get_cipher_mode( &ctx ) == MBEDTLS_MODE_NONE );
+ /* mbedtls_cipher_setup() */
+ TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, NULL ) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_get_iv_size( NULL ) == 0 );
- TEST_ASSERT( mbedtls_cipher_get_iv_size( &ctx ) == 0 );
+ /* mbedtls_cipher_get_block_size() */
+ TEST_ASSERT( mbedtls_cipher_get_block_size( &invalid_ctx ) == 0 );
- TEST_ASSERT( mbedtls_cipher_info_from_string( NULL ) == NULL );
+ /* mbedtls_cipher_get_cipher_mode() */
+ TEST_ASSERT( mbedtls_cipher_get_cipher_mode( &invalid_ctx ) ==
+ MBEDTLS_MODE_NONE );
- TEST_ASSERT( mbedtls_cipher_setup( &ctx, NULL )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_setup( NULL, info )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ /* mbedtls_cipher_get_iv_size() */
+ TEST_ASSERT( mbedtls_cipher_get_iv_size( &invalid_ctx ) == 0 );
- TEST_ASSERT( mbedtls_cipher_setkey( NULL, buf, 0, MBEDTLS_ENCRYPT )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_setkey( &ctx, buf, 0, MBEDTLS_ENCRYPT )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ /* mbedtls_cipher_get_type() */
+ TEST_ASSERT(
+ mbedtls_cipher_get_type( &invalid_ctx ) ==
+ MBEDTLS_CIPHER_NONE);
- TEST_ASSERT( mbedtls_cipher_set_iv( NULL, buf, 0 )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, buf, 0 )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ /* mbedtls_cipher_get_name() */
+ TEST_ASSERT( mbedtls_cipher_get_name( &invalid_ctx ) == 0 );
- TEST_ASSERT( mbedtls_cipher_reset( NULL ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_reset( &ctx ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ /* mbedtls_cipher_get_key_bitlen() */
+ TEST_ASSERT( mbedtls_cipher_get_key_bitlen( &invalid_ctx ) ==
+ MBEDTLS_KEY_LENGTH_NONE );
+
+ /* mbedtls_cipher_get_operation() */
+ TEST_ASSERT( mbedtls_cipher_get_operation( &invalid_ctx ) ==
+ MBEDTLS_OPERATION_NONE );
+
+ /* mbedtls_cipher_setkey() */
+ TEST_ASSERT(
+ mbedtls_cipher_setkey( &invalid_ctx,
+ valid_buffer,
+ valid_bitlen,
+ valid_operation ) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+ /* mbedtls_cipher_set_iv() */
+ TEST_ASSERT(
+ mbedtls_cipher_set_iv( &invalid_ctx,
+ valid_buffer,
+ valid_size ) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+ /* mbedtls_cipher_reset() */
+ TEST_ASSERT( mbedtls_cipher_reset( &invalid_ctx ) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- TEST_ASSERT( mbedtls_cipher_update_ad( NULL, buf, 0 )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_update_ad( &ctx, buf, 0 )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ /* mbedtls_cipher_update_ad() */
+ TEST_ASSERT(
+ mbedtls_cipher_update_ad( &invalid_ctx,
+ valid_buffer,
+ valid_size ) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
+
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+ /* mbedtls_cipher_set_padding_mode() */
+ TEST_ASSERT( mbedtls_cipher_set_padding_mode( &invalid_ctx, valid_mode ) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
#endif
- TEST_ASSERT( mbedtls_cipher_update( NULL, buf, 0, buf, &olen )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_update( &ctx, buf, 0, buf, &olen )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ /* mbedtls_cipher_update() */
+ TEST_ASSERT(
+ mbedtls_cipher_update( &invalid_ctx,
+ valid_buffer,
+ valid_size,
+ valid_buffer,
+ &size_t_var ) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_finish( NULL, buf, &olen )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_finish( &ctx, buf, &olen )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ /* mbedtls_cipher_finish() */
+ TEST_ASSERT(
+ mbedtls_cipher_finish( &invalid_ctx,
+ valid_buffer,
+ &size_t_var ) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- TEST_ASSERT( mbedtls_cipher_write_tag( NULL, buf, olen )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_write_tag( &ctx, buf, olen )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ /* mbedtls_cipher_write_tag() */
+ TEST_ASSERT(
+ mbedtls_cipher_write_tag( &invalid_ctx,
+ valid_buffer,
+ valid_size ) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_check_tag( NULL, buf, olen )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_check_tag( &ctx, buf, olen )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ /* mbedtls_cipher_check_tag() */
+ TEST_ASSERT(
+ mbedtls_cipher_check_tag( &invalid_ctx,
+ valid_buffer,
+ valid_size ) ==
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
+
+exit:
+ mbedtls_cipher_free( &invalid_ctx );
+ mbedtls_cipher_free( &valid_ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void cipher_invalid_param_conditional( )
+{
+ mbedtls_cipher_context_t valid_ctx;
+
+ mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT;
+ mbedtls_operation_t invalid_operation = 100;
+ mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS;
+ unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
+ int valid_size = sizeof(valid_buffer);
+ int valid_bitlen = valid_size * 8;
+ const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
+ *( mbedtls_cipher_list() ) );
+
+ size_t size_t_var;
+
+ (void)valid_mode; /* In some configurations this is unused */
+
+ /* mbedtls_cipher_init() */
+ TEST_VALID_PARAM( mbedtls_cipher_init( &valid_ctx ) );
+ TEST_INVALID_PARAM( mbedtls_cipher_init( NULL ) );
+
+ /* mbedtls_cipher_setup() */
+ TEST_VALID_PARAM( mbedtls_cipher_setup( &valid_ctx, valid_info ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_setup( NULL, valid_info ) );
+
+ /* mbedtls_cipher_get_block_size() */
+ TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_block_size( NULL ) );
+
+ /* mbedtls_cipher_get_cipher_mode() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_MODE_NONE,
+ mbedtls_cipher_get_cipher_mode( NULL ) );
+
+ /* mbedtls_cipher_get_iv_size() */
+ TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_iv_size( NULL ) );
+
+ /* mbedtls_cipher_get_type() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_CIPHER_NONE,
+ mbedtls_cipher_get_type( NULL ) );
+
+ /* mbedtls_cipher_get_name() */
+ TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_name( NULL ) );
+
+ /* mbedtls_cipher_get_key_bitlen() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_KEY_LENGTH_NONE,
+ mbedtls_cipher_get_key_bitlen( NULL ) );
+
+ /* mbedtls_cipher_get_operation() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_OPERATION_NONE,
+ mbedtls_cipher_get_operation( NULL ) );
+
+ /* mbedtls_cipher_setkey() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_setkey( NULL,
+ valid_buffer,
+ valid_bitlen,
+ valid_operation ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_setkey( &valid_ctx,
+ NULL,
+ valid_bitlen,
+ valid_operation ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_setkey( &valid_ctx,
+ valid_buffer,
+ valid_bitlen,
+ invalid_operation ) );
+
+ /* mbedtls_cipher_set_iv() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_set_iv( NULL,
+ valid_buffer,
+ valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_set_iv( &valid_ctx,
+ NULL,
+ valid_size ) );
+
+ /* mbedtls_cipher_reset() */
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_reset( NULL ) );
+
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
+ /* mbedtls_cipher_update_ad() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_update_ad( NULL,
+ valid_buffer,
+ valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_update_ad( &valid_ctx,
+ NULL,
+ valid_size ) );
+#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
+
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+ /* mbedtls_cipher_set_padding_mode() */
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_set_padding_mode( NULL, valid_mode ) );
#endif
+
+ /* mbedtls_cipher_update() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_update( NULL,
+ valid_buffer,
+ valid_size,
+ valid_buffer,
+ &size_t_var ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_update( &valid_ctx,
+ NULL, valid_size,
+ valid_buffer,
+ &size_t_var ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_update( &valid_ctx,
+ valid_buffer, valid_size,
+ NULL,
+ &size_t_var ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_update( &valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer,
+ NULL ) );
+
+ /* mbedtls_cipher_finish() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_finish( NULL,
+ valid_buffer,
+ &size_t_var ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_finish( &valid_ctx,
+ NULL,
+ &size_t_var ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_finish( &valid_ctx,
+ valid_buffer,
+ NULL ) );
+
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
+ /* mbedtls_cipher_write_tag() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_write_tag( NULL,
+ valid_buffer,
+ valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_write_tag( &valid_ctx,
+ NULL,
+ valid_size ) );
+
+ /* mbedtls_cipher_check_tag() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_check_tag( NULL,
+ valid_buffer,
+ valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_check_tag( &valid_ctx,
+ NULL,
+ valid_size ) );
+#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
+
+ /* mbedtls_cipher_crypt() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_crypt( NULL,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_crypt( &valid_ctx,
+ NULL, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_crypt( &valid_ctx,
+ valid_buffer, valid_size,
+ NULL, valid_size,
+ valid_buffer, &size_t_var ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_crypt( &valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ NULL, &size_t_var ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_crypt( &valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, NULL ) );
+
+#if defined(MBEDTLS_CIPHER_MODE_AEAD)
+ /* mbedtls_cipher_auth_encrypt() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_auth_encrypt( NULL,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var,
+ valid_buffer, valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_auth_encrypt( &valid_ctx,
+ NULL, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var,
+ valid_buffer, valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_auth_encrypt( &valid_ctx,
+ valid_buffer, valid_size,
+ NULL, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var,
+ valid_buffer, valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_auth_encrypt( &valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ NULL, valid_size,
+ valid_buffer, &size_t_var,
+ valid_buffer, valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_auth_encrypt( &valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ NULL, &size_t_var,
+ valid_buffer, valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_auth_encrypt( &valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, NULL,
+ valid_buffer, valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_auth_encrypt( &valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var,
+ NULL, valid_size ) );
+
+ /* mbedtls_cipher_auth_decrypt() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_auth_decrypt( NULL,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var,
+ valid_buffer, valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_auth_decrypt( &valid_ctx,
+ NULL, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var,
+ valid_buffer, valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_auth_decrypt( &valid_ctx,
+ valid_buffer, valid_size,
+ NULL, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var,
+ valid_buffer, valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_auth_decrypt( &valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ NULL, valid_size,
+ valid_buffer, &size_t_var,
+ valid_buffer, valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_auth_decrypt( &valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ NULL, &size_t_var,
+ valid_buffer, valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_auth_decrypt( &valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, NULL,
+ valid_buffer, valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_auth_decrypt( &valid_ctx,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, valid_size,
+ valid_buffer, &size_t_var,
+ NULL, valid_size ) );
+#endif /* defined(MBEDTLS_CIPHER_MODE_AEAD) */
+
+ /* mbedtls_cipher_free() */
+ TEST_VALID_PARAM( mbedtls_cipher_free( NULL ) );
+exit:
+ TEST_VALID_PARAM( mbedtls_cipher_free( &valid_ctx ) );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
-void cipher_special_behaviours( )
+void cipher_special_behaviours( )
{
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t ctx;
unsigned char input[32];
unsigned char output[32];
+#if defined (MBEDTLS_CIPHER_MODE_CBC)
unsigned char iv[32];
+#endif
size_t olen = 0;
mbedtls_cipher_init( &ctx );
memset( input, 0, sizeof( input ) );
memset( output, 0, sizeof( output ) );
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
memset( iv, 0, sizeof( iv ) );
/* Check and get info structures */
- cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB );
+ cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_CBC );
TEST_ASSERT( NULL != cipher_info );
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) );
@@ -120,6 +515,14 @@
TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, 0 )
== MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ mbedtls_cipher_free( &ctx );
+ mbedtls_cipher_init( &ctx );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+ cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB );
+ TEST_ASSERT( NULL != cipher_info );
+
+ TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) );
+
/* Update ECB with partial block */
TEST_ASSERT( mbedtls_cipher_update( &ctx, input, 1, output, &olen )
== MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
@@ -130,7 +533,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
+void enc_dec_buf( int cipher_id, char * cipher_string, int key_len,
int length_val, int pad_mode )
{
size_t length = length_val, outlen, total_len, i, block_size;
@@ -255,8 +658,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void enc_fail( int cipher_id, int pad_mode, int key_len,
- int length_val, int ret )
+void enc_fail( int cipher_id, int pad_mode, int key_len, int length_val,
+ int ret )
{
size_t length = length_val;
unsigned char key[32];
@@ -307,7 +710,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void dec_empty_buf()
+void dec_empty_buf( int cipher )
{
unsigned char key[32];
unsigned char iv[16];
@@ -320,6 +723,8 @@
size_t outlen = 0;
+ int expected_ret;
+
memset( key, 0, 32 );
memset( iv , 0, 16 );
@@ -329,12 +734,15 @@
memset( decbuf, 0, 64 );
/* Initialise context */
- cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_CBC );
+ cipher_info = mbedtls_cipher_info_from_type( cipher );
TEST_ASSERT( NULL != cipher_info);
+ TEST_ASSERT( sizeof(key) * 8 >= cipher_info->key_bitlen );
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
- TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, 128, MBEDTLS_DECRYPT ) );
+ TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec,
+ key, cipher_info->key_bitlen,
+ MBEDTLS_DECRYPT ) );
TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) );
@@ -347,8 +755,23 @@
/* decode 0-byte string */
TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
TEST_ASSERT( 0 == outlen );
- TEST_ASSERT( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED == mbedtls_cipher_finish(
- &ctx_dec, decbuf + outlen, &outlen ) );
+
+ if ( cipher_info->mode == MBEDTLS_MODE_CBC ||
+ cipher_info->mode == MBEDTLS_MODE_ECB )
+ {
+ /* CBC and ECB ciphers need a full block of input. */
+ expected_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
+ }
+ else
+ {
+ /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and
+ * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when
+ * decrypting an empty buffer. */
+ expected_ret = 0;
+ }
+
+ TEST_ASSERT( expected_ret == mbedtls_cipher_finish(
+ &ctx_dec, decbuf + outlen, &outlen ) );
TEST_ASSERT( 0 == outlen );
exit:
@@ -471,80 +894,56 @@
/* END_CASE */
/* BEGIN_CASE */
-void decrypt_test_vec( int cipher_id, int pad_mode,
- char *hex_key, char *hex_iv,
- char *hex_cipher, char *hex_clear,
- char *hex_ad, char *hex_tag,
+void decrypt_test_vec( int cipher_id, int pad_mode, data_t * key,
+ data_t * iv, data_t * cipher,
+ data_t * clear, data_t * ad, data_t * tag,
int finish_result, int tag_result )
{
- unsigned char key[50];
- unsigned char iv[50];
- unsigned char cipher[265]; /* max length of test data so far */
- unsigned char clear[265];
unsigned char output[265];
- unsigned char ad[200];
- unsigned char tag[20];
- size_t key_len, iv_len, cipher_len, clear_len;
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- size_t ad_len, tag_len;
-#endif
mbedtls_cipher_context_t ctx;
size_t outlen, total_len;
mbedtls_cipher_init( &ctx );
- memset( key, 0x00, sizeof( key ) );
- memset( iv, 0x00, sizeof( iv ) );
- memset( cipher, 0x00, sizeof( cipher ) );
- memset( clear, 0x00, sizeof( clear ) );
- memset( ad, 0x00, sizeof( ad ) );
- memset( tag, 0x00, sizeof( tag ) );
memset( output, 0x00, sizeof( output ) );
- key_len = unhexify( key, hex_key );
- iv_len = unhexify( iv, hex_iv );
- cipher_len = unhexify( cipher, hex_cipher );
- clear_len = unhexify( clear, hex_clear );
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- ad_len = unhexify( ad, hex_ad );
- tag_len = unhexify( tag, hex_tag );
-#else
- ((void) hex_ad);
- ((void) hex_tag);
+#if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C)
+ ((void) ad);
+ ((void) tag);
#endif
/* Prepare context */
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
mbedtls_cipher_info_from_type( cipher_id ) ) );
- TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, MBEDTLS_DECRYPT ) );
+ TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT ) );
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
if( pad_mode != -1 )
TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
#else
(void) pad_mode;
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
- TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv, iv_len ) );
+ TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv->x, iv->len ) );
TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) );
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, ad, ad_len ) );
+ TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, ad->x, ad->len ) );
#endif
- /* decode buffer and check tag */
+ /* decode buffer and check tag->x */
total_len = 0;
- TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, cipher, cipher_len, output, &outlen ) );
+ TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, cipher->x, cipher->len, output, &outlen ) );
total_len += outlen;
TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen,
&outlen ) );
total_len += outlen;
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- TEST_ASSERT( tag_result == mbedtls_cipher_check_tag( &ctx, tag, tag_len ) );
+ TEST_ASSERT( tag_result == mbedtls_cipher_check_tag( &ctx, tag->x, tag->len ) );
#endif
/* check plaintext only if everything went fine */
if( 0 == finish_result && 0 == tag_result )
{
- TEST_ASSERT( total_len == clear_len );
- TEST_ASSERT( 0 == memcmp( output, clear, clear_len ) );
+ TEST_ASSERT( total_len == clear->len );
+ TEST_ASSERT( 0 == memcmp( output, clear->x, clear->len ) );
}
exit:
@@ -553,56 +952,73 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_AEAD */
-void auth_crypt_tv( int cipher_id, char *hex_key, char *hex_iv,
- char *hex_ad, char *hex_cipher,
- char *hex_tag, char *hex_clear )
+void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
+ data_t * ad, data_t * cipher, data_t * tag,
+ char * result, data_t * clear, int use_psa )
{
+ /* Takes an AEAD ciphertext + tag and performs a pair
+ * of AEAD decryption and AEAD encryption. It checks that
+ * this results in the expected plaintext, and that
+ * decryption and encryption are inverse to one another. */
+
int ret;
- unsigned char key[50];
- unsigned char iv[50];
- unsigned char cipher[265]; /* max size of test data so far */
- unsigned char clear[265];
- unsigned char output[267]; /* above + 2 (overwrite check) */
- unsigned char ad[200];
- unsigned char tag[20];
- unsigned char my_tag[20];
- size_t key_len, iv_len, cipher_len, clear_len, ad_len, tag_len;
+ unsigned char output[300]; /* Temporary buffer for results of
+ * encryption and decryption. */
+ unsigned char *output_tag = NULL; /* Temporary buffer for tag in the
+ * encryption step. */
+
mbedtls_cipher_context_t ctx;
size_t outlen;
- mbedtls_cipher_init( &ctx );
+ unsigned char *tmp_tag = NULL;
+ unsigned char *tmp_cipher = NULL;
- memset( key, 0x00, sizeof( key ) );
- memset( iv, 0x00, sizeof( iv ) );
- memset( cipher, 0x00, sizeof( cipher ) );
- memset( clear, 0x00, sizeof( clear ) );
- memset( ad, 0x00, sizeof( ad ) );
- memset( tag, 0x00, sizeof( tag ) );
- memset( my_tag, 0xFF, sizeof( my_tag ) );
+ mbedtls_cipher_init( &ctx );
memset( output, 0xFF, sizeof( output ) );
- key_len = unhexify( key, hex_key );
- iv_len = unhexify( iv, hex_iv );
- cipher_len = unhexify( cipher, hex_cipher );
- ad_len = unhexify( ad, hex_ad );
- tag_len = unhexify( tag, hex_tag );
-
/* Prepare context */
- TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
- mbedtls_cipher_info_from_type( cipher_id ) ) );
- TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, MBEDTLS_DECRYPT ) );
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
+ (void) use_psa;
+#else
+ if( use_psa == 1 )
+ {
+ TEST_ASSERT( psa_crypto_init() == 0 );
- /* decode buffer and check tag */
- ret = mbedtls_cipher_auth_decrypt( &ctx, iv, iv_len, ad, ad_len,
- cipher, cipher_len, output, &outlen,
- tag, tag_len );
+ /* PSA requires that the tag immediately follows the ciphertext. */
+ tmp_cipher = mbedtls_calloc( 1, cipher->len + tag->len );
+ TEST_ASSERT( tmp_cipher != NULL );
+ tmp_tag = tmp_cipher + cipher->len;
- /* make sure we didn't overwrite */
- TEST_ASSERT( output[outlen + 0] == 0xFF );
- TEST_ASSERT( output[outlen + 1] == 0xFF );
+ memcpy( tmp_cipher, cipher->x, cipher->len );
+ memcpy( tmp_tag, tag->x, tag->len );
+
+ TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx,
+ mbedtls_cipher_info_from_type( cipher_id ),
+ tag->len ) );
+ }
+ else
+#endif
+ {
+ tmp_tag = tag->x;
+ tmp_cipher = cipher->x;
+ TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
+ mbedtls_cipher_info_from_type( cipher_id ) ) );
+ }
+
+ TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len,
+ MBEDTLS_DECRYPT ) );
+
+ /* decode buffer and check tag->x */
+
+ /* Sanity check that we don't use overly long inputs. */
+ TEST_ASSERT( sizeof( output ) >= cipher->len );
+
+ ret = mbedtls_cipher_auth_decrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
+ tmp_cipher, cipher->len, output, &outlen,
+ tmp_tag, tag->len );
/* make sure the message is rejected if it should be */
- if( strcmp( hex_clear, "FAIL" ) == 0 )
+ if( strcmp( result, "FAIL" ) == 0 )
{
TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED );
goto exit;
@@ -611,44 +1027,104 @@
/* otherwise, make sure it was decrypted properly */
TEST_ASSERT( ret == 0 );
- clear_len = unhexify( clear, hex_clear );
- TEST_ASSERT( outlen == clear_len );
- TEST_ASSERT( memcmp( output, clear, clear_len ) == 0 );
+ TEST_ASSERT( outlen == clear->len );
+ TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 );
- /* then encrypt the clear and make sure we get the same ciphertext and tag */
+ /* then encrypt the clear->x and make sure we get the same ciphertext and tag->x */
+ mbedtls_cipher_free( &ctx );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( use_psa == 1 )
+ {
+ TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx,
+ mbedtls_cipher_info_from_type( cipher_id ),
+ tag->len ) );
+ }
+ else
+#endif
+ {
+ TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
+ mbedtls_cipher_info_from_type( cipher_id ) ) );
+ }
+ TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len,
+ MBEDTLS_ENCRYPT ) );
+
memset( output, 0xFF, sizeof( output ) );
outlen = 0;
- ret = mbedtls_cipher_auth_encrypt( &ctx, iv, iv_len, ad, ad_len,
- clear, clear_len, output, &outlen,
- my_tag, tag_len );
+ /* Sanity check that we don't use overly long inputs. */
+ TEST_ASSERT( sizeof( output ) >= clear->len + tag->len );
+
+ output_tag = output + clear->len;
+ ret = mbedtls_cipher_auth_encrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
+ clear->x, clear->len, output, &outlen,
+ output_tag, tag->len );
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( outlen == clear_len );
- TEST_ASSERT( memcmp( output, cipher, clear_len ) == 0 );
- TEST_ASSERT( memcmp( my_tag, tag, tag_len ) == 0 );
+ TEST_ASSERT( outlen == cipher->len );
+ TEST_ASSERT( memcmp( output, cipher->x, cipher->len ) == 0 );
+ TEST_ASSERT( memcmp( output_tag, tag->x, tag->len ) == 0 );
- /* make sure we didn't overwrite */
- TEST_ASSERT( output[outlen + 0] == 0xFF );
- TEST_ASSERT( output[outlen + 1] == 0xFF );
- TEST_ASSERT( my_tag[tag_len + 0] == 0xFF );
- TEST_ASSERT( my_tag[tag_len + 1] == 0xFF );
+exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( use_psa == 1 )
+ {
+ mbedtls_free( tmp_cipher );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_cipher_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void test_vec_ecb( int cipher_id, int operation, data_t * key,
+ data_t * input, data_t * result, int finish_result
+ )
+{
+ mbedtls_cipher_context_t ctx;
+ unsigned char output[32];
+ size_t outlen;
+
+ mbedtls_cipher_init( &ctx );
+
+ memset( output, 0x00, sizeof( output ) );
+
+ /* Prepare context */
+ TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
+ mbedtls_cipher_info_from_type( cipher_id ) ) );
+
+
+ TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, operation ) );
+
+ TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, input->x,
+ mbedtls_cipher_get_block_size( &ctx ),
+ output, &outlen ) );
+ TEST_ASSERT( outlen == mbedtls_cipher_get_block_size( &ctx ) );
+ TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen,
+ &outlen ) );
+ TEST_ASSERT( 0 == outlen );
+
+ /* check plaintext only if everything went fine */
+ if( 0 == finish_result )
+ TEST_ASSERT( 0 == memcmp( output, result->x,
+ mbedtls_cipher_get_block_size( &ctx ) ) );
exit:
mbedtls_cipher_free( &ctx );
}
/* END_CASE */
-/* BEGIN_CASE */
-void test_vec_ecb( int cipher_id, int operation, char *hex_key,
- char *hex_input, char *hex_result,
- int finish_result )
+/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */
+void test_vec_crypt( int cipher_id, int operation, char *hex_key,
+ char *hex_iv, char *hex_input, char *hex_result,
+ int finish_result, int use_psa )
{
unsigned char key[50];
unsigned char input[16];
unsigned char result[16];
- size_t key_len;
+ unsigned char iv[16];
+ size_t key_len, iv_len, inputlen, resultlen;
mbedtls_cipher_context_t ctx;
unsigned char output[32];
size_t outlen;
@@ -659,31 +1135,40 @@
memset( input, 0x00, sizeof( input ) );
memset( result, 0x00, sizeof( result ) );
memset( output, 0x00, sizeof( output ) );
+ memset( iv, 0x00, sizeof( iv ) );
/* Prepare context */
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
+ (void) use_psa;
+#else
+ if( use_psa == 1 )
+ {
+ TEST_ASSERT( psa_crypto_init() == 0 );
+ TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx,
+ mbedtls_cipher_info_from_type( cipher_id ), 0 ) );
+ }
+ else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
- mbedtls_cipher_info_from_type( cipher_id ) ) );
+ mbedtls_cipher_info_from_type( cipher_id ) ) );
key_len = unhexify( key, hex_key );
- TEST_ASSERT( unhexify( input, hex_input ) ==
- (int) mbedtls_cipher_get_block_size( &ctx ) );
- TEST_ASSERT( unhexify( result, hex_result ) ==
- (int) mbedtls_cipher_get_block_size( &ctx ) );
+ inputlen = unhexify( input, hex_input );
+ resultlen = unhexify( result, hex_result );
TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, operation ) );
+ if( MBEDTLS_MODE_CBC == ctx.cipher_info->mode )
+ TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, MBEDTLS_PADDING_NONE ) );
- TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, input,
- mbedtls_cipher_get_block_size( &ctx ),
- output, &outlen ) );
- TEST_ASSERT( outlen == mbedtls_cipher_get_block_size( &ctx ) );
- TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen,
- &outlen ) );
- TEST_ASSERT( 0 == outlen );
+ iv_len = unhexify( iv, hex_iv );
+ TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv_len ? iv : NULL,
+ iv_len, input, inputlen,
+ output, &outlen ) );
+ TEST_ASSERT( resultlen == outlen );
/* check plaintext only if everything went fine */
if( 0 == finish_result )
- TEST_ASSERT( 0 == memcmp( output, result,
- mbedtls_cipher_get_block_size( &ctx ) ) );
+ TEST_ASSERT( 0 == memcmp( output, result, outlen ) );
exit:
mbedtls_cipher_free( &ctx );
@@ -710,12 +1195,12 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void check_padding( int pad_mode, char *input_str, int ret, int dlen_check )
+void check_padding( int pad_mode, data_t * input, int ret, int dlen_check
+ )
{
mbedtls_cipher_info_t cipher_info;
mbedtls_cipher_context_t ctx;
- unsigned char input[16];
- size_t ilen, dlen;
+ size_t dlen;
/* build a fake context just for getting access to get_padding */
mbedtls_cipher_init( &ctx );
@@ -724,9 +1209,8 @@
TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
- ilen = unhexify( input, input_str );
- TEST_ASSERT( ret == ctx.get_padding( input, ilen, &dlen ) );
+ TEST_ASSERT( ret == ctx.get_padding( input->x, input->len, &dlen ) );
if( 0 == ret )
TEST_ASSERT( dlen == (size_t) dlen_check );
}
diff --git a/tests/suites/test_suite_cipher.gcm.data b/tests/suites/test_suite_cipher.gcm.data
index 0efed58..03d08ce 100644
--- a/tests/suites/test_suite_cipher.gcm.data
+++ b/tests/suites/test_suite_cipher.gcm.data
@@ -701,3 +701,4035 @@
CAMELLIA 256 GCM Decrypt test vector #5
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
decrypt_test_vec:MBEDTLS_CIPHER_CAMELLIA_256_GCM:-1:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"cafebabefacedbad":"6ca95fbb7d16577a9ef2fded94dc85b5d40c629f6bef2c649888e3cbb0ededc7810c04b12c2983bbbbc482e16e45c9215ae12c15c55f2f4809d06652":"":"feedfacedeadbeeffeedfacedeadbeefabaddad2":"e6472b8ebd331bfcc7c0fa63ce094462":0:MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+AES-GCM NIST Validation (AES-128,128,0,0,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d785dafea3e966731ef6fc6202262584":"d91a46205ee94058b3b8403997592dd2":"":"":"3b92a17c1b9c3578a68cffea5a5b6245":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"aec963833b9098de1ababc853ab74d96":"4e0ffd93beffd732c6f7d6ad606a2d24":"":"":"e9fcedc176dfe587dc61b2011010cdf1":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c4fb9e3393681da9cec5ec96f87c5c31":"845e910bc055d895879f62101d08b4c7":"":"":"99fb783c497416e4b6e2a5de7c782057":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2a930f2e09beceacd9919cb76f2ac8d3":"340d9af44f6370eff534c653033a785a":"":"":"0c1e5e9c8fe5edfd11f114f3503d63":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fe71177e02073b1c407b5724e2263a5e":"83c23d20d2a9d4b8f92da96587c96b18":"":"":"43b2ca795420f35f6cb39f5dfa47a2":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b02392fd7f228888c281e59d1eaa15fb":"2726344ba8912c737e195424e1e6679e":"":"":"a10b601ca8053536a2af2cc255d2b6":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"21895cbafc16b7b8bf5867e88e0853d4":"f987ce1005d9bbd31d2452fb80957753":"":"":"952a7e265830d58a6778d68b9450":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9bb9742bf47f68caf64963d7c10a97b0":"34a85669de64e1cd44731905fddbcbc5":"":"":"e9b6be928aa77b2de28b480ae74c":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"4e9708e4b37e2e1b5feaf4f5ab54e2a6":"1c53a9fdd23919b036d99560619a9939":"":"":"6611b50d6fbca83047f9f5fe1768":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"82fede79db25f00be96eb050a22cea87":"e9c50b517ab26c89b83c1f0cac50162c":"":"":"d0c0ce9db60b77b0e31d05e048":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1d98566fca5201abb12914311a8bd532":"590aef4b46a9023405d075edab7e6849":"":"":"a1cfd1a27b341f49eda2ca8305":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3038771820c2e1319f02a74b8a7a0c08":"e556d9f07fb69d7e9a644261c80fac92":"":"":"4d2f005d662b6a8787f231c5e1":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0fb7eef50de598d7d8b508d019a30d5a":"a2a2617040116c2c7e4236d2d8278213":"":"":"68413c58df7bb5f067197ca0":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8cc58b609204215c8ab4908286e56e5c":"fb83ea637279332677b5f68081173e99":"":"":"a2a9160d82739a55d8cd419f":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"81a5fd184742a478432963f6477e8f92":"da297cbb53b11d7c379e0566299b4d5a":"":"":"200bee49466fdda2f21f0062":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"f604ac66d626959e595cbb7b4128e096":"269d2a49d533c6bb38008711f38e0b39":"":"":"468200fa4683e8be":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2e308ba7903e925f768c1d00ff3eb623":"335acd2aa48a47a37cfe21e491f1b141":"":"":"4872bfd5e2ff55f6":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1304e2a5a3520454a5109df61a67da7a":"dbe8b452acf4fa1444c3668e9ee72d26":"":"":"83a0d3440200ca95":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ecf1ec2c9a8f2e9cc799f9b9fddb3232":"ddf0b695aef5df2b594fcaae72b7e41c":"":"":"2819aedf":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9ab5c8ca905b5fe50461f4a68941144b":"96dd3927a96e16123f2e9d6b367d303f":"":"":"6e0c53ef":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b5fc7af605721a9cfe61c1ee6a4b3e22":"6b757d4055823d1035d01077666037d6":"":"":"e8c09ddd":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"03c0b4a6e508a8490db0d086a82c9db7":"ac52f6c1a05030321fa39f87e89fdb5e":"33316ca79d10a79f4fd038593e8eef09625089dc4e0ffe4bc1f2871554fa6666ab3e7fe7885edef694b410456f3ec0e513bb25f1b48d95e4820c5972c1aabb25c84c08566002dadc36df334c1ce86847964a122016d389ac873bca8c335a7a99bcef91e1b985ae5d488a2d7f78b4bf14e0c2dc715e814f4e24276057cf668172":"":"756292d8b4653887edef51679b161812":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b228d3d15219ea9ad5651fce02c8374d":"5c7eafaead029c3fe3cf3835fe758d0e":"8c35dd805c08686b9b4d460f81b4dcb8c46c6d57842dc3e72ba90952e2bebf17fe7184445b02f801800a944486d662a127d01d3b7f42679052cdc73ce533129af8d13957415c5495142157d6ce8a68aa977e56f562fed98e468e42522767656ce50369471060381bb752dd5e77c79677a4cadffa39e518e30a789e793b07ea21":"":"a4dde1ab93c84937c3bbc3ad5237818d":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"776afcbabedd5577fe660a60f920b536":"5bbb7f1b14084e520408dd87b97705e9":"44631fc9d4a07416b0dfb4e2b42071e3e2be45502c9ddf72b3e61810eeda31a7d685ebb2ee43a2c06af374569f439ee1668c550067de2dece9ec46ee72b260858d6033f814e85275c5ae669b60803a8c516de32804fa34d3a213ccfaf6689046e25eeb30b9e1608e689f4d31cc664b83a468a51165f5625f12f098a6bf7ddab2":"":"a5347d41d93b587240651bcd5230264f":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"20abeafa25fc4ea7d0592cb3e9b4d5fe":"3aba79a58c5aa664856b41d552c7a8d3":"98cfecaae9eb9a7c3b17e6bc5f80d8a4bf7a9f4fa5e01b74cae15ee6af14633205aafe3b28fb7b7918e12322ea27352056a603746d728a61361134a561619400ff2bf679045bac2e0fbc2c1d41f8faba4b27c7827bceda4e9bf505df4185515dd3a5e26f7639c8ad5a38bc5906a44be062f02cc53862678ae36fa3de3c02c982":"":"2a67ad1471a520fe09a304f0975f31":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2bc73fba942ff105823b5dccf6befb1c":"902c3e3b69b1ef8395d7281ff74cce38":"4adec0b4ac00325a860044d9f9519daa4f7c163229a75819b0fd7d8e23319f030e61dfa8eadabff42ea27bc36bdb6cad249e801ca631b656836448b7172c11126bad2781e6a1aa4f62c4eda53409408b008c057e0b81215cc13ddabbb8f1915f4bbab854f8b00763a530ad5055d265778cd3080d0bd35b76a329bdd5b5a2d268":"":"ebdd7c8e87fe733138a433543542d1":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"356a4c245868243d61756cabe86da887":"b442f2ec6d45a17144c258fd59fe5b3b":"12cccc3c60474b0a1579c5006c2134850724fa6c9da3a7022d4f65fd238b052bdf34ea34aa7dbadad64996065acee588ab6bd29726d07ed24ffae2d33aadf3e66ebb87f57e689fd85128be1c9e3d8362fad1f8096ee391f75b576fb213d394cef6f091fc5488d9aa152be69475b9167abd6dd4fd93bbbc7b8ca316c952eb19c6":"":"ed26080dcb670590613d97d7c47cf4":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"dfa7e93aff73600fc552324253066e2c":"c20001e93f1cd05253c277a9445d61e4":"a64d1e20058a1f7e698622a02f7ff8dc11886717ede17bbdc3c4645a66a71d8b04346fb389a251ffb0a7f445a25faf642bb7e4697d2cacf925e78c4be98457996afb25b0516b50f179441d1923312364947f8f1e0f5715b43bd537727bf943d7b4679b0b0b28b94e56e7bbf554d9cf79fcee4387f32bb6f91efdd23620035be6":"":"6ba5e4dace9a54b50b901d9b73ad":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2ecea80b48d2ecd194a7699aa7d8ccfc":"8b4db08bafc23b65ae50a2d20661d270":"efc2ca1a3b41b90f8ddf74291d68f072a6e025d0c91c3ce2b133525943c73ebadc71f150be20afeb097442fa51be31a641df65d90ebd81dcbaf32711ed31f5e0271421377ffe14ddafea3ca60a600588d484856a98de73f56a766ae60bae384a4ae01a1a06821cf0c7a6b4ee4c8f413748457b3777283d3310218fb55c107293":"":"246a9d37553088b6411ebb62aa16":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d38fee3fd3d6d08224c3c83529a25d08":"a942ccb11cf9468186fabfc18c899801":"1c92a4ce0a1dae27e720d6f9b1e460276538de437f3812ab1177cf0273b05908f296f33ba0f4c790abe2ce958b1d92b930a0d81243e6ad09ef86ee8e3270243095096537cb1054fcfcf537d828b65af9b6cf7c50f5b8470f7908f314d0859107eed772ee1732c78e8a2e35b2493f3e8c1e601b08aeab8d9729e0294dca168c62":"":"803a08700ec86fdeb88f7a388921":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1899b0cbae41d705c6eed3226afb5bc0":"82d0910aa53e300a487d880d018d0dea":"6bf5583cc1007d74f3529db63b8d4e085400ccf3725eab8e19cb145f3910c61465a21486740a26f74691866a9f632af9fae81f5f0bffedf0c28a6ce0fd520bb4db04a3cd1a7d29d8801e05e4b9c9374fd89bcb539489c2f7f1f801c253a1cc737408669bcd133b62da357f7399a52179125aa59fae6707d340846886d730a835":"":"c5d58870fee9ce157f5ec1fa8f":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8b95323d86d02754f4c2874b42ec6eb0":"4f76084acbdef9999c71dcc794238d7c":"ebc75788377c0b264818a6f97c19cf92c29f1c7cdeb6b5f0a92d238fa4614bc35d0cfe4ec9d045cd628ff6262c460679ac15b0c6366d9289bbd217e5012279e0af0fb2cfcbdf51fe16935968cbb727f725fe5bcd4428905849746c8493600ce8b2cfc1b61b04c8b752b915fed611d6b54ef73ec4e3950d6db1807b1ce7ed1dcc":"":"c4724ff1d2c57295eb733e9cad":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"30da555559eb11cf7e0eff9d99e9607d":"7799275bf12335f281ec94a870f90a0b":"e735d556e15aec78d9736016c8c99db753ed14d4e4adaaa1dd7eaad702ea5dc337433f8c2b45afdf2f385fdf6c55574425571e079ca759b6235f877ed11618ff212bafd865a22b80b76b3b5cf1acfd24d92fd41607bbb7382f26cd703757088d497b16b32de80e1256c734a9b83356b6fced207177de75458481eaef59a431d7":"":"3c82272130e17c4a0a007a908e":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ed2ac74af896c5190c271cfa6af02fd2":"e0226e2d8da47badad1fb78b9a797f27":"8f11353ae476ff923013e6e736ffc9d23101a1c471ccc07ad372a8430d6559c376075efce2e318cdf4c9443dbf132e7e6da5524045028c97e904633b44c4d189a4b64237ac7692dd03c0e751ce9f04d0fdbd8a96074cd7dfa2fd441a52328b4ac3974b4902db45663f7b6f24947dba618f8b9769e927faf84c9f49ad8239b9fb":"":"db8af7a0d548fc54d9457c73":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0225b73fe5fbbe52f838d873173959d8":"02a048764f48d9aed1147ee922395bbf":"9b46a57b06e156c877e94c089814493ead879397dab3dfcab2db349ef387efcd0cc339a7e79131a2c580188fc7429044a465b8329d74cd8f47272a4ed32582b1c5c7e3d32341ae902ea4923dc33df8062bc24bb51a11d2ecc82f464f615041387f9c82bd2135d4e240fe56fa8a68e6a9a417e6702430a434b14d70cf02db3181":"":"e2c2ce4022c49a95c9ac9026":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"89ca3771a0ef3287568b4ac036120198":"7e83d2ffa8af8c554cfd71a0db56ef5b":"1bd7a9d6262882bd12c62bd50942965b3cdcadf5e0fab2dc4d0daf0ee4b16e92c6e2464c0caa423cdce88e4d843490609716ec5e44c41672c656ac0e444d3622557ea8420c94deae3ad190ddaf859f6f8c23e4e2e32a46d28df23de4f99bd6c34f69e06eddfdfa5f263dbe8baf9d4296b2c543e4c4847271e7590374edf46234":"":"06b2bf62591dc7ec1b814705":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a41a297bd96e224942998fe2192934a1":"6827f2c5a0b7ecd6bbc696abb0adf556":"f32041abd8543415cbac423d945dda5378a16a7e94d9ab5dbd2d32eb1c5048cc7c8e4df3ca84ec725f18c34cfdeaa7595392aabfd66d9e2f37c1165369cd806cd9d2110def6f5fad4345e5a6e2326c9300199438fcc078cd9fcf4d76872cac77fc9a0a8ac7e4d63995078a9addecf798460ff5910861b76c71bccfb6b629d722":"":"49a4917eef61f78e":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a9372c058f42e0a1d019bdb528313919":"8d03f423230c8f00a5b6b712d426a2af":"cfef4e70fcc1821eeccf7c7b5eb3c0c3b5f72dc762426e0bd26242f8aa68c5b716ab97eded5e5720caccc1965da603d556d8214d5828f2cf276d95bf552d47313876796221f62ccb818a6d801088755d58cfb751bfed0d5a19718d4e0f94b850e0279b3a69295d1837cba958a6cc56e7594080b9e5b954a199fdc9e54ddc8583":"":"b82cd11cd3575c8d":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"6302b7338f8fa84195ad9abbacd89b4e":"e1bed5c53547cbc85f3411fbb43bb08b":"bcd329c076e8da2797d50dcdcf271cecf3ce12f3c136ed746edc722f907be6133276ee099038fdc5d73eec812739c7489d4bcc275f95451b44890416e3ffe5a1b6fa3986b84eee3adad774c6feaecb1f785053eeda2cfc18953b8547866d98918dbe0a6abc168ac7d77467a367f11c284924d9d186ef64ef0fd54eacd75156d2":"":"5222d092e9e8bd6c":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"78b5c28d62e4b2097873a1180bd5a3a5":"c93902c2819ee494f0fc4b259ee65dd8":"e6b1192674a02083a6cf36d4ba93ba40a5331fadf63fd1eb2efa2ee9c0d8818472aaaf2b4705746011753f30f447c8f58dd34d29606daf57eadc172529837058cb78a378b19da8d63c321f550dfa256b5fd9f30e93d8f377443bfcd125f86a079a1765d2010be73d060f24eebae8d05e644688b2149bc39e18bd527bc066f2ba":"":"eae48137":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3d84130578070e036c9e3df5b5509473":"3b9b4950523a19c6866fd2b0cde541fd":"a764931e1b21a140c54a8619aacdb4358834987fb6e263cec525f888f9e9764c165aaa7db74f2c42273f912daeae6d72b232a872ac2c652d7cd3af3a5753f58331c11b6c866475697876dbc4c6ca0e52a00ba015ee3c3b7fb444c6e50a4b4b9bbe135fc0632d32a3f79f333d8f487771ed12522e664b9cf90e66da267f47a74d":"":"79987692":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"08428605ab4742a3e8a55354d4764620":"128f5f4a817e4af04113847a223adeb0":"464b484ed79d93a48e0f804e04df69d7ca10ad04ba7188d69e6549ab50503baaec67e0acba5537d1163c868fd3e350e9d0ae9123046bc76815c201a947aa4a7e4ed239ce889d4ff9c8d043877de06df5fc27cf67442b729b02e9c30287c0821ef9fa15d4cccbc53a95fa9ec3ed432ca960ebbf5a169ccada95a5bf4c7c968830":"":"3eb3e3a2":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0dd358bc3f992f26e81e3a2f3aa2d517":"d8c750bb443ee1a169dfe97cfe4d855b":"":"87cc4fd75788c9d5cc83bae5d764dd249d178ab23224049795d4288b5ed9ea3f317068a39a7574b300c8544226e87b08e008fbe241d094545c211d56ac44437d41491a438272738968c8d371aa7787b5f606c8549a9d868d8a71380e9657d3c0337979feb01de5991fc1470dfc59eb02511efbbff3fcb479a862ba3844a25aaa":"a81d13973baa22a751833d7d3f94b3b1":"":"77949b29f085bb3abb71a5386003811233056d3296eb093370f7777dadd306d93d59dcb9754d3857cf2758091ba661f845ef0582f6ae0e134328106f0d5d16b541cd74fdc756dc7b53f4f8a194daeea9369ebb1630c01ccb307b848e9527da20a39898d748fd59206f0b79d0ed946a8958033a45bd9ae673518b32606748eb65":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"43b5f18227e5c74288dbeff03801acd6":"08ee12246cf7edb81da3d610f3ebd167":"":"f58d630f10cfca61d4644d4f6505bab629e8e8faf1673e64417f9b79e622966a7011cfb3ff74db5cebf09ad3f41643d4437d213204a6c8397e7d59b8a5b1970aed2b6bb5ea1933c72c351f6ba96c0b0b98188f6e373f5db6c5ebece911ec7a1848abd3ae335515c774e0027dab7d1c07d047d3b8825ff94222dbaf6f9ab597ee":"82d83b2f7da218d1d1441a5b37bcb065":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9a433c612d7e1bdff881e4d63ba8b141":"8b670cf31f470f79a6c0b79e73863ca1":"":"ce10758332f423228b5e4ae31efda7677586934a1d8f05d9b7a0dc4e2010ec3eaacb71a527a5fff8e787d75ebd24ad163394c891b33477ed9e2a2d853c364cb1c5d0bc317fcaf4010817dbe5f1fd1037c701b291b3a66b164bc818bf5c00a4c210a1671faa574d74c7f3543f6c09aaf117e12e2eb3dae55edb1cc5b4086b617d":"8526fd25daf890e79946a205b698f287":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8e9d75c781d63b29f1816859f7a0e0a0":"748a3b486b62a164cedcf1bab9325add":"":"a9f1883f58e4ef78377992101ab86da0dafcefa827904dd94dff6f6704b1e45517165a34c5555a55b04c6992fb6d0840a71bd262fe59815e5c7b80fe803b47d5ba44982a3f72cb42f591d8b62df38c9f56a5868af8f68242e3a15f97be8ef2399dbace1273f509623b6f9e4d27a97436aebf2d044e75f1c62694db77ceac05de":"131e0e4ce46d768674a7bcacdcef9c":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fe6b8553002c69396d9976bb48d30779":"595b17d0d76b83780235f5e0c92bd21f":"":"786f4801b16de7a4931ab143b269c7acc68f1ed9b17a95e8929ccec7d53413059fd4267bedbf079d9d69e90314c1345bc9cb9132f1af69323157ddf7533ced42b4b7bd39004f14d326f5b03bc19084d231d93bcab328312d99b426c1e86e8e049d380bb492e2e32ad690af4cf86838d89a0dfdcbc30e8c9e9039e423a234e113":"8879de07815a88877b0623de9be411":"":"b15dc7cd44adcb0783f30f592e5e03ccd47851725af9fe45bfc5b01ae35779b9a8b3f26fec468b188ec3cad40785c608d6bfd867b0ccf07a836ec20d2d9b8451636df153a32b637e7dcdbd606603d9e53f6e4c4cc8396286ce64b0ea638c10e5a567c0bc8e808080b71be51381e051336e60bf1663f6d2d7640a575e0752553b":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"14898c56009b459172fef9c17993b54f":"0862f8f87289988711a877d3231d44eb":"":"e7ba6ef722273238b975d551f95d3e77e9b75b24c547b86eafb457d409803bdf6e1443839d8604ee497020e1a3dbd687a819b17fdde0fcf240ce2129792792a58bfcd825773001ee959bf9ec8d228e27ce1cd93d7fb86769a3793361b6f82bf7daf284afc1ece657a1ee6346ea9294880755b9b623563ad2657ba2286488a2ef":"36938974301ae733760f83439437c4":"":"3fd56897a62743e0ab4a465bcc9777d5fd21ad2c9a59d7e4e1a60feccdc722b9820ec65cb47e1d1160d12ff2ea93abe11bc101b82514ead7d542007fee7b4e2dd6822849cd3e82d761ff7cf5ce4f40ad9fec54050a632a401451b426812cf03c2b16a8667a88bb3f7497e3308a91de6fd646d6a3562c92c24272411229a90802":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fe5253d4b071793b081ebc122cc2a5f8":"49e82d86804e196421ec19ddc8541066":"":"b57a0bd7714ae95e77fa9452e11a7ed4a2bec60f81ad6ddb956d4b1cb5dfc277dcb4034d501801b26733b5e08c710c3cfdccc1b208dc7a92cd7ebe166320582bcaff64cc943c36fbe7008f004e5db70c40de05fa68b0c9d4c16c8f976130f20702b99674cd2f4c93aeaeb3abca4b1114dbc3a4b33e1226ad801aa0e21f7cc49b":"e8b8ae34f842277fe92729e891e3":"":"c4a31c7ec820469f895d57579f987733337ec6547d78d17c44a18fab91f0322cfe05f23f9afaf019cf9531dec2d420f3591d334f40d78643fd957b91ab588a7e392447bd702652017ede7fb0d61d444a3b3cc4136e1d4df13d9532eb71bcf3ff0ae65e847e1c572a2f90632362bc424da2249b36a84be2c2bb216ae7708f745c":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b3502d6f0d172246e16503cdf5793296":"6ce994689ff72f9df62f386a187c1a13":"":"09268b8046f1558794e35cdc4945b94227a176dd8cb77f92f883542b1c4be698c379541fd1d557c2a07c7206afdd49506d6a1559123de1783c7a60006df06d87f9119fb105e9b278eb93f81fd316b6fdc38ef702a2b9feaa878a0d1ea999db4c593438f32e0f849f3adabf277a161afb5c1c3460039156eec78944d5666c2563":"21cdf44ff4993eb54b55d58e5a8f":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"5fb33dd73db309b9dfd3aee605cd94bf":"3f6486f9e9e645292e0e425bac232268":"":"f4e011f8c99038c46854b427475f23488077ebf051c4b705a1adfdd493a0a10af7a7e9453965b94f52f61ae62ce9243a82a2dbf9c5a285db3fe34ed34ed08b5926f34c48171195f7062d02a6e6e795322a0475017371cb8f645cdcac94afc66dc43e7583bdf1c25790f4235076a53de6c64f3bc5004e5a9ce4783fbf639fad97":"7ee5e0e2082b18d09abf141f902e":"":"0503cb531f1c967dae24f16dd651d544988a732020134896a0f109222e8639bf29ff69877c6ef4ac3df1b260842f909384e3d4409b99a47112681c4b17430041ca447a903a6c1b138f0efbb3b850d8290fceac9723a32edbf8e2d6e8143b1cbc7bf2d28d1b6c7f341a69918758cc82bbab5d898fa0f572d4ceaa11234cb511ec":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a958fe3b520081b638d9e4c7d5da7ac7":"c396109e96afde6f685d3c38aa3c2fae":"":"dfa9487378c7d8af9c8dbd9e533cd81503d9e4e7dab43133bad11fd3050a53a833df9cc3208af1a86110567d311d5fc54b0d627de433c381b10e113898203ac5225140f951cdb64c6494592b6453f9b6f952ec5ece732fb46c09a324f26b27cdad63588006bb5c6c00b9aa10d5d3b2f9eaab69beeddd6f93966654f964260018":"06ca91004be43cf46ed4599e23":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ec319fb143eac8215b51541daec268f2":"8a4684f42a1775b03806574f401cff78":"":"d298d988e74927736237eb8ab09d7a86b854fa2fd1f7f3be83b417ac10aa9291f4af5b3fbaf75a296ac32369ad57ded3984b84711953e477de3035ba430a30ffb84c941936e6c8d2cae8d80159876f87dd682747f2dccc36d7c32ab227032b8ac70b313fa4202ea236e3ec4d9e4d8b48cf3b90b378edc5b1dbeec929549344f8":"e91acb1bfda191630b560debc9":"":"27ce4a622959930f4059f247d29d1438257093cc973bf1bae4e0515da88b9a7e21ec59c7e4d062035cdf88b91254d856b11c8c1944865fa12922227ded3eecccaa36341ecf5405c708e9ea173f1e6cdf090499d3bb079910771080814607a1efe62ec6835dc0333d19dd39dd9ea9f31cd3632128536149a122050bb9365b521d":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"14a3e69f351ac39b4297749a90c1365c":"eb1c6c04437aa5a32bcc208bb3c01724":"":"051224f7b208549dcfda5f9d56ce5f0a072ef1f23f3810c693516c92622be6ed4d7a9e0f9450980ba490b2e9e3468ea7eef10bc9ebd673d91f32b748c1bf2c50cc4ebb59fc409c6d780bba00700d563ce1dc9927a6c860095a42ed053f3d640debfbfa7a4e6d5de234af19755000d95e7f414f1f78285ee165410c020038286b":"e418815960559aefee8e0c3831":"":"797310a6ed9ce47cdc25f7f88f5dbbf6f8f4837701704d7afced250585922744598d6f95ba2eecf86e030cc5ee71b328fc1c4f2d4df945d1b91a2803d6ae8eba6881be5fe0f298dd0c0279e12720ede60b9e857ccca5abe9b4d7ee7f25108beebbfe33f05c0d9903bf613c2e7ed6a87b71b5e386d81b3ae53efd01055bbcccc2":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c34827771fc3918d1cee09ba9401b832":"2379bbd39a1c22bc93b9b9cc45f3840b":"":"ce79701b661066e53191c9acdaf677ad41622314898d7216e3f113e2e6e215d26d8bd139827f06ab3ea5c4105694e87db1dd6cec10e1f86a8744d4c541f08e40319e22ab42fc1a6c89edfd486b6f142c6bbbf84a73912e0b2e55b79db306ccabf839855afdd889e52ae981520c89e7dc29bb2adb1906cca8c93fcb21290a095b":"26e1f6cf0d9e0f36dfd669eb":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b1f9bd2006ec550b7b9913d383200b5d":"ca28fa6b64bb3b32ef7d211f1c8be759":"":"6d9fc8f586d50d6e0128172ae147844e80136905d3a297497a9566ca7c7445029028f14c9950acee92a5c12a9150f5e024e01c7505dd83937542b0b1288de9c292ae8ad918a09b2edf8493540b74c73d2794f2eb6eed18eba520ddea9567462c83330f33d7892fcde0b10c73a4e26ab1bef037cec7e0190b95188e9a752fee6f":"c87aac7ad0e85dbb103c0733":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8b2cef1a92aa0af2b00fb2a99855d5bc":"08d87b7acee87d884667f6b1e32e34d0":"":"fd09525ef3c65ab5823e1b6c36b4a9449a3975c5d3a9e7e33c61fb32edcbb8e8c915b6202e3fbce87d73cc3b66d83d9ea7e1e353cc7468f08626932cf0235563e2a28953ee5a0afadb1c3cb513b1f1fc9a8a6cf326174b877448672f7731dd6430a51619da1a169ab302da5af5b38802f8bbf5890b5d9b45deda799679501dc4":"3bd7685318010b0c5fe3308b":"":"583e64631c218549923e8ad33b728d07f23b0f19d2aff1ad7e20d564c591db0e117caa8f21e3f3345e3d84f0ccbb27274cddf9274410fc342cb2a5d4aea4e925d0dd5350389ee0dea23a842ff3f5c1198374a96f41e055f999cfbc2f47ceaa883da8eb6ff729f583eff1f91bd3f3254d4e81e60d9993b3455e67f405708e4422":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"175c306f8644b0c4b894ae3d0971505e":"9860268ca2e10974f3726a0e5b9b310f":"":"fbe7ced7048f83e3a075661c4924eb77da1b4d6019d504afb942d728b31fd3b17557bd101c08453540a5e28d3505aeb8801a448afac2d9f68d20c0a31c7ef22bd95438851789eef1bebe8d96ac29607025b7e1366fecd3690ba90c315528dc435d9a786d36a16808d4b3e2c7c5175a1279792f1daccf51b2f91ac839465bb89a":"f809105e5fc5b13c":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"08c0edcfe342a676ccdc04bdf854b4b0":"4a7b70753930fe659f8cc38e5833f0c7":"":"1fc8ef8480c32d908b4bcbfa7074a38e915c20ed7a1c608422087e89442d7c5af6fe9c9a716c55793248062d8e6c6e8e904e2804da3a43701e4c78ecdb67e0b25308afc6d9b463356439cd095cff1bdf0fd91ab301c79fd257046cba79a5d5cd99f2502ad968420e4d499110106072dc687f434db0955c756a174a9024373c48":"9ab1e2f3c4606376":"":"983458c3f198bc685d98cea2b23cf71f0eb126e90937cab3492a46d9dc85d76bbb8035c6e209c34b2a7187df007faabe9f3064dc63f1cb15bf5a10655e39b94732e0c6583d56327e9701344e048887a81b256181cdfa9ec42ebc990875e4852240ddcb3cbc4ea4e6307075fd314f7190f3553267bd68b19e954e310ec3f8dbab":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"241067a0301edf0f825d793e03383ea1":"a30994261f48a66bb6c1fc3d69659228":"":"6984bb9830843529fad7f5e7760db89c778d62c764fcd2136ffb35d7d869f62f61d7fef64f65b7136398c1b5a792844528a18a13fba40b186ae08d1153b538007fc460684e2add8a9ed8dd82acbb8d357240daaa0c4deb979e54715545db03fe22e6d3906e89bdc81d535dae53075a58f65099434bfeed943dbc6024a92aa06a":"36c3b4a732ba75ae":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"03cccb5357bd2848332d1696f2ff90cb":"e0754022dfb1f813ccaf321558790806":"":"5e2f18cbc1e773df9f28be08abb3d0b64d545c870c5778ac8bb396bef857d2ac1342ae1afb3bf5d64e667bf837458415d48396204fe560e3b635eb10e560e437f2d0396952998fd36e116cd047c1d7f6fc9901094454d24165c557a8816e0d0a8e0ce41e040ba6f26ca567c74fc47d9738b8cd8dae5dfc831c65bc1ba9603a07":"c75f0246":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"4e5e53c84a05d5a5348bac7b2611cf62":"47e40543b7d16bc9122c40b106d31d43":"":"489c00c05dec06f282924c680f621ab99ac87f7d33ebbb4ca0eee187ec177d30d2b4afb4ee9f0dc019cf1a4da16d84b7f5f5c7fce72a32461db115b5a5a433024fd5ed3d47161836bb057a0189ed768f95e45fa967d0cc512fc91b555808c4033c945e8f2f7d36428dcb61f697e791b74e5c79b2bcb9cb81bec70d8119cd8d76":"81eec75d":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2c94008bf377f90b7a1c0d2ea38f730c":"abfe92931a8411a39986b74560a38211":"":"7b3d619d115de9970b2df4e1f25194940b3f3da04c653231e8e6946de9dc08ae5ba37e2a93c232e1f9445f31c01333045f22bd832e3b5f9833f37070fafb0ef1c44cc5637058ab64d9e07bb81b32852d4cf749a3ddbfdb494f8de8bb4e31f46033f8a16bc22e2595d023845505ea5db74dd69ab4ca940078b09efb4ff19bdb66":"47d42e78":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"69eedf3777e594c30e94e9c5e2bce467":"a3330638a809ba358d6c098e4342b81e":"df4e3f2b47cf0e8590228fcf9913fb8a5eb9751bba318fd2d57be68c7e788e04fabf303699b99f26313d1c4956105cd2817aad21b91c28f3b9251e9c0b354490fa5abfcea0065aa3cc9b96772eb8af06a1a9054bf12d3ae698dfb01a13f989f8b8a4bb61686cf3adf58f05873a24d403a62a092290c2481e4159588fea6b9a09":"5114e9983c96fecec3f7304ca42f52aa16cb7c6aadfb62ad537c93a3188835ca0703dad34c73cf96435b668b68a7a1d056931959316e8d3ab956bf64c4e07479c7767f9d488b0c0c351333ccf400b7e0be19a0fd173e3f2a1ae313f27e516952260fd2da9ab9daca478ebb93cd07d0b7503b32364d8e308d904d966c58f226bb":"5de3068e1e20eed469265000077b1db9":"":"208e6321238bf5c6e2ef55a4b8f531cbbfb0d77374fe32df6dd663486cf79beeed39bb6910c3c78dd0cc30707a0a12b226b2d06024db25dcd8a4e620f009cafa5242121e864c7f3f4360aaf1e9d4e548d99615156f156008418c1c41ff2bbc007cecf8f209c73203e6df89b32871de637b3d6af2e277d146ae03f3404d387b77":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"45cc35311eedf0ba093bf901931a7036":"fed5084de3c348f5a0adf4c2fd4e848a":"6e210914e4aed188d576f5ad7fc7e4cf7dd8d82f34ea3bcbdb7267cfd9045f806978dbff3460c4e8ff8c4edb6ad2edba405a8d915729d89aab2116b36a70b54f5920a97f5a571977e0329eda6c696749be940eabfc6d8b0bbd6fbdb87657b3a7695da9f5d3a7384257f20e0becd8512d3705cc246ee6ca1e610921cf92603d79":"5dc8d7525eaad035c19714ae1b1e538cb66a4089027245351e0ad9297410fb3a0c1155407c10a8bb95a9ca624a9c9925dac003ee78926c6e90ff4ccdba10e8a78bda1c4478162a0e302de5ff05fb0f94c89c3c7429fb94828bdcd97d21333c2ee72963ee6f056ce272b8bab007e653a42b01d1d2041ba627f169c8c0d32e6dae":"266a895fc21da5176b44b446d7d1921d":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9edb5231ca4a136b4df4ae22b8588f9f":"c342e9bdabe7be922b2695f5894e032c":"a45c7f8032ac5144deef8d5380f033aea2786b0592720a867f4831eaccc6b85d3fd568aedc6e472e017455b0b5b30cf7a08ea43ca587f35e1646ecd9b4dc774d11e350c82c65692be1e9541cbd72a283bdcf93dc7115545f373747b4f8d5915ed0c42fbeefd3e9bd86003d65efc2361fde5b874ddabcf8265e6b884615102eff":"493df801c57f8bb591955712d92d3fc34518f0599fec8533b2b4473364e1df4f560c12444cf50eeb584676b7e955c742189de6b50b8e012dfa6642f3679fb02bc6d8e08d1db88c8ae955a7946263e06494e17f8df246b672942661e5563302252208f2e00a0d77068a020e26082c291a75a06f63c41e2830292a418b2b5fd9dd":"5ed3ea75c8172fa0e8755fef7b4c90f1":"":"56696e501fac1e8d5b83ef911ed11337d5d51ff5342a82993dd5340bb9632e6606eef68ec5fe8cec6b34ebbc596c279e6cbc9221c4cde933f6d93ae014e3c4ca49593f35eaa638606d059519bac3a3373519e6184e7227d2aa62170c36479fe239cb698bfca863925a4c9fb1338685a55a6dfd3bd9c52d8ae12be8551fce6e1a":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d5fdcb8f5225090e63fae9b68f92c7cb":"581c818282a0905df5ffff652e5604e9":"f1ae6cd7b07f261105f555cf812a1d5bf8dd9aac07666318acffa11abb77d0238156663acbf7543825b45c6e9cddb481a40995ecd78bb5f4cba5df7c7efb00fc19c7f45e94d37697aca8ef368b99165393b6107f900194c797cd3289cb097eb5915f2abfd6aa52dd1effffdde448e30075a1c053246db54b0ec16eadca1c0071":"d39b9cba95e3a3aab9bc1d03ff475c04faeb5b7f0510777f39e5a05756606eb7ddd154aac035d9ddaf3535629821dd8f014dedd52cd184f52fc706e3c89a3a271398c9125d9a624dafb297a56022ca2ea331ea7359ab5e65f8e14814788e64e0a886a9b1a0144bf268fdcf9d94c3d10a0452f40111da9df108252e9039eacea3":"827e66b5b70dce56215cfb86c9a642":"":"cec11a12e47fd443f878e8e9fe23c65f29dd2d53cec59b799bcb0928de8e2f92fe85c27cec5c842ef30967b919accafe0c0d731b57f0bb5685d90a3061cb473e50e8aeca1346d1f47f7db06941f83f21ba5976d97c28cab547d8c1f38387a04b8a0b212da55b75fbaf9562eeeabd78eadcbab66457f0cd4e0d28133a64cb063f":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"036198cd3a3ab9319684d0f811cf2992":"47dffc6b3b80ffef4b943bde87b9cf3c":"ec4de476cd337f564a3facb544d0ff31cd89af4c3d9a28543e45156189f8eff8f804494dda83a1fb2c30ce858884a01ec63db59268452b1eea0f0d48280bb7340eaacc84509469dd94d303774d053d7ab4fb5f6c26581efeb19165f8cb09d58ec314d09ab8356731e87fd081f661e7b2d1a7c3aa4af5448a12b742e7b210b0b0":"6b95b9e82a695fb7b466ce3adb536f525d8314f95eada39efb49baf121093ce7d5439f0d8223e03530b85accd388a70650ca9f7e63eb32afecb7b1916ed9b762128cc641caf3e08e027c3d88481d653b6b15172e977dfb9b3f88465911aee162501cbf8501ce2b66ee151bbfdc23225f638f18750c239d62471663e5ee2a5856":"6cf68a374bea08a977ec8a04b92e8b":"":"5c2f7c408167be3d266ff634e1993fe291aef7efae245fa0b6b5bde886a810c866ae6a078286684d1b66116e636e285f03646e09f3c4ed7b184e7c171ba84f3bfd9500c6f35964a404892b4cdcdd3f697fc5b01934a86019810987a9fea7efca016049873f1072f62df3c17f57ea1d88ccd8757f7e3c5d96e8a18d5366a39ea9":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c9fbbff8f25f951ba874dfc5ff38584e":"1c1fc752673be6d4ff4cc749fc11e0fe":"abfde0b60acfe265b62ed68ebebc1f5f725f155c4b8a8aeec8d704701c51ff7817060c1b0ce6b80d6efc9836c9ea2bc022ec67db4cd34e945e3a1b153fd2e0f7ac84bb4b07e04cbb529ee24014b16067f9f082b940c9d5e54024d3e5e910310457478560721587da7b5343d89eec5a8fce389c01185db15e7faa9a3fa32e8ab9":"ca401071396da00376add467490abc6e6a7d8a85852026979f7013a09cf689113c8d833560cd6c5b8fdaa8fdd818e773ac13954839a0a2c91efeaf4e0e14de43308419a8b86fa2ae600a88a6bd39dfaabc16a3c7c1b77a5c2aab7f7caceb2f8595324125efbb7c96ba16c47d0bd10568b24bf445d72d683268466e68e46df500":"ff0b2c384e03b50e7e829c7a9f95aa":"":"239637fac6e180e71b2c9fa63ce8805f453d81499623ec2deba9b033350250662897867bffaf0c314244baf9e1fe3e1bb7c626d616bfbf3e0ac09a32aaf718b432337c9dc57c2d6fc4a0a09bdc05b9184d1b90c7193b7869f91e2caa8b3b35c10c6621ffae4c609bdf4e4e3f06e930541c381451ef58f4f30a559d2b79b0e6b6":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3a314ec178da96311e42334a616fb38b":"d7ea27c819e3eb2666611bb1c7fc068d":"db8dcc31a5681f13d56abd51bd2dcb0d2b171628186e215a68bf16167b4acd00c3441973c3fa62fa2698ee5c6749fc20e542364d63c40756d8bcff780269e5201bafdced3cdc97931d8203873431882c84522c151b775285d0a3c5d7667254c74724ff0ea9d417aa6c62835865dfded34edd331c0c235a089427672c5a9211c9":"518b3f5384ab54f80497d55be7a5d6902bc7718386212c2ec7537db331514b3838f104bf9054e03039a4cfb73f41e5d0a9648e569ed738cea8d33917430dff6afa8f07a75e324b9262fa196a4439dcd66b0535ee5bea0d292600227c2a79ed03be0671740e5cb7b306d855612bd3abcbf02cf7e7cecbb6cdbb33d57b4e3234a2":"1e774647b1ca406e0ed7141a8e1e":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e818372a63b7e2c23b524e29ba752bdb":"36e617e787cb25e154f73af1da68cb06":"71801d69796c2ce36b043c157aec9fd2e06fd1ec596126d10c26b6d44e3dc36c4fa30a030d65c382b6ddfd958e71fe9c16732e595137a3d6764c15480fc3358e9a113ba492b31274663f5842df5d1cc6bad70e83b34675a4411e2e70755aede0ff5035601be130562e27a20283d6f144ff1bdb5276dec05fad80d51b28d50688":"c1bf1b702a95ceaa6b48a1cdd888ae51f58a9fc3232bd6c784529a83301c6d0cdda6e605ad9a2563f54a8d59f624ae7c589e48b85041a010dcb6fb8739d43e79a456fc0e8574af086df78680460c3cdc4e00dc3b9d4e76b0de26e9aec546705249fa7e7466c01001c2667eaf2813be1f0f116916f34843a06b201d653aa1b27e":"3744262bc76f283964c1c15dc069":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9a04f16882ff45816739d1b6697ce8b7":"66f504d9a9128ad7fb7f1430d37c4784":"f641c53c83c4fb1ff8044bfa97cdf63fe75d8159d65b3e5ad585b89c083a53cf4a2f7a58eaeaf45fa71f2c07bc5725a6b03307d7f32884a133a4c803700bf1e12564b98b71f63b434ddf13ad2c467dda25ffa6effcafa72452b20c34cfae71e47096f8745b487e9f1945f5bec83f7ec2709a13b504d92315b1b727a78902be84":"6a4f3dbb3371f64258fd1f831349e745a4e19a33aad794b1de3788729618beed619586092120e9e5dc3ac6e0d52f991f7be61afbfaa4399ac716ad79a2734827254b1627791dc92a128a6f43426b8085dee94242e83176a3d762658f18ecc1e37e3e1531648c9caed212ea2cf3b3843cb92cb07730f30fe2dca3925470fadd06":"fbb37084396394fecd9581741f3c":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"38cf029a4b20607030586cd2d82146e6":"6330084319e2bf32cd5240f4826944bc":"80746cfb0127c592f8164d751b0e14a5b379056a884cece7ee4e9b80538d7ff6be56a3b19c135786722aaf315123b47672b0251e87ea45f0fd3601cf93f9efa6cbd9ad537f54d57f1e187f821faac24096ecec19d137c9f4cf145c278af4cd8de01c7758784fda06f1cc62d92ae1977786f3d0645714ab4ab6f48c8794b12f73":"f4c9f4476561c9ebdac71b282ae6e2f9f03547da98e66d4d857720db2fcc9ed1f363858db34c9dcaca0109d7c81db24150493115f2bb6985efa8686e3d2ab719d33b230aa4c5c70696bf42f225fb3c6704711c054a882d89b320884a78cb59cd2100496edf4010487597fb9135d8ca79693a43843e9626fd6c64a8722b3a27dc":"7b021de5cda915ba58f90ceef4":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"cf4d81fc5997c744a572bed71f4ae609":"bc4e20c56931c967ce8e3b8f5f1c392f":"b6b8294abf7da5703f864721f7904d3821f5568bf4b269e44edef4f1c95ddc172d83a06c0ad9f7f1fd2e292c17a876392bc5bb705d370b2f16ff721bef7648f423346fd3a4d762676e6fcf2d690553a47224af29afed0f452d263be90eb8150a13d720f1db6f1abc1c2ec18cfbf93b8ed3c5aa7cfc1dcb514d69f90409687a4d":"f3d65d70326e641fbe7fd945fe9cf66c74f17d0d1020ae8ac488f39b7285c99d8632bc2201960f3d77daccfecc04428abe0853aa8d82b90a93127c72b2d2af53f7f1bd0afb99d50f0b3b24e934ec98eddb278b2c65866442cebf10208c7ce1b7ecf764858480b2a269b106fa6d2428d5ad17612e53e62ccc7ad1184663aeb9a7":"0a86142a0af81c8df64ba689f4":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d88ad40b42ead744f1b7a36685658be1":"52c3158f5bd65a0a7ce1c5b57b9b295e":"dde2663335c40e5550ae192b843fa9fb4ef357b5c09d9f39dafda3296a4d14031817ee4dc1a201d677597d81e37050cd3dc86c25adbd551e947a080b6c47ec7be8a927ef7920bd1bb81f2c59801a2b9d745d33344cbe4838bcf2eb8dce53ab82c75c9bbab8e406597f6908aaa81fbbdef25aa69116c8f7a8cdc9958435aa32ac":"e99d2566fe6bcb2a04d167605db7c0f1e5567ff2d8d3292c15bbccc5d1e872bcb15a30b3bb8b1eb45e02fba15946e6bca310583a6740845a0f74f4ebfd5c59ced46875823e369e0447cc3e5d03dae530adf3c9846362c94e7f9d17207bf92d4d59981d8fd904eb8b96a0a23eb0f8d7e7a87e8e8892a2451524da6841ce575c27":"7643b3534eb5cb38331ed2e572":"":"6f87f6be2f4e7421aa26fe321045d1e23066a02158634bef35890581c92367d0bc232940de30974c70a66c60137a9f3924d12db1e5bc1b0e7131ea3620a25eb805b7d670263b82c8bbfcd6839305025390fc17d42d82daebe1b24f73ff9aa4617e3866785dded88f8b55ef89b2798ea2641a592a46428d9020f9bf853c194576":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c3ce86a212a30e724b4c624057db4e79":"9e03f0dd4cb2b3d830a6925e4400ed89":"92c48a39d93ea3308f55f6650d33fdf17a902076d582a94a82ac99496de9f62312292b844bbca5a683ef0f0710bbc1c7f89cbcca8f9c0299f154590d32059bd99fca5d78c450ede0d11d55075947caf2151218ce7a06c1e81985a7781a3444054170b457fd7ba816026310112abb47c8eddfd3ab7f679a0f60efc6c6dd3b759e":"3582ef7a9565c9a8e4496750ee5ca3e3a80df6238f7b7608e3394ec56d1360777921da039ede34abcedd01081babd496ba4de74a7de501181d6bb2022a6cc7f79d89a4c6a97676fb0f2b42f70e2d0bc1eaac364c3646df4f611c1d6b09737451b81b5a4da73c05fb58391c74e44498b80b26f1c29562d23c39b5d3f086b280cb":"3230fe94b6ccd63e605f87d0":"":"052347a4273cddba65b2a0b961477f07edee440a9117ab204359d2dd45ad2a6dad3b60ead891e7da6d79f3017ac90f95725a0089f04d25ce537bf53b7ea8e1ea58692d34c221db141e2a9fd7211adcee03ef8b5bf3c5d36311d20bb3d81f70f7e7272d0e2b6d12293b1a2c31b70f140a8f08d98c6231a3c429c3d0a10b2e1c1c":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a0155360b84420b5bf4fb410ea02f31e":"46f0386be7363887e7e357376305eab5":"611bc290f91798ad84f0a5ecb5a7cb8fa35e9ab6a5a51c9869a68a076e96f92c9c117595f92cbac5d33343fa2accd2541473907cbc54792c5e215ae857424c921b04ca4b81376bbedbfcc0e565c118f2aced08f247698eed5e2d202c48245161cabeac9fa195219f9799fa253e339561e13012167f1d02b4012b7791b7c863ba":"ecdb51522fc440f7471ea6a31f7c1ef1ec2153e5bcf6303297dbf8ddb3830b45ed9866157375ce4bdeb5e32fcbc6607984fccd7e6552628736608ab13072856d432ceccd3e90d1bb52ca9ada9cee90eb89ac10e887a1978fd0fb3d7bb20caaf35539e150be8044b725b8427c4c4a910f79980865d36344a8784bcc3d58460acb":"ac5addcc10cae6c1345520f1":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"694f621f594d96b16c32254ff06f3f9c":"542db4e107485a3cd24c7ad337a4f1b5":"27b7bfa5eb34ba376e515e58ab8b6556c396820d0074a1fe3b984945dcf5251ca450456ccb4bb66ec739b03fdc5f72d24553e843255adc012d1f1c95aa3cdac5d12926465354217203052cbd4869a8b5be2e01d0fe66b5a6a8da0a2ce351557e2991ce77baa812b9c67b8e1c5a1fc348710e1a73a0fd49acfd538b7db6bef8b3":"e61476b8b7f101ca6005f25af2b9bee795d62720bbbf59357057ca7cd473e00f0d465255fce8d6164657603323549fb4e3d33fa51054b1a70cc7e492916dea85453e9107fe781bfeb4a622c5b2306a8dddef99386dc50745003aa7220cd7f32fb0a060fa7682576769a48f9169c7d11fe0a8a61b95f5d6dfcf216f7d0c652a84":"0bdef4d771a1740381e7db97":"":"8b27a338fd2153d304f04655e09bd9bdf4468890ecce1e3b51de2c9a25a8d9336a9acd753ce270b1fe8d50196feac68145e0fd59c9cb3aa7c1e8af03494bc4279c6e287c849f3c775ada584ae173100946ae6921ef7c96bbc6f216093548702cf1867bb1bf1f4c9e90a34230a2b2aeb584622dd615023a43a406e64428bd9170":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"78826a5215a1d5e1b39cad5a06861f8f":"feb9d740fd1e221e328b5ef5ed19eff5":"ca9411b368d8295210d7a04da05a351d287f2f67d978ef1bb936de9f8065473f6fa11495da2eab13a1002231c86411d5409bbc718e2042ee99e013b1df1ef786e9fc1f2d43293c854128184efb9317c4ef82a002eac8b28fcd91d8a714a3aa25fc3c0ae4af9f4bcf5ad19a30cd8ec4b1785df70aa92074da419abe433dd4c435":"0fe2c798d7015d3e2f8725648d95729c45d357dc0c89fc63b9df5a68d3e65419540f663e9190793a29c58c495d5c6a731782acf119e2df8a96fb180ad772c301d098dbc5e3560ac45b6631a01cef7eed6db51f223775d601d2e11b9baa55e2f0651344777e5a03f6738a2013626a891b5f134f07b16598b8cbe3aeaefa1c2a26":"a724bbb295a02883":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d450f5253251121606e56687952bf2f1":"fe7ff90b020fc77d7fcd90bc583850ac":"a3bca9ff25a60006eb18f993dcdc99681e414e27605264dfd25652195d7fe1489550afd07fc7346b88d93b59eb6642913646e93bf50ee1db5dd30106cf181124d8ad01c72ed99038c9798620abdf5c78c419b08c97f982b34d9e9105d9aa4538afcd37f62e2412f14f7a248fcd60abaf2b66cd4554767f99030f1a495d56a5ae":"479b4f421bd8ac7f615c4a507da187cb5d4b1f1e2c6113d1f9678c1ba92dc5e17c5b525d7f3208733223eb82af0820b8476e9b08ca714ce044417b24d2238720cb8ffdc69db558cbaff52e3651b400e16c9d5ac8ed8949a19c35516f80394a04bd1cfdced7b204f779d792086e00b2ebca2f55a1140e85f5ee9ac7cfc5a31747":"6446398aff73ed23":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"90a59f6b0abf932311f0b65623c17740":"20778bea82a6717038e7064f48a31981":"4022d04f1454a72d2efe57533bd32757595220b20f3a37d166cec0412fb1eb2588f939ecd906c805f4827338669888e9f730905001eb1b136b95e306edf70d9ba1e5cd0aa13a25a1f28ab55cff36f9cd7036c735e3b285d26002ad2ed1074b566e252ea3ec8a9ce10882375dc3f1d9676e301dcb179eaae991120b796cc35648":"be5a948a771a8df12adaf74d702f064a75f6483c03203365fbde7d184844fe6dee0b84cf344be05b1d163817ba1516fcb87b9167ed81f884ada73b0058e2b38cba515bbbe462f4c21f8de1d41bca2cf4340aa659f9f07886c2bb620d9c3295318c07fa3c17fe8242409359c08bcb337e5cf268880839b6a20f4ee4b3f04e7024":"dc77c1d7e0902d48":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"6be4ef629f0b38194c74f7b66418922d":"fb77a4b9b246271abfc656433f87628c":"e5d5227725a19a3050fbf2a97a6e854bc1218b94a4a3403b721ace3447daff68fff5553a26edd41219e68fb61fb9e964d0a3c29796251ae4eb942187cdc55d13a09dfb487e93d9e2072d7271456a77c6ccb81154443eea176314d6e3a08619b52cd880f1c28ae5214ac0090a3855dbd74f87389fe8afebd464330fb683dff81a":"b67ea20a320f4ec0e4185c62a4ad79a3c97a8189a5e4d1deff9d3edff0f9a9323532853c1a2a2c1e62e4d1afebfcdf1d8461921ea601750380e63b912d8b7389198f976851d88a19f1aa32c97143668ad00838d98da1c4f2be0e6e2dc964d170d7f7ad2e2997982e5ca110e744b6e10c24ca18eadff6b129b1f290c8a7e0a593":"3d8fc6fb":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c50e37244931e8debc12b3d561c83ba2":"6c0b1fd7ab424a6883c36457d1b5521f":"516dc25f6452ae169ce293c5cee440de47353ca5ba770dca0f04175950e87a2d4c3f84fbc6eeacaac436853492929680066f959e74de4b736ab924d8367b90aaa6e9492561ad4b5aa78b6737d562e960edc3b983e2e01a186e9f22896f48d8dfcfb6a42cfe2c6006c687a27772820a1e8875bdf09e8104248ce4db883376bc04":"b9abf0796f2d2f774735546cf809030f65ed0c7f6bd469ef2fe0ef32aa0225b57fbce07c36017bbc1806a81ff1a429278160a07643f864485b4e0e35d57553dc1a131e32aa10f1f91d663b10f0a418f472ed7b4bca54fd7ffdbb22c4d7764d94a7ffd04730614459431eb64335b9b65363de292c04275d40a7b968c0f5c486e9":"7d4393f0":"":"962509e494f10269b70ebad02b0cd799d1d41191a734863ef502aff3d3ba48dc2acf9da9a3fc3f40be4d210dc5e128bc00499aec57aa0a4669863165428687b88d46fad41e36af8ea6605586eaa5c0736d0d53b9d523e0cb5a0b285048e060a73cbf4b587d2cd787debdb2b4c8cda731a61a15b19fe8b561fbdd3a7373853ae1":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8531ddb03977383405baf2ee9ca7d64b":"baf623867d6a25fd85d1f08e599c0566":"18f92cdd37dcd7f99b06838f3f68748aba367baabaebd0da9ee787d70e752fa07dea553a43b643b8d8f460175c0746675205e20a7a98acfcac864d7c4cf5ab4c41c031738c76882acda003c5af47b1c4df8894a827a317935d970d4afaee17715c9cfd1883e8c345f19d1f89e229b8edba6b4f53b86d8da1c0f159afb83b6b33":"d90c9e26509bdba9b1dea8d2b94f2b1881d22c2bd756ad23cd61944710a1c1f2807170ed47a6870ae654e44757fcb3822ef28b37946cafc07284f8a0c22ae3552954f0d87b8d8c825bd546935b494cacb4262d9e2a88f254f200ad31367d8b3715afbabea5f34214ffedb14d7c84806022aba2dc8f88a314ffbb24017d1a9b9f":"2fc9de46":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"862dd5b362cfa556ca37e73cff7f4a0e":"81530a243655a60d22d9ab40d2520447":"":"":"3b9b2af54e610ed0b3dda96961dd8783":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3452b7bc100c334292e08343f139b9d0":"8f92739a30fe4ba24079f5d42753d6ac":"":"":"0eeca69f8b95e1a902cc3ab1aaa8e2af":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"31a0cbaf21b943f8badc939e94eac7eb":"d5bb2c4eaec47088230972ae34fcda9c":"":"":"580e728512c8e44fbb3fe2c498e05323":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9e8fca537746e7cbff97f1dcd40a3392":"43e9f2bf186b2af8cc022e7c7412d641":"":"":"4465a3f9d9751789bcef5c7c58cbc5":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"35b5854ca83792ad691dbda1a66790fb":"cff61cf9b32ea30cf7e3692aa6e74bed":"":"":"726793199df533dd9055b0ac7c939d":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"07259267c1c6a015437a5d8cfa92f9e6":"18b9cf2ad7ace6ec1c8366b72878cf20":"":"":"4340f6263f0ba2d82c2eb79cb0cc7e":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fa1df8955aa3ef191900b06e7c1b7d46":"6928c138c98a4350c318fbdccd3f44ba":"":"":"7c89d9e77515d271b6ed54c9c4e3":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c04200ce41ce77d772babb206315ec7d":"a885d58f0f38f9ff26d906fa1bfb12f4":"":"":"9ee0d025421f2bf18caf563953fb":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"650df049461be341c3099bd1613dcead":"8a4ff6327b49d297248ce2d5bd38afa8":"":"":"13f067ef0d7b448d56e70d282fed":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ee61b5bf5060fcc637dc833926898508":"b2dcf21f9ffa4a883044d29f087f9b85":"":"":"9ab1d66666d4dea3cbb5982238":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"01cc56ca7e64db7fbef66236a5c49493":"8ea5b63004189792cc040ef18b37e550":"":"":"d685aeb54aa129a21bed17766e":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"134dd72ac8e28ab46720c2f42284a303":"c6368e4c0ba0ec90fa7488af9997a4c7":"":"":"4ad9cdf19ff7d7fd7e273efced":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"180c04b2bde6901edcda66085f73ecd9":"9193b206beade4cb036f01a9db187cb8":"":"":"530f5e9ed0879ccef3a7b360":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"aaac85742a55ffa07e98106d6d6b1004":"630cd8ab849253c4da95ac80324ecc28":"":"":"37911820c810e3700c3a9321":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ab663c4f8f2fdc7d5eabf6ef26169b4e":"86e6100669929e329a1d258cd3552dc9":"":"":"958d6141f7fb2b2dc7d851a6":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0dd756d49fd25380c4026ea03cafc2da":"6a6f7e39b0d730ea1670e13d16c12c28":"":"":"872ef05a28da5ea1":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"bd8a834b288bdc7578b6c6ab36f5d068":"aa77de0af5fa4dd1ed2ada5cb94813a0":"":"":"c5c094e83755f2b6":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"020d280dbd06939bbb5e6edc6f6d39c6":"09aea6f0e57598452719d6f63b6fe5a0":"":"":"05d6c56ba601e85b":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e47f41a27a2722df293c1431badc0f90":"227c036fca03171a890806b9fa0c250d":"":"":"86c22189":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9d3e112114b94e26e93d3855d4be26bd":"99b98525160c4bb2029da5553ff82b59":"":"":"33bee715":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,0,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"5b4b7688588125349fbb66004a30d5d4":"b4ae363edb529d8b927c051cf21a2d9d":"":"":"6a920617":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c4b6c5b8e21c32f36b0ae4ef3b75d5cd":"3d1036bf0000e6f1b77a799f2ef32dec":"1cf2b6cbe86a87b4b5bb3cc50024aeb27c48143658d47b41f2f20b87ed67bd6fc3b85a3a803f66d3576608f5d6ce6cad11e02fe12de5390722dccb8242e1dd140051bef51aa9716c860d45d45bca6effbb1a4797e6e7406a04db5d823766c0f011ebc28e9a8cd4446ec8a75ea8bdc1b2fdbb5cc364fa9877886e30404593df34":"":"a49725014c214ef7cc2d28b9b2b53da7":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"63c3f81500746eaf383fe3975d84f849":"0799d4152fd73c1604b4610cf7171fe1":"cb8248e5f904cc9ccccf6f273fe621eee1b4d7ed98480f9e806a48b84e2d6a733772ecf8fb7fe91805715cddab2b462b89f6e6c7cf873f65031f13c357d5f57b00b7c391c39e78ad1ed94be236ca0ae316bce11bc33c5d701fdfc58abbe918b9c42f7b3d6e89d46f9784b388a6e6daf47730b9fa665d755a17e89932fa669c44":"":"c53d01e53ee4a6ea106ea4a66538265e":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b0c88b191ce6e8e4a3941f7960b7eae5":"e2a899961c332c815685c553351fa519":"308bf10570af48d632911f3641dea60d78046211c01a63bb8e4e5cbddfff8841d2f2b11e18ccb2170805ef4cacf7804d64e0feef40731a1704907f33b77788c18ccf35b224ec3046a67664ac9a3481d2385b6ddeec6da4f32423f94ea9663a5c51cc388cef33744a8159b4fb654dfdb5092718bf926c824be31197f07f276b5f":"":"92604d37407aff33f8b677326cbb94fc":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c818dfa0885a09f65ef78712f5ce6609":"ca279284723530fdd68ae880e0ce775c":"2a562abdbb483ca5f355f9cc1c5e607bdd624a078a76b717ce0f8f35d0d4c54b629f372f15d20c848d01420c6af5a7040d42063704a17b46259dcc53723caf2d4bf556143ff9117c752fa4f22c9c155c99b7bf5949d089cdafd562165b9cbf53ff51cec21f49128c8a599718bbcdb4a5d705d20509c44c8945e2a133164b9942":"":"20e9a3a98d71d460743e1efaab13c6":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2354c6b6afaa883e7ce91faca4981f8b":"604f2730c756c8c39a0527093bc2feb5":"959b4b0b9ce2e9120b327d2d090117553999ee10bdd384a546fc6de0957ef4b447daf07b3d07ef7dbc811f36b0fc09a175d26e4d1263cb5e21eda5ecab85d763807bb20b3cb6ac3f31d548dff00aae058d434ebcf6f7e3a37f11324134f453dd0ea7f51094863486426ff1706129a5a93c53d8c5ccb56cafa5881981fe233cb0":"":"3588c9aa769897dfa328549fbbd10a":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b0af48e6aebbb6ff5b7c92bd140b085f":"d210d6502a5221ac1274a9c7f5a81725":"d725311ca10eb4b4aa24e6dd19c5e72dc34fc1ff53feb25d924a9b7d8d72205790ca4b1275bd93ad60c27a5587a45659bca07c111e9748fb683a03465153ffd735b7d134b479674ab8596f0596496fe2090f623fd1e4dd730c5283d8b172db8a25df42d9b34f388ed32676a56b8ba03347e47379702654508ccd0a21ff03516e":"":"e6222f068a1e18f09ba6c771eabd86":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a05fe482fe164b2eca7f6c3e377b39d8":"145327bcc10335fccb93afbf4b17e6e7":"ea6f2e93b5e1bf127d40440b8d6397405246b1b48eebe16964f18928f6b4b8ee2c36322d7126905c1a5b816996e340404b586edc2d77afac11a6c1266511f9eff1a320b035442d4078f8e42ca63cf26d12a971a7adf4645d1bd9a8e4d0a20722f7c2d529beaecc4033f7738075e1cdc6d8a929da5582540678935b82e7b7ba68":"":"3900bde9fa9ae2cbeee54d04f224":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"dacbadf819eb16a63f6f091d13ed04d4":"b9ebce724b0dcb0989ac2d8e7ff8aaec":"7dc6e2189d8a96f3507e352e05e8fd1b4bab988c2f1c706115887119f63b78084f015d85f6b460901a02880103e4d36e8f6527dfd74e4a3acd3f578c0cc726b528875f701ff8b66e5c11b4689c346a098e123bebfa253362cb86829be73c2b85a6881fa976aa730fabb76775027feec7fd920a6c8965a4a509ea812d7c413a95":"":"8988fca83c8cfb1f8feefac46f04":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"969244c7444f3f3bf193b28f8e8e96dc":"49b2845a1a1c87fa66eb8f78c05ac029":"1414a07e86d8b61d1eff43e1ff4ab42c1c95e159058b74c731e3007d21a5eb78bc17b7e920363a3974aeb8608813dc9a4655199b6703ed337450702d8ab16a89776831b2c7c811fec3acc23598a0aa01680a7bf42a4e258145beb08c9f0eacf2bb5f56d26bea3ad11e1a956a630b80f3d22bf35592b4704f7c464b08b06dd7f8":"":"a291c7527385f037f62e60fd8a96":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"525abe490c8434802b69439c590a5290":"141f79f0501316e66451c41c7af0f0cd":"be440db66d3f81be467605a7b2805ec1df5e71e1b1b04bd7a4d05e912f5aa1912ba08de72df18613b32b7edf78963c48c80c25178b3b19262b85bb829f5377e0b368b500d6d3b442f54172d4ca4500eb5b4d478b602e5dc11d090539455087ce1e5b9ea74355fc06e9b60cbf25a9804d3f8c623fff130abc48bc2d8d116b8366":"":"038c7e95f790e6ca5ce73f9551":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"51644e025659de983f5c8156516b812e":"614837c743d0974e9cca497f13038c02":"60c5d062ade2c5c2dec68b734dd3e58ec474a586d1c4797fdfa2337800510134cb27a10d501927632af3c1febc275010c0d2e5abee630cd2bc792963fa82a42286ab047b934a261927311b40f5f953bfd661427921147cac7613d95ee86e16326ef67c1ed097e8fb87a78753d785de34e03a182232786079cb6be00182e41c9e":"":"77e3deba2c7f9386f85bc4a801":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"08566ca7310302dfb84d76ea0525ba20":"5f20ec9c35c08aa7f1c0e8a20fdbd2b3":"5d84e32768b8d1e7e3c426b3118d48e35491bf1bb454b359c8429220216efd8826be94fe1919409a128ccd8125a594f1691c9421fc3dbbb3f757bf2355bb0d074ceec165eb70e26eb53fa2cb5d84dfae06babb557805ef7b8c61c1bc76137571bcc5e84bf5987dc49013831d78bd497ccc49cde7dca2cb75e7ab967da8c6ce81":"":"873f037fc05252a44dc76f8155":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"dfb54db96383fa911bf5b4fa1218ef9a":"7e849e24983f63f1194b396bbd2d55e0":"d3fb689c5818810dd104693f3306a10b27178444af26798a194f7c2ab31ff3a172904b951942b1a26c8ae5b5b1ee2d86dc78bb72a335fde350766d7d9aef6f549871dd46b04b2cc319fcdd47be437d431ad18cab82d51ca9fa57f4108a8de622a92f87d28c0349fab27757fd773413f559a8c00d30e258c1f6cd96f9759bd957":"":"dada7fc7fed58db462854ef6":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"389cf888474e9403e5f4d0e22ffec439":"ef57794cf6fac9f9cea3e8499b53b1d6":"7ea7f7f4763ad208eb6199285b6b2819756c4e3caf2d0ac6f5076ae6785fecdcc4b138a51860ff8b87aaac3a18c2df778a4818308d458dba28f5017513e1454f60be20dae68736ea6d48b1f9deadb517df63140acbd329fbfbc9b82f3ca1862c9e998f0faff1d3ae60b005bf66829f5cf0c5fa03efbdd92d39351e3954be0257":"":"92726d90ad26130e65f2beb4":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e55abb2ca36c822bf2a030ac703cb8b4":"d86f7177e8ec90f9e9edf10175d5012d":"777a9d93091de56324c10712243f5541722e0b27e1f303fef6faa387a8666161ab354dbea6c43c82a24e8623bfec39aab13164add6be0dfd55d23204c0975b4ba6fbda51363befde482a9ccc1eb9f151e6ad59c77a1e24dd268389e4686f198a936dd603044a3fb653d63cff80597f5a2913c8a2ec1b7d9dce5728dd56c78c2c":"":"65025250343ed8c09b3fceed":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"586114f3b1dc087e1b2739b28c592dfe":"ae5a38ddd455505284434a4bcfe81ef2":"531ff8c285e532d961f49bd210a5523cd9b19a697a3a3fb26db940a496f253862405b1e825daeda7eb0445c98022b8342c8f8ea20301618483f8ab04b6ebccd7e7fc57878fb544a5bf78fa896f50ac30126ff8afca8a86388666b64c643d16812729bfd7e5c03ba52f7e6ea4c6a685404f7bcbd956964417fa0ea9a6d7290c41":"":"467a815610faeb82":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"cbfe806bddb7f06b3826b097550c68f5":"04c1b6c9fd2ab76fc2adfe15d3421bbb":"cfa86d02599652cb4ffff027b9c6ef2336dc9fe946f64fa5ce83f624e144563d4738381bc5371c3cb55cf41ceda07e62cb635ff37246bfa428785229c6e869d5df69d7949a8577889a29e3d05b788ddd43608d9c14e3f1b51ce2085b9a976fe843e3396a74922babe6797d5f01c37ead623b5b582505bcd29edf8a6ea36b0fc7":"":"0697ac372a9acafd":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"96ce3a095a91effdd91d616f1f02ddcd":"579d6633ec6687afa24ef874899b58e0":"3ff3c0038148ed391b6a10aad623a82fe9209c5ba74482f11506d597b5fc7af977235d8ee9e28cf2160346ddd0e33a5bd1fb67b87dad7167fdd4b2b4000d8460ef7b3e1b59b9d61d06cfbe7945379ed6b650de86f396a38cc70d47b8a349f067d00144c903c276b323be6a929a7d7dd8ae7d254d640cdc1176f98e01a1d8c82f":"":"55a0f61032e048f3":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"24ece168c2971cf2b404ea206dc9e29d":"e9db62a42491664a6c46cbb0b2bafc92":"3579f6c0cb3d2a5d0c4548855c7c052d36b6a8dfc60f4ca1b4bbe28ed87306119e71982dd84c4205ceba918d675472753df1b5192d3693dbf6a061c6056e312135ffc5ff426895a7e30f7f675d2cb21de06eea5e3761b94deef7537b985d324864c9ff6ab6e230a1006720f98c958912b604a6d03e3979887c07be3ceaafc78f":"":"d2b15a23":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d3c3cf993f6740a019e61ce13c29955c":"af900ac348082ff32d2e0ab886079516":"2ddd0e8c99661f0757f04aa79a1ffa24ad48fbe5da68b9e71f7a0cf1b4f2ca9b757695900b7549d48847ae49950dc9b270b1569d29dcbef412216737bd83509c17ae41c34ccda318939cb37a0a380762993a7568c0b07794e78746173dd5c0d921cd50de4b548c1589e142c3dadbad42161aaeda2310f3c6d5c722d9ac69e96d":"":"f2d3a6ff":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,0,1024,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"5f1e5bd45ee8bb207ebbd730510ff218":"8846424a194f5de858556e6be5b65d7f":"e968947fc0e49136e730b97f6b16e393d5e4fdf3e4803a23af79211ef59f29167c60ead72fd489da32d2ffa43b2bca2074f9d1b4f5396ca65004b0806cb7c6dfa751fb6afbee3e443f3c9b0e3df6722e0d1320441400c5ca508afb657c2b7f1669b0de21761dccab9a40fc513768bd1f552692626ce35078a2e0e12f5d930647":"":"0d6c15da":"":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3997050377cfbb802cc438d973661688":"c95c84c263bdfd5f1de66e7e616cf3fb":"":"b02f0dd373e42c65e8e1db2dd76a432e0b2bf6e630c8aaf0d48af51b3709b175de9a19b3245ae75818274c771c06fae225c4f8b002236712336e805ab006449eb29cc5e29abd82b06c32d4c36ee99acb9a6d7d9eae6ec6ec263c002a22c4a898c74f6abd6d92112367ca7ffe82787c5b39e7012ba22825d3612af3d41e8008a8":"b35b3cf6ed59ccb69dbc9b47a3f284ae":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c58583f6479d9bc9f1bffddefee66e59":"cee448b48d3506ff3ecc227a87987846":"":"564a9f700cbc1f895e4f4fa6426f73b4956896a15e6127e7560d74e3fd0b980d2ee45b7a6a3884fa613d91d13921e3f90967d7132bdafcd146dd8ff7147ed1964c2bdb3e12f4133d3dbbc3bf030ff37b1d2147c493ce885068d9ba5bebae24903aaac004aa0ab73fe789e4150e75ddc2bde2700db02e6398d53e88ac652964ac":"361fc2896d7ee986ecef7cbe665bc60c":"":"9cce7db3fc087d8cb384f6b1a81f03b3fafa2e3281e9f0fcf08a8283929f32439bb0d302516f0ab65b79181fc223a42345bad6e46ff8bcb55add90207f74481227f71a6230a3e13739ef2d015f5003638234b01e58537b7cfab5a8edac19721f41d46948987d1bb1b1d9485a672647bb3b5cb246a1d753a0d107bff036ac7d95":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0bc2bde877e881aea512068105694968":"05f0c34ab2e8e8026b0a23719344b71f":"":"1a6369a45e8ef2846c42d54f92d0d140a94f9633432782dcbf094f1444a1d006acd07ef6076cd0faee226f9ff14adc1fb23e3c63ed818c9a743efbe16624981663e5a64f03f411dcd326e0c259bcadca3b3dd7660ed985c1b77f13a3b232a5934f8b54e46f8368c6e6eb75f933196fa973e7413e4b1442b9dee5e265b44255ed":"46bab9fc2dbe87b8f6ca0ed4d73e5368":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e14f45ba5d1eb52e0412240da5d7b5f9":"d7f8ef12f66f8b7c60aea02ef6ff688f":"":"9a85fda19ce923f093a0c25b0c52f5d9534828af7c7687d22307004ae2d10c4592242c0f2704070307ab55b137780d1e2013a19396ab43ff6a295b63fdcf323456d149758f9a2bb37f1418d62ea6368b24d5067b9c63d2968e06d6586c7e3275faffa005f7c7bfef51303e4c2b2ed4564acd17d50efac9f5e3e7f16ce589c39b":"beede05e4928c808bc660f3de95634":"":"4ad5b9ace0c0c7c07df2900faf37a902899471e7aa4a0a1ad5387f8f56d73f78f619be79a4e253f95b15d52895a05bae9ecffa916d35efacd8baf1c704d2aa4a38c234efc4dcfb191ec0fa0b522328fa5b5dff55e8c443fee660ebe3d8ad85de157a889aefc823720030a4cd6ba94a6309dd61806f0abb27772432018bc61701":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9a64579f3601b0022d357b601cd876ab":"515efc6d036f95db7df56b1bbec0aff2":"":"88be1f4bc8c81b8a9d7abc073cb2751e209ab6b912c15dc094002f95a57a660b9f08b1b34f5947223205b579e704d70a9ecb54520ce3491e52965be643f729516f5cb018beeedc68a7d66c0d40a3f392ec7729c566ce1e9f964c4c0bd61b291ccb96e3d1fac18a401a302f3775697c71edb8ff5a8275a815eba9dd3b912e3759":"13ea92ba35fced366d1e47c97ca5c9":"":"7fc8565760c168d640f24896c69758355b17310dbc359f38b73fc7b57fe3f4b6ecad3f298be931c96a639df3c5744f7e932b32d222f5534efb8eb5d5b98d218dce3efef5c8c7ce65738bf63412d0a8ed209071218a6fa2f7be79b38d0b2f5b571ec73f1a91721bd409b1722b313683e97d53df19ded95fd471124fa5f294a4bb":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1bda4acfd10ab635f357935bb0ab7020":"48b77c587616ffaa449533a91230b449":"":"c9ac8d4ef7d83848fdc03664957c28b9b76710797d5db1c21e713e85eb0898892223e52be1644fc7362c95026ebb9c9ca74d7d3739eff10cab1eda00c36628dae0b98d119a14635800e37cd340faa6fbba9c3d41d52722cc3969612b1a8c5ca9a68773f5ee654506cb88ea65fb1eddf5ab6312d0170dc03324e483342448b854":"8325e4394c91719691145e68e56439":"":"1287ad3719508a9be70c19e3b134a2eaa4415d736c55922e9abcfd7f621ea07ffb9b78d8a9668c74bbd548b5e6519ea12609d2d6197c8bd3da9c13c46628f218e7ff81884ff7eb34664ab00f86e09cd623bec248d8898ef054fce8f718a0e0978e8b5d037709c524114ec37809ac3fd1604e223e08f594e7aa12097f7dc1850b":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d21cf24bc5bd176b4b0fd4c8477bb70d":"208cb9dced20b18edddb91596e902124":"":"2e7108fd25c88b799263791940594ec80b26ccd53455c837b2e6cf4e27fcf9707af3f0fe311355e1b03ac3b5ee0af09fb6fb9f0311f8545d40a658119e6a87ba8ba72cc5fdb1386bc455c8fec51a7c0fec957bed4d6441180741197962d51b17c393b57553e53602f2a343a0871ea2dc4b1506663b2768ce271b89c4ed99eec6":"7edfb9daf8ca2babcc02537463e9":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3d02e2b02170986944487cba8448f998":"6336077bb83eff1c9ea715de99b372cd":"":"bc1d7553f4a28754cf59ed6f7a901901f04ce62a449db2b45ad60329d0341bb9ba421c783c28a9200b41da8ab6328d826293134a7d0c9a5775dd2735e7767efda4ad183566e0847d6d978abd1a8ab13b16b8323acef05ced3b571631e1e24ad44d65e6ffa64e03c9970e94bacb9f721aba06cda6a08806a3be63dddd8029301d":"0466bb2957281f64b59eafed3509":"":"5f395958f2f7acafb1bca6d3a6ec48b717f2ceeac1b77e1b0edc09a09e4a299d2ec722cc7daf34c8f4121a93c80b2adb20a2fc95afd09320f91085c93c8b082dd703814c9777501d23bf9b328f07f04652592dc5a3f4321626a695b8db8e65c8617c809eb2978d8c9a882ffa82a4bb707c1a8f9a965bdacce5c041bafc94a1c6":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"cd1ad1de0521d41645d13c97a18f4a20":"413873a0b063ad039da5513896233286":"":"588c2617517329f3e1e7ba6206a183dc9232e6a4fa8c8b89532d46235af1e542acaa7eae4d034f139b00449076ba2ef9a692cae422998878dabdac60993dce9880d280bec1419803ba937366e5285c4a7f31a5f232f8d3ef73efe7267b3ef82a02f97d320ebc9db6219fbdf1c7f611e8e5164e9ecf25b32f9c07dfa12aa705af":"d4dbe9cae116553b0cbe1984d176":"":"bd519b7e6921e6026784cd7b836c89bc1fa98e4013b41d2bf091ef0d602e44a70df89816c068d37f0c6377af46c8bfa73ec0d5bc0b61966f23e55a15a83cea49f37cc02213b4996f9353ee2b73a798b626e524b9c15937ecf98a4eded83fb62e6deea1de31e0a7f1d210f6d964bc3e69b269da834720fd33487874489b8932a8":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1cb120e9cd718b5119b4a58af0644eff":"5a7087989bfe2f6eddcb56fde4d72529":"":"4c8e8fb8c87ff6b994ae71bfbf0fa4529f03bad86edf9d27cf899ea93a32972640697e00546136c1dbc7e63662200951b6479c58ae26b1bd8c3b4f507c0d945d615183196868ec4f4865d1d00bb919a00184e9663f6cb9a7a0ddfc73ee2901f7a56ef2074d554f48cef254be558fca35651be405f91c39e0367762b4715d05fa":"95d8bd12af8a5ab677309df0fb":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"315b206778c28ed0bfdd6e66088a5c39":"7ec6f47ec56dda5b52bbdaa6ad2eb6da":"":"6186f57a85b65f54efbf9974a193012b1396fc0ca887227e1865f1c915ac2af9bbd55969f7de57ce9fb87604cf11c7bc822b542f745be8a101877a810ed72bf4544d0acb91f0f9d3c30b6a18c48b82557433d0db930e03bcecc6fb53530bfd99ee89f9e154aa1a3e2a2c2a7a9e08c9aed1deab7fae8ea5a31158b50bca2f5e79":"930750c53effc7b84aa10b2276":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e886de1c907c97e7db8ec80a79df90f8":"612cacbf33266353d0a29a24532f3c0c":"":"c64cc9596d7c738746ab800f688eec190a4c802c55b2528931d74d294496892b81f53d3073d48f9bef1d58ce3be26547474cdda2868abeab71aff566fff613b4e5bfed1be1d2fff35d8ffa33302d3da1c82e421aa3a23848f31e26d90c0cb2ac2ae136ada73404ed3e0e1d3e7cb355a11cd2a4f9393b4d5eac988104fe1cf959":"76634e58d8f3a48f15875ac1d6":"":"7001d7395efb432e2804cc65c0ba5d4719ce84177ce46292c4fd62a5596bd2bab1d5c44217ac43235bd94489c43d01618a11f047d2e247062c3b88d6e59adaa1f46514fb33b7843483920bee60a41f3cb312322c305d25251b4704fb66da58637c95a9d539731434f60ef44fe3cd6d37e2c8e7089880a563938dcc98b43f08fd":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3b936e09a6477f3bd52030a29df5001d":"f93105be83fa5e315d73acfdcf578de7":"":"65cf11d1afad19b34f282f98f140315992392f5d4eed4265085b29e1e5553f4783fec681ba2d368486ba6a54c00e71c82c08ca3d097904f021ce4b0acba2d2a7005e28e5f8750ea3d18a4f78363c37583e85104234498942c639a0564b0d80055c21cb7735dd44348298291ab602f345b1d74d624750c0177fbd5cca6f99223b":"91b55bb5e3f3f1abcf335db5":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"dc9e2095de7b1b48481b56bf6a3604cd":"9e5268db19a1b51c0496a160ca76f8f7":"":"ed61ff94a3f84c72147faefa615e2df00324fb01790cf9764c72c1b8ba47f17866a1fd64ee5c2f53865d1bc24ec93165a6774466a59603199ee476c1f2da7d932c8943d126aa172d532d8475a484d42bb45fcf92766feafd7f3e2e3d42d22f6f84a90e7e688232f799d80cd2cc152ddd21ecfb137701ecafcb2b65abe2e4e6f4":"0fa9588536fca71bb44260f7":"":"ef562e301fcf923ff1a1acd3aff9b1c963058228655fe8a66cab01396547dbd2aa1f79a22eefc62944b86d1a31ebe2d17130175b8c003d6755b0eb8b79895b0f7f8046c5ae888a067ba17bc8e11a8f6e5023a9cd42f6461966c28e505b371c0f72a2606bff430a58016e99713d25ce11f10391fb4a922e27989422c6a64f9107":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3f93901fd7cc88db3ba76a158d658c7b":"7e98de461e6d96c0ce6c8d8b3854cf49":"":"16402fded879fcbfe9405902aa63ca2a520889e0045f687455469b7bb867829a01208b8dc5dcc852d8ee478993c30e6d9ec6408773b367821310a0ae171d38d71e06981ff6e845acffbc794142b87c748e12484c0636419d79be3d798cde59e9dae0a4a4a4346596427e6b235ad52e6a1b02d6f4df0c7de35fc390cae36aef14":"86c9a70e4bab304ae46e6542":"":"1b4c09569b42c469b3ab6b39312c214502ec09f5fe2fed1d1933d13cdc6a7b77a5d135123fa69d9207d6844b0357b26b7a2f53b33a5cd218dacda87b78b09cf259e48e74076812c432e2d0833fb269721f9347c96e158500f9b2283342a35c8de0a022edce711118d72d8fbaa354bfb0ffee465844ef2d37e24ec2cea8556648":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"42289f3d3cd5838e250ef54b128e60d1":"e557389a216ad724aafdab0180e1892e":"":"3edae1d554b67d2036f5fdbdb2945cc112f100adc1b47009c2e23f6a2eaee78d1f39ce8a98f715853cc29fc793fb6981ec3036834188dea7d668185ccc8642071b15de1332f6a59c8a9b4399733eb4b3d8f224af57ba6b4a8e64494bb6630b9d28e7ec3349064350febcef6a3ad1d6cca1b1da74f3d2921c2b28a2dd399c3416":"6f78bc809f31393e":"":"25c476659cc7b343a69088baf868a811ba37daca85c4093105bf98235a90aeca015ab034da008af0982f9b2e80df804c186a9b2e97f74cffd70ebb7771d874fcaf12f6d01c44a8b0ec2898cf4493cf09a16a88a65cd77909bbf0430c9603869bd5f20d56cb51d8a3f0a032fc30d925c96599d296b1ec41c2912bda426adea4fb":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3d772eabb7f19475665ca2a7e693bcfc":"0747cbb486a013453fde1ca6abb11dbe":"":"e9fc4d86f5b857fa6057b73f967351e06f87288c40a95b9e378c84f1a4c0f4b80ed0a0b44ff90a8973be4199c0c4006fc4f5ea19d5f1fe8b9c8c01f4675ab85afab0592bb3daba36bb4fc7ed9eea867e9d8cc50c19fb62a5a57956e9efacebac5e9f849649d35a329bd68de97bb6e5ff7bef477a86765c2c9ec15e24cbba5c6e":"8e761ffaea68f967":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fb7fd753ee6eaaf283a42a121dab4e43":"8164929fb54485377ecccc9b9621af5e":"":"fd5cecb2c0287cb8229e97d9cc4b9885f428710528884ce663ed1728cd44cb2df93e56ef17ace0678d1e341366c652f4ba7ee45797d39be4a05c1151e5cde499e13e5d45549b5d95a174d03616d06ef96e9d7b2b6bb0d79a726b253dd64223a5f09611671b234ccf9b383952f8888814b2c167e774cfbf54e9c6b99a753f4fa9":"40a2fa7f4370afb2":"":"6208d068be60f7b04b80fc611062e6caaef9a5cf59f850d174b7446c78c039ea9aefe4885e19c2b33911d32ce1fe3c48ddffa4b03e450fd35da03f40c4e7c5bb3b1c3f3049dbfad3ac81ca1b79cafbaa172f4900e3829d38edea3b64000f93924a801259bc4b2523445c64bc23bfee190b952468507fa4baf6dc2bec66fcf0d8":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"30d757fd73a0fd5fa49159ad0653296d":"b35b8df0aebd0608517f2830e0e70cd0":"":"17d485b258f80d8924e35291118cfdcffd86c47851b65f0b06a7c1f5202de82f3f460fc61b1aa38fdba7c8ded375c92cf005afe63e59d362c0960044af39241b81ca24e85c5faa43903229355b7313fee21b992ef3931d9d2407b32b3cf72dd7acbc7948395eb513cb2fd428b215ba2bd1e29c62f45d0ce231884f62480c6d8f":"954c0e99":"":"022618d2598f79104e918a09c937a82b3db59243b5e13de731fcb912e4366105797ce47f6dce7f08073f2f41e5c15fd6b1ec4b5861469a4880c3b0bd769b78c696ff29c28c9349d5a46a6e5ad9211bd4b708a8c0b6928ebbb0dac1c0a5f5ce6b05de6a50073128566a23f09cc1b826aa5803f9f750aa4debf59f24ae9f98c9b5":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d9d3cfd5900de5d5e2109e7721cfeef6":"b4b9dfb013de6f7c44779e5a9daaf5e5":"":"e4243cc37cc32dfcedf9bb76890e706af6ab1e06b290b8ccfe2a55e5dabe68cb390f7636dc9676b431d4dc8ad3f6d989e510194294ab7ab0556789046743cf374d8b6462f5f95a17f3f44337d6c69ee47b0e1ad7e5ce6f9b224c54099a104e70d2d06af869b921ea47febe08f90c591ed49c1f12003afceabd2c7bba458a0111":"2b81e8ce":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,0,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"68dc138f19354d73eaa1cf0e79231d74":"e7147749560f491420a2d893c075bb76":"":"ce345567a76bc30d8b4fd2239788221cfa75e1a310aeeeb8c355f8eea57d80967f3047fbd4e6173fac5caeb22151fa607065953c4c35e0537b9e3788cc80de9eedf2a340698bde99a6a1bdc81265319da3e52f7a53883b7f21749237fcfd3cd4f149bb2be7a4ddd9ef0544cfe0789040d1dc951b6447304942f03ab0beae8866":"70a83f6f":"":"64b021612c78b3e192e8349d48b77d02927e7fd70c7160d37cb8ef472f6bcd9df9d93431627c1c80875e208724ae05f94fdd2e005e9707b78a1bf3bbca7beec4b03ddd4d9de6235ffd6d84a8b9a1842e104c1e22df4566f6c4d3d4e3d96a56b9b8a5cdce9da70aa236109b289266036f285564060b204dfd7ac915eea0dd0b1e":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"7362c86344e0aefb0cf0d04768f9c05d":"7e8d12c2f0dcf4f792247134234ac94b":"86d2b5debc3b10495da353d6821f6cad380776d805bd8660b08dcdb1acd87026e4f344b547a4db47b5f44cded314bec4ce9a417ce40a2acd5a21460c42dfcd27483abf3f38dd8cc5fa523b6768a26513df5896435baa97781cff1966e2e3d6ec6d0a9cdc013de5a50e4d46831667055bad04f784024a82f9cd087ae4cd37dd64":"8baffc7836004deb87c0111d47c182512bf861874021ddfcd559acf2c4a51cf5bc4bfdee2d039b9c005b6af95a2607643dcf4d9cd9d62412f709334556db22fc91d7b40438505d6806ccb2f2c21ae731bc1f1c825d28a71ab27095a39985e96ccd07cfb2e75243ccafd474494a2338c324ef533ca5f17d2ac1b1883140342ced":"9594da428fd8c1b13ecb23afa2c1af2e":"":"e2c424f42aedd56f0e17a39d43ad19c8e2731efc7a25f077aef51d55280b10e667e338bd981b82a975ef62bf53bc52496b6995d33c90c7ae14767c126826e3f32bd23f444ddcfd7a0dd323b0ae2c22defad04ce63892b45c176bd0b86f5fa057a3dc371359744cb80bbfb4a195755136a0ea90b4044a45bc1b069f3cb3695c04":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"58748bb204ccb7bdafdbf739b6c19a3e":"93ac298c73c88e127a4d9dd81bf24e3d":"8f168fc4d1da13bdbefae3f9d6ac1d8cb19fcec1f43f727951af0a466d8826649a46c3cb50c045ea83849fce0eedbc042a1a435e6d9d59017997a2d5459b940078b8a7f3b6b0ff279ff8c560248296a17240ff1b0643d1f436b6e3f2079363fc49fb45f410debbdde083b92057916368cb807d603cb82e2c0dc01658bff7f1ab":"b72902c9ebb72a86be539b19a52fd9af00aa4de081d90c0d8ad580ebb5900177a036f40a1e9b43e3a07d715466526d6d7544e5a5551805b62463f956cd519fc99182c2d54bd62fc7ffc6e5ebf1503859b706da11a1b6c707a67a70789dbfc10ef726bd360f9f2347326e068e757c8443ddc9308a171e682359ae1bfe87194ab5":"efba4589d4a03555766bbc3b421dd60f":"":"d5c97a659f016904ff76286f810e8e92da6f8db2c63d8a42e617760780637e32105503440cdf04d1fe67813312f1479fda8d746c8b0b080591eba83850382f600e9d8680516c6579669f0b3d0a30323510f9de1c92512790b8347751994d022156cae64da0808a649d163a0e99e869fdf224b7c1a6a8fbc613d5917eca8ee08c":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"6cc13cbd62428bb8658dd3954fe9181f":"86740da7ce4efbed70af55e1d6c10fdf":"be561ac15e3cfda624b422af97c26719c140bb50e4a993d636efe9c7f1963fb9047a0762169b571a698ff310bc417e34d4039b7562a95af710ccc1b197964a376c986fd2ed8ac4b0c7b4e843c37a41366f2f483c821a1823f317416c7e4f32eed9b9dc2ae1a2f3ed32c4b3187358a2329aa42191b7c2fe87b6e27ff20303cb29":"2c9ec982d1cfb644ddbc53c0759b10493206d5186affc6882fbb2ba3aa430f9bae1209db2d78dcc125f3c909a54dd84fdff96c71e678216a58390ef4308bdd90f94f7109c4edefa76a74fda64b201b7a435bbabc27298f3eaa4c2d1393bd584f811fff52638f6ad2f6d86a8c3c9c030d9d4264c8c079592a36178d25991cff09":"76b990a1e010e5f088f6ae90bec40b32":"":"0b9a5f5d2e6852b75b9cf26c1b310b2200e56dafcf3c941478862cdf9737ac8e2cb9b38d41bd4a1872ea1b4cfd51a1a0b9b743aca439eefa10de8459a0a7a221c5429b3dee393f17031ca6c399df8e05657c3db55be9c9dd29e690042a4ed8db732efce7c58d6b20a2a0f7c79e42e5ada43b87ab00f481c20cac1b35514dcdc9":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"286d3f5080cfe88538571188fbeb2dd5":"da6140bd4dc6456ddab19069e86efb35":"5d350a04562a605e9082ebd8faec6c27e561425849e7f0f05f5049859c2c1bd2c4682ebf9773fab6177d2601fd5a086cefc3adef5a2f8f6b5dc9e649e98dd0a3d1a2524419f01305bd0fcfff52d84a20d1b14dea2138dcc54eea2bf263c6fe27c3e7255f1f359d0d00fb1b350d7a04965af30027632520197e85eb41de6bb286":"55135928997711360622eda1820c815aa22115204b1e9bb567e231ac6ea2594b4d652627b6816bdc6c40a4411fd6b12fab9a1f169d81c476dbf77151bff13f98ca0d1dc0a68ea681652be089fadbc66c604284eebfc8ce4cf10f4ca6bda0e0f6634023db6e3f0f1de626c3249a28a642ecc9ec5ff401e941fa8a3c691566c0ae":"d90d34094d740214dd3de685010ce3":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"726ae113a096769b657f973ea6d2d5dd":"2f9900226c97585d200dd20a279c154a":"761663c3fcbf1db12bc25546b2425b8229b3153e75f79fa63958819caee3febff74603d99264b5a82ef5980439bef89301ae3206a1d01a3bbd7a6c99d27d1e934cc725daeb483f826c2c9d788fd1f67a627864cf8b5f94df777bb59ef90cb6781a2000e6f0baa4f1ea4754b47bb7cbd2699f83634e4d8ab16b325b2c49f13499":"90636012ba8c51d16f8f6df3d3bcabc3f09aeffbe2a762f62e677913188045b861b2e7d9a7bd93dcee46e9e4832e497a6f79db52b4e45c8dab20fa568ff9c4ace55be3216f514a3284768a25d86b1c7da5377622f3e90ed4c7bd4571715af4d0a2ab5181d0475f699202e4406bb9cfdbd4fa7f22d0dd744d36b3223134658496":"d095bfb8990d4fd64752ee24f3de1e":"":"9f7759c6d24fd9aa0df02a7c0cc5f17e61622c63195f85dfafa5d820d3ad218c7288ec017821100f1fade10f9bb447a4a01e3698b045548c7619a08f2304e2818a9bf55e70b40f8b994b7dcf0cb243848cf3f6fdfec3ebbb147d01df84a3ec62cd8fa5d78ad9f2f28cd288a35eb49a5172339e9872e8e7e3350b0d69f59acd07":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"73a9eeda721c6f292e6b399e2647f8a6":"c1e80eb723960049cc4448b66433f1cf":"fb2a0b1f817404e74aee0a6ec8f2cd86f0c9114ed367b2690c44ad80f9d3377d7fd5066beaf1daa739d27ed3fba98379188016b1fe901204a174f9ffca370c181aece5e5d40939a0d460913b40b895e78a3b80ddf3d613c05e4e27bfd161ea2ef42271a2679f2cdca5b728ffb2319781c946a4f3ecacf486b754b30bb04ea60b":"215fc7e52abe4c751ca2f7f9a5cbde9ab8b44b8d4054bb62dcea6df5b936145ca6ec83a2b78b070638fd6e5ea3bad5d0caf1b8f755f391c3e0962a92337e3eba575585eb83680075fc818860388c587746af78d5fc75ccd0a63f1612abb1ba0f04a2228ca27fbddba4878f9b2683683f516b6d6fe4f6622e603bd3c5ad45e332":"e08161262234d0d5be22f09e5646bf":"":"b5e286183f16dd9403bec6786bd4836cc6add47947ef111fb1d5503c18c333c8fe60959502f58390d0e0f69fbe5fee13c72aed65fe6e32f6ea45877fe44f8a556aa5157b112e572197c1c350b7943c6cf2e9146018599524d27599f09c86027f2c5927e4a20c63833870e8369baa36ecc07cdb3ced520b5ae46869ff357ca089":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"90dbda7397d8fc46215a1218a6ffd0d8":"7be477d14df5dc15877ae537b62e1a56":"7358ddf1310a58871a2f76705f1cf64223c015c4d1574104d2e38783bb866205042f05c86e76c47a2516ce284911f1d2cbee079982dd77167e328b8324eec47c9244cc5668cf908c679bb586d4dd32c6c99ed99a6b571cf18b00689463e7a88cea6ea32d288301a10a9139ed6092ffe298e25b8cfb6b4be8217f16076dcd0a90":"4f82a1eca6c9184240f50f7e0cfec07ec772cad5276d93043c462d8364addd9a652eed385ccc6b0faa6ca679ab3a4c3d0be6a759425fd38316ee6a1b1b0c52c1bb3b57a9bd7c8a3be95c82f37800c2e3b42dde031851937398811f8f8dc2a15bfd2d6be99a572d56f536e62bc5b041d3944da666081cd755ec347f464214bf33":"776d871944159c51b2f5ec1980a6":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0c85174d428fc1c7c89ca5d1b8aaba25":"b3c9dfa4c55388a128fbf62aa5927361":"3f552d45b61cf05ae2aa92668e89f3338a15ec7c5b7113b6571cfcd9e4c4a962043ccd9323f828dd645e8a91b007ce2112b7f978ad22ee9821698a4f2559d987ae4421452ad2e8d180953297156426d4540aff2104d8637b56b034a3a1823cf962bffbc465fe6148097975a8821ca7487e6e6c7ff4ee4de899fe67345676bb1c":"3735cbfb8000260021d1938d2a18e7737f378ecddb11a46ce387bf04e20bbfcc902457637fd152ab87017185601f32a7f906057123b6c2da31a1069c93e3cacc59a359aebd3e31b302e1a1f7d5d8f1b2917a8fe79181fa633b925ce03a1198dac48f4c959076b55bc6b3d50188af2c6aa33d83698aa8db22649f39825ba54775":"1e7dec83830183d56f443a16471d":"":"3d98cabca4afb7c1f6b8eeed521f4666ae252ac12d17ebf4a710b9a22d839b69458387ba4bbec2f6400e0cff80fbe4682c24efcd3b8c594d9b515ca7842c9d5988c42b59b6526c29a99256451e2927f5b956ef262f97c733dfa8bff73644473b9a8562bdfca748f4733ddce94a60024dfbfcde62fb3cbd7c3d955012d5338b91":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d89f06eb07744d43d44734faf9751d07":"185f8d033713ee629e93561cf8d5acb8":"743bcb671d0aa1c547b5448d64d7c6b290777625ba28f25ca0fbf1fc66495a2fde0648a8db51039b0e7340d993aef8afb48269e660cb599837d1e46f72727762d887ee84c073d6136d1b0bc7d4c78f5673a4a6b73375937e8d54a47304845f38ca6b4f51cf14136a0826016535dc5ed003e38c3ac362b9d58ba8b555a05a1412":"36cc3b2f563305208a03378f7dc036119f7de3fee77cefac06515853d36609a622382ed026c59783fbc0d9910767874c516e10c7bf3e3d104f73b3463c8d93a63418c76cb0d05e62e9c8642cb4f32caced2620912cb6c79e5110a27d5fba1ef3b4d0578077858526c5e4254365f2b2ab47a45df4af08980b3b7a9b66dff5b38c":"fcad48076eb03ebe85c6d64f6357":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"6150f14dc53f391e815acfabed9f9e20":"7e92dd558bd2662c3a539dfe21a352cf":"9b4624e9118e6aa5dc65b69856638f77fd3f9f562046f50ba92a64e988258637932af7979f000505b84a71ff5dd7b60bad62586b1a8837a61c15a1a1ba7f06668272c28169915d7f06297b6c2a96c8c44203a422bfd25500c82e11274ffe07706365bfd3da34af4c4dd8ad7b620de7284a5af729bea9c4ed2631bdcba2ebdb7d":"fd8f337017e1b60d6618e6e4ad37c1f230cdeb78891579c2c63d4e6a4f7d2cb7252e99de333c73db45958808c08e91359c885a7385ab6f9ed98a27927a5b83c3a456ce2e01869712675e527155ba1e339ac14a3ccd7a4b87360902f2b8381308fe5a4eac5c90d0b84da4bf5b907de6ff3139cffd23b49a78750006100183032a":"922a7b48ad5bf61e6d70751cfe":"":"f272a3ee9b981f97785cc6fad350e516d72d402dae0d8a531c064ec64598b2a5760f9b279c10aa1ff71bec07300ab0373187138e7a103fc4130105afa6b6346f3d368b40d6f542375de97878ad4d976d64c5c4968a17be2b1757a17c03100231c34721250cd37cc596678764083ade89ae3b1a2151ff9151edcd7ba0eb8a4649":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3e8216072ed6fcde0fe0f636b27ed718":"23a122cf363c3117b8c663388c760ee4":"28ce0b4a44fa83323e060f3ff6436b8829d4f842090296bdc952b6d4a6b1b1a66be06168c63c4643e6ac186f7ffd8d144f603b2d4bc0d65be48121676f9fa1f359029c512bebfd75075ff357bc55f20fc76d9f2477c9930f16408f9f09c5ae86efa2529d2f1449ceeb635b83ca13662860ef9ac04a3d8ab4605eccd2d9ae5a71":"3b50f2a8dca9f70178503d861d9e37f5edfafc80ee023bfed390a477372986e4794175ec22ac038c3461aba50c9b2379cab48512946efdfe2cb9c12a858b373a5309324f410e6a05e88ba892759dbee6e486dc9665f66cb5950ea7e71317fa94abbebd67a3948746a998173fbbb4f14f9effbdf66d3b6e346053496a4b1934ce":"531a65cc5dfeca671cc64078d1":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1af434b73a1210b08595ffa686079832":"ae318f3cb881d1680f6afbf6713a9a2f":"3763c9241be0d9d9a9e46e64b12e107d16cca267ff87844c2325af910cc9a485c7015d95bbe62398864d079fb2b577ba0cfad923c24fa30691ad7d767d651eed4a33d0be8f06fed43f58b2e0bb04959f10b9e8e73bd80d3a6a8c8ce637bfbdb9d02c2b0a3dd8317c4997822031a35d34b3b61819b425c10c64e839b29874ddfb":"13f6c1c2d4edcf1438a7b4e85bcd1c84a989831a64d205e7854fce8817ddfceab67d10506ccf6ed9ce50080ef809e28e46cba7b0c96be6a811f59cd09cb3b7b3fe5073ee6763f40aee61e3e65356093f97deef5a8721d995e71db27a51f60a50e34ac3348852c445188cfc64337455f317f87535d465c6f96006f4079396eba3":"2ae7350dd3d1909a73f8d64255":"":"3cd2a770300ce4c85740666640936a0fe48888788702fc37e7a8296adb40b862ec799f257a16821adaa7315bd31e8dec60e4a8faeb8ba2ee606340f0219a6440e9c1d3168425e58fac02e8a88865f30649913d988353ab81f42a5ad43f960055f0877acda20f493208c2c40754fbf4ccee040975aa358ea3fe62cbd028c1611a":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"04036d2f5273c6ff5b8364aa595359c9":"edc433c381140dff929d9df9f62f4cb6":"404acfeeea342aeea8c8b7449af9e20ddf5b85dc7770d2144a4dd05959613d04d0cfece5a21cbb1a9175ddc9443ffacd2085332eb4c337a12a7bb294c95960e7c0bde4b8ab30a91e50267bbd0b8d2a4ed381409ea2e4c84f9a2070a793ce3c90ea8a4b140651b452674f85d5b76d0055df115608bf3a3c60996108023ebabe65":"acf79b6099490af938fb5fd8913255b3daa22786b03356cdf3e0ffaf570f9f866047b8e15c9953f893d97e7098265297396868ebc383be8547e8ec9d974b6a65b5dc5147cdadef2e2ad96696e84e44f364c2ba18c8aabe21f99489957b2b5484bf3fb4fecaf5ddaa1d373e910059c978918a3d01b955de2adb475914bf2c2067":"71f818f1a2b789fabbda8ec1":"":"4729cb642304de928b9dca32bb3d7b7836dd3973bbccf3f013c8ff4b59eca56f5d34d1b8f030a7b581b2f8fdc1e22b76a4cbc10095559876736d318d6c96c5c64cbd9fbd1d8eb4df38a2d56640d67d490d03acc1cd32d3f377eb1907bbd600f21d740b578080ba9c6ddc7dc6c50cdcee41fec51499cb944713c0961fc64f5a70":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"59fe44c6e28d025b2ad05e6e867051ab":"eb0c30320029433f66d29b3fd5c6563b":"49b7418b87374b462d25309b1c06e3132a3c8f4a4fcf29fed58e0902509426be712639db21c076df7b83dcfcc2c2c8fcc88576f4622a4366eb42f84ebf760e3eb22b14f8b5ff83f06a6f04a924eaab05b912e126e80da22461abf7f1925fd72ebdf2aea335a044726e7c2ebbb2b8aeebab4f7de5e186b50f275b700794d895d8":"20e66bae1215de9a87a0b878d39015d17e0d4542a1aaba2000cefbd5f892c26a410f55f0d7dc2f6b66690f2997032985e5516e068bfc6ec8a3669f566e280b0cefded519023b735ee3bcbfc5b6ce8203b727933a750f9bd515ec448c1f3a030aa0f40e607727a3239ebbe655d46b38a3d867e481ccf0fadbf0d59b665d2ed6b5":"296c4cdaeb94beb2847dc53d":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c314264cee0e6db30ebe9b2f6d4991b2":"4cd4431bb6dea8eb18ae74e4c35a6698":"0eeafbfd04f9a0ea18e5bdc688c7df27183f346187e9574b61222006f2b3e12e8d9d9bf1f0f15949ee1a7ee8e5c80ee903b8ba2860e15ccb999929f280200b159c2adca481748d0632a7b40601c45055f8cb5126148e6cbab2c76f543537ab54eb276188343cea3c4ab0d7b65b8754e55cfe3f6a5c41b6ea3c08b81fcecc968a":"d436ff9abfb044a332c4e009b591719a67b12a5366da0a66edf19605c34daa37588e15dd3da0d1a097215e469439de79cca74e04cd4904e5b4a6cb4e0ea54e6ba4e624ed6bd48be32d1ef68ffea1639a14e91a5914c2346ea526df95cbd4ad1b8ee842da210b35b6315c3075ecc267d51643c4b39202d0ad793cbb0045ebdc19":"fda18d2f795d900f057fe872":"":"cb9e0fb0ac13ca730b79e34745584b362d0716c344e4de90d8352b21117471ba12c97f193150b33774baee5e4a0f11b10428eaf0106c958e16aa46c5f6f3d99eed93d1b9ba3957bed05a8b9cc8c5511cf813a66dc7d773cb735b0523d8d6b0b80639b031ddc375f714c6dd50055320cd7ed44a471c8d5645c938a9005d0b5050":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"26072018bd0bda524b5beb66a622c63e":"c783d6d3b8392160e3b68038b43cf1f4":"8ae7c809a9dc40a6732a7384e3c64abb359c1b09dcb752e5a6b584873e3890230c6fc572b9ad24d849766f849c73f060fc48f664c1af9e6707e223691b77e170966ed164e0cc25ede3fbc3541c480f75b71e7be88fe730d8b361ea2733c6f37e6a59621de6004e020894b51dfb525973d641efe8d5fd9077a0bbc9dc7933a5de":"91c524b359dae3bc49117eebfa610672af1e7754054607317d4c417e7b1a68453f72d355468f825aeb7fde044b20049aed196ec6646cce1eeeccf06cb394286272b573220cdb846613ebc4683442dccc7a19ec86ef1ec971c115726584ae1f4008f94e47d1290d8b6b7a932cfe07165fd2b94e8f96d15f73bf72939c73f4bd11":"edffe55c60235556":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"201751d3da98bd39ff4e5990a56cfea7":"6172468634bf4e5dda96f67d433062d7":"ae2d770f40706e1eaa36e087b0093ec11ed58afbde4695794745e7523be0a1e4e54daade393f68ba770956d1cfb267b083431851d713249ffe4b61227f1784769ce8c9127f54271526d54181513aca69dc013b2dfb4a5277f4798b1ff674bca79b3dec4a7a27fcf2905ae0ce03f727c315662cd906e57aa557d1023cce2acd84":"2965af0bde3565a00e61cebbfe0b51b5b5ee98dbbfff7b1b5bf61da5ba537e6f4cf5fa07d2b20e518232c4961e6bc3ae247b797429da5d7eee2fc675b07066ac2e670261c6e9a91d920c7076101d86d5ef422b58e74bdc1e0b1d58298d3ee0f510ee3a3f63a3bbc24a55be556e465c20525dd100e33815c2a128ac89574884c1":"66c247e5ad4e1d6a":"":"efd064d4b4ef4c37b48ddf2fa6f5facc5e9cc4c3255b23a1e3765fabb5a339fa0eda754a5381b72989fc1323ff9a6bbaecd904eb4835e5a511b922927574673061ed8de23299ea1456054e7ebb62869878c34fb95e48c8385b5ebceecb962654cf1586b3f54e7887ce31850363e9a22be9e6fbc22e694db81aa055490495dbf2":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3bc0dcb5261a641a08e6cb00d23e4deb":"16fa19f69fceed9e97173207158755a5":"92ddd3b98f08fc8538f6106f6434a1efa0a7441cc7f6fd0841103c2e4dd181ea0c9a4811b3cb1bad1986a44d8addabc02dd6980daf7d60405b38dadc836bb1d0620ceab84e0134aca7c30f9f9490436b27acfd7052f9d7f0379b8e7116571017add46b9976f4b41431d47bae6f5f34dc42410793bc26c84bfe84fb53ae138c85":"d533ad89a1a578db330c01b4e04d08238b020e36aebe87cf2b0bf0b01f1ce4197be8b0596e475a95946918152e8b334ba89f60486c31f0bd8773ca4ff1319fe92197088b131e728d64405441c4fb5466641f0b8682e6cb371f8a8936140b16677f6def8b3dd9cbf47a73f553f1dca4320ad76f387e92f910f9434543f0df0626":"f5289e1204ace3b2":"":"be0c30deeffbe51706247928132002b24d29272eee6b9d618483868e67280236632fa1ae06f3ef793f67bd01b1b01f70a827367c1cd28f778910457c7cbd977dfefff1f84a522247e19b2fd01fa22ce67cef9503d45c80a5084741f04108f2462b7cdd06a8f1f044fea2b05e920bcc061fbc6910175d732f45102a63c76ae48c":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"239c15492d6deec979e79236baca4635":"916b8b5417578fa83d2e9e9b8e2e7f6b":"b39eb732bc296c555cc9f00cf4caaf37d012329f344a6b74a873baf0d8dde9631f5e57b45b957d6aec0f7978e573dd78b43d459b77756037cd64d10d49966eb3a2a08d0f4d5e4f5dcb8713f4e4756acdf9925c5fc6120c477f6dffc59b0b47a3d5efd32b8c9052b321bb9b5129e5c6a095d8de563601b34608456f58d7221f2d":"d64886ce5f5b4adb7fe8f95904bc1461749c931655b02819ffdd0ae31bad4175125aa68962f8e36ec834a7d53a191a74c937e81ec93ad9ce0d3b286d3c11ff1733c0b7780130768c120b1833933561cf07399ca49b912370ae34f0e49b9c8cb9920eddc6816ab2ae261c6d7f70058a9b83a494026f249e58c4c613eefafe6974":"fc08cbbe":"":"95c169721ea007c3f292e4ec7562a426d9baa7d374fd82e1e48d1eaca93d891d5ffa9acf5e3bd82e713ac627141e26a8b654920baffab948401cc3c390d6eea9d7b78c4fcb080b0aa9222e4d51bf201ccfd9328995831435e065d92ad37ee41c7c4366cc1efe15c07fc0470608866aeea96997772ecf926934c5d02efe05f250":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"db68a96e216b0dd9945f14b878487e03":"8a1a72e7bb740ec37ea4619c3007f8ae":"1b4f37190a59a4fff41d348798d1829031204fd7ac2a1be7b5ea385567e95e2ace25bf9e324488dd3ab8ce7f29d4c9a4f4b1a8a97f774871ee825e2c17700128d3c55908d3b684a1f550fdb8b38149ff759c21debdd54e49d64d3e8aac803dfd81600464ed484749bb993f89d4224b3d7d55c756b454466ff9fd609019ed5e83":"5634196a32d4cbfa7a2f874a1e0f86287d2942090e0cc6a82bd5caf40136a27ddf524a17713ce4af04ca6cb640a7205cce4ac9cb2d0ab380d533e1e968089ea5740c0fcbfa51f2424008e0b89dc7b3396b224cfaed53b3ac0604879983d3e6e6d36053de4866f52976890f72b8f4b9505e4ebdd04c0497048c3ce19336133ea4":"9251d3e3":"":"0c6bb3ee5de5cbb4b39d85d509bcacb3dda63fa50897936531339882962e8dc54c285c8944768d12096d4a3c2b42ffa92603cee2da9b435ec52908fca6d38ed74f898fe0ffa761f96038ff7dfeccc65bb841c3457b8de1e97d9bee82e2911602ee2dc555b33a227424dea86d610d37c447776295b412b412903ad2cede5170b6":0
+
+AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"659b9e729d12f68b73fdc2f7260ab114":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"8e5a6a79":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"806766a4d2b6507cc4113bc0e46eebe120eacd948c24dc7f":"4f801c772395c4519ec830980c8ca5a4":"":"":"8fa16452b132bebc6aa521e92cb3b0ea":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"0c2abdcd2e4ae4137509761a38e6ca436b99c21b141f28f5":"335ca01a07081fea4e605eb5f23a778e":"":"":"d7f475dfcb92a75bc8521c12bb2e8b86":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"eef490a0c2ecb32472e1654184340cc7433c34da981c062d":"d9172c3344d37ff93d2dcb2170ea5d01":"":"":"017fef05260a496654896d4703db3888":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fe0c3490f1f0dba23cf5c64e6e1740d06f85e0afec6772f3":"f47e915163fa3df7f6c15b9d69f53907":"":"":"14e1a057a2e7ffbd2208e9c25dbba1":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4356b3b1f308df3573509945afe5268984f9d953f01096de":"a35b397b34a14a8e24d05a37be4d1822":"":"":"e045ecba220d22c80826b77a21b013":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"e2898937cc575c8bb7444413884deafe8eaf326be8849e42":"169a449ccb3eb29805b15304d603b132":"":"":"3a807251f3d6242849a69972b14f6d":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"75683c7df0442e10b5368fcd6bb481f0bff8d95aae90487e":"538641f7d1cc5c68715971cee607da73":"":"":"07d68fffe417adc3397706d73b95":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"0724ee1f317997ce77bb659446fcb5a557490f40597341c7":"0d8eb78032d83c676820b2ef5ccc2cc8":"":"":"7da181563b26c7aefeb29e71cc69":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"be2f0f4ae4ab851b258ec5602628df261b6a69e309ff9043":"646a91d83ae72b9b9e9fce64135cbf73":"":"":"169e717e2bae42e3eb61d0a1a29b":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"583c328daecd18c2ac5c83a0c263de194a4c73aa4700fe76":"55e10d5e9b438b02505d30f211b16fea":"":"":"95c0a4ea9e80f91a4acce500f7":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b40857e7e6f26050f1e9a6cbe05e15a0ba07c2055634ad47":"e25ef162a4295d7d24de75a673172346":"":"":"89ea4d1f34edb716b322ea7f6f":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"627008956e31fea497fb120b438a2a043c23b1b38dc6bc10":"08ea464baac54469b0498419d83820e6":"":"":"ab064a8d380fe2cda38e61f9e1":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8c386d67d7c2bfd46b8571d8685b35741e87a3ed4a46c9db":"766996fb67ace9e6a22d7f802455d4ef":"":"":"9a641be173dc3557ea015372":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"711bc5aa6b94fa3287fad0167ac1a9ef5e8e01c16a79e95a":"75cdb8b83017f3dc5ac8733016ab47c7":"":"":"81e3a5580234d8e0b2204bc3":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c74620828402e0bdf3f7a5353668505dc1550a31debce59a":"cfbefe265583ab3a2285e8080141ba48":"":"":"355a43bcebbe7f72b6cd27ea":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1eb53aa548b41bfdc85c657ebdebdae0c7e525a6432bc012":"37ffc64d4b2d9c82dd17d1ad3076d82b":"":"":"34b8e037084b3f2d":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"50d077575f6db91024a8e564db83324539e9b7add7bb98e4":"118d0283294d4084127cce4b0cd5b5fa":"":"":"507a361d8ac59882":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d9ddca0807305025d61919ed7893d7d5c5a3c9f012f4842f":"b78d518b6c41a9e031a00b10fb178327":"":"":"f401d546c8b739ff":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6ed8d8afde4dc3872cbc274d7c47b719205518496dd7951d":"14eb280288740d464e3b8f296c642daa":"":"":"39e64d7a":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"80aace5ab74f261bc09ac6f66898f69e7f348f805d52404d":"f54bf4aac8fb631c8b6ff5e96465fae6":"":"":"1ec1c1a1":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"23b76efd0dbc8d501885ab7d43a7dacde91edd9cde1e1048":"75532d15e582e6c477b411e727d4171e":"":"":"76a0e017":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"94c50453dd3ef7f7ea763ae13fa34debb9c1198abbf32326":"1afe962bc46e36099165552ddb329ac6":"b2920dd9b0325a87e8edda8db560bfe287e44df79cf61edba3b2c95e34629638ecb86584f05a303603065e63323523f6ccc5b605679d1722cde5561f89d268d5f8db8e6bdffda4839c4a04982e8314da78e89f8f8ad9c0fee86332906bf78d2f20afcaabdc282008c6d09df2bfe9be2c9027bb49268b8be8936be39fa8b1ae03":"":"51e1f19a7dea5cfe9b9ca9d09096c3e7":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c6a98102af3d875bcdebe594661d3a6b376970c02b11d019":"bea8cd85a28a2c05bf7406b8eef1efcc":"f2f80e2c042092cc7240b598ab30fad055bce85408aa0f8cefaf8a7204f0e2acb87c78f46a5867b1f1c19461cbf5ed5d2ca21c96a63fb1f42f10f394952e63520795c56df77d6a04cb5ad006ee865a47dc2349a814a630b3d4c4e0fd149f51e8fa846656ea569fd29a1ebafc061446eb80ec182f833f1f6d9083545abf52fa4c":"":"04b80f25ae9d07f5fd8220263ac3f2f7":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ec3cc45a22fdc7cc79ed658d9e9dbc138dcc7d6e795cba1a":"b10d9c70205e142704f9d1f74caee0f6":"714994017c169c574aaff2f8bad15f8fa6a385117f5405f74846eca873ca4a8f4876adf704f2fcaff2dfa75c17afefd08a4707292debc6d9fafda6244ca509bc52b0c6b70f09b14c0d7c667583c091d4064e241ba1f82dd43dc3ea4b8922be65faf5583f6b21ff5b22d3632eb4a426675648250e4b3e37c688d6129b954ef6a8":"":"d22407fd3ae1921d1b380461d2e60210":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5a32ebc7a2338038ced36d2b85cbc6c45cca9845a7c5aa99":"9afe0882e418c9af205eeb90e131d212":"61ff8a8bc22803f17e8e9f01aff865bc7d3083ff413ce392a989e46ebed5114894de906f7d36439024d8f2e69cc815ac043fff2f75169f6c9aa9761ff32d10a1353213ac756cb84bd3613f8261ef390e1d00c3a8fb82764b0cda4e0049219e87d2e92c38f78ffac242391f838a248f608bb2b56b31bbb453d1098e99d079ea1b":"":"fcbb932ddb0128df78a71971c52838":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9bf22885e7f13bcc63bb0a2ca90c20e5c86001f05edf85d8":"99dec21f4781284722b5074ea567c171":"9f4176dacf26e27aa0e669cd4d44bca41f83468c70b54c745a601408a214bf876941ae2ae4d26929113f5de2e7d15a7bb656541292137bf2129fdc31f06f070e3cfaf0a7b30d93d8d3c76a981d75cd0ffa0bcacb34597d5be1a055c35eefeddc07ee098603e48ad88eb7a2ec19c1aefc5c7be9a237797397aa27590d5261f67a":"":"18fd1feec5e3bbf0985312dd6100d1":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"cfd75a9d3788d965895553ab5fb7a8ff0aa383b7594850a6":"a6df69e5f77f4d99d5318c45c87451b2":"041aeb2fa0f7df027cd7709a992e041179d499f5dbccd389035bf7e514a38b5f8368379d2d7b5015d4fa6fadfd7c75abd2d855f5ea4220315fad2c2d435d910253bf76f252a21c57fe74f7247dac32f4276d793d30d48dd61d0e14a4b7f07a56c94d3799d04324dfb2b27a22a5077e280422d4f014f253d138e74c9ac3428a7b":"":"fd78b9956e4e4522605db410f97e84":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b0b21ae138485591c6bef7b3d5a0aa0e9762c30a50e4bba2":"56dc980e1cba1bc2e3b4a0733d7897ca":"a38458e5cc71f22f6f5880dc018c5777c0e6c8a1301e7d0300c02c976423c2b65f522db4a90401035346d855c892cbf27092c81b969e99cb2b6198e450a95c547bb0145652c9720aaf72a975e4cb5124b483a42f84b5cd022367802c5f167a7dfc885c1f983bb4525a88c8257df3067b6d36d2dbf6323df80c3eaeffc2d176a5":"":"b11f5c0e8cb6fea1a170c9342437":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8775665aba345b1c3e626128b5afa3d0da8f4d36b8cf1ca6":"cd17f761670e1f104f8ea4fb0cec7166":"2ee08a51ceaca1dbbb3ee09b72f57427fd34bd95da5b4c0933cbb0fc2f7270cffd3476aa05deeb892a7e6a8a3407e61f8631d1a00e47d46efb918393ee5099df7d65c12ab8c9640bfcb3a6cce00c3243d0b3f316f0822cfeae05ee67b419393cc81846b60c42aeb5c53f0ede1280dc36aa8ef59addd10668dd61557ce760c544":"":"6cdf60e62c91a6a944fa80da1854":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"cc9922299b47725952f06272168b728218d2443028d81597":"9b2f1a40717afcdbb6a95d6e335c9e4d":"bcfca8420bc7b9df0290d8c1bcf4e3e66d3a4be1c947af82dd541336e44e2c4fa7c6b456980b174948de30b694232b03f8eb990f849b5f57762886b449671e4f0b5e7a173f12910393bdf5c162163584c774ad3bba39794767a4cc45f4a582d307503960454631cdf551e528a863f2e014b1fca4955a78bd545dec831e4d71c7":"":"dd515e5a8b41ecc441443a749b31":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5a27d718f21c5cbdc52a745b931bc77bd1afa8b1231f8815":"59661051912fba45023aef4e6f9380a5":"2b7ce5cea81300ed23501493310f1316581ef8a50e37eaadd4bb5f527add6deb09e7dcc67652e44ac889b48726d8c0ae80e2b3a89dd34232eb1da32f7f4fcd5bf8e920d286db8604f23ab06eab3e6f99beb55fe3725107e9d67a491cdada1580717bbf64c28799c9ab67922da9194747f32fd84197070a86838d1c9ebae379b7":"":"f33e8f42b58f45a0456f83a13e":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b83e933cf54ac58f8c7e5ed18e4ed2213059158ed9cb2c30":"8710af55dd79da45a4b24f6e972bc60a":"b7a428bc68696cee06f2f8b43f63b47914e29f04a4a40c0eec6193a9a24bbe012d68bea5573382dd579beeb0565b0e0334cce6724997138b198fce8325f07069d6890ac4c052e127aa6e70a6248e6536d1d3c6ac60d8cd14d9a45200f6540305f882df5fca2cac48278f94fe502b5abe2992fa2719b0ce98b7ef1b5582e0151c":"":"380128ad7f35be87a17c9590fa":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d2f85f92092385f15da43a086cff64c7448b4ee5a83ed72e":"9026dfd09e4553cd51c4c13ce70830de":"3c8de64c14df73c1b470a9d8aa693af96e487d548d03a92ce59c0baec8576129945c722586a66f03deb5029cbda029fb22d355952c3dadfdede20b63f4221f27c8e5d710e2b335c2d9a9b7ca899597a03c41ee6508e40a6d74814441ac3acb64a20f48a61e8a18f4bbcbd3e7e59bb3cd2be405afd6ac80d47ce6496c4b9b294c":"":"e9e5beea7d39c9250347a2a33d":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"de7df44ce007c99f7baad6a6955195f14e60999ed9818707":"4d209e414965fe99636c1c6493bba3a3":"da3bc6bdd414a1e07e00981cf9199371192a1fb2eaae20f7091e5fe5368e26d61b981f7f1d29f1a9085ad2789d101155a980de98d961c093941502268adb70537ad9783e6c7d5157c939f59b8ad474c3d7fc1fcc91165cdf8dd9d6ec70d6400086d564b68ebead0d03ebd3aa66ded555692b8de0baf43bc0ddef42e3a9eb34ab":"":"24483a57c20826a709b7d10a":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1dfa5ff20046c775b5e768c2bd9775066ae766345b7befc3":"2d49409b869b8b9fc5b67767979ca8cd":"e35d34478b228bc903ea2423697e603cc077967d7cfb062e95bc11d89fbe0a1f1d4569f89b2a7047300c1f5131d91564ec9bce014d18ba605a1c1e4e15e3e5c18413b8b59cbb25ab8f088885225de1235c16c7d9a8d06a23cb0b38fd1d5c6c19617fe08fd6bf01c965ed593149a1c6295435e98463e4f03a511d1a7e82c11f01":"":"23012503febbf26dc2d872dc":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2df3ee3a6484c48fdd0d37bab443228c7d873c984529dfb4":"dc6aeb41415c115d66443fbd7acdfc8f":"eafc6007fafb461d3b151bdff459e56dd09b7b48b93ea730c85e5424f762b4a9080de44497a7c56dd7855628ffc61c7b4faeb7d6f413d464fe5ec6401f3028427ae3e62db3ff39cd0f5333a664d3505ff42caa8899b96a92ec01934d4b59556feb9055e8dfb81f55e60135345bfce3e4199bfcdb3ce42523e7d24be2a04cdb67":"":"e8e80bf6e5c4a55e7964f455":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ce0787f65e6c24a1c444c35dcd38195197530aa20f1f6f3b":"55300431b1eaac0375681d7821e1eb7a":"84a699a34a1e597061ef95e8ec3c21b592e9236ddb98c68d7e05f1e709937b48ec34a4b88d99708d133a2cc33f5cf6819d5e7b82888e49faa5d54147d36c9e486630aa68fef88d55537119db1d57df0402f56e219f7ece7b4bb5f996dbe1c664a75174c880a00b0f2a56e35d17b69c550921961505afabf4bfd66cf04dc596d1":"":"74264163131d16ac":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3a15541b5857a668dc9899b2e198d2416e83bac13282ca46":"89bf8ab0cea6f59616eeb9b314d7c333":"4d2843f34f9ea13a1ac521479457005178bcf8b2ebeaeb09097ea4471da9f6cc60a532bcda1c18cab822af541de3b87de606999e994ace3951f58a02de0d6620c9ae04549326da449a3e90364a17b90b6b17debc0f454bb0e7e98aef56a1caccf8c91614d1616db30fc8223dbcd8e77bf55d8253efe034fd66f7191e0303c52f":"":"8f4877806daff10e":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b61cdfd19c136ee2acbe09b7993a4683a713427518f8e559":"4066118061c904ed1e866d4f31d11234":"153c075ecdd184fd8a0fca25cae8f720201361ef84f3c638b148ca32c51d091a0e394236d0b51c1d2ee601914120c56dfea1289af470dbc9ef462ec5f974e455e6a83e215a2c8e27c0c5b5b45b662b7f58635a29866e8f76ab41ee628c12a24ab4d5f7954665c3e4a3a346739f20393fc5700ec79d2e3c2722c3fb3c77305337":"":"4eff7227b42f9a7d":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ce175a7df7e429fcc233540e6b8524323e91f40f592ba144":"c34484b4857b93e309df8e1a0e1ec9a3":"ce8d8775f047b543a6cc0d9ef9bc0db5ac5d610dc3ff6e12e0ad7cd3a399ebb762331e3c1101a189b3433a7ff4cd880a0639d2581b71e398dd982f55a11bf0f4e6ee95bacd897e8ec34649e1c256ee6ccecb33e36c76927cc5124bc2962713ad44cbd435ae3c1143796d3037fa1d659e5dad7ebf3c8cbdb5b619113d7ce8c483":"":"ff355f10":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5f659ed236ba60494e9bf1ee2cb40edcf3f25a2bac2e5bc5":"ad49f12f202320255406c2f40e55b034":"6da62892f436dfe9790e72d26f4858ca156d1d655c9cc4336fcf282b0f3f0b201e47f799c3019109af89ef5fd48a4811980930e82cd95f86b1995d977c847bbb06ecdcc98b1aae100b23c9c2f0dcf317a1fb36f14e90e396e6c0c594bcc0dc5f3ebf86ce7ecd4b06d1c43202734d53f55751a6e6bbda982104102af240def4eb":"":"cb4d8c1d":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a73f318b1e298ba4ac0ab2aed74f73543b1017cccbd1b240":"abe33b7e8d88bd30deb96d1e90c4e951":"6de616b000047b14b6759015183dd753c61499c0e665d06a89e4fb0cd0dd3064ff8651582e901ef5d0cdf3344c29c70c3aabc2aaf83cb3f284c6fe4104906d389b027e7d9ca60d010f06ef8cd9e55db2483d06552ddbe3fc43b24c55085cd998eae3edec36673445bf626e933c15b6af08ea21cbace4720b0b68fe1a374877d5":"":"4a28ec97":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"73d5be74615bc5b627eedfb95746fb5f17cbf25b500a597f":"eb16ed8de81efde2915a901f557fba95":"":"fc40993eb8559e6b127315c03103ce31b70fc0e07a766d9eecf2e4e8d973faa4afd3053c9ebef0282c9e3d2289d21b6c339748273fa1edf6d6ef5c8f1e1e9301b250297092d9ac4f4843125ea7299d5370f7f49c258eac2a58cc9df14c162604ba0801728994dc82cb625981130c3ca8cdb3391658d4e034691e62ece0a6e407":"804056dca9f102c4a13a930c81d77eca":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a249135c9f2f5a8b1af66442a4d4e101771a918ef8acee05":"80b6e48fe4a3b08d40c1636b25dfd2c4":"":"c62b39b937edbdc9b644321d5d284e62eaa4154010c7a3208c1ef4706fba90223da04b2f686a28b975eff17386598ba77e212855692f384782c1f3c00be011e466e145f6f8b65c458e41409e01a019b290773992e19334ffaca544e28fc9044a5e86bcd2fa5ad2e76f2be3f014d8c387456a8fcfded3ae4d1194d0e3e53a2031":"951c1c89b6d95661630d739dd9120a73":"":"b865f8dd64a6f51a500bcfc8cadbc9e9f5d54d2d27d815ecfe3d5731e1b230c587b46958c6187e41b52ff187a14d26aa41c5f9909a3b77859429232e5bd6c6dc22cf5590402476d033a32682e8ab8dc7ed0b089c5ab20ab9a8c5d6a3be9ea7aa56c9d3ab08de4a4a019abb447db448062f16a533d416951a8ff6f13ed5608f77":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fa832a4b37dcb3c0879a771bb8ae734f0d88b9be497797a8":"70835abab9f945c84ef4e97cdcf2a694":"":"0f1105f9ec24121232b60b6ef3c3e8ca9eec1a3d7625004b857d1d77f292b6ec065d92f5bb97e0dc2fdfdf823a5db275109a9472690caea04730e4bd732c33548718e9f7658bbf3e30b8d07790cd540c5754486ed8e4d6920cefaeb1c182c4d67ebed0d205ba0bd9441a599d55e45094b380f3478bcfca9646a0d7aa18d08e52":"a459be0b349f6e8392c2a86edd8a9da5":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"dda216287910d1f5c0a312f63c243612388bc510cb76c5ba":"7f770140df5b8678bc9c4b962b8c9034":"":"d6617d583344d4fe472099d2a688297857215a3e31b47d1bf355ccfe9cf2398a3eba362c670c88f8c7162903275dfd4761d095900bd97eba72200d4045d72bd239bda156829c36b38b1ff5e4230125e5695f623e129829721e889da235bb7d4b9da07cce8c3ceb96964fd2f9dd1ff0997e1a3e253a688ceb1bfec76a7c567266":"9823e3242b3f890c6a456f1837e039":"":"b4910277224025f58a5d0f37385b03fcd488dfef7580eb5c270c10bd7a6f6d9c7ddc2d1368d68d4e04f90e3df029ed028432a09f710be1610b2a75bd05f31bae83920573929573affd0eb03c63e0cec7a027deab792f43ee6307fd3c5078d43d5b1407ac023824d41c9437d66eeec172488f28d700aa4b54931aad7cd458456f":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c5afa1e61d4594b1c2fa637f64f18dd557e4df3255b47f24":"151fd3ba32f5bde72adce6291bcf63ea":"":"5c772cdf19571cd51d71fc166d33a0b892fbca4eae36ab0ac94e6164d51acb2d4e60d4f3a19c3757a93960e7fd90b9a6cdf98bdf259b370ed6c7ef8cb96dba7e3a875e6e7fe6abc76aabad30c8743b3e47c8de5d604c748eeb16806c2e75180a96af7741904eca61769d39e943eb4c4c25f2afd68e9472043de2bb03e9edae20":"f0626cc07f2ed1a7570386a4110fc1":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"febd4ff0fedd9f16bccb62380d59cd41b8eff1834347d8fa":"743699d3759781e82a3d21c7cd7991c8":"":"dc971c8f65ece2ea4130afd4db38fc657c085ea19c76fef50f5bd0f8dd364cc22471c2fa36be8cde78529f58a78888e9de10961760a01af005e42fc5b03e6f64962e6b18eaedea979d33d1b06e2038b1aad8993e5b20cae6cc93f3f7cf2ad658fbba633d74f21a2003dded5f5dda3b46ed7424845c11bab439fbb987f0be09f8":"1da347f9b6341049e63140395ad445":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d280d079110c1c826cc77f490d807dd8d508eb579a160c49":"85b241d516b94759c9ef975f557bccea":"":"a286d19610a990d64f3accd329fc005d468465a98cfa2f3606c6d0fbeb9732879bad3ca8094322a334a43155baed02d8e13a2fbf259d80066c6f418a1a74b23e0f6238f505b2b3dc906ffcb4910ce6c878b595bb4e5f8f3e2ede912b38dbafdf4659a93b056a1a67cb0ec1dbf00d93223f3b20b3f64a157105c5445b61628abf":"bbf289df539f78c3a912b141da3a":"":"b9286ab91645c20de040a805020fed53c612d493a8ce9c71649ae16bd50eab6fb7f3a9180e1651d5413aa542608d7ecbf9fc7378c0bef4d439bc35434b6cf803976b8783aecc83a91e95cea72c2a26a883b710252e0c2a6baa115739a0692c85f6d34ff06234fbdc79b8c4a8ea0a7056fb48c18f73aaf5084868abb0dfaa287d":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5e80f87fa2156c62df7be2ad16c4890de5ee5868a684fcf9":"9769f71c76b5b6c60462a845d2c123ad":"":"c829073efd5c5150d2b7e2cdaeff979830d1aa983c747724ade6472c647a6e8e5033046e0359ea62fc26b4c95bccb3ac416fdf54e95815c35bf86d3fdd7856abbb618fe8fcd35a9295114926a0c9df92317d44ba1885a0c67c10b9ba24b8b2f3a464308c5578932247bf9c79d939aa3576376d2d6b4f14a378ab775531fe8abf":"394b6c631a69be3ed8c90770f3d4":"":"f886bd92ca9d73a52e626b0c63a3daa138faaacf7809086d04f5c0c899362aa22e25d8659653b59c3103668461d9785bb425c6c1026ad9c924271cec9f27a9b341f708ca86f1d82a77aae88b25da9061b78b97276f3216720352629bd1a27ebf890da6f42d8c63d68342a93c382442d49dd4b62219504785cee89dffdc36f868":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d8a7b99e53f5e5b197364d4516cace4b928de50e571315e3":"4b12c6701534098e23e1b4659f684d6f":"":"d0db0ac5e14bf03729125f3137d4854b4d8ce2d264f8646da17402bdad7034c0d84d7a80f107eb202aeadbfdf063904ae9793c6ae91ee8bcc0fc0674d8111f6aea6607633f92e4be3cfbb64418101db8b0a9225c83e60ffcf7a7f71f77149a13f8c5227cd92855241e11ee363062a893a76ac282fb47b523b306cd8235cd81c2":"729b31c65d8699c93d741caac8e3":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c874b427b7181b0c90b887147c36f242827149324fd5c945":"4b8dda046a5b7c46abeeca2f2f9bcaf8":"":"bdd90190d587a564af022f06c8bd1a68735b6f18f04113fdcec24c6027aaf0271b183336fb713d247a173d9e095dae6e9badb0ab069712302875406f14320151fd43b90a3d6f35cc856636b1a6f98afc797cb5259567e2e9b7ce62d7b3370b5ee852722faf740edf815b3af460cdd7de90ca6ab6cd173844216c064b16ea3696":"fe1e427bcb15ce026413a0da87":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"56543cd6e2ebb1e3dc136a826bfc37eddb12f7a26430a1b4":"927ce8a596ed28c85d9cb8e688a829e6":"":"d541dd3acec2da042e6ea26fb90ff9a3861191926423b6dc99c5110b3bf150b362017159d0b85ffea397106a0d8299ec22791cb06103cd44036eed0d6d9f953724fb003068b3c3d97da129c28d97f09e6300cbea06ba66f410ca61c3311ce334c55f077c37acb3b7129c481748f79c958bc3bbeb2d3ff445ad361ed4bbc79f0a":"3a98f471112a8a646460e8efd0":"":"a602d61e7a35cbe0e463119bb66fd4bb6c75d1fe0b211b9d6a0a6e9e84b0794282318f0d33ec053f2cfba1623e865681affeaf29f3da3113995e87d51a5ab4872bb05b5be8ef2b14dfc3df5a48cbc9b10853a708ee4886a7390e8e4d286740a0dd41c025c8d72eda3f73f3cec5c33d5e50b643afd7691213cccccc2c41b9bd7a":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"caaf81cd380f3af7885ef0d6196a1688c9372c5850dc5b0b":"508c55f1726896f5b9f0a7024fe2fad0":"":"6f269929b92c6281e00672eaec183f187b2ddecc11c9045319521d245b595ab154dd50f045a660c4d53ae07d1b7a7fd6b21da10976eb5ffcddda08c1e9075a3b4d785faa003b4dd243f379e0654740b466704d9173bc43292ae0e279a903a955ce33b299bf2842b3461f7c9a2bd311f3e87254b5413d372ec543d6efa237b95a":"3b8026268caf599ee677ecfd70":"":"c4a96fb08d7c2eebd17046172b98569bc2441929fc0d6876aa1f389b80c05e2ede74dc6f8c3896a2ccf518e1b375ee75e4967f7cca21fa81ee176f8fb8753381ce03b2df873897131adc62a0cbebf718c8e0bb8eeed3104535f17a9c706d178d95a1b232e9dac31f2d1bdb3a1b098f3056f0e3d18be36bd746675779c0f80a10":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2fc9d9ac8469cfc718add2b03a4d8c8dcc2eeca08e5ff7bc":"b2a7c0d52fc60bacc3d1a94f33087095":"":"bc84d8a962a9cfd179d242788473d980d177abd0af9edccb14c6dc41535439a1768978158eeed99466574ea820dbedea68c819ffd9f9915ca8392c2e03049d7198baeca1d3491fe2345e64c1012aff03985b86c831ad516d4f5eb538109fff25383c7b0fa6b940ae19b0987d8c3e4a37ccbbd2034633c1eb0df1e9ddf3a8239e":"0a7a36ec128d0deb60869893":"":"fc3cd6486dfe944f7cb035787573a554f4fe010c15bd08d6b09f73066f6f272ff84474f3845337b6e429c947d419c511c2945ffb181492c5465940cef85077e8a6a272a07e310a2f3808f11be03d96162913c613d9c3f25c3893c2bd2a58a619a9757fd16cc20c1308f2140557330379f07dbfd8979b26b075977805f1885acc":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"81ff729efa4a9aa2eccc37c5f846235b53d3b93c79c709c8":"1bd17f04d1dc2e447b41665952ad9031":"":"3992ad29eeb97d17bd5c0f04d8589903ee23ccb2b1adc2992a48a2eb62c2644c0df53b4afe4ace60dc5ec249c0c083473ebac3323539a575c14fa74c8381d1ac90cb501240f96d1779b287f7d8ba8775281d453aae37c803185f2711d21f5c00eb45cad37587ed196d1633f1eb0b33abef337447d03ec09c0e3f7fd32e8c69f0":"01b0a815dc6da3e32851e1fb":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"068500e8d4f8d4af9035cdaa8e005a648352e8f28bdafc8a":"5ea9198b860679759357befdbb106b62":"":"98e32428d9d21c4b60e690a2ce1cf70bee90df31302d1819b7d27fd577dd990f7ffe6ba5ef117caac718cc1880b4ca98f72db281c9609e189307302dc2866f20be3a545a565521368a6881e2642cba63b3cf4c8b5e5a8eabeb3e8b004618b8f77667c111e5402c5d7c66afd297c575ce5092e898d5831031d225cee668c186a1":"d58752f66b2cb9bb2bc388eb":"":"2ef3a17fcdb154f60d5e80263b7301a8526d2de451ea49adb441aa2541986b868dab24027178f48759dbe874ae7aa7b27fb19461c6678a0ba84bbcd8567ba2412a55179e15e7c1a1392730ac392b59c51d48f8366d45b933880095800e1f36ff1ac00753f6363b0e854f494552f1f2efe028d969e6b1a8080149dd853aa6751e":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7474d9b07739001b25baf6867254994e06e54c578508232f":"3ade6c92fe2dc575c136e3fbbba5c484":"":"1cbab2b6e4274caa80987072914f667b887198f7aaf4574608b91b5274f5afc3eb05a457554ff5d346d460f92c068bc626fd301d0bb15cb3726504b3d88ecd46a15077728ddc2b698a2e8c5ea5885fc534ac227b8f103d193f1977badf4f853a0931398da01f8019a9b1ff271b3a783ff0fae6f54db425af6e3a345ba7512cbf":"67c25240b8e39b63":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d50d4c7d442d8a92d0489a96e897d50dda6fbe47ca7713ee":"41b37c04ab8a80f5a8d9d82a3a444772":"":"b36b4caf1d47b0d10652824bd57b603ec1c16f4720ce7d43edde8af1b9737f61b68b882566e04da50136f27d9af4c4c57fff4c8465c8a85f0aeadc17e02709cc9ba818d9a272709e5fb65dd5612a5c5d700da399b3668a00041a51c23de616ea3f72093d85ecbfd9dd0b5d02b541fb605dcffe81e9f45a5c0c191cc0b92ac56d":"4ee54d280829e6ef":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"38f3ec3ec775dac76ae484d5b6ca61c695c7beafba4606ca":"9af53cf6891a749ab286f5c34238088a":"":"49726b8cefc842a02f2d7bef099871f38257cc8ea096c9ac50baced6d940acb4e8baf932bec379a973a2c3a3bc49f60f7e9eef45eafdd15bda1dd1557f068e81226af503934eb96564d14c03f0f351974c8a54fb104fb07417fe79272e4b0c0072b9f89b770326562e4e1b14cad784a2cd1b4ae1dc43623ec451a1cae55f6f84":"6f6f344dd43b0d20":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6db4ef061513ef6690d57aef50d8011e0dd7eb4432d82374":"623df5a0922d1e8c883debb2e0e5e0b1":"":"b7f9206995bc97311855ee832e2b40c41ab2d1a40d9263683c95b14dcc51c74d2de7b6198f9d4766c659e7619fe2693a5b188fac464ccbd5e632c5fd248cedba4028a92de12ed91415077e94cfe7a60f117052dea8916dfe0a51d92c1c03927e93012dbacd29bbbc50ce537a8173348ca904ac86df55940e9394c2895a9fe563":"14f690d7":"":"a6414daa9be693e7ebb32480a783c54292e57feef4abbb3636bebbc3074bfc608ad55896fe9bd5ab875e52a43f715b98f52c07fc9fa6194ea0cd8ed78404f251639069c5a313ccfc6b94fb1657153ff48f16f6e22b3c4a0b7f88e188c90176447fe27fa7ddc2bac3d2b7edecad5f7605093ac4280b38ae6a4c040d2d4d491b42":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8901bec4d3c64071d8c30c720c093221e05efed71da280bf":"9265abe966cb83838d7fd9302938f49d":"":"7c447e700db7367260dffa42050e612eff062eb0c8a6b4fe34858800bcb8ec2f622cb5213767b5771433783e9b0fa617c9ffb7fde09845dafc16dfc0df61215c0ca1191eabf43293db6603d5285859de7ef3329f5e71201586fb0188f0840ed5b877043ca06039768c77ff8687c5cfc2fd013a0b8da48344c568fce6b39e2b19":"6f6c38bc":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2c57eb763f886154d3846cc333fc8ae8b3c7c9c3705f9872":"9b3781165e7ff113ecd1d83d1df2366d":"":"9fe7d210221773ba4a163850bab290ba9b7bf5e825760ac940c290a1b40cd6dd5b9fb6385ae1a79d35ee7b355b34275857d5b847bef4ac7a58f6f0e9de68687807009f5dc26244935d7bcafc7aed18316ce6c375192d2a7bf0bee8a632fe4f412440292e39339b94b28281622842f88048be4640486f2b21a119658c294ce32e":"62f32d4e":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"307d31a594e54f673bea2f977835670aca4f3d45c9c376cc":"0bdaa353c4904d32432926f27534c73c":"aa39f04559ccc2cae3d563dda831fb238b2582cb2c2bb28cff20cc20200724c8771b9805ef7464b8fc06c7b8060c6920fd2779fbc807c2292c8c1f88f8088755609a1732ff8c0b06606452b970c79997b985889404fd907c4668a0bcc11ba617175f4525523494a244da60b238468c863055f04db20ea489adf545d56c0a71d8":"d7385a7bd0cb76e1e242fa547c474370bcc7cc7cf3e3fa37b00fe08a56383ca31d023d8c493f6d42e482b0f32e4f244dd100ea08eee6535e5bb8d27f76dbb7eead6ba8e031ccd0eaeb649edee92aeaf0f027d59efd4e39b1f34b15ceb8b592ee0f171b1773b308c0e747790b0e6ace90fc661caa5f942bdc197067f28fbe87d1":"2ddda790aae2ca427f5fb032c29673e6":"":"0b92262759897f4bd5624a891187eba6040d79322a2a5a60fb75c6c6a5badd117abe40c6d963931bbc72dca1a1bf1f5388030fe323b3b24bd408334b95908177fb59af57c5cc6b31825bc7097eec7fec19f9cdb41c0264fd22f71893bcf881c1510feb8057e64880f1ea2df8dc60bb300fd06b0a582f7be534e522caadc4a2c7":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"23c201968def551817f20e49b09dbb5aae0033305bef68a0":"bd2952d215aed5e915d863e7f7696b3e":"23f35fac583897519b94998084ad6d77666e13595109e874625bc6ccc6d0c7816a62d64b02e670fa664e3bb52c276b1bafbeb44e5f9cc3ae028daf1d787344482f31fce5d2800020732b381a8b11c6837f428204b7ed2f4c4810067f2d4da99987b66e6525fc6b9217a8f6933f1681b7cfa857e102f616a7c84adc2f676e3a8f":"77bc8af42d1b64ee39012df5fc33c554af32bfef6d9182804dcfe370dfc4b9d059bdbc55f6ba4eacb8e3a491d96a65360d790864ba60acf1a605f6b28a6591513ea3cfd768ff47aee242a8e9bdfac399b452231bfd59d81c9b91f8dc589ad751d8f9fdad01dd00631f0cb51cb0248332f24194b577e5571ceb5c037a6d0bcfe8":"bb9ba3a9ac7d63e67bd78d71dc3133b3":"":"17d93c921009c6b0b3ecf243d08b701422983f2dcaec9c8d7604a2d5565ed96ce5cddcb183cd5882f8d61d3202c9015d207fed16a4c1195ba712428c727601135315fc504e80c253c3a2e4a5593fc6c4a206edce1fd7104e8a888385bbb396d3cdf1eb2b2aa4d0c9e45451e99550d9cfa05aafe6e7b5319c73c33fd6f98db3c5":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6baec0669add30acb8f678ce477a2b171f89d1f41935c491":"b1472f92f552ca0d62496b8fa622c569":"5ae64edf11b4dbc7294d3d01bc9faf310dc08a92b28e664e0a7525f938d32ef033033f1de8931f39a58df0eabc8784423f0a6355efcff008cae62c1d8e5b7baefd360a5a2aa1b7068522faf8e437e6419be305ada05715bf21d73bd227531fea4bc31a6ce1662aec49f1961ee28e33ae00eb20013fd84b51cfe0d5adbdaff592":"5712b84c4c97d75f84edd50561bc1d3f1ba451cc3b358b2403b5e528290954348cf7a235b4dc11a72ddbc503191204e98a9744d85419508c8ca76438c13305f716f1e239a6d9f6423c27217a0057aa75f6d7e2fb356e7194f271459ab5482589ea311b33e3d3845952ff4067dd2b9bcc2e8f83630b0a219e904040abd643d839":"29a2d607b2d2d9c96d093000b401a94f":"":"beb687f062ae7f5159d07609dd58d7b81c478d180bc0b4c07ae799626ff1da2be2e0d78b2a2a1f563257f161491a5ac500cd719da6379e30d0f6d0a7a33203381e058f487fc60989923afbee76e703c03abc73bb01bd262ff6f0ac931f771e9b4f2980e7d8c0a9e939fa6e1094796894f2c78f453e4abe64cb285016435ef0e8":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7b882a2df81fdb9275fb05d120f32417e8ffedd07457e938":"5c064d3418b89388fb21c61d8c74d2c5":"5bfa7113d34e00f34713cf07c386d055e889bb42d7f6c8631ffce5668e98cb19bed8820b90ecb2b35df7134f975700347e5514287cfef7ffa2b0ff48b1de0769b03dca6610995d67cb80052cb2e5914eb4ed43ef5861f4b9364314fde6ad2b82fbba7fd849dfa6e46ecc12edc8cabfff28d9bd23c2bcc8ab3661c9ba4d5fee06":"0aae7213da279b34d6dcf2a691b2d0333112ea22de0c3c68d47cf9f9f4ed8ad4e03d4a60ec18c3a04ac9c2abb73e1023051029b5e8705bb69c4c50afc84deb0379db5077be1f663652f8bd8958271af2c1ac4a87e08cb526bab8a030652f2a29af8055d0f31e35475caee27f84c156ef8642e5bfef89192f5bde3c54279ffe06":"0943abb85adee47741540900cc833f":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"51d94d21482c00bb5bc7e7e03aa017ba58f5a23494b72c2a":"fb21cd763e6f25540f8ad455deaccdf0":"019d1db5569eeff83306f65d653b01064854c1be8446cd2516336667c6557e7844fc349adea64a12dc19ac7e8e40b0520a48fac64571a93d669045607085ac9fa78fed99bbf644908d7763fe5f7f503947a9fe8661b7c6aef8da101acca0aed758ca1580eeb2f26ae3bf2de06ce8827a91a694179991a993cdf814efbcc61ca5":"3a9c69c1ed2340bfde1495658dbf4f54731a19b3922a1d535df8d0b2582f5e803b5891e8ad1aa256c923956dcda2430d0c0696bce63295fb61183e040566e459338f908d23ae51f64020c1ef3d192428f23312b285fc4111d50d1add58f4a49008a22c90d3365230e9158cd56f9d84f079bdd673555d4dc76c74b02fa9920e7d":"a93bd682b57e1d1bf4af97e93b8927":"":"7093f44703f2cbb3d12d9872b07a8cd44deb62dae48bc573b11a1ee1c9f3105223423fac3181c312a8a61757a432d92719f486c21e311b840aa63cf530710c873df27fecda0956075923f1ecc39bffb862706f48bde2de15612930fc8630d2036e9e4cfc1c69779171bd23d9e1d5de50a9e0a0de4bd82ed3efc45299980bb4cc":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"e6756470937f5d9af76f2abe6df2d0bc15ff8e39b5154071":"4500193711a5d817a9f48deafda39772":"92fa22dba0eee6b1de1ddd24713b1be44c7105df90e6e7a54dcbf19025e560eb4986ee080cf613898a1a69d5ab460a3b8aa2723a95ac4a4af48224b011b55fb7582ae18f6746591eab2bd33d82a8dbbae3f7877e28afef9857a623530b31d8198b2df43f903d6e48ddae0848741f9eaae7b5504c67ad13791818f3c55c9b3d1e":"afae92bd56c426c095d76633701aa9bea5ce05490482c6c64ac24468c3e1af6e6030a6bb6649745b011c6729bde985b9242e22105322fbb8853dcabbd00165d0b07d7b499e0238b6513bf6351eb40635a798f7e6e2d31125dda45ffe8964596fdbff55df22d4e9025bd4f39e7c9b90e74b3ee58d6901f113900ee47a4df5afd7":"7d9f97c97c3424c79966f5b45af090":"":"62258d60f0138c0405df4b2ec1e308b374603a9eace45932fdc2999e9e2261de8b1099473d1fc741c46c334023aa5d9359f7ef966240aaf7e310d874b5956fd180fb1124cbeb91cf86020c78a1a0335f5f029bd34677dd2d5076482f3b3e85808f54998f4bac8b8fa968febceec3458fb882fc0530271f144fb3e2ab8c1a6289":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"30db73d46b518669c45b81bc67b93bed3d0864f7e9e8e789":"5069e2d2f82b36de8c2eb171f301135d":"ef781dce556b84188adee2b6e1d64dac2751dd8592abc6c72af7b998dfae40cbe692a4cae0b4aa2c95910e270600550fca1e83640c64efb1eb0e0a90a6fc475ae1db863a64ce9cc272f00abac8a63d48dd9f1c0a5f4586224befed05be4afae5bd92249833d565cc6b65fd8955cb8a7d7bd9f4b6a229e3881212871a52c15d1c":"750bc1d2f91d786bb1e621192a376f552538ba8c07d50d9e10b9345f31b3e5f9d8ad7c719c03d8548a3b184b741cd06c49d7fb6fe80258d60c01c2987c337c823211cee7c1cf82077266889bc7767475e0eeabb2ef6b5a1de2089aaef77565d40a1c2c470a880c911e77a186eacca173b25970574f05c0bdcd5428b39b52af7f":"a5100c5e9a16aedf0e1bd8604335":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"209f0478f1a62cb54c551181cbd4d24b796e95f3a06b6cb9":"7be1768f6ffb31599eb6def7d1daa41c":"9cb49357536ebe087e1475a5387907a9e51ad1550697f13c6cc04384ec8a67dea13376bdd5e26b815c84a78f921b506b9e2086de50f849185f05ba7c3041e49e42c0673df856da109a78b8e0ce918c25836f7e781e6b16168e4e5976d27ebc83f20b7bf4beadecb9b4f17a7a0d3a3db27fc65288a754b5031a2f5a1394801e6e":"66db7cc97b4a8266c0a2228e8028e38d8986e79fcbcc3caff3050fdd2de87b7ff7a6895b988b0bdb7fcc4d6e2d538dcfaad43ce2f98b6d32500f5a6e6183d84cb19157a699cdde1266d6d75a251ee1a2eb97bfe6405d50be2b17a58ba6eafaee0a023a28d568fd1c914f06041a49c79b9df9efe63d56883cbbbeaba809273d2e":"4d2ac05bfd4b59b15a6f70ea7cd0":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1bfa30b315e7b908263330140fa2d66ed57104784a43cc70":"b7081a3010b524218390ba6dd460a1ec":"8c1f42b5931d69ae351fcde7d2b4136d4898a4fa8ba62d55cef721dadf19beaabf9d1900bdf2e58ee568b808684eecbf7aa3c890f65c54b967b94484be082193b2d8393007389abaa9debbb49d727a2ac16b4dab2c8f276840e9c65a47974d9b04f2e63adf38b6aad763f0d7cdb2c3d58691adde6e51e0a85093a4c4944f5bf2":"8eeee9865e23fa51dbbf197fa41776b7edbdb9381a22c935299cd959a46190788ae82f4e645b0362df89bfc00241964784bc7ef70f6f97e81687d52e552a33af20ae34a3005e0a7b85d094368d707c3c4cd3ef31c0daf3ccaa1676609ed199327f4139d0c120977e6babceed28896d2cb3129630f3ee135572dc39433057e26a":"4da85b8ec861dd8be54787bb83f1":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fc47156a693e59a1dea0618c41441fe669fc65dcfb7d0726":"ea1935ed014883cc427983d7962d9992":"0d85b8513becfe8c91d0f6ffb65ec31f2cf406c51c0da88893c43d1327fd8ad1f4bab2d7b5e27438d643397034a72f8666bf641b6781bc90f764db387eae6720b5723d510194570ccd773e1b3bebfc333cc099d078583e8dac60d174d332925a24a45110c8d2abe8924ea677ac74db66ea789e2838efc96c78bceaa6236c0a67":"3e4f0a586bad532a08c8863ebba01fd25014baa907e6032ee43d4a7dfc7c3171916dcdf9faee0531f27527872ae4e127b6b9aaee93f5e74d0ab23f3874aa0e291564bc97f17085dd7d5eb9a85d9f44574e5952929eda08863b64c85dd395c91b01fe5bef66e3fa8f9ee5bf62c25d80dc84fbe002ecfd218430b26f3549f734a1":"8781b045a509c4239b9f44624e":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b5fcd780a03ba80341081ef96b440c0e4348afde4d60c1d5":"ad20cce056e74ec5d0a76d6280998f15":"28f8fcf23b9c1ba40c19ffc1092632e35f234c1e8b82bcd5309d37bf849a2ce401413d1f242cf255ed597f9a93a1d6e50676997f95aa612e580d88234a86ddc404292746f0b2f5cf15abebcea6659f998ec6a1cb5a9914fee5aa1aa5d04b3c20914e45095e4141ce9c173653dd91c3ebe4ed4a9a28f3915d7b2edba34c2a58d8":"6316f3beb32f6f3bf8f2ff6a2c160b432bafd3036d3eefa1e4ec204f24892e37dc4d75c7ce9a24b5c49fb4df901f35ef9d5955f7dc289c56cb74753f4d6b2982267d5269d12237e21202a65061849c65e90e6702dda03a35ace3a3a098d16b4bfbb85b7232404baee37776a9b51af6b3059a5f170f4ebe4ecf11061ca3c1f1f3":"2ad4520ddc3b907414d934cc1d":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4382507dddccf1385fc831da8924147563416d0656e168ec":"a37687c9cd4bdc1ead4e6b8f78bee7f5":"fa9ae30509cbb6fe104c21480ae7b8ec9f12f1afb17320d77b77cdf32ce8c5a3f7f927e501118c7ccd6975b79225059cef530a4fcb0a9719f5e2d3bebe7bb6ec0855e495a31e5075eb50aa6c1227e48b03e3fdf780084ac4912eb3a5674cca9dd6ac037366b230ae631a8580d2d117942dee5d5ddbbb2233afeca53289cc4f68":"e5c5430b960aa35dc8540215c2772d66811270859e33dd4477904759e7e5eb2986a52a4ccc9f592e614147b5ea2ead6636a15c6426336b2995d9a31ab36d76578c3540bc6693842a4bc0491c7963ee9cda2317951cf93244bd30bcdfec69a4767004636fe7d1be7300c35e80627bab9236a075a803e9e1080b9159060c643a78":"4221818d4be45306e205813789":"":"b5b36719bc4d13a5fbf37188ea814cdf3c97a430784330540325c899570e15482300bc82c5b8163074e0544c5132e3ce93bba68bd7a8d2db81d1431b424b697c1158c4d70625666d5ff99145ca34856815c905b5a0fd95806df56b9cd5b384bda3e394b409048eb1037144cc071539c02397e931da28a43cc354d584643afd4f":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7a66db3450dac9a1e63d2639f34c5c6a3fbfb3c8e8230199":"21f8341529b210ade7f2c6055e13007a":"1699bc8c198ab03e22d9bc4f3682aad335c6e35f3f616bb69769a9d5a202511797e770ae0d8d8528ef7b2bb25b4294d47427b43f0580fa71d93fdef667f4f4196f84e41c0b1978796d0de74a94420fb8571bff39137fa231c572b31be9ae72338288bef5f8c992121dc918538551f346e279a9047df14ec9fc0fd399cd3bd8d8":"6463a7eb2496379bc8a5635541525926a6f9fa718e338221952118ae4cf03a85f2074b4ebaf108b9c725809be1e6309c3a444b66f12286f6ea9d80c3413706b234b26372e8f00783819314a994c9e3ecf6abdd255cbfe01b3865e1390a35dcd2853a3d99ed992e82ec67ba245f088cb090adade74bdbc8a1bad0f06cbea766a6":"4af02b81b26104d1d31e295a":"":"53fe6a34d280f2c96d1ae2b2e8baf6abd67cedf7d214312f75dd4a1bec28a641dda3e71aa398726b2b0b1f515e1f4259ee97acaf17f122db9ec7814c2de6a88d36c3ac106396ad03d337c2cd2d2b9b4b7170e23a5848ca7ea129838f967dfdfe83b45ff2a9be699bfb2346115465d59f074f09e24d8fcbd9ece0018c92776c43":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1f5c818f24d201f9fb23fcca211b0545eee5c5c9b440810d":"3a163067bdd90fce0406d1c198a88771":"a5e94e233d04fe0c4b6c4684b386902fe05096702237dfbe76f73befa69b6f30394cf9fe3358997942df65842748fb4f075a3dc06e147bd8d67fc4371113a4d75c70219257c650a6f38a136659e20a1cf3a119397835c304e0fb2a33aa3c3019175c86463043d5edc6992874f61e81cd0d26af8b62cf8c8626901d4f16d84236":"9a7566817a06f792e96a6a2ba8e0a01f8837e2de06796e68b0782cc54ed0b04fc5e24a1ad37d5ffb035548b882d88150e89915b89f57cde2bf3c43ab9dae356927daef6bd61cc9edd5e1b7a4abea2f71313677f1b2fdf3d8d4a7e9814ea820fbc3e5c83947db961839a985a57ced7f5e4a1efffcfd17a2c806d4cdc1e79162da":"b124eea927e2a62a875494a1":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9a301f7edf83da63bcf37216a3a33d7613331c3210281dd7":"d73a546b0fa307633ac89506fa86138b":"f57fe548cf4a551a216ffb24a1dcf1b79c95f9abf06443fd58af042d287c2165db373c82a94172db517840f22e45e966e3ead91ce1ddad132bcb844e406e84b76a0b5b0ee23064b66a229f32a2d3b9c71103f020c4ba57fc0f0608b7114914cf2ada0c5a9bc4afbfa9ce5da320f34beb2211d569a142f53bfd262f6d149c4350":"e09cc8543db7804870004706a26e94b457c125bd648b581a196f962f2ae8fa55d9bc66530ba5020e22d282080b4720dc9a2096a11c0fcc3d9a67cd1cf95cd7cd2417ba308c761e64be24347a14c9423447094a5c72a0043c288b35e753ba0aa748f208381249fb1c8d195a472192404b6c8172663ee4b4d4ecfa426e1fb003f2":"f536a3b8c333b1aa520d6440":"":"124a327a8c22b7652886dac2c84b8997ca8a6f61c9ba9c094b5aea41eaa050a6df6cbf280259e5466071bcfa53b4ebc76c3cc4afc8c0385189a5382933aa57c89aab78dca84331e0fe8f0aab3a7857d3e13f08dcd90ec5f0684f82088ef8eb7fd67e75de43b67afc3a0beb458f5ebd61b2c779e6c539d795c667bb7dcc2b762e":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fd40e8226fd13cb95ba50b7cdf0f07f7ab7037cf8705ca50":"3406e70cbe16b047fedaa537eb892279":"390b18d22d5ecc0b5a524ae9afac6fd948ac72d1360775a88b385aa862cce8a27f3e4b420e539bec6e8958f8c1b5416c313fa0a16f921149a2bfeae29ad2348949b29a73970e5be925ec0c35218b82a020cf21bb68c6931f86b29e01b85500a73f3ee7eb78da60078f42550da83b2e301d151d69b273a050f89e57dfc4787cbf":"75aa7df5c3c443d48ee998064b6fd112c20d2d90c98e00d025ef08d1ad3595385be99de47fa627549b827c48bc79eb1dcaf2f1be95a45f7e55755b952aee5ae0748e68bee1b014a628f3f7dc88e0ebac1d1d00e268355f5101838ce125c57003aebc02a1c9d6ae2cd6e2592f52c0be38cef21a680ae35c909cab99dce9837aef":"69e06c72ead69501":"":"6e8d661cd320b1b39f8494836fcf738b0ab82873d3903c9ee34d74f618aea36099926b54c1589225ec9a9d48ca53657f10d9289c31f199c37c48fb9cbe1cda1e790aaeedf73871f66a3761625cca3c4f642bc4f254868f6b903e80ceeeb015569ace23376567d3712ad16d1289dc504f15d9b2751b23e7722b9e6d8e0827859f":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a85ab87563b809b01725764d64ba4cc6a143e2e0362f0c52":"9f991ff16a3e3eb164a4f819c9f1821a":"df289511f78d8fa2505afc4c71ab1d7c31a8d15d1e5fcbb29d70f0e56f89c4d7b30f1b3b4745b5d2cc7af34fb4c95461372bf516ec192b400dc8fdb0ca9fe1f30f5320d0fadf20155cfcddcf09233c6f591c1c89917e38a003f56b94a1e2429d1f2b6297db790d7dce84d9fa13d2d86a0e4d100e154050b07178bee4cdf18126":"ef43629721b50bd3656b7ae31b6e4b4ba1cf2c72ed0460ee7d9fb416631ddc597e5f9aebbcf4442b95cc46e28476a464dd87caf9c1c1d6c99d3e3e059dc23f8d2fe155ff5e59c50d640bc052c62adee3aa1295b38732e3458f379e98a8dbdfed04c22a5761792e87fa67ecbcbf3b90eb1bcd1d3f49e60132452f28afece83e90":"dc4c97fe8cc53350":"":"ff0e531c7344f0425d62d5fbedf4bc8d3d5cc80647e67b852c1a58ad1516d376d954cb8dda739f6a4df3cf1507e59696610bcb6b34340d6313028e00d7197845d392e73331aaf168b474a67364d8f9dab740509fabf92af75045f0afabc1b5829264d138820952bbc484d1100d058a4de32b4ece82746b2b4a85fb2993d4add8":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f4f1e03abb927ffd0b081b9dce83a56a6dd419a6313ac34f":"d1e29bb51a3c4e871d15bb0cd86257e2":"ae2911cdaaad1194c5d7868b6d8f30287105df132eb0cecca14b6e23ec7ac39cc01da1c567a0219cca7b902cc2e825e30f9524a473eb6e1d4d1beff5ab4f29103b2c7522a33dd33182fa955c4f09a75196b1072a6f0340fc55a802d29c7067f05219c21857ebff89ada11f648c1f28dfbfdaab56028f05509de17e2381457ebc":"0e70421499bc4bcb3851afa34cdf5be374722815abdd9bcee5f332dbe890bdc1c0210ab10667e5bb924bf3c1120e25a0c074da620076f143940989e222086d1b34a1200d09aea1f810ef6de7d8520c65eef9539fde5a6422606c588fce6264e5f91f934ede6397c4b307d2d7e07a518fce577a427fa92923cbba637ae495afad":"44f760787f7bc3c0":"":"2199fa5051461b67581429ab19de2ccb50b8b02e12c0e1d81a8a14929f84e09d9715b7d198e77e632de4af1c08c5041276204a7ed76646385e288e96e1a4b0b0f2b1a9df7f0892beaea3cb58d9632720158f6daa4cbbfc0ebdc56ff6a5175768ff2abd24cb7669bc3fe40f8aba7869d2dd7dac86b6ebc4e4ce261edbec88db17":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"33efe20433c6a1ad261a1fed494961749e5bf9d35809b59d":"dc94673b0c49c6d3b4611e278212c748":"919f7397a6d03836423b7cac53177fcfbe457d4aa4348646f646aae1bc5a15568cdb8c96fabef278ace248aca531110a4f4f9e8ab0c32525ad816ae3facf03175232dc84addcd6065f9cc1f513966b63fd27e91a09f1921b95d6bd8f08f1dbce073bcf827847f774514b478b9d7fb5426847dd4dee6f39b5768c1fb729b32d03":"cfbeb61be50def25f513346498f75984bfe797a8ad56be34f2461e2d673f6ce14e7479a59777267b75dadc6b9522599ebe5d7b079495a58ca187ec47796f6ee8c322278ad7451b038c938928adcff6105a8ea3780aedc45b6a3323d3ae6fbce5da4fb59ca5ec0a16a70494c3c4859672348532505e44f915e0b9b8a296ef5225":"c5098340":"":"c5e47d8c60b04df1974b68a14095d9bc8429a413d21960b15bae4fd7356bf7872e0da0a1a385ca2982d3aa3182e63ea4bb8ca01410cd4e71ddad34aa1f12c1387902b3d56634f89c619a2e6756648ab3bf90e9bc945afc9140eb935b633bae96bb067e9ee421697bcf80b14b1b88dbf13e010b472a7ca5411db36848b9c7a37f":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3ed5dadefa0f6d14fedd1a3cdbab109f6660896a952ac5ab":"553a14f1e1619f9d7bd07cd823961f25":"eb8ea81d3e328a1113942cd5efd0f2b5e7f088791c8fc05690a34584101c4d493628ee7d0099a2865ac194b9124c3fb924de0c4428d0a1c26ea3ad9a0bc89187a16673e3b6f7e370dfb2dc26e8a56a9cf91f9c2088c020a766efe0d0c91689743a603f2cd1e300a6a84828b3b515a4b9a06e6bb20457bf124cd6ce4ac8b83d51":"aef617f69724e020309ec39d9587520efda68a8e303686c3a41ef700cba05b7c6e43e95aadb1a566f61650c87845835e789eb2366941e3bfef6d9846af0e0dbc43249117ad6f299bbc40669ac383cdf79289ada6ccd8ccfe329a0dc6a38eea1a99550457102d10f641cda50c21f533b1f981663f74a0a7c657c04d9fc6696ff4":"dc413c4c":"":"bc1f34991a48aabb0fea513f790f0d223e9feac4c99fa1e8427f01ab8b4b2827cfaf239342de36051a846af0306a3f82e7aed98dd0416fb078bc7f3b617b00ceb2cea4ddafc22dd022efa8303e9804510e0e888065d8427345156d823f796f74130c06db9f9934435552b4fefd051953e20ecba3a4514ac121d7d2097d597439":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6d97e8bff3923a778504fb917dbc1428a1328587047697d9":"0c28dc4cd53725091c2fb68a476c2e40":"f3932f5e82d75a1e3eba1591c17769e1a45819ccf057c31e76fa810b93678766d25905e859775c244e96bcafbc75c4a2d95e7d02868ccb2f65e49276f0b645ac8cf6e3758402304a3c25ce2de0a49f401b1acadaff8b57589b45cc79130ddc8387f41cc383e33ef38eec019152051c756198d6f782ccf56297b9fe944269a65a":"dc1a81efd51e967767f5bdd7e2e425732c1d28451f2bf5bdf3f5a6492279330594d360dd8a193e5dbde1be49bf143a35c38bcd059f762ada65c5119e097f0976891347f4d829b087bd72daa3494b344cbd3370c4459ca243bd57aeda4cb86cdd0bf274f07830cdbf5e5be4eb9b742ddffef8aa35626d2b9ea0a29d3c3d058b28":"e6d6df7a":"":"39327836e9d8cfb59397adcf045a85644c52c3563290795811f26350c8bce8f55ca779cbcd15479efd8144b8a39ef611153955c70bf3a7da9d4d944c2407a0d735784fcb68de1083eebf6940ebc9cf92f9f139c01404b503ff64e61126a94e881351473507884357040fd32714b872c254349071069644e2bd642905521b944e":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2c78e29971e90a01bb65973f81260b9344fa835751f5f142":"f1a23ce6e2bc9088a62c887abecd30ae":"":"":"d4d5c22f993c8c610145fcbe4e021687":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8c582d5b6a40ef0e4048ec20f0263572d7cc82704e380851":"ef221a1c66fda17906190b7c99ab60b8":"":"":"6327dcb46ffb3d0fd8fbf3d2848a8f01":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3a58abadd29e946e23ca9eb09af059913d5394971bda6a4f":"7c29b3196d44df78fa514a1967fcd3a6":"":"":"fc123944bbea6c5075a5f987aed9cf99":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"04bdde4c35c385783715d8a883640851b860ce0e8436ec19":"783f9a3c36b6d0c9fd57c15105316535":"":"":"23e21a803cac5237777014686564f2":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4ba5fba0c22fbe10c2d1690c5d99938522de9c5186721bac":"2acc2073089a34d4651eee39a262e8ae":"":"":"7ac742c859a02a543b50464c66dcf5":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f12890b0a8819faa5a8e0e487f7f064af42fa6d5519d009f":"c937615675738f4b3227c799833d1e61":"":"":"88300bd65b12dcb341f1f6d8a15584":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"51878f3630298a81297f4a21514fea637faa3815d4f26fae":"1f939226feab012dabfc2193637d15b1":"":"":"eed5fcb7607c038b354746d91c5b":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ae596e74840a600556a06f97b13b89e38f67c152f1a1b930":"e2076e1050070d468659885ea77e88d0":"":"":"b4586bdbd4b6b899648f2333eee0":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fd33b7a0efae34339ca987b5eb8075385fd1276e63cc8530":"2d07bb8616fc0bbb71755a1bd256e7fb":"":"":"6b60d645220cfde42d88296ac193":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5685b12a6617d554c36b62af5b8ff2239cb3ffb1d2c40e14":"6c31194df99d08881fa5b1dd33b45a92":"":"":"69431593c376c9f8052bf10747":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"036ae037410dae9f0741608516d03b855c9c1851df8c54a4":"73599275f8237f14c4a52b283c07275d":"":"":"6f7249d25c9f273434c4720275":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ac144f39ebd6124bad85c9c7fb4f75bff389ece2e8085d83":"d0871bfc3693245be478e6a257c79efb":"":"":"5a99d59631d0e12f58b7b95ccd":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a8a541ff11a1b8548e832d9e015edeccc94b87dadc156065":"c72bb300b624c27cded863eba56e7587":"":"":"ea2528e7439be2ed0a0d6b2a":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"30dd8f400335e9c688e13cc0b1007bd21736a6d395d152e2":"28899601fa95f532b030f11bbeb87011":"":"":"35625638589bb7f6ccdb0222":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"cb8f672b04d706d7d4125d6830fff5d2ec069569bea050ce":"375d4134e8649367f4db9bdb07aa8594":"":"":"70610bf329683e15ecf8c79f":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"bf71e5b1cd6eb363ecd89a4958675a1166c10749e1ff1f44":"9f502fb5ac90ff5f5616dd1fa837387d":"":"":"a4b5138122e1209d":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5b9d1dfb2303b66848e363793bdca0e5ada8599cb2c09e24":"2ee96384dd29f8a4c4a6102549a026ab":"":"":"3b33a10189338c3b":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a35ae271f70ebacb28173b37b921f5abcad1712a1cf5d5db":"8d97f354564d8185b57f7727626850a0":"":"":"813d2f98a760130c":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9bdd0cb826d5d28c2ab9777d5a0c1558e7c8227c53ed4c4f":"daf13501a47ee73c0197d8b774eec399":"":"":"a6d108c0":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"81b4d5ee4e1cbee1d8966fb3946409e6e64319a4b83231f5":"bc2f9320d6b62eea29ebc9cf7fc9f04a":"":"":"a47cdadd":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,0,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5813627d26d568dfe5a0f8184cf561fe455eb98b98841fe0":"817199254a912880405c9729d75ed391":"":"":"d81d9b41":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"94f160e2325da2330fbe4e15910d33c2014f01ace58e5b24":"80a1b99750980bf2be84a17032fc2721":"066fdd980cf043a732403ee5f65c82ca81e3fc858ad3cfa343014a8426fd3806770f127e2041efb42e31506ce83390ac5d76de2fe1806df24ce6e4bb894972a107ef99e51e4acfb0e325ab053f9824514b5941ab1ec598fbb57a5d18ed34d72992a19215d914e34ad1a22326e493d1ff2da7bc271c96ad3ab66d0c32bd711293":"":"dd153cfd7aa946280660c445f586fa28":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4785846f7c0524e78f3eb137fd433e1808af64549af69183":"5334476a5fa3fa50dcc4b12f8ac00b51":"e70f82d1e3361ac5a5c9a087e47984d5533ba296f9b7e4a192a4ab28a833cdbbd5cece3415cf6fbb2f8055560b5c31c98d83d139954e1c03a464739f1eb5ad982c4371cf20b8984bbd97d5f40b336f5e96df3d272b95f7547be15c3bc05b3caac7d08c5eb5de8bdd246e74f6caa6bff76ea0417730ce72b911867f88fdcf73a0":"":"c59231ddaae98e0e8db6b3fe8f4d3427":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"49b085fe1a8e1ae769ed09fc585d29eb24d589689992e6c5":"899878b0684fb865d30190821817b88c":"f789eafe3d02826b619ca4fbca7bb1919e5c6f7c33824a2f7f815dc50e329979705f7ef61e9adf7899d34f1b8840384ff62ef6d29eea38c45d12be9249aca69a02222cd744d81958c6816304ff0d81d6714a2023b3dd9d940db5c50afd89c52774d28d6afde2b6c68425b6acbe34682531a2e57e2b9a7729b3e8d96a729b15cc":"":"2c84bf7a8947ab93b10ae408243b4993":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"75847588760ecb6ca548747b743914c89fea367a5ccb81b6":"7d8a9fd254e2061c01e39eb574951924":"b03c57dfd49152401a225357f1d6e533f3a423e5cfce07b8ae7ca9daf68645e5bd67b3ca2421eac447530b27c6dc6bd9c7f1b22441b8cc8c4ac26cec2c9c0d665a35b66d779a3772d714f802d6b6272984808d0740344b6abdb63e626ef4e1ab0469da521c7908b2c95a0fd07437c0e9d4d2451ae189ad61ff19f4efb405127c":"":"e8aac14b53cdbc2028d330fc8d92a7":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"e3a18a96d2e45d2f60780dc39cee7160e28cb810bf09858c":"26a4d659665ded39b7a1583de756d0ad":"83f8d9c58169b4c68032321197077ff5c8ee4ebb732b040748e1b55dcf53375ae86fb9646a672b5c5bc805a92c475cbb6d0ed689a58abdf2230250a7d3fbd8cfab07835fa85e738a7f74bc3e93616d844b1ec61b79f23dfea62e1815f295d43f61d7b5956103b31ca88afb0b3d37eb42cf77232dbf2258065232971c397dcbcb":"":"dc034564d4be7de243ff059b5f9160":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7be3909170ea7a2ff76f9f28241d8cc48ddeafa8517c6f8c":"8dee7e29350c60c5bcfec89da6617d2e":"f6e9e7a7f9716760eb43060d5c80236a0f118b0f750ebd5df01fd2dba95c556ecd2e54a3f337767321abf569c8137a8e48c5b44037ba62951e9f9f709e6e4540a36d769f3945d01a20a2ed1891c415a16d95cab7ddf9bcebf18842c830067509a2a5d49a9684324c433d53824d2f8fd326b149af17f40e5bf5e49185738fba60":"":"942b52277e9dc0a30d737d00f5e597":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1fe413bafc4753e1511b580c830449bee56e0e5b9acb852c":"e30829f64f3eda13bfb2ac572aceb3de":"6c772d08b4d7507e35804572fa697c646c77301954cc5c160941e49e230697ed8c23338b9f30c3ead69b1c1a2329ff025dcd3c0d0a9cc83fee4979448aa71ddb9d569bedc8c497a2a4ac3b60d087d7872f0a110bf90493ae7da03b0953734223156cd2d6c562e4a978a6dd5cdb229dd58dd4d0f50ac015f2f5e89dac4aa29a19":"":"87737873b82586bb29b406946cae":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b4bc4378d423931f9b320bb57df584c641406c1daa7448ad":"eca70e10c0358838a3f4a45c4b016ccd":"68d1c045c1604e3c3dd4f7c7543240aca8dbc5266dc18c5a8071e8b09e3700b7cf819044b2722d8db92021f42a0afb295d7b16ecf4e4704a50a527a2e72d7f53617c358e3b7be3d7fecda612ce6842fcfaa68f2d1b8a59d8b8391779f2fab99f820862c94029f444abe62367c5de0a4becc359660e4a5366f7d482bdc362b866":"":"06f95ca69c222a8985887925b15e":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1cd4414ffd24e830e2dc49727efa592e430a6a75391cf111":"a08e32ad7d63f975de314ad2c0fa13fc":"20a271f1f4c6bea8f1584ab39a7179ec448650e2ff67a7338d1bc9fab7f73b2ce5222cd07ded947d135d9d0670dc368f0a4b50ece85cbf641877f9fe0ac6a7e6afb32fdb1b3cd35360bb80cfffc34cfb94dbcbee9ca5be98a0ca846394a135860fba57c6f0125dcb9fb8b61be681ada31a997638ee172525c03dd13171534a91":"":"c68842cafc50070799f7c8acd62a":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9e0ef9ed5e6f00a721a9893e1f0d9079c5aa667a4cdd2a52":"5f015fd556e87ff0d0df586fb452306d":"b82986135e49e03f6f8f3ce4048ded2e63ee0c31ddc84929e022ee8561159179b3bb4403ebdafdf6beae51ac5bf4abed4dbc251433417ece3228b260eca5134e5390cba49a0b6fcbbbabb085378374e4e671d9ba265298e9864bfce256884247c36f9bddceb79b6a3e700cb3dd40088ba7bb6ab6aa11b6be261a7e5348f4a7d1":"":"ec9a79a88a164e1a6253d8312e":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9bc8f15d98e089d60d4db00808700053f78b33c31652c3e4":"5cc0ff9bb7d5b9b2aa06f6ecf669d5bb":"24ac95a6ed2f78853f9ab20f53de47e7f662f72aea454141e2131aace7ed2daeb395bbccdbf004e23ce04ad85909f30151b6526c1ce7934726f99997bbab27055b379e5e43b80ad546e2d1655d1adad4cbe51282643bb4df086deb1b48c1bd3ac3b53c4a406be2687174028ecf7e7976e5c7a11c9a3827813ade32baef9f15ec":"":"9779b7c3ece6c23d5813e243ec":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"19afc43a4481f796d77561f80b5b2e1514c96c5d1d86e64c":"d4c06595fefd4a81bbbd4b40c2e1989d":"98fcca51352998d0126b5539e3fb9a238ac31c05954fc206d381909aee70983b6ab99d3f3efe8530a1c3cfe3b62756321b1d0771a5940055eba1e71fa64f29291aa5e5b0af0fcc8e6f5a02688d9e93417225eded791a35217822ffb346d3fa2809b65abe729448316be30cf661137d3c0e49846cb0df598d90eda545afb64a5e":"":"ca82448429106009094c21d70b":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b4fc31dcfef6203fdb296cc928c13b7df56bfe6f32583057":"6308a78dc8f3c90442dc52196649c38e":"2567d80c253b080c0158102558551445d8ce4d5ddee2014a2be5cbad62e1717a0fd4d2059447c3151192951eb11a4a7b19a952f6ba261c87f10f4c9032028de3cc5a2a573a4e993a690fc8954daa3ec92743e7343e75b646c4fa9cbc3fceb4f5d59bb439c23754c4d9666fbc16c90c0cac91679b6ad1bfe5dcf6bd1a8a67c6b5":"":"9d1603799e2485a03e7b05a0":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1c2d9412486c381440213e1588b6bb58b0da53300b9d3089":"727ed8846daab874d5a9918b47d016f4":"656430f0c1423018b5e2efbb1e32a5385c1a9a1779c4dbd585dea91edc39ea8752ebfc2d8064251a8a5ae71e1845f24a7e42c6371c2ecb31e2229d5f4923bffc21d4804575a84836f3cf90ec6047bb360b558a41a975ece111b5284dfa2441705a6df54fc66ca6cc1af9163ecc46902fac337d5f67f563fde8e8e7e64b8588b7":"":"05ee6ce13711535864674a5b":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"abf7a97569427225a4bd5143c716a22e62f84c145bb51511":"e255088cdfe8ae5c9fea86d74d2f1b7d":"b850993300f54d078f83ceb9aef7345bbf758f92365b6625c210f61dad4f2a2319f51d883a383a706392d3dfca1706eba585a6fac8bd4294c0bb2cb3f6b454d5c97819e8e5c926754840261b07ec4ef1f87cf281d75c187839689944230306e1903047915e086043990745864819ad713d34a244aa4e9d755fdb137105d7eed8":"":"0c9c17388d0610f99d0a093f":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"45a6df655e88bc880acff41520aafd0cc8aa8aeb8952fd06":"1125e1de94970c9e7be70e58e7626ef4":"fe9838a445b8edef19b3e9f33c8c0c265b3a12c97b8ec57ceb94f65ae5227177de38f1e338dccb2b24e5bd0f0eb8127f83eba0f1ddfa55198789df0cdd1d977fcb985ad9c7d51b96e749d2cf3cc7a1ec4dfcbc641a1a022d55def328e081af890a7e699f2dbafdf506389e045aa1219239d5868ba675a3925602b6fb6f6e6d37":"":"1c3bd1e0d4918e36":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"279f4f2ab4b70778fdb9ca7800cd20e323601d7aa2c75366":"0f7b402560735cf03d5da58de5b6c685":"7dd9a8c848bbcf5127161c8a419a436a0dad559f7c1613cdf41594e177016acb1ccf44be852185c42e7120902a42efe83855995ab52cf5c190d499fcfd698c671fd72949dc3ea7ddb874e586a3aa455a021cec7b5f8608462ca66f926aba76e60a5846d4eb204155cd3c1328da51ba35c3007b8bb394f34e3a8b81ddd2ea1115":"":"dab612351f75e2cb":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6716ab937755684af7403e6fba5452c1b11568a9047bb50f":"2fd5a446dd564619ef75b6e00905ffe0":"20d261d3192996c21da69e979c26f5f937e6ea4cb7b05c6ef556ce4d86ca0fe85ec2425d274c43b5212fe9d27bb48b04e887461a9f45f524059b87eaea2e287a8d4537f338b0212012a9d4b6610e8c97dd554e0b3c3133e05c14d0ddab3524c93fd527e223b1996b4cff0a4a7438f1d54890bf573cd803941b69e5fc6212c5d2":"":"f1d743b7e1b73af5":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7dc94b5bbd6315ad8d2b67f0c683d10cf456f822a3ebb024":"6f3eedeb57dcf12bfb3cd80849893c90":"ee1ff367f4b23c156e3dccff84ae4bf2b8ecec1fb5ffd25ccaa93b6c6834389bd79655bd4bac75238eb0f65d3603ecc57c8774798309e85b6677e78ed2077b712cf28795d0dc8fee994f97373a82338ef67c62378136a79a990ecbcd6367445e805efa98f9168826e57cb8dd7e7b1d5c89ad98358646fa56dd2a71c40e0275a1":"":"4dc74971":"":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3bbe223e253bf272599e28af6861013ecd0c88710947ed41":"4fbf09ffaffb600f0de38fb12315cab5":"5388146f6479f7b3b280f45655a95b847ee27c734fb2fd91f6c009b1ab1810c772c7435d3221069f9490d251b76e740147906ac1db1c209c175b21aa10881c44fb307d4d2900aa3b1d56fb0edb9f2a58505653a17fee350e12755b9656bc65c78c1593d5cb7178e29f82209caf53e60fddf725f6957cc9718bf410c4a0229ed4":"":"fb845ab7":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,0,1024,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"461877813acfe6e9979eab729b52e3d192b3236758bb6563":"6985cf77b75a47a3978dd6412d59200b":"385551854a89ab37063ba0ed911501b3d632153c5c2992e154c0a334bc36620476f11495437b842409e0954f7352cbf288d158bdbbaf72621ea2ce75b708bc276f796c5aa7fd0071e522c5f175a9e7787deef79f6362101aa3607b4588f2e1df7127f617c6073593a1c792b959e201e4a7a43ea8b1c3af026376439ef629266c":"":"c840d994":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"09770f9114120a2c1c3cc416fe0eb8699e07141158a5bdff":"cff291d2364fc06a3a89e867b0e67e56":"":"875e2e5b5c02e0a33e71b678aa29c15ce18ec259cf4b41874893ed3112daa56ff2a7475681b8b3d9028ef184d30658e881c908f3588f69899962074db4ddfc0597f8debb66c8388a1bccf0ffe2cf9f078dc1c93f8191f920754442ad4a325985c62de1a57a25de4e9ed5c2fd0f2c8af33f3b140bac12bf60fdb33e0ec557955b":"81f1eb568d0af29680518df7378ba3e8":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4fbf1c785c087ad06b43d4163cf9b9396deffd3712856379":"1c8f41424acaf009996ceaa815b24ad4":"":"96a690e5319c94d94923988025307e543f16fd970aec24524cf9808dc62b093359287251503f4231bf52cd1a16a80bfa82d8f585d96855dc1932f4919a92da2618d6448fc18a234f9acb386ab4ab4a9e38ea341e7c54faceff38c162d74e7fabbca13aadb71e9c8ae6072e7bef4073cf08aa7faaa6d639f98d15bad4ed183ced":"9f3c0349c5a4a740a82d6d63bf00fb17":"":"6100b091e52366fb422251d9b68974b6c666a62a8bb77a1ffd7c7d1ae586a6ee763b84dc11aace02a25af91d194b70b3265ec46872fded54275b7ddb26ee1f20c857328f46a694fb1dce68bcaecbd587ece5b505d658d57d50333e30b639eea1f6537b37c175f62497c6c84e3cfddae214285d2d68d90dd5cd8ce2273d25c8ca":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3e0ce4fb4fe4bb2fdf97b23084ff5671b9b899624184acef":"a950ab0dd84115e3829ab0ad3bbb1193":"":"df89974b1534f0ba262bbea5efe39d8b72820cc8a720cc99520fedbf667515c3f6d8c3e25c72c48c1cff042171df58421741aacb2a49f23167257be7d7004d56b14901b2075eaca85946e9fbf1bbf4ae98227efc62bf255a25dd0402d37c67ba553531c699dd89ff797e7a5b5b9a9aa51e73ca2dacfda0f814152aa8ed8c79f9":"25cfde73e7a29115828dfe1617f8b53e":"":"847b54e176ccc83081cb966efc4b4a3bf7809ce0b4885009f620f61fafcaa78feee91a835ae6c1a942571811108b1e81b4c4ddac46aaff599c14988c9a1fb9f387ab7f1357b581568b7b34e167ac2c8c2b2b8a4df3fd7ad8947a363c1c0cb782ec54b1901e928821cf319669dd77eb37b15c67f13ad787ff74312812731ca3e6":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6be3c66b20e5e66ababbfba1b38e5a716eafce23a1767b69":"3a2acf69bba19f5d1d1947af2cfda781":"":"de1cd978354a499415176f260021abe0a8c5bc34d166f53d20e02e413e1377ce4ef5d7f58337c62251a3b4ddea0dea23c40e5de037fd5dd8a558eb53bffa4e8ce94899afa8284afab503c1a485999a154d23777f9d8a031b7ad5c6d23d6abbe3b775c77876ad50f6bed14ac0b2b88fb19c438e4b7eb03f7d4d3fcca90dd01260":"f826d212f7c1212fb8a8bf23996826":"":"fd1f7b56e5664cf4c91e58f7c50f6c5e98e42ca2e4adcc00348cee6f662b382ad4022da54a47d8faeb9b76a24dfc4f493c27fc0bc421a4648fad7b14b0df95d8752013feb033b1fd971daa2c9a5df898bece6a3b8fa078dd130071df20a68cd0f394be25dcbb3e85bdfa0df4797fa6f01f5f0da7a6e86320207ddb5b3be53ae0":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d16abb9f5b38d7f5abba9dc36995ce6ce928ed822a07b7c4":"3cd95429c6de1d327b9eb3c45424a87c":"":"e72f29b1fc1dbfc2d93a0f3b79ea4b9806ce9b2c4d490ac5c0c3c793df9dc7df5471e834b84d18afa5a7516f9a6a813a9b65ae2f083a854730547e28a1f60fe97d8dba1d2d433e11847b9bffd8873ec634e64365530c905dd6f274e45c9795ac127a6f356f63cc6c116c5dd8c628e7e17e1fadc58f8452bf21f53c4133198118":"13521236f190f78e75c0897c5fb237":"":"cd8bb97c28df092b6783ef653fd26f2bdc27c442bab0a4c7bee2789f389dcd1b280c0231672721bfbbc939a0449557678ec61ba0afb2e5817e6f7d94387f84ecafbfa1216d65e7f5025f47b0d2905cff7c99adf8306a3d9850c5908be05f87cb1d36a4837dba428aac97d7fbc18e3778f8d81a319259504c87fc94bd0766ed93":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"0bc344b1a4078807e5f53a6e7e1e36fa83108473ae2fb4c2":"bd505fcba464e6e2c58fdf29f5695fb9":"":"8bd73f94c71e3765bc7d17fdc90a9ba6aff9648b46300e4048985fbbd7c60c39c3766f7c524780bfc2296dc11e1132134921760a373104edc376eab6e91e9a60a5c4a5972935df12eadae074722bdc0147c3caf6a62fd449ef37d76b65f6d210283c94ac524cf13186e444d80a70b01e4373cc0462546f1caee6b49e738a742c":"8510fff71bb879f56ea2fe43f6ff50":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c8097398fc21f93eea6a95aa93a3231096817b65520bc549":"776248381941e16908f52d19207881f5":"":"80b0abbaebbd537a0810ed75cd172d29d50f5982e4d01f8664ddb2dfda8f57fa0ed87e64a779a1d7f5e568b6acfdc739572a7176752307b430fb1fa1c3c2c346477cebe7d01b16745ca6c8929a7f446c03ad9a9e8a5a935de78ca6c701e8c1c5e6d2550c42949cf5342fb5ef4c6ab9bb02ace8388b16edf72a1237e5d1d0e820":"7fc4388b2f8eab0f0c2d6a08527e":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"76d4bb5694faaf344db83bc6d6c47d56bb6ab52700826f2d":"603977845d82faccb401817ecce6e2fe":"":"9e31fda6a171f0d4a5f2af2c4f827b1312d9dda5d78fa329b8f1b6373b9b29be358601e5bb0d0c615aef4b9e441c811219f1f2ff2d0ab23e0cd829a88b5b615ee72e5e3ea604fa26cc6438ec4c30e90f7348e9116adf8e8efb7498320d2da16679fa546b1aa9afc7720b074c4e48e06862d41428c9e71a4772c2e195a6f36978":"c955a3bc316841be07e406d289c8":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a3e5020695587984074d78d9c98b8e1a5719e5f88372740e":"4cd56de54e5140a587be7dfd02d3a39e":"":"c0bfe3b2dc4dad17ec5a7662d86847fb67e582cc0baf469bc9baa7a075d48a8b97521a1072c2798bfbdae5ca3752eda1cb96fe5cf24af989eb77a2948aae3d8b70d83d93f84c49347f788480f34051621c358c03cf8159a70fc72cb8bc02876234ffe76b181da8b22b8796c87b0904da1af46de519c20d8d1b1dc7cc24e39ba5":"1a29527a41330259f918d99d7509":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"afe986ead799727063958e2ce13ca846f76c51605439f839":"f85a95ed10b69623162ab68d1098de94":"":"7c1b354a5bb214bd95147e32d81e658705089c38035d0ea423eb1a5c82f97443c6903d2cf1ba7a007eec7c8ff98b8f82b073d9636a79bd47c7f2f639a8eb4e92076f9ed615766f43ac3a4f1687301ed7d507766605e0e332880ae740ab72e861a2cb6dce1df1ff8be1873d25845ee7c665e712c5bbe029a1788634bce122836c":"3cf1cdb4a4fdc48da78a8b4e81":"":"a7f252ad7983e7083260598051bffd83f40f4d4a8b580cc2388d720a0979dde71549ddcb86b0a62c4964fca591d0982f3a203f2f8884ff4991f17e20f759ea7125ba2bb4d993722f23938994eb2709c850f33ed9889e5a3966f9d7b76add46aedf230e8f417425f9db79ccd46b5660361de7c5d87f71a9d82c491c0c3daaf56c":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2cfaa215841826a977ae6adfdd993346210c49dd04d5d493":"537a4ee307af3072e745570aaaadce34":"":"e8eb3b6edd0ca4201b49a6a83036445aba1a1db040f3e74511363bce769760a9914e05a067f555ca15a57c6e02e66fbe4e04dd8c8db8d6d14ebc01cc7d84a20ff0aacb69bb3679d6b7d9d2e07deda7c2d4fe4c584fe1166e78d21dc56b9cdad93709c03b9145b887f87b4f605f24f989d5e0534fc71a58e8a8619ee99f69e5f5":"df01cffbd3978850e07328e6b8":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"128ddc83d2170c403a517615056dceec0d19d6fd7632e738":"5124b410c43d875eca6ce298c45994a7":"":"cfe9f7797ee37bfc4f564419bf2268c964479efa7435970874154432930f3b2736438da4dc9c76200009651340e23044bc9d200a32acfd4df2e1b98b0bae3e9ff9d6e8181d926d2d03f89768edc35b963d341931ac57d2739b270ce254f042b64ceac4b75223b233602c9a4bdc925967b051440c28805d816abe76fc9d593f5a":"56ad9c1653f11a41fd649cccd8":"":"cf91f087fd7faf362caacf4a68cff51ec57b3075563e4ad0955df20b366e92bd75c3762cf4a6f0eb859872667a5c55aa5d94f5ac9479b1b9c9345b50f82379d551506a2ab02b0441b14b28b78a12b38500d703a8c19888fe612d4710eec7cd18c16d6a4b55d3c69760e2bed99efc8b551dbe2ac9b9b64715f87180b8e14d1795":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"98581c28983c4da321ce0c419cc0d476d539e77da513c894":"ff10234524433b871202c2cca6acb194":"":"bdef5b65b5111b29e781a6b71a0160179c52b5bccb1ac5c0377b26cf3f61432f3ccd67633a836357c24b5099db0510a7f8110f59e8227cacd11f17ea1798b5d4d68902ca6c6eccd319fef14545edd135078b38d43b61c9af269fc72f7a209ba7897e4c6dbd21bb71d7e93d2d2426ffa1557cae28e74059d3baf06ba419a47b39":"984943355a7aef15c4fb8033":"":"808e28bfd441cb8890416a757d252c986daa8d607ac9cadd2f4fd29eddbcf3b859ba298e14a4ccefe2c2752b123f87b98d6708fde48faca4bc7dd818a7ea76cfa4357932e59cb6be0e9283bdfb49454b86b9fd04aa8cdef503c65d13fcff42e9cd8f142f8c06cf7daa6d8ef8b9c9d69c39e8afd980048fecf731fd674b2a814b":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"167b8b6df8014c8f3de912b77f5a0c113580aa42d785298f":"49da91e926091a448d57d521cc90f3c0":"":"4f787de12ba907a589edf74c8e7a6cdaaabebddd465a86e170e1efc289240298b516fddc43c7fd9bb1c51720a4455db4dd630b59aebaa82bd578eb3cb19f8b23ee6897c1fefaef820430efa6eb7d6ff04de4d8b079605fb520b0d33e96c28f0cd71983c4ce76c0ea62fd7209d21ec7b416881d545824a73d1f9f8d3323fdb90c":"99198f55f9fa763651bba58e":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"71f5f8505fba62f08fa0557dd5407fc83a852c6007ccecc8":"b5efb9feae3de41b5ce9aa75583b8d21":"":"3e19ec02365e450e946123a3362f9859352eb52902a6bcb8a782285dfac9d2b282f56302b60d6e9f53fddd16bbf04976cf4eb84ef3b6583e9dc2f805276a7b7340dec7abde4916fb94b0ed9c9af6d4917b27e44d25f3952d0444cd32a4a574e165a23fa8c93229ceb48345171a4f20d610b5be7d9e40dcf7209128f029fed6bf":"9604d031fa43dcd0853e641c":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4cdb38f8185a4186fc983e58a776a6454b92ecf0bffefe98":"aef257dd44d14d0bc75f9311ef24e85a":"":"1ca72c50a093076e9a9dfa09888b9c89eb36a942072fc536a81713f05a2669b39fdb2871b82ca47dcaf18393ca81dcb499aafcc4ed57ea79f8d4f9bd63540610215b2c65481b294638cec41264a7fdca4230df5fe1e7e3d8d26dcd0c435fec8e9bf778f9e6f13482157a9722761601e08425f6160d3bb626ae39ee1117b0353c":"d951becb0d55f9fb":"":"2eaa7e922dbd8963e2078aae216636276f3f7cb5d7f35fa759e91bddb6e247a93c388241ba1d0d37040c0b9e447c67d35b4991c1acce97914f3bc22ee50171bc5922299983ee70af79303265bc1ae1e7334202460618b4a8891d1a7eaaac5cac1e4dce024ce662d14849993f89e771fb873644b552120fd346250df39aaaa403":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ee8d3aced3aa3cb2166aa66c4a252c12dc0978830d0bc75b":"c15c9c0b0b70c7321df044bfde2b15fb":"":"ee69b2421d43a9f383d99f9802ba4d6cf1c537b42041c86cce681049bb475e5098d4181f1902b0a49c202bf34ef70ea7b787fa685ab8f824fcc27282146d8158925bfef47ccba89aa81c0565eacb087b46b8706c9f886b7edf863701003051d6fb57e45e61d33412591ec818d016eec7dee4254636615a43dacb4f1e6ec35702":"c5c9851a6bf686d0":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4a8538d609444e3197ab740cd33b66db1cf53600096b94e0":"0bd64d222532dae8ab63dc299355bf2a":"":"8c2b8fb775d1b21c41a3dcf48ad6d68ab05be3879f9b94b305a6ce4d799e3a992c1c3a65a3e4eab563edb57424927c90c76e49386e29dd5e7de2800fcc0eefbc8b4f977f71be3754c006ee93dc09b1cfa59c424b6b3987aeb56feefc21004c63e8284b6845e395bc8843cca0917267fb4a8f2db1f7daafe7a9da95083a44de70":"3477cad1fd4098b2":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"447f0f065771b6129952e52206a64fe0844658ed685e39cd":"37e3a300542d9caf3975c6429cb8a2e8":"":"fea5d227869e527882c63a68a6623f4a699df82b3dc715c7260a5554336df8376744c05ae89ec27d40da02d9f1c5e9e29405579fd4132143cb21cdbe3edfaaab62128ecc28018725c8dd309d2376223d2e2edfea9765699b2630ff5d9fe9bec416c0ca6418b938d195d31a08e4034c49d79e3a249edd65f985230b33c444dd02":"06bfca29":"":"e1bdd1c212b159b87e41a5f64dcba6b27aa0f5c8871fabfb588df0e06bd7730ec1beb0e3388f96c992a573ff69b34870f83c53fb65b420c1c6f92e2aa6f03917e8203d77c7f5ee08baf9fab12f9d38fc0ffb83807ba781c3dd7b62edca2121f68ef230b42b8adbd4cea072209d02713789ed559b83739a54cfde69e68bdc4128":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f465e95f6fc19fe6968b98319b547104d0c01c17105f8fc0":"6cba4efc8d4840aa044a92d03d6b4d69":"":"2426f108368a00d2a49670a3b64b4f0569c6da9660163e7b209ec3f8d058ee11f7818a8c5030c5f4ce6e1e5a93faa3e5ae3d0bd5d712fbc891cfeb20845707edcf5e29719a5246a3b024fb12d37bd1b81df3812fd50b1dfb3e948ce546dd165cc77f903c07fe32bc7da7fbc25036679017317ce94cd8a00c1bce7379774f1714":"92750ac9":"":"2e59b104c1a6f6d651000396adbfa009bf4cf8cbf714da8e4d3b4a62bd7f522d614decf090c7552a4b9e8d7ee457ba642d5100c0c81c14cbba8c8ff49b12827f6ebd41504ccb6dfc97cdf8532d1f7f7e603c609efa72d2ae0dce036ec4ab36849a0c06f8737d9710075a1daaed3867ca0a7e22111c0e7afae91f553b6fd66c6e":0
+
+AES-GCM NIST Validation (AES-192,128,1024,0,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f08e3e9f7b3a20ccdc4d98b56f2b567399a28a6b3908deab":"4f4636d1b283bfa72c82809eb4f12519":"":"a986e816f1eafb532c716a555cca1839a1b0523410134ea0426ab309520b339fc1fdeb40478ae76823cee4e03b8d3450e6be92d5ff17b2f78400f0176e6d6a3930bd076a7a3c87c3397dcc0520c6b7b4ff9059ea21e71c91912a74aac2ca70eec422b507cc5c60860bb8baca01eec2a3003970ba84011efe576804b2820e306c":"16c80a62":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"87b5372571fb244648053c99405999130f87a7c178052297":"a1cc81b87bd36affe3af50546e361c9e":"684ce23f59632308d7db14f7f6eddaf4d83271fb0c27401b09518a775b36252540f14305f0dae13ff6c0dc565c9e570759e070c8ac73dfb97abd3285689a7cdcfc941f6271be3b418740b42ba4a114421065a785be3dfa944c86af56da8209779e8736e62529c418b507c6d8ae002cbc0431747722afd64521734f99273de455":"ae078d1554fc6a14447a28c3dd753e790f7ef9b53e35c3e0fe63a7b1b326bc56034847f8a31c2d6358049aae990bfe7575b439db370aa515e225e0ec730488c700a7b0a96a7b8e4e8e4c6afec20decd16fe3c0f3f8d7a6cf7a8711d170829d14c706cceb00e133b8c65c8e08cd984b884662eddd2258ce629abf6b9dd28688c9":"98177b3428e64bc98631375905c0100f":"":"8be7df33a86b1162464af738de582a357d0ce8e213bba1b7913c0d13ad759d62c3bf4366f5130b3af2b255b7ad530b4977627f9e76b07e360c079d0f763dabbd22e976b98cd5495c6182f95bc963aad4b719446f49d3a448d11cac5bfcba4b675b8e4d88a389e2580e8f383f95bf85c72e698680d2a2bc993c9ee1ce0d1f1ac3":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a2d069b826455d5e79e65db4f1d2b6a29ae9f401bc623917":"6d40a0c7813bc0410ff73f19bb5d89c9":"9960376b1898618d98c327c1761959d045488cc6198238bbe72662f276d47b41e8aebc06dbce63da5adcb302a61ade140c72b9cf9f6dfad6ecedd7401c9509fae349d3c7debe35117776227ba167f2b75921d7321d79f4ebca13d20af1638a1567043365f179f4162795fe4fd80b5d832e4ca70e7bf9830bc272b82182f70d2e":"acd6225dc5b9109d56ea565ab38dd4db432a7ec08f0db04f1c6b691c96d2eaaa6be62da7cc7fd75f931716c7f39705ea7cf828f1a5a325955e9b2c77e7fb2d562be6a89b3351b1b3d1355b43b73ed425049430314c16bf0836ed580e9390a3b8e2a652fddbfa939ca4c3c99765b09db7f30bf2ef88e1aa030e68958722cb0da3":"010195091d4e1684029e58439039d91e":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f3252351fe8e7c628c418c1a49709bf1f8e20add82539948":"eacd2b1c3cf01bf4ea7582d8ee2675d5":"141cb39a2fb8e735e0c97207f1b618a4b98f6b9bf8c44a1c8e9ea575a7759cc2a02301274553e7744408b2c577b4c8c2a00e18f8717fd8a6d2f46a44eeb05d685fbef7edeb4229e7ea9b8e419ffcb504d33583b3ae421c84caeca9f9789047dd7b1810318d3765307233567bc40e003401c9f4e1b07a2a7162889e1a092aedc1":"7e8d2816d280c91d232bad43b6610e2d0532a9f670f221a3a975fb16472c2e83b168115e87a487bcd14b37f075e1faa59c42515c353cdefc728ac617b7d273fa96778e3fb5f7a1132f8e2add4a57015b15d1984338b7862356243d1c5aa628406f4a507498eda12d2f652c55e8e58113ed828783b82505790654f036b610f89a":"63a310b4f43b421a863fb00fafd7eac4":"":"699c146927ae29025e5b20088b20af27bc75449e4725ee6b7d5dc60b44ba8a06f7d265330c16060fbd6def244630d056c82676be2dc85d891c63d005804085c93ce88f3f57c2d2c0371c31027d0a4a0031e3f473cb373db63d4ff8f65be9ebe74045de813a4e6c688110d000f6b12406881c08085c9348e1f0315038907e33f7":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"e462957f2c500bf2d6bfa9af97938fdd8930e360ea4175e7":"b380584a3f4e0e59add4753c282f2cf7":"682b0af6592eef173e559407e7f56574c069251b92092570cbb7f5a2f05e88bed0af48dcda45b2930b1ee7d5da78dc43ec3598a38593df7c548058eda3c9275c1304489aff95f33a6cd79e724e8d12ca0ae92b20273eb3736efcd50dc49e803ad631dcbf64376a45a687eb4e417aef08a3f5f8230d3f0b266ea732c21ed2eed7":"82a7a6dd82a5ea3d9a8e9541d854978487eda298b483df02b45c76b8b38bac98ffd969dd160a2765595b19d4ea3e64351ce95764a903f595dd673d13facf5a5594e01be1d60a0c6d28b866a1f93a63a74fecb6d73ac6fb26b20c008b93db53e9dc1d3e3902359fd47734fe22a5c6958f97e9001cc4e8b6484d9542dbbdfcfcdc":"28a43253d8b37795433140641e9ffd":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4a62ddd87f41c6df756e8da0985dcd8c91e73ba395b3d79b":"1d1843e2118772d76a0244a2c33c60bd":"028b92727b75b14cb8dfeb7a86a7fec50cd5de46aa4a34645754918b8606819d4bf8a2e7531a05ae5505492ca6cbc8c0e6d6ab2dea23bff1fdf581bb780b4a3312aa39639383fd10bcf92489801954733f16b021c2e84809345216f8f28a99773341e40c4a64305a2098eaa39f26a93bd556c97f02090e1a6c181a4e13e17d3a":"37a83ee6dbdece212446739ea353cb957b9aa409c88bee042bbc3a6e5199aeb28f2b4b00ff433c0c68d6db5a197566019db8a4c7a792e2839a19a302ee02bee046adce04c1fbbd5b0c457d7cbe277992ce2c153d132269e2d1f12b084cf3026a202b4664bc9d11832e9b99c7cc5035dcfde5991dd41aeb4fbf8bec5126a9f524":"ab738073228bdf1e8fd4430b5c7d79":"":"e702f1bb9a1f395c74fca0ce9cdf29e7332c14acaca45200cd432a5767be38929ef8de43d0e1a5e7300c1eb669ac1ab997b31cb1403af8451e77e63505920af0f8c3abf5a9450ea47371039ba1cf2d65a14fa5f013b7ce1d175859404dcf6461a36e8bc260e7abf739d8951ddf1a3754e2d65e0aa31320a5ffca822023bc0906":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fc46976d38a581a7042a94ea4b5bfe3587ddc65d1162d71e":"b5e92563dd0339df00b7ffa2239d21bc":"7b6f6e104acbcd7188161477d8e425ff99add22df4d22de7f28d0a0075ca4ef848f68d07ed22d3165c08e40890ce04d1bd05b1a6ccb2fec8193d5f7dffc93d97a0c036b3748f708b011b68247a0249b9e1a60b652164e5c2fd7210377de804ac010c8aa08a11f40af97e8370a59f936cd14c22ea7a236d904145adc04a241fc0":"4b9e858fc8f01903e426112192d4ae4686b1ae4d683b75afb2b8c63590275943d0d6d6a23b6d35796a2f101203acba107474ca6f4ff6dd87d6b77785ad1d160ef2755d84092dc70c86db5e639b689943b15efa646aff44b3f51f5d3f4cf6c8f7fc5adfe7bf2d72f75b93b8ee94ef3fa69ea0fc0bb77b3983901fdcd30bcd36f5":"d4356cb417953b01f7b1110c8aa3eb":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"403e49feadd4db763652ed5c4b1e12680cfe0abc30f4696d":"1a60258a56e15f92814b4d372255a80d":"a4ffa9e3c612103224c86515dad4343cbca7a7daf277f5828670834f4d9af67b9a935c71b2130dfbc929c4409bffb7974ffa87523b58890770439c33342880b33319c626bf776c1c0aeb9c2a348a7681572f4ff711d94c192f3450e8b1275f9d02c742a2c9f1da316e9918bf787f22699172986cb9b10fc56d5f6b8392ff92b8":"221c61d769febce3913bfead9a201a805f11005ddcac185cbae00ce749de9c4362889b1b0d9546e91598e0ddedb88b673a90acca65d7e71a85636be052f361839a646dc8b834c02f3e2261d370e6bac9636b7536225b5ea77881200c8a3450d21bfd1e11afb3a470e178ecfe944a25a7cd0254e04a42b67723aac8afffd56fee":"62646fc8bfe38b3ba6d62f9011e3":"":"5c76c90dea7d659804ad873960906259fbdda3614277ec575d9eec730e747a2e7b9df6716b4c38d3451e319eeecee74d1f4918266fc9239de87080f1ad437b47c6904ed2d5514161ad25e3e237655e00e53fe18d452576580e89b2f1f0f6aa7e40a337fd8c48d690fe013a67264a80e9b5dfd009a9152d559aa02a68f401a09b":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c3471259512d1f03ce44c1ddac186e9a56c1434a6ac567c6":"50164c63d466148ab371376d5c2b6b72":"11d1f523888bea1fbc680d34bc9b66957d651efa59e788db3d3f6f50e72184b9d14e9ff9bc05fb687520cf423d681812e007025eedf0e78e7e8191e6b62404e8eb400cf837d762a31aa248553367263d6de091fcf7abedc3e69fc118b7efb0594c89b96c387b7c28ed9a7b75db60b6b5133949b891ff81eca5790a265f12a58c":"dd5b98b3b3cf03fb92be579068a885afd984630692eb5f155fa6b49f2b1690b803d34b90e8de3cc39c2e61650ffffb51e7ef36d35ad17dc4d91f336363b0734996b162b509c9954cab3dd959bde7e437e9100d84c44104c61e29dbe12492a0272ce6eea2906d390de7808d337e8c650b3301af04a9ed52ab9ea208f3c7439d6c":"6c5f38232e8a43871ab72a3419ad":"":"50438ee712720abf2089331e4c058b30c30c3d17834c507c0010ac3f974a256d01b14a45e9ce5193c5cede41330cf31e1a07a1f5e3ceca515cc971bfda0fbe0b823450efc30563e8ed941b0350f146ec75cd31a2c7e1e469c2dd860c0fd5b286219018d4fbacda164a40d2980aa3a27aa95f8b8e2cd8e2f5f20d79a22c3ff028":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ec326a1e0fe6a99421398df4fc7d8fea67b67e5f5fcd50ad":"c94aa4baa840a044dbd5942787a0c951":"f8401c578f20d9c250ea86eb945184e007a0190462c7abddf238ce1ceddcc230756aa222386d8ba66ebbba13de008ced140896ac55bc47c231cc81370ca9feadc225e017d59890e6291cc4cca27db3078c0cd6cbb51afb62210226a76837c5454728cb5ce3afe7352e7fe75421f94986e6b7b26321bbca15c75ac7c13dc15f50":"6d5016c434a0f4b4a5d9e0b6b8e2d848a94f132f055d2d847e54601a4c9cfc5966a654d696f8a3529a48a90b491ea0d31c08eae8ef364f71f8ec7ae7f7e39bb9c331137b2578362ff165628099944ba8deb0d99ac660d5ed2215b9a7626ff1fa6173cd8dd676c988d16c9cf750a0d793f584c3c8f5fd5d167bc278f4d77a629c":"3269922affb9d767f5abe041cc8e":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a7ef81652f604e88a72416924c53979dc73cadd3575eda1c":"0cc9ae54c9a85f3e9325c5f3658ab3b2":"d0195b744351aa25a57a99df9573dfa3cebe9850139149b64f7e4af37756a430dda8af98e4ed480e913aa82821c01c1f75b187e105a8f39621757d522c083a8d81d7d8bfe6cf15c439d0692b6affd655a11bcd2457046fae996a1075c66029867b88cd23c503ae04037dd41f27bafd5000d1f516002f9fcc0f2500e8c1b27de0":"9ecd19a8eba9fba843486e1bbfb8d9053c5e04b24e30174d4aa89d8307439d653f8630edddafd51719c744bcb4bce3e444847567bd2cdde2995870d0634cc0ba2bde4b6bc2bc583062fb83874a1c25b50aeb945bd109a151772c077438c4d1caaeb5b0c56390ac23c6d117f3a00fd616306fc2ffc4c1e76f934b30fbbc52eec2":"22c2efeddfd5d9cb528861c4eb":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"605271a41e263c92dc14fe9df5203e79d58cc2d1289dc361":"7f128092a777fc503adc7f6b85eb2006":"aef9f984fb645e08d5f0aa07a31c114d2f8e9eca047e4a8d5471378cfc2ced1159dc093d174788e58447a854be58942ed9a3fd45f3f4a1af7351e087369a267797c525f134e79709097e733b9003b9be0c569fc70ee3462b815b6410e19954ce2efac121300c06fd9e00542a9c6a5a682fe1010c145acbbb8b82333bdb5ddfd9":"2bda3448a283ecba31e0299c0a9e44628cb2b41fa7b1a41107e107cabc381083bdbe048f2804568fdd5fe016f4d607f694042a459ba03a2deda4cccc8cbe4612d8ed0d4575e48bc9f59843369dbe2af6d048e65ff4250e1eef61d7b1b378fe2f3305b133ddc7e37d95ca6de89a971730fc80da943a767ff137707a8d8a24329c":"673afea592b2ce16bd058469f1":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fa076f36cb678e2275561e9553ebdf397360e5a5e44791c4":"1ecd53d94fe287047ff184e8b9b71a26":"5ff25f7bac5f76f533f9edffdfd2b2991d7fc4cd5a0452a1031da6094cd498297fb2a05ae8db71cb3451e4ac33a01172619035a9621d2d54f812ef5343e14b9dedc93838e4cf30e223d215b4d2476ea961a17ac7295069f25b2a12d6e2efe76d91f45632c6d4e61ff19a95d5ae36af960d95050ce98b5791df0b7e322411c884":"513305e86c0cb046c5d3720b25a406392766bd1fb7de2758de370ff2e68281e211922890c61f3659460f22c45a57895b424441262a3ba0606df4e2701f38281fd3436a4d0e0f8efecd231808a9ea063dfb725015a91f27cadfe7909a0ee109eac391ac807afed1767ae0515b9c1b51ae9a48b38fe7fec7fe0ddee562c945e5ae":"079e8db9c3e6eddb0335b1cf64":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ce9dafa0e7e53a8766fc0bc38fba807d04e14e5ed61bc234":"fd0751af49814ee98b2b0cdf730adaa6":"1cba488a0fc8a012f9a336cc7b01cbcc504178eeb08237dbedbc6c7ac68fdf3a6742751a207e43d43068abf6ef4e12a5e3c17e5a2f9398fc04ced67377cbb858fd6020fad675a880adb249e4aba94b96efa515d1cdf5c0c3071a27a3245968867ea94b2bfc2028a67be34c84c3f475944497aa8ca1ab009f8e4b11c8308c1996":"b585b8bf634757dac015f2f69f2ae674372a664f2115ad2d03bd3e0c335306b02d0947d3cda5991f5c0c25f12ead2c3cc2d65d575fd67091c70bc93ddb4b1e21f7b0fc6e6ae652dea93a6564ff13489f927942e64dd94bf8f821c7ffdef16df58bd8306a957821ac256da6f19c9d96e48eee87f88acb83bae05d693b70b9337b":"e5dc92f4ad4000e9b62fb637":"":"95f4324b0656bef19eca5570548fc6a7a9923f4e2a7e42066891bc132fd73bc1c9089755d996756de0072824e69c43f2db8ba2bf6f90d3c4eafc0721ceaccce1af896f9fb15fb19c4746979b6d945f593fad61d550f81d12b5945ed728c02931d7f8d917285c22a3af748d75a6bf163fddd84b941d8564c1a63192c816ad6d6d":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8a328554fed68dc4838fbc89fd162c99ec105b36651abbc9":"e4f7c69a1d026eeebfc45e77bd7b3538":"e349dcedb0bfcc771c820f0d510b80cef32ae3326484e25aa183015941e7844bc46f617d5e61fd64fa71759e90fcb72ae220bcd507f0fb389b689dd3fa29b3b937eded85f26ada9e0f3f5109f82fef47c7eba7313049750ad17969e7550c0d4093ed18ee27843d082bcee8bf3fc7833d569b7723998595a5a1d871089fd238da":"75986f56972c045c850ed68aeb229f203b228fdfc36cad6b16d9bd12037c48700d20d8062a983ffeca76b8d36a67ef51bc8853706e83a34e4e23ff4f4a4eb943f19dbe85e454043d7906be6587a85079f9ccd27962d2905117d2dbeaf725d6ffe87bef52b2138da153ef29b18065b3342b3f9d07837d57b8bc5f2597de06c54f":"8e8320912fff628f47e92430":"":"a1ed65cfc7e1aeccd0531bce1dc749c7aa84451ec0f29856f12f22c4105888c7d62e2e2fc8ad7a62748610b16e57490f061ad063c88800037d7244ee59e109d445205280473390336d7b6089f3a78218447b1b2398c4d0b3aac8b57a35891ad60dc1b69ad75e2e86248ceac7bb4cf3caade4a896e5ee8c76893ef990f6f65266":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6e7f6feb4022312de5c804ed1d7a37580d74499107f8cc8b":"6ce13485ffbc80567b02dd542344d7ef":"c6804a2bd8c34de14fe485c8b7caa2564adaf9fcbb754bd2cc1d88ba9183f13d110c762a3c5d2afc0fbc80aedcb91e45efe43d9320075420ee85ab22505f20e77fa4624b0387346c1bd944e9cd54055b5135c7fc92e85390ecf45a7091136b47e3d68d9076594cfad36c36047538e652178c375a2fe59a246a79784577860189":"4f5bbdf575ab8f778549f749f2265e17dc7225713e73ee6d7be163ff7071557dcc2240b0705c079008605f81396414ac64f06b1b637876e04c3fca8d0fa576cef4dd3dc553fd6808eaf120f837f9bb1d9dbbd5cf67ed497167fc7db89d3a84151b81aeab0e921057f121583df5ed7f976b206ece17a913f23485385f64c462a8":"974bd0c4a8cac1563a0e0ce0":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"46d6e982feff0e7d04a84384c56739b69626dde500e4b7fb":"71a6d1e022a6bdff6460c674fb0cf048":"67a8455c7d3fbfdba3c5ec5f40e0be935fbb9417e805771832ffad06ba38a61b8377997af1f586dc0fa1e3da0b39facd520db1f0ec2bdf1904a3a897f0b507c901fab30a85de51effa9f7d4703ceeb2ca72abe0bd146ba0bd3ffdee11628310db7d65ea1343b018084ea2414995f86fefb45ba91a9dc2236d92078b4305671b5":"a5160fb2d397b55a7eba02df33a042404188f02f4492d46f4edc03fc67723d64f5f7fed3a60728438703c60454a30f473ac918ffc8f98be5c5e9779ee984415e415ce3c71f9acc3f808d215be58535d3144cebe7982b9b527edbe41446161094d6fc74dec2e0a1c644bbc2cf5779a22bd4117a7edb11d13e35e95feeb418d3f0":"84f1efd34ff84e83":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"991dcaa2e8fdad2b4e6e462a3c06c96067ef5e9fb133496a":"978913d2c822ba7cc758041d5ee46759":"5a94dc81af011a8af263318b60215b9752292b194b89f6fc013b0fe8e29133de631d981862f2c131ee34905bd93caffc3b8f91aeb0264b27a509e5c6a41ae781209f8c5895d0d35b3c5e1ae34a1a92a2b979e0e62132051394940ea4d9bfffb8d89ba1e8331b15bdf05c41db83a57745a4a651a757cc8648acdcf850a2f25367":"9cd0c27f0c2011c1ab947400d28516c7f46d22a409a18fd35c1babf693b8030dfd7822d9ba03bb8fd56a00f9c7149c056640dde690889d2f23978eeeb28ccc26e2fc251220a3682c963f5580c654c1a6736cccb1b8ed104ec7390021d244bd9f92abde89e39a4b83eff8211c8a6259bd6ac2af1da7dfb8cf1355238056c60381":"15d456da7645abf2":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f29cff00781f5916930f125489c87d21f6593324d1506f65":"50db7ee25a9f815c784236f908bfd7f2":"ec1482e18692bcd6894a364c4a6abb9c3b9818bb17e5e1fc9ec0b41702c423f3a60907e94c888fad8e78f51e1f724b39969ba7b11d31b503504b304d5c4b4cbd42634f4ec5080a9fe51c82e121ae191270dd2c307af84c82d892d982413a50ccce33698054f761a3fa93da9a1fca321296b378a50d458ba78e57a70da4676150":"a3e8595747b7147d471ac4fe38014bf4a409931e3f419ff88ae249ba7a7f51bd0ede371bf153bab4b28020b7a82a8ca30b75f1e3bcfee3c13db813cbc85138ef05874dedb14a6e5b6d06d7589a83bd5e052dc64433a8e24c1188b9470ddb2536d13b4b7bff0c5afcfaa9aa0157c3aae3b1774df2df14f965d6dee4332edba67e":"a1e19ef2f0d4b9f1":"":"eea18261a4de31d8619e77005ebbb3998c5dcfac2bc120ae465e29d6b4c46de7e6c044c8b148ffe4eda7629c243df8af4e7ceb512d5751a3ee58defb0690b6f26b51086dedfde38748f6f0bbe6b495f4304373188e5d2dc93461bd51bf720149a7d3aa543623b122b9af0123b2cdc9020136b041a49498ec4aa696c2d3c46d06":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2087e14092dad6df8996715cb1cfca90094f030328080ffd":"d30504afb6f8b6ac444b4a76115d79d1":"d95845d268c8d8f9135d310c39e30f55f83ef7ffee69e6ba1f80d08e92ed473b5ac12cc8f7a872bfc8b325e6b8e374609c90beaf52d975f71caeef5ee4c13de08dce80d358ee1cd091faea209a24e3392adcfe01aeb2b2e1738bc75d4a9b7cd31df7f878141cf278d150f6faa83fb3a2fd1225542a39c900606c602f15c06a4f":"6d039513061980fb195bdf2f7c7079ca4b7e0fdd50d948cbfab5ba10b99e3aea27f08abd000c428851de82cacb0d64c146cd9567e9d55b89819876d6a635bd68bcaf47ffa41e02d9ee97f5a2363bfe6131ae7a21ea5130ae953a64d57d6cbfd45260c5f1946388d445ce97d23ab7ba31a5069a4896bc940a71de32bde02bc18d":"5412f25c":"":"1e81a4c10a3440d0002ddc1bfa42ebb08e504fcc8f0497915c51b6f5f75fee3f0cd3e9c5a81ff6528e0fecd68a36192114f17fa1a4cfe21918dac46e3ba1383c2678c7a6889a980024ee2a21bcf737f7723b5735e1ebe78996f7c7eace2802ebb8284216867d73b53a370a57d5b587d070a96db34b5b4f5afe7f39830498c112":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3fc76d627c775de2f789279dc7b67979a9f1cc23c8dcabc9":"8f6fd53eb97e12dcd4d40f2843e25365":"e56995df73e52606a11de9df6c7bfb0ef93b86bf6766e319aea59372060294b0e1b13c6288c2310a4bef725a2dddb174f3e1228649861757903c4497a0eec9c141454fc75f101439a2150e368857c4f0f6e5161c42c77f632bf1c229a52595cbf16e9018de9a8f6a1e6b8b18bd244f93f001eb2eb315405d223c0d27ece9d4d9":"92a60d38fc687b92d44635aafee416a142d11a025680e5aa42e9ba5aa010462991ad3dd7328ca4a693673410f9bba37f05a551b949ab0d43fc61ef3b8996dd3fc1b325e66eec6cc61ea667500f82a83e699756a139d14be6ca9747ed38cd9b1d9da032ece311331bdcd698666ddc970b8be2b746ec55fe60e65d7ae47c6f853c":"613ba486":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"ca362e615024a1fe11286668646cc1de":"237d95d86a5ad46035870f576a1757eded636c7234d5ed0f8039f6f59f1333cc31cb893170d1baa98bd4e79576de920120ead0fdecfb343edbc2fcc556540a91607388a05d43bdb8b55f1327552feed3b620614dfcccb2b342083896cbc81dc9670b761add998913ca813163708a45974e6d7b56dfd0511a72eb879f239d6a6d":"e3dc64e3c02731fe6e6ec0e899183018da347bf8bd476aa7746d7a7729d83a95f64bb732ba987468d0cede154e28169f7bafa36559200795037ee38279e0e4ca40f9cfa85aa0c8035df9649345c8fdffd1c31528b485dfe443c1923180cc8fae5196d16f822be4ad07e3f1234e1d218e7c8fb37a0e4480dc6717c9c09ff5c45f":"28d730ea":"":"dafde27aa8b3076bfa16ab1d89207d339c4997f8a756cc3eb62c0b023976de808ab640ba4467f2b2ea83d238861229c73387594cd43770386512ea595a70888b4c38863472279e06b923e7cf32438199b3e054ac4bc21baa8df39ddaa207ebb17fa4cad6e83ea58c3a92ec74e6e01b0a8979af145dd31d5df29750bb91b42d45":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2c186654406b2b92c9639a7189d4ab5ab0b9bb87c43005027f3fa832fd3507b1":"3a0324d63a70400490c92e7604a3ba97":"":"":"4c61cd2e28a13d78a4e87ea7374dd01a":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"747d01d82d7382b4263e7cbf25bd198a8a92faabf8d7367584c7e2fa506e9c5f":"7156358b203a44ef173706fdc81900f8":"":"":"9687fb231c4742a74d6bf78c62b8ac53":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1cbe30216136b7eaf223e6a7b46c06625176d9a08182fa806a63d8b143aa768b":"4fe6ace582c4e26ce71ee7f756fb7a88":"":"":"d5bdf8ec2896acafb7022708d74646c7":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f31194c83bb8da979a1eabb3337ceb3d38a663790da74380d8f94142ab8b8797":"404efd26b665c97ea75437892cf676b6":"":"":"e491075851eec28c723159cc1b2c76":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"daeed52ae4bf5cbe1ad58ae4ccb3da81fb9c0b6f7619ca21979313ad9d3e83c1":"4037eadb11249884b6b38b5525ba2df4":"":"":"360c6ef41cbd9cd4a4e649712d2930":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3ad81c34389406a965c60edb3214663ac4a6bd5cfd154ae8d9dc86dae93def64":"cebbce06a88852d3bb2978dbe2b5995a":"":"":"bd7ca9f6bd1099cde87c0f0d7cc887":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4c152ba30aefa5b2a08b0b4d9bf3f16fc208bb0bc4c4eca9411dc262d9276bad":"008d040fbd7342464209f330cf56722c":"":"":"c87107585751e666bedae2b1b7e8":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"9aed4ae6b1d857fdcbe5aec6db38440613dcc49f24aa31fba1f300b2585723f1":"947c5f0432723f2d7b560eca90842df1":"":"":"7d331fedcea0fd1e9e6a84385467":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cc80bc031676eff5f34dd076388a5130e985f9e06df4b4bf8490ff9ff20aae73":"51f639467083377795111d44f7d16592":"":"":"02d31f29e15f60ae3bee1ad7ea65":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"db7a40213b5b4b07e9900dc28f599403b0579cbce13fcd44dff090062f952686":"aea6f8690f865bca9f77a5ff843d2365":"":"":"7f2280776d6cd6802b3c85083c":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"299b874eaa8b7baf769f81f4988a41e2708ae928e69a5ba7b893e8e6b2db5c3b":"2aa04d85d2c0dc6f5294cb71c0d89ac1":"":"":"ea01723a22838ed65ceb80b1cf":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a6c7b4c8175db4cf23d0593ed8ea949043880fc02e2725f0ab90ae638f9dcfce":"ae07f8c7ac82c4f4c086e04a20db12bc":"":"":"1132e4fff06db51ff135ed9ced":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b98e1bf76828b65a81005449971fdc8b11be546d31de6616cd73c5813050c326":"929b006eb30d69b49a7f52392d7d3f11":"":"":"33940d330f7c019a57b74f2d":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"09ccef64ae761a70fe16772cba462b058a69477c91595de26a5f1bd637c3816f":"e34b19381f05693f7606ce043626664d":"":"":"2adc2c45947bfa7faa5c464a":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"654cf46598e5ad3e243472a459bcd80f1e026a65429352dbd56e73fcc5895d1c":"a56f27709e670b85e5917d5c1d5b0cc2":"":"":"177b9a5e6d9731419dd33c5c":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"84bca1b2768b9202bf194f2d5e5a0a5f51fd8bb725f2bab8a3fccbdb64a4ea70":"c45b2708c5bdf65ec6cc66b6dfb3623b":"":"":"fe82300adffd8c17":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c8ae011795c9a60ad7660a31fe354fa6f7e9c2724d7a126436291680cd95c007":"1bd9ea6186450f9cd253ccfed2812b1c":"":"":"35214bbc510430e3":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"df2f0a8a3849f497d12bda44e12ce30a6957f3febcd5ec9bc134171326ca66d3":"728cb9608b67a489a382aa677b1f4f5b":"":"":"e2ef5d9cc5791c01":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"78e8a8ad1ecd17446cf9cd9c56facfd4e10faf5762da0fd0da177f6a9b9c3a71":"f169ce6f3ccc58f6434ae2b8ad1a63a1":"":"":"0fe57572":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"02ca6d8a862e25db9d68e4404abc107e700135df4157cfb135ce98eaa33151c9":"7b722fdd43cff20832812f9baf2d6791":"":"":"72dea6cc":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"9a2b709dbcc3a4fb15b3ad541fb008c381b7e985b57df52f07ca7cd26ab1ecc4":"729baa4c0ef75ed8aae746376b39fe3c":"":"":"2a0d607c":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"449d39f863e4909984b37f2e5c09ea4d4b3e9fac67bd57c299e4e1d1f084aaa3":"d8e9118f331bb5a359f0aa8882861b72":"4ddcae0bc24d622e12bdeaac73e8d1ab7957af051d27dfaafce53aeed4cdd3f989ea25989a2f41cfb3c38dbd841c5560b0b5ab1861b1fbcd236865d13da55b50219462e021f8a21848a64a85326031fcec8fe47a6ef4a435dd2b2fff637644ffcf3914ef2dfa5dd556421bfd297be150b31db039f0f2cc422b282e659e70cceb":"":"c595b9d99414891228c9fa5edb5fcce3":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3e70e66813fc48f984dcda4d1c9c24f1d5d1b71ecfc8bb9581782e7cca5a5cc6":"d804f1051e72c9b7117002b862eb45ff":"0b1ab2b7a87cebac668c7a532fa8fa56a22cabf0c41fc1e6744ffe07c857c6865d623f508351f98f3f0c577d1eb94300a30a445472218c8ac626b0bee7d4c122d33f8130436a89add341e8ef7e00694afb4ad80d314d87ad3f921c7105eed05431b8151df7cff2c8e3790efd4acd3f60332dc7f34fdd90beef70f9093361d65b":"":"c09c2e3fdfefa222f7345ae4efb978fc":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"8e534041090b45b80f287dc5fa20ebda017ad81b0530e680f62c6280fd8881af":"ead675b019ef5c6bbf4985f2a382d6c1":"b1db220052c4bebcef27eed6db0dc91be481179d71160c5a2ddb2fe497a05484840b04cce48980057d770fbbd0d5f3d5c633b55470617ad2cab5767188283310337825c4b0eafe13b5b11293dec230dad43b220885105767938c7ec4600fe063f98aa14bc6afb886fc874c10546749da295f571e696305bd9165486e29f43f52":"":"9aa0cdad5686ca515cd58aed94938ef4":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2de18874470c09db683cf45cd752bdfa8bf33e7967220b1a69f41f2a02da1d80":"af30eb2d0a0c2a50ea413f3285aa88d4":"22889b868d8ccc9f488406813caed199b23091ddd796c8632f564e7cf5a39dfb725266a931fec958659b6fc5b6b9343b8217edb0acb010afc9416601155262b57bd398d62f555953f0e15958e19ae004fbc9cb25e0269a9eaa38a4635a27bfa719fb249fa49337796bcf5f416bba87fbf3b19f0d8c11290c25ca50bbdc822f01":"":"646bbc9b14681af65b0d1c4c9f1d0d":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1a1bb9122e762ecd7ff861a1d65e52607d98e7ae5bd1c3a944e443710f3b0599":"32f99ea4cbf52c2701c2252e5e6c863d":"91b7a70c3a06c1f7f2ea584acb5dd76177ba07323c94f2e8f7cbe93fc0bb7c389c3c88e16aa53174f0fc373bc778a6ccf91bf61b6e92c2969d3441eb17a0a835d30dcf882472a6d3cb036533b04d79f05ebfaadf221ae1c14af3f02fa41867acfdfa35f81e8a9d11d42b9a63288c759063c0c3040c3e6ee69cf7c75f9c33fea1":"":"a8e29e08623a3efdbbe8b111de30a4":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3bfad1e8f9850577f9ba3f290e9a5e91b494c2d99534220362e171a7543177ac":"8410886b70c57d7ded8596443bd1b157":"ca801c83596795515ea931edba00e06e332bf84246b7036e10b317e2d09a51b2981fcb664ee3bf4180bb0b12ed1cda221abc6790b27c26914f5ef9cea9536e2453cd5b247cb054e295c2687b725a97cbc484b8eb86c6ceee03bd07a54a9301a3ac0ddb23aecb825a238252e7575329058b40e75575a7f16439edf5be163ce5f5":"":"e3645db0c600dba52044efcecfc331":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"65debdf2f2191a6cd8de8ad4d5d4d0d8f731f67744e2545df6b2a7cba89c1ee0":"fdab2ee547dd8b6f5a4ea2dd19697b3e":"d2b0a0438ee0f145aec9a7ca452b788ecb473152b78fb75f6ace721afc7b0ae1942049b790f3a5b6221a8760295659756d35347cc04029be03459f3e23a71209b4e0bbe13a253a888c83db23376d3a6d9a539f7c9fa4a12dc64297e7c93dfa0ab53ef76b6e1d95bf6f3d5e6ee8f08662fc03ec9d40eff0a43f23ac313671bfd9":"":"c25fc157c3f2474885e2eea48aea":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"496ae810380460d40cd2fdae8c0739f16b87205cc7f57db0a71a473eb361d570":"77233de96f5e1744337778212b411bd5":"85f5b54b4c4af5c808120bd28d98e44e96f4126623e57684957e9fc4fd1a2d0583940b8fc8314a249325476e8d05247831b04709580ae714e8187cd38f9559419e14c9fc4f8c454ec191b8ef2a3610988fe3339d0dc6b72f5978f9eff9d596dfabf27056e3a908c6497267461386e860f6b9d65526294bcb92908b5661b06b5a":"":"4ed91af6340e70b0c2b94ab6f82e":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"aca188183b46139cc7cffc82a6aaaeb2fd73cecad14e75c663bd62daf1ec711d":"7bbf7fb55eb70cce94cc6a2b67de55ba":"015cfba90f069545fed60f31992ff3d3c3592eb91e7a53df5978ded64291954cb99a57de82d5398ce782b68d14ac04a8b425395bd076ead59eb445721bdb2f45e19fa089117800cbbac7b8313fb165ccb1122acb654e1242dc7fe6885ea1cbb7281b1270cfa1549cdfe9b47caf47b4ac3807e562e48c066566f5e606b5023b47":"":"3bcb5c2a4261d75bfa106fb25ee1":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"8cd6815f6ec15f03b7a53f159e877a5981e0ab7f6e6c261ddde4b47cbb2f2366":"c431c07d9adf5f61204a017259cddd75":"4e1a835402bde4f5227e64b46a1f8d0f23a9434e189377fcdf1b9621ba1987eb86a7f3b97ed0babfd674e74c5604a03dd016d71000a72bbbd00a7f7fe56ad0fcb36a3e24dd0fdb63bd66d4db415f35012416ed599796ca3f678df7eb5a1b17f75abb348ddd3b366369a7b362c9488aedab836b61f9a158f0b129c8ca0a53a81e":"":"0e463806ff34e206f703dd96b3":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"8f0a72abcda104aa7fae501f9a3b686d00d3f6fe984731db8a2865bfec587073":"ab8acd063775d1b1314f14e90fddd1be":"02c6d426e7f20b725d8cde0a6382e49b029b52126889013ef45251f27b2fadb95ca4a9a3b16ad06999eeca4a473e813045db4942e9b9ff2e5a5e429d9bac298372344d1b781d5facabf6d779643f31ada6124eb50aad599044b54279ec9b25714ac8a3b9ad2487cec7f4b1ee245d7be3d496d6af1d4cbee1c8201312541f3064":"":"3f0ccc134091e0c0425887b1b9":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"417135cad74280e6f8597dc791431c95cb8fa63bbf7197e3ab37c4b1d6d9438a":"0fe22d9ba1d0e32656e3a9f07a517a27":"a0b2712e81d329d5b076a4be2ad6823cee6dbd17d9a592d065bdebb92b1ff37a56bf2f5e5341f39c574246ccda19e5f35fede49c9ba958f3920cc5440fb404fab7846884ca0c2a3af5b51f4fe97a1395571319cc5b40f8aac986d77de280db82343983982638326ef003e0c013af19c34672975dc99ccc0853a1acf7c617d965":"":"888b836c9111073924a9b43069":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"304824914e32ea0efd61be6972586093349bd2cc2cf0cff44be943682b2dbff5":"b6d927a71929029f6766be42746f7cb1":"7281c81c7514f4b17cb125c4649006ef8959a400a1e4d609d277e363e433725fa32346a10bcbd826b6afc8222158920d0a2db1e6fc915e81231c34c3941ecf3c6f94ffe2136190cae3dc39a4277acbc247f36291b5614a8433b1a0780434a6c50521b72ec25145bbd3b192647155d5dd9df9e66762d39592602ea99bf9bfff49":"":"b6044c4d7f59491f68b2c61e":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"8a10e9abe9389738e12a4bb6f553ae81e8bd320e0dfbc05fbae2128c1fde7a23":"6da44354e198e3beb54792718becbcc1":"199d754630135b669bf2ec581d3027a569412ab39a78dd9d482e87b778ec65c6473656260c27827e00e566f1e3728fd7bc1853a39d00e43752c6f62c6f9b542a302eea4fd314473674f6926a878ec1e4b475d889126ce6317115aea7660b86ab7f7595695787f6954903f72361c917523615a86d6ce724bd4a20c9257984c0c6":"":"5c5683e587baf2bd32de3df5":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d164ffde5dd684becaf73e9667e3e6acb316682c41aea247899e104a54dd7a7f":"1d388e19e9d7a9750e2fc1187d4b075a":"f166a5b6f91261cda56f1a537f42ffb8aed10af5e0248f8910034b92dbc58d25953f1497f571d31fbf5ec30d92234b440161703851f0e43530418147ce6270fbcb5db33ab819ba8973051908704b6bea8aaca0718947e6aa82498a6e26a813981783ed9bf9d02eb1ea60927530c4700ff21f00179002b27903dd4103bbc5c645":"":"52e10495105799ead991547b":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2854188c28b15af4b8e528ab25c0950fc1384976f242716c91bddeec06f2fdea":"075af9c31f5252b8920092cbd999e7a0":"e9452f71093843a025bb5f655eb6a4e8316ab5946484b11818f22b62f4df75d5891fa3397537093a261dc9a7648b7477ea1f5fc761716e302763364bcab7992595edd0fc1c7f7ac719c879e6616e2007948eb8530065a6cccf73d0fe4a0598819b471b0856e6d90ea0fc0e5d36a30ee925b6b8e5dbf40e77f01efe782c0bb4f7":"":"6ff8fd87e5a31eb6":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2bfc445ac0365ae6c3c3815fd18bbd0c60ea224f6620d9b6ac442a500221f104":"43c5f3367a9955aaee1a0c4d4a330059":"db0bae8ce7c66a8ba2fedec22f236212e9a7ad72b371de285c7dc6d2f6c22df0ce4920e0f03f91eb1653c4490050b9f18a2a047115796f0adc41707d1ffcbf148aed5c82013f557e6c28f49434fc4eb20112f43566f212c48cec9894ac40772fcd9b611ee9444df7b73e35b8a38428ccb064c9c50491d2535e0b539f424db83e":"":"49aaa806cb2eeadd":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7b828f99aaf751bf22d993ed682e488595617a607ed74aaacbb6b60457453080":"d48dac1d8d77e245420feb2598812418":"f50f785f4e7c848a55a616ecf4b6b1e1ca85e16de7100c7e4273d411bd95c1380ee157ba501ba9616980195f34e39f43e335f33253342feb8ed64443483c721b85241a0320b3cac83104de2db47188c61a373fba592ea16feeefdee1f2bb43927396f58151418672ebb74afff5c029503a0d0be81430e81ed443e08b74c03183":"":"a5b71ecf845b25d0":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7b6da11d69fca3e4c907628d3eb63d95c7e502fc901372fd097e064e70831432":"6fe2148f250ea178d4c8ca8423ead87d":"a8097bb74ded776f578eb7588f5ef8915db9bfa7262af700c8e76ee114e07557b6786dd5a60a66b2703e7c9de5d6b42aca92568aec5d1ecc298dbd0edb150b8cc13c9a78698f7674caa94da6cacd1f3ef4ca4238c59830ea725ab3a6284e28966c8c32d9bccfb0cfd6583a5ca309debe86549a6f317d15c5f928cbc7f473310c":"":"e9cdbc52":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c5ae9328be49e761064080fc213e53e373fd86359a09d0355e2d438d9b8e68f1":"a7e3f8660ff925d5c88c5aceffbd7026":"2ddddba7a56cc808aec4602f09ae9bd78887827bf0315d8dbe16821606ef9d117746dd138bf1f23565d1ab8f4cee36d53fe3730632c5df9f12109b16edbeae285bb49dfdd155f5dc97b319a85362d53cc86817b7c1c31e5e87c9f37422f133d00dd0776bd92ab05ce6860573cd911645cfe3fbe515e85f744899a447fe443653":"":"e35dbac8":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e4f8ca13ba86c658cc7f42d4f029422209efbd101bc10a1df81a42cfb3a0f79f":"1a362fa0e4054ba11e4b06d59c8bc9cf":"e7ad5c75aa13659f8ce4b1650c46382645ec67418199b84ea445b8ceef619ef3fbde59ed3d313c459e36fcf87d26ef2b453409b32f1086934c3072c1ef0aac83762d28b1193b9afff2c083ce4300b768b0ae23ff9d3dcf65bc1693f1350da65180620aab205aceacfc683c8be53a332e2d0337a7518d2a5204f9c8d7325a4799":"":"e7a37f15":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"00050a21ca1e72cd0924be31b943c60854be6744577de3dd9d1f4fada4a19ea6":"2fc1afc1395d8409919248709f468496":"":"693ffd3d92294857a99c702a0799eeca28ab066dd90917b9ea5ef8f6547f1d90b106cbec8ef2c22af9f8efa6c652f2f97c2baf33af14fe9def230d49524bd65909c3df1490f637f99e788dcc042b40e00bd524c91e2427ef991bf77e7b2f770cda6e90076c5dac4cac7ee3958b53ff8ce846c3a96281f53c2c52f5f3e523536f":"e39b6a7fd5ac67a2a1cc24d5eb9d9c74":"":"cfcd6b9ff7641829cbadeaa2e56f1f150a099eccf3e378fa4da59794dcc4490aa4f9c5db0ab245bec36a7d4557a572008e42f03bc1baff3c946f23f54a4dc9828f106cf4264e4ab40165839d1085e7795b1ae0950f0ee4a08e46ada501b6b51dee0e518129c9426e5bd44c66674a9f99cfe676f002cfd344c5bbd22d3d91e600":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f10965a66255f0c3515af497ccbb257a09f22ec2d57c5edae322a3e6d2d188ef":"c571ce0e911de5d883dc4a0787483235":"":"91598690edf2de8b27f9bc7461a84e80811cee544f0542923898328cf157590251f0342cb81d359b5dccc5391a12320d1444c26f24178977dd6705c2b365dc1ece0152c42e2f0ee3162cf886ef5529f4f16a77f3bdd2aeccd405b59addf098521d0d38cc25f1991e11be7ecf24caedb48a2a286d2e560a38fa9001c5a228c4d1":"6d9d3a5dbc8dce385f092fff14bfffda":"":"2867996e389e09ec0da94d42e77b1e436b50065b09ca4adf1cd03240444ee699dbb7b3fc081a1869ca607d77d5ff9754fc3c997ff0a4ee17543a2ba77886b88a7128bcc51d3450df58ff3a26671b02c1d213df6adb6f7e853080eb46b504517cbaea162710a9bbc2da8b552eb6b0e0cb98e44fcab0a157312be67974678d143e":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4437ee7d16d8c3ca1aa01e20b66749efa901614d4bb4bee786ad5a5f1bfde2e6":"275393276745bc43bae4af1e5d43a31e":"":"ff80727a3485cdbc7fab4ee9fadfdc621c538e2055706629046078f1aa3fb687fc728d3a7ffa52ae457b7b5649613eab7bafa464bb435314c49e5900750f7ad39ca9b75df6b2eaa755439e101f67b7ae4cd80dc4a9dea0027048253f2d0a6014056ca69b8c85605b00cf75fa7634a0ddf464270a8c79ce1a1324c4a4c513b24b":"a82ff1e87d26e4d6e417b60fb2d3ce23":"":"88f994d276ed20be3932d16f551c4b7e2ed80411f2e72ce098fa0b70c22157a59edab30649fec447dd63f0c87dceca7238ef0d9561b58489ba7bd86f2892743099f40af63c432f78ac0ad0b5c2be47b9e3045e7237b096ee400f430af63a6f309de785caf190f3f4aabbe79f727a741590de542bd343df68d13db55a5f8bab41":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"fe4ec037ce563dadee435cfcb2bf090f1f7ccc7d1b5b4fab2f1b738348f8ed2f":"47f5264f7a5b65b671892a05fa556f63":"":"64eb8a4bda9804c09b04cfcd89094928c21480908b81ee19d6c29c2a3631b1a5bdc8e7f8ea56f7b8b8e14a5208296026785cac3a6afa54be8af4d5faedcd12b6621bde0f8ec5a2635fe72a89468ca7704c73aa40cd2ba97aef08886b27a694d339b00e7d12a31308672f87c06a7388a1432f869eb4cc1da864140b1b33931925":"660462b4088f6628a630f2e4170b21":"":"4a310e035361f98b8c54fb4cef70b1a9c910552ece056ca8fdab54c52308ec0ad7fe9dd1dae92badab5010577de522088768fa6466fbccce22e14c51ca7986c4063d0f06bf578dab16a91856713198a7138395c49c78b6314b57ab72fd079028c8dc351952d90b04a7cd2b245df0c0522447cdb7d3329fd9425fe5cb40a8e7c9":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e6e1ada628ca76eb9832cc6b5efc5c9d2686bb587366a6de2d734233fa95279e":"5a100b451e3a63a3e6d4b8a9e59c6bce":"":"a0ac738e0fb35246b84a6fbe319f827039515df25d0c0fc6de7c048253ae63d3c561e44a12672ffeae1cb925610b482aa422bbee0e1784fc69baac3a97d69f51e6d2a17957b44b318624ea7ec680a559f4d3f2761d09bee66efb3a312ae6b3ecb673e756b2a0f654671e82500e7ace91f2be2a74bc3bc1ec1a4b6877a53c27c8":"88df9a1ea54e5bd2ef24da6880b79d":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cd5c1e90d78213155c51767c52c290b3d657db8414ee0a7604a2ec7b48105667":"4e022d8d86efbd347e8cbab7e979771f":"":"8e987693da0fb77b6d1282eebd3a03e05d9955ff81929b1a2c721574862a067ddee392c7ece52ca1451f3e6e321d7208882d97b4149af6d78d65c054e1bfcdfa62bd2202de32dea8363f8d7f041891ce281840f3cd906ab46ca748e5b3b11890b4014bf0271c9427c874097782d1c13dbb40e78fc8276fc134f3c29923a43a01":"e7df79af0aef011299c3b882e3a45b":"":"3b20473d9b5018d089e7f74d3fef22ec2805948a9e07689831973c704a6d8db4d090af88d696ab8c3aae9740a2bbd7f03e0b18b2b591e59c335c1043a2578a89b1a9f20fd0dd53f12e00e9bfdb27de8caac772bbfc4de9e4a255a5d1b04e59625a87b8279babe613def58d890d5502abf2f709aab625dcc20c58772832c7bbab":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6e3dfc07003bb6a2d82bd5263b2832f47db4e73279266c7a9ea21f4f18eddf83":"7c0f49fb54f5e68c84e81add009284e6":"":"a960da222af9d4da5797e6957d59b00f6d3893599c70e95c0984b56eb3329b191703c2532f3288b15ebf655b9b5ee4617484e5ac9c39bb06731d03ebe4fef9495d003b0ed694cf540b4dc759d32629e55512680badd81234bd71ffd55fcb5e6a85031c1dc31ee1ed198939582d8336c905717cc87101dcfcf9d833fac815c8ea":"b2ec0f3da02a9eb3132fb4ebe3b8":"":"a40b6f70f0572fe0bc70d83368e7c154f7dbd501f52501630a2e523d18e216e07368521f6040d806299397722b99bcf7f85d36b8bed934b49aa1fa76d38783e6a2e392d6d0786d467f7bc894a739ecf94f0fe884a9c391154f8326bf31ea5242a18aa263d04da4b63b11de23b42d3e10a2d5460cb32700cdf50a0d89165ba22a":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4103b1ddff87a508a219c808a04ad4750668688f4c2ee75b92d28d70b98a2c94":"5cea906737518c2cb901016e30206276":"":"a00a196193ff07006b7df524824bd0971d63f447a3a7bb1b75c1e2d11789482c115cff677b54948d36dc4de34200bce97be0101d88cee39b177857dd5da3cb0d2f9d6e1150f72a3bd655e0bace1d25a657ba9a7f8dff082b4460432075afb20173da22b49beeb6a030d72ba07869ff4389fc1c28d87018d7c1a9829c21932197":"3a3a771dd5f31c977e154ef5c73a":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cd8c2f0c330d5db316dae7a16b57d681ca058864f7bd60f3d0de174442283f77":"387ee8c1e7f047e94d06d0322eec02fc":"":"e2a5ad295d35031535bf13c2993bd0b292e8a9465b9dab738e59ba03670248a1ecc92b38a55bae34729162271cc1572c35fcccb27417b48dfcbff852a7a8845cc829a4461061b558ac8b5930a5c6491ffba04a9d0dff220b3cd5e4fc2e0f3db3b2ddd90328f2cad819573a7856299620b02f5ee0267f3b56981afbf1b7d9e3e1":"62356850d12b54e39872357cfa03":"":"17b7f6bdfc1993c56dd9bd674cc276a55a46fdd9fd5fe435b9e4b7ebc7052a9dc76a99e4e43aba7d486603189c90d10a21ad3722c86bf5bc856a0f930ff5bca65be708b76bb8a29105da67f31eebcec81f28aaf526d2f8f0feac393a24959dcd612e2b93b4463f61957d2b3046bcdf855e346601e4c7760c0ca618ee7bf55381":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7e19e400872eed721d560202cd757d3eb99729496b6e3a6d38dd8afe1066045a":"d2b277f78e98f1fa16f977ce72ee22a7":"":"3fb9abc7aba654dfb174e8899c17db222ffbb387b7260fc6f015b54f1cd74284c516e21aae3b72338e5e8dc643cfafca0678f5bda3a7539f1612dddb04366031b5a3eda55f3232c1b176cc9be7cc07e0ebca674a272224929c401a2530efc6d4eed0087b544b12d172a01bc8340d9c2a2ebcb5af8b07d96073a879fda140c196":"4c81c044101f458fdfac9ca3b9":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d0653934a16fd36c27d54488a1829302b931bed6e26ca26047242b85b50bfb61":"94886a1845aebba5ed6b86f580be47f9":"":"c02347e1add9178d830d8baaad9aeee37e958bedf2cc846e2561fe8c83481d0a8a85911e7f1f6e444b28f30bd96c13c390e80f616feb6844ee6fa486543a2e3f38c138f45b4405e3fb331b64648219aaf1d574be948ccfca6afc18d12488db19c35b05601e47c0af5d49a93a5dd4420f38585c1eb033e173376fa390d3f948df":"4be34ff42085ef4443c8b6042d":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d0f0ccb88c7cec9496f26a59ddc67dc59ebe49ae3dd89ef3be008598727e214c":"e5ca84b907ac761a5e68a9080da0a88a":"":"7845e155f4f28021291e7c814a1ace8f42b239990831aa82758fc1e376cace0b6f668f7f2f224dede1ef5b1df7ae74b2c01483701044acbbb72a9216eec6b7ef0190f114b3c73c6985c4653f11601c774d10b7f9df1f1e1f3ff4fafa20d6525edb37d9e5acfafe6d3468ee068d407fdb56dc718c98425926831253978d727854":"c8f78e4139dd3eaf2baef8aafb":"":"0cc3ede50b0d3fb9ada11300a3239a383c98f968ad65266d57a195bb18d3e568fe6cabba258da4bee9e923c7c838e06dc887a6c49cc1453ea6a227c6a83e651a8742e0316cad5efc93739393e3603446b5c920a206db1434adbb8ebde4d1a7a8699c7f6c61b2d57c9709b564338423b4f526d6c157647a6c45da9dd521061f05":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e35dcea17cbf391491ae5ba6056d0dd13b348183474dd4b614742751bdebfc32":"fa549b33b5a43d85f012929a4816297a":"":"5213542beb044910d7fdeec8bb89de93f350760e493286eaef1140485380d429f74a4279c1842a5c64f3ca3381cb5dbb0621de48821bded650cb59703e0ca88f4e9c3d15875f9dc87d85ba7e4bae9986ef8c203fce6f0ce52c28e3a93befb4cc4ba3d963d2283cd30f9bf6ab99d92f2f4f3aff0b022f1751b89d43ea10bbb28a":"afa61e843cee615c97de42a7":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"844c50ddc0ac1d9364b21003287d6ae6360d12bbb17a85351362420ee4ca588e":"2f8512bb7e214db774a217a4615139e1":"":"3a3bf4ccaf05f7c02f5e158dd2c5cb08c6aed4b1ba404a6d8ef9a0737fe2f350b3e22188fc330ea63e35df82f996e3cf94d331c4246cdb25bb2c409762e05ddc21f337edee51b64f1766ad18f520b3f34735b24278d9d647c533a743e0c1e9c81e9dee975cdc47e8582113fd250ef59353605b64acb7c025a97854c1a5c03237":"f1da1cebe00d80eb4e025feb":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2aae1aa047a20ed2d6d8336d923864cee9404f924031ae327fbfe2d293e1d93c":"3da9af3567d70553ca3a9636f0b26470":"":"8e5b6b9e4e7d01de9a919dd33c0c1eb94dcfebf28847c754c62c1c00642d9e96f15b5d28ad103ff6969be750aadfd02fc146935562c83ec459a932a2fd5fda32eb851e6cff33335abd5c2434ae4f5524d6bc74a38094ced360f4606a1a17096ff06604952c8ca94a9a6dc4a251e13b0e0c54bd8a6dff5f397a1eb1cf186fa518":"e1026b3d15d261b2fb47632e":"":"58c52ea9f3b162511160eed1a68b6f52b3c4f5834af728de97a3d9e4ba337b29aad12636003cf5be9ffbeae0f383f7cf32f645a8f6fc5cdc1cde91c625c69a92bc434ed671e52a0044a48f3fce55cae49a7d065c2a72603a7efe58b5a7b18ac500d1a51420e820357e7a439b1c02198ebe3d4e62d5573a3aa5f40900a21e3b41":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f3d69208cb0d27474e9a231cd46eac7c1574fff950c48bbd1ba03fad16f563df":"b957f05921d21f2192f587768dc12b4f":"":"0d1f06eef5e8f2c81d1a73bb1dca93c22cfb6e40e9948bc75b0d84830fb9216330424f580b89050c3fb3f620eca8f9fd09fb86d2e8b3a0869c6022d8a705fc280d66fd16d3aba7395d6be4bed44145d51d42d56285f3675726d62d94c081364a6d440511de83a613c598b03078e2ec7648c6302defbbea66aafd33e1a4b1686c":"322374fbb192abbc":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cb2cdeb17fa6bcb006c7fc60858a12a411804464458db351957e8caf42f1ee6c":"31bd7c971a6d330b566567ab19590545":"":"296504131354b2c1928982f12d408ba2377f2d4bbe87e4c69f92a15bf6003910a43bda6c8929df66b3ab1d202a5258cad199f32f36cc30d2dc06199c2a52f7ccadad1fce50123c5f8434dec57cc60cc780263d7aace8f59cc8a6c54bddbaded3adb12ae2ee0bacf6a8da635ff85b51a4e8a1b3dc404863b90059de4ad0f158dd":"efc5a1acf433aaa3":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f94170790fadab3240df568197f9d6f6855afaed8d07eceeaa2380121872529f":"2f9c0647a4af7f61ced45f28d45c43f1":"":"ed231b78db082f652bc6310c396993b52de804a82464fa3fac602a1286535f59c67fc2b1b420c7321eb42b971edde24cd4cb9e75c843f2ac6fb8ecdad612d2e5049cf39327aa7a8d43ec821161c385f3fdc92284a764a5d1cbae886f07f93017f83a105bb7c3cc4fc51e2781516a2471b65c940ddae6b550ad37b35f53d7cc64":"ab74877a0b223e1c":"":"1cb5ed0c10cee98ff8ecfa5a1b6592391bbd9f9b1dc1ff351e0af23920d546b5e27d62b94daabd32f7f96a2632dc9fd7c19bf55f3b9b7cd492e76f4d6b0f5b437c155c14a75e65bfc4120bef186da05e06a2fd3696f210292ee422ddbce6e63d99ee766b68363139438733c5e567177f72e52ef2df6a7dd33fc0376d12ec3005":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"797c0091ff8787fe7cd0427c02922620e7f6fb71c52ddcc03a9f25c89ba33490":"69d81c73008a6827a692fa636fbab8bb":"":"2d3efc8900315c3691a8e3c9de3319d4deaf538fcf41aa0e295b861d0ac85baf56d149a6437747dd6976f44016e012b88de542fb8e5b9e4ad10c19deec4b7c0b69bc1b2e33d44a981ded66127dea354b072010b8dc24b85ed2ffeea3b9c0e931619dbbf22677691f0d54fc03eaa162e0ab0d760ad41021f67057c0d6ac19ca8f":"be2dda5c":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"90ce1afb5500489b9edbad987f4009509c847b3e55cdf0c764ef2fb085e3d033":"e119e166471ecf44bc3a070639619931":"":"98482b54edce2bac1cd64d44917dcf117ebfbfe26ad17a9b263447028304f1cf5a69559c05b5d833420f4fddb6e308277d01eb4b3235f1c4b47d33d3899325b55e7be19d43187a5b1b1354ce02a529b3df1c13b4883902ae9fc565079dee825e705f3e580371e4fd86c3b0d31bae98adb529901f346ca07127314152b4370edd":"b2f54b3a":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"29264a90f114a800c0fc3247b3bda00981a12a8f85cf3a19ea4c7ffdd005f4bb":"cf296aa43cb7b328e09c8975e067404e":"":"587c8e53ab5ae8c31e16160b4a41d88798e27f4ad61c573c023c62d4dbb3952eef5026ad7b453fa9e0694347ab8fe50a6cf20da566202b81e325cee9c07ab2d4d53ed45b3ec2d2135936515f8a24f2a8116807dce9df3c44edf64c32647145152ff241d9e018e4101e400af070192dc3b498b5a213d265b4cfc8c8d4d7deccb5":"56015c1e":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"84ff9a8772815b929d55f6052c0354cf3e02bcc8336fcfe5794952b4c45d5d96":"5c044a66e488b853baf479f7dee2aadb":"00304e3d40cbc6d2bee0778462884f4ec047a8c74bb3dd7e100f2b9d0e529fd24730063986117b56ca876b208a3691425ac63afc3d504ccb499c76622eade09717023fcb7d956b01ce24a3e53cb5da472be3fcf5b278b5d9e377de22fab75bc74afa9670f5fe9691aa0ed77e43f6abc67a61ec409ec39fd66ac0307bf195f36f":"a87de56d49725a1625baf12fd15931fe1a6783dce5d1e744eba108f45e0c105d8141dc027d0e33ad7efb6752b43729715e2f3e2c42ebdab4d5f72f886bd821c4372244699ddded99a63dbe7763a5a3bc21cbfc253cdc2514eba2a4f54e24dca7c207cb3f6ae80153d77fe0641f357d5a073dcd425c38deb77c45f27427345516":"72ddd9966ede9b684bc981cbb2113313":"":"aadb8537309940422f67ca393aa6182d67fe7c52092538a15e98a4254f0a9087c7f10903d5e78078c2e55de914dec8b6b35cb720e3e55963c0ac9901e44b83a0e7c5b2d3f002aec0a4a08354febe47b2abb955f2a21107626ef0b8e1e099650812a6fecf36908fce2d078c2735cf7c2b970a309e5c6d6ff29c26a05720c57105":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b5ca3991d0160b1729ae1a622dcf4b03b1f4ba86150bd66bf35cbbee9258af10":"f8402184d1cc36df07b68ecb1ab42047":"d378cfd29758bcbd21e26a324239c42c992941b3ad68d9f2b3d2def3a051fd172ee882562970ef59798ff8d9eb5f724ff17626156f4cf5d93e41ffef6e525919af6194ea9bbb58c67563d3ffd90e5a6e2a3a33bd1fa3d55eff5dba7cd439d571f7e08014c4780e3d10904ef22b660897e78258da20b2600e88d71c35ecb6329a":"62aad5854a238f096bdde0711ac6f5763e7fea29db068ea8c911f17ba91e6d7807883e6fc5ba7db17af33da2b00973008a3425e65cc786ce1b97360019ee2cef74563d54752be436b905705b507c3d62689df4edf0356d26b693eb43d8a2a927a9f3866b7e0e19e84a90447bd6f47e31070fa7c2a71e3f78229ee19fa47e848f":"9e8b59b4971130557aa84ec3ac7e4133":"":"556dd32edc0af3c64186fe8c000ddad1516cd14721c93c228e379d4f87e32c79e734539cec930322048f34a2b34931c585d44f09966caf187ec4b9244c991a8a5f263e9da1d08d6086e52535afdb36c7662307521cbceb9ecb470a76970243723fbc1613b6ebbcae261ac2f1936e66ce29ec7350b2e6b2f73a910ade645154f7":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"df867d1dd8a287821a54479cab6f88636d2aca30e1bf01a5dffc735e17590356":"35019826c51dd1ef07ff915d9ac4ea96":"0375ed93f287eefe414ab2968844bd10148860c528dbf571a77aa74f98cc669a7fc317adc9f7cf2d80dda29b19db635b30a044399f3665b6176ed669146d28f5ada03b3d32d53fe46575a8afcd37f20386d9e36f7e090b4fefadfab7f008e02f1b5022c0eeb81d03443a276eae48c038ed173631687d2450b913b02c97243edb":"6517272cac85d7f38902bcb4b96a0c59c4bdc46bfefa6ebacd7f2fb1629b87ca91de2ffefc42ce3cfd34dcbf01b3f7cadcea3f99e6addf35d36c51f2ceb1f85c1f56a04ec9c9fff60cd7fc238674992183ea3de72ef778561b906202b7b83fe6562a0bca9c1e0a18638e8685b998b4192f5120435809ad6e93a0422d00725262":"e49beb083a9b008ae97a17e3825692f0":"":"723be39bc13adbc48c861b07753f64fac1ae28fc8933acba888b6538721df0a8b91c040a26522fe0dbb7335d8f63d209e89f7cde23afa9ca3c584b336d63a91e07fdd8808b14c3214c96a202e665bbaaa34248ff30348f3d79c9f16e66ad6c5903305acd887a89b6244eb7c2d96e18b13a686de935bf3821444ee20f48678be5":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0e8e9ce6294b7fbc534a96bdd060120976a6e08315d2ea73ac61d085cd462a44":"4edc6be20f904b4789e5bee0a80a3fc8":"db28ce076b360816cd1e04b7729f8ab080e0a07f35204350f3bd056945aab8638c0e8311ab056f3e5debdbfbb03fae700770264faf73e0f3a05a5812aee84ab613c82f4a76da276250675f6a663f85e2c26d4f4a8666a7f4cedaffc1a7218dec11ca4e72b8b5d5b620d1efbd3d3b94a5ae0d118b9860dfd543b04c78d13a94c3":"9855f186b51358f0e2111c06bfaaeaec9bf95c55e246375c614fad9883d86c82a20c86538dc5f42a0ea69677d59a20c5112d15d2a8396f12096242ad5d7b838d16ee0679fc4017af75bc15e8ad2f77b0e802c864031cbfb0bacd95c828d1db4b7bab0713619e9e5e8fe6902aac7a9e6c42eb05f5b156f7e663ee43e6fdb62480":"03cfe6c36c3f54b3188a6ef3866b84":"":"e10142f852a0d680c983aad2b4609ccbd35ff61bb3eb66442aee6e01d4cc1cd70f45210acbd506395d6ca0cfebc195a196c94b94fc2afb9ffa3b1714653e07e048804746955e2070e1e96bff58f9bc56f3862aaa5fe23a6a57b5e764666ddec9e3e5a6af063f2c150889268619d0128b3b5562d27070e58e41aadd471d92d07e":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"886c77b80f5f3a21c01932685a540b23629f6d41d5574fc527227ed0bdf2e21b":"5ec506edb1890a5a63b464490450d419":"05b8d820c9f439d7aeae5c7da0ee25fb0dad47cc3e6f3a47e8b984e856201546975f8214531fc3c2e504d2ac10fa49cb948596b9a8fab01b95c49d6f04d1589f93b77b899e803dd20e1f00a51c0b5953e85be639109b14b100e35ca26d84ea629964b0db8260dfa5a150a66261bf37e79de2ec49e9f1b082a7c58ecd3d39b6c9":"53a17d7b69f607f08676d6f6dd4e8db08e01333a8355d8c87616e84cdf10ef5b041fc6ddc3f6a245c0f534c2b167064af82f45e4702a5e8dede59579fdecf6713353392433950c9b97c38d9ee515ac97d0970ccf03981954540088567a30941bb2cca08cbed680500f8342faa7aebbc6c143e2ea57ba6b4ac1fd975dcc5d0871":"ffdf56e1c1a7252b88422787536484":"":"79ee27adfa9698a97d217c5010ec807806feda37db811e398c3b82abf698aece08561fffc6c601d2691738e279eeb57e5804e1405a9913830e3ba0d7b979213ef40d733a19497d4bb1b8b2c609a8f904e29771fa230c39a48ebb8c3376f07c8013fff6e34f10fe53988a6ec87a9296c0a7cfba769adefe599ec6671012965973":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"5231ca6d772edd9ea2d251e22d7d455928c22474b4b44130dad57e6511fed6ee":"048698a4a0feabc1f336112e2794795a":"3a81b6b0b722899ff931cb73c39222d555b83ae3f8880b982593cbc1ab8be90d1ee32fd7dfe697cf24c95b7309d82c3fed3aa6b3d5740cc86a28174ac8f17d860ebb251ac0d71751c2ff47b48bfb0b3beb4f51494464cda34feaecddb1dbbe5fa36c681ada0787d6ed728afc4008b95929a1905787917adc95f1034fedcd817a":"2767c808410ee132291585ea74a48ad3102f883f07d060c91c5f10abd37fe0996d2210dc490260238ae15f5d74c7be2a1e15d80db09079c520047f88488a7802857a3fc3b81d85a96949997430a880177880a31d4d0c9c9045247804f057a4f2756d6e40375a4a3187c4376d6bf573ce334cda1ed88d8a50db499e7cdb89d8db":"ba61edeb7b8966188854fc7926aad2":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"5a3f516a7898e04e5da4efd6c7c5989b77552d195464620c2b35b9a4fda29cce":"9310af6974890c0a0364231f9cc8103d":"2103af8356bcb9dfc2a4f1d4ed09cbcd8e1990d23865605e19f87feb50bf8d10d0257740e5557a9297f0499c01e29a1a513ca18e6f43f7406c865cbe3951a7771128f3110c8da3bd696368901944549552842a1f6fd96cc681b45da098f3c1acb3d237d2363285f520d0b6714b698790b7660c52ac84a42c9721ac7e9d38a2ef":"5cc28b61ae97557774bdcd7ff653f4aa349df68d53c7e5a65263883ef1fe224ad40e86bffc2d38f28a2ed9ae1fc08563e2a1e46246106546eb8e6064c06baa0046fa137421734b7f0f94656a4f459d9d981717557d843700d116b6e5e2dd3af5f67c34edf31b40b71fd3c6f2475f9310feb70bcb973be52d41e86792c49d54c0":"993fc8e7176557ee9eb8dd944691":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"59c9258554363d8a885fc0f5d112fee08eadfc7ce52a0e7e73e3d0d41d9a0290":"77e51e89dc47bbcac79cca21e81a61de":"25a6f8800a9b914c0ebf9a45d72355c03ee72a138eb81b2980f332645ce1d7aa4659805821866aee2b276e2c032776b4eaf36f93b5f9a72b791be24e31eff105ca6d0700e3069ee327983dd7fe1c7465d6c6d77837aff69055149988e7199847fad98605c377d997dbd40f3e2ff1a4f978a493684e401249e69540fbde96323c":"79c491411402ea7878e480519fd984dde44bce6459303bb76d4eaf97d4e345d1aafaa68ceb0590b41cfed0f411b675d9344c7e888cccfc9eb6fe6b229d198f94ba516ee850ee7f078a4f5f32a23f92f72264e3a76a31ebd042564315ac4f2ec0bb49ba6d08cfd2d3a6308688e39f28e3ecd669c588368cee8210edf5dbefb925":"ee6d85d3f3703b45adb4f9b2f155":"":"44ca68deed5478074adfddc97f06f44c08bf7bca4dee8707d621fc7396fe2efcdad0a167d1708a9ff59ce4cddb86920bf1dbdf41b2109a1815ffc4e596787319114cad8adab46cf7f080c9ef20bcf67a8441ba55eac449f979280319524c74cf247818a8c5478ea6f6770996026a43781285dd89c36212050afc88faa56135fb":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"5e9eae594cb54c8089330e4404ff79abb1c0841b0be5347a14633ad1e1ff44fa":"0917b486da754f48bb43ecc8766a7ce3":"2aa1ef2f91aeba5da10b48a882dbd4574df4e9157a18abf8cecd03e4176712ba171b6ecb0e745841ff84e35063e47b08101afc44cfd9cededb913a82f00b9d4bac922f23a22f200642270399896405d00fa5271718eefb4cd5fe7e5f32097766ebff36ff1898a1c8a1a01cc18e6121e470805c37ff298fc65ef2fb1b336d09fd":"32abc1eb6077555a85a0a6fd1c78cccca6c8b375842e2eb8eee45ee6c38dc0837443d16c647252e8124639dd01c808ac5e857a25d927c2a75e2fa8955cad5beb5c206fc050cd933fc4621f5718936f01f39dd700ae1aee7537cc595df8789c5d1a6e1e87b1c7a60e3ce5d57c80dd65dee3801798e1481b1963bcc78cc69f8c50":"92282b022e393924ab9c65b258c2":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"aaf03c3055a35362212b9b059931e7a24fc71e32bc9a533428c9dc31077f2ebc":"7dfccd077b29e6ed5720244bb76bde9f":"21edd1c6056f51fd5f314e5c26728182edcd9df92877f30498949098dcde8089eed84e76d774ef8874d77125669a302d268b99dcd66b349d0271dde6f8cc94dc4f2df3787887b1173cad94d067e346846befb108005387102854d9387d2c0fbc9636cdf73a10d145f4b612c201b46e1ff4465f6a7654ce3da5792daf9a27fb35":"c0e12cdd8233878505e025d52427536be7b6bf1887d2dd20eac7092db80b22417a3a4ca83cdf5bc5e36161be1ff9b73f7ceb297c6d07c9cb2a75035a5dc079e48283daea60596f4b356ca28c243e628cbe459f069709fe193394c9b1a31d8ccc5a3a4eba30056c415e68571a2c34bb5c32efff12e9aa483c4a68be5e76aba4cd":"6154c6799ad7cdc2d89801943a":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"60c775971a9eac7950ed2bdd85bd60fe948ba04c419f6743fb67f37557e46c6e":"9b92ad7079b0de09c94091386577338b":"1f6a84b0df75bd99a2a64849e9686957c6a60932ebe898d033128be9b757e9890225925d856bfdc33ff514c63145f357730bb0435c65342bc5e025267b410af6fd388a5eca01b7efc87fd3b1b791df791bd47dfab736350d7b7f368b4100e04c939d5af957bab95ed502dac904e969876674602a0f0790da2d7351b686e46590":"8abb2e66a4d08074916056bb8e925551372f737f0e1b597c5d08ee102989743a273b29d7281013f8b3aee2934399cb427370d70370ee86eb41584b653660c633506a53cae747826bb7d93909f069d5aacf058b7f2bbdc58ea08653db857bda83a979fc22a4f126dfef7aac45177f4cdb802fab0c812fb35d12a8176ec21336d7":"1d6cd4ab3914e109f22668867f":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3b426e449337a14bc0663246ab61b671b523c9a3130c21ed59c93fa6a5aa5ae3":"e6efc96acd105fe4a48d1ac931eea096":"0902cf7a0685444126369712ac47962bc2f7a3a5837f1b6190d9ab1adb4cd35e7f0892eee628b8e07fcf2b598cebe1ec07d8c4823172ae66a135bb51cc71590707b691a66b56af1ffe38772911d11685da355728eaddd83752d21c119d7b59f4c17c2403629fa55cd70cd331aed7b0de673c85f25c2e9e0267f53f0b7480c8ca":"291bd5a00d71eb7d547b7c94e7030ba4a947418eaeb378a3bacd304b08c6f92f6958eaba968ac6aa23e0512a2a8ad7c1ca2f8fcf623bfc1281f5b7b598c08d2aebcd447668b23238c5e338b4c2ac7f8fd381714c596ea3e0c17aca4317a08563e58f0f52a8af08e078dc242ae54ee0fe3869f8c9687b004a4ded0aa27d8f4c5d":"ca4bfeedcd19d301d3f08cb729":"":"bcef3f2fd101b828d36cb38530cf9a0a7a285ac1c55ee1069cc78466327e85887534c98a8891d579effd832c0f7d6e7e822fb1eea85a39317a547591def4aeed6660872859fc9d1df9725d3c40e9ccaa900e0f1426a55d20ac4f2e8e07bd3bbc687f8e059ab93e7604c97e75ac94be1c8c24f4c4da0080a4d77953fb090cbb62":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ceaf204ff504ea8e7fade1a2097f2b527a44766860447322fa5ad346cd810217":"cfdb8183251f4b61c64e73243594fdc6":"a60f3969fd1b14793dd1425aa0b1f742a4861e0b50eaffd1525cd209ba6d1252176763bb5bee59aaa55f92341cdc0705899aba44cf0ec05cbf80274ebef65cd9507fd4224b25cac19610968d6a37e2daf9ddf046ef158ef512401f8fd0e4f95662eebdee09dd4a7894cc8c409be086d41280bd78d6bc04c35a4e8cd3a2e83be3":"1c8e4cf6018211518494d46c2e0607fa42e236abc28d58f8175c530f84b1f030572f5f6a74cb5517e1fb999a637d352afcbeadea9121e695675859b66b499a3a351ecba5226e58ebbb59fe12e359e4c89cd51c8703d4643c49921ae495801c73627df404b91e828e1d0e03ae09a39defb5aa5f2c8106953772ba0713d3261329":"9e45029f4f13a4767ee05cec":"":"5cdc66b587ed5eebb04f42b83a6ab7017093514881c598cce332d74fa3fab927493ac15bff26835296e080b5b45ef907c0529fc2f4ed2fc09db179ef598e5d193ea60c301d3f8d823404814e3e74de0e1d2417c963e9246c353201c7a42659d447376e7d05c579dd4c3ae51c2436407b8eff16ec31f592f04b8013efcfd0f367":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"15652abe38cd09777bba21d0db04637f5737d3cb3922181b9f2d07bfdafd327a":"3a5e0d223ae981efb405566264e3e776":"cd755437cb61b539908e0cfaaa36c0123f8f17d1e6539783cb61d4b56cac3bc1e971c1ea558b12669b025cb6b9ad55991c6e2f8ee8b0b7901790193e226a0fbbfff7ff0bee6a554660b9f32e061b6c04bf048484ff9ebd492f7e50e744edd72d02c8fd32f87f9421bf18a5a20ebb4d9dbe39a13c34b7296232470e8be587ba09":"1d6c153dec3b4738a09c9fbdfe31a093eb7ea79b8fa49f83e5e1f46893590f074fb171fb66e30ef887767014e3a10a3aa05da2bd50dd7b7936e1d7f6f31af9030e31e76bdf147f4396464db0f6a72511c4885c6c2305d339906e3c761a3249d7ebea3bf463e8b79c3706e684575550e964b8047979f7aed6ea05056c4b5840b1":"01a573d8e99c884563310954":"":"162430c23f7adcf98575a2d9249b4b5cec42efae33776360ebfa6a19c8eee4bd6b07cbd274deadc3292b7cdbb7803e99d9f67ccc5077f3ad5808f339a05b3213dbfd11377673d4f9b486a67a72a9ac8ea9ba699861dce0de7e2fd83d3ba2a2ec7fabf18b95a2bbe2184ff7bddd63111b560b3afe7f2c76807614ba36c1b011fb":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a43f6d07042a15cd49f6f52a2a3a67c6c2ff420d95bb94b9fe03b287c3abcaf8":"3b6fad21f0034bba8b1f7a344edf7a3c":"2e01c0523c8293fc51388281dccdb8d0a2d215d729289deb327b8142d716c2bb849e9476545b82f3882ba7961b70c5da2a925ba18b6b121e9215d52ac479c9129c9cd28f81584ff84509d5f9dcb7eaae66911b303cc388efa5020ac26a9cd9ea953f61992a306eb4b35bcd8447eea63cef37bb0c95c1e37811115cf26c53e8c5":"b67e58c8b608724fd20aa097ee483bc4c804490cc79de635170944af75c87ae0ad8261365c1dc80d852553bcba18da9fbc3fbe61d27550a03003ef0c60202054626655509a9e1ab54677e537a4e761df011d6c6dd041c795446b384161ae9eab441afd24d19b58eb4fe5116cd7b11b751ebbd0a2adba7afc380d9d775177099a":"43470bc3d7c573cb3a5230f5":"":"e1720d451fa7ab9db4988567187244b15b6fe795dd4fef579fb72e41b21aaa436d2e5d8735a4abd232a3fb9188c75c247f6034cdebb07fd7f260f8e54efefa4f2981cafa510dd5c482a27753a7c015b3cae1c18c7c99a6d6daa4781b80f18bbe6620bfc1518a32531017a1a52aadb96a7794887c11ad6bdd68187ba14f72a4b5":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1f0f0191e18db07c0501dbab4ed952c5603a4cd249d2d8d17e62e10b96ae713f":"ab8be16b4db809c81be4684b726c05ab":"a5a6e828352a44bd438ad58de80011be0408d410f6e762e3145f8b264a70c593476b41bb87875746c97de7d5fab120bd2f716b37c343608ee48d197a46c7546fafcdbe3e7688b7e9d2f5b6319c91d3881d804546b5f3dbe480996968dd046f406c11f0dc671be0421cbc8b4ea6811dd504281518bb96148dddf9f0dc4e2e2436":"aad40e7866c26e486b6f6e8eb14a130d5f88891bf0d09aa8fe32f447ab8dea7bee5d3eda4499c0103a010483f2b64fdf1155499d31decf528c77dd7627884f9995c213cf7402143dbb7561d69c86886734260ac94ffac7eb33598d25714228ef43f744ec1af2a87e789f1e5d6fff0fbd5082dcc49328f194e8f8a14a5bfc962d":"d8bd7d8773893519":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a6cf7d83137f57f2310ee6bf31e8883952bb07ccdc12f516233ed533ea967e5d":"f17e37e73a28c682366bfe619cc673bb":"0f4dd201b18e20230b6233e0d7add6f96537dd4e82d3d0704c047fab41af5faf6bd52bd14fa9a072f81d92a2ce04352f0b66f088c67102d2d127a9850b09ff6087f194a6e8ccaba24091feb303eebb65f1203b2d22af44e7be4de71f03e6f6cbadf28e15af58f58eb62e5bddfae06df773cc3f0942520de20078dda752e3270f":"83ab20698fd7573fd121976a72b45a7f03aad84702fc8ac73d6926eabd8a546895aeffe4ba81d117507e2cd37d58eeff71cc3afa8a4449be85f228ea52f6dc6395bb43c1c9f795343720841682d9b2f00602eafa4d4cbe297bfc62467e526b9d823cc8eeecd9e5f8dbc2f65610663c6f37b3d896651b254bd60215629ade3b2a":"74110471ccd75912":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b0c85ac6b3887639838ddca94c5c69f38115aa00122322c8114642d12ea1b8fe":"14f68e533ecf02bceb9a504d452e78c7":"796a46236fd0ff6572b1d6257c874038f870aa71cbb06b39046d0fb6489d6ae8622b5154292ae5c4e1d5ff706daedb2e812533ae3a635d339a7fbe53780e3e8204924a5deb4b6856618f4c7465d125a3edffe1ab8f88b31d49537791c0f3171f08dbb5ed1d9ed863dafbae4ecb46824a4922862fe0954ee2caa09ab0e77ed8fc":"0210fce418e7e2199cb8f899c81b9be74a630d00269755f882fc4db27632e99685cc12c426a7503473646df1288d0ede28408be9add5713628700f8e2b2e27d7522520ed00ac47239084651eb99e7d03e1520aae137b768f3144232c16b72158fd5da4a26a2525b9b27791bf06d1eb2e671c54daf64fddc1420bc2a30a324ba5":"6fb0b5c83b5212bf":"":"5e6c362f7587936bcb306673713a6f1fb080783a20e9bbb906456973e529cfa0298206184509c30e1d3793eaaa5d564edd4488f04311821eb652e0a1f4adaf6971505ca014788c8ce085ceb3523d70284ed2bb0aebeba7af83d484df69c87f55a93b3d87baa43bd301c4e55eb8c45dcf3e4612535ea1bd5fdb4c3b9056d0cae9":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e61b1a6b40e2ab1245ff65dcfb9948318ac4fe55e9ed600cec301dae32ae0e93":"c356244b3034d288e4d4fe901b8e27c1":"bdcfeb09d5b97bab05a7acd9849e7de2c5beb7a4dc573c7e1c1d0c0409245a6584023114fdcc6413c800ca16847bde750b27c4d590248e2ce457c19b0f614f6aff4d78d4a19b3251531e5e852fbb05d09412cc1ff8988d1955ca6f5fe2d820f20a7642e3ae69e8122b06ba0918e806400b9b615e1abe6fdd4f56a7d02d649083":"8d67fa9fcf078e421cb63abeb25dba739ab0e09a091dd06b0c616e1e888f350edb2d73a42f57f115266ea20c7f8fc143ac746649612df06a5e29b4a15934dc049be1ab49d018ab86c4f37d8c3d9c714f038029e74d8ee3dbe61d81adc63712ea413b37f7604da12107aa1695d9b0981e5a92cdfaa5fbda0e31b22c6fd6f3b499":"86acc02f":"":"7c73182eca97d9617abb478a6ce62e3491a7e9951981c89c3071b161a4c80440614c3f24d0155073e28dcccee96bc8303dab4901ef77318df522d16d9da47770ef022395d6104cd623d93d67090a27507fc8ca04157e7939e639c62cd0e7d8a472314833c0eaa9ba2fd54a25b02854e3bff25cccd638885c082374ae520ed392":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4f5a02e9843d28c8c226ed70d44b8fced8fb757ab6ece4d4f06e3c3cec79e44f":"099e5d9aae89fb6391a18adf844a758e":"ad93e8662c3196e48cfdb5aa3bc923cd204151aa980cbec78f0d592b701f779c1c49f9e8686d7e2385a4146b21a643a59c18c8b82214f42560bcd686fad7c7c8e8c1944ce6b20ec9537dd14b6cf2592740ca112f4cd582250d69f240d3e957040e1f7e19c60b3c8f2bd00cb666604c38946eb9b2f17336d281b4794f71e538a2":"3ec13950d329f24074714c583bdc35686b811f775b76b0a8fcfa66fc56426c9d022f8ab0af38f8d2f71a068548330cdbe891670181ed7491bf40c739ef4dd93689fd35929b225089d2b151f83d9b3cd767300611144586767354c0491112c205409f3168092d27f9b9f433afb79820a2811984d48e70c1fb2a13bbb3ddbc53fb":"30298885":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1cdb218e0bd0e02156e5b48182990f778889793ef6018a8928e61164ac047c8e":"d2ffbb176f86bee958e08e5c7c6357c7":"bc580c4223f34e4f867d97febf9b03629d1c00c73df94436852cafd1408c945c5474c554cb0faf2bae35d3160c823d339a64ebd607cf765fa91f416fc6db042bc2bd7445c129b4a0e04b6f92a7b7b669eb70be9f9b2569e774db7cb7ae83943e3a12d29221356e08e5bf1b09e65f193d00d9fe89f82b84b3b8b062e649163dc8":"4d039618a0eb640329f90fe97de18bc928fc3fc7a0db42c97774bec2e882e872fc1097c8319f7837a16516bf387b1bae321c565e8fc1cb8480f051158e4685f0adba310d2c6253bc1300403cbd3f7ddcb2796a69f8bf9e73d47aada9a02673c1a3d5ecdac838abf22b385906236529a1b7dd5b8af2611a04cf4f83b15ba41cfc":"1997daa9":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"dc1a145c18bdbca760f35eea0d4a5992de04a0615964ec8b419c8288ab1470f0":"7f8368254955e1b6d55b5c64458f3e66":"":"":"8ddaa2c3ed09d53731834fa932d9d3af":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7b4766d3a6615ee58b390daa228ae7a541c46ce80a1efe227cc43cb777df3232":"274367f31ec16601fe87a8e35b7a22dd":"":"":"5f3a757b596e06e9b246ed9bac9397f9":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d19b04055bf6e7ff82e89daef66c9d8319ab25f9197e559444c5729b92c4f338":"796efaff4f172bef78453d36a237cd36":"":"":"3b445f38bf4db94f1a9ec771173a29e8":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7ca68e300534a90a7a87ca9906e4ac614a6aa51f769b6e6129753a4f83d10317":"45e6b23f8b3feefd4b0ea06880b2c324":"":"":"6c0a1c9c2cf5a40407bfa1d5958612":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a2b7cd693239bbc93599d3d12c9876e7303b227b8ae718e2c62e689e1fd62903":"548c9c8fcc16416a9d2b35c29f0dacb3":"":"":"3aa21f221266e7773eeba4440d1d01":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"156b854beb0c276a5e724f5da72f0d1ca4ae7cbd5f93a2257d95c2e5bfd78ad4":"a5129e2530f47bcad42fc5774ee09fe7":"":"":"6bb09ed183527c5d5ed46f568af35f":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d824330c60141264e1f709d63227a9a731bcc42b4adec1d8f0161b10b4fdb2ab":"c5afaa45312c64ab3c3cf9d6c4e0cc47":"":"":"55952a01eee29d8a1734bbdf3f8f":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b5517589948d8aea778df6fd66c17a170d327f69e504f0a4bd504c4286a9f578":"6404b111c6289eefa0d88ed6117bb730":"":"":"637f82e592831531a8e877adfc2c":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f6137b2bcbd327fbcc7f313efa10f6ffaed30e4782e222e1225c87103fcae905":"3b87b08337a82272b192bd067e3245ec":"":"":"1f2dda372f20ffddd9dd4810e05f":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b5e70d1b78e931abf44bba3f937dbc344858516a8a8afe605818dc67d0c3e4c4":"58e70095c6f3a0cda2cdc7775e2f383d":"":"":"1763573f7dab8b46bc177e6147":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"90de0c047d1dd01d521f2dedec7eb81bc0ace7a5a693a7869eaafbb6e725ad7b":"d565c9cdfb5d0a25c4083b51729626bd":"":"":"78738d3e9f5e00b49635ac9a2d":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c43e8dbeafb079692483a9fcbab964b76fccca6ca99e1388a1aa9bf78dfd2f02":"f2bd4fe0d30c0e8d429cac90c8a7b1c8":"":"":"ea7b52490943380ccc902ca5ae":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"13540919fdb95559e37b535a427efeee334309e34c4608459e204d931b8087e7":"c993c1802df0f075ce92963eb9bff9bd":"":"":"edfab013213591beb53e6419":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2a7b2e07c148ff0f627ae28c241a395876bbed0c20f3fd637330e986db025714":"8f7e1621c2227839da4ea60548290ffa":"":"":"f9da62f59c080160ec30b43d":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b3e7837a75b38ae6d4299a1ae4af3c2460dfca558708de0874d6b1a5689b8360":"05d363b2452beff4b47afb052ac3c973":"":"":"6b4a16d1ea1c21b22bdcb235":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"9df3ccd95f7570f6ecf5e5329dcb79bcd46cbcf083fe03aa8f5bd0f645c6a607":"774f4e70a7577b5101c0c3d019655d3e":"":"":"98ff89a8e28c03fd":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1c7123e2e8d3774c8f1bdbb2272f19129e04f29b4351ae19c3b9d24e6ea1fe87":"99f25cebd6cfa7f41390b42df6a65f48":"":"":"8e14a0a4853a156a":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"490090323e9257517e2453469caa3414045cacb4d05d5cebc6b9c06fa6d19291":"c1beff1ff6cdd62339aa21149c4da1e6":"":"":"f998d7c08d609b3a":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"360e48dd38d9e7f5bf29a2994ab5b3c9c70247102d94049ae791850807a4c845":"88126c350dfc079c569210ee44a0e31a":"":"":"f2ebe5e4":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1562b32e4dd843edaf4474b62cadd8f46d50461f5b22c9f1a8eae7367d35d71b":"af29fdb96f726c76f76c473c873b9e08":"":"":"13fd6dfd":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,0,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d5160d0c98ffcb1c26aad755f67589000e2bb25fa940e6b1d81d780f421353d9":"1552604763453b48a57cea1aed8113f4":"":"":"660c5175":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c3a3ea3a097c0c2b3a4cb78462d87fd5a8f348687c4150e9d3354b388ab13d17":"f77945979241fb3a454d8e3da193e169":"a69bac31241a2c07d3f7e331b77f662b1e67ccb81c07f52578b01f5785de9437f02eb7627ca7b9af09c1cb428fe93d6deb31f4d6dd2f0729f87480bdeb92d985de1aaad4bcebc6fbad83bede9a5dd1ca6a15bf5d8a96d4edb5bee1f7d195e9b2e5fb2221a596d69f257c18a143eda870e22d3f2ed20c9b3b0d8c8a229c462fff":"":"6b4b1a84f49befe3897d59ce85598a9f":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e1626327d987342cba5c8c63b75b4ed65463a2b9c831f4f9f80325fa867d1d73":"4e25800deab7ecec2a2311f8fb44eb7d":"ebaffd558f24dae03117c69ac4b2b4aaeaffe7e0e7599eaba678bfce23a9914dc9f80b69f4a1c837a5544cba08064a8f924064cba4d783623600d8b61837a08b4e0d4eb9218c29bc3edb8dd0e78c1534ab52331f949b09b25fbf73bece7054179817bc15b4e869c5df1af569c2b19cb6d060855be9a15f2cf497c168c4e683f2":"":"8faa0ffb91311a1a2827b86fec01788d":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"938da64b837275b0c80c442bdf2301aa75e387fe65a775d10a8ec840f62ff429":"dec6adeb60216cbb8a6c3afba49fa201":"4ac144bd95f405649444f01ab67ef3e4c0a54fdbd933b6ba00518c79db45c22c90030c45aadcfdb53ec8199be0cbb22dbb9ab938a871f4b3b0c98ed32590a051abb946c42726b3e9701f183b2092985e3457943a6350fbcaece2e6b111b179ea3fd10ac080a577a1481785111d5f294bc28519c470ff94392a51a2c40a42d8b5":"":"2211ca91a809adb8cf55f001745c0563":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e2436484ea1f454d6451ad8dbd1574b208d7a3ab4fa34869299b85c24348b43d":"97040d2ec094fe1c64fa35b35b7451a7":"bc198677513ce0e66697dfe52b22315fa5d8f92042f34cc9f373a01f94607df1a599132f60af010ed9b5e52162dd7b162912b68b11700e08f5fdafd84d10f760fc05ec97c05b83e55155194f399594015b90a19c04fb992e228940fe1b54ba59c4bb8318b33cc0df1cb1d71c389473dfb3eefabfe269ca95db59a7bc0201c253":"":"2e080ba16011e22a779da1922345c2":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7fb3fc72eb8a3aa5b102f90039f852cc3fd64f46915f5e49f1d9e02fe9cc13b1":"f6120fea313362524917c53d90bafb4f":"60c2be7fbd15faf895fd19a9ce775fe2b183b45cffafe4fcbf50d421bea97347e41a9418cfa129b2dda63b889a70063010215dbe38c37feae18bc31b34f31b726f22177f2b4b9d648dd4aa80edfd12dafaee10baa83224354432d1cb62ccabe38bb8448d162cd0d30e988d2e1a2458ffdafaacbdff928756390f66dc60d7ea45":"":"83de3f521fcfdaff902386f359e683":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"697c96d80d0a3fa9af35b86f31fb71a17aed30ce841c79896bbc8863b3b3ee04":"3a5163ec7e007061838d755ac219855e":"de50c12da63232768d5eb9920d49683b5b7114cb77448fa10b9d63552ec5d9c2eac94b375d11f944959f903bb20c696639b6e7f108ec1e873870098c631ddacb2c25268cfc26d2a4cacfb7dda7383374c5456bcf4daa887a887f4293f8caa14419472a8bf7ffd214dfb2743091238b6d1142b116c2b9f4360c6fe0015cd7de81":"":"cd4542b26094a1c8e058648874f06f":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"66c1d9ce3feb0e966c33e3fd542ec11cc32f18c2514b953103d32abcdc72633a":"46fdb88fdde9b7d74e893802a0303256":"55d2f263d2e3cf0b390fce1dd1ebd5f666086f26e1ce2f08002bedbb810ada3922c6bfcf6a6adaa556e9e326c9766f02b3eb6e278da2fa3baa7dbdb6373be3c6ecfbe646b1a39e27c5a449db9b559e7ea3496366b8cdbca00ee7a3dea7fdfbea1665bbf58bd69bb961c33a0fd7d37b580b6a82804f394f9d5d4366772cee3115":"":"96ca402b16b0f2cd0cdff77935d3":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d7c949420dc9497232cd5810f316d11f9e85d36c430b5943ba79836d88c1eb92":"7ef9788ff09cbeedd9569d49083a4097":"ca1de5cc3fcde2638eb72210e551e9c0e0a3f5570d5be83a9a4406b545d854bf17e75b9cd0f4c45722fbd71319a317b72a8798485e9316a1c8102432b83bc95af42f6d50700ba68f6f2e19b6af609b73ad643dfa43da94be32cc09b024e087c120e4d2c20f96f8e9ddfe7eae186a540a22131cedfe556d1ebd9306684e345fd1":"":"8233588fca3ad1698d07b25fa3c4":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6fe7c70815aa12326cdcbb2d2d3e088bbaaef98b730f87fe8510b33d30e12afe":"e0253bd1f19e99a7f8848206fb8ac4a4":"397897eca4856f90d14c3cdfe1ad3cba47e23174ae2dab7d2a6320898584e03bffa3ffd526f416d7b3c579b0f3628744e36eebb5df519240c81d8bbbf5c5966519c5da083ab30a7aa42deae6180e517cdd764b7f77d19cc1a84141817758887a8d7265e7e62279b9d33cd2f1ba10fd54c6c96d4b8a5dbe2318fef629c8e2af0f":"":"477b0a884d788d1905646bd66084":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cbeefb3817cb02d617f385cf2371d52c8bcbc29e5e7a55cd2da131ca184c6e89":"f74156d6400ae46b612531848bffe18f":"1abe2ab05ceccf2391273126fe4a4426b94d2c3b97a7f1cd2ee6bb952bf4a546e972b5a1701d5ddb0e5bb7a248fcb47107a9fc77e4b9806b68a11850119aa239fa8be1370e3a2e1a8b168f7323afdfc4b8917d92570167848a56132d68876abc386c258a9233dc8a9eb73443b052e842c3d63e8b5369acdd038404e4e9a4b038":"":"0cb67cec1820339fa0552702dd":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e6f5f65ce2fc8ec3f602f5df90eb7d506dd771337913680ac16bdcd15c56583d":"9212a548c597677d1747e98ce6fb18a4":"55ca486c0183d0134925880d2e21dde0af51c4c77c6038a5a9c0497884e0aa4715bdb5b4bb864acc708ac00b511a24fa08496df6a0ca83259110e97a011b876e748a1d0eae2951ce7c22661a3e2ecf50633c50e3d26fa33c2319c139b288825b7aa5efbd133a5ce7483feecb11167099565e3131d5f0cb360f2174f46cb6b37c":"":"08d7cc52d1637db2a43c399310":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0e9a0391435acb57eae2e6217e0941c79a3ff938ec6a19b8a7db2ea972e49f54":"27cd1d7af7e491e30c8110cc01392529":"79140d32bb32dace0779e2d37a0f744d6d973e99a279962b43a6c0af63772e8a0a21d5d9dd3c33d4b218cb2f6f24dd8d93bb4e1e6a788cb93135321ecfed455e747fa919b85b63b9e98b4980a8ccb3b19d50d735742cb5853720c2ad37fa5b0e655149583585830f8d799c0d2e67c0dc24fc9273d9730f3bb367c487a5f89a25":"":"fbb477dd4b9898a9abc5a45c63":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"55a12eeca637654252e3e40b371667e3f308b00f2fd2af696223e4cd89e3fd4e":"8a3793b6441258360f7f4801b03d0b26":"f5810dc5f25e49bd6d94bc63c2494aa7a579a4056a25f1dd9b2734d0b8731ee52523edd54ff475651d45c213e1bf254327fb0e2c41a7d85345b02bcc9d27b08915d332e1659671991a4bb74055967bebbba6ecceb182f57977130623d5a7b2175fa5a84b334868661c1f450b95562928b4791759796a177d59ed18bbf141e2ad":"":"99230019630647aedebbb24b":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3d353f870a9c088de5674efd97646b9c5420b2bcdfcffefcadd81682847e5331":"f267fa982af5c85359b6447f9b7715ea":"7cf55630867af5dff747c8dd25bcc531d94a7730a20b6c03d46059ea93fcaa00d07ee17dad0e0dff814b02dfef0cbe00b37fd2f5f95ead7c72be60016f2934d7683fc1e47185c7211c49cb03e209b088edb14e533dbcb792ab7033728904f7ff12381a236dba97894ec1fafcf853ab15fff343f9265d0283acef10168ffd1271":"":"9553b583d4f9a1a8946fe053":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d227c9ff5d17a984983056fb96f3991932ae8132377529c29238cf7db94a359d":"b8f6536f376a7efe0e684acf350bae70":"1cc25da31f90de7fa47ebce92754d3faa99f88d4e25ccab45645c1acdf850d55d7f02f61a0bfdc3125f29259d7da8abef532fe0966c63d3486753c8a2cb63a39349a0641b2f2b9526a03b97d58ca60fbb054c6c164ff2836688b0cad54df2b165bc082eeae660e768dde5130e30f8edc863446661c74da69b9e56de8ae388da0":"":"44b95a37fab232c2efb11231":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b2a57ef85ffcf0548c3d087012b336c46f6574cf1d97ca087bfad042ee83eec2":"3d580402d2a8dc4d7466e5dcb456be7a":"c2b9e95c16e55028794a63ef82d11fb83a2a75dc34a81f238e472c33264534bdd54cd07d02a0ecf9019ad1a6d6c779f339dd479e37940486950f183bade24fca2f24f06d4037b3555b09fc80279ea311769473eb0630b694a29823324cdf780d7d1a50d89f7a23b05f7a8c3ad04b7949aa9e6a55978ba48d8078b5a2fd3c1bbb":"":"072d4118e70cd5ab":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"63889ed5bf2c27d518a696b71c0f85592e3337aae95b5bf07289e4c5dfdc088d":"1ad534280a0fac7dce31f2ae4fb73f5a":"be1b9dabea33bb9443e27f674b27931c0fba699a33dc86fab29e50b76a9441030444b465317bbf2949faf908bc1b501d11a5ea2042e4b460a85f3be5836729e523d99b56ef39231d5c6d8ae2c2ab36ef44e2aa02a1f2c559c6e333216c7f9ed5f9b880a88e920219204c99a3ae8f90afd1396563bc59a691a93e0070b0b5fd90":"":"1bcea0ac2c1a0c73":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"94e3e2c17cfb6f52d4fdba3ba6d18bba891b6662e85df14d7e61f04adb69e0e5":"8a80efb3bfe220526997543409fddb4d":"05da1b0f7ac6eef488d3f087ecae7f35abe3ef36d339709dc3fcb5b471979268ee894c3b6c7f984300d70bc5ea5fba923bfb41d88652bdaecc710964c51f3e2ae2c280b7d6c8e3b9a8a8991d19d92d46c8a158123187f19397ad1ad9080b4ffd04b82b5d68d89dacd3e76439013728c1395263e722b28e45dabf1ef46b8e70b5":"":"faa5c13d899f17ea":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"fe5e479ad0d79dbf717a1f51f5250d467819e444b79cb3def1e0033c80ddadd8":"47ce838083fd070d8544c0ad5337cdc6":"98476bf05a18c4ff1b6024dd779c1ac06d838705a0a83fe42bee5fc6ebf3b2a1a5049b67f4aabc8239cd6ff56504bcbad1e2498c159bbec2a6635933945f6ea49e5bc763dcf94f4b3643d3888f16105abb0965e24f51cb4949406124145e9ae31cc76535b4178492f38b311099df2751f674363ae7a58f6f93019653b7e6a6f0":"":"a3958500":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"27d4dedb71a8f68ca5ce2b9e56da772bf5a09b7981d41cd29f485bd2d1adb8d4":"7e6f0343c54539717a97b6c8b9f7dec4":"d386db78043f719b7e137cbf79a7f53dda2fe3baccbebb57d499f6eb168e5151f10081d76b72ae0f30165efbdda469e826f9246e59dbcad5c0b27691c00d6c192c24073e99c19cf8c142087c0b83c4ce2fc7ba1e696394e5620ab2d117d5dcd2ac2298997407fd5de07d008de8f9941a4a5f8074736a59404118afac0700be6c":"":"50fd1798":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,0,1024,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"5a7aa836a469d28542d0d24d3232fad266da8fc889c6b6038b726d3da25f7b20":"9faf7cd805803e143ec8f3f13475efd2":"1006c707f608728b2bf64734062b12a5625062bcdcb80a3ce2058352a2922d5e6fbe19681b4f0d79ad3c837f81e72f2fbf8df669894e802a39072b26c286f4b05188c708f7c6edd5f5bb90b87ffa95b86d84d6c1c4591b11d22c772a8ad7f2fe6bd8b46be0e93672df2e8bff8ba80629e1846cfd4603e75f2d98874665c1a089":"":"07764143":"":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a9444fd176acbe061d0221fde3ddfcc4ff74e995d981a831297c4cbda51c22a1":"5714732145470da1c42452e10cd274b5":"":"c146ff5a988496cad7eced7a2ea471e0117d5d6bd2562c23ce9db4bf36d83ba3fc22e90486ec288a627d208e0b2fd3b65f8301cf7fc41d97959981a95cd1cf37effc46db99b94b21c941c3613c26a10b1a6b7793f467d58ff5134612230f1c49d7e1fcf664fe52fc6eca46273982f6fe729b009d90eb8d8e4a0b0dbe907b76da":"db85b830a03357f408587410ebafd10d":"":"a3cad9a57fa28e6f6aaa37150a803bf8b77e765f0702e492c4e5ebb31ae6b12d791149153e469a92bb625784a699fd7ca517500ee3f2851840ba67063b28b481e24ba441314e8b7128f5aaccaf4c4e2c92258eb27310bf031422b7fc2f220f621d4c64837c9377222aced2411628018a409a744902c9e95c14b77d5bb7f5846b":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"686d3bd071e3f46f180611bc4ec8d7726fe72b6c617e7d42b3339f53918c9e36":"a714e51e43aecfe2fda8f824ea1dc4b7":"":"21983ad66449c557263aef299da6eef8f31d576fc17ed2dac3e836f7c2ceaff3094b2695452680e188df10c174810efd1fbaa6c832baedce0b92e4c7121447f6461ac909b4302cdf658095b1de532b536faa4fb38cfdf4192eb5c3fe090d979a343492f841b1edc6eb24b24bdcb90bbbe36d5f8409ce7d27194a7bb995ecc387":"cd30c3618c10d57e9a4477b4a44c5c36":"":"9610908a0eb2ee885981c9e512e1a55075a212d311073bbb2fb9248cce07af16ee4c58bdc8dbe806d28480f9065838146f3e1eb3ae97012cfe53863a13d487f061a49a6c78ca22a321fa25157dbe68c47d78f2359540cc9031ee42d78855ed90e6b8ea3d67725bfffcb6db3d438c982b5f88d9b660f7d82cb300c1fa1edebb6b":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6fe81f15a02e2ecf46e61199c057102d160e6b5d447d4a275972323fff908c3e":"91d55cfdcdcd7d735d48100ff82227c3":"":"0b4ee0385e6665da8fd2ae47f2d0cf1c5bd395a3bb447047ab5a3ae0b95355bf83d0381119a8d4c01acbe60cd7885da650502f73498a682fdc94f7b14f4c753226064fa15e3a90a6083e053f52f404b0d22394e243b187f913ee2c6bb16c3033f79d794852071970523a67467ce63c35390c163775de2be68b505a63f60245e8":"cd7da82e890b6d7480c7186b2ea7e6f1":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4c2095e1379389dc3810e8819314f5a2f87d1494213c5b1de1a402f7f4f746c4":"19788b2e0bd757947596676436e22df1":"":"26ec8ebac0560538a948afbc18fb730e9a91f21392bde24b88b200f96114b229a5b57fa9d02cf10e6592d4dfb28bf0f00740c61157ce28784e9066ea3afd44ecf3a494723610cb593c0feffc6897e3435c6f448697ad3e241685c4e133eff53bdd0fe44dd8a033cfb1e1ea37a493934eb5303ae6ef47ce6478f767ef9e3301ab":"f26a20bea561004267a0bfbf01674e":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"be5351efc0277afc9759ec2464a22cb4401f7a17efd1a205e7af023c7ed30ee1":"c6b26117d9dbd80c1c242ad41abe2acc":"":"1eca91406f338fc09c2988b1d7dc8c409d719300c03840a497d7b680cdd5e09b144903477f7116a934e1d931cf368af1fc2a0a0e7caa95475a3cd7bf585a16fda31eb3f8201db0216b37a1635c1c030836b3dd05ca5b0194388fa198e717822131d5d4318690ef82d35ac80b27fff19aec8f020dc6c6ce28f0813bbbf8230ad9":"61051d6c0801b4a6b6ca0124c019f3":"":"95447aded336d6c20d483a6f062d533efed0261ad321d37bf8b7321b98f55c0f0082ce7f3d341b18fea29a72fc909d30cd8c84a1640227227287674a9b2f16a81b191ecf3b6232d656c32d7b38bea82a1b27d5897694a2be56d7e39aa1e725f326b91bad20455f58a94a545170cb43d13d4b91e1cee82abb6a6e0d95d4de0567":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"814c2cdfdeecf39d43bb141fbfc62dac44f7552c5e5dac2d4913303fc860119b":"0db3ade15cb0dea98a47d1377e034d63":"":"0d3013a1d7132f685d001420daa6c7b643bc36b887511acc4588237d3b412c79e4ebba29c08248ad46c7239e8daa232b7483c9c4e3d1c0bbebc696401efe21f7fd6fc0525a4ab81bd9a893d5f7ab23b70ed07c00f33649b8a996a006de6c94f7793f72848793f4d5b31311c68aae1e715b37409fbe506dac038a0950f05fe82b":"e62f910b6046ba4e934d3cfc6e024c":"":"374d03cfe4dacf668df5e703902cc784f011f418b43887702972dcc3f021bcb9bdd61ed5425f2975b6da7052c4859501eb2f295eb95d10ba6b2d74e7decc1acacebf8568e93a70a7f40be41ac38db6f751518c2f44a69c01c44745c51ad9a333eda9c89d001aa644f1e4063a8eb2a3592e21c6abc515b5aacaec8c32bcf1d3c4":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1ae4541110f2bc4f83cd720b5c40c8315413d896e034b75007f172baa13d29ec":"83f98eec51ee4cae4cb7fe28b64d1355":"":"5ea811e7fbfc0e00bf2a6abfac50cad9efd90041c5f7fb8f046a0fecbd193b70a2de8a774d01dd3cd54f848cb3e9f5152ee1b052ba698bebfba1fbbdae44a260447d6e6482640ae4d01c9cac3d37d4ffe9a0de0b6001de504a33ef7620efe3ce48ecd6f5b1b3a89185c86d4d662a843ff730e040e3668d6170be4cced8a18a1c":"df47eef69ba2faab887aa8f48e4b":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"20c9b662ec4bd13bf58d64cb0a7159b0e7fee4703af66292bf75c8bd6e42e8dc":"2bc0847d46f3d1064bbf8fe8567f54a2":"":"45b64f2ed5ac707890c0c1726adf338770ce6a728fe86bb372c4c49409a32705f881bc4d31a27c455c7c7df9dd2c541743523e7d32f88930d988857847f011be5f5f31a31e8812745147cbff5c1294d0fd4a7285db4833f22bf1975250da99c4d0dd2c9688d7f8001bb6ef2bc898ce4d42c5b78e74645b56ce992338f49d4183":"5a1bf25aa8d5c3fe5cf1be8e54a1":"":"9079d6275db076625e8474c2914fe483d413d5339202f98f06c3b0ef063d8f3d31029deaf7f9349bfec57e5cf11f46f02d5a6520c7992efc951adbbea6d08e53faeb10dfe8b67ee4685da9ea4fe932551a65821147d06d4c462338e6ddda52017c2bc187fd6d02b7d5193f77da809d4e59a9061efad2f9cadbc4cd9b29728d32":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0a1554db37f2e275732a77e521cbd8170729d8677a85db73feacf3c66a89d689":"b9194a4d42b139f04c29178467955f1d":"":"5421d93b7e6e0091978c673df4f3a406aef5f13eb5e6f95da19b0783308cbe26d4fd6c669cc4a9f069d7e62e4c6fad14b80e918fe91556a9a941a28b3dbf776a68ac7c42df7059b5ed713e78120aec84e7b68e96226c2b5e11a994864ed61b122e7e42ef6cfdae278fadbae1b3ea3362f4e6dc68eef6a70477b8a3ffcfba0df9":"05949d591793ca52e679bfdf64f3":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3ab1d9bb571c4bdc9f3ef340914bddcfe0c8e7718d4a2530334372cec86e5fcb":"6a5335901284dd3b64dc4a7f810bab96":"":"80bcea307e009745724d5f15d21f3b61a5d5a8401530346b34a2adfa13e3e8c9c9327d6fad914b081e554fbe6c1c6fe070b566620e559555c702c0ab5becf61ea1d9de64351ce43b2276ef4e20b5af7ce43db6d21286af4e740ef00c6d790705afcf0ee4850fffc12c662f2bd8212feb21db31065ab8f717a7509c213352b869":"04b8e5423aee8c06539f435edd":"":"36b9602eee20b8f18dce0783cd1e01a799f81ae0a1ce6d293a26c62f47e7dad85c8446697cc09c81d3d9ead6f9e55c4147211660c8aea9536cc5516e9883c7d6854be580af8cd47ba38fa8451f0dad9c904e0e7f9997eff7e29bf880cd7cedd79493a0e299efe644046e4a46bf6645dfb2397b3a482a346b215deb778c9b7636":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7dddbd5657e22750bfe6baa70a1f4ac46c1ef8bee573a57cfcef50b66f85e593":"fcb962c39e4850efc8ffd43d9cd960a6":"":"2bf5aba83a8161b9d21ff29251fb0efa697b1ea9c1b3de8481d5fd4d6b57afda0b098decdc8278cc855f25da4116ed558fc4e665a49a8fff3aef11115757a99c10b5a73b1f794f9502186c13dc79442f9226bbf4df19a6440281f76184933aeae438a25f85dbd0781e020a9f7e29fb8e517f597719e639cbd6061ea3b4b67fb0":"1d8cdadcf1872fb2b697e82ef6":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6916b93b2712421f1f4582de7ec4237c4e42e2b32c7dced2f8bb5bd2e0598312":"b4d9248bb500e40de99ca2a13e743f1c":"":"3739cca20279a36ddb857ac22beae901a49529b3182463ab81a7c46e437eb0b0571e8c16f7b626ecd9f2ca0cd83debe3f83e5d58ed3738899f4b616755eb57fb965208f261736bdf7648b1f8595c6b6a779768115e3077dfee7a42d44b555a51675fb1ce9961d0e21b2b9b477c0541184350e70decf7c14a4c24b8a6cd5fed8e":"090d03446d65adcc0a42387e8e":"":"0255be7ac7ac6feb3a21f572f6a593cc8a97f17af7064c80e478f4a6c469cf94d604bc014b003bf284d216161a9c8a493af43c6a0d8caf813a9e6f83c7ed56dd57543876b11f76aa2be80dcd79d19ac61f00fa423ac2f52fae7a8327cd91494ca4116feb735980ad0a4b1445cb7f38cc712b8aee72179e65b97fca38694e3670":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b751c8b724165009a8bd97a9d2a0e22cae5a95c4743c55eeeef0a6fe7d946bec":"160c50c0621c03fd1572df6ba49f0d1e":"":"e8546a5af1e38114822e60e75563a9399c88796f303c99c69d1f3c50379da81e1cd5b5a4a721e23c59da58ea4361b7ff58408e506a27fea24f9a235c6af7f7a5bd93fa31e90edfc322821c08d6324134830b7fe160b4a3e6d27866a10e6e60762a31618ef92f5c67ccb1deb1f1b188f0e687165e7c366c7418920df4f4fcdcae":"9fef9becf21901496772996f":"":"175fa6b7cd781ec057ff78ba410f2897a920739b5fc4f04bc9b998fbc7cc18e327ad44d59b167e4627256aaecd97dc3e4a7c9baaf51d177787a7f4a0a2d207a855753c4754d41348982d9418b6b24b590632d5115dc186b0ba3bec16b41fa47c0077c5d091ec705e554475024814c5167121dd224c544686398df3f33c210e82":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0faf32c22c2a4ee38fe4b5ce08f98fdf6f83b5038dcba5ec8332b3eeb5c710c7":"04885a5846f5f75a760193de7f07853c":"":"8a556cc30075753c6e94c2f669bca2058ff6abcbffffc82da7cfca0a45af82dfb4cf487ceb4ede72be87ee4c8b72db1e96459de1dc96721464c544c001d785f2188b9fccaec4b1a37970d38b326f30163d2fdfdf8a2ce74aec55abcd823772b54f8081d086a2e7b17b4086d6c4a5ea67828ef0b593ea1387b2c61f5dfe8f2bb0":"0c13506ed9f082dd08434342":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0dddc3d2f82bdcdbc37648a6b9b416af28753740f8e998cd1a52a0b665369f1c":"0a93b883cbd42998ae2e39aab342cb28":"":"07bf84b15b21951fd22049be6991a672503ae243b8d285fb1e515e1d2c36bfd5b0d0bcce85791f2cea8f616aed68a7d9cf4eaf76418e8b1ec27751de67cbfd9d9f7905b2667904f10d598503f04c04ea00a681ff89a9c446d5763898430bd7a9dfebfe544e3ed3e639b362683a651e087626ffa63c0c2b3e0dd088b81b07f75e":"5c37918edb7aa65b246fd5a6":"":"ff7b7b2f88b8c6f9f9bad7152874e995eea0ff1ce1ecd9b8d563642a37a31499f14d70f0dd835b7adf80928497f845fd8c2786cd53af25f8c9fe1bba24e3c3860162635bbed58f06cf6c9966bb9b570987a48329279bb84afb9e464bb4ad19ae6600175086e28929569027c5285d2ed97615e5a7dada40ba03c440861f524475":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a0b1a62e46e7712277fc711e19d0c0c865ee77b42ac964b7202dbcaf428086c2":"e20957a49a27e247d00379850f934d6c":"":"7dd7c0787fdbea4aacf929341659dcf4b75cbca8f92001e8b62a4d7b40272c5755fa9c445857db05328dc11ce5221f044f4b3dafbf0e2d72a1ad0d3e4c804148db578218690ccc620d8b97b4450ff83400a6caaa959617611446a6627138a4067be9ea410d4b0581022ab621928205b4a4480560fc4c2c3b39a2805684006f35":"c99751516620bf89":"":"9307620479f076c39f53965c87d20c2aff11c736c040dba74cd690d275591a5defc57a02f6806de82eb7051548589484364f6c9b91f233a87258ede1ee276cb2c93b4fc76f4d7e60cbd29ba2c54cb479c178fa462c1c2fb6eeb3f1df0edfb894c9222b994c4931dedf7c6e8ddecbde385ddf4481807f52322a47bf5ff7272991":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ffcc1c88fba1723b3ab57b458d9bffb98b878c967fb43b9db2ae0753d32a3bb1":"d533c2170c5dc203512c81c34eff4077":"":"19b6dec86d93c466307de3a36c0791ed1010b1b9cf8d30347ae46e0f9283c9fda43da8cb491dd17cc4298b1f0b876d6a0f4bcbc9667fe34564bc08f8f7b67045057d19f4bf027bc839e590822fa09a5cef1af18e64a0116aa2a01a3f246c2b5272c18c9aa23efe674ba53d533ae8f0695cb78c1155cdc7a9d7fae2c4567dc07c":"167ec8675e7f9e12":"":"0539287ac546fe5342e4c3c0ec07127dcd22899abfe8cdd6e89d08f1374d76e877bec4844d06e0a9f32d181c8d945ba16a54ce3725fae21d8245c070a4da0c646203d6b91325b665ab98c30295851c59265b4ab567b968b6e98536b7850738d92e9627b4c9c6f5d9ae2520944783d8f788a1aa11f3f5245660d41f388e26e0a1":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"55e94b339c3bafe068ef9cc30787cc6705850114976843777c92b4b331801650":"2e2b31214d61276a54daf2ccb98baa36":"":"147cc7bc4008dadf1956520b5998d961499bdf3d8b168591adbfd99411ad7b34eb4b2a5c1bb0522b810fec12dd7c775784d7ecdc741e6dec8191361e6abf473b219221801951b4d5ffe955ab50eef9cffdfee65ba29ddfa943fb52d722825338c307870a48a35f51db340aa946c71904d03174b1e4a498238b9d631a6982c68d":"5266e9c67c252164":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"13c9572bdef62510d84f2d415cc481cd1e71b9c1132b43e63b21ba4e16de9b39":"a8339ba505a14786ad05edfe8cebb8d0":"":"7c78e634dec811173ff3c4a9a48ae3ae794fbd2aefd4b31701777ff6fcb670744c592a1d298d319717870dca364b2a3562a4ffa422bf7173c4f7ea9b0edf675e948f8370ffd0fd0d5703a9d33e8f9f375b8b641a1b1eecd1692ad1d461a68d97f91f9087f213aff23db1246ee16f403969c238f99eed894658277da23ced11ee":"df3cab08":"":"91f9780daefd2c1010c458054ac6e35baa885cdd2c95e28e13f84451064e31e0739f27bf259cb376ab951e1c7048e1252f0849ccb5453fc97b319666ebbfbc7ef3055212a61582d1b69158f3b1629950a41bc756bded20498492ebc49a1535d1bd915e59c49b87ffebea2f4ad4516ecdd63fa5afda9cce9dc730d6ab2757384a":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"30a14ca53913acbb215b4e4159083106db3fff83cbedd1e5425f65af1e94f5dd":"4f23f04904de76d6decd4bd380ff56b1":"":"8c5f73ee1544553b712ad7a14f31379c8d54a4e432fb6c5112436988d83c4e94954b0249b470538fb977b756fbee70b811d4dc047a869e207bb0b495f1e271d0034e912000e97594033e0dedde0591b297f8a84bafcc93a46268a5bba117b558f1c73513e971c80a7083e1718fc12d0cc0d996a8e09603d564f0b8e81eea28bc":"18e92b96":"":"bb4b3f8061edd6fa418dd71fe22eb0528547050b3bfbaa1c74e82148470d557499ce856de3e988384c0a73671bf370e560d8fda96dabe4728b5f72a6f9efd5023b07a96a631cafdf2c878b2567104c466f82b89f429915cf3331845febcff008558f836b4c12d53e94d363eae43a50fc6cb36f4ca183be92ca5f299704e2c8cf":0
+
+AES-GCM NIST Validation (AES-256,128,1024,0,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e69f419140289ac25fb0e2ef9cc4f7e06777ac20f7d631918d1af0c8883b7d6a":"531248afdaaf1b86cf34d2394900afd9":"":"ff8dfa4e70490ea9c84cb894dc5d7e1b935ebcdea80a39c4161d4db42cbb269cc86abd381af15ec9a4a42ed18c1eed540decec19722df46f22aa06883297cb393fb23e4bb31a817e88357aa923c7ecbcf24c28a09f622dd21fa70c0a02193024fdcefeaa96cc1b50f81a65dfa9e1bb5126f0c9766a861eed096ec15fb07b0f81":"c6885cdd":"":"f75299e0ead3834fc7ebd4b2051541b598ad57cc908fdcd4324cf4ccf7dcf7b3f0737ad6c026399a8b1b6d3d50011b3c48ea2c89833b4b44c437677f230b75d36848781d4af14546894eecd873a2b1c3d2fcdd676b10bd55112038c0fdaa7b5598fe4db273a1b6744cba47189b7e2a973651bfc2aaa9e9abea4494047b957a80":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,128) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"404a5d1ac9e32f9caabffbfa485ce9c27edc9e5cde0f2aab4f32ce3121449b88":"b6e6c078e6869df156faa9ac32f057c3":"6ebc75fc9304f2b139abc7d3f68b253228009c503a08b7be77852da9e1afbe72c9ab374740b0dc391fa4d7e17de6a0aa08c69e6f5c5f05411e71e70c69dfbcf693df84c30f7a8e6c7949ea1e734297c0ea3df9b7e905faa6bbdcaf1ff2625a39363308331d74892cf531cb3f6d7db31bbe9a039fca87100367747024f68c5b77":"b63ec4d28854b7fe2d4d13973f5bcb16f78494ce25cc2820de9d0dc1d8d91db1f19bc9e01cee8418c9e88a69b2f30cdbb0dbdbb50be71e1e666c111c126f2b7197c02f69a1b2ec5e1bf4062b2d0b22fb0fa1585b4e6286b29f6ac98d1b1319dd99851fa6921607077d2947140fdeeea145b56ea7b6af276c9f65393bc43ede33":"94c1b9b70f9c48e7efd40ecab320c2d3":"":"56a0ac94f3ec7be2608154f779c434ee96db5ed4f5a6e1acfb32361ce04e16e1337be5978df06d7c4f6012385fb9d45bb397dc00f165883714b4a5b2f72f69c018ffa6d4420ad1b772e94575f035ad203be3d34b5b789a99389f295b43f004de3daaef7fa918712d3a23ca44329595e08da190e3678bc6ad9b500b9f885abe23":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,128) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b56f0c980acf7875cf7f27d53ad4a276adc126d0b93a5774ac4277eecad4309e":"b004c049decfb43d6f3ec13c56f839ef":"b2045b97fbb52a5fc6ff03d74e59dd696f3f442c0b555add8e6d111f835df420f45e970c4b32a84f0c45ba3710b5cd574001862b073efa5c9c4bd50127b2ce72d2c736c5e2723956da5a0acb82041a609386d07b50551c1d1fa4678886bac54b0bd080cc5ef607dca2a0d6a1e71f0e3833678bf8560bc059dae370ec94d43af6":"2c94299e36b7c4a825ecbc5a7809061e0a6761764a5a655ffdb0c20e5c3fcb10f4e93c68aa0a38c2acc5d06f2b7c4ff4fcf814b551bfefa248dbe06a09a0f153213538a31fa7cf7d646b5b53908d8978f514c9c4d6d66f2b3738024b5f9c3fd86b6da0c818203183f4205f186ea44a54edb911b1a17c424c95852c8d271b2e93":"fce7234f7f76b5d502fd2b96fc9b1ce7":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,128) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1c5027c36e6caa1b3e5e45fead32b5e3126ac41f106c491b0b3a7c16502f4fe6":"3ee660f03858669e557e3effdd7df6bd":"93e803c79de6ad652def62cf3cd34f9addc9dd1774967a0f69e1d28361eb2cacc177c63c07657389ce23bbe65d73e0460946d31be495424655c7724eac044cafafe1540fcbd4218921367054e43e3d21e0fa6a0da9f8b20c5cdbd019c944a2d2ee6aa6760ee1131e58fec9da30790f5a873e792098a82ddf18c3813611d9242a":"58f0ceaa31c0025d2e6bb58720cce4b64f5f6c657c847ae42936eb1e343fea397c8a8cf2f5ef02ffaec25f431900dcb0910cf32cea9eca3b78aed1c451c7af51066489f87b2a5f8cf28d6fdb6ce49d898b6167b590a3907be7618be11fb0922a3cfd18e73efef19e5cdc250fa33f61e3940c6482ae35f339e8c0a85a17379a4e":"ac33f5ffca9df4efc09271ff7a4f58e2":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,120) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"34c3019810d72b5e584f0758f2f5888a42729a33610aafa9824badade4136bbd":"f315ea36c17fc57dab3a2737d687cd4f":"f33c5a3a9e546ad5b35e4febf2ae557ca767b55d93bb3c1cf62d862d112dbd26f8fe2a3f54d347c1bc30029e55118bab2662b99b984b8b8e2d76831f94e48587de2709e32f16c26695f07e654b703eba6428f30070e23ed40b61d04dd1430e33c629117d945d9c0e4d36c79a8b8ab555d85083a898e7e7fbeb64a45cc3511d99":"22deef66cbb7db240c399b6c83407f090d6999ba25e560b2087fed0467904bb5c40cbaa05b8bf0ff5a77c53fa229478d8e0736414daf9c420417c391c9a523fd85954533f1304d81359bdcc2c4ac90d9f5f8a67a517d7f05ba0409b718159baf11cd9154e815d5745179beb59954a45a8676a375d5af7fae4d0da05c4ea91a13":"0bae9403888efb4d8ec97df604cd5d":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,120) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"29397d98fc5a7f04b5c8b6aa3a1dd975b6e4678457ae7f0691eee40b5397503a":"885543a45fd1163e34ef9276145b0f8c":"d88beaa0664bcef178cbdbfab17ff526b5c0f8ad9543c6a312d93c336707fbf87c0448b07a550580953279f552f368225cc6971f1eecc718d6aad1729c8d8873081357752bd09d77075fa680cb2dc4139171e4a0aaa50b28c262c14fd10b8d799ca1c6641bb7dfdfdf3dea69aa2b9e4e4726dc18b0784afa4228e5ccb1eb2422":"0bbf1079cb5569c32257bc7e52371db46f3961b457402b816588243b4523543430d5ca56b52de6632724c51e6c3af310b28822c749a12bdd58dee58bbc3266631562a998ec3acdc8a2567a9f07f7f9759c3f50b1d1dcdd529256b80c0d227fc1fe8b58c62d1c643f1ac2996809fd061afcf4a9af184c14db9e63ec885c49de61":"7b334d7af54b916821f6136e977a1f":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,120) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7555dfcf354da07fd70f951d94ec1d86a635edfdb7929460207b2a39cc0cf4a3":"e1b30b6a47e8c21228e41a21b1a004f0":"bf986d3842378440f8924bb7f117d1a86888a666915a93ba65d486d14c580501e736d3418cebee572439318b21b6e4e504a7b075b8c2300c014e87e04fa842b6a2a3ebd9e6134b9ddd78e0a696223b1dc775f3288a6a9569c64b4d8fc5e04f2047c70115f692d2c2cefe7488de42ff862d7c0f542e58d69f0f8c9bf67ef48aea":"a1351cfffd1b0cbf80c3318cc432d3238cb647e996b7b53c527783594683f535950cd08788687c77226b2d3f095955884adc2e475ca1e1eab04e37d5e901ae8934a9d3a0cb37b80612ca25d989856dfa7607b03039b64d7dcd468204f03e0f2c55cb41c5367c56ca6c561425992b40e2d4f380b3d8419f681e88ebe2d4bdad36":"d8ef5438b7cf5dc11209a635ce1095":"":"95e8db7c8ecab8a60ceb49726153a7c5553cf571bc40515944d833485e19bf33cb954e2555943778040165a6cfffecef79eb7d82fef5a2f136f004bb5e7c35ae827fac3da292a185b5b8fc262012c05caeda5453ede3303cfeb0c890db1facadaa2895bdbb33265ada0bb46030607b6cf94f86961178e2e2deeb53c63900f1ec":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,112) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"bbeafe86c72ab0354b733b69b09e4d3462feb1658fe404004d81503f3a6e132f":"ee1caba93cb549054ca29715a536393e":"e44b0e0d275ae7c38a7dc2f768e899c1c11a4c4cb5b5bd25cd2132e3ecbaa5a63654312603e1c5b393c0ce6253c55986ee45bb1daac78a26749d88928f9b9908690fc148a656b78e3595319432763efbcf6957c9b2150ccabfd4833d0dcee01758c5efb47321a948b379a2ec0abcd6b6cbf41a8883f0f5d5bf7b240cb35f0777":"a033c2051e425d01d97d563572e42c5113860e5dedcd24c76e3e357559ba3250f1fc5d4a931a9d0900ac025400f0158621f0b1215b2907467bfc874bcabbb28e28de81fe1ee5b79985261c512afec2327c8c5957df90c9eb77950de4a4860b57a9e6e145ea15eb52da63f217f94a5c8e5fcb5d361b86e0e67637a450cdbcb06f":"a4809e072f93deb7b77c52427095":"":"e62adf9bbd92dd03cc5250251691f724c6ece1cb89d8c4daf31cc732a5420f6bedab71aab0238ba23bd7165ed1f692561ef457fd1d47413949405b6fc8e17922b17026d89d5830b383546ea516a56f3a1c45ec1251583ae880fa8985bd3dcc1d6a57b746971937bf370e76482238cc08c2c3b13258151e0a6475cc017f8a3d0e":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,112) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6ad06c88dd4f3becf35eed95bb859be2406a1803a66e4332a74c5f75c09b9a01":"07d8b4a6e77aef9018828b61e0fdf2a4":"cca1fd0278045dda80b847f0975b6cbf31e1910d2c99b4eb78c360d89133a1c52e66c5c3801824afc1f079d2b2b1c827199e83f680e59b9a7de9b15fa7b6848b5bf4e16a12ac1af4cf2b4d7bb45673c5e1241e9996440860a9204fc27cae46a991607bc5e7120d6c115ddcbdd02c022b262602139081e61eee4aba7193f13992":"2219c11672884b93d0290b6a7140feafe416461f1cdaf0b3aa64693d7db2eb10feae46aac7af549fa1b0abc78c11f8df7ee803ef70310fc3e67769f8b4bc64f81143a6ebf8bee9d386a8ede5d2cc0ed17985a3b7bb95191ef55e684690ccdc5ca504bc6eb28442b353861a034a43532c025f666e80be967a6b05b9dd3a91ff58":"e3ede170386e76321a575c095966":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,112) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"87bbf7c15689e8c99a5a32a8ba0dfebcfe1989159807428cdd1f382c3ea95178":"2f19aa1f3a82a7398706953f01739da7":"590dbd230854aa2b5ac19fc3dc9453e5bb9637e47d97b92486a599bdafdfb27c3852e3d06a91429bb820eb12a5318ed8861ffe87d659c462ef167be22604facfa3afb601b2167989b9e3b2e5b59e7d07fda27ffccd450869d528410b0aff468f70cc10ef6723a74af6eebc1572c123a9b5a9aab748a31fa764716d3293ff5de7":"b77d3bf3b30b3e6e5c86cbfb7e5455f6480f423cc76834b4663d28d9f1eb5c40212634e3347668427f7848352ab789886f96682a568260bdaeb7de0aae2af36f5ae04f06c332b158d923706c1c6255c673feeadb6d30bfc901e60b92acd9ddd83ef98686c4d492f4a60e97af2541d470a6a6b21903441020ea7619cf28a06986":"5c43fc4dc959fabeebb188dbf3a5":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,104) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"24095a66b6eb0320ca75e2ab78e8496a45f4b000fc43436904c3e386fb852ed2":"0955c1f0e271edca279e016074886f60":"f5160c75c449e6bb971e73b7d04ab9b9a85879f6eb2d67354af94a4f0ca339c0a03a5b9ede87a4ff6823b698113a38ae5327e6878c3ccc0e36d74fe07aa51c027c3b334812862bc660178f5d0f3e764c0b828a5e3f2e7d7a1185b7e79828304a7ad3ddcd724305484177e66f4f81e66afdc5bbee0ec174bff5eb3719482bd2d8":"4690edc843e23d9d9b9a4dab8fa8193f8bf03897d3d29759e9dc9e0f8a970c0f5d4399b9f60461fe5cf439f9b0d54bbc075695e4d76b76298cc2b75bb3e0b516ee9ada93f77c4c002ba9fd163a1e4b377befb76c1e5ab8b3901f214c0a4c48bd2aa2f33560d46e2721a060d4671dc97633ff9bcd703bb0fbed9a4a2c259b53f3":"75a31347598f09fceeea6736fe":"":"0dd2dca260325967267667ff3ccdc6d6b35648821a42090abba46282869bac4bdc20a8bee024bea18a07396c38dbb45d9481fedcc423a3928cfa78a2f0ae8eedb062add810bdbee77ddc26c29e4f9fda1ab336d04ef42947b05fbdb9bc4df79e37af951d19d6bf5e5cb34eef898f23642a9c4a9111ed0b7a08abeeefbbd45c23":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,104) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"086b77b5731f971f0bf5b8227361b216746daf8b08c583ad38f114a64aa7877b":"164058e5e425f9da40d22c9098a16204":"6633eae08a1df85f2d36e162f2d7ddd92b0c56b7477f3c6cdb9919d0e4b1e54ea7635c202dcf52d1c688afbbb15552adda32b4cd30aa462b367f02ded02e0d64eeee2a6b95462b191784143c25607fd08a23a2fbc75cf6bee294daf2042587fdd8fe3d22c3a242c624cf0a51a7c14db4f0f766ec437de4c83b64f23706a24437":"629317212ff8bd8a7676e4c00b81a9577de6397c832f99ac974fa2bbbccb6e3b8aa776db6922eed0b014bf3923799da7d9d0854c8817470e1e2f7fc7a572f9d0316ee60cde7ef025d59b897d29a6fee721aeb2f7bb44f9afb471e8a7b0b43a39b5497a3b4d6beb4b511f0cefa12ce5e6d843609d3e06999acfbee50a22ca1eee":"2eb6eb6d516ed4cf1778b4e378":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,104) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0f9e806b0d937268561c0eafbbdd14ec715b7e9cef4118d6eb28abbb91266745":"8657996634e74d4689f292645f103a2e":"2ca253355e893e58cb1a900fbb62d61595de5c4186dc8a9129da3657a92b4a631bbdc3d5f86395385a9aa8557b67f886e3bb807620e558c93aea8e65826eadeb21544418ee40f5420c2d2b8270491be6fc2dcbfd12847fa350910dd615e9a1881bc2ced3b0ac3bde445b735e43c0c84f9d120ca5edd655779fc13c6f88b484f7":"2ae4baef22ace26f464a9b0c75802303f2d7c0f9a1ed1d0180135189765bdd347fea0cc2b73ee7fbbf95ea1fda22597b8aad826f63e744069a9c349488b2cc1cf9372f423cc650302082125724730ae5a4d878e07385ddc99034c6b6b46748f02c80b179fe6406b1d33581950cb9bcd1d1ea1ec7b5becfd6c1f5b279412c433a":"83155ebb1a42112dd1c474f37b":"":"87d69fc3cbc757b2b57b180c6ba34db4e20dde19976bfb3d274d32e7cea13f0c7d9e840d59ce857718c985763b7639e448516ddbbda559457cd8cb364fa99addd5ba44ef45c11060d9be82b4ebe1f0711ac95433074649b6c08eeab539fdfc99c77498b420427e4d70e316111845793de1f67fb0d04e3389a8862f46f4582dc8":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,96) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c24c17911f6db4b3e37c46bcc6fa35efc1a55f7754f0bb99f2eea93398116447":"5098cc52a69ee044197e2c000c2d4ab8":"9ad4dee311d854925fc7f10eca4f5dd4e6990cb2d4325da2ef25a9a23690f5c5590be285d33aaeba76506c59edec64b8c3ff8e62716d1c385fbce2a42bc7bd5d8e8584de1944543ab6f340c20911f8b7b3be1a1db18a4bb94119333339de95815cae09365b016edc184e11f3c5b851f1fa92b1b63cfa3872a127109c1294b677":"0bd92cb106867e25ad427ff6e5f384d2d0f432fc389852187fcc7b0bf9f6d11a102a872b99ed1ad9a05dab0f79fa634745535efed804ff42b0af8dad20ba44709391fb263f245e5a2c52d9ce904179633282f57a1229b0a9c4557a5c0aeda29bbc5a7a871fa8b62d58100c3722c21e51e3b3e913185235526e7a5a91c559717d":"f7930e3fab74a91cb6543e72":"":"6124ede608d416baa5e653a898ca76e9f47f08403c1984feec112e670ded2226e0073f8881ab2161cfda541dccae19691285f7391a729f07aba18f340bb452c1da39cbe83cf476cfc105b64187e0d2227dd283dcba8b6a350f9956b18861fa131d3f00c034443e8f60e0fdfcfaabbed93381ae374a8bf66523d33646183e1379":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,96) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d267a8379260036ff3d1ec07a7b086ff75706bad12d37d9656f04776f3d8b85c":"674dc34e8c74c51fa42aacd625a1bd5b":"6a9a8af732ae96d0b5a9730ad792e296150d59770a20a3fdbbc2a3a035a88ac445d64f37d684e22003c214b771c1995719da72f3ed24a96618284dd414f0cac364640b23c680dc80492a435c8ec10add53b0d9e3374f1cf5bfc663e3528fa2f6209846421ea6f481b7ecf57714f7bc2527edc4e0466b13e750dd4d4c0cc0cdfc":"80c68a330ef50e3e516681f1e535868b03466e7edbb86cb385d01db487da3dd3edad940fdc98d918b7db9b59f8d61369eee2928c88557306c4a13e366af0708d94cb90a15f1c3bc45544bdb05ff964da5e06c5ae965f20adb504620aed7bce2e82f4e408d00219c15ef85fae1ff13fea53deb78afa5f2a50edbd622446e4a894":"bea660e963b08fc657741bc8":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,96) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c86cb637753010f639fa3aa3bff7c28b74f012ad6090f2a31b0801d086f183ad":"87ff6e0bb313502fedf3d2696bff99b5":"2816f1132724f42e40deabab25e325b282f8c615a79e0c98c00d488ee56237537240234966565e46bfb0c50f2b10366d1589620e6e78bd90ade24d38a272f3fff53c09466aa2d3ef793d7f814a064b713821850a6e6a058f5139a1088347a9fa0f54e38abd51ddfc7ef040bf41d188f3f86c973551ced019812c1fc668649621":"6b7858557e0fd0f957842fb30e8d54dedbc127eb4bbf9de319f731fa28a606df2c046a0bce8ecda4e75d3596e4e988efd6bc279aa005bc52fad92ba07f5b1dfda4cc417029f9778c88d6fe5341a0fd48893dcb7c68d0df310a060f2a5235aee422d380f7209bc0909b2aa7e876044056f0b915dab0bc13cbea5a3b86d40ca802":"7859f047f32b51833333accf":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,64) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2c31ca0cac3efe467168198f06beacf39565a6f57f82e1048a5c06a231315882":"95cae6e85f33f3043182460589be3639":"67523751a9b1b643d00de4511b55e4268cb2d18e79e01a55fc7b677d529bd6400940fb25ea6ae135c1a816e61b69e90b966981aeda685934b107066e1467db78973492ad791e20aef430db3a047447141def8be6e6a9a15089607c3af9368cdb11b7b5fbf90691505d0c33664766945d387904e7089b915a3c28886ba1763bb5":"65261d6e29b2369b1828a7cef2df9873d6e6057c499301afedd6cb65b5036ddb95f9e353fbf38e54c4f46f88164325b33620ce183beb2e411fbb89a0e0002e542fc161cad32a61ee6f1e1717e0b4dcd0340b116f795bc1009dbbc65bc31c9b549bf03c40bc204cd0d02ec884be907777ebeed8b527ec3af7cbb508193c0745de":"21309d0351cac45e":"":"1d5f2cb921f54aeb552b4304142facd49497837deb1f00d26fbeddbab922fd80b00dba782961f8fce84f1f7973e81eed6ee168b1760c575c891f40a1dae0fa1a08738025d13ef6e0b30be4f054d874f1b8a2427a19ebb071d98365c32316a88a68c2b40daf1ea831a64519ac3679acb4e04986ecc614ec673c498c6fee459e40":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,64) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ca9fa36ca2159dff9723f6cfdb13280446eb6bc3688043c7e2e2504184791596":"d13ca73365e57114fc698ee60ba0ad84":"2aa510b7f1620bfce90080e0e25f5468dbc5314b50914e793b5278369c51ac017eace9fd15127fca5a726ad9e67bdee5af298988d9a57ec4bbc43d4eb849535eb10521ac7cd7ed647479a42876af2ebc9e2108b539febdaa9127c49bda1bda800f6034050b8576e944311dfbca59d64d259571b6d2ed5b2fc07127239b03f4b7":"ac04c4293554cd832aa400c811cb202d815d6178aa1343b4628592b7f3ae45dc5f12ea47be4b43e1865f40b06ab67b3a9fb3644248a9b3efe131a8addb7447978bb51ccf749e75574fea60e8781677200af023b2f8c415f4e6d8c575a9e374916d9ec3a612b16e37beb589444b588e0b770d9f8e818ad83f83aa4ecf386d17a7":"2111d55d96a4d84d":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,64) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2f802e838250064c15fdee28d7bd4872850355870847701ad9742b2d6eb4b0c0":"2dd550cfd97f8e1d8d31ba5537ae4710":"72b9630dda40306e785b961934c56e20948f8eac0e981f49787eb3dbd6e4607f7d08d10ca643746bf1efa7e5066993683d527a90f2d45ec9cf73113f1f17bb67958be669acd4e2927f1dacfde902cd3048056d7f6dfdd8630ff054efce4526db7c9321d6d2be2236f4d60e27b89d8ec94f65a06dc0953c8c4533a51b6a29bd2c":"e2ca8c8d172ff90232879f510d1225af91bc323bdf636363c2903fcd1790692c8bcb03a1cccb18814678852c6b3a441552e541b843ee5e4f86a152fa73d05aea659fe08aa6428bb257eaa2a7b579fdc4022c1dec359a854253c1aefc983c5ede8c97517ea69fc4606e25f13ffb0f5f49160691454fbb74e704326738353525f7":"bd6c8823c9005c85":"":"f6dd0b5f3d1a393a1837112962dba175a13c2d1e525ef95734caf34949d8b2d63b4fe5603226b5f632f2d7f927361ba639dc0e3c63414f45462342695916d5792133b4a24c7c4cbe2b97c712bf27ab62d3d68b3875d58ffe4b7c30a8171bff1a9e2f3995768faacda2ea9213ff35798b9e4513f6a87bd3f5a9d93e847e768359":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,32) #0
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"84dd53ce0146cb71c32776033bb243098d78a22ac17f52a62a122f5653fb4e33":"f0c90a1bca52f30fab3670df0d3beab0":"a3ea8032f36a5ca3d7a1088fd08ac50ae6bdc06ad3a534b773ac3e3d4a3d524499e56274a0062c58c3b0685cc850f4725e5c221af8f51c6df2bbd5fbcff4a93ba4c1054f7f9c67fd9285511a08d328d76a642f067227d378f95a1e67587b90251f9103ed3cacdb6bf69e0794e366d8b92d8de37b4e028de0778841f356ac044d":"68222bffa782dcfe4f328fc20eb520e75a9a5fedbe13ec7fcf0e82fba08bb87a8a8e02902638e32fe0e2294344b380797f8028426ffcc0531c739c884892394c48ff0779c5f5edf0a36a3fb8aa91213347774ec4bf0fe1049bd53746b13beef3c637169826c367056cb1aa0a3868e23f886a9c7b8015c26af9e40794662f6b21":"b1ece9fb":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,32) #1
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"9bb36fe25e966a075ae2c3bb43b5877679ebc379d5123c8eda3fa0e30b95cae0":"59869df4ef5754b406478a2fb608ee99":"ecd125682e8a8e26757c888b0c8b95dec5e7ed7ac991768f93e8af5bcf6f21ed4d4d38699ee7984ed13635fff72f938150157c9a27fcda121ffced7b492d2b18dad299cb6495ed5f68441aefc8219d2cf717d15d5cd2dbce4606fcf90fe45f3601127cf6acee210bd7df97309f773974a35bef1d33df984101c2fc9d4b55259e":"fb3a4be643c10343251c6f0745aaa54349463f622ca04a792e9b4780866844b30aeef3269fc60cac0ea031c5f3780b535e15154f7c76eb4a371b8ae368550f3fa2ce693c34511ec96b839cac567f1b0de0e7e3116d729b45d1b16e453703a43db73f5d0c3e430f16b142420b5f0d26d72ac3dba543d7d813603b0bfdca3dd63e":"cb3f5338":"FAIL":"":0
+
+AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2
+depends_on:MBEDTLS_GCM_C:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"3105dddb":"FAIL":"":0
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d785dafea3e966731ef6fc6202262584":"d91a46205ee94058b3b8403997592dd2":"":"":"3b92a17c1b9c3578a68cffea5a5b6245":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"aec963833b9098de1ababc853ab74d96":"4e0ffd93beffd732c6f7d6ad606a2d24":"":"":"e9fcedc176dfe587dc61b2011010cdf1":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c4fb9e3393681da9cec5ec96f87c5c31":"845e910bc055d895879f62101d08b4c7":"":"":"99fb783c497416e4b6e2a5de7c782057":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2a930f2e09beceacd9919cb76f2ac8d3":"340d9af44f6370eff534c653033a785a":"":"":"0c1e5e9c8fe5edfd11f114f3503d63":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fe71177e02073b1c407b5724e2263a5e":"83c23d20d2a9d4b8f92da96587c96b18":"":"":"43b2ca795420f35f6cb39f5dfa47a2":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b02392fd7f228888c281e59d1eaa15fb":"2726344ba8912c737e195424e1e6679e":"":"":"a10b601ca8053536a2af2cc255d2b6":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"21895cbafc16b7b8bf5867e88e0853d4":"f987ce1005d9bbd31d2452fb80957753":"":"":"952a7e265830d58a6778d68b9450":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9bb9742bf47f68caf64963d7c10a97b0":"34a85669de64e1cd44731905fddbcbc5":"":"":"e9b6be928aa77b2de28b480ae74c":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"4e9708e4b37e2e1b5feaf4f5ab54e2a6":"1c53a9fdd23919b036d99560619a9939":"":"":"6611b50d6fbca83047f9f5fe1768":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"82fede79db25f00be96eb050a22cea87":"e9c50b517ab26c89b83c1f0cac50162c":"":"":"d0c0ce9db60b77b0e31d05e048":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1d98566fca5201abb12914311a8bd532":"590aef4b46a9023405d075edab7e6849":"":"":"a1cfd1a27b341f49eda2ca8305":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3038771820c2e1319f02a74b8a7a0c08":"e556d9f07fb69d7e9a644261c80fac92":"":"":"4d2f005d662b6a8787f231c5e1":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0fb7eef50de598d7d8b508d019a30d5a":"a2a2617040116c2c7e4236d2d8278213":"":"":"68413c58df7bb5f067197ca0":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8cc58b609204215c8ab4908286e56e5c":"fb83ea637279332677b5f68081173e99":"":"":"a2a9160d82739a55d8cd419f":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"81a5fd184742a478432963f6477e8f92":"da297cbb53b11d7c379e0566299b4d5a":"":"":"200bee49466fdda2f21f0062":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"f604ac66d626959e595cbb7b4128e096":"269d2a49d533c6bb38008711f38e0b39":"":"":"468200fa4683e8be":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2e308ba7903e925f768c1d00ff3eb623":"335acd2aa48a47a37cfe21e491f1b141":"":"":"4872bfd5e2ff55f6":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1304e2a5a3520454a5109df61a67da7a":"dbe8b452acf4fa1444c3668e9ee72d26":"":"":"83a0d3440200ca95":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ecf1ec2c9a8f2e9cc799f9b9fddb3232":"ddf0b695aef5df2b594fcaae72b7e41c":"":"":"2819aedf":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9ab5c8ca905b5fe50461f4a68941144b":"96dd3927a96e16123f2e9d6b367d303f":"":"":"6e0c53ef":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b5fc7af605721a9cfe61c1ee6a4b3e22":"6b757d4055823d1035d01077666037d6":"":"":"e8c09ddd":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"03c0b4a6e508a8490db0d086a82c9db7":"ac52f6c1a05030321fa39f87e89fdb5e":"33316ca79d10a79f4fd038593e8eef09625089dc4e0ffe4bc1f2871554fa6666ab3e7fe7885edef694b410456f3ec0e513bb25f1b48d95e4820c5972c1aabb25c84c08566002dadc36df334c1ce86847964a122016d389ac873bca8c335a7a99bcef91e1b985ae5d488a2d7f78b4bf14e0c2dc715e814f4e24276057cf668172":"":"756292d8b4653887edef51679b161812":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b228d3d15219ea9ad5651fce02c8374d":"5c7eafaead029c3fe3cf3835fe758d0e":"8c35dd805c08686b9b4d460f81b4dcb8c46c6d57842dc3e72ba90952e2bebf17fe7184445b02f801800a944486d662a127d01d3b7f42679052cdc73ce533129af8d13957415c5495142157d6ce8a68aa977e56f562fed98e468e42522767656ce50369471060381bb752dd5e77c79677a4cadffa39e518e30a789e793b07ea21":"":"a4dde1ab93c84937c3bbc3ad5237818d":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"776afcbabedd5577fe660a60f920b536":"5bbb7f1b14084e520408dd87b97705e9":"44631fc9d4a07416b0dfb4e2b42071e3e2be45502c9ddf72b3e61810eeda31a7d685ebb2ee43a2c06af374569f439ee1668c550067de2dece9ec46ee72b260858d6033f814e85275c5ae669b60803a8c516de32804fa34d3a213ccfaf6689046e25eeb30b9e1608e689f4d31cc664b83a468a51165f5625f12f098a6bf7ddab2":"":"a5347d41d93b587240651bcd5230264f":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"20abeafa25fc4ea7d0592cb3e9b4d5fe":"3aba79a58c5aa664856b41d552c7a8d3":"98cfecaae9eb9a7c3b17e6bc5f80d8a4bf7a9f4fa5e01b74cae15ee6af14633205aafe3b28fb7b7918e12322ea27352056a603746d728a61361134a561619400ff2bf679045bac2e0fbc2c1d41f8faba4b27c7827bceda4e9bf505df4185515dd3a5e26f7639c8ad5a38bc5906a44be062f02cc53862678ae36fa3de3c02c982":"":"2a67ad1471a520fe09a304f0975f31":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2bc73fba942ff105823b5dccf6befb1c":"902c3e3b69b1ef8395d7281ff74cce38":"4adec0b4ac00325a860044d9f9519daa4f7c163229a75819b0fd7d8e23319f030e61dfa8eadabff42ea27bc36bdb6cad249e801ca631b656836448b7172c11126bad2781e6a1aa4f62c4eda53409408b008c057e0b81215cc13ddabbb8f1915f4bbab854f8b00763a530ad5055d265778cd3080d0bd35b76a329bdd5b5a2d268":"":"ebdd7c8e87fe733138a433543542d1":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"356a4c245868243d61756cabe86da887":"b442f2ec6d45a17144c258fd59fe5b3b":"12cccc3c60474b0a1579c5006c2134850724fa6c9da3a7022d4f65fd238b052bdf34ea34aa7dbadad64996065acee588ab6bd29726d07ed24ffae2d33aadf3e66ebb87f57e689fd85128be1c9e3d8362fad1f8096ee391f75b576fb213d394cef6f091fc5488d9aa152be69475b9167abd6dd4fd93bbbc7b8ca316c952eb19c6":"":"ed26080dcb670590613d97d7c47cf4":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"dfa7e93aff73600fc552324253066e2c":"c20001e93f1cd05253c277a9445d61e4":"a64d1e20058a1f7e698622a02f7ff8dc11886717ede17bbdc3c4645a66a71d8b04346fb389a251ffb0a7f445a25faf642bb7e4697d2cacf925e78c4be98457996afb25b0516b50f179441d1923312364947f8f1e0f5715b43bd537727bf943d7b4679b0b0b28b94e56e7bbf554d9cf79fcee4387f32bb6f91efdd23620035be6":"":"6ba5e4dace9a54b50b901d9b73ad":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2ecea80b48d2ecd194a7699aa7d8ccfc":"8b4db08bafc23b65ae50a2d20661d270":"efc2ca1a3b41b90f8ddf74291d68f072a6e025d0c91c3ce2b133525943c73ebadc71f150be20afeb097442fa51be31a641df65d90ebd81dcbaf32711ed31f5e0271421377ffe14ddafea3ca60a600588d484856a98de73f56a766ae60bae384a4ae01a1a06821cf0c7a6b4ee4c8f413748457b3777283d3310218fb55c107293":"":"246a9d37553088b6411ebb62aa16":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d38fee3fd3d6d08224c3c83529a25d08":"a942ccb11cf9468186fabfc18c899801":"1c92a4ce0a1dae27e720d6f9b1e460276538de437f3812ab1177cf0273b05908f296f33ba0f4c790abe2ce958b1d92b930a0d81243e6ad09ef86ee8e3270243095096537cb1054fcfcf537d828b65af9b6cf7c50f5b8470f7908f314d0859107eed772ee1732c78e8a2e35b2493f3e8c1e601b08aeab8d9729e0294dca168c62":"":"803a08700ec86fdeb88f7a388921":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1899b0cbae41d705c6eed3226afb5bc0":"82d0910aa53e300a487d880d018d0dea":"6bf5583cc1007d74f3529db63b8d4e085400ccf3725eab8e19cb145f3910c61465a21486740a26f74691866a9f632af9fae81f5f0bffedf0c28a6ce0fd520bb4db04a3cd1a7d29d8801e05e4b9c9374fd89bcb539489c2f7f1f801c253a1cc737408669bcd133b62da357f7399a52179125aa59fae6707d340846886d730a835":"":"c5d58870fee9ce157f5ec1fa8f":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8b95323d86d02754f4c2874b42ec6eb0":"4f76084acbdef9999c71dcc794238d7c":"ebc75788377c0b264818a6f97c19cf92c29f1c7cdeb6b5f0a92d238fa4614bc35d0cfe4ec9d045cd628ff6262c460679ac15b0c6366d9289bbd217e5012279e0af0fb2cfcbdf51fe16935968cbb727f725fe5bcd4428905849746c8493600ce8b2cfc1b61b04c8b752b915fed611d6b54ef73ec4e3950d6db1807b1ce7ed1dcc":"":"c4724ff1d2c57295eb733e9cad":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"30da555559eb11cf7e0eff9d99e9607d":"7799275bf12335f281ec94a870f90a0b":"e735d556e15aec78d9736016c8c99db753ed14d4e4adaaa1dd7eaad702ea5dc337433f8c2b45afdf2f385fdf6c55574425571e079ca759b6235f877ed11618ff212bafd865a22b80b76b3b5cf1acfd24d92fd41607bbb7382f26cd703757088d497b16b32de80e1256c734a9b83356b6fced207177de75458481eaef59a431d7":"":"3c82272130e17c4a0a007a908e":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ed2ac74af896c5190c271cfa6af02fd2":"e0226e2d8da47badad1fb78b9a797f27":"8f11353ae476ff923013e6e736ffc9d23101a1c471ccc07ad372a8430d6559c376075efce2e318cdf4c9443dbf132e7e6da5524045028c97e904633b44c4d189a4b64237ac7692dd03c0e751ce9f04d0fdbd8a96074cd7dfa2fd441a52328b4ac3974b4902db45663f7b6f24947dba618f8b9769e927faf84c9f49ad8239b9fb":"":"db8af7a0d548fc54d9457c73":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0225b73fe5fbbe52f838d873173959d8":"02a048764f48d9aed1147ee922395bbf":"9b46a57b06e156c877e94c089814493ead879397dab3dfcab2db349ef387efcd0cc339a7e79131a2c580188fc7429044a465b8329d74cd8f47272a4ed32582b1c5c7e3d32341ae902ea4923dc33df8062bc24bb51a11d2ecc82f464f615041387f9c82bd2135d4e240fe56fa8a68e6a9a417e6702430a434b14d70cf02db3181":"":"e2c2ce4022c49a95c9ac9026":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"89ca3771a0ef3287568b4ac036120198":"7e83d2ffa8af8c554cfd71a0db56ef5b":"1bd7a9d6262882bd12c62bd50942965b3cdcadf5e0fab2dc4d0daf0ee4b16e92c6e2464c0caa423cdce88e4d843490609716ec5e44c41672c656ac0e444d3622557ea8420c94deae3ad190ddaf859f6f8c23e4e2e32a46d28df23de4f99bd6c34f69e06eddfdfa5f263dbe8baf9d4296b2c543e4c4847271e7590374edf46234":"":"06b2bf62591dc7ec1b814705":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a41a297bd96e224942998fe2192934a1":"6827f2c5a0b7ecd6bbc696abb0adf556":"f32041abd8543415cbac423d945dda5378a16a7e94d9ab5dbd2d32eb1c5048cc7c8e4df3ca84ec725f18c34cfdeaa7595392aabfd66d9e2f37c1165369cd806cd9d2110def6f5fad4345e5a6e2326c9300199438fcc078cd9fcf4d76872cac77fc9a0a8ac7e4d63995078a9addecf798460ff5910861b76c71bccfb6b629d722":"":"49a4917eef61f78e":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a9372c058f42e0a1d019bdb528313919":"8d03f423230c8f00a5b6b712d426a2af":"cfef4e70fcc1821eeccf7c7b5eb3c0c3b5f72dc762426e0bd26242f8aa68c5b716ab97eded5e5720caccc1965da603d556d8214d5828f2cf276d95bf552d47313876796221f62ccb818a6d801088755d58cfb751bfed0d5a19718d4e0f94b850e0279b3a69295d1837cba958a6cc56e7594080b9e5b954a199fdc9e54ddc8583":"":"b82cd11cd3575c8d":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"6302b7338f8fa84195ad9abbacd89b4e":"e1bed5c53547cbc85f3411fbb43bb08b":"bcd329c076e8da2797d50dcdcf271cecf3ce12f3c136ed746edc722f907be6133276ee099038fdc5d73eec812739c7489d4bcc275f95451b44890416e3ffe5a1b6fa3986b84eee3adad774c6feaecb1f785053eeda2cfc18953b8547866d98918dbe0a6abc168ac7d77467a367f11c284924d9d186ef64ef0fd54eacd75156d2":"":"5222d092e9e8bd6c":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"78b5c28d62e4b2097873a1180bd5a3a5":"c93902c2819ee494f0fc4b259ee65dd8":"e6b1192674a02083a6cf36d4ba93ba40a5331fadf63fd1eb2efa2ee9c0d8818472aaaf2b4705746011753f30f447c8f58dd34d29606daf57eadc172529837058cb78a378b19da8d63c321f550dfa256b5fd9f30e93d8f377443bfcd125f86a079a1765d2010be73d060f24eebae8d05e644688b2149bc39e18bd527bc066f2ba":"":"eae48137":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3d84130578070e036c9e3df5b5509473":"3b9b4950523a19c6866fd2b0cde541fd":"a764931e1b21a140c54a8619aacdb4358834987fb6e263cec525f888f9e9764c165aaa7db74f2c42273f912daeae6d72b232a872ac2c652d7cd3af3a5753f58331c11b6c866475697876dbc4c6ca0e52a00ba015ee3c3b7fb444c6e50a4b4b9bbe135fc0632d32a3f79f333d8f487771ed12522e664b9cf90e66da267f47a74d":"":"79987692":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"08428605ab4742a3e8a55354d4764620":"128f5f4a817e4af04113847a223adeb0":"464b484ed79d93a48e0f804e04df69d7ca10ad04ba7188d69e6549ab50503baaec67e0acba5537d1163c868fd3e350e9d0ae9123046bc76815c201a947aa4a7e4ed239ce889d4ff9c8d043877de06df5fc27cf67442b729b02e9c30287c0821ef9fa15d4cccbc53a95fa9ec3ed432ca960ebbf5a169ccada95a5bf4c7c968830":"":"3eb3e3a2":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0dd358bc3f992f26e81e3a2f3aa2d517":"d8c750bb443ee1a169dfe97cfe4d855b":"":"87cc4fd75788c9d5cc83bae5d764dd249d178ab23224049795d4288b5ed9ea3f317068a39a7574b300c8544226e87b08e008fbe241d094545c211d56ac44437d41491a438272738968c8d371aa7787b5f606c8549a9d868d8a71380e9657d3c0337979feb01de5991fc1470dfc59eb02511efbbff3fcb479a862ba3844a25aaa":"a81d13973baa22a751833d7d3f94b3b1":"":"77949b29f085bb3abb71a5386003811233056d3296eb093370f7777dadd306d93d59dcb9754d3857cf2758091ba661f845ef0582f6ae0e134328106f0d5d16b541cd74fdc756dc7b53f4f8a194daeea9369ebb1630c01ccb307b848e9527da20a39898d748fd59206f0b79d0ed946a8958033a45bd9ae673518b32606748eb65":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"43b5f18227e5c74288dbeff03801acd6":"08ee12246cf7edb81da3d610f3ebd167":"":"f58d630f10cfca61d4644d4f6505bab629e8e8faf1673e64417f9b79e622966a7011cfb3ff74db5cebf09ad3f41643d4437d213204a6c8397e7d59b8a5b1970aed2b6bb5ea1933c72c351f6ba96c0b0b98188f6e373f5db6c5ebece911ec7a1848abd3ae335515c774e0027dab7d1c07d047d3b8825ff94222dbaf6f9ab597ee":"82d83b2f7da218d1d1441a5b37bcb065":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9a433c612d7e1bdff881e4d63ba8b141":"8b670cf31f470f79a6c0b79e73863ca1":"":"ce10758332f423228b5e4ae31efda7677586934a1d8f05d9b7a0dc4e2010ec3eaacb71a527a5fff8e787d75ebd24ad163394c891b33477ed9e2a2d853c364cb1c5d0bc317fcaf4010817dbe5f1fd1037c701b291b3a66b164bc818bf5c00a4c210a1671faa574d74c7f3543f6c09aaf117e12e2eb3dae55edb1cc5b4086b617d":"8526fd25daf890e79946a205b698f287":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8e9d75c781d63b29f1816859f7a0e0a0":"748a3b486b62a164cedcf1bab9325add":"":"a9f1883f58e4ef78377992101ab86da0dafcefa827904dd94dff6f6704b1e45517165a34c5555a55b04c6992fb6d0840a71bd262fe59815e5c7b80fe803b47d5ba44982a3f72cb42f591d8b62df38c9f56a5868af8f68242e3a15f97be8ef2399dbace1273f509623b6f9e4d27a97436aebf2d044e75f1c62694db77ceac05de":"131e0e4ce46d768674a7bcacdcef9c":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fe6b8553002c69396d9976bb48d30779":"595b17d0d76b83780235f5e0c92bd21f":"":"786f4801b16de7a4931ab143b269c7acc68f1ed9b17a95e8929ccec7d53413059fd4267bedbf079d9d69e90314c1345bc9cb9132f1af69323157ddf7533ced42b4b7bd39004f14d326f5b03bc19084d231d93bcab328312d99b426c1e86e8e049d380bb492e2e32ad690af4cf86838d89a0dfdcbc30e8c9e9039e423a234e113":"8879de07815a88877b0623de9be411":"":"b15dc7cd44adcb0783f30f592e5e03ccd47851725af9fe45bfc5b01ae35779b9a8b3f26fec468b188ec3cad40785c608d6bfd867b0ccf07a836ec20d2d9b8451636df153a32b637e7dcdbd606603d9e53f6e4c4cc8396286ce64b0ea638c10e5a567c0bc8e808080b71be51381e051336e60bf1663f6d2d7640a575e0752553b":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"14898c56009b459172fef9c17993b54f":"0862f8f87289988711a877d3231d44eb":"":"e7ba6ef722273238b975d551f95d3e77e9b75b24c547b86eafb457d409803bdf6e1443839d8604ee497020e1a3dbd687a819b17fdde0fcf240ce2129792792a58bfcd825773001ee959bf9ec8d228e27ce1cd93d7fb86769a3793361b6f82bf7daf284afc1ece657a1ee6346ea9294880755b9b623563ad2657ba2286488a2ef":"36938974301ae733760f83439437c4":"":"3fd56897a62743e0ab4a465bcc9777d5fd21ad2c9a59d7e4e1a60feccdc722b9820ec65cb47e1d1160d12ff2ea93abe11bc101b82514ead7d542007fee7b4e2dd6822849cd3e82d761ff7cf5ce4f40ad9fec54050a632a401451b426812cf03c2b16a8667a88bb3f7497e3308a91de6fd646d6a3562c92c24272411229a90802":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fe5253d4b071793b081ebc122cc2a5f8":"49e82d86804e196421ec19ddc8541066":"":"b57a0bd7714ae95e77fa9452e11a7ed4a2bec60f81ad6ddb956d4b1cb5dfc277dcb4034d501801b26733b5e08c710c3cfdccc1b208dc7a92cd7ebe166320582bcaff64cc943c36fbe7008f004e5db70c40de05fa68b0c9d4c16c8f976130f20702b99674cd2f4c93aeaeb3abca4b1114dbc3a4b33e1226ad801aa0e21f7cc49b":"e8b8ae34f842277fe92729e891e3":"":"c4a31c7ec820469f895d57579f987733337ec6547d78d17c44a18fab91f0322cfe05f23f9afaf019cf9531dec2d420f3591d334f40d78643fd957b91ab588a7e392447bd702652017ede7fb0d61d444a3b3cc4136e1d4df13d9532eb71bcf3ff0ae65e847e1c572a2f90632362bc424da2249b36a84be2c2bb216ae7708f745c":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b3502d6f0d172246e16503cdf5793296":"6ce994689ff72f9df62f386a187c1a13":"":"09268b8046f1558794e35cdc4945b94227a176dd8cb77f92f883542b1c4be698c379541fd1d557c2a07c7206afdd49506d6a1559123de1783c7a60006df06d87f9119fb105e9b278eb93f81fd316b6fdc38ef702a2b9feaa878a0d1ea999db4c593438f32e0f849f3adabf277a161afb5c1c3460039156eec78944d5666c2563":"21cdf44ff4993eb54b55d58e5a8f":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"5fb33dd73db309b9dfd3aee605cd94bf":"3f6486f9e9e645292e0e425bac232268":"":"f4e011f8c99038c46854b427475f23488077ebf051c4b705a1adfdd493a0a10af7a7e9453965b94f52f61ae62ce9243a82a2dbf9c5a285db3fe34ed34ed08b5926f34c48171195f7062d02a6e6e795322a0475017371cb8f645cdcac94afc66dc43e7583bdf1c25790f4235076a53de6c64f3bc5004e5a9ce4783fbf639fad97":"7ee5e0e2082b18d09abf141f902e":"":"0503cb531f1c967dae24f16dd651d544988a732020134896a0f109222e8639bf29ff69877c6ef4ac3df1b260842f909384e3d4409b99a47112681c4b17430041ca447a903a6c1b138f0efbb3b850d8290fceac9723a32edbf8e2d6e8143b1cbc7bf2d28d1b6c7f341a69918758cc82bbab5d898fa0f572d4ceaa11234cb511ec":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a958fe3b520081b638d9e4c7d5da7ac7":"c396109e96afde6f685d3c38aa3c2fae":"":"dfa9487378c7d8af9c8dbd9e533cd81503d9e4e7dab43133bad11fd3050a53a833df9cc3208af1a86110567d311d5fc54b0d627de433c381b10e113898203ac5225140f951cdb64c6494592b6453f9b6f952ec5ece732fb46c09a324f26b27cdad63588006bb5c6c00b9aa10d5d3b2f9eaab69beeddd6f93966654f964260018":"06ca91004be43cf46ed4599e23":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ec319fb143eac8215b51541daec268f2":"8a4684f42a1775b03806574f401cff78":"":"d298d988e74927736237eb8ab09d7a86b854fa2fd1f7f3be83b417ac10aa9291f4af5b3fbaf75a296ac32369ad57ded3984b84711953e477de3035ba430a30ffb84c941936e6c8d2cae8d80159876f87dd682747f2dccc36d7c32ab227032b8ac70b313fa4202ea236e3ec4d9e4d8b48cf3b90b378edc5b1dbeec929549344f8":"e91acb1bfda191630b560debc9":"":"27ce4a622959930f4059f247d29d1438257093cc973bf1bae4e0515da88b9a7e21ec59c7e4d062035cdf88b91254d856b11c8c1944865fa12922227ded3eecccaa36341ecf5405c708e9ea173f1e6cdf090499d3bb079910771080814607a1efe62ec6835dc0333d19dd39dd9ea9f31cd3632128536149a122050bb9365b521d":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"14a3e69f351ac39b4297749a90c1365c":"eb1c6c04437aa5a32bcc208bb3c01724":"":"051224f7b208549dcfda5f9d56ce5f0a072ef1f23f3810c693516c92622be6ed4d7a9e0f9450980ba490b2e9e3468ea7eef10bc9ebd673d91f32b748c1bf2c50cc4ebb59fc409c6d780bba00700d563ce1dc9927a6c860095a42ed053f3d640debfbfa7a4e6d5de234af19755000d95e7f414f1f78285ee165410c020038286b":"e418815960559aefee8e0c3831":"":"797310a6ed9ce47cdc25f7f88f5dbbf6f8f4837701704d7afced250585922744598d6f95ba2eecf86e030cc5ee71b328fc1c4f2d4df945d1b91a2803d6ae8eba6881be5fe0f298dd0c0279e12720ede60b9e857ccca5abe9b4d7ee7f25108beebbfe33f05c0d9903bf613c2e7ed6a87b71b5e386d81b3ae53efd01055bbcccc2":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c34827771fc3918d1cee09ba9401b832":"2379bbd39a1c22bc93b9b9cc45f3840b":"":"ce79701b661066e53191c9acdaf677ad41622314898d7216e3f113e2e6e215d26d8bd139827f06ab3ea5c4105694e87db1dd6cec10e1f86a8744d4c541f08e40319e22ab42fc1a6c89edfd486b6f142c6bbbf84a73912e0b2e55b79db306ccabf839855afdd889e52ae981520c89e7dc29bb2adb1906cca8c93fcb21290a095b":"26e1f6cf0d9e0f36dfd669eb":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b1f9bd2006ec550b7b9913d383200b5d":"ca28fa6b64bb3b32ef7d211f1c8be759":"":"6d9fc8f586d50d6e0128172ae147844e80136905d3a297497a9566ca7c7445029028f14c9950acee92a5c12a9150f5e024e01c7505dd83937542b0b1288de9c292ae8ad918a09b2edf8493540b74c73d2794f2eb6eed18eba520ddea9567462c83330f33d7892fcde0b10c73a4e26ab1bef037cec7e0190b95188e9a752fee6f":"c87aac7ad0e85dbb103c0733":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8b2cef1a92aa0af2b00fb2a99855d5bc":"08d87b7acee87d884667f6b1e32e34d0":"":"fd09525ef3c65ab5823e1b6c36b4a9449a3975c5d3a9e7e33c61fb32edcbb8e8c915b6202e3fbce87d73cc3b66d83d9ea7e1e353cc7468f08626932cf0235563e2a28953ee5a0afadb1c3cb513b1f1fc9a8a6cf326174b877448672f7731dd6430a51619da1a169ab302da5af5b38802f8bbf5890b5d9b45deda799679501dc4":"3bd7685318010b0c5fe3308b":"":"583e64631c218549923e8ad33b728d07f23b0f19d2aff1ad7e20d564c591db0e117caa8f21e3f3345e3d84f0ccbb27274cddf9274410fc342cb2a5d4aea4e925d0dd5350389ee0dea23a842ff3f5c1198374a96f41e055f999cfbc2f47ceaa883da8eb6ff729f583eff1f91bd3f3254d4e81e60d9993b3455e67f405708e4422":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"175c306f8644b0c4b894ae3d0971505e":"9860268ca2e10974f3726a0e5b9b310f":"":"fbe7ced7048f83e3a075661c4924eb77da1b4d6019d504afb942d728b31fd3b17557bd101c08453540a5e28d3505aeb8801a448afac2d9f68d20c0a31c7ef22bd95438851789eef1bebe8d96ac29607025b7e1366fecd3690ba90c315528dc435d9a786d36a16808d4b3e2c7c5175a1279792f1daccf51b2f91ac839465bb89a":"f809105e5fc5b13c":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"08c0edcfe342a676ccdc04bdf854b4b0":"4a7b70753930fe659f8cc38e5833f0c7":"":"1fc8ef8480c32d908b4bcbfa7074a38e915c20ed7a1c608422087e89442d7c5af6fe9c9a716c55793248062d8e6c6e8e904e2804da3a43701e4c78ecdb67e0b25308afc6d9b463356439cd095cff1bdf0fd91ab301c79fd257046cba79a5d5cd99f2502ad968420e4d499110106072dc687f434db0955c756a174a9024373c48":"9ab1e2f3c4606376":"":"983458c3f198bc685d98cea2b23cf71f0eb126e90937cab3492a46d9dc85d76bbb8035c6e209c34b2a7187df007faabe9f3064dc63f1cb15bf5a10655e39b94732e0c6583d56327e9701344e048887a81b256181cdfa9ec42ebc990875e4852240ddcb3cbc4ea4e6307075fd314f7190f3553267bd68b19e954e310ec3f8dbab":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"241067a0301edf0f825d793e03383ea1":"a30994261f48a66bb6c1fc3d69659228":"":"6984bb9830843529fad7f5e7760db89c778d62c764fcd2136ffb35d7d869f62f61d7fef64f65b7136398c1b5a792844528a18a13fba40b186ae08d1153b538007fc460684e2add8a9ed8dd82acbb8d357240daaa0c4deb979e54715545db03fe22e6d3906e89bdc81d535dae53075a58f65099434bfeed943dbc6024a92aa06a":"36c3b4a732ba75ae":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"03cccb5357bd2848332d1696f2ff90cb":"e0754022dfb1f813ccaf321558790806":"":"5e2f18cbc1e773df9f28be08abb3d0b64d545c870c5778ac8bb396bef857d2ac1342ae1afb3bf5d64e667bf837458415d48396204fe560e3b635eb10e560e437f2d0396952998fd36e116cd047c1d7f6fc9901094454d24165c557a8816e0d0a8e0ce41e040ba6f26ca567c74fc47d9738b8cd8dae5dfc831c65bc1ba9603a07":"c75f0246":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"4e5e53c84a05d5a5348bac7b2611cf62":"47e40543b7d16bc9122c40b106d31d43":"":"489c00c05dec06f282924c680f621ab99ac87f7d33ebbb4ca0eee187ec177d30d2b4afb4ee9f0dc019cf1a4da16d84b7f5f5c7fce72a32461db115b5a5a433024fd5ed3d47161836bb057a0189ed768f95e45fa967d0cc512fc91b555808c4033c945e8f2f7d36428dcb61f697e791b74e5c79b2bcb9cb81bec70d8119cd8d76":"81eec75d":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2c94008bf377f90b7a1c0d2ea38f730c":"abfe92931a8411a39986b74560a38211":"":"7b3d619d115de9970b2df4e1f25194940b3f3da04c653231e8e6946de9dc08ae5ba37e2a93c232e1f9445f31c01333045f22bd832e3b5f9833f37070fafb0ef1c44cc5637058ab64d9e07bb81b32852d4cf749a3ddbfdb494f8de8bb4e31f46033f8a16bc22e2595d023845505ea5db74dd69ab4ca940078b09efb4ff19bdb66":"47d42e78":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"69eedf3777e594c30e94e9c5e2bce467":"a3330638a809ba358d6c098e4342b81e":"df4e3f2b47cf0e8590228fcf9913fb8a5eb9751bba318fd2d57be68c7e788e04fabf303699b99f26313d1c4956105cd2817aad21b91c28f3b9251e9c0b354490fa5abfcea0065aa3cc9b96772eb8af06a1a9054bf12d3ae698dfb01a13f989f8b8a4bb61686cf3adf58f05873a24d403a62a092290c2481e4159588fea6b9a09":"5114e9983c96fecec3f7304ca42f52aa16cb7c6aadfb62ad537c93a3188835ca0703dad34c73cf96435b668b68a7a1d056931959316e8d3ab956bf64c4e07479c7767f9d488b0c0c351333ccf400b7e0be19a0fd173e3f2a1ae313f27e516952260fd2da9ab9daca478ebb93cd07d0b7503b32364d8e308d904d966c58f226bb":"5de3068e1e20eed469265000077b1db9":"":"208e6321238bf5c6e2ef55a4b8f531cbbfb0d77374fe32df6dd663486cf79beeed39bb6910c3c78dd0cc30707a0a12b226b2d06024db25dcd8a4e620f009cafa5242121e864c7f3f4360aaf1e9d4e548d99615156f156008418c1c41ff2bbc007cecf8f209c73203e6df89b32871de637b3d6af2e277d146ae03f3404d387b77":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"45cc35311eedf0ba093bf901931a7036":"fed5084de3c348f5a0adf4c2fd4e848a":"6e210914e4aed188d576f5ad7fc7e4cf7dd8d82f34ea3bcbdb7267cfd9045f806978dbff3460c4e8ff8c4edb6ad2edba405a8d915729d89aab2116b36a70b54f5920a97f5a571977e0329eda6c696749be940eabfc6d8b0bbd6fbdb87657b3a7695da9f5d3a7384257f20e0becd8512d3705cc246ee6ca1e610921cf92603d79":"5dc8d7525eaad035c19714ae1b1e538cb66a4089027245351e0ad9297410fb3a0c1155407c10a8bb95a9ca624a9c9925dac003ee78926c6e90ff4ccdba10e8a78bda1c4478162a0e302de5ff05fb0f94c89c3c7429fb94828bdcd97d21333c2ee72963ee6f056ce272b8bab007e653a42b01d1d2041ba627f169c8c0d32e6dae":"266a895fc21da5176b44b446d7d1921d":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9edb5231ca4a136b4df4ae22b8588f9f":"c342e9bdabe7be922b2695f5894e032c":"a45c7f8032ac5144deef8d5380f033aea2786b0592720a867f4831eaccc6b85d3fd568aedc6e472e017455b0b5b30cf7a08ea43ca587f35e1646ecd9b4dc774d11e350c82c65692be1e9541cbd72a283bdcf93dc7115545f373747b4f8d5915ed0c42fbeefd3e9bd86003d65efc2361fde5b874ddabcf8265e6b884615102eff":"493df801c57f8bb591955712d92d3fc34518f0599fec8533b2b4473364e1df4f560c12444cf50eeb584676b7e955c742189de6b50b8e012dfa6642f3679fb02bc6d8e08d1db88c8ae955a7946263e06494e17f8df246b672942661e5563302252208f2e00a0d77068a020e26082c291a75a06f63c41e2830292a418b2b5fd9dd":"5ed3ea75c8172fa0e8755fef7b4c90f1":"":"56696e501fac1e8d5b83ef911ed11337d5d51ff5342a82993dd5340bb9632e6606eef68ec5fe8cec6b34ebbc596c279e6cbc9221c4cde933f6d93ae014e3c4ca49593f35eaa638606d059519bac3a3373519e6184e7227d2aa62170c36479fe239cb698bfca863925a4c9fb1338685a55a6dfd3bd9c52d8ae12be8551fce6e1a":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d5fdcb8f5225090e63fae9b68f92c7cb":"581c818282a0905df5ffff652e5604e9":"f1ae6cd7b07f261105f555cf812a1d5bf8dd9aac07666318acffa11abb77d0238156663acbf7543825b45c6e9cddb481a40995ecd78bb5f4cba5df7c7efb00fc19c7f45e94d37697aca8ef368b99165393b6107f900194c797cd3289cb097eb5915f2abfd6aa52dd1effffdde448e30075a1c053246db54b0ec16eadca1c0071":"d39b9cba95e3a3aab9bc1d03ff475c04faeb5b7f0510777f39e5a05756606eb7ddd154aac035d9ddaf3535629821dd8f014dedd52cd184f52fc706e3c89a3a271398c9125d9a624dafb297a56022ca2ea331ea7359ab5e65f8e14814788e64e0a886a9b1a0144bf268fdcf9d94c3d10a0452f40111da9df108252e9039eacea3":"827e66b5b70dce56215cfb86c9a642":"":"cec11a12e47fd443f878e8e9fe23c65f29dd2d53cec59b799bcb0928de8e2f92fe85c27cec5c842ef30967b919accafe0c0d731b57f0bb5685d90a3061cb473e50e8aeca1346d1f47f7db06941f83f21ba5976d97c28cab547d8c1f38387a04b8a0b212da55b75fbaf9562eeeabd78eadcbab66457f0cd4e0d28133a64cb063f":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"036198cd3a3ab9319684d0f811cf2992":"47dffc6b3b80ffef4b943bde87b9cf3c":"ec4de476cd337f564a3facb544d0ff31cd89af4c3d9a28543e45156189f8eff8f804494dda83a1fb2c30ce858884a01ec63db59268452b1eea0f0d48280bb7340eaacc84509469dd94d303774d053d7ab4fb5f6c26581efeb19165f8cb09d58ec314d09ab8356731e87fd081f661e7b2d1a7c3aa4af5448a12b742e7b210b0b0":"6b95b9e82a695fb7b466ce3adb536f525d8314f95eada39efb49baf121093ce7d5439f0d8223e03530b85accd388a70650ca9f7e63eb32afecb7b1916ed9b762128cc641caf3e08e027c3d88481d653b6b15172e977dfb9b3f88465911aee162501cbf8501ce2b66ee151bbfdc23225f638f18750c239d62471663e5ee2a5856":"6cf68a374bea08a977ec8a04b92e8b":"":"5c2f7c408167be3d266ff634e1993fe291aef7efae245fa0b6b5bde886a810c866ae6a078286684d1b66116e636e285f03646e09f3c4ed7b184e7c171ba84f3bfd9500c6f35964a404892b4cdcdd3f697fc5b01934a86019810987a9fea7efca016049873f1072f62df3c17f57ea1d88ccd8757f7e3c5d96e8a18d5366a39ea9":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c9fbbff8f25f951ba874dfc5ff38584e":"1c1fc752673be6d4ff4cc749fc11e0fe":"abfde0b60acfe265b62ed68ebebc1f5f725f155c4b8a8aeec8d704701c51ff7817060c1b0ce6b80d6efc9836c9ea2bc022ec67db4cd34e945e3a1b153fd2e0f7ac84bb4b07e04cbb529ee24014b16067f9f082b940c9d5e54024d3e5e910310457478560721587da7b5343d89eec5a8fce389c01185db15e7faa9a3fa32e8ab9":"ca401071396da00376add467490abc6e6a7d8a85852026979f7013a09cf689113c8d833560cd6c5b8fdaa8fdd818e773ac13954839a0a2c91efeaf4e0e14de43308419a8b86fa2ae600a88a6bd39dfaabc16a3c7c1b77a5c2aab7f7caceb2f8595324125efbb7c96ba16c47d0bd10568b24bf445d72d683268466e68e46df500":"ff0b2c384e03b50e7e829c7a9f95aa":"":"239637fac6e180e71b2c9fa63ce8805f453d81499623ec2deba9b033350250662897867bffaf0c314244baf9e1fe3e1bb7c626d616bfbf3e0ac09a32aaf718b432337c9dc57c2d6fc4a0a09bdc05b9184d1b90c7193b7869f91e2caa8b3b35c10c6621ffae4c609bdf4e4e3f06e930541c381451ef58f4f30a559d2b79b0e6b6":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3a314ec178da96311e42334a616fb38b":"d7ea27c819e3eb2666611bb1c7fc068d":"db8dcc31a5681f13d56abd51bd2dcb0d2b171628186e215a68bf16167b4acd00c3441973c3fa62fa2698ee5c6749fc20e542364d63c40756d8bcff780269e5201bafdced3cdc97931d8203873431882c84522c151b775285d0a3c5d7667254c74724ff0ea9d417aa6c62835865dfded34edd331c0c235a089427672c5a9211c9":"518b3f5384ab54f80497d55be7a5d6902bc7718386212c2ec7537db331514b3838f104bf9054e03039a4cfb73f41e5d0a9648e569ed738cea8d33917430dff6afa8f07a75e324b9262fa196a4439dcd66b0535ee5bea0d292600227c2a79ed03be0671740e5cb7b306d855612bd3abcbf02cf7e7cecbb6cdbb33d57b4e3234a2":"1e774647b1ca406e0ed7141a8e1e":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e818372a63b7e2c23b524e29ba752bdb":"36e617e787cb25e154f73af1da68cb06":"71801d69796c2ce36b043c157aec9fd2e06fd1ec596126d10c26b6d44e3dc36c4fa30a030d65c382b6ddfd958e71fe9c16732e595137a3d6764c15480fc3358e9a113ba492b31274663f5842df5d1cc6bad70e83b34675a4411e2e70755aede0ff5035601be130562e27a20283d6f144ff1bdb5276dec05fad80d51b28d50688":"c1bf1b702a95ceaa6b48a1cdd888ae51f58a9fc3232bd6c784529a83301c6d0cdda6e605ad9a2563f54a8d59f624ae7c589e48b85041a010dcb6fb8739d43e79a456fc0e8574af086df78680460c3cdc4e00dc3b9d4e76b0de26e9aec546705249fa7e7466c01001c2667eaf2813be1f0f116916f34843a06b201d653aa1b27e":"3744262bc76f283964c1c15dc069":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9a04f16882ff45816739d1b6697ce8b7":"66f504d9a9128ad7fb7f1430d37c4784":"f641c53c83c4fb1ff8044bfa97cdf63fe75d8159d65b3e5ad585b89c083a53cf4a2f7a58eaeaf45fa71f2c07bc5725a6b03307d7f32884a133a4c803700bf1e12564b98b71f63b434ddf13ad2c467dda25ffa6effcafa72452b20c34cfae71e47096f8745b487e9f1945f5bec83f7ec2709a13b504d92315b1b727a78902be84":"6a4f3dbb3371f64258fd1f831349e745a4e19a33aad794b1de3788729618beed619586092120e9e5dc3ac6e0d52f991f7be61afbfaa4399ac716ad79a2734827254b1627791dc92a128a6f43426b8085dee94242e83176a3d762658f18ecc1e37e3e1531648c9caed212ea2cf3b3843cb92cb07730f30fe2dca3925470fadd06":"fbb37084396394fecd9581741f3c":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"38cf029a4b20607030586cd2d82146e6":"6330084319e2bf32cd5240f4826944bc":"80746cfb0127c592f8164d751b0e14a5b379056a884cece7ee4e9b80538d7ff6be56a3b19c135786722aaf315123b47672b0251e87ea45f0fd3601cf93f9efa6cbd9ad537f54d57f1e187f821faac24096ecec19d137c9f4cf145c278af4cd8de01c7758784fda06f1cc62d92ae1977786f3d0645714ab4ab6f48c8794b12f73":"f4c9f4476561c9ebdac71b282ae6e2f9f03547da98e66d4d857720db2fcc9ed1f363858db34c9dcaca0109d7c81db24150493115f2bb6985efa8686e3d2ab719d33b230aa4c5c70696bf42f225fb3c6704711c054a882d89b320884a78cb59cd2100496edf4010487597fb9135d8ca79693a43843e9626fd6c64a8722b3a27dc":"7b021de5cda915ba58f90ceef4":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"cf4d81fc5997c744a572bed71f4ae609":"bc4e20c56931c967ce8e3b8f5f1c392f":"b6b8294abf7da5703f864721f7904d3821f5568bf4b269e44edef4f1c95ddc172d83a06c0ad9f7f1fd2e292c17a876392bc5bb705d370b2f16ff721bef7648f423346fd3a4d762676e6fcf2d690553a47224af29afed0f452d263be90eb8150a13d720f1db6f1abc1c2ec18cfbf93b8ed3c5aa7cfc1dcb514d69f90409687a4d":"f3d65d70326e641fbe7fd945fe9cf66c74f17d0d1020ae8ac488f39b7285c99d8632bc2201960f3d77daccfecc04428abe0853aa8d82b90a93127c72b2d2af53f7f1bd0afb99d50f0b3b24e934ec98eddb278b2c65866442cebf10208c7ce1b7ecf764858480b2a269b106fa6d2428d5ad17612e53e62ccc7ad1184663aeb9a7":"0a86142a0af81c8df64ba689f4":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d88ad40b42ead744f1b7a36685658be1":"52c3158f5bd65a0a7ce1c5b57b9b295e":"dde2663335c40e5550ae192b843fa9fb4ef357b5c09d9f39dafda3296a4d14031817ee4dc1a201d677597d81e37050cd3dc86c25adbd551e947a080b6c47ec7be8a927ef7920bd1bb81f2c59801a2b9d745d33344cbe4838bcf2eb8dce53ab82c75c9bbab8e406597f6908aaa81fbbdef25aa69116c8f7a8cdc9958435aa32ac":"e99d2566fe6bcb2a04d167605db7c0f1e5567ff2d8d3292c15bbccc5d1e872bcb15a30b3bb8b1eb45e02fba15946e6bca310583a6740845a0f74f4ebfd5c59ced46875823e369e0447cc3e5d03dae530adf3c9846362c94e7f9d17207bf92d4d59981d8fd904eb8b96a0a23eb0f8d7e7a87e8e8892a2451524da6841ce575c27":"7643b3534eb5cb38331ed2e572":"":"6f87f6be2f4e7421aa26fe321045d1e23066a02158634bef35890581c92367d0bc232940de30974c70a66c60137a9f3924d12db1e5bc1b0e7131ea3620a25eb805b7d670263b82c8bbfcd6839305025390fc17d42d82daebe1b24f73ff9aa4617e3866785dded88f8b55ef89b2798ea2641a592a46428d9020f9bf853c194576":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c3ce86a212a30e724b4c624057db4e79":"9e03f0dd4cb2b3d830a6925e4400ed89":"92c48a39d93ea3308f55f6650d33fdf17a902076d582a94a82ac99496de9f62312292b844bbca5a683ef0f0710bbc1c7f89cbcca8f9c0299f154590d32059bd99fca5d78c450ede0d11d55075947caf2151218ce7a06c1e81985a7781a3444054170b457fd7ba816026310112abb47c8eddfd3ab7f679a0f60efc6c6dd3b759e":"3582ef7a9565c9a8e4496750ee5ca3e3a80df6238f7b7608e3394ec56d1360777921da039ede34abcedd01081babd496ba4de74a7de501181d6bb2022a6cc7f79d89a4c6a97676fb0f2b42f70e2d0bc1eaac364c3646df4f611c1d6b09737451b81b5a4da73c05fb58391c74e44498b80b26f1c29562d23c39b5d3f086b280cb":"3230fe94b6ccd63e605f87d0":"":"052347a4273cddba65b2a0b961477f07edee440a9117ab204359d2dd45ad2a6dad3b60ead891e7da6d79f3017ac90f95725a0089f04d25ce537bf53b7ea8e1ea58692d34c221db141e2a9fd7211adcee03ef8b5bf3c5d36311d20bb3d81f70f7e7272d0e2b6d12293b1a2c31b70f140a8f08d98c6231a3c429c3d0a10b2e1c1c":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a0155360b84420b5bf4fb410ea02f31e":"46f0386be7363887e7e357376305eab5":"611bc290f91798ad84f0a5ecb5a7cb8fa35e9ab6a5a51c9869a68a076e96f92c9c117595f92cbac5d33343fa2accd2541473907cbc54792c5e215ae857424c921b04ca4b81376bbedbfcc0e565c118f2aced08f247698eed5e2d202c48245161cabeac9fa195219f9799fa253e339561e13012167f1d02b4012b7791b7c863ba":"ecdb51522fc440f7471ea6a31f7c1ef1ec2153e5bcf6303297dbf8ddb3830b45ed9866157375ce4bdeb5e32fcbc6607984fccd7e6552628736608ab13072856d432ceccd3e90d1bb52ca9ada9cee90eb89ac10e887a1978fd0fb3d7bb20caaf35539e150be8044b725b8427c4c4a910f79980865d36344a8784bcc3d58460acb":"ac5addcc10cae6c1345520f1":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"694f621f594d96b16c32254ff06f3f9c":"542db4e107485a3cd24c7ad337a4f1b5":"27b7bfa5eb34ba376e515e58ab8b6556c396820d0074a1fe3b984945dcf5251ca450456ccb4bb66ec739b03fdc5f72d24553e843255adc012d1f1c95aa3cdac5d12926465354217203052cbd4869a8b5be2e01d0fe66b5a6a8da0a2ce351557e2991ce77baa812b9c67b8e1c5a1fc348710e1a73a0fd49acfd538b7db6bef8b3":"e61476b8b7f101ca6005f25af2b9bee795d62720bbbf59357057ca7cd473e00f0d465255fce8d6164657603323549fb4e3d33fa51054b1a70cc7e492916dea85453e9107fe781bfeb4a622c5b2306a8dddef99386dc50745003aa7220cd7f32fb0a060fa7682576769a48f9169c7d11fe0a8a61b95f5d6dfcf216f7d0c652a84":"0bdef4d771a1740381e7db97":"":"8b27a338fd2153d304f04655e09bd9bdf4468890ecce1e3b51de2c9a25a8d9336a9acd753ce270b1fe8d50196feac68145e0fd59c9cb3aa7c1e8af03494bc4279c6e287c849f3c775ada584ae173100946ae6921ef7c96bbc6f216093548702cf1867bb1bf1f4c9e90a34230a2b2aeb584622dd615023a43a406e64428bd9170":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"78826a5215a1d5e1b39cad5a06861f8f":"feb9d740fd1e221e328b5ef5ed19eff5":"ca9411b368d8295210d7a04da05a351d287f2f67d978ef1bb936de9f8065473f6fa11495da2eab13a1002231c86411d5409bbc718e2042ee99e013b1df1ef786e9fc1f2d43293c854128184efb9317c4ef82a002eac8b28fcd91d8a714a3aa25fc3c0ae4af9f4bcf5ad19a30cd8ec4b1785df70aa92074da419abe433dd4c435":"0fe2c798d7015d3e2f8725648d95729c45d357dc0c89fc63b9df5a68d3e65419540f663e9190793a29c58c495d5c6a731782acf119e2df8a96fb180ad772c301d098dbc5e3560ac45b6631a01cef7eed6db51f223775d601d2e11b9baa55e2f0651344777e5a03f6738a2013626a891b5f134f07b16598b8cbe3aeaefa1c2a26":"a724bbb295a02883":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d450f5253251121606e56687952bf2f1":"fe7ff90b020fc77d7fcd90bc583850ac":"a3bca9ff25a60006eb18f993dcdc99681e414e27605264dfd25652195d7fe1489550afd07fc7346b88d93b59eb6642913646e93bf50ee1db5dd30106cf181124d8ad01c72ed99038c9798620abdf5c78c419b08c97f982b34d9e9105d9aa4538afcd37f62e2412f14f7a248fcd60abaf2b66cd4554767f99030f1a495d56a5ae":"479b4f421bd8ac7f615c4a507da187cb5d4b1f1e2c6113d1f9678c1ba92dc5e17c5b525d7f3208733223eb82af0820b8476e9b08ca714ce044417b24d2238720cb8ffdc69db558cbaff52e3651b400e16c9d5ac8ed8949a19c35516f80394a04bd1cfdced7b204f779d792086e00b2ebca2f55a1140e85f5ee9ac7cfc5a31747":"6446398aff73ed23":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"90a59f6b0abf932311f0b65623c17740":"20778bea82a6717038e7064f48a31981":"4022d04f1454a72d2efe57533bd32757595220b20f3a37d166cec0412fb1eb2588f939ecd906c805f4827338669888e9f730905001eb1b136b95e306edf70d9ba1e5cd0aa13a25a1f28ab55cff36f9cd7036c735e3b285d26002ad2ed1074b566e252ea3ec8a9ce10882375dc3f1d9676e301dcb179eaae991120b796cc35648":"be5a948a771a8df12adaf74d702f064a75f6483c03203365fbde7d184844fe6dee0b84cf344be05b1d163817ba1516fcb87b9167ed81f884ada73b0058e2b38cba515bbbe462f4c21f8de1d41bca2cf4340aa659f9f07886c2bb620d9c3295318c07fa3c17fe8242409359c08bcb337e5cf268880839b6a20f4ee4b3f04e7024":"dc77c1d7e0902d48":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"6be4ef629f0b38194c74f7b66418922d":"fb77a4b9b246271abfc656433f87628c":"e5d5227725a19a3050fbf2a97a6e854bc1218b94a4a3403b721ace3447daff68fff5553a26edd41219e68fb61fb9e964d0a3c29796251ae4eb942187cdc55d13a09dfb487e93d9e2072d7271456a77c6ccb81154443eea176314d6e3a08619b52cd880f1c28ae5214ac0090a3855dbd74f87389fe8afebd464330fb683dff81a":"b67ea20a320f4ec0e4185c62a4ad79a3c97a8189a5e4d1deff9d3edff0f9a9323532853c1a2a2c1e62e4d1afebfcdf1d8461921ea601750380e63b912d8b7389198f976851d88a19f1aa32c97143668ad00838d98da1c4f2be0e6e2dc964d170d7f7ad2e2997982e5ca110e744b6e10c24ca18eadff6b129b1f290c8a7e0a593":"3d8fc6fb":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c50e37244931e8debc12b3d561c83ba2":"6c0b1fd7ab424a6883c36457d1b5521f":"516dc25f6452ae169ce293c5cee440de47353ca5ba770dca0f04175950e87a2d4c3f84fbc6eeacaac436853492929680066f959e74de4b736ab924d8367b90aaa6e9492561ad4b5aa78b6737d562e960edc3b983e2e01a186e9f22896f48d8dfcfb6a42cfe2c6006c687a27772820a1e8875bdf09e8104248ce4db883376bc04":"b9abf0796f2d2f774735546cf809030f65ed0c7f6bd469ef2fe0ef32aa0225b57fbce07c36017bbc1806a81ff1a429278160a07643f864485b4e0e35d57553dc1a131e32aa10f1f91d663b10f0a418f472ed7b4bca54fd7ffdbb22c4d7764d94a7ffd04730614459431eb64335b9b65363de292c04275d40a7b968c0f5c486e9":"7d4393f0":"":"962509e494f10269b70ebad02b0cd799d1d41191a734863ef502aff3d3ba48dc2acf9da9a3fc3f40be4d210dc5e128bc00499aec57aa0a4669863165428687b88d46fad41e36af8ea6605586eaa5c0736d0d53b9d523e0cb5a0b285048e060a73cbf4b587d2cd787debdb2b4c8cda731a61a15b19fe8b561fbdd3a7373853ae1":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"8531ddb03977383405baf2ee9ca7d64b":"baf623867d6a25fd85d1f08e599c0566":"18f92cdd37dcd7f99b06838f3f68748aba367baabaebd0da9ee787d70e752fa07dea553a43b643b8d8f460175c0746675205e20a7a98acfcac864d7c4cf5ab4c41c031738c76882acda003c5af47b1c4df8894a827a317935d970d4afaee17715c9cfd1883e8c345f19d1f89e229b8edba6b4f53b86d8da1c0f159afb83b6b33":"d90c9e26509bdba9b1dea8d2b94f2b1881d22c2bd756ad23cd61944710a1c1f2807170ed47a6870ae654e44757fcb3822ef28b37946cafc07284f8a0c22ae3552954f0d87b8d8c825bd546935b494cacb4262d9e2a88f254f200ad31367d8b3715afbabea5f34214ffedb14d7c84806022aba2dc8f88a314ffbb24017d1a9b9f":"2fc9de46":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"862dd5b362cfa556ca37e73cff7f4a0e":"81530a243655a60d22d9ab40d2520447":"":"":"3b9b2af54e610ed0b3dda96961dd8783":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3452b7bc100c334292e08343f139b9d0":"8f92739a30fe4ba24079f5d42753d6ac":"":"":"0eeca69f8b95e1a902cc3ab1aaa8e2af":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"31a0cbaf21b943f8badc939e94eac7eb":"d5bb2c4eaec47088230972ae34fcda9c":"":"":"580e728512c8e44fbb3fe2c498e05323":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9e8fca537746e7cbff97f1dcd40a3392":"43e9f2bf186b2af8cc022e7c7412d641":"":"":"4465a3f9d9751789bcef5c7c58cbc5":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"35b5854ca83792ad691dbda1a66790fb":"cff61cf9b32ea30cf7e3692aa6e74bed":"":"":"726793199df533dd9055b0ac7c939d":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"07259267c1c6a015437a5d8cfa92f9e6":"18b9cf2ad7ace6ec1c8366b72878cf20":"":"":"4340f6263f0ba2d82c2eb79cb0cc7e":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fa1df8955aa3ef191900b06e7c1b7d46":"6928c138c98a4350c318fbdccd3f44ba":"":"":"7c89d9e77515d271b6ed54c9c4e3":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c04200ce41ce77d772babb206315ec7d":"a885d58f0f38f9ff26d906fa1bfb12f4":"":"":"9ee0d025421f2bf18caf563953fb":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"650df049461be341c3099bd1613dcead":"8a4ff6327b49d297248ce2d5bd38afa8":"":"":"13f067ef0d7b448d56e70d282fed":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ee61b5bf5060fcc637dc833926898508":"b2dcf21f9ffa4a883044d29f087f9b85":"":"":"9ab1d66666d4dea3cbb5982238":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"01cc56ca7e64db7fbef66236a5c49493":"8ea5b63004189792cc040ef18b37e550":"":"":"d685aeb54aa129a21bed17766e":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"134dd72ac8e28ab46720c2f42284a303":"c6368e4c0ba0ec90fa7488af9997a4c7":"":"":"4ad9cdf19ff7d7fd7e273efced":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"180c04b2bde6901edcda66085f73ecd9":"9193b206beade4cb036f01a9db187cb8":"":"":"530f5e9ed0879ccef3a7b360":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"aaac85742a55ffa07e98106d6d6b1004":"630cd8ab849253c4da95ac80324ecc28":"":"":"37911820c810e3700c3a9321":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"ab663c4f8f2fdc7d5eabf6ef26169b4e":"86e6100669929e329a1d258cd3552dc9":"":"":"958d6141f7fb2b2dc7d851a6":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0dd756d49fd25380c4026ea03cafc2da":"6a6f7e39b0d730ea1670e13d16c12c28":"":"":"872ef05a28da5ea1":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"bd8a834b288bdc7578b6c6ab36f5d068":"aa77de0af5fa4dd1ed2ada5cb94813a0":"":"":"c5c094e83755f2b6":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"020d280dbd06939bbb5e6edc6f6d39c6":"09aea6f0e57598452719d6f63b6fe5a0":"":"":"05d6c56ba601e85b":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e47f41a27a2722df293c1431badc0f90":"227c036fca03171a890806b9fa0c250d":"":"":"86c22189":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9d3e112114b94e26e93d3855d4be26bd":"99b98525160c4bb2029da5553ff82b59":"":"":"33bee715":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,0,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"5b4b7688588125349fbb66004a30d5d4":"b4ae363edb529d8b927c051cf21a2d9d":"":"":"6a920617":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c4b6c5b8e21c32f36b0ae4ef3b75d5cd":"3d1036bf0000e6f1b77a799f2ef32dec":"1cf2b6cbe86a87b4b5bb3cc50024aeb27c48143658d47b41f2f20b87ed67bd6fc3b85a3a803f66d3576608f5d6ce6cad11e02fe12de5390722dccb8242e1dd140051bef51aa9716c860d45d45bca6effbb1a4797e6e7406a04db5d823766c0f011ebc28e9a8cd4446ec8a75ea8bdc1b2fdbb5cc364fa9877886e30404593df34":"":"a49725014c214ef7cc2d28b9b2b53da7":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"63c3f81500746eaf383fe3975d84f849":"0799d4152fd73c1604b4610cf7171fe1":"cb8248e5f904cc9ccccf6f273fe621eee1b4d7ed98480f9e806a48b84e2d6a733772ecf8fb7fe91805715cddab2b462b89f6e6c7cf873f65031f13c357d5f57b00b7c391c39e78ad1ed94be236ca0ae316bce11bc33c5d701fdfc58abbe918b9c42f7b3d6e89d46f9784b388a6e6daf47730b9fa665d755a17e89932fa669c44":"":"c53d01e53ee4a6ea106ea4a66538265e":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b0c88b191ce6e8e4a3941f7960b7eae5":"e2a899961c332c815685c553351fa519":"308bf10570af48d632911f3641dea60d78046211c01a63bb8e4e5cbddfff8841d2f2b11e18ccb2170805ef4cacf7804d64e0feef40731a1704907f33b77788c18ccf35b224ec3046a67664ac9a3481d2385b6ddeec6da4f32423f94ea9663a5c51cc388cef33744a8159b4fb654dfdb5092718bf926c824be31197f07f276b5f":"":"92604d37407aff33f8b677326cbb94fc":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c818dfa0885a09f65ef78712f5ce6609":"ca279284723530fdd68ae880e0ce775c":"2a562abdbb483ca5f355f9cc1c5e607bdd624a078a76b717ce0f8f35d0d4c54b629f372f15d20c848d01420c6af5a7040d42063704a17b46259dcc53723caf2d4bf556143ff9117c752fa4f22c9c155c99b7bf5949d089cdafd562165b9cbf53ff51cec21f49128c8a599718bbcdb4a5d705d20509c44c8945e2a133164b9942":"":"20e9a3a98d71d460743e1efaab13c6":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"2354c6b6afaa883e7ce91faca4981f8b":"604f2730c756c8c39a0527093bc2feb5":"959b4b0b9ce2e9120b327d2d090117553999ee10bdd384a546fc6de0957ef4b447daf07b3d07ef7dbc811f36b0fc09a175d26e4d1263cb5e21eda5ecab85d763807bb20b3cb6ac3f31d548dff00aae058d434ebcf6f7e3a37f11324134f453dd0ea7f51094863486426ff1706129a5a93c53d8c5ccb56cafa5881981fe233cb0":"":"3588c9aa769897dfa328549fbbd10a":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"b0af48e6aebbb6ff5b7c92bd140b085f":"d210d6502a5221ac1274a9c7f5a81725":"d725311ca10eb4b4aa24e6dd19c5e72dc34fc1ff53feb25d924a9b7d8d72205790ca4b1275bd93ad60c27a5587a45659bca07c111e9748fb683a03465153ffd735b7d134b479674ab8596f0596496fe2090f623fd1e4dd730c5283d8b172db8a25df42d9b34f388ed32676a56b8ba03347e47379702654508ccd0a21ff03516e":"":"e6222f068a1e18f09ba6c771eabd86":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"a05fe482fe164b2eca7f6c3e377b39d8":"145327bcc10335fccb93afbf4b17e6e7":"ea6f2e93b5e1bf127d40440b8d6397405246b1b48eebe16964f18928f6b4b8ee2c36322d7126905c1a5b816996e340404b586edc2d77afac11a6c1266511f9eff1a320b035442d4078f8e42ca63cf26d12a971a7adf4645d1bd9a8e4d0a20722f7c2d529beaecc4033f7738075e1cdc6d8a929da5582540678935b82e7b7ba68":"":"3900bde9fa9ae2cbeee54d04f224":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"dacbadf819eb16a63f6f091d13ed04d4":"b9ebce724b0dcb0989ac2d8e7ff8aaec":"7dc6e2189d8a96f3507e352e05e8fd1b4bab988c2f1c706115887119f63b78084f015d85f6b460901a02880103e4d36e8f6527dfd74e4a3acd3f578c0cc726b528875f701ff8b66e5c11b4689c346a098e123bebfa253362cb86829be73c2b85a6881fa976aa730fabb76775027feec7fd920a6c8965a4a509ea812d7c413a95":"":"8988fca83c8cfb1f8feefac46f04":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"969244c7444f3f3bf193b28f8e8e96dc":"49b2845a1a1c87fa66eb8f78c05ac029":"1414a07e86d8b61d1eff43e1ff4ab42c1c95e159058b74c731e3007d21a5eb78bc17b7e920363a3974aeb8608813dc9a4655199b6703ed337450702d8ab16a89776831b2c7c811fec3acc23598a0aa01680a7bf42a4e258145beb08c9f0eacf2bb5f56d26bea3ad11e1a956a630b80f3d22bf35592b4704f7c464b08b06dd7f8":"":"a291c7527385f037f62e60fd8a96":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"525abe490c8434802b69439c590a5290":"141f79f0501316e66451c41c7af0f0cd":"be440db66d3f81be467605a7b2805ec1df5e71e1b1b04bd7a4d05e912f5aa1912ba08de72df18613b32b7edf78963c48c80c25178b3b19262b85bb829f5377e0b368b500d6d3b442f54172d4ca4500eb5b4d478b602e5dc11d090539455087ce1e5b9ea74355fc06e9b60cbf25a9804d3f8c623fff130abc48bc2d8d116b8366":"":"038c7e95f790e6ca5ce73f9551":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"51644e025659de983f5c8156516b812e":"614837c743d0974e9cca497f13038c02":"60c5d062ade2c5c2dec68b734dd3e58ec474a586d1c4797fdfa2337800510134cb27a10d501927632af3c1febc275010c0d2e5abee630cd2bc792963fa82a42286ab047b934a261927311b40f5f953bfd661427921147cac7613d95ee86e16326ef67c1ed097e8fb87a78753d785de34e03a182232786079cb6be00182e41c9e":"":"77e3deba2c7f9386f85bc4a801":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"08566ca7310302dfb84d76ea0525ba20":"5f20ec9c35c08aa7f1c0e8a20fdbd2b3":"5d84e32768b8d1e7e3c426b3118d48e35491bf1bb454b359c8429220216efd8826be94fe1919409a128ccd8125a594f1691c9421fc3dbbb3f757bf2355bb0d074ceec165eb70e26eb53fa2cb5d84dfae06babb557805ef7b8c61c1bc76137571bcc5e84bf5987dc49013831d78bd497ccc49cde7dca2cb75e7ab967da8c6ce81":"":"873f037fc05252a44dc76f8155":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"dfb54db96383fa911bf5b4fa1218ef9a":"7e849e24983f63f1194b396bbd2d55e0":"d3fb689c5818810dd104693f3306a10b27178444af26798a194f7c2ab31ff3a172904b951942b1a26c8ae5b5b1ee2d86dc78bb72a335fde350766d7d9aef6f549871dd46b04b2cc319fcdd47be437d431ad18cab82d51ca9fa57f4108a8de622a92f87d28c0349fab27757fd773413f559a8c00d30e258c1f6cd96f9759bd957":"":"dada7fc7fed58db462854ef6":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"389cf888474e9403e5f4d0e22ffec439":"ef57794cf6fac9f9cea3e8499b53b1d6":"7ea7f7f4763ad208eb6199285b6b2819756c4e3caf2d0ac6f5076ae6785fecdcc4b138a51860ff8b87aaac3a18c2df778a4818308d458dba28f5017513e1454f60be20dae68736ea6d48b1f9deadb517df63140acbd329fbfbc9b82f3ca1862c9e998f0faff1d3ae60b005bf66829f5cf0c5fa03efbdd92d39351e3954be0257":"":"92726d90ad26130e65f2beb4":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e55abb2ca36c822bf2a030ac703cb8b4":"d86f7177e8ec90f9e9edf10175d5012d":"777a9d93091de56324c10712243f5541722e0b27e1f303fef6faa387a8666161ab354dbea6c43c82a24e8623bfec39aab13164add6be0dfd55d23204c0975b4ba6fbda51363befde482a9ccc1eb9f151e6ad59c77a1e24dd268389e4686f198a936dd603044a3fb653d63cff80597f5a2913c8a2ec1b7d9dce5728dd56c78c2c":"":"65025250343ed8c09b3fceed":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"586114f3b1dc087e1b2739b28c592dfe":"ae5a38ddd455505284434a4bcfe81ef2":"531ff8c285e532d961f49bd210a5523cd9b19a697a3a3fb26db940a496f253862405b1e825daeda7eb0445c98022b8342c8f8ea20301618483f8ab04b6ebccd7e7fc57878fb544a5bf78fa896f50ac30126ff8afca8a86388666b64c643d16812729bfd7e5c03ba52f7e6ea4c6a685404f7bcbd956964417fa0ea9a6d7290c41":"":"467a815610faeb82":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"cbfe806bddb7f06b3826b097550c68f5":"04c1b6c9fd2ab76fc2adfe15d3421bbb":"cfa86d02599652cb4ffff027b9c6ef2336dc9fe946f64fa5ce83f624e144563d4738381bc5371c3cb55cf41ceda07e62cb635ff37246bfa428785229c6e869d5df69d7949a8577889a29e3d05b788ddd43608d9c14e3f1b51ce2085b9a976fe843e3396a74922babe6797d5f01c37ead623b5b582505bcd29edf8a6ea36b0fc7":"":"0697ac372a9acafd":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"96ce3a095a91effdd91d616f1f02ddcd":"579d6633ec6687afa24ef874899b58e0":"3ff3c0038148ed391b6a10aad623a82fe9209c5ba74482f11506d597b5fc7af977235d8ee9e28cf2160346ddd0e33a5bd1fb67b87dad7167fdd4b2b4000d8460ef7b3e1b59b9d61d06cfbe7945379ed6b650de86f396a38cc70d47b8a349f067d00144c903c276b323be6a929a7d7dd8ae7d254d640cdc1176f98e01a1d8c82f":"":"55a0f61032e048f3":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"24ece168c2971cf2b404ea206dc9e29d":"e9db62a42491664a6c46cbb0b2bafc92":"3579f6c0cb3d2a5d0c4548855c7c052d36b6a8dfc60f4ca1b4bbe28ed87306119e71982dd84c4205ceba918d675472753df1b5192d3693dbf6a061c6056e312135ffc5ff426895a7e30f7f675d2cb21de06eea5e3761b94deef7537b985d324864c9ff6ab6e230a1006720f98c958912b604a6d03e3979887c07be3ceaafc78f":"":"d2b15a23":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d3c3cf993f6740a019e61ce13c29955c":"af900ac348082ff32d2e0ab886079516":"2ddd0e8c99661f0757f04aa79a1ffa24ad48fbe5da68b9e71f7a0cf1b4f2ca9b757695900b7549d48847ae49950dc9b270b1569d29dcbef412216737bd83509c17ae41c34ccda318939cb37a0a380762993a7568c0b07794e78746173dd5c0d921cd50de4b548c1589e142c3dadbad42161aaeda2310f3c6d5c722d9ac69e96d":"":"f2d3a6ff":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,0,1024,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"5f1e5bd45ee8bb207ebbd730510ff218":"8846424a194f5de858556e6be5b65d7f":"e968947fc0e49136e730b97f6b16e393d5e4fdf3e4803a23af79211ef59f29167c60ead72fd489da32d2ffa43b2bca2074f9d1b4f5396ca65004b0806cb7c6dfa751fb6afbee3e443f3c9b0e3df6722e0d1320441400c5ca508afb657c2b7f1669b0de21761dccab9a40fc513768bd1f552692626ce35078a2e0e12f5d930647":"":"0d6c15da":"":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3997050377cfbb802cc438d973661688":"c95c84c263bdfd5f1de66e7e616cf3fb":"":"b02f0dd373e42c65e8e1db2dd76a432e0b2bf6e630c8aaf0d48af51b3709b175de9a19b3245ae75818274c771c06fae225c4f8b002236712336e805ab006449eb29cc5e29abd82b06c32d4c36ee99acb9a6d7d9eae6ec6ec263c002a22c4a898c74f6abd6d92112367ca7ffe82787c5b39e7012ba22825d3612af3d41e8008a8":"b35b3cf6ed59ccb69dbc9b47a3f284ae":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c58583f6479d9bc9f1bffddefee66e59":"cee448b48d3506ff3ecc227a87987846":"":"564a9f700cbc1f895e4f4fa6426f73b4956896a15e6127e7560d74e3fd0b980d2ee45b7a6a3884fa613d91d13921e3f90967d7132bdafcd146dd8ff7147ed1964c2bdb3e12f4133d3dbbc3bf030ff37b1d2147c493ce885068d9ba5bebae24903aaac004aa0ab73fe789e4150e75ddc2bde2700db02e6398d53e88ac652964ac":"361fc2896d7ee986ecef7cbe665bc60c":"":"9cce7db3fc087d8cb384f6b1a81f03b3fafa2e3281e9f0fcf08a8283929f32439bb0d302516f0ab65b79181fc223a42345bad6e46ff8bcb55add90207f74481227f71a6230a3e13739ef2d015f5003638234b01e58537b7cfab5a8edac19721f41d46948987d1bb1b1d9485a672647bb3b5cb246a1d753a0d107bff036ac7d95":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0bc2bde877e881aea512068105694968":"05f0c34ab2e8e8026b0a23719344b71f":"":"1a6369a45e8ef2846c42d54f92d0d140a94f9633432782dcbf094f1444a1d006acd07ef6076cd0faee226f9ff14adc1fb23e3c63ed818c9a743efbe16624981663e5a64f03f411dcd326e0c259bcadca3b3dd7660ed985c1b77f13a3b232a5934f8b54e46f8368c6e6eb75f933196fa973e7413e4b1442b9dee5e265b44255ed":"46bab9fc2dbe87b8f6ca0ed4d73e5368":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e14f45ba5d1eb52e0412240da5d7b5f9":"d7f8ef12f66f8b7c60aea02ef6ff688f":"":"9a85fda19ce923f093a0c25b0c52f5d9534828af7c7687d22307004ae2d10c4592242c0f2704070307ab55b137780d1e2013a19396ab43ff6a295b63fdcf323456d149758f9a2bb37f1418d62ea6368b24d5067b9c63d2968e06d6586c7e3275faffa005f7c7bfef51303e4c2b2ed4564acd17d50efac9f5e3e7f16ce589c39b":"beede05e4928c808bc660f3de95634":"":"4ad5b9ace0c0c7c07df2900faf37a902899471e7aa4a0a1ad5387f8f56d73f78f619be79a4e253f95b15d52895a05bae9ecffa916d35efacd8baf1c704d2aa4a38c234efc4dcfb191ec0fa0b522328fa5b5dff55e8c443fee660ebe3d8ad85de157a889aefc823720030a4cd6ba94a6309dd61806f0abb27772432018bc61701":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"9a64579f3601b0022d357b601cd876ab":"515efc6d036f95db7df56b1bbec0aff2":"":"88be1f4bc8c81b8a9d7abc073cb2751e209ab6b912c15dc094002f95a57a660b9f08b1b34f5947223205b579e704d70a9ecb54520ce3491e52965be643f729516f5cb018beeedc68a7d66c0d40a3f392ec7729c566ce1e9f964c4c0bd61b291ccb96e3d1fac18a401a302f3775697c71edb8ff5a8275a815eba9dd3b912e3759":"13ea92ba35fced366d1e47c97ca5c9":"":"7fc8565760c168d640f24896c69758355b17310dbc359f38b73fc7b57fe3f4b6ecad3f298be931c96a639df3c5744f7e932b32d222f5534efb8eb5d5b98d218dce3efef5c8c7ce65738bf63412d0a8ed209071218a6fa2f7be79b38d0b2f5b571ec73f1a91721bd409b1722b313683e97d53df19ded95fd471124fa5f294a4bb":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1bda4acfd10ab635f357935bb0ab7020":"48b77c587616ffaa449533a91230b449":"":"c9ac8d4ef7d83848fdc03664957c28b9b76710797d5db1c21e713e85eb0898892223e52be1644fc7362c95026ebb9c9ca74d7d3739eff10cab1eda00c36628dae0b98d119a14635800e37cd340faa6fbba9c3d41d52722cc3969612b1a8c5ca9a68773f5ee654506cb88ea65fb1eddf5ab6312d0170dc03324e483342448b854":"8325e4394c91719691145e68e56439":"":"1287ad3719508a9be70c19e3b134a2eaa4415d736c55922e9abcfd7f621ea07ffb9b78d8a9668c74bbd548b5e6519ea12609d2d6197c8bd3da9c13c46628f218e7ff81884ff7eb34664ab00f86e09cd623bec248d8898ef054fce8f718a0e0978e8b5d037709c524114ec37809ac3fd1604e223e08f594e7aa12097f7dc1850b":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d21cf24bc5bd176b4b0fd4c8477bb70d":"208cb9dced20b18edddb91596e902124":"":"2e7108fd25c88b799263791940594ec80b26ccd53455c837b2e6cf4e27fcf9707af3f0fe311355e1b03ac3b5ee0af09fb6fb9f0311f8545d40a658119e6a87ba8ba72cc5fdb1386bc455c8fec51a7c0fec957bed4d6441180741197962d51b17c393b57553e53602f2a343a0871ea2dc4b1506663b2768ce271b89c4ed99eec6":"7edfb9daf8ca2babcc02537463e9":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3d02e2b02170986944487cba8448f998":"6336077bb83eff1c9ea715de99b372cd":"":"bc1d7553f4a28754cf59ed6f7a901901f04ce62a449db2b45ad60329d0341bb9ba421c783c28a9200b41da8ab6328d826293134a7d0c9a5775dd2735e7767efda4ad183566e0847d6d978abd1a8ab13b16b8323acef05ced3b571631e1e24ad44d65e6ffa64e03c9970e94bacb9f721aba06cda6a08806a3be63dddd8029301d":"0466bb2957281f64b59eafed3509":"":"5f395958f2f7acafb1bca6d3a6ec48b717f2ceeac1b77e1b0edc09a09e4a299d2ec722cc7daf34c8f4121a93c80b2adb20a2fc95afd09320f91085c93c8b082dd703814c9777501d23bf9b328f07f04652592dc5a3f4321626a695b8db8e65c8617c809eb2978d8c9a882ffa82a4bb707c1a8f9a965bdacce5c041bafc94a1c6":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"cd1ad1de0521d41645d13c97a18f4a20":"413873a0b063ad039da5513896233286":"":"588c2617517329f3e1e7ba6206a183dc9232e6a4fa8c8b89532d46235af1e542acaa7eae4d034f139b00449076ba2ef9a692cae422998878dabdac60993dce9880d280bec1419803ba937366e5285c4a7f31a5f232f8d3ef73efe7267b3ef82a02f97d320ebc9db6219fbdf1c7f611e8e5164e9ecf25b32f9c07dfa12aa705af":"d4dbe9cae116553b0cbe1984d176":"":"bd519b7e6921e6026784cd7b836c89bc1fa98e4013b41d2bf091ef0d602e44a70df89816c068d37f0c6377af46c8bfa73ec0d5bc0b61966f23e55a15a83cea49f37cc02213b4996f9353ee2b73a798b626e524b9c15937ecf98a4eded83fb62e6deea1de31e0a7f1d210f6d964bc3e69b269da834720fd33487874489b8932a8":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1cb120e9cd718b5119b4a58af0644eff":"5a7087989bfe2f6eddcb56fde4d72529":"":"4c8e8fb8c87ff6b994ae71bfbf0fa4529f03bad86edf9d27cf899ea93a32972640697e00546136c1dbc7e63662200951b6479c58ae26b1bd8c3b4f507c0d945d615183196868ec4f4865d1d00bb919a00184e9663f6cb9a7a0ddfc73ee2901f7a56ef2074d554f48cef254be558fca35651be405f91c39e0367762b4715d05fa":"95d8bd12af8a5ab677309df0fb":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"315b206778c28ed0bfdd6e66088a5c39":"7ec6f47ec56dda5b52bbdaa6ad2eb6da":"":"6186f57a85b65f54efbf9974a193012b1396fc0ca887227e1865f1c915ac2af9bbd55969f7de57ce9fb87604cf11c7bc822b542f745be8a101877a810ed72bf4544d0acb91f0f9d3c30b6a18c48b82557433d0db930e03bcecc6fb53530bfd99ee89f9e154aa1a3e2a2c2a7a9e08c9aed1deab7fae8ea5a31158b50bca2f5e79":"930750c53effc7b84aa10b2276":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"e886de1c907c97e7db8ec80a79df90f8":"612cacbf33266353d0a29a24532f3c0c":"":"c64cc9596d7c738746ab800f688eec190a4c802c55b2528931d74d294496892b81f53d3073d48f9bef1d58ce3be26547474cdda2868abeab71aff566fff613b4e5bfed1be1d2fff35d8ffa33302d3da1c82e421aa3a23848f31e26d90c0cb2ac2ae136ada73404ed3e0e1d3e7cb355a11cd2a4f9393b4d5eac988104fe1cf959":"76634e58d8f3a48f15875ac1d6":"":"7001d7395efb432e2804cc65c0ba5d4719ce84177ce46292c4fd62a5596bd2bab1d5c44217ac43235bd94489c43d01618a11f047d2e247062c3b88d6e59adaa1f46514fb33b7843483920bee60a41f3cb312322c305d25251b4704fb66da58637c95a9d539731434f60ef44fe3cd6d37e2c8e7089880a563938dcc98b43f08fd":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3b936e09a6477f3bd52030a29df5001d":"f93105be83fa5e315d73acfdcf578de7":"":"65cf11d1afad19b34f282f98f140315992392f5d4eed4265085b29e1e5553f4783fec681ba2d368486ba6a54c00e71c82c08ca3d097904f021ce4b0acba2d2a7005e28e5f8750ea3d18a4f78363c37583e85104234498942c639a0564b0d80055c21cb7735dd44348298291ab602f345b1d74d624750c0177fbd5cca6f99223b":"91b55bb5e3f3f1abcf335db5":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"dc9e2095de7b1b48481b56bf6a3604cd":"9e5268db19a1b51c0496a160ca76f8f7":"":"ed61ff94a3f84c72147faefa615e2df00324fb01790cf9764c72c1b8ba47f17866a1fd64ee5c2f53865d1bc24ec93165a6774466a59603199ee476c1f2da7d932c8943d126aa172d532d8475a484d42bb45fcf92766feafd7f3e2e3d42d22f6f84a90e7e688232f799d80cd2cc152ddd21ecfb137701ecafcb2b65abe2e4e6f4":"0fa9588536fca71bb44260f7":"":"ef562e301fcf923ff1a1acd3aff9b1c963058228655fe8a66cab01396547dbd2aa1f79a22eefc62944b86d1a31ebe2d17130175b8c003d6755b0eb8b79895b0f7f8046c5ae888a067ba17bc8e11a8f6e5023a9cd42f6461966c28e505b371c0f72a2606bff430a58016e99713d25ce11f10391fb4a922e27989422c6a64f9107":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3f93901fd7cc88db3ba76a158d658c7b":"7e98de461e6d96c0ce6c8d8b3854cf49":"":"16402fded879fcbfe9405902aa63ca2a520889e0045f687455469b7bb867829a01208b8dc5dcc852d8ee478993c30e6d9ec6408773b367821310a0ae171d38d71e06981ff6e845acffbc794142b87c748e12484c0636419d79be3d798cde59e9dae0a4a4a4346596427e6b235ad52e6a1b02d6f4df0c7de35fc390cae36aef14":"86c9a70e4bab304ae46e6542":"":"1b4c09569b42c469b3ab6b39312c214502ec09f5fe2fed1d1933d13cdc6a7b77a5d135123fa69d9207d6844b0357b26b7a2f53b33a5cd218dacda87b78b09cf259e48e74076812c432e2d0833fb269721f9347c96e158500f9b2283342a35c8de0a022edce711118d72d8fbaa354bfb0ffee465844ef2d37e24ec2cea8556648":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"42289f3d3cd5838e250ef54b128e60d1":"e557389a216ad724aafdab0180e1892e":"":"3edae1d554b67d2036f5fdbdb2945cc112f100adc1b47009c2e23f6a2eaee78d1f39ce8a98f715853cc29fc793fb6981ec3036834188dea7d668185ccc8642071b15de1332f6a59c8a9b4399733eb4b3d8f224af57ba6b4a8e64494bb6630b9d28e7ec3349064350febcef6a3ad1d6cca1b1da74f3d2921c2b28a2dd399c3416":"6f78bc809f31393e":"":"25c476659cc7b343a69088baf868a811ba37daca85c4093105bf98235a90aeca015ab034da008af0982f9b2e80df804c186a9b2e97f74cffd70ebb7771d874fcaf12f6d01c44a8b0ec2898cf4493cf09a16a88a65cd77909bbf0430c9603869bd5f20d56cb51d8a3f0a032fc30d925c96599d296b1ec41c2912bda426adea4fb":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3d772eabb7f19475665ca2a7e693bcfc":"0747cbb486a013453fde1ca6abb11dbe":"":"e9fc4d86f5b857fa6057b73f967351e06f87288c40a95b9e378c84f1a4c0f4b80ed0a0b44ff90a8973be4199c0c4006fc4f5ea19d5f1fe8b9c8c01f4675ab85afab0592bb3daba36bb4fc7ed9eea867e9d8cc50c19fb62a5a57956e9efacebac5e9f849649d35a329bd68de97bb6e5ff7bef477a86765c2c9ec15e24cbba5c6e":"8e761ffaea68f967":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"fb7fd753ee6eaaf283a42a121dab4e43":"8164929fb54485377ecccc9b9621af5e":"":"fd5cecb2c0287cb8229e97d9cc4b9885f428710528884ce663ed1728cd44cb2df93e56ef17ace0678d1e341366c652f4ba7ee45797d39be4a05c1151e5cde499e13e5d45549b5d95a174d03616d06ef96e9d7b2b6bb0d79a726b253dd64223a5f09611671b234ccf9b383952f8888814b2c167e774cfbf54e9c6b99a753f4fa9":"40a2fa7f4370afb2":"":"6208d068be60f7b04b80fc611062e6caaef9a5cf59f850d174b7446c78c039ea9aefe4885e19c2b33911d32ce1fe3c48ddffa4b03e450fd35da03f40c4e7c5bb3b1c3f3049dbfad3ac81ca1b79cafbaa172f4900e3829d38edea3b64000f93924a801259bc4b2523445c64bc23bfee190b952468507fa4baf6dc2bec66fcf0d8":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"30d757fd73a0fd5fa49159ad0653296d":"b35b8df0aebd0608517f2830e0e70cd0":"":"17d485b258f80d8924e35291118cfdcffd86c47851b65f0b06a7c1f5202de82f3f460fc61b1aa38fdba7c8ded375c92cf005afe63e59d362c0960044af39241b81ca24e85c5faa43903229355b7313fee21b992ef3931d9d2407b32b3cf72dd7acbc7948395eb513cb2fd428b215ba2bd1e29c62f45d0ce231884f62480c6d8f":"954c0e99":"":"022618d2598f79104e918a09c937a82b3db59243b5e13de731fcb912e4366105797ce47f6dce7f08073f2f41e5c15fd6b1ec4b5861469a4880c3b0bd769b78c696ff29c28c9349d5a46a6e5ad9211bd4b708a8c0b6928ebbb0dac1c0a5f5ce6b05de6a50073128566a23f09cc1b826aa5803f9f750aa4debf59f24ae9f98c9b5":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d9d3cfd5900de5d5e2109e7721cfeef6":"b4b9dfb013de6f7c44779e5a9daaf5e5":"":"e4243cc37cc32dfcedf9bb76890e706af6ab1e06b290b8ccfe2a55e5dabe68cb390f7636dc9676b431d4dc8ad3f6d989e510194294ab7ab0556789046743cf374d8b6462f5f95a17f3f44337d6c69ee47b0e1ad7e5ce6f9b224c54099a104e70d2d06af869b921ea47febe08f90c591ed49c1f12003afceabd2c7bba458a0111":"2b81e8ce":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,0,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"68dc138f19354d73eaa1cf0e79231d74":"e7147749560f491420a2d893c075bb76":"":"ce345567a76bc30d8b4fd2239788221cfa75e1a310aeeeb8c355f8eea57d80967f3047fbd4e6173fac5caeb22151fa607065953c4c35e0537b9e3788cc80de9eedf2a340698bde99a6a1bdc81265319da3e52f7a53883b7f21749237fcfd3cd4f149bb2be7a4ddd9ef0544cfe0789040d1dc951b6447304942f03ab0beae8866":"70a83f6f":"":"64b021612c78b3e192e8349d48b77d02927e7fd70c7160d37cb8ef472f6bcd9df9d93431627c1c80875e208724ae05f94fdd2e005e9707b78a1bf3bbca7beec4b03ddd4d9de6235ffd6d84a8b9a1842e104c1e22df4566f6c4d3d4e3d96a56b9b8a5cdce9da70aa236109b289266036f285564060b204dfd7ac915eea0dd0b1e":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"7362c86344e0aefb0cf0d04768f9c05d":"7e8d12c2f0dcf4f792247134234ac94b":"86d2b5debc3b10495da353d6821f6cad380776d805bd8660b08dcdb1acd87026e4f344b547a4db47b5f44cded314bec4ce9a417ce40a2acd5a21460c42dfcd27483abf3f38dd8cc5fa523b6768a26513df5896435baa97781cff1966e2e3d6ec6d0a9cdc013de5a50e4d46831667055bad04f784024a82f9cd087ae4cd37dd64":"8baffc7836004deb87c0111d47c182512bf861874021ddfcd559acf2c4a51cf5bc4bfdee2d039b9c005b6af95a2607643dcf4d9cd9d62412f709334556db22fc91d7b40438505d6806ccb2f2c21ae731bc1f1c825d28a71ab27095a39985e96ccd07cfb2e75243ccafd474494a2338c324ef533ca5f17d2ac1b1883140342ced":"9594da428fd8c1b13ecb23afa2c1af2e":"":"e2c424f42aedd56f0e17a39d43ad19c8e2731efc7a25f077aef51d55280b10e667e338bd981b82a975ef62bf53bc52496b6995d33c90c7ae14767c126826e3f32bd23f444ddcfd7a0dd323b0ae2c22defad04ce63892b45c176bd0b86f5fa057a3dc371359744cb80bbfb4a195755136a0ea90b4044a45bc1b069f3cb3695c04":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"58748bb204ccb7bdafdbf739b6c19a3e":"93ac298c73c88e127a4d9dd81bf24e3d":"8f168fc4d1da13bdbefae3f9d6ac1d8cb19fcec1f43f727951af0a466d8826649a46c3cb50c045ea83849fce0eedbc042a1a435e6d9d59017997a2d5459b940078b8a7f3b6b0ff279ff8c560248296a17240ff1b0643d1f436b6e3f2079363fc49fb45f410debbdde083b92057916368cb807d603cb82e2c0dc01658bff7f1ab":"b72902c9ebb72a86be539b19a52fd9af00aa4de081d90c0d8ad580ebb5900177a036f40a1e9b43e3a07d715466526d6d7544e5a5551805b62463f956cd519fc99182c2d54bd62fc7ffc6e5ebf1503859b706da11a1b6c707a67a70789dbfc10ef726bd360f9f2347326e068e757c8443ddc9308a171e682359ae1bfe87194ab5":"efba4589d4a03555766bbc3b421dd60f":"":"d5c97a659f016904ff76286f810e8e92da6f8db2c63d8a42e617760780637e32105503440cdf04d1fe67813312f1479fda8d746c8b0b080591eba83850382f600e9d8680516c6579669f0b3d0a30323510f9de1c92512790b8347751994d022156cae64da0808a649d163a0e99e869fdf224b7c1a6a8fbc613d5917eca8ee08c":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"6cc13cbd62428bb8658dd3954fe9181f":"86740da7ce4efbed70af55e1d6c10fdf":"be561ac15e3cfda624b422af97c26719c140bb50e4a993d636efe9c7f1963fb9047a0762169b571a698ff310bc417e34d4039b7562a95af710ccc1b197964a376c986fd2ed8ac4b0c7b4e843c37a41366f2f483c821a1823f317416c7e4f32eed9b9dc2ae1a2f3ed32c4b3187358a2329aa42191b7c2fe87b6e27ff20303cb29":"2c9ec982d1cfb644ddbc53c0759b10493206d5186affc6882fbb2ba3aa430f9bae1209db2d78dcc125f3c909a54dd84fdff96c71e678216a58390ef4308bdd90f94f7109c4edefa76a74fda64b201b7a435bbabc27298f3eaa4c2d1393bd584f811fff52638f6ad2f6d86a8c3c9c030d9d4264c8c079592a36178d25991cff09":"76b990a1e010e5f088f6ae90bec40b32":"":"0b9a5f5d2e6852b75b9cf26c1b310b2200e56dafcf3c941478862cdf9737ac8e2cb9b38d41bd4a1872ea1b4cfd51a1a0b9b743aca439eefa10de8459a0a7a221c5429b3dee393f17031ca6c399df8e05657c3db55be9c9dd29e690042a4ed8db732efce7c58d6b20a2a0f7c79e42e5ada43b87ab00f481c20cac1b35514dcdc9":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"286d3f5080cfe88538571188fbeb2dd5":"da6140bd4dc6456ddab19069e86efb35":"5d350a04562a605e9082ebd8faec6c27e561425849e7f0f05f5049859c2c1bd2c4682ebf9773fab6177d2601fd5a086cefc3adef5a2f8f6b5dc9e649e98dd0a3d1a2524419f01305bd0fcfff52d84a20d1b14dea2138dcc54eea2bf263c6fe27c3e7255f1f359d0d00fb1b350d7a04965af30027632520197e85eb41de6bb286":"55135928997711360622eda1820c815aa22115204b1e9bb567e231ac6ea2594b4d652627b6816bdc6c40a4411fd6b12fab9a1f169d81c476dbf77151bff13f98ca0d1dc0a68ea681652be089fadbc66c604284eebfc8ce4cf10f4ca6bda0e0f6634023db6e3f0f1de626c3249a28a642ecc9ec5ff401e941fa8a3c691566c0ae":"d90d34094d740214dd3de685010ce3":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"726ae113a096769b657f973ea6d2d5dd":"2f9900226c97585d200dd20a279c154a":"761663c3fcbf1db12bc25546b2425b8229b3153e75f79fa63958819caee3febff74603d99264b5a82ef5980439bef89301ae3206a1d01a3bbd7a6c99d27d1e934cc725daeb483f826c2c9d788fd1f67a627864cf8b5f94df777bb59ef90cb6781a2000e6f0baa4f1ea4754b47bb7cbd2699f83634e4d8ab16b325b2c49f13499":"90636012ba8c51d16f8f6df3d3bcabc3f09aeffbe2a762f62e677913188045b861b2e7d9a7bd93dcee46e9e4832e497a6f79db52b4e45c8dab20fa568ff9c4ace55be3216f514a3284768a25d86b1c7da5377622f3e90ed4c7bd4571715af4d0a2ab5181d0475f699202e4406bb9cfdbd4fa7f22d0dd744d36b3223134658496":"d095bfb8990d4fd64752ee24f3de1e":"":"9f7759c6d24fd9aa0df02a7c0cc5f17e61622c63195f85dfafa5d820d3ad218c7288ec017821100f1fade10f9bb447a4a01e3698b045548c7619a08f2304e2818a9bf55e70b40f8b994b7dcf0cb243848cf3f6fdfec3ebbb147d01df84a3ec62cd8fa5d78ad9f2f28cd288a35eb49a5172339e9872e8e7e3350b0d69f59acd07":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"73a9eeda721c6f292e6b399e2647f8a6":"c1e80eb723960049cc4448b66433f1cf":"fb2a0b1f817404e74aee0a6ec8f2cd86f0c9114ed367b2690c44ad80f9d3377d7fd5066beaf1daa739d27ed3fba98379188016b1fe901204a174f9ffca370c181aece5e5d40939a0d460913b40b895e78a3b80ddf3d613c05e4e27bfd161ea2ef42271a2679f2cdca5b728ffb2319781c946a4f3ecacf486b754b30bb04ea60b":"215fc7e52abe4c751ca2f7f9a5cbde9ab8b44b8d4054bb62dcea6df5b936145ca6ec83a2b78b070638fd6e5ea3bad5d0caf1b8f755f391c3e0962a92337e3eba575585eb83680075fc818860388c587746af78d5fc75ccd0a63f1612abb1ba0f04a2228ca27fbddba4878f9b2683683f516b6d6fe4f6622e603bd3c5ad45e332":"e08161262234d0d5be22f09e5646bf":"":"b5e286183f16dd9403bec6786bd4836cc6add47947ef111fb1d5503c18c333c8fe60959502f58390d0e0f69fbe5fee13c72aed65fe6e32f6ea45877fe44f8a556aa5157b112e572197c1c350b7943c6cf2e9146018599524d27599f09c86027f2c5927e4a20c63833870e8369baa36ecc07cdb3ced520b5ae46869ff357ca089":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"90dbda7397d8fc46215a1218a6ffd0d8":"7be477d14df5dc15877ae537b62e1a56":"7358ddf1310a58871a2f76705f1cf64223c015c4d1574104d2e38783bb866205042f05c86e76c47a2516ce284911f1d2cbee079982dd77167e328b8324eec47c9244cc5668cf908c679bb586d4dd32c6c99ed99a6b571cf18b00689463e7a88cea6ea32d288301a10a9139ed6092ffe298e25b8cfb6b4be8217f16076dcd0a90":"4f82a1eca6c9184240f50f7e0cfec07ec772cad5276d93043c462d8364addd9a652eed385ccc6b0faa6ca679ab3a4c3d0be6a759425fd38316ee6a1b1b0c52c1bb3b57a9bd7c8a3be95c82f37800c2e3b42dde031851937398811f8f8dc2a15bfd2d6be99a572d56f536e62bc5b041d3944da666081cd755ec347f464214bf33":"776d871944159c51b2f5ec1980a6":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"0c85174d428fc1c7c89ca5d1b8aaba25":"b3c9dfa4c55388a128fbf62aa5927361":"3f552d45b61cf05ae2aa92668e89f3338a15ec7c5b7113b6571cfcd9e4c4a962043ccd9323f828dd645e8a91b007ce2112b7f978ad22ee9821698a4f2559d987ae4421452ad2e8d180953297156426d4540aff2104d8637b56b034a3a1823cf962bffbc465fe6148097975a8821ca7487e6e6c7ff4ee4de899fe67345676bb1c":"3735cbfb8000260021d1938d2a18e7737f378ecddb11a46ce387bf04e20bbfcc902457637fd152ab87017185601f32a7f906057123b6c2da31a1069c93e3cacc59a359aebd3e31b302e1a1f7d5d8f1b2917a8fe79181fa633b925ce03a1198dac48f4c959076b55bc6b3d50188af2c6aa33d83698aa8db22649f39825ba54775":"1e7dec83830183d56f443a16471d":"":"3d98cabca4afb7c1f6b8eeed521f4666ae252ac12d17ebf4a710b9a22d839b69458387ba4bbec2f6400e0cff80fbe4682c24efcd3b8c594d9b515ca7842c9d5988c42b59b6526c29a99256451e2927f5b956ef262f97c733dfa8bff73644473b9a8562bdfca748f4733ddce94a60024dfbfcde62fb3cbd7c3d955012d5338b91":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"d89f06eb07744d43d44734faf9751d07":"185f8d033713ee629e93561cf8d5acb8":"743bcb671d0aa1c547b5448d64d7c6b290777625ba28f25ca0fbf1fc66495a2fde0648a8db51039b0e7340d993aef8afb48269e660cb599837d1e46f72727762d887ee84c073d6136d1b0bc7d4c78f5673a4a6b73375937e8d54a47304845f38ca6b4f51cf14136a0826016535dc5ed003e38c3ac362b9d58ba8b555a05a1412":"36cc3b2f563305208a03378f7dc036119f7de3fee77cefac06515853d36609a622382ed026c59783fbc0d9910767874c516e10c7bf3e3d104f73b3463c8d93a63418c76cb0d05e62e9c8642cb4f32caced2620912cb6c79e5110a27d5fba1ef3b4d0578077858526c5e4254365f2b2ab47a45df4af08980b3b7a9b66dff5b38c":"fcad48076eb03ebe85c6d64f6357":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"6150f14dc53f391e815acfabed9f9e20":"7e92dd558bd2662c3a539dfe21a352cf":"9b4624e9118e6aa5dc65b69856638f77fd3f9f562046f50ba92a64e988258637932af7979f000505b84a71ff5dd7b60bad62586b1a8837a61c15a1a1ba7f06668272c28169915d7f06297b6c2a96c8c44203a422bfd25500c82e11274ffe07706365bfd3da34af4c4dd8ad7b620de7284a5af729bea9c4ed2631bdcba2ebdb7d":"fd8f337017e1b60d6618e6e4ad37c1f230cdeb78891579c2c63d4e6a4f7d2cb7252e99de333c73db45958808c08e91359c885a7385ab6f9ed98a27927a5b83c3a456ce2e01869712675e527155ba1e339ac14a3ccd7a4b87360902f2b8381308fe5a4eac5c90d0b84da4bf5b907de6ff3139cffd23b49a78750006100183032a":"922a7b48ad5bf61e6d70751cfe":"":"f272a3ee9b981f97785cc6fad350e516d72d402dae0d8a531c064ec64598b2a5760f9b279c10aa1ff71bec07300ab0373187138e7a103fc4130105afa6b6346f3d368b40d6f542375de97878ad4d976d64c5c4968a17be2b1757a17c03100231c34721250cd37cc596678764083ade89ae3b1a2151ff9151edcd7ba0eb8a4649":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3e8216072ed6fcde0fe0f636b27ed718":"23a122cf363c3117b8c663388c760ee4":"28ce0b4a44fa83323e060f3ff6436b8829d4f842090296bdc952b6d4a6b1b1a66be06168c63c4643e6ac186f7ffd8d144f603b2d4bc0d65be48121676f9fa1f359029c512bebfd75075ff357bc55f20fc76d9f2477c9930f16408f9f09c5ae86efa2529d2f1449ceeb635b83ca13662860ef9ac04a3d8ab4605eccd2d9ae5a71":"3b50f2a8dca9f70178503d861d9e37f5edfafc80ee023bfed390a477372986e4794175ec22ac038c3461aba50c9b2379cab48512946efdfe2cb9c12a858b373a5309324f410e6a05e88ba892759dbee6e486dc9665f66cb5950ea7e71317fa94abbebd67a3948746a998173fbbb4f14f9effbdf66d3b6e346053496a4b1934ce":"531a65cc5dfeca671cc64078d1":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"1af434b73a1210b08595ffa686079832":"ae318f3cb881d1680f6afbf6713a9a2f":"3763c9241be0d9d9a9e46e64b12e107d16cca267ff87844c2325af910cc9a485c7015d95bbe62398864d079fb2b577ba0cfad923c24fa30691ad7d767d651eed4a33d0be8f06fed43f58b2e0bb04959f10b9e8e73bd80d3a6a8c8ce637bfbdb9d02c2b0a3dd8317c4997822031a35d34b3b61819b425c10c64e839b29874ddfb":"13f6c1c2d4edcf1438a7b4e85bcd1c84a989831a64d205e7854fce8817ddfceab67d10506ccf6ed9ce50080ef809e28e46cba7b0c96be6a811f59cd09cb3b7b3fe5073ee6763f40aee61e3e65356093f97deef5a8721d995e71db27a51f60a50e34ac3348852c445188cfc64337455f317f87535d465c6f96006f4079396eba3":"2ae7350dd3d1909a73f8d64255":"":"3cd2a770300ce4c85740666640936a0fe48888788702fc37e7a8296adb40b862ec799f257a16821adaa7315bd31e8dec60e4a8faeb8ba2ee606340f0219a6440e9c1d3168425e58fac02e8a88865f30649913d988353ab81f42a5ad43f960055f0877acda20f493208c2c40754fbf4ccee040975aa358ea3fe62cbd028c1611a":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"04036d2f5273c6ff5b8364aa595359c9":"edc433c381140dff929d9df9f62f4cb6":"404acfeeea342aeea8c8b7449af9e20ddf5b85dc7770d2144a4dd05959613d04d0cfece5a21cbb1a9175ddc9443ffacd2085332eb4c337a12a7bb294c95960e7c0bde4b8ab30a91e50267bbd0b8d2a4ed381409ea2e4c84f9a2070a793ce3c90ea8a4b140651b452674f85d5b76d0055df115608bf3a3c60996108023ebabe65":"acf79b6099490af938fb5fd8913255b3daa22786b03356cdf3e0ffaf570f9f866047b8e15c9953f893d97e7098265297396868ebc383be8547e8ec9d974b6a65b5dc5147cdadef2e2ad96696e84e44f364c2ba18c8aabe21f99489957b2b5484bf3fb4fecaf5ddaa1d373e910059c978918a3d01b955de2adb475914bf2c2067":"71f818f1a2b789fabbda8ec1":"":"4729cb642304de928b9dca32bb3d7b7836dd3973bbccf3f013c8ff4b59eca56f5d34d1b8f030a7b581b2f8fdc1e22b76a4cbc10095559876736d318d6c96c5c64cbd9fbd1d8eb4df38a2d56640d67d490d03acc1cd32d3f377eb1907bbd600f21d740b578080ba9c6ddc7dc6c50cdcee41fec51499cb944713c0961fc64f5a70":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"59fe44c6e28d025b2ad05e6e867051ab":"eb0c30320029433f66d29b3fd5c6563b":"49b7418b87374b462d25309b1c06e3132a3c8f4a4fcf29fed58e0902509426be712639db21c076df7b83dcfcc2c2c8fcc88576f4622a4366eb42f84ebf760e3eb22b14f8b5ff83f06a6f04a924eaab05b912e126e80da22461abf7f1925fd72ebdf2aea335a044726e7c2ebbb2b8aeebab4f7de5e186b50f275b700794d895d8":"20e66bae1215de9a87a0b878d39015d17e0d4542a1aaba2000cefbd5f892c26a410f55f0d7dc2f6b66690f2997032985e5516e068bfc6ec8a3669f566e280b0cefded519023b735ee3bcbfc5b6ce8203b727933a750f9bd515ec448c1f3a030aa0f40e607727a3239ebbe655d46b38a3d867e481ccf0fadbf0d59b665d2ed6b5":"296c4cdaeb94beb2847dc53d":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"c314264cee0e6db30ebe9b2f6d4991b2":"4cd4431bb6dea8eb18ae74e4c35a6698":"0eeafbfd04f9a0ea18e5bdc688c7df27183f346187e9574b61222006f2b3e12e8d9d9bf1f0f15949ee1a7ee8e5c80ee903b8ba2860e15ccb999929f280200b159c2adca481748d0632a7b40601c45055f8cb5126148e6cbab2c76f543537ab54eb276188343cea3c4ab0d7b65b8754e55cfe3f6a5c41b6ea3c08b81fcecc968a":"d436ff9abfb044a332c4e009b591719a67b12a5366da0a66edf19605c34daa37588e15dd3da0d1a097215e469439de79cca74e04cd4904e5b4a6cb4e0ea54e6ba4e624ed6bd48be32d1ef68ffea1639a14e91a5914c2346ea526df95cbd4ad1b8ee842da210b35b6315c3075ecc267d51643c4b39202d0ad793cbb0045ebdc19":"fda18d2f795d900f057fe872":"":"cb9e0fb0ac13ca730b79e34745584b362d0716c344e4de90d8352b21117471ba12c97f193150b33774baee5e4a0f11b10428eaf0106c958e16aa46c5f6f3d99eed93d1b9ba3957bed05a8b9cc8c5511cf813a66dc7d773cb735b0523d8d6b0b80639b031ddc375f714c6dd50055320cd7ed44a471c8d5645c938a9005d0b5050":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"26072018bd0bda524b5beb66a622c63e":"c783d6d3b8392160e3b68038b43cf1f4":"8ae7c809a9dc40a6732a7384e3c64abb359c1b09dcb752e5a6b584873e3890230c6fc572b9ad24d849766f849c73f060fc48f664c1af9e6707e223691b77e170966ed164e0cc25ede3fbc3541c480f75b71e7be88fe730d8b361ea2733c6f37e6a59621de6004e020894b51dfb525973d641efe8d5fd9077a0bbc9dc7933a5de":"91c524b359dae3bc49117eebfa610672af1e7754054607317d4c417e7b1a68453f72d355468f825aeb7fde044b20049aed196ec6646cce1eeeccf06cb394286272b573220cdb846613ebc4683442dccc7a19ec86ef1ec971c115726584ae1f4008f94e47d1290d8b6b7a932cfe07165fd2b94e8f96d15f73bf72939c73f4bd11":"edffe55c60235556":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"201751d3da98bd39ff4e5990a56cfea7":"6172468634bf4e5dda96f67d433062d7":"ae2d770f40706e1eaa36e087b0093ec11ed58afbde4695794745e7523be0a1e4e54daade393f68ba770956d1cfb267b083431851d713249ffe4b61227f1784769ce8c9127f54271526d54181513aca69dc013b2dfb4a5277f4798b1ff674bca79b3dec4a7a27fcf2905ae0ce03f727c315662cd906e57aa557d1023cce2acd84":"2965af0bde3565a00e61cebbfe0b51b5b5ee98dbbfff7b1b5bf61da5ba537e6f4cf5fa07d2b20e518232c4961e6bc3ae247b797429da5d7eee2fc675b07066ac2e670261c6e9a91d920c7076101d86d5ef422b58e74bdc1e0b1d58298d3ee0f510ee3a3f63a3bbc24a55be556e465c20525dd100e33815c2a128ac89574884c1":"66c247e5ad4e1d6a":"":"efd064d4b4ef4c37b48ddf2fa6f5facc5e9cc4c3255b23a1e3765fabb5a339fa0eda754a5381b72989fc1323ff9a6bbaecd904eb4835e5a511b922927574673061ed8de23299ea1456054e7ebb62869878c34fb95e48c8385b5ebceecb962654cf1586b3f54e7887ce31850363e9a22be9e6fbc22e694db81aa055490495dbf2":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"3bc0dcb5261a641a08e6cb00d23e4deb":"16fa19f69fceed9e97173207158755a5":"92ddd3b98f08fc8538f6106f6434a1efa0a7441cc7f6fd0841103c2e4dd181ea0c9a4811b3cb1bad1986a44d8addabc02dd6980daf7d60405b38dadc836bb1d0620ceab84e0134aca7c30f9f9490436b27acfd7052f9d7f0379b8e7116571017add46b9976f4b41431d47bae6f5f34dc42410793bc26c84bfe84fb53ae138c85":"d533ad89a1a578db330c01b4e04d08238b020e36aebe87cf2b0bf0b01f1ce4197be8b0596e475a95946918152e8b334ba89f60486c31f0bd8773ca4ff1319fe92197088b131e728d64405441c4fb5466641f0b8682e6cb371f8a8936140b16677f6def8b3dd9cbf47a73f553f1dca4320ad76f387e92f910f9434543f0df0626":"f5289e1204ace3b2":"":"be0c30deeffbe51706247928132002b24d29272eee6b9d618483868e67280236632fa1ae06f3ef793f67bd01b1b01f70a827367c1cd28f778910457c7cbd977dfefff1f84a522247e19b2fd01fa22ce67cef9503d45c80a5084741f04108f2462b7cdd06a8f1f044fea2b05e920bcc061fbc6910175d732f45102a63c76ae48c":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"239c15492d6deec979e79236baca4635":"916b8b5417578fa83d2e9e9b8e2e7f6b":"b39eb732bc296c555cc9f00cf4caaf37d012329f344a6b74a873baf0d8dde9631f5e57b45b957d6aec0f7978e573dd78b43d459b77756037cd64d10d49966eb3a2a08d0f4d5e4f5dcb8713f4e4756acdf9925c5fc6120c477f6dffc59b0b47a3d5efd32b8c9052b321bb9b5129e5c6a095d8de563601b34608456f58d7221f2d":"d64886ce5f5b4adb7fe8f95904bc1461749c931655b02819ffdd0ae31bad4175125aa68962f8e36ec834a7d53a191a74c937e81ec93ad9ce0d3b286d3c11ff1733c0b7780130768c120b1833933561cf07399ca49b912370ae34f0e49b9c8cb9920eddc6816ab2ae261c6d7f70058a9b83a494026f249e58c4c613eefafe6974":"fc08cbbe":"":"95c169721ea007c3f292e4ec7562a426d9baa7d374fd82e1e48d1eaca93d891d5ffa9acf5e3bd82e713ac627141e26a8b654920baffab948401cc3c390d6eea9d7b78c4fcb080b0aa9222e4d51bf201ccfd9328995831435e065d92ad37ee41c7c4366cc1efe15c07fc0470608866aeea96997772ecf926934c5d02efe05f250":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"db68a96e216b0dd9945f14b878487e03":"8a1a72e7bb740ec37ea4619c3007f8ae":"1b4f37190a59a4fff41d348798d1829031204fd7ac2a1be7b5ea385567e95e2ace25bf9e324488dd3ab8ce7f29d4c9a4f4b1a8a97f774871ee825e2c17700128d3c55908d3b684a1f550fdb8b38149ff759c21debdd54e49d64d3e8aac803dfd81600464ed484749bb993f89d4224b3d7d55c756b454466ff9fd609019ed5e83":"5634196a32d4cbfa7a2f874a1e0f86287d2942090e0cc6a82bd5caf40136a27ddf524a17713ce4af04ca6cb640a7205cce4ac9cb2d0ab380d533e1e968089ea5740c0fcbfa51f2424008e0b89dc7b3396b224cfaed53b3ac0604879983d3e6e6d36053de4866f52976890f72b8f4b9505e4ebdd04c0497048c3ce19336133ea4":"9251d3e3":"":"0c6bb3ee5de5cbb4b39d85d509bcacb3dda63fa50897936531339882962e8dc54c285c8944768d12096d4a3c2b42ffa92603cee2da9b435ec52908fca6d38ed74f898fe0ffa761f96038ff7dfeccc65bb841c3457b8de1e97d9bee82e2911602ee2dc555b33a227424dea86d610d37c447776295b412b412903ad2cede5170b6":1
+
+AES-GCM NIST Validation PSA (AES-128,128,1024,1024,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_GCM:"659b9e729d12f68b73fdc2f7260ab114":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"8e5a6a79":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"806766a4d2b6507cc4113bc0e46eebe120eacd948c24dc7f":"4f801c772395c4519ec830980c8ca5a4":"":"":"8fa16452b132bebc6aa521e92cb3b0ea":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"0c2abdcd2e4ae4137509761a38e6ca436b99c21b141f28f5":"335ca01a07081fea4e605eb5f23a778e":"":"":"d7f475dfcb92a75bc8521c12bb2e8b86":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"eef490a0c2ecb32472e1654184340cc7433c34da981c062d":"d9172c3344d37ff93d2dcb2170ea5d01":"":"":"017fef05260a496654896d4703db3888":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fe0c3490f1f0dba23cf5c64e6e1740d06f85e0afec6772f3":"f47e915163fa3df7f6c15b9d69f53907":"":"":"14e1a057a2e7ffbd2208e9c25dbba1":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4356b3b1f308df3573509945afe5268984f9d953f01096de":"a35b397b34a14a8e24d05a37be4d1822":"":"":"e045ecba220d22c80826b77a21b013":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"e2898937cc575c8bb7444413884deafe8eaf326be8849e42":"169a449ccb3eb29805b15304d603b132":"":"":"3a807251f3d6242849a69972b14f6d":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"75683c7df0442e10b5368fcd6bb481f0bff8d95aae90487e":"538641f7d1cc5c68715971cee607da73":"":"":"07d68fffe417adc3397706d73b95":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"0724ee1f317997ce77bb659446fcb5a557490f40597341c7":"0d8eb78032d83c676820b2ef5ccc2cc8":"":"":"7da181563b26c7aefeb29e71cc69":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"be2f0f4ae4ab851b258ec5602628df261b6a69e309ff9043":"646a91d83ae72b9b9e9fce64135cbf73":"":"":"169e717e2bae42e3eb61d0a1a29b":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"583c328daecd18c2ac5c83a0c263de194a4c73aa4700fe76":"55e10d5e9b438b02505d30f211b16fea":"":"":"95c0a4ea9e80f91a4acce500f7":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b40857e7e6f26050f1e9a6cbe05e15a0ba07c2055634ad47":"e25ef162a4295d7d24de75a673172346":"":"":"89ea4d1f34edb716b322ea7f6f":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"627008956e31fea497fb120b438a2a043c23b1b38dc6bc10":"08ea464baac54469b0498419d83820e6":"":"":"ab064a8d380fe2cda38e61f9e1":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8c386d67d7c2bfd46b8571d8685b35741e87a3ed4a46c9db":"766996fb67ace9e6a22d7f802455d4ef":"":"":"9a641be173dc3557ea015372":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"711bc5aa6b94fa3287fad0167ac1a9ef5e8e01c16a79e95a":"75cdb8b83017f3dc5ac8733016ab47c7":"":"":"81e3a5580234d8e0b2204bc3":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c74620828402e0bdf3f7a5353668505dc1550a31debce59a":"cfbefe265583ab3a2285e8080141ba48":"":"":"355a43bcebbe7f72b6cd27ea":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1eb53aa548b41bfdc85c657ebdebdae0c7e525a6432bc012":"37ffc64d4b2d9c82dd17d1ad3076d82b":"":"":"34b8e037084b3f2d":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"50d077575f6db91024a8e564db83324539e9b7add7bb98e4":"118d0283294d4084127cce4b0cd5b5fa":"":"":"507a361d8ac59882":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d9ddca0807305025d61919ed7893d7d5c5a3c9f012f4842f":"b78d518b6c41a9e031a00b10fb178327":"":"":"f401d546c8b739ff":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6ed8d8afde4dc3872cbc274d7c47b719205518496dd7951d":"14eb280288740d464e3b8f296c642daa":"":"":"39e64d7a":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"80aace5ab74f261bc09ac6f66898f69e7f348f805d52404d":"f54bf4aac8fb631c8b6ff5e96465fae6":"":"":"1ec1c1a1":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"23b76efd0dbc8d501885ab7d43a7dacde91edd9cde1e1048":"75532d15e582e6c477b411e727d4171e":"":"":"76a0e017":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"94c50453dd3ef7f7ea763ae13fa34debb9c1198abbf32326":"1afe962bc46e36099165552ddb329ac6":"b2920dd9b0325a87e8edda8db560bfe287e44df79cf61edba3b2c95e34629638ecb86584f05a303603065e63323523f6ccc5b605679d1722cde5561f89d268d5f8db8e6bdffda4839c4a04982e8314da78e89f8f8ad9c0fee86332906bf78d2f20afcaabdc282008c6d09df2bfe9be2c9027bb49268b8be8936be39fa8b1ae03":"":"51e1f19a7dea5cfe9b9ca9d09096c3e7":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c6a98102af3d875bcdebe594661d3a6b376970c02b11d019":"bea8cd85a28a2c05bf7406b8eef1efcc":"f2f80e2c042092cc7240b598ab30fad055bce85408aa0f8cefaf8a7204f0e2acb87c78f46a5867b1f1c19461cbf5ed5d2ca21c96a63fb1f42f10f394952e63520795c56df77d6a04cb5ad006ee865a47dc2349a814a630b3d4c4e0fd149f51e8fa846656ea569fd29a1ebafc061446eb80ec182f833f1f6d9083545abf52fa4c":"":"04b80f25ae9d07f5fd8220263ac3f2f7":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ec3cc45a22fdc7cc79ed658d9e9dbc138dcc7d6e795cba1a":"b10d9c70205e142704f9d1f74caee0f6":"714994017c169c574aaff2f8bad15f8fa6a385117f5405f74846eca873ca4a8f4876adf704f2fcaff2dfa75c17afefd08a4707292debc6d9fafda6244ca509bc52b0c6b70f09b14c0d7c667583c091d4064e241ba1f82dd43dc3ea4b8922be65faf5583f6b21ff5b22d3632eb4a426675648250e4b3e37c688d6129b954ef6a8":"":"d22407fd3ae1921d1b380461d2e60210":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5a32ebc7a2338038ced36d2b85cbc6c45cca9845a7c5aa99":"9afe0882e418c9af205eeb90e131d212":"61ff8a8bc22803f17e8e9f01aff865bc7d3083ff413ce392a989e46ebed5114894de906f7d36439024d8f2e69cc815ac043fff2f75169f6c9aa9761ff32d10a1353213ac756cb84bd3613f8261ef390e1d00c3a8fb82764b0cda4e0049219e87d2e92c38f78ffac242391f838a248f608bb2b56b31bbb453d1098e99d079ea1b":"":"fcbb932ddb0128df78a71971c52838":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9bf22885e7f13bcc63bb0a2ca90c20e5c86001f05edf85d8":"99dec21f4781284722b5074ea567c171":"9f4176dacf26e27aa0e669cd4d44bca41f83468c70b54c745a601408a214bf876941ae2ae4d26929113f5de2e7d15a7bb656541292137bf2129fdc31f06f070e3cfaf0a7b30d93d8d3c76a981d75cd0ffa0bcacb34597d5be1a055c35eefeddc07ee098603e48ad88eb7a2ec19c1aefc5c7be9a237797397aa27590d5261f67a":"":"18fd1feec5e3bbf0985312dd6100d1":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"cfd75a9d3788d965895553ab5fb7a8ff0aa383b7594850a6":"a6df69e5f77f4d99d5318c45c87451b2":"041aeb2fa0f7df027cd7709a992e041179d499f5dbccd389035bf7e514a38b5f8368379d2d7b5015d4fa6fadfd7c75abd2d855f5ea4220315fad2c2d435d910253bf76f252a21c57fe74f7247dac32f4276d793d30d48dd61d0e14a4b7f07a56c94d3799d04324dfb2b27a22a5077e280422d4f014f253d138e74c9ac3428a7b":"":"fd78b9956e4e4522605db410f97e84":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b0b21ae138485591c6bef7b3d5a0aa0e9762c30a50e4bba2":"56dc980e1cba1bc2e3b4a0733d7897ca":"a38458e5cc71f22f6f5880dc018c5777c0e6c8a1301e7d0300c02c976423c2b65f522db4a90401035346d855c892cbf27092c81b969e99cb2b6198e450a95c547bb0145652c9720aaf72a975e4cb5124b483a42f84b5cd022367802c5f167a7dfc885c1f983bb4525a88c8257df3067b6d36d2dbf6323df80c3eaeffc2d176a5":"":"b11f5c0e8cb6fea1a170c9342437":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8775665aba345b1c3e626128b5afa3d0da8f4d36b8cf1ca6":"cd17f761670e1f104f8ea4fb0cec7166":"2ee08a51ceaca1dbbb3ee09b72f57427fd34bd95da5b4c0933cbb0fc2f7270cffd3476aa05deeb892a7e6a8a3407e61f8631d1a00e47d46efb918393ee5099df7d65c12ab8c9640bfcb3a6cce00c3243d0b3f316f0822cfeae05ee67b419393cc81846b60c42aeb5c53f0ede1280dc36aa8ef59addd10668dd61557ce760c544":"":"6cdf60e62c91a6a944fa80da1854":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"cc9922299b47725952f06272168b728218d2443028d81597":"9b2f1a40717afcdbb6a95d6e335c9e4d":"bcfca8420bc7b9df0290d8c1bcf4e3e66d3a4be1c947af82dd541336e44e2c4fa7c6b456980b174948de30b694232b03f8eb990f849b5f57762886b449671e4f0b5e7a173f12910393bdf5c162163584c774ad3bba39794767a4cc45f4a582d307503960454631cdf551e528a863f2e014b1fca4955a78bd545dec831e4d71c7":"":"dd515e5a8b41ecc441443a749b31":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5a27d718f21c5cbdc52a745b931bc77bd1afa8b1231f8815":"59661051912fba45023aef4e6f9380a5":"2b7ce5cea81300ed23501493310f1316581ef8a50e37eaadd4bb5f527add6deb09e7dcc67652e44ac889b48726d8c0ae80e2b3a89dd34232eb1da32f7f4fcd5bf8e920d286db8604f23ab06eab3e6f99beb55fe3725107e9d67a491cdada1580717bbf64c28799c9ab67922da9194747f32fd84197070a86838d1c9ebae379b7":"":"f33e8f42b58f45a0456f83a13e":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b83e933cf54ac58f8c7e5ed18e4ed2213059158ed9cb2c30":"8710af55dd79da45a4b24f6e972bc60a":"b7a428bc68696cee06f2f8b43f63b47914e29f04a4a40c0eec6193a9a24bbe012d68bea5573382dd579beeb0565b0e0334cce6724997138b198fce8325f07069d6890ac4c052e127aa6e70a6248e6536d1d3c6ac60d8cd14d9a45200f6540305f882df5fca2cac48278f94fe502b5abe2992fa2719b0ce98b7ef1b5582e0151c":"":"380128ad7f35be87a17c9590fa":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d2f85f92092385f15da43a086cff64c7448b4ee5a83ed72e":"9026dfd09e4553cd51c4c13ce70830de":"3c8de64c14df73c1b470a9d8aa693af96e487d548d03a92ce59c0baec8576129945c722586a66f03deb5029cbda029fb22d355952c3dadfdede20b63f4221f27c8e5d710e2b335c2d9a9b7ca899597a03c41ee6508e40a6d74814441ac3acb64a20f48a61e8a18f4bbcbd3e7e59bb3cd2be405afd6ac80d47ce6496c4b9b294c":"":"e9e5beea7d39c9250347a2a33d":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"de7df44ce007c99f7baad6a6955195f14e60999ed9818707":"4d209e414965fe99636c1c6493bba3a3":"da3bc6bdd414a1e07e00981cf9199371192a1fb2eaae20f7091e5fe5368e26d61b981f7f1d29f1a9085ad2789d101155a980de98d961c093941502268adb70537ad9783e6c7d5157c939f59b8ad474c3d7fc1fcc91165cdf8dd9d6ec70d6400086d564b68ebead0d03ebd3aa66ded555692b8de0baf43bc0ddef42e3a9eb34ab":"":"24483a57c20826a709b7d10a":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1dfa5ff20046c775b5e768c2bd9775066ae766345b7befc3":"2d49409b869b8b9fc5b67767979ca8cd":"e35d34478b228bc903ea2423697e603cc077967d7cfb062e95bc11d89fbe0a1f1d4569f89b2a7047300c1f5131d91564ec9bce014d18ba605a1c1e4e15e3e5c18413b8b59cbb25ab8f088885225de1235c16c7d9a8d06a23cb0b38fd1d5c6c19617fe08fd6bf01c965ed593149a1c6295435e98463e4f03a511d1a7e82c11f01":"":"23012503febbf26dc2d872dc":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2df3ee3a6484c48fdd0d37bab443228c7d873c984529dfb4":"dc6aeb41415c115d66443fbd7acdfc8f":"eafc6007fafb461d3b151bdff459e56dd09b7b48b93ea730c85e5424f762b4a9080de44497a7c56dd7855628ffc61c7b4faeb7d6f413d464fe5ec6401f3028427ae3e62db3ff39cd0f5333a664d3505ff42caa8899b96a92ec01934d4b59556feb9055e8dfb81f55e60135345bfce3e4199bfcdb3ce42523e7d24be2a04cdb67":"":"e8e80bf6e5c4a55e7964f455":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ce0787f65e6c24a1c444c35dcd38195197530aa20f1f6f3b":"55300431b1eaac0375681d7821e1eb7a":"84a699a34a1e597061ef95e8ec3c21b592e9236ddb98c68d7e05f1e709937b48ec34a4b88d99708d133a2cc33f5cf6819d5e7b82888e49faa5d54147d36c9e486630aa68fef88d55537119db1d57df0402f56e219f7ece7b4bb5f996dbe1c664a75174c880a00b0f2a56e35d17b69c550921961505afabf4bfd66cf04dc596d1":"":"74264163131d16ac":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3a15541b5857a668dc9899b2e198d2416e83bac13282ca46":"89bf8ab0cea6f59616eeb9b314d7c333":"4d2843f34f9ea13a1ac521479457005178bcf8b2ebeaeb09097ea4471da9f6cc60a532bcda1c18cab822af541de3b87de606999e994ace3951f58a02de0d6620c9ae04549326da449a3e90364a17b90b6b17debc0f454bb0e7e98aef56a1caccf8c91614d1616db30fc8223dbcd8e77bf55d8253efe034fd66f7191e0303c52f":"":"8f4877806daff10e":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b61cdfd19c136ee2acbe09b7993a4683a713427518f8e559":"4066118061c904ed1e866d4f31d11234":"153c075ecdd184fd8a0fca25cae8f720201361ef84f3c638b148ca32c51d091a0e394236d0b51c1d2ee601914120c56dfea1289af470dbc9ef462ec5f974e455e6a83e215a2c8e27c0c5b5b45b662b7f58635a29866e8f76ab41ee628c12a24ab4d5f7954665c3e4a3a346739f20393fc5700ec79d2e3c2722c3fb3c77305337":"":"4eff7227b42f9a7d":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ce175a7df7e429fcc233540e6b8524323e91f40f592ba144":"c34484b4857b93e309df8e1a0e1ec9a3":"ce8d8775f047b543a6cc0d9ef9bc0db5ac5d610dc3ff6e12e0ad7cd3a399ebb762331e3c1101a189b3433a7ff4cd880a0639d2581b71e398dd982f55a11bf0f4e6ee95bacd897e8ec34649e1c256ee6ccecb33e36c76927cc5124bc2962713ad44cbd435ae3c1143796d3037fa1d659e5dad7ebf3c8cbdb5b619113d7ce8c483":"":"ff355f10":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5f659ed236ba60494e9bf1ee2cb40edcf3f25a2bac2e5bc5":"ad49f12f202320255406c2f40e55b034":"6da62892f436dfe9790e72d26f4858ca156d1d655c9cc4336fcf282b0f3f0b201e47f799c3019109af89ef5fd48a4811980930e82cd95f86b1995d977c847bbb06ecdcc98b1aae100b23c9c2f0dcf317a1fb36f14e90e396e6c0c594bcc0dc5f3ebf86ce7ecd4b06d1c43202734d53f55751a6e6bbda982104102af240def4eb":"":"cb4d8c1d":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a73f318b1e298ba4ac0ab2aed74f73543b1017cccbd1b240":"abe33b7e8d88bd30deb96d1e90c4e951":"6de616b000047b14b6759015183dd753c61499c0e665d06a89e4fb0cd0dd3064ff8651582e901ef5d0cdf3344c29c70c3aabc2aaf83cb3f284c6fe4104906d389b027e7d9ca60d010f06ef8cd9e55db2483d06552ddbe3fc43b24c55085cd998eae3edec36673445bf626e933c15b6af08ea21cbace4720b0b68fe1a374877d5":"":"4a28ec97":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"73d5be74615bc5b627eedfb95746fb5f17cbf25b500a597f":"eb16ed8de81efde2915a901f557fba95":"":"fc40993eb8559e6b127315c03103ce31b70fc0e07a766d9eecf2e4e8d973faa4afd3053c9ebef0282c9e3d2289d21b6c339748273fa1edf6d6ef5c8f1e1e9301b250297092d9ac4f4843125ea7299d5370f7f49c258eac2a58cc9df14c162604ba0801728994dc82cb625981130c3ca8cdb3391658d4e034691e62ece0a6e407":"804056dca9f102c4a13a930c81d77eca":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a249135c9f2f5a8b1af66442a4d4e101771a918ef8acee05":"80b6e48fe4a3b08d40c1636b25dfd2c4":"":"c62b39b937edbdc9b644321d5d284e62eaa4154010c7a3208c1ef4706fba90223da04b2f686a28b975eff17386598ba77e212855692f384782c1f3c00be011e466e145f6f8b65c458e41409e01a019b290773992e19334ffaca544e28fc9044a5e86bcd2fa5ad2e76f2be3f014d8c387456a8fcfded3ae4d1194d0e3e53a2031":"951c1c89b6d95661630d739dd9120a73":"":"b865f8dd64a6f51a500bcfc8cadbc9e9f5d54d2d27d815ecfe3d5731e1b230c587b46958c6187e41b52ff187a14d26aa41c5f9909a3b77859429232e5bd6c6dc22cf5590402476d033a32682e8ab8dc7ed0b089c5ab20ab9a8c5d6a3be9ea7aa56c9d3ab08de4a4a019abb447db448062f16a533d416951a8ff6f13ed5608f77":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fa832a4b37dcb3c0879a771bb8ae734f0d88b9be497797a8":"70835abab9f945c84ef4e97cdcf2a694":"":"0f1105f9ec24121232b60b6ef3c3e8ca9eec1a3d7625004b857d1d77f292b6ec065d92f5bb97e0dc2fdfdf823a5db275109a9472690caea04730e4bd732c33548718e9f7658bbf3e30b8d07790cd540c5754486ed8e4d6920cefaeb1c182c4d67ebed0d205ba0bd9441a599d55e45094b380f3478bcfca9646a0d7aa18d08e52":"a459be0b349f6e8392c2a86edd8a9da5":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"dda216287910d1f5c0a312f63c243612388bc510cb76c5ba":"7f770140df5b8678bc9c4b962b8c9034":"":"d6617d583344d4fe472099d2a688297857215a3e31b47d1bf355ccfe9cf2398a3eba362c670c88f8c7162903275dfd4761d095900bd97eba72200d4045d72bd239bda156829c36b38b1ff5e4230125e5695f623e129829721e889da235bb7d4b9da07cce8c3ceb96964fd2f9dd1ff0997e1a3e253a688ceb1bfec76a7c567266":"9823e3242b3f890c6a456f1837e039":"":"b4910277224025f58a5d0f37385b03fcd488dfef7580eb5c270c10bd7a6f6d9c7ddc2d1368d68d4e04f90e3df029ed028432a09f710be1610b2a75bd05f31bae83920573929573affd0eb03c63e0cec7a027deab792f43ee6307fd3c5078d43d5b1407ac023824d41c9437d66eeec172488f28d700aa4b54931aad7cd458456f":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c5afa1e61d4594b1c2fa637f64f18dd557e4df3255b47f24":"151fd3ba32f5bde72adce6291bcf63ea":"":"5c772cdf19571cd51d71fc166d33a0b892fbca4eae36ab0ac94e6164d51acb2d4e60d4f3a19c3757a93960e7fd90b9a6cdf98bdf259b370ed6c7ef8cb96dba7e3a875e6e7fe6abc76aabad30c8743b3e47c8de5d604c748eeb16806c2e75180a96af7741904eca61769d39e943eb4c4c25f2afd68e9472043de2bb03e9edae20":"f0626cc07f2ed1a7570386a4110fc1":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"febd4ff0fedd9f16bccb62380d59cd41b8eff1834347d8fa":"743699d3759781e82a3d21c7cd7991c8":"":"dc971c8f65ece2ea4130afd4db38fc657c085ea19c76fef50f5bd0f8dd364cc22471c2fa36be8cde78529f58a78888e9de10961760a01af005e42fc5b03e6f64962e6b18eaedea979d33d1b06e2038b1aad8993e5b20cae6cc93f3f7cf2ad658fbba633d74f21a2003dded5f5dda3b46ed7424845c11bab439fbb987f0be09f8":"1da347f9b6341049e63140395ad445":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d280d079110c1c826cc77f490d807dd8d508eb579a160c49":"85b241d516b94759c9ef975f557bccea":"":"a286d19610a990d64f3accd329fc005d468465a98cfa2f3606c6d0fbeb9732879bad3ca8094322a334a43155baed02d8e13a2fbf259d80066c6f418a1a74b23e0f6238f505b2b3dc906ffcb4910ce6c878b595bb4e5f8f3e2ede912b38dbafdf4659a93b056a1a67cb0ec1dbf00d93223f3b20b3f64a157105c5445b61628abf":"bbf289df539f78c3a912b141da3a":"":"b9286ab91645c20de040a805020fed53c612d493a8ce9c71649ae16bd50eab6fb7f3a9180e1651d5413aa542608d7ecbf9fc7378c0bef4d439bc35434b6cf803976b8783aecc83a91e95cea72c2a26a883b710252e0c2a6baa115739a0692c85f6d34ff06234fbdc79b8c4a8ea0a7056fb48c18f73aaf5084868abb0dfaa287d":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5e80f87fa2156c62df7be2ad16c4890de5ee5868a684fcf9":"9769f71c76b5b6c60462a845d2c123ad":"":"c829073efd5c5150d2b7e2cdaeff979830d1aa983c747724ade6472c647a6e8e5033046e0359ea62fc26b4c95bccb3ac416fdf54e95815c35bf86d3fdd7856abbb618fe8fcd35a9295114926a0c9df92317d44ba1885a0c67c10b9ba24b8b2f3a464308c5578932247bf9c79d939aa3576376d2d6b4f14a378ab775531fe8abf":"394b6c631a69be3ed8c90770f3d4":"":"f886bd92ca9d73a52e626b0c63a3daa138faaacf7809086d04f5c0c899362aa22e25d8659653b59c3103668461d9785bb425c6c1026ad9c924271cec9f27a9b341f708ca86f1d82a77aae88b25da9061b78b97276f3216720352629bd1a27ebf890da6f42d8c63d68342a93c382442d49dd4b62219504785cee89dffdc36f868":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d8a7b99e53f5e5b197364d4516cace4b928de50e571315e3":"4b12c6701534098e23e1b4659f684d6f":"":"d0db0ac5e14bf03729125f3137d4854b4d8ce2d264f8646da17402bdad7034c0d84d7a80f107eb202aeadbfdf063904ae9793c6ae91ee8bcc0fc0674d8111f6aea6607633f92e4be3cfbb64418101db8b0a9225c83e60ffcf7a7f71f77149a13f8c5227cd92855241e11ee363062a893a76ac282fb47b523b306cd8235cd81c2":"729b31c65d8699c93d741caac8e3":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c874b427b7181b0c90b887147c36f242827149324fd5c945":"4b8dda046a5b7c46abeeca2f2f9bcaf8":"":"bdd90190d587a564af022f06c8bd1a68735b6f18f04113fdcec24c6027aaf0271b183336fb713d247a173d9e095dae6e9badb0ab069712302875406f14320151fd43b90a3d6f35cc856636b1a6f98afc797cb5259567e2e9b7ce62d7b3370b5ee852722faf740edf815b3af460cdd7de90ca6ab6cd173844216c064b16ea3696":"fe1e427bcb15ce026413a0da87":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"56543cd6e2ebb1e3dc136a826bfc37eddb12f7a26430a1b4":"927ce8a596ed28c85d9cb8e688a829e6":"":"d541dd3acec2da042e6ea26fb90ff9a3861191926423b6dc99c5110b3bf150b362017159d0b85ffea397106a0d8299ec22791cb06103cd44036eed0d6d9f953724fb003068b3c3d97da129c28d97f09e6300cbea06ba66f410ca61c3311ce334c55f077c37acb3b7129c481748f79c958bc3bbeb2d3ff445ad361ed4bbc79f0a":"3a98f471112a8a646460e8efd0":"":"a602d61e7a35cbe0e463119bb66fd4bb6c75d1fe0b211b9d6a0a6e9e84b0794282318f0d33ec053f2cfba1623e865681affeaf29f3da3113995e87d51a5ab4872bb05b5be8ef2b14dfc3df5a48cbc9b10853a708ee4886a7390e8e4d286740a0dd41c025c8d72eda3f73f3cec5c33d5e50b643afd7691213cccccc2c41b9bd7a":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"caaf81cd380f3af7885ef0d6196a1688c9372c5850dc5b0b":"508c55f1726896f5b9f0a7024fe2fad0":"":"6f269929b92c6281e00672eaec183f187b2ddecc11c9045319521d245b595ab154dd50f045a660c4d53ae07d1b7a7fd6b21da10976eb5ffcddda08c1e9075a3b4d785faa003b4dd243f379e0654740b466704d9173bc43292ae0e279a903a955ce33b299bf2842b3461f7c9a2bd311f3e87254b5413d372ec543d6efa237b95a":"3b8026268caf599ee677ecfd70":"":"c4a96fb08d7c2eebd17046172b98569bc2441929fc0d6876aa1f389b80c05e2ede74dc6f8c3896a2ccf518e1b375ee75e4967f7cca21fa81ee176f8fb8753381ce03b2df873897131adc62a0cbebf718c8e0bb8eeed3104535f17a9c706d178d95a1b232e9dac31f2d1bdb3a1b098f3056f0e3d18be36bd746675779c0f80a10":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2fc9d9ac8469cfc718add2b03a4d8c8dcc2eeca08e5ff7bc":"b2a7c0d52fc60bacc3d1a94f33087095":"":"bc84d8a962a9cfd179d242788473d980d177abd0af9edccb14c6dc41535439a1768978158eeed99466574ea820dbedea68c819ffd9f9915ca8392c2e03049d7198baeca1d3491fe2345e64c1012aff03985b86c831ad516d4f5eb538109fff25383c7b0fa6b940ae19b0987d8c3e4a37ccbbd2034633c1eb0df1e9ddf3a8239e":"0a7a36ec128d0deb60869893":"":"fc3cd6486dfe944f7cb035787573a554f4fe010c15bd08d6b09f73066f6f272ff84474f3845337b6e429c947d419c511c2945ffb181492c5465940cef85077e8a6a272a07e310a2f3808f11be03d96162913c613d9c3f25c3893c2bd2a58a619a9757fd16cc20c1308f2140557330379f07dbfd8979b26b075977805f1885acc":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"81ff729efa4a9aa2eccc37c5f846235b53d3b93c79c709c8":"1bd17f04d1dc2e447b41665952ad9031":"":"3992ad29eeb97d17bd5c0f04d8589903ee23ccb2b1adc2992a48a2eb62c2644c0df53b4afe4ace60dc5ec249c0c083473ebac3323539a575c14fa74c8381d1ac90cb501240f96d1779b287f7d8ba8775281d453aae37c803185f2711d21f5c00eb45cad37587ed196d1633f1eb0b33abef337447d03ec09c0e3f7fd32e8c69f0":"01b0a815dc6da3e32851e1fb":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"068500e8d4f8d4af9035cdaa8e005a648352e8f28bdafc8a":"5ea9198b860679759357befdbb106b62":"":"98e32428d9d21c4b60e690a2ce1cf70bee90df31302d1819b7d27fd577dd990f7ffe6ba5ef117caac718cc1880b4ca98f72db281c9609e189307302dc2866f20be3a545a565521368a6881e2642cba63b3cf4c8b5e5a8eabeb3e8b004618b8f77667c111e5402c5d7c66afd297c575ce5092e898d5831031d225cee668c186a1":"d58752f66b2cb9bb2bc388eb":"":"2ef3a17fcdb154f60d5e80263b7301a8526d2de451ea49adb441aa2541986b868dab24027178f48759dbe874ae7aa7b27fb19461c6678a0ba84bbcd8567ba2412a55179e15e7c1a1392730ac392b59c51d48f8366d45b933880095800e1f36ff1ac00753f6363b0e854f494552f1f2efe028d969e6b1a8080149dd853aa6751e":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7474d9b07739001b25baf6867254994e06e54c578508232f":"3ade6c92fe2dc575c136e3fbbba5c484":"":"1cbab2b6e4274caa80987072914f667b887198f7aaf4574608b91b5274f5afc3eb05a457554ff5d346d460f92c068bc626fd301d0bb15cb3726504b3d88ecd46a15077728ddc2b698a2e8c5ea5885fc534ac227b8f103d193f1977badf4f853a0931398da01f8019a9b1ff271b3a783ff0fae6f54db425af6e3a345ba7512cbf":"67c25240b8e39b63":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d50d4c7d442d8a92d0489a96e897d50dda6fbe47ca7713ee":"41b37c04ab8a80f5a8d9d82a3a444772":"":"b36b4caf1d47b0d10652824bd57b603ec1c16f4720ce7d43edde8af1b9737f61b68b882566e04da50136f27d9af4c4c57fff4c8465c8a85f0aeadc17e02709cc9ba818d9a272709e5fb65dd5612a5c5d700da399b3668a00041a51c23de616ea3f72093d85ecbfd9dd0b5d02b541fb605dcffe81e9f45a5c0c191cc0b92ac56d":"4ee54d280829e6ef":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"38f3ec3ec775dac76ae484d5b6ca61c695c7beafba4606ca":"9af53cf6891a749ab286f5c34238088a":"":"49726b8cefc842a02f2d7bef099871f38257cc8ea096c9ac50baced6d940acb4e8baf932bec379a973a2c3a3bc49f60f7e9eef45eafdd15bda1dd1557f068e81226af503934eb96564d14c03f0f351974c8a54fb104fb07417fe79272e4b0c0072b9f89b770326562e4e1b14cad784a2cd1b4ae1dc43623ec451a1cae55f6f84":"6f6f344dd43b0d20":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6db4ef061513ef6690d57aef50d8011e0dd7eb4432d82374":"623df5a0922d1e8c883debb2e0e5e0b1":"":"b7f9206995bc97311855ee832e2b40c41ab2d1a40d9263683c95b14dcc51c74d2de7b6198f9d4766c659e7619fe2693a5b188fac464ccbd5e632c5fd248cedba4028a92de12ed91415077e94cfe7a60f117052dea8916dfe0a51d92c1c03927e93012dbacd29bbbc50ce537a8173348ca904ac86df55940e9394c2895a9fe563":"14f690d7":"":"a6414daa9be693e7ebb32480a783c54292e57feef4abbb3636bebbc3074bfc608ad55896fe9bd5ab875e52a43f715b98f52c07fc9fa6194ea0cd8ed78404f251639069c5a313ccfc6b94fb1657153ff48f16f6e22b3c4a0b7f88e188c90176447fe27fa7ddc2bac3d2b7edecad5f7605093ac4280b38ae6a4c040d2d4d491b42":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8901bec4d3c64071d8c30c720c093221e05efed71da280bf":"9265abe966cb83838d7fd9302938f49d":"":"7c447e700db7367260dffa42050e612eff062eb0c8a6b4fe34858800bcb8ec2f622cb5213767b5771433783e9b0fa617c9ffb7fde09845dafc16dfc0df61215c0ca1191eabf43293db6603d5285859de7ef3329f5e71201586fb0188f0840ed5b877043ca06039768c77ff8687c5cfc2fd013a0b8da48344c568fce6b39e2b19":"6f6c38bc":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2c57eb763f886154d3846cc333fc8ae8b3c7c9c3705f9872":"9b3781165e7ff113ecd1d83d1df2366d":"":"9fe7d210221773ba4a163850bab290ba9b7bf5e825760ac940c290a1b40cd6dd5b9fb6385ae1a79d35ee7b355b34275857d5b847bef4ac7a58f6f0e9de68687807009f5dc26244935d7bcafc7aed18316ce6c375192d2a7bf0bee8a632fe4f412440292e39339b94b28281622842f88048be4640486f2b21a119658c294ce32e":"62f32d4e":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"307d31a594e54f673bea2f977835670aca4f3d45c9c376cc":"0bdaa353c4904d32432926f27534c73c":"aa39f04559ccc2cae3d563dda831fb238b2582cb2c2bb28cff20cc20200724c8771b9805ef7464b8fc06c7b8060c6920fd2779fbc807c2292c8c1f88f8088755609a1732ff8c0b06606452b970c79997b985889404fd907c4668a0bcc11ba617175f4525523494a244da60b238468c863055f04db20ea489adf545d56c0a71d8":"d7385a7bd0cb76e1e242fa547c474370bcc7cc7cf3e3fa37b00fe08a56383ca31d023d8c493f6d42e482b0f32e4f244dd100ea08eee6535e5bb8d27f76dbb7eead6ba8e031ccd0eaeb649edee92aeaf0f027d59efd4e39b1f34b15ceb8b592ee0f171b1773b308c0e747790b0e6ace90fc661caa5f942bdc197067f28fbe87d1":"2ddda790aae2ca427f5fb032c29673e6":"":"0b92262759897f4bd5624a891187eba6040d79322a2a5a60fb75c6c6a5badd117abe40c6d963931bbc72dca1a1bf1f5388030fe323b3b24bd408334b95908177fb59af57c5cc6b31825bc7097eec7fec19f9cdb41c0264fd22f71893bcf881c1510feb8057e64880f1ea2df8dc60bb300fd06b0a582f7be534e522caadc4a2c7":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"23c201968def551817f20e49b09dbb5aae0033305bef68a0":"bd2952d215aed5e915d863e7f7696b3e":"23f35fac583897519b94998084ad6d77666e13595109e874625bc6ccc6d0c7816a62d64b02e670fa664e3bb52c276b1bafbeb44e5f9cc3ae028daf1d787344482f31fce5d2800020732b381a8b11c6837f428204b7ed2f4c4810067f2d4da99987b66e6525fc6b9217a8f6933f1681b7cfa857e102f616a7c84adc2f676e3a8f":"77bc8af42d1b64ee39012df5fc33c554af32bfef6d9182804dcfe370dfc4b9d059bdbc55f6ba4eacb8e3a491d96a65360d790864ba60acf1a605f6b28a6591513ea3cfd768ff47aee242a8e9bdfac399b452231bfd59d81c9b91f8dc589ad751d8f9fdad01dd00631f0cb51cb0248332f24194b577e5571ceb5c037a6d0bcfe8":"bb9ba3a9ac7d63e67bd78d71dc3133b3":"":"17d93c921009c6b0b3ecf243d08b701422983f2dcaec9c8d7604a2d5565ed96ce5cddcb183cd5882f8d61d3202c9015d207fed16a4c1195ba712428c727601135315fc504e80c253c3a2e4a5593fc6c4a206edce1fd7104e8a888385bbb396d3cdf1eb2b2aa4d0c9e45451e99550d9cfa05aafe6e7b5319c73c33fd6f98db3c5":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6baec0669add30acb8f678ce477a2b171f89d1f41935c491":"b1472f92f552ca0d62496b8fa622c569":"5ae64edf11b4dbc7294d3d01bc9faf310dc08a92b28e664e0a7525f938d32ef033033f1de8931f39a58df0eabc8784423f0a6355efcff008cae62c1d8e5b7baefd360a5a2aa1b7068522faf8e437e6419be305ada05715bf21d73bd227531fea4bc31a6ce1662aec49f1961ee28e33ae00eb20013fd84b51cfe0d5adbdaff592":"5712b84c4c97d75f84edd50561bc1d3f1ba451cc3b358b2403b5e528290954348cf7a235b4dc11a72ddbc503191204e98a9744d85419508c8ca76438c13305f716f1e239a6d9f6423c27217a0057aa75f6d7e2fb356e7194f271459ab5482589ea311b33e3d3845952ff4067dd2b9bcc2e8f83630b0a219e904040abd643d839":"29a2d607b2d2d9c96d093000b401a94f":"":"beb687f062ae7f5159d07609dd58d7b81c478d180bc0b4c07ae799626ff1da2be2e0d78b2a2a1f563257f161491a5ac500cd719da6379e30d0f6d0a7a33203381e058f487fc60989923afbee76e703c03abc73bb01bd262ff6f0ac931f771e9b4f2980e7d8c0a9e939fa6e1094796894f2c78f453e4abe64cb285016435ef0e8":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7b882a2df81fdb9275fb05d120f32417e8ffedd07457e938":"5c064d3418b89388fb21c61d8c74d2c5":"5bfa7113d34e00f34713cf07c386d055e889bb42d7f6c8631ffce5668e98cb19bed8820b90ecb2b35df7134f975700347e5514287cfef7ffa2b0ff48b1de0769b03dca6610995d67cb80052cb2e5914eb4ed43ef5861f4b9364314fde6ad2b82fbba7fd849dfa6e46ecc12edc8cabfff28d9bd23c2bcc8ab3661c9ba4d5fee06":"0aae7213da279b34d6dcf2a691b2d0333112ea22de0c3c68d47cf9f9f4ed8ad4e03d4a60ec18c3a04ac9c2abb73e1023051029b5e8705bb69c4c50afc84deb0379db5077be1f663652f8bd8958271af2c1ac4a87e08cb526bab8a030652f2a29af8055d0f31e35475caee27f84c156ef8642e5bfef89192f5bde3c54279ffe06":"0943abb85adee47741540900cc833f":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"51d94d21482c00bb5bc7e7e03aa017ba58f5a23494b72c2a":"fb21cd763e6f25540f8ad455deaccdf0":"019d1db5569eeff83306f65d653b01064854c1be8446cd2516336667c6557e7844fc349adea64a12dc19ac7e8e40b0520a48fac64571a93d669045607085ac9fa78fed99bbf644908d7763fe5f7f503947a9fe8661b7c6aef8da101acca0aed758ca1580eeb2f26ae3bf2de06ce8827a91a694179991a993cdf814efbcc61ca5":"3a9c69c1ed2340bfde1495658dbf4f54731a19b3922a1d535df8d0b2582f5e803b5891e8ad1aa256c923956dcda2430d0c0696bce63295fb61183e040566e459338f908d23ae51f64020c1ef3d192428f23312b285fc4111d50d1add58f4a49008a22c90d3365230e9158cd56f9d84f079bdd673555d4dc76c74b02fa9920e7d":"a93bd682b57e1d1bf4af97e93b8927":"":"7093f44703f2cbb3d12d9872b07a8cd44deb62dae48bc573b11a1ee1c9f3105223423fac3181c312a8a61757a432d92719f486c21e311b840aa63cf530710c873df27fecda0956075923f1ecc39bffb862706f48bde2de15612930fc8630d2036e9e4cfc1c69779171bd23d9e1d5de50a9e0a0de4bd82ed3efc45299980bb4cc":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"e6756470937f5d9af76f2abe6df2d0bc15ff8e39b5154071":"4500193711a5d817a9f48deafda39772":"92fa22dba0eee6b1de1ddd24713b1be44c7105df90e6e7a54dcbf19025e560eb4986ee080cf613898a1a69d5ab460a3b8aa2723a95ac4a4af48224b011b55fb7582ae18f6746591eab2bd33d82a8dbbae3f7877e28afef9857a623530b31d8198b2df43f903d6e48ddae0848741f9eaae7b5504c67ad13791818f3c55c9b3d1e":"afae92bd56c426c095d76633701aa9bea5ce05490482c6c64ac24468c3e1af6e6030a6bb6649745b011c6729bde985b9242e22105322fbb8853dcabbd00165d0b07d7b499e0238b6513bf6351eb40635a798f7e6e2d31125dda45ffe8964596fdbff55df22d4e9025bd4f39e7c9b90e74b3ee58d6901f113900ee47a4df5afd7":"7d9f97c97c3424c79966f5b45af090":"":"62258d60f0138c0405df4b2ec1e308b374603a9eace45932fdc2999e9e2261de8b1099473d1fc741c46c334023aa5d9359f7ef966240aaf7e310d874b5956fd180fb1124cbeb91cf86020c78a1a0335f5f029bd34677dd2d5076482f3b3e85808f54998f4bac8b8fa968febceec3458fb882fc0530271f144fb3e2ab8c1a6289":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"30db73d46b518669c45b81bc67b93bed3d0864f7e9e8e789":"5069e2d2f82b36de8c2eb171f301135d":"ef781dce556b84188adee2b6e1d64dac2751dd8592abc6c72af7b998dfae40cbe692a4cae0b4aa2c95910e270600550fca1e83640c64efb1eb0e0a90a6fc475ae1db863a64ce9cc272f00abac8a63d48dd9f1c0a5f4586224befed05be4afae5bd92249833d565cc6b65fd8955cb8a7d7bd9f4b6a229e3881212871a52c15d1c":"750bc1d2f91d786bb1e621192a376f552538ba8c07d50d9e10b9345f31b3e5f9d8ad7c719c03d8548a3b184b741cd06c49d7fb6fe80258d60c01c2987c337c823211cee7c1cf82077266889bc7767475e0eeabb2ef6b5a1de2089aaef77565d40a1c2c470a880c911e77a186eacca173b25970574f05c0bdcd5428b39b52af7f":"a5100c5e9a16aedf0e1bd8604335":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"209f0478f1a62cb54c551181cbd4d24b796e95f3a06b6cb9":"7be1768f6ffb31599eb6def7d1daa41c":"9cb49357536ebe087e1475a5387907a9e51ad1550697f13c6cc04384ec8a67dea13376bdd5e26b815c84a78f921b506b9e2086de50f849185f05ba7c3041e49e42c0673df856da109a78b8e0ce918c25836f7e781e6b16168e4e5976d27ebc83f20b7bf4beadecb9b4f17a7a0d3a3db27fc65288a754b5031a2f5a1394801e6e":"66db7cc97b4a8266c0a2228e8028e38d8986e79fcbcc3caff3050fdd2de87b7ff7a6895b988b0bdb7fcc4d6e2d538dcfaad43ce2f98b6d32500f5a6e6183d84cb19157a699cdde1266d6d75a251ee1a2eb97bfe6405d50be2b17a58ba6eafaee0a023a28d568fd1c914f06041a49c79b9df9efe63d56883cbbbeaba809273d2e":"4d2ac05bfd4b59b15a6f70ea7cd0":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1bfa30b315e7b908263330140fa2d66ed57104784a43cc70":"b7081a3010b524218390ba6dd460a1ec":"8c1f42b5931d69ae351fcde7d2b4136d4898a4fa8ba62d55cef721dadf19beaabf9d1900bdf2e58ee568b808684eecbf7aa3c890f65c54b967b94484be082193b2d8393007389abaa9debbb49d727a2ac16b4dab2c8f276840e9c65a47974d9b04f2e63adf38b6aad763f0d7cdb2c3d58691adde6e51e0a85093a4c4944f5bf2":"8eeee9865e23fa51dbbf197fa41776b7edbdb9381a22c935299cd959a46190788ae82f4e645b0362df89bfc00241964784bc7ef70f6f97e81687d52e552a33af20ae34a3005e0a7b85d094368d707c3c4cd3ef31c0daf3ccaa1676609ed199327f4139d0c120977e6babceed28896d2cb3129630f3ee135572dc39433057e26a":"4da85b8ec861dd8be54787bb83f1":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fc47156a693e59a1dea0618c41441fe669fc65dcfb7d0726":"ea1935ed014883cc427983d7962d9992":"0d85b8513becfe8c91d0f6ffb65ec31f2cf406c51c0da88893c43d1327fd8ad1f4bab2d7b5e27438d643397034a72f8666bf641b6781bc90f764db387eae6720b5723d510194570ccd773e1b3bebfc333cc099d078583e8dac60d174d332925a24a45110c8d2abe8924ea677ac74db66ea789e2838efc96c78bceaa6236c0a67":"3e4f0a586bad532a08c8863ebba01fd25014baa907e6032ee43d4a7dfc7c3171916dcdf9faee0531f27527872ae4e127b6b9aaee93f5e74d0ab23f3874aa0e291564bc97f17085dd7d5eb9a85d9f44574e5952929eda08863b64c85dd395c91b01fe5bef66e3fa8f9ee5bf62c25d80dc84fbe002ecfd218430b26f3549f734a1":"8781b045a509c4239b9f44624e":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b5fcd780a03ba80341081ef96b440c0e4348afde4d60c1d5":"ad20cce056e74ec5d0a76d6280998f15":"28f8fcf23b9c1ba40c19ffc1092632e35f234c1e8b82bcd5309d37bf849a2ce401413d1f242cf255ed597f9a93a1d6e50676997f95aa612e580d88234a86ddc404292746f0b2f5cf15abebcea6659f998ec6a1cb5a9914fee5aa1aa5d04b3c20914e45095e4141ce9c173653dd91c3ebe4ed4a9a28f3915d7b2edba34c2a58d8":"6316f3beb32f6f3bf8f2ff6a2c160b432bafd3036d3eefa1e4ec204f24892e37dc4d75c7ce9a24b5c49fb4df901f35ef9d5955f7dc289c56cb74753f4d6b2982267d5269d12237e21202a65061849c65e90e6702dda03a35ace3a3a098d16b4bfbb85b7232404baee37776a9b51af6b3059a5f170f4ebe4ecf11061ca3c1f1f3":"2ad4520ddc3b907414d934cc1d":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4382507dddccf1385fc831da8924147563416d0656e168ec":"a37687c9cd4bdc1ead4e6b8f78bee7f5":"fa9ae30509cbb6fe104c21480ae7b8ec9f12f1afb17320d77b77cdf32ce8c5a3f7f927e501118c7ccd6975b79225059cef530a4fcb0a9719f5e2d3bebe7bb6ec0855e495a31e5075eb50aa6c1227e48b03e3fdf780084ac4912eb3a5674cca9dd6ac037366b230ae631a8580d2d117942dee5d5ddbbb2233afeca53289cc4f68":"e5c5430b960aa35dc8540215c2772d66811270859e33dd4477904759e7e5eb2986a52a4ccc9f592e614147b5ea2ead6636a15c6426336b2995d9a31ab36d76578c3540bc6693842a4bc0491c7963ee9cda2317951cf93244bd30bcdfec69a4767004636fe7d1be7300c35e80627bab9236a075a803e9e1080b9159060c643a78":"4221818d4be45306e205813789":"":"b5b36719bc4d13a5fbf37188ea814cdf3c97a430784330540325c899570e15482300bc82c5b8163074e0544c5132e3ce93bba68bd7a8d2db81d1431b424b697c1158c4d70625666d5ff99145ca34856815c905b5a0fd95806df56b9cd5b384bda3e394b409048eb1037144cc071539c02397e931da28a43cc354d584643afd4f":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7a66db3450dac9a1e63d2639f34c5c6a3fbfb3c8e8230199":"21f8341529b210ade7f2c6055e13007a":"1699bc8c198ab03e22d9bc4f3682aad335c6e35f3f616bb69769a9d5a202511797e770ae0d8d8528ef7b2bb25b4294d47427b43f0580fa71d93fdef667f4f4196f84e41c0b1978796d0de74a94420fb8571bff39137fa231c572b31be9ae72338288bef5f8c992121dc918538551f346e279a9047df14ec9fc0fd399cd3bd8d8":"6463a7eb2496379bc8a5635541525926a6f9fa718e338221952118ae4cf03a85f2074b4ebaf108b9c725809be1e6309c3a444b66f12286f6ea9d80c3413706b234b26372e8f00783819314a994c9e3ecf6abdd255cbfe01b3865e1390a35dcd2853a3d99ed992e82ec67ba245f088cb090adade74bdbc8a1bad0f06cbea766a6":"4af02b81b26104d1d31e295a":"":"53fe6a34d280f2c96d1ae2b2e8baf6abd67cedf7d214312f75dd4a1bec28a641dda3e71aa398726b2b0b1f515e1f4259ee97acaf17f122db9ec7814c2de6a88d36c3ac106396ad03d337c2cd2d2b9b4b7170e23a5848ca7ea129838f967dfdfe83b45ff2a9be699bfb2346115465d59f074f09e24d8fcbd9ece0018c92776c43":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1f5c818f24d201f9fb23fcca211b0545eee5c5c9b440810d":"3a163067bdd90fce0406d1c198a88771":"a5e94e233d04fe0c4b6c4684b386902fe05096702237dfbe76f73befa69b6f30394cf9fe3358997942df65842748fb4f075a3dc06e147bd8d67fc4371113a4d75c70219257c650a6f38a136659e20a1cf3a119397835c304e0fb2a33aa3c3019175c86463043d5edc6992874f61e81cd0d26af8b62cf8c8626901d4f16d84236":"9a7566817a06f792e96a6a2ba8e0a01f8837e2de06796e68b0782cc54ed0b04fc5e24a1ad37d5ffb035548b882d88150e89915b89f57cde2bf3c43ab9dae356927daef6bd61cc9edd5e1b7a4abea2f71313677f1b2fdf3d8d4a7e9814ea820fbc3e5c83947db961839a985a57ced7f5e4a1efffcfd17a2c806d4cdc1e79162da":"b124eea927e2a62a875494a1":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9a301f7edf83da63bcf37216a3a33d7613331c3210281dd7":"d73a546b0fa307633ac89506fa86138b":"f57fe548cf4a551a216ffb24a1dcf1b79c95f9abf06443fd58af042d287c2165db373c82a94172db517840f22e45e966e3ead91ce1ddad132bcb844e406e84b76a0b5b0ee23064b66a229f32a2d3b9c71103f020c4ba57fc0f0608b7114914cf2ada0c5a9bc4afbfa9ce5da320f34beb2211d569a142f53bfd262f6d149c4350":"e09cc8543db7804870004706a26e94b457c125bd648b581a196f962f2ae8fa55d9bc66530ba5020e22d282080b4720dc9a2096a11c0fcc3d9a67cd1cf95cd7cd2417ba308c761e64be24347a14c9423447094a5c72a0043c288b35e753ba0aa748f208381249fb1c8d195a472192404b6c8172663ee4b4d4ecfa426e1fb003f2":"f536a3b8c333b1aa520d6440":"":"124a327a8c22b7652886dac2c84b8997ca8a6f61c9ba9c094b5aea41eaa050a6df6cbf280259e5466071bcfa53b4ebc76c3cc4afc8c0385189a5382933aa57c89aab78dca84331e0fe8f0aab3a7857d3e13f08dcd90ec5f0684f82088ef8eb7fd67e75de43b67afc3a0beb458f5ebd61b2c779e6c539d795c667bb7dcc2b762e":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fd40e8226fd13cb95ba50b7cdf0f07f7ab7037cf8705ca50":"3406e70cbe16b047fedaa537eb892279":"390b18d22d5ecc0b5a524ae9afac6fd948ac72d1360775a88b385aa862cce8a27f3e4b420e539bec6e8958f8c1b5416c313fa0a16f921149a2bfeae29ad2348949b29a73970e5be925ec0c35218b82a020cf21bb68c6931f86b29e01b85500a73f3ee7eb78da60078f42550da83b2e301d151d69b273a050f89e57dfc4787cbf":"75aa7df5c3c443d48ee998064b6fd112c20d2d90c98e00d025ef08d1ad3595385be99de47fa627549b827c48bc79eb1dcaf2f1be95a45f7e55755b952aee5ae0748e68bee1b014a628f3f7dc88e0ebac1d1d00e268355f5101838ce125c57003aebc02a1c9d6ae2cd6e2592f52c0be38cef21a680ae35c909cab99dce9837aef":"69e06c72ead69501":"":"6e8d661cd320b1b39f8494836fcf738b0ab82873d3903c9ee34d74f618aea36099926b54c1589225ec9a9d48ca53657f10d9289c31f199c37c48fb9cbe1cda1e790aaeedf73871f66a3761625cca3c4f642bc4f254868f6b903e80ceeeb015569ace23376567d3712ad16d1289dc504f15d9b2751b23e7722b9e6d8e0827859f":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a85ab87563b809b01725764d64ba4cc6a143e2e0362f0c52":"9f991ff16a3e3eb164a4f819c9f1821a":"df289511f78d8fa2505afc4c71ab1d7c31a8d15d1e5fcbb29d70f0e56f89c4d7b30f1b3b4745b5d2cc7af34fb4c95461372bf516ec192b400dc8fdb0ca9fe1f30f5320d0fadf20155cfcddcf09233c6f591c1c89917e38a003f56b94a1e2429d1f2b6297db790d7dce84d9fa13d2d86a0e4d100e154050b07178bee4cdf18126":"ef43629721b50bd3656b7ae31b6e4b4ba1cf2c72ed0460ee7d9fb416631ddc597e5f9aebbcf4442b95cc46e28476a464dd87caf9c1c1d6c99d3e3e059dc23f8d2fe155ff5e59c50d640bc052c62adee3aa1295b38732e3458f379e98a8dbdfed04c22a5761792e87fa67ecbcbf3b90eb1bcd1d3f49e60132452f28afece83e90":"dc4c97fe8cc53350":"":"ff0e531c7344f0425d62d5fbedf4bc8d3d5cc80647e67b852c1a58ad1516d376d954cb8dda739f6a4df3cf1507e59696610bcb6b34340d6313028e00d7197845d392e73331aaf168b474a67364d8f9dab740509fabf92af75045f0afabc1b5829264d138820952bbc484d1100d058a4de32b4ece82746b2b4a85fb2993d4add8":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f4f1e03abb927ffd0b081b9dce83a56a6dd419a6313ac34f":"d1e29bb51a3c4e871d15bb0cd86257e2":"ae2911cdaaad1194c5d7868b6d8f30287105df132eb0cecca14b6e23ec7ac39cc01da1c567a0219cca7b902cc2e825e30f9524a473eb6e1d4d1beff5ab4f29103b2c7522a33dd33182fa955c4f09a75196b1072a6f0340fc55a802d29c7067f05219c21857ebff89ada11f648c1f28dfbfdaab56028f05509de17e2381457ebc":"0e70421499bc4bcb3851afa34cdf5be374722815abdd9bcee5f332dbe890bdc1c0210ab10667e5bb924bf3c1120e25a0c074da620076f143940989e222086d1b34a1200d09aea1f810ef6de7d8520c65eef9539fde5a6422606c588fce6264e5f91f934ede6397c4b307d2d7e07a518fce577a427fa92923cbba637ae495afad":"44f760787f7bc3c0":"":"2199fa5051461b67581429ab19de2ccb50b8b02e12c0e1d81a8a14929f84e09d9715b7d198e77e632de4af1c08c5041276204a7ed76646385e288e96e1a4b0b0f2b1a9df7f0892beaea3cb58d9632720158f6daa4cbbfc0ebdc56ff6a5175768ff2abd24cb7669bc3fe40f8aba7869d2dd7dac86b6ebc4e4ce261edbec88db17":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"33efe20433c6a1ad261a1fed494961749e5bf9d35809b59d":"dc94673b0c49c6d3b4611e278212c748":"919f7397a6d03836423b7cac53177fcfbe457d4aa4348646f646aae1bc5a15568cdb8c96fabef278ace248aca531110a4f4f9e8ab0c32525ad816ae3facf03175232dc84addcd6065f9cc1f513966b63fd27e91a09f1921b95d6bd8f08f1dbce073bcf827847f774514b478b9d7fb5426847dd4dee6f39b5768c1fb729b32d03":"cfbeb61be50def25f513346498f75984bfe797a8ad56be34f2461e2d673f6ce14e7479a59777267b75dadc6b9522599ebe5d7b079495a58ca187ec47796f6ee8c322278ad7451b038c938928adcff6105a8ea3780aedc45b6a3323d3ae6fbce5da4fb59ca5ec0a16a70494c3c4859672348532505e44f915e0b9b8a296ef5225":"c5098340":"":"c5e47d8c60b04df1974b68a14095d9bc8429a413d21960b15bae4fd7356bf7872e0da0a1a385ca2982d3aa3182e63ea4bb8ca01410cd4e71ddad34aa1f12c1387902b3d56634f89c619a2e6756648ab3bf90e9bc945afc9140eb935b633bae96bb067e9ee421697bcf80b14b1b88dbf13e010b472a7ca5411db36848b9c7a37f":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3ed5dadefa0f6d14fedd1a3cdbab109f6660896a952ac5ab":"553a14f1e1619f9d7bd07cd823961f25":"eb8ea81d3e328a1113942cd5efd0f2b5e7f088791c8fc05690a34584101c4d493628ee7d0099a2865ac194b9124c3fb924de0c4428d0a1c26ea3ad9a0bc89187a16673e3b6f7e370dfb2dc26e8a56a9cf91f9c2088c020a766efe0d0c91689743a603f2cd1e300a6a84828b3b515a4b9a06e6bb20457bf124cd6ce4ac8b83d51":"aef617f69724e020309ec39d9587520efda68a8e303686c3a41ef700cba05b7c6e43e95aadb1a566f61650c87845835e789eb2366941e3bfef6d9846af0e0dbc43249117ad6f299bbc40669ac383cdf79289ada6ccd8ccfe329a0dc6a38eea1a99550457102d10f641cda50c21f533b1f981663f74a0a7c657c04d9fc6696ff4":"dc413c4c":"":"bc1f34991a48aabb0fea513f790f0d223e9feac4c99fa1e8427f01ab8b4b2827cfaf239342de36051a846af0306a3f82e7aed98dd0416fb078bc7f3b617b00ceb2cea4ddafc22dd022efa8303e9804510e0e888065d8427345156d823f796f74130c06db9f9934435552b4fefd051953e20ecba3a4514ac121d7d2097d597439":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6d97e8bff3923a778504fb917dbc1428a1328587047697d9":"0c28dc4cd53725091c2fb68a476c2e40":"f3932f5e82d75a1e3eba1591c17769e1a45819ccf057c31e76fa810b93678766d25905e859775c244e96bcafbc75c4a2d95e7d02868ccb2f65e49276f0b645ac8cf6e3758402304a3c25ce2de0a49f401b1acadaff8b57589b45cc79130ddc8387f41cc383e33ef38eec019152051c756198d6f782ccf56297b9fe944269a65a":"dc1a81efd51e967767f5bdd7e2e425732c1d28451f2bf5bdf3f5a6492279330594d360dd8a193e5dbde1be49bf143a35c38bcd059f762ada65c5119e097f0976891347f4d829b087bd72daa3494b344cbd3370c4459ca243bd57aeda4cb86cdd0bf274f07830cdbf5e5be4eb9b742ddffef8aa35626d2b9ea0a29d3c3d058b28":"e6d6df7a":"":"39327836e9d8cfb59397adcf045a85644c52c3563290795811f26350c8bce8f55ca779cbcd15479efd8144b8a39ef611153955c70bf3a7da9d4d944c2407a0d735784fcb68de1083eebf6940ebc9cf92f9f139c01404b503ff64e61126a94e881351473507884357040fd32714b872c254349071069644e2bd642905521b944e":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2c78e29971e90a01bb65973f81260b9344fa835751f5f142":"f1a23ce6e2bc9088a62c887abecd30ae":"":"":"d4d5c22f993c8c610145fcbe4e021687":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8c582d5b6a40ef0e4048ec20f0263572d7cc82704e380851":"ef221a1c66fda17906190b7c99ab60b8":"":"":"6327dcb46ffb3d0fd8fbf3d2848a8f01":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3a58abadd29e946e23ca9eb09af059913d5394971bda6a4f":"7c29b3196d44df78fa514a1967fcd3a6":"":"":"fc123944bbea6c5075a5f987aed9cf99":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"04bdde4c35c385783715d8a883640851b860ce0e8436ec19":"783f9a3c36b6d0c9fd57c15105316535":"":"":"23e21a803cac5237777014686564f2":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4ba5fba0c22fbe10c2d1690c5d99938522de9c5186721bac":"2acc2073089a34d4651eee39a262e8ae":"":"":"7ac742c859a02a543b50464c66dcf5":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f12890b0a8819faa5a8e0e487f7f064af42fa6d5519d009f":"c937615675738f4b3227c799833d1e61":"":"":"88300bd65b12dcb341f1f6d8a15584":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"51878f3630298a81297f4a21514fea637faa3815d4f26fae":"1f939226feab012dabfc2193637d15b1":"":"":"eed5fcb7607c038b354746d91c5b":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ae596e74840a600556a06f97b13b89e38f67c152f1a1b930":"e2076e1050070d468659885ea77e88d0":"":"":"b4586bdbd4b6b899648f2333eee0":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fd33b7a0efae34339ca987b5eb8075385fd1276e63cc8530":"2d07bb8616fc0bbb71755a1bd256e7fb":"":"":"6b60d645220cfde42d88296ac193":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5685b12a6617d554c36b62af5b8ff2239cb3ffb1d2c40e14":"6c31194df99d08881fa5b1dd33b45a92":"":"":"69431593c376c9f8052bf10747":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"036ae037410dae9f0741608516d03b855c9c1851df8c54a4":"73599275f8237f14c4a52b283c07275d":"":"":"6f7249d25c9f273434c4720275":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ac144f39ebd6124bad85c9c7fb4f75bff389ece2e8085d83":"d0871bfc3693245be478e6a257c79efb":"":"":"5a99d59631d0e12f58b7b95ccd":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a8a541ff11a1b8548e832d9e015edeccc94b87dadc156065":"c72bb300b624c27cded863eba56e7587":"":"":"ea2528e7439be2ed0a0d6b2a":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"30dd8f400335e9c688e13cc0b1007bd21736a6d395d152e2":"28899601fa95f532b030f11bbeb87011":"":"":"35625638589bb7f6ccdb0222":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"cb8f672b04d706d7d4125d6830fff5d2ec069569bea050ce":"375d4134e8649367f4db9bdb07aa8594":"":"":"70610bf329683e15ecf8c79f":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"bf71e5b1cd6eb363ecd89a4958675a1166c10749e1ff1f44":"9f502fb5ac90ff5f5616dd1fa837387d":"":"":"a4b5138122e1209d":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5b9d1dfb2303b66848e363793bdca0e5ada8599cb2c09e24":"2ee96384dd29f8a4c4a6102549a026ab":"":"":"3b33a10189338c3b":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a35ae271f70ebacb28173b37b921f5abcad1712a1cf5d5db":"8d97f354564d8185b57f7727626850a0":"":"":"813d2f98a760130c":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9bdd0cb826d5d28c2ab9777d5a0c1558e7c8227c53ed4c4f":"daf13501a47ee73c0197d8b774eec399":"":"":"a6d108c0":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"81b4d5ee4e1cbee1d8966fb3946409e6e64319a4b83231f5":"bc2f9320d6b62eea29ebc9cf7fc9f04a":"":"":"a47cdadd":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,0,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"5813627d26d568dfe5a0f8184cf561fe455eb98b98841fe0":"817199254a912880405c9729d75ed391":"":"":"d81d9b41":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"94f160e2325da2330fbe4e15910d33c2014f01ace58e5b24":"80a1b99750980bf2be84a17032fc2721":"066fdd980cf043a732403ee5f65c82ca81e3fc858ad3cfa343014a8426fd3806770f127e2041efb42e31506ce83390ac5d76de2fe1806df24ce6e4bb894972a107ef99e51e4acfb0e325ab053f9824514b5941ab1ec598fbb57a5d18ed34d72992a19215d914e34ad1a22326e493d1ff2da7bc271c96ad3ab66d0c32bd711293":"":"dd153cfd7aa946280660c445f586fa28":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4785846f7c0524e78f3eb137fd433e1808af64549af69183":"5334476a5fa3fa50dcc4b12f8ac00b51":"e70f82d1e3361ac5a5c9a087e47984d5533ba296f9b7e4a192a4ab28a833cdbbd5cece3415cf6fbb2f8055560b5c31c98d83d139954e1c03a464739f1eb5ad982c4371cf20b8984bbd97d5f40b336f5e96df3d272b95f7547be15c3bc05b3caac7d08c5eb5de8bdd246e74f6caa6bff76ea0417730ce72b911867f88fdcf73a0":"":"c59231ddaae98e0e8db6b3fe8f4d3427":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"49b085fe1a8e1ae769ed09fc585d29eb24d589689992e6c5":"899878b0684fb865d30190821817b88c":"f789eafe3d02826b619ca4fbca7bb1919e5c6f7c33824a2f7f815dc50e329979705f7ef61e9adf7899d34f1b8840384ff62ef6d29eea38c45d12be9249aca69a02222cd744d81958c6816304ff0d81d6714a2023b3dd9d940db5c50afd89c52774d28d6afde2b6c68425b6acbe34682531a2e57e2b9a7729b3e8d96a729b15cc":"":"2c84bf7a8947ab93b10ae408243b4993":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"75847588760ecb6ca548747b743914c89fea367a5ccb81b6":"7d8a9fd254e2061c01e39eb574951924":"b03c57dfd49152401a225357f1d6e533f3a423e5cfce07b8ae7ca9daf68645e5bd67b3ca2421eac447530b27c6dc6bd9c7f1b22441b8cc8c4ac26cec2c9c0d665a35b66d779a3772d714f802d6b6272984808d0740344b6abdb63e626ef4e1ab0469da521c7908b2c95a0fd07437c0e9d4d2451ae189ad61ff19f4efb405127c":"":"e8aac14b53cdbc2028d330fc8d92a7":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"e3a18a96d2e45d2f60780dc39cee7160e28cb810bf09858c":"26a4d659665ded39b7a1583de756d0ad":"83f8d9c58169b4c68032321197077ff5c8ee4ebb732b040748e1b55dcf53375ae86fb9646a672b5c5bc805a92c475cbb6d0ed689a58abdf2230250a7d3fbd8cfab07835fa85e738a7f74bc3e93616d844b1ec61b79f23dfea62e1815f295d43f61d7b5956103b31ca88afb0b3d37eb42cf77232dbf2258065232971c397dcbcb":"":"dc034564d4be7de243ff059b5f9160":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7be3909170ea7a2ff76f9f28241d8cc48ddeafa8517c6f8c":"8dee7e29350c60c5bcfec89da6617d2e":"f6e9e7a7f9716760eb43060d5c80236a0f118b0f750ebd5df01fd2dba95c556ecd2e54a3f337767321abf569c8137a8e48c5b44037ba62951e9f9f709e6e4540a36d769f3945d01a20a2ed1891c415a16d95cab7ddf9bcebf18842c830067509a2a5d49a9684324c433d53824d2f8fd326b149af17f40e5bf5e49185738fba60":"":"942b52277e9dc0a30d737d00f5e597":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1fe413bafc4753e1511b580c830449bee56e0e5b9acb852c":"e30829f64f3eda13bfb2ac572aceb3de":"6c772d08b4d7507e35804572fa697c646c77301954cc5c160941e49e230697ed8c23338b9f30c3ead69b1c1a2329ff025dcd3c0d0a9cc83fee4979448aa71ddb9d569bedc8c497a2a4ac3b60d087d7872f0a110bf90493ae7da03b0953734223156cd2d6c562e4a978a6dd5cdb229dd58dd4d0f50ac015f2f5e89dac4aa29a19":"":"87737873b82586bb29b406946cae":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b4bc4378d423931f9b320bb57df584c641406c1daa7448ad":"eca70e10c0358838a3f4a45c4b016ccd":"68d1c045c1604e3c3dd4f7c7543240aca8dbc5266dc18c5a8071e8b09e3700b7cf819044b2722d8db92021f42a0afb295d7b16ecf4e4704a50a527a2e72d7f53617c358e3b7be3d7fecda612ce6842fcfaa68f2d1b8a59d8b8391779f2fab99f820862c94029f444abe62367c5de0a4becc359660e4a5366f7d482bdc362b866":"":"06f95ca69c222a8985887925b15e":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1cd4414ffd24e830e2dc49727efa592e430a6a75391cf111":"a08e32ad7d63f975de314ad2c0fa13fc":"20a271f1f4c6bea8f1584ab39a7179ec448650e2ff67a7338d1bc9fab7f73b2ce5222cd07ded947d135d9d0670dc368f0a4b50ece85cbf641877f9fe0ac6a7e6afb32fdb1b3cd35360bb80cfffc34cfb94dbcbee9ca5be98a0ca846394a135860fba57c6f0125dcb9fb8b61be681ada31a997638ee172525c03dd13171534a91":"":"c68842cafc50070799f7c8acd62a":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9e0ef9ed5e6f00a721a9893e1f0d9079c5aa667a4cdd2a52":"5f015fd556e87ff0d0df586fb452306d":"b82986135e49e03f6f8f3ce4048ded2e63ee0c31ddc84929e022ee8561159179b3bb4403ebdafdf6beae51ac5bf4abed4dbc251433417ece3228b260eca5134e5390cba49a0b6fcbbbabb085378374e4e671d9ba265298e9864bfce256884247c36f9bddceb79b6a3e700cb3dd40088ba7bb6ab6aa11b6be261a7e5348f4a7d1":"":"ec9a79a88a164e1a6253d8312e":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"9bc8f15d98e089d60d4db00808700053f78b33c31652c3e4":"5cc0ff9bb7d5b9b2aa06f6ecf669d5bb":"24ac95a6ed2f78853f9ab20f53de47e7f662f72aea454141e2131aace7ed2daeb395bbccdbf004e23ce04ad85909f30151b6526c1ce7934726f99997bbab27055b379e5e43b80ad546e2d1655d1adad4cbe51282643bb4df086deb1b48c1bd3ac3b53c4a406be2687174028ecf7e7976e5c7a11c9a3827813ade32baef9f15ec":"":"9779b7c3ece6c23d5813e243ec":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"19afc43a4481f796d77561f80b5b2e1514c96c5d1d86e64c":"d4c06595fefd4a81bbbd4b40c2e1989d":"98fcca51352998d0126b5539e3fb9a238ac31c05954fc206d381909aee70983b6ab99d3f3efe8530a1c3cfe3b62756321b1d0771a5940055eba1e71fa64f29291aa5e5b0af0fcc8e6f5a02688d9e93417225eded791a35217822ffb346d3fa2809b65abe729448316be30cf661137d3c0e49846cb0df598d90eda545afb64a5e":"":"ca82448429106009094c21d70b":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b4fc31dcfef6203fdb296cc928c13b7df56bfe6f32583057":"6308a78dc8f3c90442dc52196649c38e":"2567d80c253b080c0158102558551445d8ce4d5ddee2014a2be5cbad62e1717a0fd4d2059447c3151192951eb11a4a7b19a952f6ba261c87f10f4c9032028de3cc5a2a573a4e993a690fc8954daa3ec92743e7343e75b646c4fa9cbc3fceb4f5d59bb439c23754c4d9666fbc16c90c0cac91679b6ad1bfe5dcf6bd1a8a67c6b5":"":"9d1603799e2485a03e7b05a0":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"1c2d9412486c381440213e1588b6bb58b0da53300b9d3089":"727ed8846daab874d5a9918b47d016f4":"656430f0c1423018b5e2efbb1e32a5385c1a9a1779c4dbd585dea91edc39ea8752ebfc2d8064251a8a5ae71e1845f24a7e42c6371c2ecb31e2229d5f4923bffc21d4804575a84836f3cf90ec6047bb360b558a41a975ece111b5284dfa2441705a6df54fc66ca6cc1af9163ecc46902fac337d5f67f563fde8e8e7e64b8588b7":"":"05ee6ce13711535864674a5b":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"abf7a97569427225a4bd5143c716a22e62f84c145bb51511":"e255088cdfe8ae5c9fea86d74d2f1b7d":"b850993300f54d078f83ceb9aef7345bbf758f92365b6625c210f61dad4f2a2319f51d883a383a706392d3dfca1706eba585a6fac8bd4294c0bb2cb3f6b454d5c97819e8e5c926754840261b07ec4ef1f87cf281d75c187839689944230306e1903047915e086043990745864819ad713d34a244aa4e9d755fdb137105d7eed8":"":"0c9c17388d0610f99d0a093f":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"45a6df655e88bc880acff41520aafd0cc8aa8aeb8952fd06":"1125e1de94970c9e7be70e58e7626ef4":"fe9838a445b8edef19b3e9f33c8c0c265b3a12c97b8ec57ceb94f65ae5227177de38f1e338dccb2b24e5bd0f0eb8127f83eba0f1ddfa55198789df0cdd1d977fcb985ad9c7d51b96e749d2cf3cc7a1ec4dfcbc641a1a022d55def328e081af890a7e699f2dbafdf506389e045aa1219239d5868ba675a3925602b6fb6f6e6d37":"":"1c3bd1e0d4918e36":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"279f4f2ab4b70778fdb9ca7800cd20e323601d7aa2c75366":"0f7b402560735cf03d5da58de5b6c685":"7dd9a8c848bbcf5127161c8a419a436a0dad559f7c1613cdf41594e177016acb1ccf44be852185c42e7120902a42efe83855995ab52cf5c190d499fcfd698c671fd72949dc3ea7ddb874e586a3aa455a021cec7b5f8608462ca66f926aba76e60a5846d4eb204155cd3c1328da51ba35c3007b8bb394f34e3a8b81ddd2ea1115":"":"dab612351f75e2cb":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6716ab937755684af7403e6fba5452c1b11568a9047bb50f":"2fd5a446dd564619ef75b6e00905ffe0":"20d261d3192996c21da69e979c26f5f937e6ea4cb7b05c6ef556ce4d86ca0fe85ec2425d274c43b5212fe9d27bb48b04e887461a9f45f524059b87eaea2e287a8d4537f338b0212012a9d4b6610e8c97dd554e0b3c3133e05c14d0ddab3524c93fd527e223b1996b4cff0a4a7438f1d54890bf573cd803941b69e5fc6212c5d2":"":"f1d743b7e1b73af5":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"7dc94b5bbd6315ad8d2b67f0c683d10cf456f822a3ebb024":"6f3eedeb57dcf12bfb3cd80849893c90":"ee1ff367f4b23c156e3dccff84ae4bf2b8ecec1fb5ffd25ccaa93b6c6834389bd79655bd4bac75238eb0f65d3603ecc57c8774798309e85b6677e78ed2077b712cf28795d0dc8fee994f97373a82338ef67c62378136a79a990ecbcd6367445e805efa98f9168826e57cb8dd7e7b1d5c89ad98358646fa56dd2a71c40e0275a1":"":"4dc74971":"":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3bbe223e253bf272599e28af6861013ecd0c88710947ed41":"4fbf09ffaffb600f0de38fb12315cab5":"5388146f6479f7b3b280f45655a95b847ee27c734fb2fd91f6c009b1ab1810c772c7435d3221069f9490d251b76e740147906ac1db1c209c175b21aa10881c44fb307d4d2900aa3b1d56fb0edb9f2a58505653a17fee350e12755b9656bc65c78c1593d5cb7178e29f82209caf53e60fddf725f6957cc9718bf410c4a0229ed4":"":"fb845ab7":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,0,1024,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"461877813acfe6e9979eab729b52e3d192b3236758bb6563":"6985cf77b75a47a3978dd6412d59200b":"385551854a89ab37063ba0ed911501b3d632153c5c2992e154c0a334bc36620476f11495437b842409e0954f7352cbf288d158bdbbaf72621ea2ce75b708bc276f796c5aa7fd0071e522c5f175a9e7787deef79f6362101aa3607b4588f2e1df7127f617c6073593a1c792b959e201e4a7a43ea8b1c3af026376439ef629266c":"":"c840d994":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"09770f9114120a2c1c3cc416fe0eb8699e07141158a5bdff":"cff291d2364fc06a3a89e867b0e67e56":"":"875e2e5b5c02e0a33e71b678aa29c15ce18ec259cf4b41874893ed3112daa56ff2a7475681b8b3d9028ef184d30658e881c908f3588f69899962074db4ddfc0597f8debb66c8388a1bccf0ffe2cf9f078dc1c93f8191f920754442ad4a325985c62de1a57a25de4e9ed5c2fd0f2c8af33f3b140bac12bf60fdb33e0ec557955b":"81f1eb568d0af29680518df7378ba3e8":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4fbf1c785c087ad06b43d4163cf9b9396deffd3712856379":"1c8f41424acaf009996ceaa815b24ad4":"":"96a690e5319c94d94923988025307e543f16fd970aec24524cf9808dc62b093359287251503f4231bf52cd1a16a80bfa82d8f585d96855dc1932f4919a92da2618d6448fc18a234f9acb386ab4ab4a9e38ea341e7c54faceff38c162d74e7fabbca13aadb71e9c8ae6072e7bef4073cf08aa7faaa6d639f98d15bad4ed183ced":"9f3c0349c5a4a740a82d6d63bf00fb17":"":"6100b091e52366fb422251d9b68974b6c666a62a8bb77a1ffd7c7d1ae586a6ee763b84dc11aace02a25af91d194b70b3265ec46872fded54275b7ddb26ee1f20c857328f46a694fb1dce68bcaecbd587ece5b505d658d57d50333e30b639eea1f6537b37c175f62497c6c84e3cfddae214285d2d68d90dd5cd8ce2273d25c8ca":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3e0ce4fb4fe4bb2fdf97b23084ff5671b9b899624184acef":"a950ab0dd84115e3829ab0ad3bbb1193":"":"df89974b1534f0ba262bbea5efe39d8b72820cc8a720cc99520fedbf667515c3f6d8c3e25c72c48c1cff042171df58421741aacb2a49f23167257be7d7004d56b14901b2075eaca85946e9fbf1bbf4ae98227efc62bf255a25dd0402d37c67ba553531c699dd89ff797e7a5b5b9a9aa51e73ca2dacfda0f814152aa8ed8c79f9":"25cfde73e7a29115828dfe1617f8b53e":"":"847b54e176ccc83081cb966efc4b4a3bf7809ce0b4885009f620f61fafcaa78feee91a835ae6c1a942571811108b1e81b4c4ddac46aaff599c14988c9a1fb9f387ab7f1357b581568b7b34e167ac2c8c2b2b8a4df3fd7ad8947a363c1c0cb782ec54b1901e928821cf319669dd77eb37b15c67f13ad787ff74312812731ca3e6":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6be3c66b20e5e66ababbfba1b38e5a716eafce23a1767b69":"3a2acf69bba19f5d1d1947af2cfda781":"":"de1cd978354a499415176f260021abe0a8c5bc34d166f53d20e02e413e1377ce4ef5d7f58337c62251a3b4ddea0dea23c40e5de037fd5dd8a558eb53bffa4e8ce94899afa8284afab503c1a485999a154d23777f9d8a031b7ad5c6d23d6abbe3b775c77876ad50f6bed14ac0b2b88fb19c438e4b7eb03f7d4d3fcca90dd01260":"f826d212f7c1212fb8a8bf23996826":"":"fd1f7b56e5664cf4c91e58f7c50f6c5e98e42ca2e4adcc00348cee6f662b382ad4022da54a47d8faeb9b76a24dfc4f493c27fc0bc421a4648fad7b14b0df95d8752013feb033b1fd971daa2c9a5df898bece6a3b8fa078dd130071df20a68cd0f394be25dcbb3e85bdfa0df4797fa6f01f5f0da7a6e86320207ddb5b3be53ae0":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"d16abb9f5b38d7f5abba9dc36995ce6ce928ed822a07b7c4":"3cd95429c6de1d327b9eb3c45424a87c":"":"e72f29b1fc1dbfc2d93a0f3b79ea4b9806ce9b2c4d490ac5c0c3c793df9dc7df5471e834b84d18afa5a7516f9a6a813a9b65ae2f083a854730547e28a1f60fe97d8dba1d2d433e11847b9bffd8873ec634e64365530c905dd6f274e45c9795ac127a6f356f63cc6c116c5dd8c628e7e17e1fadc58f8452bf21f53c4133198118":"13521236f190f78e75c0897c5fb237":"":"cd8bb97c28df092b6783ef653fd26f2bdc27c442bab0a4c7bee2789f389dcd1b280c0231672721bfbbc939a0449557678ec61ba0afb2e5817e6f7d94387f84ecafbfa1216d65e7f5025f47b0d2905cff7c99adf8306a3d9850c5908be05f87cb1d36a4837dba428aac97d7fbc18e3778f8d81a319259504c87fc94bd0766ed93":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"0bc344b1a4078807e5f53a6e7e1e36fa83108473ae2fb4c2":"bd505fcba464e6e2c58fdf29f5695fb9":"":"8bd73f94c71e3765bc7d17fdc90a9ba6aff9648b46300e4048985fbbd7c60c39c3766f7c524780bfc2296dc11e1132134921760a373104edc376eab6e91e9a60a5c4a5972935df12eadae074722bdc0147c3caf6a62fd449ef37d76b65f6d210283c94ac524cf13186e444d80a70b01e4373cc0462546f1caee6b49e738a742c":"8510fff71bb879f56ea2fe43f6ff50":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c8097398fc21f93eea6a95aa93a3231096817b65520bc549":"776248381941e16908f52d19207881f5":"":"80b0abbaebbd537a0810ed75cd172d29d50f5982e4d01f8664ddb2dfda8f57fa0ed87e64a779a1d7f5e568b6acfdc739572a7176752307b430fb1fa1c3c2c346477cebe7d01b16745ca6c8929a7f446c03ad9a9e8a5a935de78ca6c701e8c1c5e6d2550c42949cf5342fb5ef4c6ab9bb02ace8388b16edf72a1237e5d1d0e820":"7fc4388b2f8eab0f0c2d6a08527e":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"76d4bb5694faaf344db83bc6d6c47d56bb6ab52700826f2d":"603977845d82faccb401817ecce6e2fe":"":"9e31fda6a171f0d4a5f2af2c4f827b1312d9dda5d78fa329b8f1b6373b9b29be358601e5bb0d0c615aef4b9e441c811219f1f2ff2d0ab23e0cd829a88b5b615ee72e5e3ea604fa26cc6438ec4c30e90f7348e9116adf8e8efb7498320d2da16679fa546b1aa9afc7720b074c4e48e06862d41428c9e71a4772c2e195a6f36978":"c955a3bc316841be07e406d289c8":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a3e5020695587984074d78d9c98b8e1a5719e5f88372740e":"4cd56de54e5140a587be7dfd02d3a39e":"":"c0bfe3b2dc4dad17ec5a7662d86847fb67e582cc0baf469bc9baa7a075d48a8b97521a1072c2798bfbdae5ca3752eda1cb96fe5cf24af989eb77a2948aae3d8b70d83d93f84c49347f788480f34051621c358c03cf8159a70fc72cb8bc02876234ffe76b181da8b22b8796c87b0904da1af46de519c20d8d1b1dc7cc24e39ba5":"1a29527a41330259f918d99d7509":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"afe986ead799727063958e2ce13ca846f76c51605439f839":"f85a95ed10b69623162ab68d1098de94":"":"7c1b354a5bb214bd95147e32d81e658705089c38035d0ea423eb1a5c82f97443c6903d2cf1ba7a007eec7c8ff98b8f82b073d9636a79bd47c7f2f639a8eb4e92076f9ed615766f43ac3a4f1687301ed7d507766605e0e332880ae740ab72e861a2cb6dce1df1ff8be1873d25845ee7c665e712c5bbe029a1788634bce122836c":"3cf1cdb4a4fdc48da78a8b4e81":"":"a7f252ad7983e7083260598051bffd83f40f4d4a8b580cc2388d720a0979dde71549ddcb86b0a62c4964fca591d0982f3a203f2f8884ff4991f17e20f759ea7125ba2bb4d993722f23938994eb2709c850f33ed9889e5a3966f9d7b76add46aedf230e8f417425f9db79ccd46b5660361de7c5d87f71a9d82c491c0c3daaf56c":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2cfaa215841826a977ae6adfdd993346210c49dd04d5d493":"537a4ee307af3072e745570aaaadce34":"":"e8eb3b6edd0ca4201b49a6a83036445aba1a1db040f3e74511363bce769760a9914e05a067f555ca15a57c6e02e66fbe4e04dd8c8db8d6d14ebc01cc7d84a20ff0aacb69bb3679d6b7d9d2e07deda7c2d4fe4c584fe1166e78d21dc56b9cdad93709c03b9145b887f87b4f605f24f989d5e0534fc71a58e8a8619ee99f69e5f5":"df01cffbd3978850e07328e6b8":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"128ddc83d2170c403a517615056dceec0d19d6fd7632e738":"5124b410c43d875eca6ce298c45994a7":"":"cfe9f7797ee37bfc4f564419bf2268c964479efa7435970874154432930f3b2736438da4dc9c76200009651340e23044bc9d200a32acfd4df2e1b98b0bae3e9ff9d6e8181d926d2d03f89768edc35b963d341931ac57d2739b270ce254f042b64ceac4b75223b233602c9a4bdc925967b051440c28805d816abe76fc9d593f5a":"56ad9c1653f11a41fd649cccd8":"":"cf91f087fd7faf362caacf4a68cff51ec57b3075563e4ad0955df20b366e92bd75c3762cf4a6f0eb859872667a5c55aa5d94f5ac9479b1b9c9345b50f82379d551506a2ab02b0441b14b28b78a12b38500d703a8c19888fe612d4710eec7cd18c16d6a4b55d3c69760e2bed99efc8b551dbe2ac9b9b64715f87180b8e14d1795":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"98581c28983c4da321ce0c419cc0d476d539e77da513c894":"ff10234524433b871202c2cca6acb194":"":"bdef5b65b5111b29e781a6b71a0160179c52b5bccb1ac5c0377b26cf3f61432f3ccd67633a836357c24b5099db0510a7f8110f59e8227cacd11f17ea1798b5d4d68902ca6c6eccd319fef14545edd135078b38d43b61c9af269fc72f7a209ba7897e4c6dbd21bb71d7e93d2d2426ffa1557cae28e74059d3baf06ba419a47b39":"984943355a7aef15c4fb8033":"":"808e28bfd441cb8890416a757d252c986daa8d607ac9cadd2f4fd29eddbcf3b859ba298e14a4ccefe2c2752b123f87b98d6708fde48faca4bc7dd818a7ea76cfa4357932e59cb6be0e9283bdfb49454b86b9fd04aa8cdef503c65d13fcff42e9cd8f142f8c06cf7daa6d8ef8b9c9d69c39e8afd980048fecf731fd674b2a814b":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"167b8b6df8014c8f3de912b77f5a0c113580aa42d785298f":"49da91e926091a448d57d521cc90f3c0":"":"4f787de12ba907a589edf74c8e7a6cdaaabebddd465a86e170e1efc289240298b516fddc43c7fd9bb1c51720a4455db4dd630b59aebaa82bd578eb3cb19f8b23ee6897c1fefaef820430efa6eb7d6ff04de4d8b079605fb520b0d33e96c28f0cd71983c4ce76c0ea62fd7209d21ec7b416881d545824a73d1f9f8d3323fdb90c":"99198f55f9fa763651bba58e":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"71f5f8505fba62f08fa0557dd5407fc83a852c6007ccecc8":"b5efb9feae3de41b5ce9aa75583b8d21":"":"3e19ec02365e450e946123a3362f9859352eb52902a6bcb8a782285dfac9d2b282f56302b60d6e9f53fddd16bbf04976cf4eb84ef3b6583e9dc2f805276a7b7340dec7abde4916fb94b0ed9c9af6d4917b27e44d25f3952d0444cd32a4a574e165a23fa8c93229ceb48345171a4f20d610b5be7d9e40dcf7209128f029fed6bf":"9604d031fa43dcd0853e641c":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4cdb38f8185a4186fc983e58a776a6454b92ecf0bffefe98":"aef257dd44d14d0bc75f9311ef24e85a":"":"1ca72c50a093076e9a9dfa09888b9c89eb36a942072fc536a81713f05a2669b39fdb2871b82ca47dcaf18393ca81dcb499aafcc4ed57ea79f8d4f9bd63540610215b2c65481b294638cec41264a7fdca4230df5fe1e7e3d8d26dcd0c435fec8e9bf778f9e6f13482157a9722761601e08425f6160d3bb626ae39ee1117b0353c":"d951becb0d55f9fb":"":"2eaa7e922dbd8963e2078aae216636276f3f7cb5d7f35fa759e91bddb6e247a93c388241ba1d0d37040c0b9e447c67d35b4991c1acce97914f3bc22ee50171bc5922299983ee70af79303265bc1ae1e7334202460618b4a8891d1a7eaaac5cac1e4dce024ce662d14849993f89e771fb873644b552120fd346250df39aaaa403":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ee8d3aced3aa3cb2166aa66c4a252c12dc0978830d0bc75b":"c15c9c0b0b70c7321df044bfde2b15fb":"":"ee69b2421d43a9f383d99f9802ba4d6cf1c537b42041c86cce681049bb475e5098d4181f1902b0a49c202bf34ef70ea7b787fa685ab8f824fcc27282146d8158925bfef47ccba89aa81c0565eacb087b46b8706c9f886b7edf863701003051d6fb57e45e61d33412591ec818d016eec7dee4254636615a43dacb4f1e6ec35702":"c5c9851a6bf686d0":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4a8538d609444e3197ab740cd33b66db1cf53600096b94e0":"0bd64d222532dae8ab63dc299355bf2a":"":"8c2b8fb775d1b21c41a3dcf48ad6d68ab05be3879f9b94b305a6ce4d799e3a992c1c3a65a3e4eab563edb57424927c90c76e49386e29dd5e7de2800fcc0eefbc8b4f977f71be3754c006ee93dc09b1cfa59c424b6b3987aeb56feefc21004c63e8284b6845e395bc8843cca0917267fb4a8f2db1f7daafe7a9da95083a44de70":"3477cad1fd4098b2":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"447f0f065771b6129952e52206a64fe0844658ed685e39cd":"37e3a300542d9caf3975c6429cb8a2e8":"":"fea5d227869e527882c63a68a6623f4a699df82b3dc715c7260a5554336df8376744c05ae89ec27d40da02d9f1c5e9e29405579fd4132143cb21cdbe3edfaaab62128ecc28018725c8dd309d2376223d2e2edfea9765699b2630ff5d9fe9bec416c0ca6418b938d195d31a08e4034c49d79e3a249edd65f985230b33c444dd02":"06bfca29":"":"e1bdd1c212b159b87e41a5f64dcba6b27aa0f5c8871fabfb588df0e06bd7730ec1beb0e3388f96c992a573ff69b34870f83c53fb65b420c1c6f92e2aa6f03917e8203d77c7f5ee08baf9fab12f9d38fc0ffb83807ba781c3dd7b62edca2121f68ef230b42b8adbd4cea072209d02713789ed559b83739a54cfde69e68bdc4128":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f465e95f6fc19fe6968b98319b547104d0c01c17105f8fc0":"6cba4efc8d4840aa044a92d03d6b4d69":"":"2426f108368a00d2a49670a3b64b4f0569c6da9660163e7b209ec3f8d058ee11f7818a8c5030c5f4ce6e1e5a93faa3e5ae3d0bd5d712fbc891cfeb20845707edcf5e29719a5246a3b024fb12d37bd1b81df3812fd50b1dfb3e948ce546dd165cc77f903c07fe32bc7da7fbc25036679017317ce94cd8a00c1bce7379774f1714":"92750ac9":"":"2e59b104c1a6f6d651000396adbfa009bf4cf8cbf714da8e4d3b4a62bd7f522d614decf090c7552a4b9e8d7ee457ba642d5100c0c81c14cbba8c8ff49b12827f6ebd41504ccb6dfc97cdf8532d1f7f7e603c609efa72d2ae0dce036ec4ab36849a0c06f8737d9710075a1daaed3867ca0a7e22111c0e7afae91f553b6fd66c6e":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,0,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f08e3e9f7b3a20ccdc4d98b56f2b567399a28a6b3908deab":"4f4636d1b283bfa72c82809eb4f12519":"":"a986e816f1eafb532c716a555cca1839a1b0523410134ea0426ab309520b339fc1fdeb40478ae76823cee4e03b8d3450e6be92d5ff17b2f78400f0176e6d6a3930bd076a7a3c87c3397dcc0520c6b7b4ff9059ea21e71c91912a74aac2ca70eec422b507cc5c60860bb8baca01eec2a3003970ba84011efe576804b2820e306c":"16c80a62":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"87b5372571fb244648053c99405999130f87a7c178052297":"a1cc81b87bd36affe3af50546e361c9e":"684ce23f59632308d7db14f7f6eddaf4d83271fb0c27401b09518a775b36252540f14305f0dae13ff6c0dc565c9e570759e070c8ac73dfb97abd3285689a7cdcfc941f6271be3b418740b42ba4a114421065a785be3dfa944c86af56da8209779e8736e62529c418b507c6d8ae002cbc0431747722afd64521734f99273de455":"ae078d1554fc6a14447a28c3dd753e790f7ef9b53e35c3e0fe63a7b1b326bc56034847f8a31c2d6358049aae990bfe7575b439db370aa515e225e0ec730488c700a7b0a96a7b8e4e8e4c6afec20decd16fe3c0f3f8d7a6cf7a8711d170829d14c706cceb00e133b8c65c8e08cd984b884662eddd2258ce629abf6b9dd28688c9":"98177b3428e64bc98631375905c0100f":"":"8be7df33a86b1162464af738de582a357d0ce8e213bba1b7913c0d13ad759d62c3bf4366f5130b3af2b255b7ad530b4977627f9e76b07e360c079d0f763dabbd22e976b98cd5495c6182f95bc963aad4b719446f49d3a448d11cac5bfcba4b675b8e4d88a389e2580e8f383f95bf85c72e698680d2a2bc993c9ee1ce0d1f1ac3":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a2d069b826455d5e79e65db4f1d2b6a29ae9f401bc623917":"6d40a0c7813bc0410ff73f19bb5d89c9":"9960376b1898618d98c327c1761959d045488cc6198238bbe72662f276d47b41e8aebc06dbce63da5adcb302a61ade140c72b9cf9f6dfad6ecedd7401c9509fae349d3c7debe35117776227ba167f2b75921d7321d79f4ebca13d20af1638a1567043365f179f4162795fe4fd80b5d832e4ca70e7bf9830bc272b82182f70d2e":"acd6225dc5b9109d56ea565ab38dd4db432a7ec08f0db04f1c6b691c96d2eaaa6be62da7cc7fd75f931716c7f39705ea7cf828f1a5a325955e9b2c77e7fb2d562be6a89b3351b1b3d1355b43b73ed425049430314c16bf0836ed580e9390a3b8e2a652fddbfa939ca4c3c99765b09db7f30bf2ef88e1aa030e68958722cb0da3":"010195091d4e1684029e58439039d91e":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f3252351fe8e7c628c418c1a49709bf1f8e20add82539948":"eacd2b1c3cf01bf4ea7582d8ee2675d5":"141cb39a2fb8e735e0c97207f1b618a4b98f6b9bf8c44a1c8e9ea575a7759cc2a02301274553e7744408b2c577b4c8c2a00e18f8717fd8a6d2f46a44eeb05d685fbef7edeb4229e7ea9b8e419ffcb504d33583b3ae421c84caeca9f9789047dd7b1810318d3765307233567bc40e003401c9f4e1b07a2a7162889e1a092aedc1":"7e8d2816d280c91d232bad43b6610e2d0532a9f670f221a3a975fb16472c2e83b168115e87a487bcd14b37f075e1faa59c42515c353cdefc728ac617b7d273fa96778e3fb5f7a1132f8e2add4a57015b15d1984338b7862356243d1c5aa628406f4a507498eda12d2f652c55e8e58113ed828783b82505790654f036b610f89a":"63a310b4f43b421a863fb00fafd7eac4":"":"699c146927ae29025e5b20088b20af27bc75449e4725ee6b7d5dc60b44ba8a06f7d265330c16060fbd6def244630d056c82676be2dc85d891c63d005804085c93ce88f3f57c2d2c0371c31027d0a4a0031e3f473cb373db63d4ff8f65be9ebe74045de813a4e6c688110d000f6b12406881c08085c9348e1f0315038907e33f7":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"e462957f2c500bf2d6bfa9af97938fdd8930e360ea4175e7":"b380584a3f4e0e59add4753c282f2cf7":"682b0af6592eef173e559407e7f56574c069251b92092570cbb7f5a2f05e88bed0af48dcda45b2930b1ee7d5da78dc43ec3598a38593df7c548058eda3c9275c1304489aff95f33a6cd79e724e8d12ca0ae92b20273eb3736efcd50dc49e803ad631dcbf64376a45a687eb4e417aef08a3f5f8230d3f0b266ea732c21ed2eed7":"82a7a6dd82a5ea3d9a8e9541d854978487eda298b483df02b45c76b8b38bac98ffd969dd160a2765595b19d4ea3e64351ce95764a903f595dd673d13facf5a5594e01be1d60a0c6d28b866a1f93a63a74fecb6d73ac6fb26b20c008b93db53e9dc1d3e3902359fd47734fe22a5c6958f97e9001cc4e8b6484d9542dbbdfcfcdc":"28a43253d8b37795433140641e9ffd":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"4a62ddd87f41c6df756e8da0985dcd8c91e73ba395b3d79b":"1d1843e2118772d76a0244a2c33c60bd":"028b92727b75b14cb8dfeb7a86a7fec50cd5de46aa4a34645754918b8606819d4bf8a2e7531a05ae5505492ca6cbc8c0e6d6ab2dea23bff1fdf581bb780b4a3312aa39639383fd10bcf92489801954733f16b021c2e84809345216f8f28a99773341e40c4a64305a2098eaa39f26a93bd556c97f02090e1a6c181a4e13e17d3a":"37a83ee6dbdece212446739ea353cb957b9aa409c88bee042bbc3a6e5199aeb28f2b4b00ff433c0c68d6db5a197566019db8a4c7a792e2839a19a302ee02bee046adce04c1fbbd5b0c457d7cbe277992ce2c153d132269e2d1f12b084cf3026a202b4664bc9d11832e9b99c7cc5035dcfde5991dd41aeb4fbf8bec5126a9f524":"ab738073228bdf1e8fd4430b5c7d79":"":"e702f1bb9a1f395c74fca0ce9cdf29e7332c14acaca45200cd432a5767be38929ef8de43d0e1a5e7300c1eb669ac1ab997b31cb1403af8451e77e63505920af0f8c3abf5a9450ea47371039ba1cf2d65a14fa5f013b7ce1d175859404dcf6461a36e8bc260e7abf739d8951ddf1a3754e2d65e0aa31320a5ffca822023bc0906":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fc46976d38a581a7042a94ea4b5bfe3587ddc65d1162d71e":"b5e92563dd0339df00b7ffa2239d21bc":"7b6f6e104acbcd7188161477d8e425ff99add22df4d22de7f28d0a0075ca4ef848f68d07ed22d3165c08e40890ce04d1bd05b1a6ccb2fec8193d5f7dffc93d97a0c036b3748f708b011b68247a0249b9e1a60b652164e5c2fd7210377de804ac010c8aa08a11f40af97e8370a59f936cd14c22ea7a236d904145adc04a241fc0":"4b9e858fc8f01903e426112192d4ae4686b1ae4d683b75afb2b8c63590275943d0d6d6a23b6d35796a2f101203acba107474ca6f4ff6dd87d6b77785ad1d160ef2755d84092dc70c86db5e639b689943b15efa646aff44b3f51f5d3f4cf6c8f7fc5adfe7bf2d72f75b93b8ee94ef3fa69ea0fc0bb77b3983901fdcd30bcd36f5":"d4356cb417953b01f7b1110c8aa3eb":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"403e49feadd4db763652ed5c4b1e12680cfe0abc30f4696d":"1a60258a56e15f92814b4d372255a80d":"a4ffa9e3c612103224c86515dad4343cbca7a7daf277f5828670834f4d9af67b9a935c71b2130dfbc929c4409bffb7974ffa87523b58890770439c33342880b33319c626bf776c1c0aeb9c2a348a7681572f4ff711d94c192f3450e8b1275f9d02c742a2c9f1da316e9918bf787f22699172986cb9b10fc56d5f6b8392ff92b8":"221c61d769febce3913bfead9a201a805f11005ddcac185cbae00ce749de9c4362889b1b0d9546e91598e0ddedb88b673a90acca65d7e71a85636be052f361839a646dc8b834c02f3e2261d370e6bac9636b7536225b5ea77881200c8a3450d21bfd1e11afb3a470e178ecfe944a25a7cd0254e04a42b67723aac8afffd56fee":"62646fc8bfe38b3ba6d62f9011e3":"":"5c76c90dea7d659804ad873960906259fbdda3614277ec575d9eec730e747a2e7b9df6716b4c38d3451e319eeecee74d1f4918266fc9239de87080f1ad437b47c6904ed2d5514161ad25e3e237655e00e53fe18d452576580e89b2f1f0f6aa7e40a337fd8c48d690fe013a67264a80e9b5dfd009a9152d559aa02a68f401a09b":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"c3471259512d1f03ce44c1ddac186e9a56c1434a6ac567c6":"50164c63d466148ab371376d5c2b6b72":"11d1f523888bea1fbc680d34bc9b66957d651efa59e788db3d3f6f50e72184b9d14e9ff9bc05fb687520cf423d681812e007025eedf0e78e7e8191e6b62404e8eb400cf837d762a31aa248553367263d6de091fcf7abedc3e69fc118b7efb0594c89b96c387b7c28ed9a7b75db60b6b5133949b891ff81eca5790a265f12a58c":"dd5b98b3b3cf03fb92be579068a885afd984630692eb5f155fa6b49f2b1690b803d34b90e8de3cc39c2e61650ffffb51e7ef36d35ad17dc4d91f336363b0734996b162b509c9954cab3dd959bde7e437e9100d84c44104c61e29dbe12492a0272ce6eea2906d390de7808d337e8c650b3301af04a9ed52ab9ea208f3c7439d6c":"6c5f38232e8a43871ab72a3419ad":"":"50438ee712720abf2089331e4c058b30c30c3d17834c507c0010ac3f974a256d01b14a45e9ce5193c5cede41330cf31e1a07a1f5e3ceca515cc971bfda0fbe0b823450efc30563e8ed941b0350f146ec75cd31a2c7e1e469c2dd860c0fd5b286219018d4fbacda164a40d2980aa3a27aa95f8b8e2cd8e2f5f20d79a22c3ff028":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ec326a1e0fe6a99421398df4fc7d8fea67b67e5f5fcd50ad":"c94aa4baa840a044dbd5942787a0c951":"f8401c578f20d9c250ea86eb945184e007a0190462c7abddf238ce1ceddcc230756aa222386d8ba66ebbba13de008ced140896ac55bc47c231cc81370ca9feadc225e017d59890e6291cc4cca27db3078c0cd6cbb51afb62210226a76837c5454728cb5ce3afe7352e7fe75421f94986e6b7b26321bbca15c75ac7c13dc15f50":"6d5016c434a0f4b4a5d9e0b6b8e2d848a94f132f055d2d847e54601a4c9cfc5966a654d696f8a3529a48a90b491ea0d31c08eae8ef364f71f8ec7ae7f7e39bb9c331137b2578362ff165628099944ba8deb0d99ac660d5ed2215b9a7626ff1fa6173cd8dd676c988d16c9cf750a0d793f584c3c8f5fd5d167bc278f4d77a629c":"3269922affb9d767f5abe041cc8e":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"a7ef81652f604e88a72416924c53979dc73cadd3575eda1c":"0cc9ae54c9a85f3e9325c5f3658ab3b2":"d0195b744351aa25a57a99df9573dfa3cebe9850139149b64f7e4af37756a430dda8af98e4ed480e913aa82821c01c1f75b187e105a8f39621757d522c083a8d81d7d8bfe6cf15c439d0692b6affd655a11bcd2457046fae996a1075c66029867b88cd23c503ae04037dd41f27bafd5000d1f516002f9fcc0f2500e8c1b27de0":"9ecd19a8eba9fba843486e1bbfb8d9053c5e04b24e30174d4aa89d8307439d653f8630edddafd51719c744bcb4bce3e444847567bd2cdde2995870d0634cc0ba2bde4b6bc2bc583062fb83874a1c25b50aeb945bd109a151772c077438c4d1caaeb5b0c56390ac23c6d117f3a00fd616306fc2ffc4c1e76f934b30fbbc52eec2":"22c2efeddfd5d9cb528861c4eb":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"605271a41e263c92dc14fe9df5203e79d58cc2d1289dc361":"7f128092a777fc503adc7f6b85eb2006":"aef9f984fb645e08d5f0aa07a31c114d2f8e9eca047e4a8d5471378cfc2ced1159dc093d174788e58447a854be58942ed9a3fd45f3f4a1af7351e087369a267797c525f134e79709097e733b9003b9be0c569fc70ee3462b815b6410e19954ce2efac121300c06fd9e00542a9c6a5a682fe1010c145acbbb8b82333bdb5ddfd9":"2bda3448a283ecba31e0299c0a9e44628cb2b41fa7b1a41107e107cabc381083bdbe048f2804568fdd5fe016f4d607f694042a459ba03a2deda4cccc8cbe4612d8ed0d4575e48bc9f59843369dbe2af6d048e65ff4250e1eef61d7b1b378fe2f3305b133ddc7e37d95ca6de89a971730fc80da943a767ff137707a8d8a24329c":"673afea592b2ce16bd058469f1":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"fa076f36cb678e2275561e9553ebdf397360e5a5e44791c4":"1ecd53d94fe287047ff184e8b9b71a26":"5ff25f7bac5f76f533f9edffdfd2b2991d7fc4cd5a0452a1031da6094cd498297fb2a05ae8db71cb3451e4ac33a01172619035a9621d2d54f812ef5343e14b9dedc93838e4cf30e223d215b4d2476ea961a17ac7295069f25b2a12d6e2efe76d91f45632c6d4e61ff19a95d5ae36af960d95050ce98b5791df0b7e322411c884":"513305e86c0cb046c5d3720b25a406392766bd1fb7de2758de370ff2e68281e211922890c61f3659460f22c45a57895b424441262a3ba0606df4e2701f38281fd3436a4d0e0f8efecd231808a9ea063dfb725015a91f27cadfe7909a0ee109eac391ac807afed1767ae0515b9c1b51ae9a48b38fe7fec7fe0ddee562c945e5ae":"079e8db9c3e6eddb0335b1cf64":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"ce9dafa0e7e53a8766fc0bc38fba807d04e14e5ed61bc234":"fd0751af49814ee98b2b0cdf730adaa6":"1cba488a0fc8a012f9a336cc7b01cbcc504178eeb08237dbedbc6c7ac68fdf3a6742751a207e43d43068abf6ef4e12a5e3c17e5a2f9398fc04ced67377cbb858fd6020fad675a880adb249e4aba94b96efa515d1cdf5c0c3071a27a3245968867ea94b2bfc2028a67be34c84c3f475944497aa8ca1ab009f8e4b11c8308c1996":"b585b8bf634757dac015f2f69f2ae674372a664f2115ad2d03bd3e0c335306b02d0947d3cda5991f5c0c25f12ead2c3cc2d65d575fd67091c70bc93ddb4b1e21f7b0fc6e6ae652dea93a6564ff13489f927942e64dd94bf8f821c7ffdef16df58bd8306a957821ac256da6f19c9d96e48eee87f88acb83bae05d693b70b9337b":"e5dc92f4ad4000e9b62fb637":"":"95f4324b0656bef19eca5570548fc6a7a9923f4e2a7e42066891bc132fd73bc1c9089755d996756de0072824e69c43f2db8ba2bf6f90d3c4eafc0721ceaccce1af896f9fb15fb19c4746979b6d945f593fad61d550f81d12b5945ed728c02931d7f8d917285c22a3af748d75a6bf163fddd84b941d8564c1a63192c816ad6d6d":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"8a328554fed68dc4838fbc89fd162c99ec105b36651abbc9":"e4f7c69a1d026eeebfc45e77bd7b3538":"e349dcedb0bfcc771c820f0d510b80cef32ae3326484e25aa183015941e7844bc46f617d5e61fd64fa71759e90fcb72ae220bcd507f0fb389b689dd3fa29b3b937eded85f26ada9e0f3f5109f82fef47c7eba7313049750ad17969e7550c0d4093ed18ee27843d082bcee8bf3fc7833d569b7723998595a5a1d871089fd238da":"75986f56972c045c850ed68aeb229f203b228fdfc36cad6b16d9bd12037c48700d20d8062a983ffeca76b8d36a67ef51bc8853706e83a34e4e23ff4f4a4eb943f19dbe85e454043d7906be6587a85079f9ccd27962d2905117d2dbeaf725d6ffe87bef52b2138da153ef29b18065b3342b3f9d07837d57b8bc5f2597de06c54f":"8e8320912fff628f47e92430":"":"a1ed65cfc7e1aeccd0531bce1dc749c7aa84451ec0f29856f12f22c4105888c7d62e2e2fc8ad7a62748610b16e57490f061ad063c88800037d7244ee59e109d445205280473390336d7b6089f3a78218447b1b2398c4d0b3aac8b57a35891ad60dc1b69ad75e2e86248ceac7bb4cf3caade4a896e5ee8c76893ef990f6f65266":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"6e7f6feb4022312de5c804ed1d7a37580d74499107f8cc8b":"6ce13485ffbc80567b02dd542344d7ef":"c6804a2bd8c34de14fe485c8b7caa2564adaf9fcbb754bd2cc1d88ba9183f13d110c762a3c5d2afc0fbc80aedcb91e45efe43d9320075420ee85ab22505f20e77fa4624b0387346c1bd944e9cd54055b5135c7fc92e85390ecf45a7091136b47e3d68d9076594cfad36c36047538e652178c375a2fe59a246a79784577860189":"4f5bbdf575ab8f778549f749f2265e17dc7225713e73ee6d7be163ff7071557dcc2240b0705c079008605f81396414ac64f06b1b637876e04c3fca8d0fa576cef4dd3dc553fd6808eaf120f837f9bb1d9dbbd5cf67ed497167fc7db89d3a84151b81aeab0e921057f121583df5ed7f976b206ece17a913f23485385f64c462a8":"974bd0c4a8cac1563a0e0ce0":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"46d6e982feff0e7d04a84384c56739b69626dde500e4b7fb":"71a6d1e022a6bdff6460c674fb0cf048":"67a8455c7d3fbfdba3c5ec5f40e0be935fbb9417e805771832ffad06ba38a61b8377997af1f586dc0fa1e3da0b39facd520db1f0ec2bdf1904a3a897f0b507c901fab30a85de51effa9f7d4703ceeb2ca72abe0bd146ba0bd3ffdee11628310db7d65ea1343b018084ea2414995f86fefb45ba91a9dc2236d92078b4305671b5":"a5160fb2d397b55a7eba02df33a042404188f02f4492d46f4edc03fc67723d64f5f7fed3a60728438703c60454a30f473ac918ffc8f98be5c5e9779ee984415e415ce3c71f9acc3f808d215be58535d3144cebe7982b9b527edbe41446161094d6fc74dec2e0a1c644bbc2cf5779a22bd4117a7edb11d13e35e95feeb418d3f0":"84f1efd34ff84e83":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"991dcaa2e8fdad2b4e6e462a3c06c96067ef5e9fb133496a":"978913d2c822ba7cc758041d5ee46759":"5a94dc81af011a8af263318b60215b9752292b194b89f6fc013b0fe8e29133de631d981862f2c131ee34905bd93caffc3b8f91aeb0264b27a509e5c6a41ae781209f8c5895d0d35b3c5e1ae34a1a92a2b979e0e62132051394940ea4d9bfffb8d89ba1e8331b15bdf05c41db83a57745a4a651a757cc8648acdcf850a2f25367":"9cd0c27f0c2011c1ab947400d28516c7f46d22a409a18fd35c1babf693b8030dfd7822d9ba03bb8fd56a00f9c7149c056640dde690889d2f23978eeeb28ccc26e2fc251220a3682c963f5580c654c1a6736cccb1b8ed104ec7390021d244bd9f92abde89e39a4b83eff8211c8a6259bd6ac2af1da7dfb8cf1355238056c60381":"15d456da7645abf2":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"f29cff00781f5916930f125489c87d21f6593324d1506f65":"50db7ee25a9f815c784236f908bfd7f2":"ec1482e18692bcd6894a364c4a6abb9c3b9818bb17e5e1fc9ec0b41702c423f3a60907e94c888fad8e78f51e1f724b39969ba7b11d31b503504b304d5c4b4cbd42634f4ec5080a9fe51c82e121ae191270dd2c307af84c82d892d982413a50ccce33698054f761a3fa93da9a1fca321296b378a50d458ba78e57a70da4676150":"a3e8595747b7147d471ac4fe38014bf4a409931e3f419ff88ae249ba7a7f51bd0ede371bf153bab4b28020b7a82a8ca30b75f1e3bcfee3c13db813cbc85138ef05874dedb14a6e5b6d06d7589a83bd5e052dc64433a8e24c1188b9470ddb2536d13b4b7bff0c5afcfaa9aa0157c3aae3b1774df2df14f965d6dee4332edba67e":"a1e19ef2f0d4b9f1":"":"eea18261a4de31d8619e77005ebbb3998c5dcfac2bc120ae465e29d6b4c46de7e6c044c8b148ffe4eda7629c243df8af4e7ceb512d5751a3ee58defb0690b6f26b51086dedfde38748f6f0bbe6b495f4304373188e5d2dc93461bd51bf720149a7d3aa543623b122b9af0123b2cdc9020136b041a49498ec4aa696c2d3c46d06":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"2087e14092dad6df8996715cb1cfca90094f030328080ffd":"d30504afb6f8b6ac444b4a76115d79d1":"d95845d268c8d8f9135d310c39e30f55f83ef7ffee69e6ba1f80d08e92ed473b5ac12cc8f7a872bfc8b325e6b8e374609c90beaf52d975f71caeef5ee4c13de08dce80d358ee1cd091faea209a24e3392adcfe01aeb2b2e1738bc75d4a9b7cd31df7f878141cf278d150f6faa83fb3a2fd1225542a39c900606c602f15c06a4f":"6d039513061980fb195bdf2f7c7079ca4b7e0fdd50d948cbfab5ba10b99e3aea27f08abd000c428851de82cacb0d64c146cd9567e9d55b89819876d6a635bd68bcaf47ffa41e02d9ee97f5a2363bfe6131ae7a21ea5130ae953a64d57d6cbfd45260c5f1946388d445ce97d23ab7ba31a5069a4896bc940a71de32bde02bc18d":"5412f25c":"":"1e81a4c10a3440d0002ddc1bfa42ebb08e504fcc8f0497915c51b6f5f75fee3f0cd3e9c5a81ff6528e0fecd68a36192114f17fa1a4cfe21918dac46e3ba1383c2678c7a6889a980024ee2a21bcf737f7723b5735e1ebe78996f7c7eace2802ebb8284216867d73b53a370a57d5b587d070a96db34b5b4f5afe7f39830498c112":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"3fc76d627c775de2f789279dc7b67979a9f1cc23c8dcabc9":"8f6fd53eb97e12dcd4d40f2843e25365":"e56995df73e52606a11de9df6c7bfb0ef93b86bf6766e319aea59372060294b0e1b13c6288c2310a4bef725a2dddb174f3e1228649861757903c4497a0eec9c141454fc75f101439a2150e368857c4f0f6e5161c42c77f632bf1c229a52595cbf16e9018de9a8f6a1e6b8b18bd244f93f001eb2eb315405d223c0d27ece9d4d9":"92a60d38fc687b92d44635aafee416a142d11a025680e5aa42e9ba5aa010462991ad3dd7328ca4a693673410f9bba37f05a551b949ab0d43fc61ef3b8996dd3fc1b325e66eec6cc61ea667500f82a83e699756a139d14be6ca9747ed38cd9b1d9da032ece311331bdcd698666ddc970b8be2b746ec55fe60e65d7ae47c6f853c":"613ba486":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-192,128,1024,1024,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_GCM:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"ca362e615024a1fe11286668646cc1de":"237d95d86a5ad46035870f576a1757eded636c7234d5ed0f8039f6f59f1333cc31cb893170d1baa98bd4e79576de920120ead0fdecfb343edbc2fcc556540a91607388a05d43bdb8b55f1327552feed3b620614dfcccb2b342083896cbc81dc9670b761add998913ca813163708a45974e6d7b56dfd0511a72eb879f239d6a6d":"e3dc64e3c02731fe6e6ec0e899183018da347bf8bd476aa7746d7a7729d83a95f64bb732ba987468d0cede154e28169f7bafa36559200795037ee38279e0e4ca40f9cfa85aa0c8035df9649345c8fdffd1c31528b485dfe443c1923180cc8fae5196d16f822be4ad07e3f1234e1d218e7c8fb37a0e4480dc6717c9c09ff5c45f":"28d730ea":"":"dafde27aa8b3076bfa16ab1d89207d339c4997f8a756cc3eb62c0b023976de808ab640ba4467f2b2ea83d238861229c73387594cd43770386512ea595a70888b4c38863472279e06b923e7cf32438199b3e054ac4bc21baa8df39ddaa207ebb17fa4cad6e83ea58c3a92ec74e6e01b0a8979af145dd31d5df29750bb91b42d45":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2c186654406b2b92c9639a7189d4ab5ab0b9bb87c43005027f3fa832fd3507b1":"3a0324d63a70400490c92e7604a3ba97":"":"":"4c61cd2e28a13d78a4e87ea7374dd01a":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"747d01d82d7382b4263e7cbf25bd198a8a92faabf8d7367584c7e2fa506e9c5f":"7156358b203a44ef173706fdc81900f8":"":"":"9687fb231c4742a74d6bf78c62b8ac53":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1cbe30216136b7eaf223e6a7b46c06625176d9a08182fa806a63d8b143aa768b":"4fe6ace582c4e26ce71ee7f756fb7a88":"":"":"d5bdf8ec2896acafb7022708d74646c7":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f31194c83bb8da979a1eabb3337ceb3d38a663790da74380d8f94142ab8b8797":"404efd26b665c97ea75437892cf676b6":"":"":"e491075851eec28c723159cc1b2c76":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"daeed52ae4bf5cbe1ad58ae4ccb3da81fb9c0b6f7619ca21979313ad9d3e83c1":"4037eadb11249884b6b38b5525ba2df4":"":"":"360c6ef41cbd9cd4a4e649712d2930":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3ad81c34389406a965c60edb3214663ac4a6bd5cfd154ae8d9dc86dae93def64":"cebbce06a88852d3bb2978dbe2b5995a":"":"":"bd7ca9f6bd1099cde87c0f0d7cc887":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4c152ba30aefa5b2a08b0b4d9bf3f16fc208bb0bc4c4eca9411dc262d9276bad":"008d040fbd7342464209f330cf56722c":"":"":"c87107585751e666bedae2b1b7e8":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"9aed4ae6b1d857fdcbe5aec6db38440613dcc49f24aa31fba1f300b2585723f1":"947c5f0432723f2d7b560eca90842df1":"":"":"7d331fedcea0fd1e9e6a84385467":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cc80bc031676eff5f34dd076388a5130e985f9e06df4b4bf8490ff9ff20aae73":"51f639467083377795111d44f7d16592":"":"":"02d31f29e15f60ae3bee1ad7ea65":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"db7a40213b5b4b07e9900dc28f599403b0579cbce13fcd44dff090062f952686":"aea6f8690f865bca9f77a5ff843d2365":"":"":"7f2280776d6cd6802b3c85083c":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"299b874eaa8b7baf769f81f4988a41e2708ae928e69a5ba7b893e8e6b2db5c3b":"2aa04d85d2c0dc6f5294cb71c0d89ac1":"":"":"ea01723a22838ed65ceb80b1cf":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a6c7b4c8175db4cf23d0593ed8ea949043880fc02e2725f0ab90ae638f9dcfce":"ae07f8c7ac82c4f4c086e04a20db12bc":"":"":"1132e4fff06db51ff135ed9ced":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b98e1bf76828b65a81005449971fdc8b11be546d31de6616cd73c5813050c326":"929b006eb30d69b49a7f52392d7d3f11":"":"":"33940d330f7c019a57b74f2d":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"09ccef64ae761a70fe16772cba462b058a69477c91595de26a5f1bd637c3816f":"e34b19381f05693f7606ce043626664d":"":"":"2adc2c45947bfa7faa5c464a":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"654cf46598e5ad3e243472a459bcd80f1e026a65429352dbd56e73fcc5895d1c":"a56f27709e670b85e5917d5c1d5b0cc2":"":"":"177b9a5e6d9731419dd33c5c":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"84bca1b2768b9202bf194f2d5e5a0a5f51fd8bb725f2bab8a3fccbdb64a4ea70":"c45b2708c5bdf65ec6cc66b6dfb3623b":"":"":"fe82300adffd8c17":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c8ae011795c9a60ad7660a31fe354fa6f7e9c2724d7a126436291680cd95c007":"1bd9ea6186450f9cd253ccfed2812b1c":"":"":"35214bbc510430e3":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"df2f0a8a3849f497d12bda44e12ce30a6957f3febcd5ec9bc134171326ca66d3":"728cb9608b67a489a382aa677b1f4f5b":"":"":"e2ef5d9cc5791c01":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"78e8a8ad1ecd17446cf9cd9c56facfd4e10faf5762da0fd0da177f6a9b9c3a71":"f169ce6f3ccc58f6434ae2b8ad1a63a1":"":"":"0fe57572":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"02ca6d8a862e25db9d68e4404abc107e700135df4157cfb135ce98eaa33151c9":"7b722fdd43cff20832812f9baf2d6791":"":"":"72dea6cc":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"9a2b709dbcc3a4fb15b3ad541fb008c381b7e985b57df52f07ca7cd26ab1ecc4":"729baa4c0ef75ed8aae746376b39fe3c":"":"":"2a0d607c":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"449d39f863e4909984b37f2e5c09ea4d4b3e9fac67bd57c299e4e1d1f084aaa3":"d8e9118f331bb5a359f0aa8882861b72":"4ddcae0bc24d622e12bdeaac73e8d1ab7957af051d27dfaafce53aeed4cdd3f989ea25989a2f41cfb3c38dbd841c5560b0b5ab1861b1fbcd236865d13da55b50219462e021f8a21848a64a85326031fcec8fe47a6ef4a435dd2b2fff637644ffcf3914ef2dfa5dd556421bfd297be150b31db039f0f2cc422b282e659e70cceb":"":"c595b9d99414891228c9fa5edb5fcce3":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3e70e66813fc48f984dcda4d1c9c24f1d5d1b71ecfc8bb9581782e7cca5a5cc6":"d804f1051e72c9b7117002b862eb45ff":"0b1ab2b7a87cebac668c7a532fa8fa56a22cabf0c41fc1e6744ffe07c857c6865d623f508351f98f3f0c577d1eb94300a30a445472218c8ac626b0bee7d4c122d33f8130436a89add341e8ef7e00694afb4ad80d314d87ad3f921c7105eed05431b8151df7cff2c8e3790efd4acd3f60332dc7f34fdd90beef70f9093361d65b":"":"c09c2e3fdfefa222f7345ae4efb978fc":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"8e534041090b45b80f287dc5fa20ebda017ad81b0530e680f62c6280fd8881af":"ead675b019ef5c6bbf4985f2a382d6c1":"b1db220052c4bebcef27eed6db0dc91be481179d71160c5a2ddb2fe497a05484840b04cce48980057d770fbbd0d5f3d5c633b55470617ad2cab5767188283310337825c4b0eafe13b5b11293dec230dad43b220885105767938c7ec4600fe063f98aa14bc6afb886fc874c10546749da295f571e696305bd9165486e29f43f52":"":"9aa0cdad5686ca515cd58aed94938ef4":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2de18874470c09db683cf45cd752bdfa8bf33e7967220b1a69f41f2a02da1d80":"af30eb2d0a0c2a50ea413f3285aa88d4":"22889b868d8ccc9f488406813caed199b23091ddd796c8632f564e7cf5a39dfb725266a931fec958659b6fc5b6b9343b8217edb0acb010afc9416601155262b57bd398d62f555953f0e15958e19ae004fbc9cb25e0269a9eaa38a4635a27bfa719fb249fa49337796bcf5f416bba87fbf3b19f0d8c11290c25ca50bbdc822f01":"":"646bbc9b14681af65b0d1c4c9f1d0d":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1a1bb9122e762ecd7ff861a1d65e52607d98e7ae5bd1c3a944e443710f3b0599":"32f99ea4cbf52c2701c2252e5e6c863d":"91b7a70c3a06c1f7f2ea584acb5dd76177ba07323c94f2e8f7cbe93fc0bb7c389c3c88e16aa53174f0fc373bc778a6ccf91bf61b6e92c2969d3441eb17a0a835d30dcf882472a6d3cb036533b04d79f05ebfaadf221ae1c14af3f02fa41867acfdfa35f81e8a9d11d42b9a63288c759063c0c3040c3e6ee69cf7c75f9c33fea1":"":"a8e29e08623a3efdbbe8b111de30a4":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3bfad1e8f9850577f9ba3f290e9a5e91b494c2d99534220362e171a7543177ac":"8410886b70c57d7ded8596443bd1b157":"ca801c83596795515ea931edba00e06e332bf84246b7036e10b317e2d09a51b2981fcb664ee3bf4180bb0b12ed1cda221abc6790b27c26914f5ef9cea9536e2453cd5b247cb054e295c2687b725a97cbc484b8eb86c6ceee03bd07a54a9301a3ac0ddb23aecb825a238252e7575329058b40e75575a7f16439edf5be163ce5f5":"":"e3645db0c600dba52044efcecfc331":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"65debdf2f2191a6cd8de8ad4d5d4d0d8f731f67744e2545df6b2a7cba89c1ee0":"fdab2ee547dd8b6f5a4ea2dd19697b3e":"d2b0a0438ee0f145aec9a7ca452b788ecb473152b78fb75f6ace721afc7b0ae1942049b790f3a5b6221a8760295659756d35347cc04029be03459f3e23a71209b4e0bbe13a253a888c83db23376d3a6d9a539f7c9fa4a12dc64297e7c93dfa0ab53ef76b6e1d95bf6f3d5e6ee8f08662fc03ec9d40eff0a43f23ac313671bfd9":"":"c25fc157c3f2474885e2eea48aea":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"496ae810380460d40cd2fdae8c0739f16b87205cc7f57db0a71a473eb361d570":"77233de96f5e1744337778212b411bd5":"85f5b54b4c4af5c808120bd28d98e44e96f4126623e57684957e9fc4fd1a2d0583940b8fc8314a249325476e8d05247831b04709580ae714e8187cd38f9559419e14c9fc4f8c454ec191b8ef2a3610988fe3339d0dc6b72f5978f9eff9d596dfabf27056e3a908c6497267461386e860f6b9d65526294bcb92908b5661b06b5a":"":"4ed91af6340e70b0c2b94ab6f82e":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"aca188183b46139cc7cffc82a6aaaeb2fd73cecad14e75c663bd62daf1ec711d":"7bbf7fb55eb70cce94cc6a2b67de55ba":"015cfba90f069545fed60f31992ff3d3c3592eb91e7a53df5978ded64291954cb99a57de82d5398ce782b68d14ac04a8b425395bd076ead59eb445721bdb2f45e19fa089117800cbbac7b8313fb165ccb1122acb654e1242dc7fe6885ea1cbb7281b1270cfa1549cdfe9b47caf47b4ac3807e562e48c066566f5e606b5023b47":"":"3bcb5c2a4261d75bfa106fb25ee1":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"8cd6815f6ec15f03b7a53f159e877a5981e0ab7f6e6c261ddde4b47cbb2f2366":"c431c07d9adf5f61204a017259cddd75":"4e1a835402bde4f5227e64b46a1f8d0f23a9434e189377fcdf1b9621ba1987eb86a7f3b97ed0babfd674e74c5604a03dd016d71000a72bbbd00a7f7fe56ad0fcb36a3e24dd0fdb63bd66d4db415f35012416ed599796ca3f678df7eb5a1b17f75abb348ddd3b366369a7b362c9488aedab836b61f9a158f0b129c8ca0a53a81e":"":"0e463806ff34e206f703dd96b3":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"8f0a72abcda104aa7fae501f9a3b686d00d3f6fe984731db8a2865bfec587073":"ab8acd063775d1b1314f14e90fddd1be":"02c6d426e7f20b725d8cde0a6382e49b029b52126889013ef45251f27b2fadb95ca4a9a3b16ad06999eeca4a473e813045db4942e9b9ff2e5a5e429d9bac298372344d1b781d5facabf6d779643f31ada6124eb50aad599044b54279ec9b25714ac8a3b9ad2487cec7f4b1ee245d7be3d496d6af1d4cbee1c8201312541f3064":"":"3f0ccc134091e0c0425887b1b9":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"417135cad74280e6f8597dc791431c95cb8fa63bbf7197e3ab37c4b1d6d9438a":"0fe22d9ba1d0e32656e3a9f07a517a27":"a0b2712e81d329d5b076a4be2ad6823cee6dbd17d9a592d065bdebb92b1ff37a56bf2f5e5341f39c574246ccda19e5f35fede49c9ba958f3920cc5440fb404fab7846884ca0c2a3af5b51f4fe97a1395571319cc5b40f8aac986d77de280db82343983982638326ef003e0c013af19c34672975dc99ccc0853a1acf7c617d965":"":"888b836c9111073924a9b43069":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"304824914e32ea0efd61be6972586093349bd2cc2cf0cff44be943682b2dbff5":"b6d927a71929029f6766be42746f7cb1":"7281c81c7514f4b17cb125c4649006ef8959a400a1e4d609d277e363e433725fa32346a10bcbd826b6afc8222158920d0a2db1e6fc915e81231c34c3941ecf3c6f94ffe2136190cae3dc39a4277acbc247f36291b5614a8433b1a0780434a6c50521b72ec25145bbd3b192647155d5dd9df9e66762d39592602ea99bf9bfff49":"":"b6044c4d7f59491f68b2c61e":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"8a10e9abe9389738e12a4bb6f553ae81e8bd320e0dfbc05fbae2128c1fde7a23":"6da44354e198e3beb54792718becbcc1":"199d754630135b669bf2ec581d3027a569412ab39a78dd9d482e87b778ec65c6473656260c27827e00e566f1e3728fd7bc1853a39d00e43752c6f62c6f9b542a302eea4fd314473674f6926a878ec1e4b475d889126ce6317115aea7660b86ab7f7595695787f6954903f72361c917523615a86d6ce724bd4a20c9257984c0c6":"":"5c5683e587baf2bd32de3df5":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d164ffde5dd684becaf73e9667e3e6acb316682c41aea247899e104a54dd7a7f":"1d388e19e9d7a9750e2fc1187d4b075a":"f166a5b6f91261cda56f1a537f42ffb8aed10af5e0248f8910034b92dbc58d25953f1497f571d31fbf5ec30d92234b440161703851f0e43530418147ce6270fbcb5db33ab819ba8973051908704b6bea8aaca0718947e6aa82498a6e26a813981783ed9bf9d02eb1ea60927530c4700ff21f00179002b27903dd4103bbc5c645":"":"52e10495105799ead991547b":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2854188c28b15af4b8e528ab25c0950fc1384976f242716c91bddeec06f2fdea":"075af9c31f5252b8920092cbd999e7a0":"e9452f71093843a025bb5f655eb6a4e8316ab5946484b11818f22b62f4df75d5891fa3397537093a261dc9a7648b7477ea1f5fc761716e302763364bcab7992595edd0fc1c7f7ac719c879e6616e2007948eb8530065a6cccf73d0fe4a0598819b471b0856e6d90ea0fc0e5d36a30ee925b6b8e5dbf40e77f01efe782c0bb4f7":"":"6ff8fd87e5a31eb6":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2bfc445ac0365ae6c3c3815fd18bbd0c60ea224f6620d9b6ac442a500221f104":"43c5f3367a9955aaee1a0c4d4a330059":"db0bae8ce7c66a8ba2fedec22f236212e9a7ad72b371de285c7dc6d2f6c22df0ce4920e0f03f91eb1653c4490050b9f18a2a047115796f0adc41707d1ffcbf148aed5c82013f557e6c28f49434fc4eb20112f43566f212c48cec9894ac40772fcd9b611ee9444df7b73e35b8a38428ccb064c9c50491d2535e0b539f424db83e":"":"49aaa806cb2eeadd":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7b828f99aaf751bf22d993ed682e488595617a607ed74aaacbb6b60457453080":"d48dac1d8d77e245420feb2598812418":"f50f785f4e7c848a55a616ecf4b6b1e1ca85e16de7100c7e4273d411bd95c1380ee157ba501ba9616980195f34e39f43e335f33253342feb8ed64443483c721b85241a0320b3cac83104de2db47188c61a373fba592ea16feeefdee1f2bb43927396f58151418672ebb74afff5c029503a0d0be81430e81ed443e08b74c03183":"":"a5b71ecf845b25d0":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7b6da11d69fca3e4c907628d3eb63d95c7e502fc901372fd097e064e70831432":"6fe2148f250ea178d4c8ca8423ead87d":"a8097bb74ded776f578eb7588f5ef8915db9bfa7262af700c8e76ee114e07557b6786dd5a60a66b2703e7c9de5d6b42aca92568aec5d1ecc298dbd0edb150b8cc13c9a78698f7674caa94da6cacd1f3ef4ca4238c59830ea725ab3a6284e28966c8c32d9bccfb0cfd6583a5ca309debe86549a6f317d15c5f928cbc7f473310c":"":"e9cdbc52":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c5ae9328be49e761064080fc213e53e373fd86359a09d0355e2d438d9b8e68f1":"a7e3f8660ff925d5c88c5aceffbd7026":"2ddddba7a56cc808aec4602f09ae9bd78887827bf0315d8dbe16821606ef9d117746dd138bf1f23565d1ab8f4cee36d53fe3730632c5df9f12109b16edbeae285bb49dfdd155f5dc97b319a85362d53cc86817b7c1c31e5e87c9f37422f133d00dd0776bd92ab05ce6860573cd911645cfe3fbe515e85f744899a447fe443653":"":"e35dbac8":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e4f8ca13ba86c658cc7f42d4f029422209efbd101bc10a1df81a42cfb3a0f79f":"1a362fa0e4054ba11e4b06d59c8bc9cf":"e7ad5c75aa13659f8ce4b1650c46382645ec67418199b84ea445b8ceef619ef3fbde59ed3d313c459e36fcf87d26ef2b453409b32f1086934c3072c1ef0aac83762d28b1193b9afff2c083ce4300b768b0ae23ff9d3dcf65bc1693f1350da65180620aab205aceacfc683c8be53a332e2d0337a7518d2a5204f9c8d7325a4799":"":"e7a37f15":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"00050a21ca1e72cd0924be31b943c60854be6744577de3dd9d1f4fada4a19ea6":"2fc1afc1395d8409919248709f468496":"":"693ffd3d92294857a99c702a0799eeca28ab066dd90917b9ea5ef8f6547f1d90b106cbec8ef2c22af9f8efa6c652f2f97c2baf33af14fe9def230d49524bd65909c3df1490f637f99e788dcc042b40e00bd524c91e2427ef991bf77e7b2f770cda6e90076c5dac4cac7ee3958b53ff8ce846c3a96281f53c2c52f5f3e523536f":"e39b6a7fd5ac67a2a1cc24d5eb9d9c74":"":"cfcd6b9ff7641829cbadeaa2e56f1f150a099eccf3e378fa4da59794dcc4490aa4f9c5db0ab245bec36a7d4557a572008e42f03bc1baff3c946f23f54a4dc9828f106cf4264e4ab40165839d1085e7795b1ae0950f0ee4a08e46ada501b6b51dee0e518129c9426e5bd44c66674a9f99cfe676f002cfd344c5bbd22d3d91e600":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f10965a66255f0c3515af497ccbb257a09f22ec2d57c5edae322a3e6d2d188ef":"c571ce0e911de5d883dc4a0787483235":"":"91598690edf2de8b27f9bc7461a84e80811cee544f0542923898328cf157590251f0342cb81d359b5dccc5391a12320d1444c26f24178977dd6705c2b365dc1ece0152c42e2f0ee3162cf886ef5529f4f16a77f3bdd2aeccd405b59addf098521d0d38cc25f1991e11be7ecf24caedb48a2a286d2e560a38fa9001c5a228c4d1":"6d9d3a5dbc8dce385f092fff14bfffda":"":"2867996e389e09ec0da94d42e77b1e436b50065b09ca4adf1cd03240444ee699dbb7b3fc081a1869ca607d77d5ff9754fc3c997ff0a4ee17543a2ba77886b88a7128bcc51d3450df58ff3a26671b02c1d213df6adb6f7e853080eb46b504517cbaea162710a9bbc2da8b552eb6b0e0cb98e44fcab0a157312be67974678d143e":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4437ee7d16d8c3ca1aa01e20b66749efa901614d4bb4bee786ad5a5f1bfde2e6":"275393276745bc43bae4af1e5d43a31e":"":"ff80727a3485cdbc7fab4ee9fadfdc621c538e2055706629046078f1aa3fb687fc728d3a7ffa52ae457b7b5649613eab7bafa464bb435314c49e5900750f7ad39ca9b75df6b2eaa755439e101f67b7ae4cd80dc4a9dea0027048253f2d0a6014056ca69b8c85605b00cf75fa7634a0ddf464270a8c79ce1a1324c4a4c513b24b":"a82ff1e87d26e4d6e417b60fb2d3ce23":"":"88f994d276ed20be3932d16f551c4b7e2ed80411f2e72ce098fa0b70c22157a59edab30649fec447dd63f0c87dceca7238ef0d9561b58489ba7bd86f2892743099f40af63c432f78ac0ad0b5c2be47b9e3045e7237b096ee400f430af63a6f309de785caf190f3f4aabbe79f727a741590de542bd343df68d13db55a5f8bab41":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"fe4ec037ce563dadee435cfcb2bf090f1f7ccc7d1b5b4fab2f1b738348f8ed2f":"47f5264f7a5b65b671892a05fa556f63":"":"64eb8a4bda9804c09b04cfcd89094928c21480908b81ee19d6c29c2a3631b1a5bdc8e7f8ea56f7b8b8e14a5208296026785cac3a6afa54be8af4d5faedcd12b6621bde0f8ec5a2635fe72a89468ca7704c73aa40cd2ba97aef08886b27a694d339b00e7d12a31308672f87c06a7388a1432f869eb4cc1da864140b1b33931925":"660462b4088f6628a630f2e4170b21":"":"4a310e035361f98b8c54fb4cef70b1a9c910552ece056ca8fdab54c52308ec0ad7fe9dd1dae92badab5010577de522088768fa6466fbccce22e14c51ca7986c4063d0f06bf578dab16a91856713198a7138395c49c78b6314b57ab72fd079028c8dc351952d90b04a7cd2b245df0c0522447cdb7d3329fd9425fe5cb40a8e7c9":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e6e1ada628ca76eb9832cc6b5efc5c9d2686bb587366a6de2d734233fa95279e":"5a100b451e3a63a3e6d4b8a9e59c6bce":"":"a0ac738e0fb35246b84a6fbe319f827039515df25d0c0fc6de7c048253ae63d3c561e44a12672ffeae1cb925610b482aa422bbee0e1784fc69baac3a97d69f51e6d2a17957b44b318624ea7ec680a559f4d3f2761d09bee66efb3a312ae6b3ecb673e756b2a0f654671e82500e7ace91f2be2a74bc3bc1ec1a4b6877a53c27c8":"88df9a1ea54e5bd2ef24da6880b79d":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cd5c1e90d78213155c51767c52c290b3d657db8414ee0a7604a2ec7b48105667":"4e022d8d86efbd347e8cbab7e979771f":"":"8e987693da0fb77b6d1282eebd3a03e05d9955ff81929b1a2c721574862a067ddee392c7ece52ca1451f3e6e321d7208882d97b4149af6d78d65c054e1bfcdfa62bd2202de32dea8363f8d7f041891ce281840f3cd906ab46ca748e5b3b11890b4014bf0271c9427c874097782d1c13dbb40e78fc8276fc134f3c29923a43a01":"e7df79af0aef011299c3b882e3a45b":"":"3b20473d9b5018d089e7f74d3fef22ec2805948a9e07689831973c704a6d8db4d090af88d696ab8c3aae9740a2bbd7f03e0b18b2b591e59c335c1043a2578a89b1a9f20fd0dd53f12e00e9bfdb27de8caac772bbfc4de9e4a255a5d1b04e59625a87b8279babe613def58d890d5502abf2f709aab625dcc20c58772832c7bbab":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6e3dfc07003bb6a2d82bd5263b2832f47db4e73279266c7a9ea21f4f18eddf83":"7c0f49fb54f5e68c84e81add009284e6":"":"a960da222af9d4da5797e6957d59b00f6d3893599c70e95c0984b56eb3329b191703c2532f3288b15ebf655b9b5ee4617484e5ac9c39bb06731d03ebe4fef9495d003b0ed694cf540b4dc759d32629e55512680badd81234bd71ffd55fcb5e6a85031c1dc31ee1ed198939582d8336c905717cc87101dcfcf9d833fac815c8ea":"b2ec0f3da02a9eb3132fb4ebe3b8":"":"a40b6f70f0572fe0bc70d83368e7c154f7dbd501f52501630a2e523d18e216e07368521f6040d806299397722b99bcf7f85d36b8bed934b49aa1fa76d38783e6a2e392d6d0786d467f7bc894a739ecf94f0fe884a9c391154f8326bf31ea5242a18aa263d04da4b63b11de23b42d3e10a2d5460cb32700cdf50a0d89165ba22a":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4103b1ddff87a508a219c808a04ad4750668688f4c2ee75b92d28d70b98a2c94":"5cea906737518c2cb901016e30206276":"":"a00a196193ff07006b7df524824bd0971d63f447a3a7bb1b75c1e2d11789482c115cff677b54948d36dc4de34200bce97be0101d88cee39b177857dd5da3cb0d2f9d6e1150f72a3bd655e0bace1d25a657ba9a7f8dff082b4460432075afb20173da22b49beeb6a030d72ba07869ff4389fc1c28d87018d7c1a9829c21932197":"3a3a771dd5f31c977e154ef5c73a":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cd8c2f0c330d5db316dae7a16b57d681ca058864f7bd60f3d0de174442283f77":"387ee8c1e7f047e94d06d0322eec02fc":"":"e2a5ad295d35031535bf13c2993bd0b292e8a9465b9dab738e59ba03670248a1ecc92b38a55bae34729162271cc1572c35fcccb27417b48dfcbff852a7a8845cc829a4461061b558ac8b5930a5c6491ffba04a9d0dff220b3cd5e4fc2e0f3db3b2ddd90328f2cad819573a7856299620b02f5ee0267f3b56981afbf1b7d9e3e1":"62356850d12b54e39872357cfa03":"":"17b7f6bdfc1993c56dd9bd674cc276a55a46fdd9fd5fe435b9e4b7ebc7052a9dc76a99e4e43aba7d486603189c90d10a21ad3722c86bf5bc856a0f930ff5bca65be708b76bb8a29105da67f31eebcec81f28aaf526d2f8f0feac393a24959dcd612e2b93b4463f61957d2b3046bcdf855e346601e4c7760c0ca618ee7bf55381":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7e19e400872eed721d560202cd757d3eb99729496b6e3a6d38dd8afe1066045a":"d2b277f78e98f1fa16f977ce72ee22a7":"":"3fb9abc7aba654dfb174e8899c17db222ffbb387b7260fc6f015b54f1cd74284c516e21aae3b72338e5e8dc643cfafca0678f5bda3a7539f1612dddb04366031b5a3eda55f3232c1b176cc9be7cc07e0ebca674a272224929c401a2530efc6d4eed0087b544b12d172a01bc8340d9c2a2ebcb5af8b07d96073a879fda140c196":"4c81c044101f458fdfac9ca3b9":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d0653934a16fd36c27d54488a1829302b931bed6e26ca26047242b85b50bfb61":"94886a1845aebba5ed6b86f580be47f9":"":"c02347e1add9178d830d8baaad9aeee37e958bedf2cc846e2561fe8c83481d0a8a85911e7f1f6e444b28f30bd96c13c390e80f616feb6844ee6fa486543a2e3f38c138f45b4405e3fb331b64648219aaf1d574be948ccfca6afc18d12488db19c35b05601e47c0af5d49a93a5dd4420f38585c1eb033e173376fa390d3f948df":"4be34ff42085ef4443c8b6042d":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d0f0ccb88c7cec9496f26a59ddc67dc59ebe49ae3dd89ef3be008598727e214c":"e5ca84b907ac761a5e68a9080da0a88a":"":"7845e155f4f28021291e7c814a1ace8f42b239990831aa82758fc1e376cace0b6f668f7f2f224dede1ef5b1df7ae74b2c01483701044acbbb72a9216eec6b7ef0190f114b3c73c6985c4653f11601c774d10b7f9df1f1e1f3ff4fafa20d6525edb37d9e5acfafe6d3468ee068d407fdb56dc718c98425926831253978d727854":"c8f78e4139dd3eaf2baef8aafb":"":"0cc3ede50b0d3fb9ada11300a3239a383c98f968ad65266d57a195bb18d3e568fe6cabba258da4bee9e923c7c838e06dc887a6c49cc1453ea6a227c6a83e651a8742e0316cad5efc93739393e3603446b5c920a206db1434adbb8ebde4d1a7a8699c7f6c61b2d57c9709b564338423b4f526d6c157647a6c45da9dd521061f05":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e35dcea17cbf391491ae5ba6056d0dd13b348183474dd4b614742751bdebfc32":"fa549b33b5a43d85f012929a4816297a":"":"5213542beb044910d7fdeec8bb89de93f350760e493286eaef1140485380d429f74a4279c1842a5c64f3ca3381cb5dbb0621de48821bded650cb59703e0ca88f4e9c3d15875f9dc87d85ba7e4bae9986ef8c203fce6f0ce52c28e3a93befb4cc4ba3d963d2283cd30f9bf6ab99d92f2f4f3aff0b022f1751b89d43ea10bbb28a":"afa61e843cee615c97de42a7":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"844c50ddc0ac1d9364b21003287d6ae6360d12bbb17a85351362420ee4ca588e":"2f8512bb7e214db774a217a4615139e1":"":"3a3bf4ccaf05f7c02f5e158dd2c5cb08c6aed4b1ba404a6d8ef9a0737fe2f350b3e22188fc330ea63e35df82f996e3cf94d331c4246cdb25bb2c409762e05ddc21f337edee51b64f1766ad18f520b3f34735b24278d9d647c533a743e0c1e9c81e9dee975cdc47e8582113fd250ef59353605b64acb7c025a97854c1a5c03237":"f1da1cebe00d80eb4e025feb":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2aae1aa047a20ed2d6d8336d923864cee9404f924031ae327fbfe2d293e1d93c":"3da9af3567d70553ca3a9636f0b26470":"":"8e5b6b9e4e7d01de9a919dd33c0c1eb94dcfebf28847c754c62c1c00642d9e96f15b5d28ad103ff6969be750aadfd02fc146935562c83ec459a932a2fd5fda32eb851e6cff33335abd5c2434ae4f5524d6bc74a38094ced360f4606a1a17096ff06604952c8ca94a9a6dc4a251e13b0e0c54bd8a6dff5f397a1eb1cf186fa518":"e1026b3d15d261b2fb47632e":"":"58c52ea9f3b162511160eed1a68b6f52b3c4f5834af728de97a3d9e4ba337b29aad12636003cf5be9ffbeae0f383f7cf32f645a8f6fc5cdc1cde91c625c69a92bc434ed671e52a0044a48f3fce55cae49a7d065c2a72603a7efe58b5a7b18ac500d1a51420e820357e7a439b1c02198ebe3d4e62d5573a3aa5f40900a21e3b41":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f3d69208cb0d27474e9a231cd46eac7c1574fff950c48bbd1ba03fad16f563df":"b957f05921d21f2192f587768dc12b4f":"":"0d1f06eef5e8f2c81d1a73bb1dca93c22cfb6e40e9948bc75b0d84830fb9216330424f580b89050c3fb3f620eca8f9fd09fb86d2e8b3a0869c6022d8a705fc280d66fd16d3aba7395d6be4bed44145d51d42d56285f3675726d62d94c081364a6d440511de83a613c598b03078e2ec7648c6302defbbea66aafd33e1a4b1686c":"322374fbb192abbc":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cb2cdeb17fa6bcb006c7fc60858a12a411804464458db351957e8caf42f1ee6c":"31bd7c971a6d330b566567ab19590545":"":"296504131354b2c1928982f12d408ba2377f2d4bbe87e4c69f92a15bf6003910a43bda6c8929df66b3ab1d202a5258cad199f32f36cc30d2dc06199c2a52f7ccadad1fce50123c5f8434dec57cc60cc780263d7aace8f59cc8a6c54bddbaded3adb12ae2ee0bacf6a8da635ff85b51a4e8a1b3dc404863b90059de4ad0f158dd":"efc5a1acf433aaa3":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f94170790fadab3240df568197f9d6f6855afaed8d07eceeaa2380121872529f":"2f9c0647a4af7f61ced45f28d45c43f1":"":"ed231b78db082f652bc6310c396993b52de804a82464fa3fac602a1286535f59c67fc2b1b420c7321eb42b971edde24cd4cb9e75c843f2ac6fb8ecdad612d2e5049cf39327aa7a8d43ec821161c385f3fdc92284a764a5d1cbae886f07f93017f83a105bb7c3cc4fc51e2781516a2471b65c940ddae6b550ad37b35f53d7cc64":"ab74877a0b223e1c":"":"1cb5ed0c10cee98ff8ecfa5a1b6592391bbd9f9b1dc1ff351e0af23920d546b5e27d62b94daabd32f7f96a2632dc9fd7c19bf55f3b9b7cd492e76f4d6b0f5b437c155c14a75e65bfc4120bef186da05e06a2fd3696f210292ee422ddbce6e63d99ee766b68363139438733c5e567177f72e52ef2df6a7dd33fc0376d12ec3005":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"797c0091ff8787fe7cd0427c02922620e7f6fb71c52ddcc03a9f25c89ba33490":"69d81c73008a6827a692fa636fbab8bb":"":"2d3efc8900315c3691a8e3c9de3319d4deaf538fcf41aa0e295b861d0ac85baf56d149a6437747dd6976f44016e012b88de542fb8e5b9e4ad10c19deec4b7c0b69bc1b2e33d44a981ded66127dea354b072010b8dc24b85ed2ffeea3b9c0e931619dbbf22677691f0d54fc03eaa162e0ab0d760ad41021f67057c0d6ac19ca8f":"be2dda5c":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"90ce1afb5500489b9edbad987f4009509c847b3e55cdf0c764ef2fb085e3d033":"e119e166471ecf44bc3a070639619931":"":"98482b54edce2bac1cd64d44917dcf117ebfbfe26ad17a9b263447028304f1cf5a69559c05b5d833420f4fddb6e308277d01eb4b3235f1c4b47d33d3899325b55e7be19d43187a5b1b1354ce02a529b3df1c13b4883902ae9fc565079dee825e705f3e580371e4fd86c3b0d31bae98adb529901f346ca07127314152b4370edd":"b2f54b3a":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"29264a90f114a800c0fc3247b3bda00981a12a8f85cf3a19ea4c7ffdd005f4bb":"cf296aa43cb7b328e09c8975e067404e":"":"587c8e53ab5ae8c31e16160b4a41d88798e27f4ad61c573c023c62d4dbb3952eef5026ad7b453fa9e0694347ab8fe50a6cf20da566202b81e325cee9c07ab2d4d53ed45b3ec2d2135936515f8a24f2a8116807dce9df3c44edf64c32647145152ff241d9e018e4101e400af070192dc3b498b5a213d265b4cfc8c8d4d7deccb5":"56015c1e":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"84ff9a8772815b929d55f6052c0354cf3e02bcc8336fcfe5794952b4c45d5d96":"5c044a66e488b853baf479f7dee2aadb":"00304e3d40cbc6d2bee0778462884f4ec047a8c74bb3dd7e100f2b9d0e529fd24730063986117b56ca876b208a3691425ac63afc3d504ccb499c76622eade09717023fcb7d956b01ce24a3e53cb5da472be3fcf5b278b5d9e377de22fab75bc74afa9670f5fe9691aa0ed77e43f6abc67a61ec409ec39fd66ac0307bf195f36f":"a87de56d49725a1625baf12fd15931fe1a6783dce5d1e744eba108f45e0c105d8141dc027d0e33ad7efb6752b43729715e2f3e2c42ebdab4d5f72f886bd821c4372244699ddded99a63dbe7763a5a3bc21cbfc253cdc2514eba2a4f54e24dca7c207cb3f6ae80153d77fe0641f357d5a073dcd425c38deb77c45f27427345516":"72ddd9966ede9b684bc981cbb2113313":"":"aadb8537309940422f67ca393aa6182d67fe7c52092538a15e98a4254f0a9087c7f10903d5e78078c2e55de914dec8b6b35cb720e3e55963c0ac9901e44b83a0e7c5b2d3f002aec0a4a08354febe47b2abb955f2a21107626ef0b8e1e099650812a6fecf36908fce2d078c2735cf7c2b970a309e5c6d6ff29c26a05720c57105":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b5ca3991d0160b1729ae1a622dcf4b03b1f4ba86150bd66bf35cbbee9258af10":"f8402184d1cc36df07b68ecb1ab42047":"d378cfd29758bcbd21e26a324239c42c992941b3ad68d9f2b3d2def3a051fd172ee882562970ef59798ff8d9eb5f724ff17626156f4cf5d93e41ffef6e525919af6194ea9bbb58c67563d3ffd90e5a6e2a3a33bd1fa3d55eff5dba7cd439d571f7e08014c4780e3d10904ef22b660897e78258da20b2600e88d71c35ecb6329a":"62aad5854a238f096bdde0711ac6f5763e7fea29db068ea8c911f17ba91e6d7807883e6fc5ba7db17af33da2b00973008a3425e65cc786ce1b97360019ee2cef74563d54752be436b905705b507c3d62689df4edf0356d26b693eb43d8a2a927a9f3866b7e0e19e84a90447bd6f47e31070fa7c2a71e3f78229ee19fa47e848f":"9e8b59b4971130557aa84ec3ac7e4133":"":"556dd32edc0af3c64186fe8c000ddad1516cd14721c93c228e379d4f87e32c79e734539cec930322048f34a2b34931c585d44f09966caf187ec4b9244c991a8a5f263e9da1d08d6086e52535afdb36c7662307521cbceb9ecb470a76970243723fbc1613b6ebbcae261ac2f1936e66ce29ec7350b2e6b2f73a910ade645154f7":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"df867d1dd8a287821a54479cab6f88636d2aca30e1bf01a5dffc735e17590356":"35019826c51dd1ef07ff915d9ac4ea96":"0375ed93f287eefe414ab2968844bd10148860c528dbf571a77aa74f98cc669a7fc317adc9f7cf2d80dda29b19db635b30a044399f3665b6176ed669146d28f5ada03b3d32d53fe46575a8afcd37f20386d9e36f7e090b4fefadfab7f008e02f1b5022c0eeb81d03443a276eae48c038ed173631687d2450b913b02c97243edb":"6517272cac85d7f38902bcb4b96a0c59c4bdc46bfefa6ebacd7f2fb1629b87ca91de2ffefc42ce3cfd34dcbf01b3f7cadcea3f99e6addf35d36c51f2ceb1f85c1f56a04ec9c9fff60cd7fc238674992183ea3de72ef778561b906202b7b83fe6562a0bca9c1e0a18638e8685b998b4192f5120435809ad6e93a0422d00725262":"e49beb083a9b008ae97a17e3825692f0":"":"723be39bc13adbc48c861b07753f64fac1ae28fc8933acba888b6538721df0a8b91c040a26522fe0dbb7335d8f63d209e89f7cde23afa9ca3c584b336d63a91e07fdd8808b14c3214c96a202e665bbaaa34248ff30348f3d79c9f16e66ad6c5903305acd887a89b6244eb7c2d96e18b13a686de935bf3821444ee20f48678be5":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0e8e9ce6294b7fbc534a96bdd060120976a6e08315d2ea73ac61d085cd462a44":"4edc6be20f904b4789e5bee0a80a3fc8":"db28ce076b360816cd1e04b7729f8ab080e0a07f35204350f3bd056945aab8638c0e8311ab056f3e5debdbfbb03fae700770264faf73e0f3a05a5812aee84ab613c82f4a76da276250675f6a663f85e2c26d4f4a8666a7f4cedaffc1a7218dec11ca4e72b8b5d5b620d1efbd3d3b94a5ae0d118b9860dfd543b04c78d13a94c3":"9855f186b51358f0e2111c06bfaaeaec9bf95c55e246375c614fad9883d86c82a20c86538dc5f42a0ea69677d59a20c5112d15d2a8396f12096242ad5d7b838d16ee0679fc4017af75bc15e8ad2f77b0e802c864031cbfb0bacd95c828d1db4b7bab0713619e9e5e8fe6902aac7a9e6c42eb05f5b156f7e663ee43e6fdb62480":"03cfe6c36c3f54b3188a6ef3866b84":"":"e10142f852a0d680c983aad2b4609ccbd35ff61bb3eb66442aee6e01d4cc1cd70f45210acbd506395d6ca0cfebc195a196c94b94fc2afb9ffa3b1714653e07e048804746955e2070e1e96bff58f9bc56f3862aaa5fe23a6a57b5e764666ddec9e3e5a6af063f2c150889268619d0128b3b5562d27070e58e41aadd471d92d07e":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"886c77b80f5f3a21c01932685a540b23629f6d41d5574fc527227ed0bdf2e21b":"5ec506edb1890a5a63b464490450d419":"05b8d820c9f439d7aeae5c7da0ee25fb0dad47cc3e6f3a47e8b984e856201546975f8214531fc3c2e504d2ac10fa49cb948596b9a8fab01b95c49d6f04d1589f93b77b899e803dd20e1f00a51c0b5953e85be639109b14b100e35ca26d84ea629964b0db8260dfa5a150a66261bf37e79de2ec49e9f1b082a7c58ecd3d39b6c9":"53a17d7b69f607f08676d6f6dd4e8db08e01333a8355d8c87616e84cdf10ef5b041fc6ddc3f6a245c0f534c2b167064af82f45e4702a5e8dede59579fdecf6713353392433950c9b97c38d9ee515ac97d0970ccf03981954540088567a30941bb2cca08cbed680500f8342faa7aebbc6c143e2ea57ba6b4ac1fd975dcc5d0871":"ffdf56e1c1a7252b88422787536484":"":"79ee27adfa9698a97d217c5010ec807806feda37db811e398c3b82abf698aece08561fffc6c601d2691738e279eeb57e5804e1405a9913830e3ba0d7b979213ef40d733a19497d4bb1b8b2c609a8f904e29771fa230c39a48ebb8c3376f07c8013fff6e34f10fe53988a6ec87a9296c0a7cfba769adefe599ec6671012965973":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"5231ca6d772edd9ea2d251e22d7d455928c22474b4b44130dad57e6511fed6ee":"048698a4a0feabc1f336112e2794795a":"3a81b6b0b722899ff931cb73c39222d555b83ae3f8880b982593cbc1ab8be90d1ee32fd7dfe697cf24c95b7309d82c3fed3aa6b3d5740cc86a28174ac8f17d860ebb251ac0d71751c2ff47b48bfb0b3beb4f51494464cda34feaecddb1dbbe5fa36c681ada0787d6ed728afc4008b95929a1905787917adc95f1034fedcd817a":"2767c808410ee132291585ea74a48ad3102f883f07d060c91c5f10abd37fe0996d2210dc490260238ae15f5d74c7be2a1e15d80db09079c520047f88488a7802857a3fc3b81d85a96949997430a880177880a31d4d0c9c9045247804f057a4f2756d6e40375a4a3187c4376d6bf573ce334cda1ed88d8a50db499e7cdb89d8db":"ba61edeb7b8966188854fc7926aad2":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"5a3f516a7898e04e5da4efd6c7c5989b77552d195464620c2b35b9a4fda29cce":"9310af6974890c0a0364231f9cc8103d":"2103af8356bcb9dfc2a4f1d4ed09cbcd8e1990d23865605e19f87feb50bf8d10d0257740e5557a9297f0499c01e29a1a513ca18e6f43f7406c865cbe3951a7771128f3110c8da3bd696368901944549552842a1f6fd96cc681b45da098f3c1acb3d237d2363285f520d0b6714b698790b7660c52ac84a42c9721ac7e9d38a2ef":"5cc28b61ae97557774bdcd7ff653f4aa349df68d53c7e5a65263883ef1fe224ad40e86bffc2d38f28a2ed9ae1fc08563e2a1e46246106546eb8e6064c06baa0046fa137421734b7f0f94656a4f459d9d981717557d843700d116b6e5e2dd3af5f67c34edf31b40b71fd3c6f2475f9310feb70bcb973be52d41e86792c49d54c0":"993fc8e7176557ee9eb8dd944691":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"59c9258554363d8a885fc0f5d112fee08eadfc7ce52a0e7e73e3d0d41d9a0290":"77e51e89dc47bbcac79cca21e81a61de":"25a6f8800a9b914c0ebf9a45d72355c03ee72a138eb81b2980f332645ce1d7aa4659805821866aee2b276e2c032776b4eaf36f93b5f9a72b791be24e31eff105ca6d0700e3069ee327983dd7fe1c7465d6c6d77837aff69055149988e7199847fad98605c377d997dbd40f3e2ff1a4f978a493684e401249e69540fbde96323c":"79c491411402ea7878e480519fd984dde44bce6459303bb76d4eaf97d4e345d1aafaa68ceb0590b41cfed0f411b675d9344c7e888cccfc9eb6fe6b229d198f94ba516ee850ee7f078a4f5f32a23f92f72264e3a76a31ebd042564315ac4f2ec0bb49ba6d08cfd2d3a6308688e39f28e3ecd669c588368cee8210edf5dbefb925":"ee6d85d3f3703b45adb4f9b2f155":"":"44ca68deed5478074adfddc97f06f44c08bf7bca4dee8707d621fc7396fe2efcdad0a167d1708a9ff59ce4cddb86920bf1dbdf41b2109a1815ffc4e596787319114cad8adab46cf7f080c9ef20bcf67a8441ba55eac449f979280319524c74cf247818a8c5478ea6f6770996026a43781285dd89c36212050afc88faa56135fb":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"5e9eae594cb54c8089330e4404ff79abb1c0841b0be5347a14633ad1e1ff44fa":"0917b486da754f48bb43ecc8766a7ce3":"2aa1ef2f91aeba5da10b48a882dbd4574df4e9157a18abf8cecd03e4176712ba171b6ecb0e745841ff84e35063e47b08101afc44cfd9cededb913a82f00b9d4bac922f23a22f200642270399896405d00fa5271718eefb4cd5fe7e5f32097766ebff36ff1898a1c8a1a01cc18e6121e470805c37ff298fc65ef2fb1b336d09fd":"32abc1eb6077555a85a0a6fd1c78cccca6c8b375842e2eb8eee45ee6c38dc0837443d16c647252e8124639dd01c808ac5e857a25d927c2a75e2fa8955cad5beb5c206fc050cd933fc4621f5718936f01f39dd700ae1aee7537cc595df8789c5d1a6e1e87b1c7a60e3ce5d57c80dd65dee3801798e1481b1963bcc78cc69f8c50":"92282b022e393924ab9c65b258c2":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"aaf03c3055a35362212b9b059931e7a24fc71e32bc9a533428c9dc31077f2ebc":"7dfccd077b29e6ed5720244bb76bde9f":"21edd1c6056f51fd5f314e5c26728182edcd9df92877f30498949098dcde8089eed84e76d774ef8874d77125669a302d268b99dcd66b349d0271dde6f8cc94dc4f2df3787887b1173cad94d067e346846befb108005387102854d9387d2c0fbc9636cdf73a10d145f4b612c201b46e1ff4465f6a7654ce3da5792daf9a27fb35":"c0e12cdd8233878505e025d52427536be7b6bf1887d2dd20eac7092db80b22417a3a4ca83cdf5bc5e36161be1ff9b73f7ceb297c6d07c9cb2a75035a5dc079e48283daea60596f4b356ca28c243e628cbe459f069709fe193394c9b1a31d8ccc5a3a4eba30056c415e68571a2c34bb5c32efff12e9aa483c4a68be5e76aba4cd":"6154c6799ad7cdc2d89801943a":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"60c775971a9eac7950ed2bdd85bd60fe948ba04c419f6743fb67f37557e46c6e":"9b92ad7079b0de09c94091386577338b":"1f6a84b0df75bd99a2a64849e9686957c6a60932ebe898d033128be9b757e9890225925d856bfdc33ff514c63145f357730bb0435c65342bc5e025267b410af6fd388a5eca01b7efc87fd3b1b791df791bd47dfab736350d7b7f368b4100e04c939d5af957bab95ed502dac904e969876674602a0f0790da2d7351b686e46590":"8abb2e66a4d08074916056bb8e925551372f737f0e1b597c5d08ee102989743a273b29d7281013f8b3aee2934399cb427370d70370ee86eb41584b653660c633506a53cae747826bb7d93909f069d5aacf058b7f2bbdc58ea08653db857bda83a979fc22a4f126dfef7aac45177f4cdb802fab0c812fb35d12a8176ec21336d7":"1d6cd4ab3914e109f22668867f":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3b426e449337a14bc0663246ab61b671b523c9a3130c21ed59c93fa6a5aa5ae3":"e6efc96acd105fe4a48d1ac931eea096":"0902cf7a0685444126369712ac47962bc2f7a3a5837f1b6190d9ab1adb4cd35e7f0892eee628b8e07fcf2b598cebe1ec07d8c4823172ae66a135bb51cc71590707b691a66b56af1ffe38772911d11685da355728eaddd83752d21c119d7b59f4c17c2403629fa55cd70cd331aed7b0de673c85f25c2e9e0267f53f0b7480c8ca":"291bd5a00d71eb7d547b7c94e7030ba4a947418eaeb378a3bacd304b08c6f92f6958eaba968ac6aa23e0512a2a8ad7c1ca2f8fcf623bfc1281f5b7b598c08d2aebcd447668b23238c5e338b4c2ac7f8fd381714c596ea3e0c17aca4317a08563e58f0f52a8af08e078dc242ae54ee0fe3869f8c9687b004a4ded0aa27d8f4c5d":"ca4bfeedcd19d301d3f08cb729":"":"bcef3f2fd101b828d36cb38530cf9a0a7a285ac1c55ee1069cc78466327e85887534c98a8891d579effd832c0f7d6e7e822fb1eea85a39317a547591def4aeed6660872859fc9d1df9725d3c40e9ccaa900e0f1426a55d20ac4f2e8e07bd3bbc687f8e059ab93e7604c97e75ac94be1c8c24f4c4da0080a4d77953fb090cbb62":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ceaf204ff504ea8e7fade1a2097f2b527a44766860447322fa5ad346cd810217":"cfdb8183251f4b61c64e73243594fdc6":"a60f3969fd1b14793dd1425aa0b1f742a4861e0b50eaffd1525cd209ba6d1252176763bb5bee59aaa55f92341cdc0705899aba44cf0ec05cbf80274ebef65cd9507fd4224b25cac19610968d6a37e2daf9ddf046ef158ef512401f8fd0e4f95662eebdee09dd4a7894cc8c409be086d41280bd78d6bc04c35a4e8cd3a2e83be3":"1c8e4cf6018211518494d46c2e0607fa42e236abc28d58f8175c530f84b1f030572f5f6a74cb5517e1fb999a637d352afcbeadea9121e695675859b66b499a3a351ecba5226e58ebbb59fe12e359e4c89cd51c8703d4643c49921ae495801c73627df404b91e828e1d0e03ae09a39defb5aa5f2c8106953772ba0713d3261329":"9e45029f4f13a4767ee05cec":"":"5cdc66b587ed5eebb04f42b83a6ab7017093514881c598cce332d74fa3fab927493ac15bff26835296e080b5b45ef907c0529fc2f4ed2fc09db179ef598e5d193ea60c301d3f8d823404814e3e74de0e1d2417c963e9246c353201c7a42659d447376e7d05c579dd4c3ae51c2436407b8eff16ec31f592f04b8013efcfd0f367":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"15652abe38cd09777bba21d0db04637f5737d3cb3922181b9f2d07bfdafd327a":"3a5e0d223ae981efb405566264e3e776":"cd755437cb61b539908e0cfaaa36c0123f8f17d1e6539783cb61d4b56cac3bc1e971c1ea558b12669b025cb6b9ad55991c6e2f8ee8b0b7901790193e226a0fbbfff7ff0bee6a554660b9f32e061b6c04bf048484ff9ebd492f7e50e744edd72d02c8fd32f87f9421bf18a5a20ebb4d9dbe39a13c34b7296232470e8be587ba09":"1d6c153dec3b4738a09c9fbdfe31a093eb7ea79b8fa49f83e5e1f46893590f074fb171fb66e30ef887767014e3a10a3aa05da2bd50dd7b7936e1d7f6f31af9030e31e76bdf147f4396464db0f6a72511c4885c6c2305d339906e3c761a3249d7ebea3bf463e8b79c3706e684575550e964b8047979f7aed6ea05056c4b5840b1":"01a573d8e99c884563310954":"":"162430c23f7adcf98575a2d9249b4b5cec42efae33776360ebfa6a19c8eee4bd6b07cbd274deadc3292b7cdbb7803e99d9f67ccc5077f3ad5808f339a05b3213dbfd11377673d4f9b486a67a72a9ac8ea9ba699861dce0de7e2fd83d3ba2a2ec7fabf18b95a2bbe2184ff7bddd63111b560b3afe7f2c76807614ba36c1b011fb":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a43f6d07042a15cd49f6f52a2a3a67c6c2ff420d95bb94b9fe03b287c3abcaf8":"3b6fad21f0034bba8b1f7a344edf7a3c":"2e01c0523c8293fc51388281dccdb8d0a2d215d729289deb327b8142d716c2bb849e9476545b82f3882ba7961b70c5da2a925ba18b6b121e9215d52ac479c9129c9cd28f81584ff84509d5f9dcb7eaae66911b303cc388efa5020ac26a9cd9ea953f61992a306eb4b35bcd8447eea63cef37bb0c95c1e37811115cf26c53e8c5":"b67e58c8b608724fd20aa097ee483bc4c804490cc79de635170944af75c87ae0ad8261365c1dc80d852553bcba18da9fbc3fbe61d27550a03003ef0c60202054626655509a9e1ab54677e537a4e761df011d6c6dd041c795446b384161ae9eab441afd24d19b58eb4fe5116cd7b11b751ebbd0a2adba7afc380d9d775177099a":"43470bc3d7c573cb3a5230f5":"":"e1720d451fa7ab9db4988567187244b15b6fe795dd4fef579fb72e41b21aaa436d2e5d8735a4abd232a3fb9188c75c247f6034cdebb07fd7f260f8e54efefa4f2981cafa510dd5c482a27753a7c015b3cae1c18c7c99a6d6daa4781b80f18bbe6620bfc1518a32531017a1a52aadb96a7794887c11ad6bdd68187ba14f72a4b5":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1f0f0191e18db07c0501dbab4ed952c5603a4cd249d2d8d17e62e10b96ae713f":"ab8be16b4db809c81be4684b726c05ab":"a5a6e828352a44bd438ad58de80011be0408d410f6e762e3145f8b264a70c593476b41bb87875746c97de7d5fab120bd2f716b37c343608ee48d197a46c7546fafcdbe3e7688b7e9d2f5b6319c91d3881d804546b5f3dbe480996968dd046f406c11f0dc671be0421cbc8b4ea6811dd504281518bb96148dddf9f0dc4e2e2436":"aad40e7866c26e486b6f6e8eb14a130d5f88891bf0d09aa8fe32f447ab8dea7bee5d3eda4499c0103a010483f2b64fdf1155499d31decf528c77dd7627884f9995c213cf7402143dbb7561d69c86886734260ac94ffac7eb33598d25714228ef43f744ec1af2a87e789f1e5d6fff0fbd5082dcc49328f194e8f8a14a5bfc962d":"d8bd7d8773893519":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a6cf7d83137f57f2310ee6bf31e8883952bb07ccdc12f516233ed533ea967e5d":"f17e37e73a28c682366bfe619cc673bb":"0f4dd201b18e20230b6233e0d7add6f96537dd4e82d3d0704c047fab41af5faf6bd52bd14fa9a072f81d92a2ce04352f0b66f088c67102d2d127a9850b09ff6087f194a6e8ccaba24091feb303eebb65f1203b2d22af44e7be4de71f03e6f6cbadf28e15af58f58eb62e5bddfae06df773cc3f0942520de20078dda752e3270f":"83ab20698fd7573fd121976a72b45a7f03aad84702fc8ac73d6926eabd8a546895aeffe4ba81d117507e2cd37d58eeff71cc3afa8a4449be85f228ea52f6dc6395bb43c1c9f795343720841682d9b2f00602eafa4d4cbe297bfc62467e526b9d823cc8eeecd9e5f8dbc2f65610663c6f37b3d896651b254bd60215629ade3b2a":"74110471ccd75912":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b0c85ac6b3887639838ddca94c5c69f38115aa00122322c8114642d12ea1b8fe":"14f68e533ecf02bceb9a504d452e78c7":"796a46236fd0ff6572b1d6257c874038f870aa71cbb06b39046d0fb6489d6ae8622b5154292ae5c4e1d5ff706daedb2e812533ae3a635d339a7fbe53780e3e8204924a5deb4b6856618f4c7465d125a3edffe1ab8f88b31d49537791c0f3171f08dbb5ed1d9ed863dafbae4ecb46824a4922862fe0954ee2caa09ab0e77ed8fc":"0210fce418e7e2199cb8f899c81b9be74a630d00269755f882fc4db27632e99685cc12c426a7503473646df1288d0ede28408be9add5713628700f8e2b2e27d7522520ed00ac47239084651eb99e7d03e1520aae137b768f3144232c16b72158fd5da4a26a2525b9b27791bf06d1eb2e671c54daf64fddc1420bc2a30a324ba5":"6fb0b5c83b5212bf":"":"5e6c362f7587936bcb306673713a6f1fb080783a20e9bbb906456973e529cfa0298206184509c30e1d3793eaaa5d564edd4488f04311821eb652e0a1f4adaf6971505ca014788c8ce085ceb3523d70284ed2bb0aebeba7af83d484df69c87f55a93b3d87baa43bd301c4e55eb8c45dcf3e4612535ea1bd5fdb4c3b9056d0cae9":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e61b1a6b40e2ab1245ff65dcfb9948318ac4fe55e9ed600cec301dae32ae0e93":"c356244b3034d288e4d4fe901b8e27c1":"bdcfeb09d5b97bab05a7acd9849e7de2c5beb7a4dc573c7e1c1d0c0409245a6584023114fdcc6413c800ca16847bde750b27c4d590248e2ce457c19b0f614f6aff4d78d4a19b3251531e5e852fbb05d09412cc1ff8988d1955ca6f5fe2d820f20a7642e3ae69e8122b06ba0918e806400b9b615e1abe6fdd4f56a7d02d649083":"8d67fa9fcf078e421cb63abeb25dba739ab0e09a091dd06b0c616e1e888f350edb2d73a42f57f115266ea20c7f8fc143ac746649612df06a5e29b4a15934dc049be1ab49d018ab86c4f37d8c3d9c714f038029e74d8ee3dbe61d81adc63712ea413b37f7604da12107aa1695d9b0981e5a92cdfaa5fbda0e31b22c6fd6f3b499":"86acc02f":"":"7c73182eca97d9617abb478a6ce62e3491a7e9951981c89c3071b161a4c80440614c3f24d0155073e28dcccee96bc8303dab4901ef77318df522d16d9da47770ef022395d6104cd623d93d67090a27507fc8ca04157e7939e639c62cd0e7d8a472314833c0eaa9ba2fd54a25b02854e3bff25cccd638885c082374ae520ed392":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4f5a02e9843d28c8c226ed70d44b8fced8fb757ab6ece4d4f06e3c3cec79e44f":"099e5d9aae89fb6391a18adf844a758e":"ad93e8662c3196e48cfdb5aa3bc923cd204151aa980cbec78f0d592b701f779c1c49f9e8686d7e2385a4146b21a643a59c18c8b82214f42560bcd686fad7c7c8e8c1944ce6b20ec9537dd14b6cf2592740ca112f4cd582250d69f240d3e957040e1f7e19c60b3c8f2bd00cb666604c38946eb9b2f17336d281b4794f71e538a2":"3ec13950d329f24074714c583bdc35686b811f775b76b0a8fcfa66fc56426c9d022f8ab0af38f8d2f71a068548330cdbe891670181ed7491bf40c739ef4dd93689fd35929b225089d2b151f83d9b3cd767300611144586767354c0491112c205409f3168092d27f9b9f433afb79820a2811984d48e70c1fb2a13bbb3ddbc53fb":"30298885":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1cdb218e0bd0e02156e5b48182990f778889793ef6018a8928e61164ac047c8e":"d2ffbb176f86bee958e08e5c7c6357c7":"bc580c4223f34e4f867d97febf9b03629d1c00c73df94436852cafd1408c945c5474c554cb0faf2bae35d3160c823d339a64ebd607cf765fa91f416fc6db042bc2bd7445c129b4a0e04b6f92a7b7b669eb70be9f9b2569e774db7cb7ae83943e3a12d29221356e08e5bf1b09e65f193d00d9fe89f82b84b3b8b062e649163dc8":"4d039618a0eb640329f90fe97de18bc928fc3fc7a0db42c97774bec2e882e872fc1097c8319f7837a16516bf387b1bae321c565e8fc1cb8480f051158e4685f0adba310d2c6253bc1300403cbd3f7ddcb2796a69f8bf9e73d47aada9a02673c1a3d5ecdac838abf22b385906236529a1b7dd5b8af2611a04cf4f83b15ba41cfc":"1997daa9":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"dc1a145c18bdbca760f35eea0d4a5992de04a0615964ec8b419c8288ab1470f0":"7f8368254955e1b6d55b5c64458f3e66":"":"":"8ddaa2c3ed09d53731834fa932d9d3af":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7b4766d3a6615ee58b390daa228ae7a541c46ce80a1efe227cc43cb777df3232":"274367f31ec16601fe87a8e35b7a22dd":"":"":"5f3a757b596e06e9b246ed9bac9397f9":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d19b04055bf6e7ff82e89daef66c9d8319ab25f9197e559444c5729b92c4f338":"796efaff4f172bef78453d36a237cd36":"":"":"3b445f38bf4db94f1a9ec771173a29e8":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7ca68e300534a90a7a87ca9906e4ac614a6aa51f769b6e6129753a4f83d10317":"45e6b23f8b3feefd4b0ea06880b2c324":"":"":"6c0a1c9c2cf5a40407bfa1d5958612":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a2b7cd693239bbc93599d3d12c9876e7303b227b8ae718e2c62e689e1fd62903":"548c9c8fcc16416a9d2b35c29f0dacb3":"":"":"3aa21f221266e7773eeba4440d1d01":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"156b854beb0c276a5e724f5da72f0d1ca4ae7cbd5f93a2257d95c2e5bfd78ad4":"a5129e2530f47bcad42fc5774ee09fe7":"":"":"6bb09ed183527c5d5ed46f568af35f":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d824330c60141264e1f709d63227a9a731bcc42b4adec1d8f0161b10b4fdb2ab":"c5afaa45312c64ab3c3cf9d6c4e0cc47":"":"":"55952a01eee29d8a1734bbdf3f8f":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b5517589948d8aea778df6fd66c17a170d327f69e504f0a4bd504c4286a9f578":"6404b111c6289eefa0d88ed6117bb730":"":"":"637f82e592831531a8e877adfc2c":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"f6137b2bcbd327fbcc7f313efa10f6ffaed30e4782e222e1225c87103fcae905":"3b87b08337a82272b192bd067e3245ec":"":"":"1f2dda372f20ffddd9dd4810e05f":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b5e70d1b78e931abf44bba3f937dbc344858516a8a8afe605818dc67d0c3e4c4":"58e70095c6f3a0cda2cdc7775e2f383d":"":"":"1763573f7dab8b46bc177e6147":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"90de0c047d1dd01d521f2dedec7eb81bc0ace7a5a693a7869eaafbb6e725ad7b":"d565c9cdfb5d0a25c4083b51729626bd":"":"":"78738d3e9f5e00b49635ac9a2d":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c43e8dbeafb079692483a9fcbab964b76fccca6ca99e1388a1aa9bf78dfd2f02":"f2bd4fe0d30c0e8d429cac90c8a7b1c8":"":"":"ea7b52490943380ccc902ca5ae":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"13540919fdb95559e37b535a427efeee334309e34c4608459e204d931b8087e7":"c993c1802df0f075ce92963eb9bff9bd":"":"":"edfab013213591beb53e6419":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2a7b2e07c148ff0f627ae28c241a395876bbed0c20f3fd637330e986db025714":"8f7e1621c2227839da4ea60548290ffa":"":"":"f9da62f59c080160ec30b43d":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b3e7837a75b38ae6d4299a1ae4af3c2460dfca558708de0874d6b1a5689b8360":"05d363b2452beff4b47afb052ac3c973":"":"":"6b4a16d1ea1c21b22bdcb235":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"9df3ccd95f7570f6ecf5e5329dcb79bcd46cbcf083fe03aa8f5bd0f645c6a607":"774f4e70a7577b5101c0c3d019655d3e":"":"":"98ff89a8e28c03fd":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1c7123e2e8d3774c8f1bdbb2272f19129e04f29b4351ae19c3b9d24e6ea1fe87":"99f25cebd6cfa7f41390b42df6a65f48":"":"":"8e14a0a4853a156a":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"490090323e9257517e2453469caa3414045cacb4d05d5cebc6b9c06fa6d19291":"c1beff1ff6cdd62339aa21149c4da1e6":"":"":"f998d7c08d609b3a":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"360e48dd38d9e7f5bf29a2994ab5b3c9c70247102d94049ae791850807a4c845":"88126c350dfc079c569210ee44a0e31a":"":"":"f2ebe5e4":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1562b32e4dd843edaf4474b62cadd8f46d50461f5b22c9f1a8eae7367d35d71b":"af29fdb96f726c76f76c473c873b9e08":"":"":"13fd6dfd":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,0,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d5160d0c98ffcb1c26aad755f67589000e2bb25fa940e6b1d81d780f421353d9":"1552604763453b48a57cea1aed8113f4":"":"":"660c5175":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c3a3ea3a097c0c2b3a4cb78462d87fd5a8f348687c4150e9d3354b388ab13d17":"f77945979241fb3a454d8e3da193e169":"a69bac31241a2c07d3f7e331b77f662b1e67ccb81c07f52578b01f5785de9437f02eb7627ca7b9af09c1cb428fe93d6deb31f4d6dd2f0729f87480bdeb92d985de1aaad4bcebc6fbad83bede9a5dd1ca6a15bf5d8a96d4edb5bee1f7d195e9b2e5fb2221a596d69f257c18a143eda870e22d3f2ed20c9b3b0d8c8a229c462fff":"":"6b4b1a84f49befe3897d59ce85598a9f":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e1626327d987342cba5c8c63b75b4ed65463a2b9c831f4f9f80325fa867d1d73":"4e25800deab7ecec2a2311f8fb44eb7d":"ebaffd558f24dae03117c69ac4b2b4aaeaffe7e0e7599eaba678bfce23a9914dc9f80b69f4a1c837a5544cba08064a8f924064cba4d783623600d8b61837a08b4e0d4eb9218c29bc3edb8dd0e78c1534ab52331f949b09b25fbf73bece7054179817bc15b4e869c5df1af569c2b19cb6d060855be9a15f2cf497c168c4e683f2":"":"8faa0ffb91311a1a2827b86fec01788d":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"938da64b837275b0c80c442bdf2301aa75e387fe65a775d10a8ec840f62ff429":"dec6adeb60216cbb8a6c3afba49fa201":"4ac144bd95f405649444f01ab67ef3e4c0a54fdbd933b6ba00518c79db45c22c90030c45aadcfdb53ec8199be0cbb22dbb9ab938a871f4b3b0c98ed32590a051abb946c42726b3e9701f183b2092985e3457943a6350fbcaece2e6b111b179ea3fd10ac080a577a1481785111d5f294bc28519c470ff94392a51a2c40a42d8b5":"":"2211ca91a809adb8cf55f001745c0563":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e2436484ea1f454d6451ad8dbd1574b208d7a3ab4fa34869299b85c24348b43d":"97040d2ec094fe1c64fa35b35b7451a7":"bc198677513ce0e66697dfe52b22315fa5d8f92042f34cc9f373a01f94607df1a599132f60af010ed9b5e52162dd7b162912b68b11700e08f5fdafd84d10f760fc05ec97c05b83e55155194f399594015b90a19c04fb992e228940fe1b54ba59c4bb8318b33cc0df1cb1d71c389473dfb3eefabfe269ca95db59a7bc0201c253":"":"2e080ba16011e22a779da1922345c2":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7fb3fc72eb8a3aa5b102f90039f852cc3fd64f46915f5e49f1d9e02fe9cc13b1":"f6120fea313362524917c53d90bafb4f":"60c2be7fbd15faf895fd19a9ce775fe2b183b45cffafe4fcbf50d421bea97347e41a9418cfa129b2dda63b889a70063010215dbe38c37feae18bc31b34f31b726f22177f2b4b9d648dd4aa80edfd12dafaee10baa83224354432d1cb62ccabe38bb8448d162cd0d30e988d2e1a2458ffdafaacbdff928756390f66dc60d7ea45":"":"83de3f521fcfdaff902386f359e683":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"697c96d80d0a3fa9af35b86f31fb71a17aed30ce841c79896bbc8863b3b3ee04":"3a5163ec7e007061838d755ac219855e":"de50c12da63232768d5eb9920d49683b5b7114cb77448fa10b9d63552ec5d9c2eac94b375d11f944959f903bb20c696639b6e7f108ec1e873870098c631ddacb2c25268cfc26d2a4cacfb7dda7383374c5456bcf4daa887a887f4293f8caa14419472a8bf7ffd214dfb2743091238b6d1142b116c2b9f4360c6fe0015cd7de81":"":"cd4542b26094a1c8e058648874f06f":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"66c1d9ce3feb0e966c33e3fd542ec11cc32f18c2514b953103d32abcdc72633a":"46fdb88fdde9b7d74e893802a0303256":"55d2f263d2e3cf0b390fce1dd1ebd5f666086f26e1ce2f08002bedbb810ada3922c6bfcf6a6adaa556e9e326c9766f02b3eb6e278da2fa3baa7dbdb6373be3c6ecfbe646b1a39e27c5a449db9b559e7ea3496366b8cdbca00ee7a3dea7fdfbea1665bbf58bd69bb961c33a0fd7d37b580b6a82804f394f9d5d4366772cee3115":"":"96ca402b16b0f2cd0cdff77935d3":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d7c949420dc9497232cd5810f316d11f9e85d36c430b5943ba79836d88c1eb92":"7ef9788ff09cbeedd9569d49083a4097":"ca1de5cc3fcde2638eb72210e551e9c0e0a3f5570d5be83a9a4406b545d854bf17e75b9cd0f4c45722fbd71319a317b72a8798485e9316a1c8102432b83bc95af42f6d50700ba68f6f2e19b6af609b73ad643dfa43da94be32cc09b024e087c120e4d2c20f96f8e9ddfe7eae186a540a22131cedfe556d1ebd9306684e345fd1":"":"8233588fca3ad1698d07b25fa3c4":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6fe7c70815aa12326cdcbb2d2d3e088bbaaef98b730f87fe8510b33d30e12afe":"e0253bd1f19e99a7f8848206fb8ac4a4":"397897eca4856f90d14c3cdfe1ad3cba47e23174ae2dab7d2a6320898584e03bffa3ffd526f416d7b3c579b0f3628744e36eebb5df519240c81d8bbbf5c5966519c5da083ab30a7aa42deae6180e517cdd764b7f77d19cc1a84141817758887a8d7265e7e62279b9d33cd2f1ba10fd54c6c96d4b8a5dbe2318fef629c8e2af0f":"":"477b0a884d788d1905646bd66084":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"cbeefb3817cb02d617f385cf2371d52c8bcbc29e5e7a55cd2da131ca184c6e89":"f74156d6400ae46b612531848bffe18f":"1abe2ab05ceccf2391273126fe4a4426b94d2c3b97a7f1cd2ee6bb952bf4a546e972b5a1701d5ddb0e5bb7a248fcb47107a9fc77e4b9806b68a11850119aa239fa8be1370e3a2e1a8b168f7323afdfc4b8917d92570167848a56132d68876abc386c258a9233dc8a9eb73443b052e842c3d63e8b5369acdd038404e4e9a4b038":"":"0cb67cec1820339fa0552702dd":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e6f5f65ce2fc8ec3f602f5df90eb7d506dd771337913680ac16bdcd15c56583d":"9212a548c597677d1747e98ce6fb18a4":"55ca486c0183d0134925880d2e21dde0af51c4c77c6038a5a9c0497884e0aa4715bdb5b4bb864acc708ac00b511a24fa08496df6a0ca83259110e97a011b876e748a1d0eae2951ce7c22661a3e2ecf50633c50e3d26fa33c2319c139b288825b7aa5efbd133a5ce7483feecb11167099565e3131d5f0cb360f2174f46cb6b37c":"":"08d7cc52d1637db2a43c399310":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0e9a0391435acb57eae2e6217e0941c79a3ff938ec6a19b8a7db2ea972e49f54":"27cd1d7af7e491e30c8110cc01392529":"79140d32bb32dace0779e2d37a0f744d6d973e99a279962b43a6c0af63772e8a0a21d5d9dd3c33d4b218cb2f6f24dd8d93bb4e1e6a788cb93135321ecfed455e747fa919b85b63b9e98b4980a8ccb3b19d50d735742cb5853720c2ad37fa5b0e655149583585830f8d799c0d2e67c0dc24fc9273d9730f3bb367c487a5f89a25":"":"fbb477dd4b9898a9abc5a45c63":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"55a12eeca637654252e3e40b371667e3f308b00f2fd2af696223e4cd89e3fd4e":"8a3793b6441258360f7f4801b03d0b26":"f5810dc5f25e49bd6d94bc63c2494aa7a579a4056a25f1dd9b2734d0b8731ee52523edd54ff475651d45c213e1bf254327fb0e2c41a7d85345b02bcc9d27b08915d332e1659671991a4bb74055967bebbba6ecceb182f57977130623d5a7b2175fa5a84b334868661c1f450b95562928b4791759796a177d59ed18bbf141e2ad":"":"99230019630647aedebbb24b":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3d353f870a9c088de5674efd97646b9c5420b2bcdfcffefcadd81682847e5331":"f267fa982af5c85359b6447f9b7715ea":"7cf55630867af5dff747c8dd25bcc531d94a7730a20b6c03d46059ea93fcaa00d07ee17dad0e0dff814b02dfef0cbe00b37fd2f5f95ead7c72be60016f2934d7683fc1e47185c7211c49cb03e209b088edb14e533dbcb792ab7033728904f7ff12381a236dba97894ec1fafcf853ab15fff343f9265d0283acef10168ffd1271":"":"9553b583d4f9a1a8946fe053":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d227c9ff5d17a984983056fb96f3991932ae8132377529c29238cf7db94a359d":"b8f6536f376a7efe0e684acf350bae70":"1cc25da31f90de7fa47ebce92754d3faa99f88d4e25ccab45645c1acdf850d55d7f02f61a0bfdc3125f29259d7da8abef532fe0966c63d3486753c8a2cb63a39349a0641b2f2b9526a03b97d58ca60fbb054c6c164ff2836688b0cad54df2b165bc082eeae660e768dde5130e30f8edc863446661c74da69b9e56de8ae388da0":"":"44b95a37fab232c2efb11231":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b2a57ef85ffcf0548c3d087012b336c46f6574cf1d97ca087bfad042ee83eec2":"3d580402d2a8dc4d7466e5dcb456be7a":"c2b9e95c16e55028794a63ef82d11fb83a2a75dc34a81f238e472c33264534bdd54cd07d02a0ecf9019ad1a6d6c779f339dd479e37940486950f183bade24fca2f24f06d4037b3555b09fc80279ea311769473eb0630b694a29823324cdf780d7d1a50d89f7a23b05f7a8c3ad04b7949aa9e6a55978ba48d8078b5a2fd3c1bbb":"":"072d4118e70cd5ab":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"63889ed5bf2c27d518a696b71c0f85592e3337aae95b5bf07289e4c5dfdc088d":"1ad534280a0fac7dce31f2ae4fb73f5a":"be1b9dabea33bb9443e27f674b27931c0fba699a33dc86fab29e50b76a9441030444b465317bbf2949faf908bc1b501d11a5ea2042e4b460a85f3be5836729e523d99b56ef39231d5c6d8ae2c2ab36ef44e2aa02a1f2c559c6e333216c7f9ed5f9b880a88e920219204c99a3ae8f90afd1396563bc59a691a93e0070b0b5fd90":"":"1bcea0ac2c1a0c73":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"94e3e2c17cfb6f52d4fdba3ba6d18bba891b6662e85df14d7e61f04adb69e0e5":"8a80efb3bfe220526997543409fddb4d":"05da1b0f7ac6eef488d3f087ecae7f35abe3ef36d339709dc3fcb5b471979268ee894c3b6c7f984300d70bc5ea5fba923bfb41d88652bdaecc710964c51f3e2ae2c280b7d6c8e3b9a8a8991d19d92d46c8a158123187f19397ad1ad9080b4ffd04b82b5d68d89dacd3e76439013728c1395263e722b28e45dabf1ef46b8e70b5":"":"faa5c13d899f17ea":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"fe5e479ad0d79dbf717a1f51f5250d467819e444b79cb3def1e0033c80ddadd8":"47ce838083fd070d8544c0ad5337cdc6":"98476bf05a18c4ff1b6024dd779c1ac06d838705a0a83fe42bee5fc6ebf3b2a1a5049b67f4aabc8239cd6ff56504bcbad1e2498c159bbec2a6635933945f6ea49e5bc763dcf94f4b3643d3888f16105abb0965e24f51cb4949406124145e9ae31cc76535b4178492f38b311099df2751f674363ae7a58f6f93019653b7e6a6f0":"":"a3958500":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"27d4dedb71a8f68ca5ce2b9e56da772bf5a09b7981d41cd29f485bd2d1adb8d4":"7e6f0343c54539717a97b6c8b9f7dec4":"d386db78043f719b7e137cbf79a7f53dda2fe3baccbebb57d499f6eb168e5151f10081d76b72ae0f30165efbdda469e826f9246e59dbcad5c0b27691c00d6c192c24073e99c19cf8c142087c0b83c4ce2fc7ba1e696394e5620ab2d117d5dcd2ac2298997407fd5de07d008de8f9941a4a5f8074736a59404118afac0700be6c":"":"50fd1798":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,0,1024,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"5a7aa836a469d28542d0d24d3232fad266da8fc889c6b6038b726d3da25f7b20":"9faf7cd805803e143ec8f3f13475efd2":"1006c707f608728b2bf64734062b12a5625062bcdcb80a3ce2058352a2922d5e6fbe19681b4f0d79ad3c837f81e72f2fbf8df669894e802a39072b26c286f4b05188c708f7c6edd5f5bb90b87ffa95b86d84d6c1c4591b11d22c772a8ad7f2fe6bd8b46be0e93672df2e8bff8ba80629e1846cfd4603e75f2d98874665c1a089":"":"07764143":"":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a9444fd176acbe061d0221fde3ddfcc4ff74e995d981a831297c4cbda51c22a1":"5714732145470da1c42452e10cd274b5":"":"c146ff5a988496cad7eced7a2ea471e0117d5d6bd2562c23ce9db4bf36d83ba3fc22e90486ec288a627d208e0b2fd3b65f8301cf7fc41d97959981a95cd1cf37effc46db99b94b21c941c3613c26a10b1a6b7793f467d58ff5134612230f1c49d7e1fcf664fe52fc6eca46273982f6fe729b009d90eb8d8e4a0b0dbe907b76da":"db85b830a03357f408587410ebafd10d":"":"a3cad9a57fa28e6f6aaa37150a803bf8b77e765f0702e492c4e5ebb31ae6b12d791149153e469a92bb625784a699fd7ca517500ee3f2851840ba67063b28b481e24ba441314e8b7128f5aaccaf4c4e2c92258eb27310bf031422b7fc2f220f621d4c64837c9377222aced2411628018a409a744902c9e95c14b77d5bb7f5846b":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"686d3bd071e3f46f180611bc4ec8d7726fe72b6c617e7d42b3339f53918c9e36":"a714e51e43aecfe2fda8f824ea1dc4b7":"":"21983ad66449c557263aef299da6eef8f31d576fc17ed2dac3e836f7c2ceaff3094b2695452680e188df10c174810efd1fbaa6c832baedce0b92e4c7121447f6461ac909b4302cdf658095b1de532b536faa4fb38cfdf4192eb5c3fe090d979a343492f841b1edc6eb24b24bdcb90bbbe36d5f8409ce7d27194a7bb995ecc387":"cd30c3618c10d57e9a4477b4a44c5c36":"":"9610908a0eb2ee885981c9e512e1a55075a212d311073bbb2fb9248cce07af16ee4c58bdc8dbe806d28480f9065838146f3e1eb3ae97012cfe53863a13d487f061a49a6c78ca22a321fa25157dbe68c47d78f2359540cc9031ee42d78855ed90e6b8ea3d67725bfffcb6db3d438c982b5f88d9b660f7d82cb300c1fa1edebb6b":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6fe81f15a02e2ecf46e61199c057102d160e6b5d447d4a275972323fff908c3e":"91d55cfdcdcd7d735d48100ff82227c3":"":"0b4ee0385e6665da8fd2ae47f2d0cf1c5bd395a3bb447047ab5a3ae0b95355bf83d0381119a8d4c01acbe60cd7885da650502f73498a682fdc94f7b14f4c753226064fa15e3a90a6083e053f52f404b0d22394e243b187f913ee2c6bb16c3033f79d794852071970523a67467ce63c35390c163775de2be68b505a63f60245e8":"cd7da82e890b6d7480c7186b2ea7e6f1":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"4c2095e1379389dc3810e8819314f5a2f87d1494213c5b1de1a402f7f4f746c4":"19788b2e0bd757947596676436e22df1":"":"26ec8ebac0560538a948afbc18fb730e9a91f21392bde24b88b200f96114b229a5b57fa9d02cf10e6592d4dfb28bf0f00740c61157ce28784e9066ea3afd44ecf3a494723610cb593c0feffc6897e3435c6f448697ad3e241685c4e133eff53bdd0fe44dd8a033cfb1e1ea37a493934eb5303ae6ef47ce6478f767ef9e3301ab":"f26a20bea561004267a0bfbf01674e":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"be5351efc0277afc9759ec2464a22cb4401f7a17efd1a205e7af023c7ed30ee1":"c6b26117d9dbd80c1c242ad41abe2acc":"":"1eca91406f338fc09c2988b1d7dc8c409d719300c03840a497d7b680cdd5e09b144903477f7116a934e1d931cf368af1fc2a0a0e7caa95475a3cd7bf585a16fda31eb3f8201db0216b37a1635c1c030836b3dd05ca5b0194388fa198e717822131d5d4318690ef82d35ac80b27fff19aec8f020dc6c6ce28f0813bbbf8230ad9":"61051d6c0801b4a6b6ca0124c019f3":"":"95447aded336d6c20d483a6f062d533efed0261ad321d37bf8b7321b98f55c0f0082ce7f3d341b18fea29a72fc909d30cd8c84a1640227227287674a9b2f16a81b191ecf3b6232d656c32d7b38bea82a1b27d5897694a2be56d7e39aa1e725f326b91bad20455f58a94a545170cb43d13d4b91e1cee82abb6a6e0d95d4de0567":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"814c2cdfdeecf39d43bb141fbfc62dac44f7552c5e5dac2d4913303fc860119b":"0db3ade15cb0dea98a47d1377e034d63":"":"0d3013a1d7132f685d001420daa6c7b643bc36b887511acc4588237d3b412c79e4ebba29c08248ad46c7239e8daa232b7483c9c4e3d1c0bbebc696401efe21f7fd6fc0525a4ab81bd9a893d5f7ab23b70ed07c00f33649b8a996a006de6c94f7793f72848793f4d5b31311c68aae1e715b37409fbe506dac038a0950f05fe82b":"e62f910b6046ba4e934d3cfc6e024c":"":"374d03cfe4dacf668df5e703902cc784f011f418b43887702972dcc3f021bcb9bdd61ed5425f2975b6da7052c4859501eb2f295eb95d10ba6b2d74e7decc1acacebf8568e93a70a7f40be41ac38db6f751518c2f44a69c01c44745c51ad9a333eda9c89d001aa644f1e4063a8eb2a3592e21c6abc515b5aacaec8c32bcf1d3c4":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1ae4541110f2bc4f83cd720b5c40c8315413d896e034b75007f172baa13d29ec":"83f98eec51ee4cae4cb7fe28b64d1355":"":"5ea811e7fbfc0e00bf2a6abfac50cad9efd90041c5f7fb8f046a0fecbd193b70a2de8a774d01dd3cd54f848cb3e9f5152ee1b052ba698bebfba1fbbdae44a260447d6e6482640ae4d01c9cac3d37d4ffe9a0de0b6001de504a33ef7620efe3ce48ecd6f5b1b3a89185c86d4d662a843ff730e040e3668d6170be4cced8a18a1c":"df47eef69ba2faab887aa8f48e4b":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"20c9b662ec4bd13bf58d64cb0a7159b0e7fee4703af66292bf75c8bd6e42e8dc":"2bc0847d46f3d1064bbf8fe8567f54a2":"":"45b64f2ed5ac707890c0c1726adf338770ce6a728fe86bb372c4c49409a32705f881bc4d31a27c455c7c7df9dd2c541743523e7d32f88930d988857847f011be5f5f31a31e8812745147cbff5c1294d0fd4a7285db4833f22bf1975250da99c4d0dd2c9688d7f8001bb6ef2bc898ce4d42c5b78e74645b56ce992338f49d4183":"5a1bf25aa8d5c3fe5cf1be8e54a1":"":"9079d6275db076625e8474c2914fe483d413d5339202f98f06c3b0ef063d8f3d31029deaf7f9349bfec57e5cf11f46f02d5a6520c7992efc951adbbea6d08e53faeb10dfe8b67ee4685da9ea4fe932551a65821147d06d4c462338e6ddda52017c2bc187fd6d02b7d5193f77da809d4e59a9061efad2f9cadbc4cd9b29728d32":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0a1554db37f2e275732a77e521cbd8170729d8677a85db73feacf3c66a89d689":"b9194a4d42b139f04c29178467955f1d":"":"5421d93b7e6e0091978c673df4f3a406aef5f13eb5e6f95da19b0783308cbe26d4fd6c669cc4a9f069d7e62e4c6fad14b80e918fe91556a9a941a28b3dbf776a68ac7c42df7059b5ed713e78120aec84e7b68e96226c2b5e11a994864ed61b122e7e42ef6cfdae278fadbae1b3ea3362f4e6dc68eef6a70477b8a3ffcfba0df9":"05949d591793ca52e679bfdf64f3":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"3ab1d9bb571c4bdc9f3ef340914bddcfe0c8e7718d4a2530334372cec86e5fcb":"6a5335901284dd3b64dc4a7f810bab96":"":"80bcea307e009745724d5f15d21f3b61a5d5a8401530346b34a2adfa13e3e8c9c9327d6fad914b081e554fbe6c1c6fe070b566620e559555c702c0ab5becf61ea1d9de64351ce43b2276ef4e20b5af7ce43db6d21286af4e740ef00c6d790705afcf0ee4850fffc12c662f2bd8212feb21db31065ab8f717a7509c213352b869":"04b8e5423aee8c06539f435edd":"":"36b9602eee20b8f18dce0783cd1e01a799f81ae0a1ce6d293a26c62f47e7dad85c8446697cc09c81d3d9ead6f9e55c4147211660c8aea9536cc5516e9883c7d6854be580af8cd47ba38fa8451f0dad9c904e0e7f9997eff7e29bf880cd7cedd79493a0e299efe644046e4a46bf6645dfb2397b3a482a346b215deb778c9b7636":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7dddbd5657e22750bfe6baa70a1f4ac46c1ef8bee573a57cfcef50b66f85e593":"fcb962c39e4850efc8ffd43d9cd960a6":"":"2bf5aba83a8161b9d21ff29251fb0efa697b1ea9c1b3de8481d5fd4d6b57afda0b098decdc8278cc855f25da4116ed558fc4e665a49a8fff3aef11115757a99c10b5a73b1f794f9502186c13dc79442f9226bbf4df19a6440281f76184933aeae438a25f85dbd0781e020a9f7e29fb8e517f597719e639cbd6061ea3b4b67fb0":"1d8cdadcf1872fb2b697e82ef6":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6916b93b2712421f1f4582de7ec4237c4e42e2b32c7dced2f8bb5bd2e0598312":"b4d9248bb500e40de99ca2a13e743f1c":"":"3739cca20279a36ddb857ac22beae901a49529b3182463ab81a7c46e437eb0b0571e8c16f7b626ecd9f2ca0cd83debe3f83e5d58ed3738899f4b616755eb57fb965208f261736bdf7648b1f8595c6b6a779768115e3077dfee7a42d44b555a51675fb1ce9961d0e21b2b9b477c0541184350e70decf7c14a4c24b8a6cd5fed8e":"090d03446d65adcc0a42387e8e":"":"0255be7ac7ac6feb3a21f572f6a593cc8a97f17af7064c80e478f4a6c469cf94d604bc014b003bf284d216161a9c8a493af43c6a0d8caf813a9e6f83c7ed56dd57543876b11f76aa2be80dcd79d19ac61f00fa423ac2f52fae7a8327cd91494ca4116feb735980ad0a4b1445cb7f38cc712b8aee72179e65b97fca38694e3670":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b751c8b724165009a8bd97a9d2a0e22cae5a95c4743c55eeeef0a6fe7d946bec":"160c50c0621c03fd1572df6ba49f0d1e":"":"e8546a5af1e38114822e60e75563a9399c88796f303c99c69d1f3c50379da81e1cd5b5a4a721e23c59da58ea4361b7ff58408e506a27fea24f9a235c6af7f7a5bd93fa31e90edfc322821c08d6324134830b7fe160b4a3e6d27866a10e6e60762a31618ef92f5c67ccb1deb1f1b188f0e687165e7c366c7418920df4f4fcdcae":"9fef9becf21901496772996f":"":"175fa6b7cd781ec057ff78ba410f2897a920739b5fc4f04bc9b998fbc7cc18e327ad44d59b167e4627256aaecd97dc3e4a7c9baaf51d177787a7f4a0a2d207a855753c4754d41348982d9418b6b24b590632d5115dc186b0ba3bec16b41fa47c0077c5d091ec705e554475024814c5167121dd224c544686398df3f33c210e82":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0faf32c22c2a4ee38fe4b5ce08f98fdf6f83b5038dcba5ec8332b3eeb5c710c7":"04885a5846f5f75a760193de7f07853c":"":"8a556cc30075753c6e94c2f669bca2058ff6abcbffffc82da7cfca0a45af82dfb4cf487ceb4ede72be87ee4c8b72db1e96459de1dc96721464c544c001d785f2188b9fccaec4b1a37970d38b326f30163d2fdfdf8a2ce74aec55abcd823772b54f8081d086a2e7b17b4086d6c4a5ea67828ef0b593ea1387b2c61f5dfe8f2bb0":"0c13506ed9f082dd08434342":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0dddc3d2f82bdcdbc37648a6b9b416af28753740f8e998cd1a52a0b665369f1c":"0a93b883cbd42998ae2e39aab342cb28":"":"07bf84b15b21951fd22049be6991a672503ae243b8d285fb1e515e1d2c36bfd5b0d0bcce85791f2cea8f616aed68a7d9cf4eaf76418e8b1ec27751de67cbfd9d9f7905b2667904f10d598503f04c04ea00a681ff89a9c446d5763898430bd7a9dfebfe544e3ed3e639b362683a651e087626ffa63c0c2b3e0dd088b81b07f75e":"5c37918edb7aa65b246fd5a6":"":"ff7b7b2f88b8c6f9f9bad7152874e995eea0ff1ce1ecd9b8d563642a37a31499f14d70f0dd835b7adf80928497f845fd8c2786cd53af25f8c9fe1bba24e3c3860162635bbed58f06cf6c9966bb9b570987a48329279bb84afb9e464bb4ad19ae6600175086e28929569027c5285d2ed97615e5a7dada40ba03c440861f524475":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"a0b1a62e46e7712277fc711e19d0c0c865ee77b42ac964b7202dbcaf428086c2":"e20957a49a27e247d00379850f934d6c":"":"7dd7c0787fdbea4aacf929341659dcf4b75cbca8f92001e8b62a4d7b40272c5755fa9c445857db05328dc11ce5221f044f4b3dafbf0e2d72a1ad0d3e4c804148db578218690ccc620d8b97b4450ff83400a6caaa959617611446a6627138a4067be9ea410d4b0581022ab621928205b4a4480560fc4c2c3b39a2805684006f35":"c99751516620bf89":"":"9307620479f076c39f53965c87d20c2aff11c736c040dba74cd690d275591a5defc57a02f6806de82eb7051548589484364f6c9b91f233a87258ede1ee276cb2c93b4fc76f4d7e60cbd29ba2c54cb479c178fa462c1c2fb6eeb3f1df0edfb894c9222b994c4931dedf7c6e8ddecbde385ddf4481807f52322a47bf5ff7272991":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ffcc1c88fba1723b3ab57b458d9bffb98b878c967fb43b9db2ae0753d32a3bb1":"d533c2170c5dc203512c81c34eff4077":"":"19b6dec86d93c466307de3a36c0791ed1010b1b9cf8d30347ae46e0f9283c9fda43da8cb491dd17cc4298b1f0b876d6a0f4bcbc9667fe34564bc08f8f7b67045057d19f4bf027bc839e590822fa09a5cef1af18e64a0116aa2a01a3f246c2b5272c18c9aa23efe674ba53d533ae8f0695cb78c1155cdc7a9d7fae2c4567dc07c":"167ec8675e7f9e12":"":"0539287ac546fe5342e4c3c0ec07127dcd22899abfe8cdd6e89d08f1374d76e877bec4844d06e0a9f32d181c8d945ba16a54ce3725fae21d8245c070a4da0c646203d6b91325b665ab98c30295851c59265b4ab567b968b6e98536b7850738d92e9627b4c9c6f5d9ae2520944783d8f788a1aa11f3f5245660d41f388e26e0a1":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"55e94b339c3bafe068ef9cc30787cc6705850114976843777c92b4b331801650":"2e2b31214d61276a54daf2ccb98baa36":"":"147cc7bc4008dadf1956520b5998d961499bdf3d8b168591adbfd99411ad7b34eb4b2a5c1bb0522b810fec12dd7c775784d7ecdc741e6dec8191361e6abf473b219221801951b4d5ffe955ab50eef9cffdfee65ba29ddfa943fb52d722825338c307870a48a35f51db340aa946c71904d03174b1e4a498238b9d631a6982c68d":"5266e9c67c252164":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"13c9572bdef62510d84f2d415cc481cd1e71b9c1132b43e63b21ba4e16de9b39":"a8339ba505a14786ad05edfe8cebb8d0":"":"7c78e634dec811173ff3c4a9a48ae3ae794fbd2aefd4b31701777ff6fcb670744c592a1d298d319717870dca364b2a3562a4ffa422bf7173c4f7ea9b0edf675e948f8370ffd0fd0d5703a9d33e8f9f375b8b641a1b1eecd1692ad1d461a68d97f91f9087f213aff23db1246ee16f403969c238f99eed894658277da23ced11ee":"df3cab08":"":"91f9780daefd2c1010c458054ac6e35baa885cdd2c95e28e13f84451064e31e0739f27bf259cb376ab951e1c7048e1252f0849ccb5453fc97b319666ebbfbc7ef3055212a61582d1b69158f3b1629950a41bc756bded20498492ebc49a1535d1bd915e59c49b87ffebea2f4ad4516ecdd63fa5afda9cce9dc730d6ab2757384a":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"30a14ca53913acbb215b4e4159083106db3fff83cbedd1e5425f65af1e94f5dd":"4f23f04904de76d6decd4bd380ff56b1":"":"8c5f73ee1544553b712ad7a14f31379c8d54a4e432fb6c5112436988d83c4e94954b0249b470538fb977b756fbee70b811d4dc047a869e207bb0b495f1e271d0034e912000e97594033e0dedde0591b297f8a84bafcc93a46268a5bba117b558f1c73513e971c80a7083e1718fc12d0cc0d996a8e09603d564f0b8e81eea28bc":"18e92b96":"":"bb4b3f8061edd6fa418dd71fe22eb0528547050b3bfbaa1c74e82148470d557499ce856de3e988384c0a73671bf370e560d8fda96dabe4728b5f72a6f9efd5023b07a96a631cafdf2c878b2567104c466f82b89f429915cf3331845febcff008558f836b4c12d53e94d363eae43a50fc6cb36f4ca183be92ca5f299704e2c8cf":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,0,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"e69f419140289ac25fb0e2ef9cc4f7e06777ac20f7d631918d1af0c8883b7d6a":"531248afdaaf1b86cf34d2394900afd9":"":"ff8dfa4e70490ea9c84cb894dc5d7e1b935ebcdea80a39c4161d4db42cbb269cc86abd381af15ec9a4a42ed18c1eed540decec19722df46f22aa06883297cb393fb23e4bb31a817e88357aa923c7ecbcf24c28a09f622dd21fa70c0a02193024fdcefeaa96cc1b50f81a65dfa9e1bb5126f0c9766a861eed096ec15fb07b0f81":"c6885cdd":"":"f75299e0ead3834fc7ebd4b2051541b598ad57cc908fdcd4324cf4ccf7dcf7b3f0737ad6c026399a8b1b6d3d50011b3c48ea2c89833b4b44c437677f230b75d36848781d4af14546894eecd873a2b1c3d2fcdd676b10bd55112038c0fdaa7b5598fe4db273a1b6744cba47189b7e2a973651bfc2aaa9e9abea4494047b957a80":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"404a5d1ac9e32f9caabffbfa485ce9c27edc9e5cde0f2aab4f32ce3121449b88":"b6e6c078e6869df156faa9ac32f057c3":"6ebc75fc9304f2b139abc7d3f68b253228009c503a08b7be77852da9e1afbe72c9ab374740b0dc391fa4d7e17de6a0aa08c69e6f5c5f05411e71e70c69dfbcf693df84c30f7a8e6c7949ea1e734297c0ea3df9b7e905faa6bbdcaf1ff2625a39363308331d74892cf531cb3f6d7db31bbe9a039fca87100367747024f68c5b77":"b63ec4d28854b7fe2d4d13973f5bcb16f78494ce25cc2820de9d0dc1d8d91db1f19bc9e01cee8418c9e88a69b2f30cdbb0dbdbb50be71e1e666c111c126f2b7197c02f69a1b2ec5e1bf4062b2d0b22fb0fa1585b4e6286b29f6ac98d1b1319dd99851fa6921607077d2947140fdeeea145b56ea7b6af276c9f65393bc43ede33":"94c1b9b70f9c48e7efd40ecab320c2d3":"":"56a0ac94f3ec7be2608154f779c434ee96db5ed4f5a6e1acfb32361ce04e16e1337be5978df06d7c4f6012385fb9d45bb397dc00f165883714b4a5b2f72f69c018ffa6d4420ad1b772e94575f035ad203be3d34b5b789a99389f295b43f004de3daaef7fa918712d3a23ca44329595e08da190e3678bc6ad9b500b9f885abe23":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"b56f0c980acf7875cf7f27d53ad4a276adc126d0b93a5774ac4277eecad4309e":"b004c049decfb43d6f3ec13c56f839ef":"b2045b97fbb52a5fc6ff03d74e59dd696f3f442c0b555add8e6d111f835df420f45e970c4b32a84f0c45ba3710b5cd574001862b073efa5c9c4bd50127b2ce72d2c736c5e2723956da5a0acb82041a609386d07b50551c1d1fa4678886bac54b0bd080cc5ef607dca2a0d6a1e71f0e3833678bf8560bc059dae370ec94d43af6":"2c94299e36b7c4a825ecbc5a7809061e0a6761764a5a655ffdb0c20e5c3fcb10f4e93c68aa0a38c2acc5d06f2b7c4ff4fcf814b551bfefa248dbe06a09a0f153213538a31fa7cf7d646b5b53908d8978f514c9c4d6d66f2b3738024b5f9c3fd86b6da0c818203183f4205f186ea44a54edb911b1a17c424c95852c8d271b2e93":"fce7234f7f76b5d502fd2b96fc9b1ce7":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,128) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"1c5027c36e6caa1b3e5e45fead32b5e3126ac41f106c491b0b3a7c16502f4fe6":"3ee660f03858669e557e3effdd7df6bd":"93e803c79de6ad652def62cf3cd34f9addc9dd1774967a0f69e1d28361eb2cacc177c63c07657389ce23bbe65d73e0460946d31be495424655c7724eac044cafafe1540fcbd4218921367054e43e3d21e0fa6a0da9f8b20c5cdbd019c944a2d2ee6aa6760ee1131e58fec9da30790f5a873e792098a82ddf18c3813611d9242a":"58f0ceaa31c0025d2e6bb58720cce4b64f5f6c657c847ae42936eb1e343fea397c8a8cf2f5ef02ffaec25f431900dcb0910cf32cea9eca3b78aed1c451c7af51066489f87b2a5f8cf28d6fdb6ce49d898b6167b590a3907be7618be11fb0922a3cfd18e73efef19e5cdc250fa33f61e3940c6482ae35f339e8c0a85a17379a4e":"ac33f5ffca9df4efc09271ff7a4f58e2":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"34c3019810d72b5e584f0758f2f5888a42729a33610aafa9824badade4136bbd":"f315ea36c17fc57dab3a2737d687cd4f":"f33c5a3a9e546ad5b35e4febf2ae557ca767b55d93bb3c1cf62d862d112dbd26f8fe2a3f54d347c1bc30029e55118bab2662b99b984b8b8e2d76831f94e48587de2709e32f16c26695f07e654b703eba6428f30070e23ed40b61d04dd1430e33c629117d945d9c0e4d36c79a8b8ab555d85083a898e7e7fbeb64a45cc3511d99":"22deef66cbb7db240c399b6c83407f090d6999ba25e560b2087fed0467904bb5c40cbaa05b8bf0ff5a77c53fa229478d8e0736414daf9c420417c391c9a523fd85954533f1304d81359bdcc2c4ac90d9f5f8a67a517d7f05ba0409b718159baf11cd9154e815d5745179beb59954a45a8676a375d5af7fae4d0da05c4ea91a13":"0bae9403888efb4d8ec97df604cd5d":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"29397d98fc5a7f04b5c8b6aa3a1dd975b6e4678457ae7f0691eee40b5397503a":"885543a45fd1163e34ef9276145b0f8c":"d88beaa0664bcef178cbdbfab17ff526b5c0f8ad9543c6a312d93c336707fbf87c0448b07a550580953279f552f368225cc6971f1eecc718d6aad1729c8d8873081357752bd09d77075fa680cb2dc4139171e4a0aaa50b28c262c14fd10b8d799ca1c6641bb7dfdfdf3dea69aa2b9e4e4726dc18b0784afa4228e5ccb1eb2422":"0bbf1079cb5569c32257bc7e52371db46f3961b457402b816588243b4523543430d5ca56b52de6632724c51e6c3af310b28822c749a12bdd58dee58bbc3266631562a998ec3acdc8a2567a9f07f7f9759c3f50b1d1dcdd529256b80c0d227fc1fe8b58c62d1c643f1ac2996809fd061afcf4a9af184c14db9e63ec885c49de61":"7b334d7af54b916821f6136e977a1f":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,120) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"7555dfcf354da07fd70f951d94ec1d86a635edfdb7929460207b2a39cc0cf4a3":"e1b30b6a47e8c21228e41a21b1a004f0":"bf986d3842378440f8924bb7f117d1a86888a666915a93ba65d486d14c580501e736d3418cebee572439318b21b6e4e504a7b075b8c2300c014e87e04fa842b6a2a3ebd9e6134b9ddd78e0a696223b1dc775f3288a6a9569c64b4d8fc5e04f2047c70115f692d2c2cefe7488de42ff862d7c0f542e58d69f0f8c9bf67ef48aea":"a1351cfffd1b0cbf80c3318cc432d3238cb647e996b7b53c527783594683f535950cd08788687c77226b2d3f095955884adc2e475ca1e1eab04e37d5e901ae8934a9d3a0cb37b80612ca25d989856dfa7607b03039b64d7dcd468204f03e0f2c55cb41c5367c56ca6c561425992b40e2d4f380b3d8419f681e88ebe2d4bdad36":"d8ef5438b7cf5dc11209a635ce1095":"":"95e8db7c8ecab8a60ceb49726153a7c5553cf571bc40515944d833485e19bf33cb954e2555943778040165a6cfffecef79eb7d82fef5a2f136f004bb5e7c35ae827fac3da292a185b5b8fc262012c05caeda5453ede3303cfeb0c890db1facadaa2895bdbb33265ada0bb46030607b6cf94f86961178e2e2deeb53c63900f1ec":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"bbeafe86c72ab0354b733b69b09e4d3462feb1658fe404004d81503f3a6e132f":"ee1caba93cb549054ca29715a536393e":"e44b0e0d275ae7c38a7dc2f768e899c1c11a4c4cb5b5bd25cd2132e3ecbaa5a63654312603e1c5b393c0ce6253c55986ee45bb1daac78a26749d88928f9b9908690fc148a656b78e3595319432763efbcf6957c9b2150ccabfd4833d0dcee01758c5efb47321a948b379a2ec0abcd6b6cbf41a8883f0f5d5bf7b240cb35f0777":"a033c2051e425d01d97d563572e42c5113860e5dedcd24c76e3e357559ba3250f1fc5d4a931a9d0900ac025400f0158621f0b1215b2907467bfc874bcabbb28e28de81fe1ee5b79985261c512afec2327c8c5957df90c9eb77950de4a4860b57a9e6e145ea15eb52da63f217f94a5c8e5fcb5d361b86e0e67637a450cdbcb06f":"a4809e072f93deb7b77c52427095":"":"e62adf9bbd92dd03cc5250251691f724c6ece1cb89d8c4daf31cc732a5420f6bedab71aab0238ba23bd7165ed1f692561ef457fd1d47413949405b6fc8e17922b17026d89d5830b383546ea516a56f3a1c45ec1251583ae880fa8985bd3dcc1d6a57b746971937bf370e76482238cc08c2c3b13258151e0a6475cc017f8a3d0e":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"6ad06c88dd4f3becf35eed95bb859be2406a1803a66e4332a74c5f75c09b9a01":"07d8b4a6e77aef9018828b61e0fdf2a4":"cca1fd0278045dda80b847f0975b6cbf31e1910d2c99b4eb78c360d89133a1c52e66c5c3801824afc1f079d2b2b1c827199e83f680e59b9a7de9b15fa7b6848b5bf4e16a12ac1af4cf2b4d7bb45673c5e1241e9996440860a9204fc27cae46a991607bc5e7120d6c115ddcbdd02c022b262602139081e61eee4aba7193f13992":"2219c11672884b93d0290b6a7140feafe416461f1cdaf0b3aa64693d7db2eb10feae46aac7af549fa1b0abc78c11f8df7ee803ef70310fc3e67769f8b4bc64f81143a6ebf8bee9d386a8ede5d2cc0ed17985a3b7bb95191ef55e684690ccdc5ca504bc6eb28442b353861a034a43532c025f666e80be967a6b05b9dd3a91ff58":"e3ede170386e76321a575c095966":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,112) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"87bbf7c15689e8c99a5a32a8ba0dfebcfe1989159807428cdd1f382c3ea95178":"2f19aa1f3a82a7398706953f01739da7":"590dbd230854aa2b5ac19fc3dc9453e5bb9637e47d97b92486a599bdafdfb27c3852e3d06a91429bb820eb12a5318ed8861ffe87d659c462ef167be22604facfa3afb601b2167989b9e3b2e5b59e7d07fda27ffccd450869d528410b0aff468f70cc10ef6723a74af6eebc1572c123a9b5a9aab748a31fa764716d3293ff5de7":"b77d3bf3b30b3e6e5c86cbfb7e5455f6480f423cc76834b4663d28d9f1eb5c40212634e3347668427f7848352ab789886f96682a568260bdaeb7de0aae2af36f5ae04f06c332b158d923706c1c6255c673feeadb6d30bfc901e60b92acd9ddd83ef98686c4d492f4a60e97af2541d470a6a6b21903441020ea7619cf28a06986":"5c43fc4dc959fabeebb188dbf3a5":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"24095a66b6eb0320ca75e2ab78e8496a45f4b000fc43436904c3e386fb852ed2":"0955c1f0e271edca279e016074886f60":"f5160c75c449e6bb971e73b7d04ab9b9a85879f6eb2d67354af94a4f0ca339c0a03a5b9ede87a4ff6823b698113a38ae5327e6878c3ccc0e36d74fe07aa51c027c3b334812862bc660178f5d0f3e764c0b828a5e3f2e7d7a1185b7e79828304a7ad3ddcd724305484177e66f4f81e66afdc5bbee0ec174bff5eb3719482bd2d8":"4690edc843e23d9d9b9a4dab8fa8193f8bf03897d3d29759e9dc9e0f8a970c0f5d4399b9f60461fe5cf439f9b0d54bbc075695e4d76b76298cc2b75bb3e0b516ee9ada93f77c4c002ba9fd163a1e4b377befb76c1e5ab8b3901f214c0a4c48bd2aa2f33560d46e2721a060d4671dc97633ff9bcd703bb0fbed9a4a2c259b53f3":"75a31347598f09fceeea6736fe":"":"0dd2dca260325967267667ff3ccdc6d6b35648821a42090abba46282869bac4bdc20a8bee024bea18a07396c38dbb45d9481fedcc423a3928cfa78a2f0ae8eedb062add810bdbee77ddc26c29e4f9fda1ab336d04ef42947b05fbdb9bc4df79e37af951d19d6bf5e5cb34eef898f23642a9c4a9111ed0b7a08abeeefbbd45c23":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"086b77b5731f971f0bf5b8227361b216746daf8b08c583ad38f114a64aa7877b":"164058e5e425f9da40d22c9098a16204":"6633eae08a1df85f2d36e162f2d7ddd92b0c56b7477f3c6cdb9919d0e4b1e54ea7635c202dcf52d1c688afbbb15552adda32b4cd30aa462b367f02ded02e0d64eeee2a6b95462b191784143c25607fd08a23a2fbc75cf6bee294daf2042587fdd8fe3d22c3a242c624cf0a51a7c14db4f0f766ec437de4c83b64f23706a24437":"629317212ff8bd8a7676e4c00b81a9577de6397c832f99ac974fa2bbbccb6e3b8aa776db6922eed0b014bf3923799da7d9d0854c8817470e1e2f7fc7a572f9d0316ee60cde7ef025d59b897d29a6fee721aeb2f7bb44f9afb471e8a7b0b43a39b5497a3b4d6beb4b511f0cefa12ce5e6d843609d3e06999acfbee50a22ca1eee":"2eb6eb6d516ed4cf1778b4e378":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,104) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"0f9e806b0d937268561c0eafbbdd14ec715b7e9cef4118d6eb28abbb91266745":"8657996634e74d4689f292645f103a2e":"2ca253355e893e58cb1a900fbb62d61595de5c4186dc8a9129da3657a92b4a631bbdc3d5f86395385a9aa8557b67f886e3bb807620e558c93aea8e65826eadeb21544418ee40f5420c2d2b8270491be6fc2dcbfd12847fa350910dd615e9a1881bc2ced3b0ac3bde445b735e43c0c84f9d120ca5edd655779fc13c6f88b484f7":"2ae4baef22ace26f464a9b0c75802303f2d7c0f9a1ed1d0180135189765bdd347fea0cc2b73ee7fbbf95ea1fda22597b8aad826f63e744069a9c349488b2cc1cf9372f423cc650302082125724730ae5a4d878e07385ddc99034c6b6b46748f02c80b179fe6406b1d33581950cb9bcd1d1ea1ec7b5becfd6c1f5b279412c433a":"83155ebb1a42112dd1c474f37b":"":"87d69fc3cbc757b2b57b180c6ba34db4e20dde19976bfb3d274d32e7cea13f0c7d9e840d59ce857718c985763b7639e448516ddbbda559457cd8cb364fa99addd5ba44ef45c11060d9be82b4ebe1f0711ac95433074649b6c08eeab539fdfc99c77498b420427e4d70e316111845793de1f67fb0d04e3389a8862f46f4582dc8":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c24c17911f6db4b3e37c46bcc6fa35efc1a55f7754f0bb99f2eea93398116447":"5098cc52a69ee044197e2c000c2d4ab8":"9ad4dee311d854925fc7f10eca4f5dd4e6990cb2d4325da2ef25a9a23690f5c5590be285d33aaeba76506c59edec64b8c3ff8e62716d1c385fbce2a42bc7bd5d8e8584de1944543ab6f340c20911f8b7b3be1a1db18a4bb94119333339de95815cae09365b016edc184e11f3c5b851f1fa92b1b63cfa3872a127109c1294b677":"0bd92cb106867e25ad427ff6e5f384d2d0f432fc389852187fcc7b0bf9f6d11a102a872b99ed1ad9a05dab0f79fa634745535efed804ff42b0af8dad20ba44709391fb263f245e5a2c52d9ce904179633282f57a1229b0a9c4557a5c0aeda29bbc5a7a871fa8b62d58100c3722c21e51e3b3e913185235526e7a5a91c559717d":"f7930e3fab74a91cb6543e72":"":"6124ede608d416baa5e653a898ca76e9f47f08403c1984feec112e670ded2226e0073f8881ab2161cfda541dccae19691285f7391a729f07aba18f340bb452c1da39cbe83cf476cfc105b64187e0d2227dd283dcba8b6a350f9956b18861fa131d3f00c034443e8f60e0fdfcfaabbed93381ae374a8bf66523d33646183e1379":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"d267a8379260036ff3d1ec07a7b086ff75706bad12d37d9656f04776f3d8b85c":"674dc34e8c74c51fa42aacd625a1bd5b":"6a9a8af732ae96d0b5a9730ad792e296150d59770a20a3fdbbc2a3a035a88ac445d64f37d684e22003c214b771c1995719da72f3ed24a96618284dd414f0cac364640b23c680dc80492a435c8ec10add53b0d9e3374f1cf5bfc663e3528fa2f6209846421ea6f481b7ecf57714f7bc2527edc4e0466b13e750dd4d4c0cc0cdfc":"80c68a330ef50e3e516681f1e535868b03466e7edbb86cb385d01db487da3dd3edad940fdc98d918b7db9b59f8d61369eee2928c88557306c4a13e366af0708d94cb90a15f1c3bc45544bdb05ff964da5e06c5ae965f20adb504620aed7bce2e82f4e408d00219c15ef85fae1ff13fea53deb78afa5f2a50edbd622446e4a894":"bea660e963b08fc657741bc8":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,96) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"c86cb637753010f639fa3aa3bff7c28b74f012ad6090f2a31b0801d086f183ad":"87ff6e0bb313502fedf3d2696bff99b5":"2816f1132724f42e40deabab25e325b282f8c615a79e0c98c00d488ee56237537240234966565e46bfb0c50f2b10366d1589620e6e78bd90ade24d38a272f3fff53c09466aa2d3ef793d7f814a064b713821850a6e6a058f5139a1088347a9fa0f54e38abd51ddfc7ef040bf41d188f3f86c973551ced019812c1fc668649621":"6b7858557e0fd0f957842fb30e8d54dedbc127eb4bbf9de319f731fa28a606df2c046a0bce8ecda4e75d3596e4e988efd6bc279aa005bc52fad92ba07f5b1dfda4cc417029f9778c88d6fe5341a0fd48893dcb7c68d0df310a060f2a5235aee422d380f7209bc0909b2aa7e876044056f0b915dab0bc13cbea5a3b86d40ca802":"7859f047f32b51833333accf":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2c31ca0cac3efe467168198f06beacf39565a6f57f82e1048a5c06a231315882":"95cae6e85f33f3043182460589be3639":"67523751a9b1b643d00de4511b55e4268cb2d18e79e01a55fc7b677d529bd6400940fb25ea6ae135c1a816e61b69e90b966981aeda685934b107066e1467db78973492ad791e20aef430db3a047447141def8be6e6a9a15089607c3af9368cdb11b7b5fbf90691505d0c33664766945d387904e7089b915a3c28886ba1763bb5":"65261d6e29b2369b1828a7cef2df9873d6e6057c499301afedd6cb65b5036ddb95f9e353fbf38e54c4f46f88164325b33620ce183beb2e411fbb89a0e0002e542fc161cad32a61ee6f1e1717e0b4dcd0340b116f795bc1009dbbc65bc31c9b549bf03c40bc204cd0d02ec884be907777ebeed8b527ec3af7cbb508193c0745de":"21309d0351cac45e":"":"1d5f2cb921f54aeb552b4304142facd49497837deb1f00d26fbeddbab922fd80b00dba782961f8fce84f1f7973e81eed6ee168b1760c575c891f40a1dae0fa1a08738025d13ef6e0b30be4f054d874f1b8a2427a19ebb071d98365c32316a88a68c2b40daf1ea831a64519ac3679acb4e04986ecc614ec673c498c6fee459e40":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ca9fa36ca2159dff9723f6cfdb13280446eb6bc3688043c7e2e2504184791596":"d13ca73365e57114fc698ee60ba0ad84":"2aa510b7f1620bfce90080e0e25f5468dbc5314b50914e793b5278369c51ac017eace9fd15127fca5a726ad9e67bdee5af298988d9a57ec4bbc43d4eb849535eb10521ac7cd7ed647479a42876af2ebc9e2108b539febdaa9127c49bda1bda800f6034050b8576e944311dfbca59d64d259571b6d2ed5b2fc07127239b03f4b7":"ac04c4293554cd832aa400c811cb202d815d6178aa1343b4628592b7f3ae45dc5f12ea47be4b43e1865f40b06ab67b3a9fb3644248a9b3efe131a8addb7447978bb51ccf749e75574fea60e8781677200af023b2f8c415f4e6d8c575a9e374916d9ec3a612b16e37beb589444b588e0b770d9f8e818ad83f83aa4ecf386d17a7":"2111d55d96a4d84d":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,64) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"2f802e838250064c15fdee28d7bd4872850355870847701ad9742b2d6eb4b0c0":"2dd550cfd97f8e1d8d31ba5537ae4710":"72b9630dda40306e785b961934c56e20948f8eac0e981f49787eb3dbd6e4607f7d08d10ca643746bf1efa7e5066993683d527a90f2d45ec9cf73113f1f17bb67958be669acd4e2927f1dacfde902cd3048056d7f6dfdd8630ff054efce4526db7c9321d6d2be2236f4d60e27b89d8ec94f65a06dc0953c8c4533a51b6a29bd2c":"e2ca8c8d172ff90232879f510d1225af91bc323bdf636363c2903fcd1790692c8bcb03a1cccb18814678852c6b3a441552e541b843ee5e4f86a152fa73d05aea659fe08aa6428bb257eaa2a7b579fdc4022c1dec359a854253c1aefc983c5ede8c97517ea69fc4606e25f13ffb0f5f49160691454fbb74e704326738353525f7":"bd6c8823c9005c85":"":"f6dd0b5f3d1a393a1837112962dba175a13c2d1e525ef95734caf34949d8b2d63b4fe5603226b5f632f2d7f927361ba639dc0e3c63414f45462342695916d5792133b4a24c7c4cbe2b97c712bf27ab62d3d68b3875d58ffe4b7c30a8171bff1a9e2f3995768faacda2ea9213ff35798b9e4513f6a87bd3f5a9d93e847e768359":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #0
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"84dd53ce0146cb71c32776033bb243098d78a22ac17f52a62a122f5653fb4e33":"f0c90a1bca52f30fab3670df0d3beab0":"a3ea8032f36a5ca3d7a1088fd08ac50ae6bdc06ad3a534b773ac3e3d4a3d524499e56274a0062c58c3b0685cc850f4725e5c221af8f51c6df2bbd5fbcff4a93ba4c1054f7f9c67fd9285511a08d328d76a642f067227d378f95a1e67587b90251f9103ed3cacdb6bf69e0794e366d8b92d8de37b4e028de0778841f356ac044d":"68222bffa782dcfe4f328fc20eb520e75a9a5fedbe13ec7fcf0e82fba08bb87a8a8e02902638e32fe0e2294344b380797f8028426ffcc0531c739c884892394c48ff0779c5f5edf0a36a3fb8aa91213347774ec4bf0fe1049bd53746b13beef3c637169826c367056cb1aa0a3868e23f886a9c7b8015c26af9e40794662f6b21":"b1ece9fb":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #1
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"9bb36fe25e966a075ae2c3bb43b5877679ebc379d5123c8eda3fa0e30b95cae0":"59869df4ef5754b406478a2fb608ee99":"ecd125682e8a8e26757c888b0c8b95dec5e7ed7ac991768f93e8af5bcf6f21ed4d4d38699ee7984ed13635fff72f938150157c9a27fcda121ffced7b492d2b18dad299cb6495ed5f68441aefc8219d2cf717d15d5cd2dbce4606fcf90fe45f3601127cf6acee210bd7df97309f773974a35bef1d33df984101c2fc9d4b55259e":"fb3a4be643c10343251c6f0745aaa54349463f622ca04a792e9b4780866844b30aeef3269fc60cac0ea031c5f3780b535e15154f7c76eb4a371b8ae368550f3fa2ce693c34511ec96b839cac567f1b0de0e7e3116d729b45d1b16e453703a43db73f5d0c3e430f16b142420b5f0d26d72ac3dba543d7d813603b0bfdca3dd63e":"cb3f5338":"FAIL":"":1
+
+AES-GCM NIST Validation PSA (AES-256,128,1024,1024,32) #2
+depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_GCM:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"3105dddb":"FAIL":"":1
diff --git a/tests/suites/test_suite_cipher.misc.data b/tests/suites/test_suite_cipher.misc.data
new file mode 100644
index 0000000..25bfd40
--- /dev/null
+++ b/tests/suites/test_suite_cipher.misc.data
@@ -0,0 +1,5 @@
+CIPHER - Conditional invalid parameter checks
+cipher_invalid_param_conditional:
+
+CIPHER - Unconditional invalid parameter checks
+cipher_invalid_param_unconditional:
diff --git a/tests/suites/test_suite_cipher.nist_kw.data b/tests/suites/test_suite_cipher.nist_kw.data
new file mode 100644
index 0000000..59ef931
--- /dev/null
+++ b/tests/suites/test_suite_cipher.nist_kw.data
@@ -0,0 +1,271 @@
+KW AES-128 wrap rfc 3394
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"000102030405060708090A0B0C0D0E0F":"":"":"1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5":"":"":"00112233445566778899AABBCCDDEEFF":0
+
+KW AES-192 wrap rfc 3394
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"000102030405060708090A0B0C0D0E0F1011121314151617":"":"":"96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D":"":"":"00112233445566778899AABBCCDDEEFF":0
+
+KW AES-256 wrap rfc 3394
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":"":"":"A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1":"":"":"00112233445566778899AABBCCDDEEFF0001020304050607":0
+
+KW AES-256 wrap rfc 3394
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":"":"":"64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7":"":"":"00112233445566778899AABBCCDDEEFF":0
+
+KWP AES-192 RFC 5649
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8"::"":"":"138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a":"":"":"c37b7e6492584340bed12207808941155068f738":0
+
+KWP AES-192 RFC 5649
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8"::"":"":"138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a":"":"":"c37b7e6492584340bed12207808941155068f738":0
+
+KWP AES-128 1 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"A9D2D4394815D53F2799ABD7E51D2C8B":"":"":"00":0
+
+KWP AES-128 2 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"36D0CA197F638BF478D022C7E543B699":"":"":"0001":0
+
+KWP AES-128 3 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"DAB4EE2853E1C44C5E553E644143902B":"":"":"000102":0
+
+KWP AES-128 4 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"446C037F831092B147C372616357BF7D":"":"":"00010203":0
+
+KWP AES-128 5 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"9ED0AF6457B82E0DDADBD2240A303D74":"":"":"0001020304":0
+
+KWP AES-128 6 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"D863A8CE0DF301A564945259B4F74E7D":"":"":"000102030405":0
+
+KWP AES-128 7 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"E8387E5456242B0C30BE77FC1FF0C1FD":"":"":"00010203040506":0
+
+KWP AES-128 8 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"01FF4C430CDF3D2D815B0972B23D7C35":"":"":"0001020304050607":0
+
+KWP AES-128 9 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"C06E2163E0CC845B348E012AC9413DEEE40C8C3B030A3681":"":"":"000102030405060708":0
+
+KWP AES-128 10 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"3DFD2F643C38B07E121C77C2CA0EF82DA742B0989B6D848E":"":"":"00010203040506070809":0
+
+KWP AES-128 11 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"AFAEF390634E21E754FD09F55A4EDD918A1D23ECA9B76F2B":"":"":"000102030405060708090A":0
+
+KWP AES-128 12 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"A42D14C830F64F0A73570BFA7FDF8DDDD5E3AD3065A09FB0":"":"":"000102030405060708090A0B":0
+
+KWP AES-128 13 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"83F23527625FC643942279D090C1B61D10FC978B54D778CD":"":"":"000102030405060708090A0B0C":0
+
+KWP AES-128 14 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"E073C30E0DAC595F9FD28A0CB9E53945B26D1E1DE4E66D04":"":"":"000102030405060708090A0B0C0D":0
+
+KWP AES-128 15 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"64E3C2F7E0F7CB297C6B8C4CAF665F9F0A3F7082D2522635":"":"":"000102030405060708090A0B0C0D0E":0
+
+KWP AES-128 16 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"8F5982C7D265A0A40FC81D2326429A0A65BCD1368F0E16CB":"":"":"000102030405060708090A0B0C0D0E0F":0
+
+KWP AES-128 17 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"E29EC6664BCBA00986DD9845F8C4B26472BFDDF98522E537B5D23D5D2A8D02C5":"":"":"000102030405060708090A0B0C0D0E0F10":0
+
+KWP AES-128 18 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"9451ABCA0B9756A183F8C9ADA834E1AD2400B693C33624E59F26C35AC1586E2B":"":"":"000102030405060708090A0B0C0D0E0F1011":0
+
+KWP AES-128 19 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"F03CB49A65FD3EF8FC83C52F029A3D73667D5B84DB429C38436619ED8320D12E":"":"":"000102030405060708090A0B0C0D0E0F101112":0
+
+KWP AES-128 20 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"759524B855037849812D62979A18F24D3E672C2663DEA9204BA5A639FB7DB292":"":"":"000102030405060708090A0B0C0D0E0F10111213":0
+
+KWP AES-128 21 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"F352B8228FBFA0769C2E3858D7451FA603E9B751CFE780ED0F93C850C7870259":"":"":"000102030405060708090A0B0C0D0E0F1011121314":0
+
+KWP AES-128 22 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"3491F4C8D916A1BC3824D1478EC746BE8C837415017ED52A1ABC30FB14DDE825":"":"":"000102030405060708090A0B0C0D0E0F101112131415":0
+
+KWP AES-128 23 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"0E6E35C5B9D706C2FF2C4C6CFCF254849879D6C1CB577E0A73BB12CBC7AC9740":"":"":"000102030405060708090A0B0C0D0E0F10111213141516":0
+
+KWP AES-128 24 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"E7DB580663B113B57489E1107F2DCAF7CF80629E7CE1839E1ED044ECD0299E79":"":"":"000102030405060708090A0B0C0D0E0F1011121314151617":0
+
+KWP AES-128 25 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"883500DB91747BAD8C5E122ED2338F3BCB6B43064F5DA9D1303E165815EC8CC4C5BFD31AEAE1B6A3":"":"":"000102030405060708090A0B0C0D0E0F101112131415161718":0
+
+KWP AES-128 26 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"24099AAAD4F19BF614ECC35DA9E3646F73AAFAA9C46975D4B56D72A332AF7EC4850B8294D94B7E1A":"":"":"000102030405060708090A0B0C0D0E0F10111213141516171819":0
+
+KWP AES-128 27 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"C24F8CCE3425AC9638145A0DAC28B59368583FF3A7AAD85FBE1AEAAB5D23C0B128A1F9BC575B785A":"":"":"000102030405060708090A0B0C0D0E0F101112131415161718191A":0
+
+KWP AES-128 28 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"EFD0BC7612331A98F2D68F86E606717197BF57E35114234C675D40E9462ACF00DE7860C0F38677F7":"":"":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B":0
+
+KW AES-128 wrap CAVS 17.4 COUNT 0 PLEN 16
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"7575da3a93607cc2bfd8cec7aadfd9a6":"":"":"031f6bd7e61e643df68594816f64caa3f56fabea2548f5fb":"":"":"42136d3c384a3eeac95a066fd28fed3f":0
+
+KW AES-128 wrap CAVS 17.4 COUNT 0 PLEN 16
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"7575da3a93607cc2bfd8cec7aadfd9a7":"":"":"031f6bd7e61e643df68594816f64cbb3f56fabea2548f5fb":"":"FAIL":"":0
+
+KW AES-128 wrap CAVS 17.4 COUNT 0 PLEN 32
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"e5d058e7f1c22c016c4e1cc9b26b9f8f":"":"":"60b9f8ac797c56e01e9b5f84d65816a980777869f67991a0e6dc19b8cd75c9b54db4a38456bbd6f3":"":"":"7f604e9b8d39d3c91e193fe6f196c1e3da6211a7c9a33b8873b64b138d1803e4":0
+
+KW AES-128 wrap CAVS 17.4 COUNT 0 PLEN 24
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"67ae4270bcdd31e8326b7e7f94c80276":"":"":"96cec0e3272a21faa550a857957aa38ce3c1cf06f0dd9f5b5c5c422cef6c69a1":"":"":"57e748b62fbc37ba25e904ee973d01b136cf7c1d0c8c5c87":0
+
+KW AES-192 wrap CAVS 17.4 COUNT 0 PLEN 16
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"a6a3f6d509811859238fc569b5664605f7a73c475a691a8f":"":"":"57d7a4b4e85ffdcb7788b9b666cb63303dd2c5d0f11b1bbb":"":"":"8484e414b091f8a9f72cfd13087ddec1":0
+
+KW AES-192 wrap CAVS 17.4 COUNT 0 PLEN 32
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"3686e50dd602f84024570f545bbf618362bef80d45472436":"":"":"c7d5a1a5dfeb7327acbb94767d74cc2afc622ffd01f854d7d3e2b6f75ca7e8f441a0c0bad3d26ee2":"":"":"d780d69b45483b682d311ccaaadcfa3a1cecf1f05dbe2ebc71e6d3fa979f3de8":0
+
+KW AES-192 wrap CAVS 17.4 COUNT 0 PLEN 24
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"0a833412e7aa1384ff26866dc9c551bf60413c17e847d317":"":"":"3a7efd629305bf1d61360ed6ff8ec7d059e8af3e5104c29729adb55d1bb94f7e":"":"":"f734760cc0fa3bbfb271277d4f29a48ddecda733d610fa42":0
+
+KW AES-256 wrap CAVS 17.4 COUNT 0 PLEN 16
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"f59782f1dceb0544a8da06b34969b9212b55ce6dcbdd0975a33f4b3f88b538da":"":"":"2e63946ea3c090902fa1558375fdb2907742ac74e39403fc":"":"":"73d33060b5f9f2eb5785c0703ddfa704":0
+
+KW AES-256 wrap CAVS 17.4 COUNT 0 PLEN 32
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"8b54e6bc3d20e823d96343dc776c0db10c51708ceecc9a38a14beb4ca5b8b221":"":"":"b13eeb7619fab818f1519266516ceb82abc0e699a7153cf26edcb8aeb879f4c011da906841fc5956":"":"":"d6192635c620dee3054e0963396b260af5c6f02695a5205f159541b4bc584bac":0
+
+KW AES-256 wrap CAVS 17.4 COUNT 0 PLEN 24
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"112ad41b4856c7254a9848d30fdd78335b039a48a8962c4d1cb78eabd5dad788":"":"":"ba8a259a471b787dd5d540ec25d43d87200fdadc6d1f05d916584fa9f6cbf512":"":"":"1b20bf1990b065d798e1b32264ad50a8747492ba09a04dd1":0
+
+KWP AES-128 wrap CAVS 17.4 COUNT 0 PLEN 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"6decf10a1caf8e3b80c7a4be8c9c84e8":"":"":"01a7d657fc4a5b216f261cca4d052c2b":"":"":"49":0
+
+KWP AES-128 wrap CAVS 17.4 COUNT 0 PLEN 8
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"a8e06da625a65b25cf5030826830b661":"":"":"b6f967616dd8d772e9fea295a456dba7":"":"":"43acff293120dd5d":0
+
+KWP AES-128 wrap CAVS 17.4 COUNT 0 PLEN 9
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"7865e20f3c21659ab4690b629cdf3cc4":"":"":"41eca956d4aa047eb5cf4efe659661e74db6f8c564e23500":"":"":"bd6843d420378dc896":0
+
+KWP AES-128 wrap CAVS 17.4 COUNT 0 PLEN 31
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"be96dc195ec034d616486ed70e97fe83":"":"":"974769b3a7b4d5d32985f87fddf9990631e5610fbfb278387b58b1f48e05c77d2fb7575c5169eb0e":"":"":"85b5437b6335ebba7635903a4493d12a77d9357a9e0dbc013456d85f1d3201":0
+
+KWP AES-192 wrap CAVS 17.4 COUNT 0 PLEN 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"9ca11078baebc1597a68ce2fe3fc79a201626575252b8860":"":"":"866bc0ae30e290bb20a0dab31a6e7165":"":"":"76":0
+
+KWP AES-192 wrap CAVS 17.4 COUNT 0 PLEN 8
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"c5029804d28341ca267c9e73afc5f963b14bb604708b43f2":"":"":"15b98046b2a3a49b9c0831c476fc34fb":"":"":"e6eb18a3e969ab5c":0
+
+KWP AES-192 wrap CAVS 17.4 COUNT 0 PLEN 9
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"9464f1af6aabad076661328bcfd15777da16a288a2660009":"":"":"d9b257b400d808a0b0386af3be9154fc7f2fb2d7edc06201":"":"":"431527c3a644c106bb":0
+
+KWP AES-192 wrap CAVS 17.4 COUNT 0 PLEN 31
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"a354ccd6dd97cf40bed840f8137e0cf2e91c00e592104765":"":"":"f018e7c8d6dcdbd20606502b2667439d9049a9a2d5c960af8e9251466d6ff8923fb82432b299f1a4":"":"":"22ccc034c5345550f5bc0114f2951f0fe439ec3ecd8ac1fea8889dd12bfb8e":0
+
+KWP AES-256 wrap CAVS 17.4 COUNT 0 PLEN 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"95da2700ca6fd9a52554ee2a8df1386f5b94a1a60ed8a4aef60a8d61ab5f225a":"":"":"06ba7ae6f3248cfdcf267507fa001bc4":"":"":"d1":0
+
+KWP AES-256 wrap CAVS 17.4 COUNT 0 PLEN 8
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"3517f0efa7f0c4d74f91af83ece5e7503bcc5ab82907a6e4b7ed34d87b69ab1d":"":"":"0b06a9b635d50cda9d4210cb3a71f990":"":"":"897e0456b289ad31":0
+
+KWP AES-256 wrap CAVS 17.4 COUNT 0 PLEN 9
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"70da43aac823c6dd37d1109f5b18feb4503c973288989745e2cc1cc21d9570c6":"":"":"d67b5b2ad15c645450e23b5e7b6d682f8ae20e716d470db7":"":"":"edf17d966ed896aee3":0
+
+KWP AES-256 wrap CAVS 17.4 COUNT 0 PLEN 31
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"e9bb7f44c7baafbf392ab912589a2f8db53268106eafb74689bb1833136e6113":"":"":"15b9f06fbc765e5e3d55d6b824616f21921d2a6918ee7bf1406b524274e170b4a78333ca5ee92af5":"":"":"ffe952604834bff899e63658f34246815c91597eb40a21729e0a8a959b61f2":0
+KW AES-128 wrap CAVS 17.4 FAIL COUNT 1 CLEN 48
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"5d4899ee66beff1bda1fc717a1ad4c50":"":"":"bb7fd0bce778bd775e4e88d904d26a7134364c53a6c493a0":"":"FAIL":"":0
+
+KW AES-128 wrap CAVS 17.4 FAIL COUNT 1 CLEN 80
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"84bc6ce7ee4fd9db512536669d0686da":"":"":"c383db930ffd02c0073ac2cc79ec289e6866bdcc6a135a3b776aa42f14ee04f9cca06ed6c0b22901":"":"FAIL":"":0
+
+KW AES-128 wrap CAVS 17.4 FAIL COUNT 3 CLEN 64
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"266b009e911bb55f9aa0661539a6fdd5":"":"":"db9c94e7236ec56982d7ddeb9427c24580bc1fb96db98ab19340e03670045b7a":"":"FAIL":"":0
+
+KW AES-192 wrap CAVS 17.4 FAIL COUNT 3 CLEN 48
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"9200a0f688d86c0b6bfd9abeff66341684a373fe3f9a3057":"":"":"5c685c8596e374710fe327bafc45cd09190215fdcc03d010":"":"FAIL":"":0
+
+KW AES-192 wrap CAVS 17.4 FAIL COUNT 1 CLEN 80
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"95c9e644559919cace6f93f545dbfe48b130808ed66d0964":"":"":"7b8d1307e992221f6ffdcc7909d972d5f02e92187139cfd77f79345cb998bbdbabedb3ac00a6cdc4":"":"FAIL":"":0
+
+KW AES-192 wrap CAVS 17.4 FAIL COUNT 2 CLEN 64
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"e218e9643d5db01b412fcaefafe5eb237d03acfad0a3abaa":"":"":"5eee8fbf6a8ab6ba371f4581982ec61839bf28c0eb913d1f417a284dccd72580":"":"FAIL":"":0
+
+KW AES-256 wrap CAVS 17.4 FAIL COUNT 4 CLEN 48
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"08c936b25b567a0aa679c29f201bf8b190327df0c2563e39cee061f149f4d91b":"":"":"e227eb8ae9d239ccd8928adec39c28810ca9b3dc1f366444":"":"FAIL":"":0
+
+KW AES-256 wrap CAVS 17.4 FAIL COUNT 3 CLEN 80
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"605b22935f1eee56ba884bc7a869febc159ac306b66fb9767a7cc6ab7068dffa":"":"":"6607f5a64c8f9fd96dc6f9f735b06a193762cdbacfc367e410926c1bfe6dd715490adbad5b9697a6":"":"FAIL":"":0
+
+KW AES-256 wrap CAVS 17.4 FAIL COUNT 3 CLEN 64
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"81c93da5baa5157bf700fd38d7d67662670778b690cfbca9fe11e06268b35605":"":"":"875e1ca385586f83d1e23e44ca201006df04e1854e41b933fd607a7383ae1a39":"":"FAIL":"":0
+
+KWP AES-128 wrap CAVS 17.4 FAIL COUNT 1 CLEN 32
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"30be7ff51227f0eef786cb7be2482510":"":"":"7f61a0a8b2fe7803f2947d233ec3a255":"":"FAIL":"":0
+
+KWP AES-192 wrap CAVS 17.4 FAIL COUNT 3 CLEN 32
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"21fb6600c1d34a74adee67612672593a86cf235421735350":"":"":"56b45c49c3e379b18d9c38b6423db133":"":"FAIL":"":0
+
+KWP AES-256 wrap CAVS 17.4 FAIL COUNT 4 CLEN 32
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"c32cb3e1e41a4b9f4de79989957866f5dd48dba38c22a6ebb80e14c84bdd9534":"":"":"c29b05c2619a58ecc1d239e7a34273cd":"":"FAIL":"":0
+
diff --git a/tests/suites/test_suite_cipher.padding.data b/tests/suites/test_suite_cipher.padding.data
index 1c0ba09..dc4c9d7 100644
--- a/tests/suites/test_suite_cipher.padding.data
+++ b/tests/suites/test_suite_cipher.padding.data
@@ -1,9 +1,6 @@
Cipher list
mbedtls_cipher_list:
-Cipher null/uninitialised arguments
-cipher_null_args:
-
Set padding with AES-CBC
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
set_padding:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_PKCS7:0
diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function
index 4b31ab2..cabf107 100644
--- a/tests/suites/test_suite_cmac.function
+++ b/tests/suites/test_suite_cmac.function
@@ -9,14 +9,14 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void mbedtls_cmac_self_test( )
+void mbedtls_cmac_self_test( )
{
TEST_ASSERT( mbedtls_cmac_self_test( 1 ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_cmac_null_args( )
+void mbedtls_cmac_null_args( )
{
mbedtls_cipher_context_t ctx;
const mbedtls_cipher_info_t *cipher_info;
@@ -99,8 +99,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_cmac_setkey( int cipher_type, int key_size,
- int result )
+void mbedtls_cmac_setkey( int cipher_type, int key_size, int result )
{
const mbedtls_cipher_info_t *cipher_info;
unsigned char key[32];
@@ -120,32 +119,19 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_cmac_multiple_blocks( int cipher_type,
- char *key_string, int keybits,
- int block_size,
- char *block1_string, int block1_len,
- char *block2_string, int block2_len,
- char *block3_string, int block3_len,
- char *block4_string, int block4_len,
- char *expected_result_string )
+void mbedtls_cmac_multiple_blocks( int cipher_type, data_t * key,
+ int keybits, int block_size,
+ data_t * block1, int block1_len,
+ data_t * block2, int block2_len,
+ data_t * block3, int block3_len,
+ data_t * block4, int block4_len,
+ data_t * expected_result )
{
- unsigned char key[100];
- unsigned char block1[100];
- unsigned char block2[100];
- unsigned char block3[100];
- unsigned char block4[100];
- unsigned char expected_result[100];
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t ctx;
unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
/* Convert the test parameters to binary data */
- unhexify( key, key_string );
- unhexify( block1, block1_string );
- unhexify( block2, block2_string );
- unhexify( block3, block3_string );
- unhexify( block4, block4_string );
- unhexify( expected_result, expected_result_string );
mbedtls_cipher_init( &ctx );
@@ -162,34 +148,34 @@
TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 );
TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx,
- (const unsigned char*)key,
+ (const unsigned char*)key->x,
keybits ) == 0 );
/* Multiple partial and complete blocks. A negative length means skip the
* update operation */
if( block1_len >= 0)
TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block1,
+ (unsigned char*)block1->x,
block1_len ) == 0);
if( block2_len >= 0 )
TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block2,
+ (unsigned char*)block2->x,
block2_len ) == 0);
if( block3_len >= 0 )
TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block3,
+ (unsigned char*)block3->x,
block3_len ) == 0);
if( block4_len >= 0 )
TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block4,
+ (unsigned char*)block4->x,
block4_len ) == 0);
TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, output ) == 0 );
- TEST_ASSERT( memcmp( output, expected_result, block_size ) == 0 );
+ TEST_ASSERT( memcmp( output, expected_result->x, block_size ) == 0 );
exit:
mbedtls_cipher_free( &ctx );
@@ -198,41 +184,31 @@
/* BEGIN_CASE */
void mbedtls_cmac_multiple_operations_same_key( int cipher_type,
- char *key_string, int keybits,
- int block_size,
- char *block_a1_string, int block_a1_len,
- char *block_a2_string, int block_a2_len,
- char *block_a3_string, int block_a3_len,
- char *expected_result_a_string,
- char *block_b1_string, int block_b1_len,
- char *block_b2_string, int block_b2_len,
- char *block_b3_string, int block_b3_len,
- char *expected_result_b_string )
+ data_t * key, int keybits,
+ int block_size,
+ data_t * block_a1,
+ int block_a1_len,
+ data_t * block_a2,
+ int block_a2_len,
+ data_t * block_a3,
+ int block_a3_len,
+ data_t * expected_result_a,
+ data_t * block_b1,
+ int block_b1_len,
+ data_t * block_b2,
+ int block_b2_len,
+ data_t * block_b3,
+ int block_b3_len,
+ data_t * expected_result_b
+ )
{
- unsigned char key[100];
- unsigned char block_a1[100];
- unsigned char block_a2[100];
- unsigned char block_a3[100];
- unsigned char block_b1[100];
- unsigned char block_b2[100];
- unsigned char block_b3[100];
- unsigned char expected_result_a[100], expected_result_b[100];
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t ctx;
unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
/* Convert the test parameters to binary data */
- unhexify( key, key_string );
- unhexify( block_a1, block_a1_string );
- unhexify( block_a2, block_a2_string );
- unhexify( block_a3, block_a3_string );
- unhexify( block_b1, block_b1_string );
- unhexify( block_b2, block_b2_string );
- unhexify( block_b3, block_b3_string );
- unhexify( expected_result_a, expected_result_a_string );
- unhexify( expected_result_b, expected_result_b_string );
mbedtls_cipher_init( &ctx );
@@ -252,7 +228,7 @@
TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 );
TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx,
- (const unsigned char*)key,
+ (const unsigned char*)key->x,
keybits ) == 0 );
/* Sequence A */
@@ -261,22 +237,22 @@
* update operation */
if( block_a1_len >= 0 )
TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block_a1,
+ (unsigned char*)block_a1->x,
block_a1_len ) == 0);
if( block_a2_len >= 0 )
TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block_a2,
+ (unsigned char*)block_a2->x,
block_a2_len ) == 0);
if( block_a3_len >= 0 )
TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block_a3,
+ (unsigned char*)block_a3->x,
block_a3_len ) == 0);
TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, output ) == 0 );
- TEST_ASSERT( memcmp( output, expected_result_a, block_size ) == 0 );
+ TEST_ASSERT( memcmp( output, expected_result_a->x, block_size ) == 0 );
TEST_ASSERT( mbedtls_cipher_cmac_reset( &ctx ) == 0 );
@@ -286,22 +262,22 @@
* update operation */
if( block_b1_len >= 0)
TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block_b1,
+ (unsigned char*)block_b1->x,
block_b1_len ) == 0);
if( block_b2_len >= 0 )
TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block_b2,
+ (unsigned char*)block_b2->x,
block_b2_len ) == 0);
if( block_b3_len >= 0 )
TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
- (unsigned char*)block_b3,
+ (unsigned char*)block_b3->x,
block_b3_len ) == 0);
TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, output ) == 0 );
- TEST_ASSERT( memcmp( output, expected_result_b, block_size ) == 0 );
+ TEST_ASSERT( memcmp( output, expected_result_b->x, block_size ) == 0 );
exit:
mbedtls_cipher_free( &ctx );
diff --git a/tests/suites/test_suite_ctr_drbg.data b/tests/suites/test_suite_ctr_drbg.data
index 6661658..d2307bf 100644
--- a/tests/suites/test_suite_ctr_drbg.data
+++ b/tests/suites/test_suite_ctr_drbg.data
@@ -1,722 +1,1074 @@
+CTR_DRBG_withDF.pdf: AES-256, PR=no, perso=no, add=no
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"202122232425262728292a2b2c2d2e2f":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"":"":"8da6cc59e703ced07d58d96e5b6d7836c32599735b734f88c1a73b53c7a6d82e"
+
+CTR_DRBG_withDF.pdf: AES-256, PR=no, perso=no, add=yes
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"202122232425262728292a2b2c2d2e2f":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"81daaf9800c34ff0a104e51d87e36f5b17eb14b9abc5064cadda976ec4f77d34"
+
+CTR_DRBG_withDF.pdf: AES-256, PR=no, perso=yes, add=no
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"":"":"bb2a0f5f0ca6d30634ba6068eb94aae8701437db7223a1b5afe8771547da3cee"
+
+CTR_DRBG_withDF.pdf: AES-256, PR=no, perso=yes, add=yes
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"98a28e3b1ba363c9daf0f6887a1cf52b833d3354d77a7c10837dd63dd2e645f8"
+
+CTR_DRBG_withDF.pdf: AES-256, PR=yes, perso=no, add=no
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_pr:"202122232425262728292a2b2c2d2e2f":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"":"":"259dc78ccfaec4210c30af815e4f75a5662b7da4b41013bdc00302dfb6076492"
+
+CTR_DRBG_withDF.pdf: AES-256, PR=yes, perso=no, add=yes
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_pr:"202122232425262728292a2b2c2d2e2f":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"386debbbf091bbf0502957b0329938fb836b82e594a2f5fdd5eb28d4e35528f4"
+
+CTR_DRBG_withDF.pdf: AES-256, PR=yes, perso=yes, add=no
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_pr:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"":"":"601f95384f0d85946301d1eace8f645a825ce38f1e2565b0c0c439448e9ca8ac"
+
+CTR_DRBG_withDF.pdf: AES-256, PR=yes, perso=yes, add=yes
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_pr:"202122232425262728292a2b2c2d2e2f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf":"738e99c95af59519aad37ff3d5180986adebab6e95836725097e50a8d1d0bd28"
+
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #0
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"d254fcff021e69d229c9cfad85fa486c":"c18081a65d44021619b3f180b1c920026a546f0c7081498b6ea662526d51b1cb583bfad5375ffbc9ff46d219c7223e95459d82e1e7229f633169d26b57474fa337c9981c0bfb91314d55b9e91c5a5ee49392cfc52312d5562c4a6effdc10d068":"":"":"34011656b429008f3563ecb5f2590723"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #1
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"7be87545266dadd1d73546c0927afc8d":"a7f38c750bd6ff41c4e79f5b7dd3024d58ca3f1f4c096486c4a73c4f74a2410c4c9c5143eb8c09df842ba4427f385bbf65c350b0bf2c87242c7a23c8c2e0e419e44e500c250f6bc0dc25ec0ce929c4ad5ffb7a87950c618f8cee1af4831b4b8e":"":"":"d5b1da77f36ce58510b75dfde71dbd5d"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #2
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"3771416b162f4d9c5f48a05b7aa73938":"d20a0e5cdb714f01b48e00bae51909f345af05de13217e5d55fc6c2d705aea550420d9a458594d825b71e16b36130020cf5948fe813462061c1a222d1ff0e1e4b3d21ae8eee31d3260330d668d24ef3c8941b8720e8591b7deec4bd35a3a1f1a":"":"":"3cbd7d53ac1772c959311419adad836e"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #3
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"f2bad8f7dab3f5886faa1cf6e1f52c87":"4df54a483b4510ed76049faae14b962fbb16459d1f6b4f4dbeca85deded6018361223c893f9442719c51eb5695e1304a1c2be8c05d0846b6510a9525a28831a8efcbd82aa50540d7e7864e2b8a42d44380cdc6e02eebb48d0b5a840b7cdd6e04":"":"":"0062d822bc549bea292c37846340789b"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #4
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"1c5760aa0fd4ce308735b28682b67246":"89defd4445061c080e4762afac194b9f79c4bb1ed88c961af41d9d37bd388a1d45c82ca46f404348a2ae5e22ce00aa35ebc7c5051d8800890d44d25284489efcbd1f5e2b16e403f6921f71bbdfcf7b9aeddef65bc92fbd1cb9e4ea389aee5179":"":"":"3baf81155548afca67d57c503d00a5b4"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #5
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"b72b9451a5e866e226978623d36b3491":"2713d74affed98e3433559e17d240288bb1a1790904cd7754cad97007e205a157b8ddca704a3624413f2ec8361ccd85442fb0b7cc60a247f0fd102cef44677321514ea4186d0203ab7387925d0222800ce2078c4588bc50cdfccbc04fbecd593":"":"":"047a50890c282e26bfede4c0904f5369"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #6
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"91b955a3e7eccd7f07290cba4464baff":"b160465448894c7d5ee1963bb3e1a2f3f75fcd167ffa332c41c4c91c1830b7c07413bd580302958aa6fa81588ad2b3173698a4afafda468acb368dbbd524207196b9a3be37ac21ba7a072b4c8223492ee18b48551524d5c3449c5c8d3517212e":"":"":"af2c062fedb98ee599ae1f47fc202071"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #7
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"d08114670c4f6016a4cf9d2da3e3a674":"38dfbfb52c185acf74de00b5a50f0cd9688286747ab340cfe9ad30d38b390fd2443bfd7ea93941d8262ae0f66b0eab4ff64ba59a2ff940c3c26fda103e0d798dbcaa1318e842143975673af8408b5af48dfbaa56ca4f9ddc87100028b4a95549":"":"":"55030fef65c679ecaffb0dc070bfd4d2"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #8
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"e2af9abe8770e33798a5f05b22057d24":"88fb2a8020e604ea64a620f4704078857062cc97e24604c30de4c70cbf5e5bea0f0db79d16f4db636a2d6cd992c5890389a40cfe93967eac609e5b9f66788944285758547c7136ef2ee3b38724ed340d61763d0d5991ece4924bb72483b96945":"":"":"a44f0cfa383916811fffb2e0cfc9bfc3"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #9
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"ae30f1642753c5cb6e118d7ff5d59f1d":"340def3420b608420d81b4ea8252a3d86d3e1dd7597e6063ed923a73a7b8e981e6079f7f0c42deb9f4ef11d2f3581abadf44b06d882afdc47896777ce8dafd85ec040f7873d0e25c4be709c614a28b708e547266ac8f07f5fdb450d63bc0c999":"":"":"c7e7670145573581842bd1f3e0c6e90b"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #10
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"711ecfe467d6f83bcc82e566729669af":"21d6c822706d1af09e4d233c0ebac7f4ec60c7be2500dd41a85a19b2dc5c7da27f8a82164bd2a644218cb5ac283c547da1064784413eed5ecf32fadd00357abaae81225ac8d0391ead533362cff56798825445d639b0b45e0312aa7047c00b4d":"":"":"d3a0d2c457f5e9d1328a9e1d22b6eaf6"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #11
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"f9b22152bc0eff1ebf0bfafeea40aecf":"4ee32f0aeadb3936e17f1aa3b18c10f773def5f83500c2ba96f84408a2521c1258f6be9aa5cee528746629aa2b8118ac41dd98ef1b3de31d26b8c2ad3442081203f5ef21df409df3381fbf2e064fbaec64d731dc93b3218e34bb3b03bfd88373":"":"":"86009b14c4906a409abe6ca9b0718cbe"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #12
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"5174e76e904ff1471367ccace9c66ed9":"fa81535670275e8ab74121377cf88a4742dd0d7a99cf06eb9c2b4fe2b03423dbe441201144c22a9fc0ca49f5ef614987a2271cc1089d10ee01b25163c090a1f263797e4f130920cdc3b890a078e8abbb070ded2e8fd717f4389f06ff2c10d180":"":"":"18d6fcd35457d2678175df36df5e215d"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #13
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"73c372f60519e8eca371eaa13fb54f88":"930c290a797b85d58b52d0d92356436977b2f636f07d5a80c987fb7eea6b750cceb9eb87860547ab4029865a6810fc5c3663c4e369f290994461d2e9c7160a8b5985853bd9088b3e969f988fe6923b3994040eeee09ad353b969d58938237cfe":"":"":"f62c7cfbe74555744790bcc7930e03c3"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,0) #14
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"75ba8ddeef24f9f5b00b426a362c4f02":"7065d128ddb2fc6ea31f4110b6c0934ed112c51d74a4a0741a0843d8befac22902a01353322674c3d58935144a0f8f171a99dbeab71272ff7518c46cc7ebb573adbf95bff8ec68eeba5e8ec1221655aed8420086bda89c7de34f217dce73ccab":"":"":"700761857ea2763e8739b8f6f6481d1c"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #0
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"14051b57277bc3d3bbae51bdecfb9f5d":"82c80d922c47bbec0f664dd623e22a11a3b84d308351e45e30ee286e89547d22c43e17b3ca0fa08f77eef1001ba696932e9ee890e7aac4661c138e5b5ce36773d3120c35f8c94e0a78ffbf407a63ca435392e17c07461522fdc1f63f037aacff":"b70e7c1c4b8e0f1770e05b29a93f9d7a6540f23ab84136b05b161d85e5f19251":"5a737c128bd69f927f8f3ad68f93f6356d5f4ec0e36b6b50ced43dcd5c44dbc2":"a4e6c754194a09614994b36ecce33b55"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #1
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"4526b268128ea35f8558b4e1d08388f2":"952f3f179cbbda27ebd30f4fc31bf96baccb2adbaa9c090bc0f37044a44e85b3bc668cd3533faaf56b5da9242844d65733f7ac1f55c38b175749b88e18d19672b7bdab54e0ababdd4519fb07e0c25578f64ad40d0beb0a26275d5e2f4906aa70":"6b167c7cebea2e585ab974b60c4d305a113102ca8c3dc87651665728c4c675ad":"a038f1ca1f420eae449791f13be4901bfb91e41e052e02635b1f1817bd8969b1":"745ec376282e20fd1f9151f7040ed94a"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #2
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"c1aafa90f394e0ba9a528032dc6780d3":"75fd042bfd994de2c92e5aa505945ec93bd7cf366d86a356723fca3c9479ee17fb59c6ca8ba89784d43f06cdad113e5081e02427ee0714439d88dc1a6257fc91d99c1a15e92527847ab10883cc8f471cad8cf0882f5b6d33a846a00dee154012":"c704164ce80a400cb2f54d1b2d7efa20f32b699fa881bfc7b56cfd7c4bee1ea6":"f3baff4b6f42c8e75b70c2a72a027b14a99ae49a5a47c7af0f538843c94e1a69":"7af9113cd607cdb4c6534f401fe4e96c"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #3
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"e6e726b72e7b264a36ec0cd60d4578b5":"0c3c6dd706076d6484478347559b495d7ee898c39cde06027bc99f7bf69ce1140ca04602265e1308af6dd6446a1cf151749b22a99e8a05d30cc3ccd00e663bc1bc37e08ee62834fcc52a4bc8c1d6442544187484f81dc729417d5bedfcab5a54":"d84b978483c0bd8f8c231d92ea88ac21e6e667215804b15725a7ed32f7fc5dd7":"9a8971f6c559f7f197c73a94a92f957d1919ad305f4167c56fe729d50e5754a5":"e16ee5bceca30f1fbcadb5de2d7cfc42"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #4
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"0272d86db283244eb7ee0ed8c8054b89":"a08ce39f2f671e1f934821a8db9070f39a734a7a20e70307fccca17db15bb4e8a421600df11d1a6e7806a14826739322c8043649ea707180f1d00dea752c2c36398030519465864c4d38163f5b0dd5be07dbc0ae29693ad4a67ca69f28414634":"aa97055cf46ba26465dfb3ef1cf93191625c352768b2d8e34459499a27502e50":"dddd0007eb29fdf942220e920ca0637db4b91cbf898efd2696576ff6bfacb9d1":"9db0057e39ca6e0f16e79b4f8a0ed5c7"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #5
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"4ad8f72a0d0e28a758722b20e3017d7e":"89af36a1c53f730c1b818b26aa510627b17e6f9da51c8e53930de883b7cc7a3e8c3c463c910646ac3ff08f05bca8e340daf9a322d133ae453fdf7e6860a27ff4495c89875431ba9de3e4f3247cda8c62acc86f7066448f639d8ba8b5249337f8":"9d060b7ed63bdb59263c75ebe6a54bf3a4ac9c9926ca8fb49caa905a2651eead":"016099232dc44bb7cdb492f4955ab1aabc5dc0b5731447cea2eb1d92e41482d1":"4b658e95adae4bf0c418fded4431c27f"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #6
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"aa19b944c2e1b9d27933bc87322bdf14":"dc8c60dd42c85fed86cb32af035bbde5737526eb07991397c853256f2f0cb311bce70e1c5e32fc3510402d7d7e3de36fa5e584234daf391bc53cc651e001ab7fcf760679b3c82057f9d09bfdcab8e158d4daa63b20c0e1102f7a06bf5a2788dd":"6b98fec5f7de8098ff9df80f62473c73831edace832a767abf5965ea8bf789ba":"cc998bd5752f9c96ec35d9658cc8b3833dd6ab80c7accd6777c06c2cf7c01e59":"fc58833e0e27f7705e4937dd2aadb238"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #7
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"10c8c17a25041e2ef0d3cc80671e4cfe":"513fb96b6164ece801e52855aad28cb80131e7872d8432d27a974fb62d8d0100bb7ebcb8f5c066e230377a8847d6798c3d8090469b9719a80ac956ac33186b00eb8ca64c5530421f93932bc7c98ee92651e85dab562483bdb189676802726647":"240f36a0a598fe2116ffa682824f25acc35132f137f5221bc0ff05b501f5fd97":"22a5eb5aa00309a762ab60a8c2647eebe1083f8905104b5d375ed1661b4c8478":"145a16109ec39b0615a9916d07f0854e"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #8
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"cea0c3c12be683c0f27693650a6a3d7d":"df8bc70e45fe14abb02c1b9a9754c37497fc2f67709edd854196fc4d074b12797ce7cb292f14cb1d6904abf32bf229299db5ccf5a791a3b8cd3e40a64f38f6b57df759a863e09d7676d2f3ff2762cdab221151000dba32a67f38cab93d5b7a55":"bf2ac545d94e318066ff88f39791a8385e1a8539e99ac4fa5a6b97a4caead9d4":"846efef8672d256c63aa05a61de86a1bbc6950de8bfb9808d1c1066aef7f7d70":"8d8f0389d41adcac8ca7b61fc02409c3"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #9
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"1b782af2545352631983dc89945ffc37":"51930fb7095edef3fc20aca2a24127f03d3c4b983329e013ad8a35016f581dd7b2d11bafbf971c1fdefd95a0024195e6e90a60ec39b1a8dbe0cb0c3aabf9cf56b662efc722b2dffa6c3be651f199cbc3da2315b4d55aeafd1492283889e1c34f":"1b6295986f6fb55dc4c4c19a3dba41066fdc0297d50fb14e9501ba4378d662ed":"6e66ff63fc457014550b85210a18f00beab765f9e12aa16818f29d1449620d28":"78dfcb662736a831efaa592153a9aff9"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #10
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"6580f6df5c8de7c4a105c11ed44435c2":"d37403db6f84a7ba162e1cc351fe2e44d674ae8606280c9dac3e3975f30cbe1c9925e502a9804b91aada5cc97b259b90ccb5b8103394d9a28f0709fc9b5ffe9d73ad3672e02064ea68cebe3face5d823ee605c46c173db591135f564558dab4c":"97486a5e6ce6c6cf9d3f9a313d346cbc34b2bd54db80c5f8d74d6f6939f89519":"8377fcb52556f9974f1aa325d6e141d7b81355bd160abbc86e0007571b3c1904":"77031d3474303470dca9336b1692c504"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #11
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"f5303f148d6d6faca90aa88b07ab2ba9":"a0de51b8efa44b8245dba31d78f7840b2b7abced4e265b4cd9628eabc6ebbccb0f118dd8cc958b36dc959e22c4a03dafa212eeedec7d25ee6c5961187bee83b1ed3a75c7bdd9d0713b16cc67e68231f4cb274c8f3dfcc7e5d288c426a0d43b8f":"8d1fddc11dbad007e9b14679a5599e5e8a836197f14d010f3329d164c02d46d6":"9ceb6570568455d42a7397f8ca8b8af7a961a33a73770544cca563c04bc919ca":"9882f0bd1f6129a78b51d108e752b2d9"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #12
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"5a799c58985aa2898cc8fe8e5bc4a9f8":"dbdbef9d217e9051025c321b628c1cc823d508ffdd13fc4edbe8677658a57ef5b64395a6b7d62c0e93dc0956ee0217ec48ae054f1d4680023cc1b2af666efa9e1458cf6b0dae72eef2392e93687bd1fb5f366bb2cdd12937ad09724e39db4189":"8c179b35739e75719e74f7c3e038bc06eb3e212d6ade85275cfebf12b2dce2a2":"af617f2e228adde3edaf52a7e5979476dbb9cd2956a1737d93a16563bbbb4888":"49a04f3b4ef052747c7f4e77c91603e8"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #13
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"8f5b51983a8156a529f559ac3afebbf0":"bf22b182d39622e941017285adbdfe446c3d1a72601d0e5a15674f3b1b260170b1b2ab6b588a0267d86776a5d4ce80e132d7135a581af75ea6de65153680e28ce35ce78d0917b4932000d62260149e5a3ae72bc250548390b664f53c697dac45":"4cbb5b2d6e666d5dd3dd99b951ea435cae5a75d2e1eb41a48c775829b860e98b":"a4b4171c2592516404434932ad0a8ee67bd776a03479b507c406405b3d8962bc":"cab49631733f06e3fb3e0898e5ad22e7"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,0,256) #14
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"9f305a77cbaec1ab408cfc0eb89c6cbb":"1e50fada1e76a0d243e6f64c36a173ddc1f47a1dab834f5cd492568792958d5be22cce3110c8e8958b47f07b5c63f86b254942361d4d553e47d36103f47cd7f0bbee27d2e238b1d85671afe8284ee1fd2a431a5f69b2df73e95341c3a2e4fe4b":"c254f3b40e773eb09053b226820f68cafa3458ad403ad36f715245a854752a93":"699e177b7be3353c45ce7b7a0d573b00087d700a9f2c1cd2e370e05d4ddadc86":"bb6b02b25a496f29245315f58a16febc"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #0
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"e09f65dcffc0d3a4d84bacc41617a4e46ce5184eca011049ab657566f728e4aa28315ffac166ebe50e1269b01c95b3a2":"545a783ae97d827ed0b81d9752ad0f7e965f511b1f5dae0f872e9ec37cfe63af86c1d15e153887989b605773b16ad5505e65f617cfa8ef46547c4c3f9d0c4fd0b6e1cff5ca0f1929266fe43ba8f45ad664cfe5e90903a9cb722b42ae8989c148":"":"":"1e77d7cc18775fef9a3d3e00903da01b"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #1
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"056cd44c8847d89da05fbef95e9660d589046b0c02f9b42c17fd8b069f831c73cd896005ec080113589b6f07be6e42ea":"dde6c0850fe642602eb222ca7371213c598cef8c3e71e0593ea8edb54e1bed130b9b0aebe0893093b950c52f56eb9b338aa4bd01dae030515726ece1bf751660b4a3602da6400e4b94edebba646b5c3d4e64ceea1c4f14b7a19f0142783247df":"":"":"a790ab939e63555d02ea1e9696051725"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #2
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"73c72c7dfe138ef4b9817d41b9722b3940762b59bda26b3f6bb8b30583e01d088a29726b71d36ffeebdb387010cb1bb6":"6fe09520e26f5abece0fceadc54913c650a9f55725af45a9a5f373d09b9970b8706b9041d0189a204f6a4eb527dfa86584a3bee3265b809c3932ae5e7228194a3cf7592fc9301c833b45a53be32b9caec9f0f91ba86519f12b0b235f68419c1e":"":"":"798d997f46ff7cc4206994085340325e"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #3
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"cdba7c7033c34852b7bc1a6b33edab36f41d563bd0395d1001c02ffc0c42ec8595ed2b5ddabc923372e3b6bb457833fa":"532960c23c8c8b2146576dde52fadc985134914abf42ca1c5f47206937fda41289ae5d9f935dc4ce45f77cad230a4f345599e3bae4071188324483a0b93593c96d8b6ac6c0d8b52f8795c44171f0d8cd0b1e85dc75ce8abe65d5f25460166ba0":"":"":"9d48160aca60f1a82baaa8a7d804a3d8"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #4
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"02cef01aca992f60aa12db4b2c441689e4972a6f9deaf3663082afed642c1502b67b42d490af1c52c7e6eaf459882eca":"9216c9a833f81953792260a688eb7c3dfc85565ae6a6033203741a763db056247808e0ecd5ba1fc4549c3a757eba535adc786e810ddaae9a2714d31f5154f2c3ee81108669f1239f4f4efd6e18aabfa2d88f0ac25f4740108f6cfebffeb2d857":"":"":"d6378bcf43be1ad42da83780c1dab314"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #5
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"d7d80084e9d1fbb9315c3bce1510dbf22cf11fa54177d913a3b04b64cb30957395bd6f3d7e3d866d1be41b29db9ed81d":"80d4741e4e646748bb65e1289f1f9b3c21bffec4d0a666b301f199d76b4a83464583057079b069946b03d6ac81ebf9e6fa8d4081120f18bf58286a0c4de7576f36f3c7c353126f481a065ac28bdf28e13cd0c1e7911db6343c47d613f1750dc6":"":"":"9165a92ed92248b2d237d9f46d39bde8"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #6
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"df5a68d3bede467fd69716f5f8fbac297594b8573921afb864ba76aaa6dd89e83b89e359a5a0dd1aac9b4acb9573d218":"52df6336f93781115c2a77bd8f99cb717871fe14707947a21f6093dd9205bc378acf61329f8831369b4b1af0a9edfb25d74f5863f26859ad9c920767b113c47ed2690053bf9a2f7c7a67a8d680e08865720b9e9f7b6ae697e3c93e66f24b6ddc":"":"":"c542cf248a163bbceee7b9f1453bd90b"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #7
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"2945527372ff71edfa5776f55f7e4a247544aa6de974e81b2eba5552843ab6dfa248695f4f3225a43d4bf3672c3a6b2e":"aa560af2132cbd0624a69c7a7e733cd59a4f2d4e61d2b830087bd88f30fa792c7e4d3168fa86a10f7619d5b9dcf4f7bb08b350ba6a6bfc0fdfb7ee7aca07260c9a11abe49963c36efaefa94d2978ed09472bf93cc873d0f24c000762bb1402cd":"":"":"33af0134eeca279dce5e69c2cda3f3f4"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #8
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"b30cb767125674f6099a5cf7cb2e4f5b6c1cd1e32ffc1e393b1c5698b52b37f971f12521a7c1ffaaf3233d5391bc4c86":"2d42b00248d95d9378a2aece40d636bc1ab22edaaa64daa34335195a9efa4c1b58f13ac184ca2be52e15c3a977abde2aa505243fc106c4ea6f0671fe0f209b106ea8965645af73d8ebb8a80251db2967149c701cfe1d157cc189b03bf1bff1ac":"":"":"1e10eff9ceebc7e5f66e5213cb07fca4"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #9
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"c962a2da4524f08adcdd5ceddc04e669ad6154aee06164645e80c832506b98f9919451c7ec1d3a6a9704f83def8f6e2d":"a1ff68a85e437475b1b518821dbaac1730071a4ddd3255361778194fb0cfe3293e38df81527d8b8da15d03acb26467b6b53d7952441b79f95b633f4a979d998fd0417b9193023288b657d30c0cb2dada264addf9d13f1f8ed10b74e2dd2b56b3":"":"":"58990069b72b7557c234d5caf4334853"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #10
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"a3cc1fe561d03a055e8eedaa0e713be490c4bd4c6839a5b98c2ac0139bf215bdc46783d2a3e6b9d15d9b7a8bfe15104b":"207267911c12125cb3012230e4fafd257777ccbfb91653f77e4c1287574f9b79d81af7fb304790349dd457983cc99b48d5f4677ccd979fcc6e545cbf5b5c8b98102c9a89ae354349dbdee31a362d47c7cdae128034c0f4c3e71e298fe1af33c6":"":"":"ffd1d259acd79111a6fb508181272831"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #11
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"ecf186071b81e0ed384d4ebfb5bf261b4054e2e6072b51d21dfb6817adc51ff1c8956ff3612767538cdc8d73fade78b3":"3b9aec9f8bf8495004c5e4e731e5c347988e787caf003f001e68584e3510a6abdedffa15895702c2d57c304300f4f0af80a89bcc36b3cea2f08a0740236b80cfd2ea6e5cfe4144bc4ae09270fb6bc58c313dbaaedc16d643fc0565171f963222":"":"":"a2d917f5ec39a090b55d51713006e49d"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #12
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"3fcedba86089709aa638d00713150df781d4a93e85f155338e90ff537bcbf017f37a2d62259f5d8cc40ddfb041592539":"6b1e9d45c2ec598de7527b6414a339f26192fc4e3f5eff4b3a3e2a80ee0f2e9743031804d1be12b3c7ff6fbc222db1d97226890addeef0e1579a860e2279292c2f769416b7068f582f6ffc192ae4c4f1eeb41d5f77f0a612b059c47aef8e3d8e":"":"":"aa414799c51957de97c0070fb00eb919"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #13
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"f4c45fb8f58b7ebf73a0cd81c6a26686977558d4b8bf1cedfc6bd3754de6aaed5008fd72208437c54d8feb9a16ce3224":"6d170cf472ea07da6146a7087ed15d3f5b6ad72b8c99e46bae3b89e49a6e63467199ee16096516c2362dbd181bf5343a29fd0932d72eeb019fc3bfea3a3b01ffc2b985e341cfb6479d9dc71e2197b5cffc402587182e5fe93b5a8cf75eac2e42":"":"":"f557f627688fe63c119cf0f25274aa74"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,0) #14
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"7120742a7807b66c5a9b50995d5494a5b9451bb795393c0d8a30ae665879269408f8297d49ab87410a7f16a65a54b1cb":"c08a6f9797ea668cd14ba6338cb5d23c0921e637e66a96259f78e33e45aafd035edb44394cb459453b9b48beac1e32d3b6f281473cda42fb6fd6c6b9858e7a4143d81bfc2faf4ef4b632c473be50a87b982815be589a91ca750dc875a0808b89":"":"":"521973eac38e81de4e41ccc35db6193d"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #0
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"add2bbbab76589c3216c55332b36ffa46ecae72072d3845a32d34b2472c4632b9d12240c23268e8316370bd1064f686d":"6168fc1af0b5956b85099b743f1378493b85ec93133ba94f96ab2ce4c88fdd6a0b23afdff162d7d34397f87704a84220bdf60fc1172f9f54bb561786680ebaa9bf6c592a0d440fae9a5e0373d8a6e1cf25613824869e53e8a4df56f406079c0f":"7e084abbe3217cc923d2f8b07398ba847423ab068ae222d37bce9bd24a76b8de":"946bc99fab8dc5ec71881d008c8968e4c8077736176d7978c7064e99042829c3":"224ab4b8b6ee7db19ec9f9a0d9e29700"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #1
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"8964ebde61f0c4e23f8e91244ae9682ed0b17e424edd4c025b461a2d209a538583f29465df3f89cf04f703b771ff5c90":"4db8e8a27fe7a0378e37d4cc01b6a465d34be91f48c52fdc1023ef2ea1241082f522805bc8777fda6c10e3d441b58f648edcd7d4df3df8c8a398d7b005c4fd6f41c9b033bd38fc5f577069251529b58273f6a9175feb3978798fdeb78a043232":"5eb3fb44784f181852d80fcf7c2e3b8414ae797f7b9b013b59cf86b9d3a19006":"3eec358f7f9e789e4ad5a78dd73987addbf3ae5b06d826cec2d54425289dc9af":"9a66c015d2550e3f78c44b901075fabb"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #2
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"98784aa794df5400890e6803f06d886aeb0833b1fea28a5f7952397aa21092ceafdb9194079f3609bc68233147c778e7":"7338521e8e127e70da259b37f5f5cdf83079bdb4024234b8ceecfba8d8c3f1c8510ff91f3bd08f2c54f11b534048a320a15ba0fccec8da34d4ef7f49ade4847814c859831907992d0adab27046324d4d9a853eb986b8de25b34ea74eb3d11048":"b14c5314aac11cb43f45730e474b84fbf5d1480d94d0699b80e3570f6636aa72":"d6208912348236feee1d258092283dd9db75899769dd109cc2f0f26d88dcc6bf":"5ec75fdd1ed3a742328e11344784b681"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #3
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"fe9b7df306c4ccd02afd6142c6650418325617945147de436a55e78aa45866116d6678e013a0e2c5a13e0d01fbd84039":"c4da56f4239fde0bc49b1d852cb36c80205f9e99e5995a80be04bbbba15f25b8d054c397a34cff1326a71f0acc4f7942795cabc3fa46339dc54b4bf7f11c095af8503004d97c485acec8815d1404674592c896ecfabefcbf222f4fe5a3ced0af":"086d09a6ee20c69bf5c054ebc6250f06097c8da1a932fb3d4b1fb5f40af6268a":"44e64b14c49ebb75c536329bb41ab198848849ca121c960db99f7b26330b1f6d":"7aa3a7e159d194399fc8ef9eb531a704"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #4
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"c0d47ee2328185df2c299d270e11fee26df753a5b4f899fdc0dff79eb50748232f9f79cf3f5e9bd4a26a48e743843b02":"a6b5dd5f1bad95331caae5852be50a26267af655c98feb8b66c45a8ae2ddfca270ab0d8023e43e6e22a7b5904d63482f045e85556b9c105cde0f3eb7b1fff1026086c80b195196803b5f664362b659578894d6551fb7c4566eec02202fdc298f":"3b575d028046e7f6005dfcdfcdcf03ff77a9cacd2516bcdff7f3601a9a951317":"f13b58daed46f5bf3c62b518ab5c508dd2bc3e33d132939049421ff29c31c4f0":"8469dfa89453d1481abedd6cc62e4e44"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #5
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"a0db812a939fbf3942b00be018cff4578b9fb62629c766a50f3518fe634100b1cbc4244ae843fe32125c53b653705457":"7e3dca20a7a977b6616a684e309015cf6a37edd0d85819fe91d074c915b0c9540a8aa486f58685b064851d6164150b1c1b0e2e545c6358d28b2f5263b2fd12c503d271ab6de76d4fa4c604cae469335840328008d8ce5545586b9ea6b21da4f9":"554b297bc32866a52884fabfc6d837690de30467b8f9158b258869e6f4ed0831":"4f688cba5908e0699b33b508847f7dac32f233e6f02cf093efdacae74259f3b6":"9696dd6ed5875cdef4a918a6686455a8"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #6
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"ff6cd20443a32c9e938f2a617bbb969ba54040b12723b0d452a669b584ba16ffaacbe38af62b5a62e0c67d165d022344":"efcf7536f32932526fe82b3a2333508404727878723fc09cbd902581d82463cf6acf1ddf4217ea6404469193e8db0e7e8c864ae655b49c6a095f80f1ab16985453f0fb729c119d8a3b820034626a93b1f70eb99b6cd8c990dda34a1c6a4b6eea":"8d412208091b987ee0781ff679c50dbab9ef389156f570f27aaf3e699bdade48":"501381ce5e7718c92ee73e9c247965dd5f0bbde013c4b5e625e9af8907e40566":"4f323934adb8a2096f17d5c4d7444078"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #7
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"bd14779153ed9696d3e5143c50b2050b6acd3ea2f8b670ef0e5f4bedf01705727bf9e64ae859214abe6ef497163f0236":"bfb0931b05a3fe232614e1b1c3060b3b07fb75d23ac10190a47a7245a6ecad5f3834e6727b75acc37e9d512d01a4a9cef6cb17eb97e4d1d7c1df572296972f0437a89c19894f721cbe085cf3b89767291a82b999bf3925357d860f181a3681ce":"0b5dc1cdfc40cfdc225798da773411dc9a8779316ceb18d1e8f13809466c6366":"843eb7297570e536b5760c3158adb27c0c426c77d798c08314f53b59aa72d08b":"1e703f3122455a40536c39f9ea3ceaa6"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #8
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"64b155fd4b8634663a7e8a602e2b9fe2477be74692643ccfd0b316a025ea6f1fc0dfd0833248cb011082be36cba3c5d1":"a5b15cb1e039d7bbe2db80a32d4f402c7d3c59a45b05255401d1122770dbdb9894841964d5cadc9ae9af007d63e870d0510078885ca402bd222f16d2d27892e23292b65cf370b15d5e5a739ddd13e3e27f7c2e2b945f8e21897c3bbf05d8b043":"aea2fe995be77dfdca6ebaa1c05ba4c84d0e6b9a87905c398a3dfe08aeb26d38":"f4e9e7eb0eea4e2d419de6ad2909d36ec06c79097884bf98981e86dedae366ba":"4a28955dc97936b1c0aed0751a1afed5"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #9
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"e6c08e8b8d8e418477087911610096f7e0422083a376a77198e9c60fb2dc8c14aff33d7835878b65322f1561738b1ebb":"d4e0347c2158b882eb1e165f7f2aa1324d6606fe259ca730b2a3367435cb93b89108e49bd97355215063f63e78e8926b264c8a97571fd4d55882364915b7bd544254c25c2b67cdd979737c7811bcdeef5b052d8fe05a89b3291ef669d5579a61":"6607541177bc0c5f278c11cb2dcb187fc9f2c9a9e8eefa657ba92dee12d84b07":"7a439c8593b927867cfa853949e592baea0eeb394b0e2fe9ab0876243b7e11e2":"420888122f2e0334757c4af87bbc28a4"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #10
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"4413ff775c9b7d9a3003e0b727e34554e0f615471d52aeb4a059777b372d60332a1a4bcaf906e598581bc5a369b2c933":"a21cf567362fed0edddfd0b1c2d85ff6d2db5484fca8bf90a82da2ab76efcac9286e417628496f37effda150ef4912125aac68aac72e6f900a70192d4ef0b4cc4e9419c93ffb245965ae30c5f8abe20f732d76080bde5a1c6b3f075eb35622d1":"b924d145fc3ecd76f000f12638ef0a49a5d4cf887aa93fc9e5c536febc454f2d":"73dbb40b257e6598744f9107c8e7ff51a080407fc9e80d39d9a4db94f167c116":"84457ea753771ad7c97ce9c03ab08f43"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #11
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"5e409d56afb6940f9ffa45e0f92ef4972acedd3557b8e0f5418e302f2720ae5289294176045ad3096ea68db634cf5597":"c5a63c886af7ed7496473a6ae2f27f056c7e61c9aca8c5d095af11b2efe1a6b43344f92b37c7b6977ddbef1273e9511d9305fcbe7f32bc6a62f28d34841350362d2717dd00467224a35985b9fecc2739acd198743849dbfa97f458e2e7d6b1dc":"7fda133a23e929b17548a05013ff9c7085c5af9c979057b8f961ba7514509ff3":"bd061292b6bc3d3e71ed01af091f0169f70f23862efccd9e76345ff607dff3ec":"75b35dab3ad5e35c10ee39529a7f840f"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #12
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"ed2a52169791d7c7d332cf258ea4847c359335f9a6839ee767a8f76800ba28e94858cc9b7f526e62a93603fa2b1caa6b":"0a6155ff422ff6ae9814f81bf353bd3454d0c9892f9f3d730dcd8c87626f813cbe1dff1922fe73e4a319be53f4ec05e965c27f239b1e51869069a7e7cdd916fc1fd6f640bfe4b761a8040f8db37fb5ee7508e7d226c7695fb2a8bd791fe49ef2":"14073a1b4f07f3b594fa43d0c8781b8089dd2d9b8ad266e0321aaa6b71a0d058":"4247fc6886e8657b84369cf14469b42aa371d57d27093ee724f87bf20fa9e4e6":"f2aea2bc23e7c70f4ee2f7b60c59d24d"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #13
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"f0d3a46501da7ab23d8688725f53f4289ce3bfa627646fe301533ec585f866caafb8131e95460566270f68cd25e1f153":"223d49f99a56cfcf2eb8cca39a8a82ee306c6272d521257f3d7d2a87699111e442fc55a399994d57373141f2207d43a8bbc1e086d67343b7dc2a891853c860fe43fb6be32cf035aca582bf5590cb5001b09b4976ea617fa7bd56da81fdef2df9":"7d12673cad5ad5003400fb94547e2b987e934acf6b930c0e7aec72634bfb8388":"e8583b9983b3ac589a6bb7a8405edfc05d7aa5874a8643f9ac30a3d8945a9f96":"ce72c0ea0e76be6bc82331c9bddd7ffb"
CTR_DRBG NIST Validation (AES-256 use df,True,256,128,256,256) #14
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_validate_pr:"1e4644df1d01f9a0f31d1d0c67bc9fb9a1ee2223fbfb25520d3881cde2b183b73fe1a8cc5f17796cf22aaaed57607420":"cdac62b5e4ccee8609b1f4b7a8733e69068c71219b6292ecb318b9d3479516807af280cfa20e455d5e96eb6794a3b963957f3c099fd1e1199706d36a06011836af890f3b7b15cda6346a06fdd0f194de40bfbec12b021b02eeabaa34d35b30a3":"8169251ea55cce534c6efd0e8a2956d32ed73be71d12477cea8e0f1ab8251b50":"865d14cb37dd160a3f02f56ac32738f9e350da9e789a1f280ee7b7961ec918a7":"ff11ba8349daa9b9c87cf6ab4c2adfd7"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #0
-ctr_drbg_validate_nopr:"1b54b8ff0642bff521f15c1c0b665f3f":"5a194d5e2b31581454def675fb7958fec7db873e5689fc9d03217c68d8033820f9e65e04d856f3a9c44a4cbdc1d00846f5983d771c1b137e4e0f9d8ef409f92e":"":"":"":"a054303d8a7ea9889d903e077c6f218f"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"1b54b8ff0642bff521f15c1c0b665f3f":"5a194d5e2b31581454def675fb7958fec7db873e5689fc9d03217c68d8033820f9e65e04d856f3a9c44a4cbdc1d00846f5983d771c1b137e4e0f9d8ef409f92e":"":"":"":"a054303d8a7ea9889d903e077c6f218f"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #1
-ctr_drbg_validate_nopr:"90bc3b555b9d6b6aeb1774a583f98cad":"93b7055d7888ae234bfb431e379069d00ae810fbd48f2e06c204beae3b0bfaf091d1d0e853525ead0e7f79abb0f0bf68064576339c3585cfd6d9b55d4f39278d":"":"":"":"aaf27fc2bf64b0320dd3564bb9b03377"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"90bc3b555b9d6b6aeb1774a583f98cad":"93b7055d7888ae234bfb431e379069d00ae810fbd48f2e06c204beae3b0bfaf091d1d0e853525ead0e7f79abb0f0bf68064576339c3585cfd6d9b55d4f39278d":"":"":"":"aaf27fc2bf64b0320dd3564bb9b03377"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #2
-ctr_drbg_validate_nopr:"4a2a7dcbde58b8b3c3f4697beb67bba2":"58364ceefad37581c518b7d42ac4f9aae22befd84cbc986c08d1fb20d3bd2400a899bafd470278fad8f0a50f8490af29f938471b4075654fda577dad20fa01ca":"":"":"":"20c5117a8aca72ee5ab91468daf44f29"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"4a2a7dcbde58b8b3c3f4697beb67bba2":"58364ceefad37581c518b7d42ac4f9aae22befd84cbc986c08d1fb20d3bd2400a899bafd470278fad8f0a50f8490af29f938471b4075654fda577dad20fa01ca":"":"":"":"20c5117a8aca72ee5ab91468daf44f29"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #3
-ctr_drbg_validate_nopr:"911faab1347ae2b3093a607c8bc77bfe":"2f044b8651e1c9d99317084cc6c4fa1f502dd62466a57d4b88bc0d703cabc562708201ac19cdb5cf918fae29c009fb1a2cf42fd714cc9a53ca5acb715482456a":"":"":"":"aae0c0ac97f53d222b83578a2b3dd05d"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"911faab1347ae2b3093a607c8bc77bfe":"2f044b8651e1c9d99317084cc6c4fa1f502dd62466a57d4b88bc0d703cabc562708201ac19cdb5cf918fae29c009fb1a2cf42fd714cc9a53ca5acb715482456a":"":"":"":"aae0c0ac97f53d222b83578a2b3dd05d"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #4
-ctr_drbg_validate_nopr:"f959f1bc100ae30088017fae51289d8e":"77d0f0efbc7ca794a51dff96e85b8e7dfd4875fbfb6e5593ae17908bfbddc313e051cb7d659c838180d834fdd987ae3c7f605aaa1b3a936575384b002a35dd98":"":"":"":"5d80bc3fffa42b89ccb390e8447e33e5"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"f959f1bc100ae30088017fae51289d8e":"77d0f0efbc7ca794a51dff96e85b8e7dfd4875fbfb6e5593ae17908bfbddc313e051cb7d659c838180d834fdd987ae3c7f605aaa1b3a936575384b002a35dd98":"":"":"":"5d80bc3fffa42b89ccb390e8447e33e5"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #5
-ctr_drbg_validate_nopr:"45a8bb33062783eede09b05a35bd44dd":"6bb14dc34f669759f8fa5453c4899eb5ac4e33a69e35e89b19a46dbd0888429d1367f7f3191e911b3b355b6e3b2426e242ef4140ddcc9676371101209662f253":"":"":"":"0dfa9955a13a9c57a3546a04108b8e9e"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"45a8bb33062783eede09b05a35bd44dd":"6bb14dc34f669759f8fa5453c4899eb5ac4e33a69e35e89b19a46dbd0888429d1367f7f3191e911b3b355b6e3b2426e242ef4140ddcc9676371101209662f253":"":"":"":"0dfa9955a13a9c57a3546a04108b8e9e"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #6
-ctr_drbg_validate_nopr:"0ada129f9948073d628c11274cec3f69":"b3d01bcb1ec747fdb7feb5a7de92807afa4338aba1c81ce1eb50955e125af46b19aed891366ec0f70b079037a5aeb33f07f4c894fdcda3ff41e2867ace1aa05c":"":"":"":"f34710c9ebf9d5aaa5f797fd85a1c413"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"0ada129f9948073d628c11274cec3f69":"b3d01bcb1ec747fdb7feb5a7de92807afa4338aba1c81ce1eb50955e125af46b19aed891366ec0f70b079037a5aeb33f07f4c894fdcda3ff41e2867ace1aa05c":"":"":"":"f34710c9ebf9d5aaa5f797fd85a1c413"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #7
-ctr_drbg_validate_nopr:"052a5ad4cd38de90e5d3c2fc430fa51e":"98482e58e44b8e4a6b09fa02c05fcc491da03a479a7fad13a83b6080d30b3b255e01a43568a9d6dd5cecf99b0ce9fd594d69eff8fa88159b2da24c33ba81a14d":"":"":"":"3f55144eec263aed50f9c9a641538e55"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"052a5ad4cd38de90e5d3c2fc430fa51e":"98482e58e44b8e4a6b09fa02c05fcc491da03a479a7fad13a83b6080d30b3b255e01a43568a9d6dd5cecf99b0ce9fd594d69eff8fa88159b2da24c33ba81a14d":"":"":"":"3f55144eec263aed50f9c9a641538e55"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #8
-ctr_drbg_validate_nopr:"004cd2f28f083d1cee68975d5cbbbe4f":"6238d448015e86aa16af62cdc287f1c17b78a79809fa00b8c655e06715cd2b935bf4df966e3ec1f14b28cc1d080f882a7215e258430c91a4a0a2aa98d7cd8053":"":"":"":"b137119dbbd9d752a8dfceec05b884b6"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"004cd2f28f083d1cee68975d5cbbbe4f":"6238d448015e86aa16af62cdc287f1c17b78a79809fa00b8c655e06715cd2b935bf4df966e3ec1f14b28cc1d080f882a7215e258430c91a4a0a2aa98d7cd8053":"":"":"":"b137119dbbd9d752a8dfceec05b884b6"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #9
-ctr_drbg_validate_nopr:"f985b3ea2d8b15db26a71895a2ff57cd":"50d3c4ecb1d6e95aebb87e9e8a5c869c11fb945dfad2e45ee90fb61931fcedd47d6005aa5df24bb9efc11bbb96bb21065d44e2532a1e17493f974a4bf8f8b580":"":"":"":"eb419628fbc441ae6a03e26aeecb34a6"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"f985b3ea2d8b15db26a71895a2ff57cd":"50d3c4ecb1d6e95aebb87e9e8a5c869c11fb945dfad2e45ee90fb61931fcedd47d6005aa5df24bb9efc11bbb96bb21065d44e2532a1e17493f974a4bf8f8b580":"":"":"":"eb419628fbc441ae6a03e26aeecb34a6"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #10
-ctr_drbg_validate_nopr:"100f196991b6e96f8b96a3456f6e2baf":"d27cbeac39a6c899938197f0e61dc90be3a3a20fa5c5e1f7a76adde00598e59555c1e9fd102d4b52e1ae9fb004be8944bad85c58e341d1bee014057da98eb3bc":"":"":"":"e3e09d0ed827e4f24a20553fd1087c9d"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"100f196991b6e96f8b96a3456f6e2baf":"d27cbeac39a6c899938197f0e61dc90be3a3a20fa5c5e1f7a76adde00598e59555c1e9fd102d4b52e1ae9fb004be8944bad85c58e341d1bee014057da98eb3bc":"":"":"":"e3e09d0ed827e4f24a20553fd1087c9d"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #11
-ctr_drbg_validate_nopr:"88f55d9ba8fef7828483298321133fec":"16f9f5354d624c5ab1f82c750e05f51f2a2eeca7e5b774fd96148ddba3b38d34ba7f1472567c52087252480d305ad1c69e4aac8472a154ae03511d0e8aac905a":"":"":"":"07cd821012ef03f16d8510c23b86baf3"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"88f55d9ba8fef7828483298321133fec":"16f9f5354d624c5ab1f82c750e05f51f2a2eeca7e5b774fd96148ddba3b38d34ba7f1472567c52087252480d305ad1c69e4aac8472a154ae03511d0e8aac905a":"":"":"":"07cd821012ef03f16d8510c23b86baf3"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #12
-ctr_drbg_validate_nopr:"126479abd70b25acd891e1c4c92044f9":"70afbc83bf9ff09535d6f0ddc51278ad7909f11e6f198b59132c9e269deb41ba901c62346283e293b8714fd3241ae870f974ff33c35f9aff05144be039d24e50":"":"":"":"0f90df350741d88552a5b03b6488e9fb"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"126479abd70b25acd891e1c4c92044f9":"70afbc83bf9ff09535d6f0ddc51278ad7909f11e6f198b59132c9e269deb41ba901c62346283e293b8714fd3241ae870f974ff33c35f9aff05144be039d24e50":"":"":"":"0f90df350741d88552a5b03b6488e9fb"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #13
-ctr_drbg_validate_nopr:"a45f2fca553089fe04e7832059dc7976":"5e5a9e1e3cb80738c238464ede1b6b6a321261a3b006a98a79265ad1f635573bba48dccf17b12f6868478252f556b77c3ec57a3bf6bb6599429453db2d050352":"":"":"":"6eb85ae2406c43814b687f74f4e942bc"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"a45f2fca553089fe04e7832059dc7976":"5e5a9e1e3cb80738c238464ede1b6b6a321261a3b006a98a79265ad1f635573bba48dccf17b12f6868478252f556b77c3ec57a3bf6bb6599429453db2d050352":"":"":"":"6eb85ae2406c43814b687f74f4e942bc"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #14
-ctr_drbg_validate_nopr:"52dbb43241002415966eaec2615aba27":"31cfe60e5ed12ff37d7f2270963def598726320c02b910b5c6c795e2209b4b4a95866c64cb097af1d6404d1e6182edf9600e1855345375b201801d6f4c4e4b32":"":"":"":"2a270f5ef815665ddd07527c48719ab1"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"52dbb43241002415966eaec2615aba27":"31cfe60e5ed12ff37d7f2270963def598726320c02b910b5c6c795e2209b4b4a95866c64cb097af1d6404d1e6182edf9600e1855345375b201801d6f4c4e4b32":"":"":"":"2a270f5ef815665ddd07527c48719ab1"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #0
-ctr_drbg_validate_nopr:"176200bb44808b5400b24e1b5f56cf73":"f84d395b1734eac4600dbc36f6b1e1599bc7f2608dc8ecb3a55369d7b1b122a09f5ac9c16d9a2be37d2ff70a9bba732fc3785b23ff4ade3c8404da3f09f95a8f":"aef28c9169e9af74c73432d4aa6f5dff9ea4a53433de2ecb9bf380a8868c86e1":"0626ae19763c5313b627a8d65cf1cfba46dfd6773242738b9b81fde8d566ade1":"63c160ed6a6c1fffd0586f52fa488a9055533930b36d4fa5ea3467cda9ffe198":"e8f91633725d786081625fb99336a993"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"176200bb44808b5400b24e1b5f56cf73":"f84d395b1734eac4600dbc36f6b1e1599bc7f2608dc8ecb3a55369d7b1b122a09f5ac9c16d9a2be37d2ff70a9bba732fc3785b23ff4ade3c8404da3f09f95a8f":"aef28c9169e9af74c73432d4aa6f5dff9ea4a53433de2ecb9bf380a8868c86e1":"0626ae19763c5313b627a8d65cf1cfba46dfd6773242738b9b81fde8d566ade1":"63c160ed6a6c1fffd0586f52fa488a9055533930b36d4fa5ea3467cda9ffe198":"e8f91633725d786081625fb99336a993"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #1
-ctr_drbg_validate_nopr:"19c3d16197ac93bf58c4110c9e864804":"50755cc0178c68ae70befd7744f6f1e3f6a59b3bbe484a744436079c7fae8d83c4965516fb952c63e1d0561d92cccc56037465815c9e549c9adce4a064877128":"5cb82d2c297404f3db1909480c597dd081d94ca282ba9370786a50f3cbab6a9b":"96d130faf1a971920c2bf57bcd6c02d5a4af7d3c840706081e4a50e55f38bf96":"1b0d04f179690a30d501e8f6f82201dbab6d972ece2a0edfb5ca66a8c9bcf47d":"4628b26492e5cb3b21956d4160f0b911"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"19c3d16197ac93bf58c4110c9e864804":"50755cc0178c68ae70befd7744f6f1e3f6a59b3bbe484a744436079c7fae8d83c4965516fb952c63e1d0561d92cccc56037465815c9e549c9adce4a064877128":"5cb82d2c297404f3db1909480c597dd081d94ca282ba9370786a50f3cbab6a9b":"96d130faf1a971920c2bf57bcd6c02d5a4af7d3c840706081e4a50e55f38bf96":"1b0d04f179690a30d501e8f6f82201dbab6d972ece2a0edfb5ca66a8c9bcf47d":"4628b26492e5cb3b21956d4160f0b911"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #2
-ctr_drbg_validate_nopr:"4b1edd0f53bf4e012def80efd740140b":"e50c31ebbb735c4a53fc0535647ae1fff7a5ac4fa4068ba90f1fa03ca4ddedecd5b1898d5e38185054b0de7e348034b57067a82a478b0057e0c46de4a7280cd9":"e7154ec1f7ac369d0bd41238f603b5315314d1dc82f71191de9e74364226eb09":"9444238bd27c45128a25d55e0734d3adafecccb2c24abdaa50ac2ca479c3830b":"ab2488c8b7e819d8ce5ec1ffb77efc770453970d6b852b496426d5db05c03947":"a488a87c04eb1c7586b8141ed45e7761"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"4b1edd0f53bf4e012def80efd740140b":"e50c31ebbb735c4a53fc0535647ae1fff7a5ac4fa4068ba90f1fa03ca4ddedecd5b1898d5e38185054b0de7e348034b57067a82a478b0057e0c46de4a7280cd9":"e7154ec1f7ac369d0bd41238f603b5315314d1dc82f71191de9e74364226eb09":"9444238bd27c45128a25d55e0734d3adafecccb2c24abdaa50ac2ca479c3830b":"ab2488c8b7e819d8ce5ec1ffb77efc770453970d6b852b496426d5db05c03947":"a488a87c04eb1c7586b8141ed45e7761"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #3
-ctr_drbg_validate_nopr:"1f89c914649ae8a234c0e9230f3460f9":"5e029c173dc28ab19851a8db008efbcf862f4187fca84e4e6f5ba686e3005dba5b95c5a0bcf78fb35ada347af58ec0aca09ed4799cd8a734739f3c425273e441":"b51f5fd5888552af0e9b667c2750c79106ce37c00c850afbe3776746d8c3bce1":"9b132a2cbffb8407aa06954ae6ebee265f986666757b5453601207e0cbb4871b":"f1c435e2ebf083a222218ee4602263872a2d3e097b536a8cc32a5a2220b8065f":"a065cc203881254ca81bd9595515e705"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"1f89c914649ae8a234c0e9230f3460f9":"5e029c173dc28ab19851a8db008efbcf862f4187fca84e4e6f5ba686e3005dba5b95c5a0bcf78fb35ada347af58ec0aca09ed4799cd8a734739f3c425273e441":"b51f5fd5888552af0e9b667c2750c79106ce37c00c850afbe3776746d8c3bce1":"9b132a2cbffb8407aa06954ae6ebee265f986666757b5453601207e0cbb4871b":"f1c435e2ebf083a222218ee4602263872a2d3e097b536a8cc32a5a2220b8065f":"a065cc203881254ca81bd9595515e705"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #4
-ctr_drbg_validate_nopr:"0ef2be2d00a16051404fc2a0faa74fdc":"b66c882ae02c5215ed3bcd9e9a40934b09bf48a15fe7558c9d9ceb0ebec63625ea18f7c3ab341d9f7edd8e1d8816edecb34dbd71ae02771327b5ebc74613dadd":"1ebe9893957a5c4a707793906d31bb201e88d88a22abd6baa6461fc61def7ffb":"f81e26744834413cb95af8d438d0050c7c968f929a33e35ee5c6715a0a520950":"687a848b2b6c715a0e613b3f3bb16cf2f056543eb9dd6b8aee8de8aa6fd8a1e6":"a6c4a7e99d08cc847ac0b8c8bcf22ec0"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"0ef2be2d00a16051404fc2a0faa74fdc":"b66c882ae02c5215ed3bcd9e9a40934b09bf48a15fe7558c9d9ceb0ebec63625ea18f7c3ab341d9f7edd8e1d8816edecb34dbd71ae02771327b5ebc74613dadd":"1ebe9893957a5c4a707793906d31bb201e88d88a22abd6baa6461fc61def7ffb":"f81e26744834413cb95af8d438d0050c7c968f929a33e35ee5c6715a0a520950":"687a848b2b6c715a0e613b3f3bb16cf2f056543eb9dd6b8aee8de8aa6fd8a1e6":"a6c4a7e99d08cc847ac0b8c8bcf22ec0"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #5
-ctr_drbg_validate_nopr:"eb2439d156c4f51fb1943c26f27de8af":"ad153fd266d9f73b21f4e5e88d3d13ba8325abdec427d5d8f671cfccdbd3510e9774d59a14d9b5472b217b7bcf355436a51965d2dff7c4ac586ab812f20d326e":"e24bd6b69a40fa0a02cefbbaa282f8f63a80e154be338d1b913418d4ff7a810d":"fd40baf11d7cdd77641a2b46916cb0c12980e02612ef59fb6fe7dabbbe7a85c0":"a40019e3b85d7d5775e793dd4c09b2bdc8253694b1dcb73e63a18b066a7f7d0c":"7cd8d2710147a0b7f053bb271edf07b5"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"eb2439d156c4f51fb1943c26f27de8af":"ad153fd266d9f73b21f4e5e88d3d13ba8325abdec427d5d8f671cfccdbd3510e9774d59a14d9b5472b217b7bcf355436a51965d2dff7c4ac586ab812f20d326e":"e24bd6b69a40fa0a02cefbbaa282f8f63a80e154be338d1b913418d4ff7a810d":"fd40baf11d7cdd77641a2b46916cb0c12980e02612ef59fb6fe7dabbbe7a85c0":"a40019e3b85d7d5775e793dd4c09b2bdc8253694b1dcb73e63a18b066a7f7d0c":"7cd8d2710147a0b7f053bb271edf07b5"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #6
-ctr_drbg_validate_nopr:"b23796d88ee5ae75ff2ba4fbbd5e2de8":"b249d2d9b269b58c5355710aaae98be12d8fb2e79046b4e6deeec28adad7e789999847e20de11f7c3277216374f117e3e006bdf99bb8631aa4c4c542cd482840":"79f0214b6b0c5ffb21b1d521498b71d22c67be4607c16300ab8dde3b52498097":"582be1e080264b3e68ec184347a5b6db1e8be1811578206e14ad84029fe39f71":"f5e9c3356810793f461f889d8c5003b1c0b20a284cb348301ce7b2dd7a1c7dd7":"1aa8cf54994be6b329e9eb897007abf0"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"b23796d88ee5ae75ff2ba4fbbd5e2de8":"b249d2d9b269b58c5355710aaae98be12d8fb2e79046b4e6deeec28adad7e789999847e20de11f7c3277216374f117e3e006bdf99bb8631aa4c4c542cd482840":"79f0214b6b0c5ffb21b1d521498b71d22c67be4607c16300ab8dde3b52498097":"582be1e080264b3e68ec184347a5b6db1e8be1811578206e14ad84029fe39f71":"f5e9c3356810793f461f889d8c5003b1c0b20a284cb348301ce7b2dd7a1c7dd7":"1aa8cf54994be6b329e9eb897007abf0"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #7
-ctr_drbg_validate_nopr:"081db0b1620a56afd87c2fd2bebb1db3":"3f1e90d88870a0bd03364036b655495e3e7d51bf67fb64ba0cbf003430af5585f5936b84ab3b8a55c02b8b6c54bea09cf2d77691858c5818991383add5f0c644":"5b98bc83ae8bed5c49cb71689dc39fee38d5d08bdfa2a01cee9d61e9f3d1e115":"aad3e58fdd98aa60fc2cae0df3fc734fff01a07f29f69c5ffeb96d299200d0d8":"bad9039ebb7c3a44061353542a2b1c1a89b3e9b493e9f59e438bfc80de3d1836":"8d01e3dc48b28f016fc34655c54be81f"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"081db0b1620a56afd87c2fd2bebb1db3":"3f1e90d88870a0bd03364036b655495e3e7d51bf67fb64ba0cbf003430af5585f5936b84ab3b8a55c02b8b6c54bea09cf2d77691858c5818991383add5f0c644":"5b98bc83ae8bed5c49cb71689dc39fee38d5d08bdfa2a01cee9d61e9f3d1e115":"aad3e58fdd98aa60fc2cae0df3fc734fff01a07f29f69c5ffeb96d299200d0d8":"bad9039ebb7c3a44061353542a2b1c1a89b3e9b493e9f59e438bfc80de3d1836":"8d01e3dc48b28f016fc34655c54be81f"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #8
-ctr_drbg_validate_nopr:"a8427443d9c34abcdcca061a2bbcff52":"b0e9b2192adc8912653d90a634d5d40c53ca4383290a8764bdf92667f859d833c3e72ad0ff41e07fe257b1ead11649be655c58a5df233114e7eda2558b7214d7":"c6cad9fb17ada437d195d1f8b6a7fa463e20050e94024170d2ffc34b80a50108":"be461a9c1a72ebaf28ee732219e3ca54cbee36921daaa946917a7c63279a6b0e":"b6d110d6b746d7ccf7a48a4337ba341d52508d0336d017ae20377977163c1a20":"16ccd63dbf7b24b6b427126b863f7c86"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"a8427443d9c34abcdcca061a2bbcff52":"b0e9b2192adc8912653d90a634d5d40c53ca4383290a8764bdf92667f859d833c3e72ad0ff41e07fe257b1ead11649be655c58a5df233114e7eda2558b7214d7":"c6cad9fb17ada437d195d1f8b6a7fa463e20050e94024170d2ffc34b80a50108":"be461a9c1a72ebaf28ee732219e3ca54cbee36921daaa946917a7c63279a6b0e":"b6d110d6b746d7ccf7a48a4337ba341d52508d0336d017ae20377977163c1a20":"16ccd63dbf7b24b6b427126b863f7c86"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #9
-ctr_drbg_validate_nopr:"86bd02976e6c50656372b8c212cf0a7a":"89900b0febf6b4e19ab8fc5babb4122a8aad86d658d0c2f98988c99fbd8530ff4ad365bd5fddaa15f96537bd72deb5384405b610e6ebae83e848307051fd6c82":"41bf3794ee54647a48a2588fdfdea686f1af6792e957d42f181f2631b207ac0c":"c4478afbea4eecb225448f069b02a74c2a222698c68e37eb144aff9e457f9610":"41a99e0d3f5b767f9bedcb2f878a5d99d42856bed29042d568b04e347624bf7f":"863337529aac9ab1e9f7f8187ea7aa7d"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"86bd02976e6c50656372b8c212cf0a7a":"89900b0febf6b4e19ab8fc5babb4122a8aad86d658d0c2f98988c99fbd8530ff4ad365bd5fddaa15f96537bd72deb5384405b610e6ebae83e848307051fd6c82":"41bf3794ee54647a48a2588fdfdea686f1af6792e957d42f181f2631b207ac0c":"c4478afbea4eecb225448f069b02a74c2a222698c68e37eb144aff9e457f9610":"41a99e0d3f5b767f9bedcb2f878a5d99d42856bed29042d568b04e347624bf7f":"863337529aac9ab1e9f7f8187ea7aa7d"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #10
-ctr_drbg_validate_nopr:"e809ef8d4c3d82575833d51ac69481b2":"3e831b7715ce202c95ec85337e2c0061d972169955bd96fbe1f758508c0336b3226260ea5e66f943b538eb115ffe4d5e534cbe58262a610528641629bc12fc75":"4d40c6a961168445c1691fea02ebd693cb4b3f74b03d45a350c65f0aaccb118b":"b07dc50e6ca7544ed6fdebd8f00ed5fa9b1f2213b477de8568eb92dddaabfe3f":"cbac982aa9f1830d0dc7373d9907670f561642adb1888f66b4150d3487bf0b8d":"2814be767d79778ebb82a096976f30db"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"e809ef8d4c3d82575833d51ac69481b2":"3e831b7715ce202c95ec85337e2c0061d972169955bd96fbe1f758508c0336b3226260ea5e66f943b538eb115ffe4d5e534cbe58262a610528641629bc12fc75":"4d40c6a961168445c1691fea02ebd693cb4b3f74b03d45a350c65f0aaccb118b":"b07dc50e6ca7544ed6fdebd8f00ed5fa9b1f2213b477de8568eb92dddaabfe3f":"cbac982aa9f1830d0dc7373d9907670f561642adb1888f66b4150d3487bf0b8d":"2814be767d79778ebb82a096976f30db"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #11
-ctr_drbg_validate_nopr:"ad71caa50420d213b25f5558e0dc1170":"6a3fd23e7dc934e6de6eb4cc846c0dc3cf35ea4be3f561c34666aed1bbd6331004afba5a5b83fff1e7b8a957fbee7cd9f8142326c796ca129ec9fbacf295b882":"3042dd041b89aaa61f185fdda706c77667515c037f2a88c6d47f23ddadc828ae":"9b1e3f72aaab66b202f17c5cc075cfba7242817b2b38c19fe8924ca325b826ea":"8660b503329aaea56acdb73ca83763299bac0f30264702cb9d52cbaf3d71d69d":"c204a3174784d82b664e9a1c0a13ffa6"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"ad71caa50420d213b25f5558e0dc1170":"6a3fd23e7dc934e6de6eb4cc846c0dc3cf35ea4be3f561c34666aed1bbd6331004afba5a5b83fff1e7b8a957fbee7cd9f8142326c796ca129ec9fbacf295b882":"3042dd041b89aaa61f185fdda706c77667515c037f2a88c6d47f23ddadc828ae":"9b1e3f72aaab66b202f17c5cc075cfba7242817b2b38c19fe8924ca325b826ea":"8660b503329aaea56acdb73ca83763299bac0f30264702cb9d52cbaf3d71d69d":"c204a3174784d82b664e9a1c0a13ffa6"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #12
-ctr_drbg_validate_nopr:"5fd6606b08e7e625af788814bef7f263":"baf8750e07194fc7172c736e0fdea0a632810d45602dff17ce37adf106d652f87e31b6bd24d21481c86444d8109586118672a6f93731b7438a3f0f39648b83a3":"3c37193d40e79ce8d569d8aa7ef80aabaa294f1b6d5a8341805f5ac67a6abf42":"c7033b3b68be178d120379e7366980d076c73280e629dd6e82f5af1af258931b":"452218a426a58463940785a67cb34799a1787f39d376c9e56e4a3f2215785dad":"561e16a8b297e458c4ec39ba43f0b67e"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"5fd6606b08e7e625af788814bef7f263":"baf8750e07194fc7172c736e0fdea0a632810d45602dff17ce37adf106d652f87e31b6bd24d21481c86444d8109586118672a6f93731b7438a3f0f39648b83a3":"3c37193d40e79ce8d569d8aa7ef80aabaa294f1b6d5a8341805f5ac67a6abf42":"c7033b3b68be178d120379e7366980d076c73280e629dd6e82f5af1af258931b":"452218a426a58463940785a67cb34799a1787f39d376c9e56e4a3f2215785dad":"561e16a8b297e458c4ec39ba43f0b67e"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #13
-ctr_drbg_validate_nopr:"08def734914ecf74b9eccb5dfaa045b8":"6697f889fcf6dae16881dc1e540e5c07f9461d409acee31842b04f93c00efbba670dfbf6040c1c2e29ad89064eae283fd6d431832f356e492bc5b2049f229892":"a6ac87af21efd3508990aac51d36243d46237b3755a0e68680adb59e19e8ae23":"0052152872b21615775431eb51889a264fed6ca44fa0436b72a419b91f92604c":"ebadf71565d9a8cc2621403c36e6411e7bed67193a843b90ccf2f7aa9f229ca2":"c83fa5df210b63f4bf4a0aca63650aab"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"08def734914ecf74b9eccb5dfaa045b8":"6697f889fcf6dae16881dc1e540e5c07f9461d409acee31842b04f93c00efbba670dfbf6040c1c2e29ad89064eae283fd6d431832f356e492bc5b2049f229892":"a6ac87af21efd3508990aac51d36243d46237b3755a0e68680adb59e19e8ae23":"0052152872b21615775431eb51889a264fed6ca44fa0436b72a419b91f92604c":"ebadf71565d9a8cc2621403c36e6411e7bed67193a843b90ccf2f7aa9f229ca2":"c83fa5df210b63f4bf4a0aca63650aab"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #14
-ctr_drbg_validate_nopr:"6437862e93060def199029ff2182f1e5":"719d1afcb6dc8ca26cba6a7c10f59cf82345b2a0c631a7879812d6f2d2663b49f9e92daecb81ff7c0790205d66694526477d6de54a269f542cb5e77fe4bc8db3":"5c961db0ac2ea8caf62c9acc44465dcfb4d721fcb2cd3e1c76cdcb61bfaa7e75":"24eabd392d37493e306705d0b287be11a4d72dd4b9577ac4098ef0dae69b0000":"9e4f05c1b85613e97958bc3863e521331b2bd78fdf2585f84607bf2238e82415":"21aaae76dc97c9bf7cf858054839653e"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"6437862e93060def199029ff2182f1e5":"719d1afcb6dc8ca26cba6a7c10f59cf82345b2a0c631a7879812d6f2d2663b49f9e92daecb81ff7c0790205d66694526477d6de54a269f542cb5e77fe4bc8db3":"5c961db0ac2ea8caf62c9acc44465dcfb4d721fcb2cd3e1c76cdcb61bfaa7e75":"24eabd392d37493e306705d0b287be11a4d72dd4b9577ac4098ef0dae69b0000":"9e4f05c1b85613e97958bc3863e521331b2bd78fdf2585f84607bf2238e82415":"21aaae76dc97c9bf7cf858054839653e"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #0
-ctr_drbg_validate_nopr:"cd7a1981c1b7079c1c38f5aeee86db22207cb9faed8c576b1724ca7817aa6abfb26c42a019eb4c2f4064f0587ea2b952":"7f88c3805ae0857c5cbb085a5d6259d26fb3a88dfe7084172ec959066f26296a800953ce19a24785b6acef451c4ce4c2dfb565cbe057f21b054a28633afbdd97":"":"":"":"76c1cdb0b95af271b52ac3b0c9289146"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"cd7a1981c1b7079c1c38f5aeee86db22207cb9faed8c576b1724ca7817aa6abfb26c42a019eb4c2f4064f0587ea2b952":"7f88c3805ae0857c5cbb085a5d6259d26fb3a88dfe7084172ec959066f26296a800953ce19a24785b6acef451c4ce4c2dfb565cbe057f21b054a28633afbdd97":"":"":"":"76c1cdb0b95af271b52ac3b0c9289146"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #1
-ctr_drbg_validate_nopr:"0ccdac2fd65a86bf8f8e9ddcabffb9d29a935139f627c165a815b23137eeee94cbb21be86ac5117379177d37728db6fd":"6f61703f92d3192cd982b2e52a8683e0d62918d51b12e084deae06c4a8e08ecfb3d2d30a980a70b083710bc45d9d407966b52829cf3813cc970b859aa4c871fe":"":"":"":"e6c73e159d73c2ba8950cd77acb39c10"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"0ccdac2fd65a86bf8f8e9ddcabffb9d29a935139f627c165a815b23137eeee94cbb21be86ac5117379177d37728db6fd":"6f61703f92d3192cd982b2e52a8683e0d62918d51b12e084deae06c4a8e08ecfb3d2d30a980a70b083710bc45d9d407966b52829cf3813cc970b859aa4c871fe":"":"":"":"e6c73e159d73c2ba8950cd77acb39c10"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #2
-ctr_drbg_validate_nopr:"fbbcc4abfd671296de3e0dcf409a139e35deae126c1941bf1afcc8d3da3a2d65f54a6d317bb6d683a3a77f6266b007ff":"c662ed723e7041877542fdcf629533d4a74393eb4dae4f3ec06d2d1c0d37ed7f519609a8485cb8deb578ae4cbb45c98ef7f2f2e677363e89fb3744286db6bfc1":"":"":"":"9d934d34417c6d0858f4a3faacbe759e"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"fbbcc4abfd671296de3e0dcf409a139e35deae126c1941bf1afcc8d3da3a2d65f54a6d317bb6d683a3a77f6266b007ff":"c662ed723e7041877542fdcf629533d4a74393eb4dae4f3ec06d2d1c0d37ed7f519609a8485cb8deb578ae4cbb45c98ef7f2f2e677363e89fb3744286db6bfc1":"":"":"":"9d934d34417c6d0858f4a3faacbe759e"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #3
-ctr_drbg_validate_nopr:"1b824790b6b22b246bcc1bcfbbb61a76045476672f917b72e79cca358e650eb29ed49fb0a5739e097f5f5336d46fc619":"c57a5686486ebacc2422236b19110c754795a869a8157901cf71303de1adc6af16a952190a395d6c20e155e690f41922f6f721dc8e93da81afb844f68714cba7":"":"":"":"13e7bf23d88f3bb5a5106a8227c8c456"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"1b824790b6b22b246bcc1bcfbbb61a76045476672f917b72e79cca358e650eb29ed49fb0a5739e097f5f5336d46fc619":"c57a5686486ebacc2422236b19110c754795a869a8157901cf71303de1adc6af16a952190a395d6c20e155e690f41922f6f721dc8e93da81afb844f68714cba7":"":"":"":"13e7bf23d88f3bb5a5106a8227c8c456"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #4
-ctr_drbg_validate_nopr:"2ea7861e374232cb8ceecbbd9a18fc1f63c31f833fe394f1e19c8ef61092a56f28342fa5b591f7b951583d50c12ef081":"6a0873634094be7028b885c345cd5016295eec5e524f069de6510ae8ac843dba2cc05c10baa8aad75eac8e8d1a8570f4d2a3cf718914a199deb3edf8c993a822":"":"":"":"c008f46a242ae0babad17268c9e0839a"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"2ea7861e374232cb8ceecbbd9a18fc1f63c31f833fe394f1e19c8ef61092a56f28342fa5b591f7b951583d50c12ef081":"6a0873634094be7028b885c345cd5016295eec5e524f069de6510ae8ac843dba2cc05c10baa8aad75eac8e8d1a8570f4d2a3cf718914a199deb3edf8c993a822":"":"":"":"c008f46a242ae0babad17268c9e0839a"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #5
-ctr_drbg_validate_nopr:"39caa986b82b5303d98e07b211ddc5ce89a67506095cad1aeed63b8bfe0d9c3d3c906f0c05cfb6b26bab4af7d03c9e1a":"f2059f7fb797e8e22de14dac783c56942a33d092c1ab68a762528ae8d74b7ad0690694ede462edbd6527550677b6d080d80cdabe51c963d5d6830a4ae04c993f":"":"":"":"202d3b2870be8f29b518f2e3e52f1564"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"39caa986b82b5303d98e07b211ddc5ce89a67506095cad1aeed63b8bfe0d9c3d3c906f0c05cfb6b26bab4af7d03c9e1a":"f2059f7fb797e8e22de14dac783c56942a33d092c1ab68a762528ae8d74b7ad0690694ede462edbd6527550677b6d080d80cdabe51c963d5d6830a4ae04c993f":"":"":"":"202d3b2870be8f29b518f2e3e52f1564"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #6
-ctr_drbg_validate_nopr:"a4e25102c1b04bafd66bfe1ce4a4b340797f776f54a2b3afe351eede44e75c28e3525155f837e7974269d398048c83c3":"0a03b7d026fab3773e9724dacb436197954b770eca3060535f2f8152aa136942915304dede1de0f5e89bd91d8e92531b5e39373013628fea4ee7622b9255d179":"":"":"":"be21cab637218ddffa3510c86271db7f"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"a4e25102c1b04bafd66bfe1ce4a4b340797f776f54a2b3afe351eede44e75c28e3525155f837e7974269d398048c83c3":"0a03b7d026fab3773e9724dacb436197954b770eca3060535f2f8152aa136942915304dede1de0f5e89bd91d8e92531b5e39373013628fea4ee7622b9255d179":"":"":"":"be21cab637218ddffa3510c86271db7f"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #7
-ctr_drbg_validate_nopr:"6de33a116425ebfe01f0a0124ad3fad382ca28473f5fc53885639788f9b1a470ab523b649bad87e76dee768f6abacb55":"d88312da6acbe792d087012c0bf3c83f363fa6b7a9dd45c3501009fb47b4cfcfeb7b31386155fe3b967f46e2898a00ecf51ec38b6e420852bef0a16081d778cc":"":"":"":"2c285bfd758f0156e782bb4467f6832c"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"6de33a116425ebfe01f0a0124ad3fad382ca28473f5fc53885639788f9b1a470ab523b649bad87e76dee768f6abacb55":"d88312da6acbe792d087012c0bf3c83f363fa6b7a9dd45c3501009fb47b4cfcfeb7b31386155fe3b967f46e2898a00ecf51ec38b6e420852bef0a16081d778cc":"":"":"":"2c285bfd758f0156e782bb4467f6832c"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #8
-ctr_drbg_validate_nopr:"b8ab42fd3f6306426602cae0c48eb02ffa7053940389900c17846e1d9726251762095383f2ec3406b3381d94a6d53dd8":"6a7873ccb7afb140e923acbec8256fa78232f40c0c8ba3dcbcf7074d26d6d18a7e78fffda328f097706b6d358048ee6a4728c92a6f62b3f2730a753b7bf5ec1f":"":"":"":"13504a2b09474f90d2e9ef40d1f2d0d5"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"b8ab42fd3f6306426602cae0c48eb02ffa7053940389900c17846e1d9726251762095383f2ec3406b3381d94a6d53dd8":"6a7873ccb7afb140e923acbec8256fa78232f40c0c8ba3dcbcf7074d26d6d18a7e78fffda328f097706b6d358048ee6a4728c92a6f62b3f2730a753b7bf5ec1f":"":"":"":"13504a2b09474f90d2e9ef40d1f2d0d5"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #9
-ctr_drbg_validate_nopr:"042b524444b9903c1ecb80af21eef0e884115561a15a1ab2f9f3a322edcbf14174f54d315196a632940c2c6f56612c09":"31ba5f801aeaac790f2480fbd2373a76ba1685ebebc5ae7cd4844733ec3cfb112634b3899104dcc16050e1206f8b3fb787d43d54de2c804fd3d8eb98e512bb00":"":"":"":"0a0484c14e7868178e68d6d5c5f57c5c"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"042b524444b9903c1ecb80af21eef0e884115561a15a1ab2f9f3a322edcbf14174f54d315196a632940c2c6f56612c09":"31ba5f801aeaac790f2480fbd2373a76ba1685ebebc5ae7cd4844733ec3cfb112634b3899104dcc16050e1206f8b3fb787d43d54de2c804fd3d8eb98e512bb00":"":"":"":"0a0484c14e7868178e68d6d5c5f57c5c"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #10
-ctr_drbg_validate_nopr:"632758f92efaca39615862177c267906ab0424230d481ee0a5aa1a5f66697d3918d4aab3f310b72a7f2d71c0a96b9247":"46dc837620872a5ffa642399213b4eebfb28ca069c5eaaf2a636f5bd647de365c11402b10ecd7780c56d464f56b653e17af8550b90a54adb38173a0b2f9e2ea7":"":"":"":"90432ce3f7b580961abecde259aa5af6"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"632758f92efaca39615862177c267906ab0424230d481ee0a5aa1a5f66697d3918d4aab3f310b72a7f2d71c0a96b9247":"46dc837620872a5ffa642399213b4eebfb28ca069c5eaaf2a636f5bd647de365c11402b10ecd7780c56d464f56b653e17af8550b90a54adb38173a0b2f9e2ea7":"":"":"":"90432ce3f7b580961abecde259aa5af6"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #11
-ctr_drbg_validate_nopr:"7b389118af3d0f8336b41cf58c2d810f0e5f9940703fd56a46c10a315fb09aafd7670c9e96ffa61e0cb750cb2aa6a7fe":"76e92e9f00fc7d0c525c48739a8b3601c51f8f5996117a7e07497afee36829636e714dbcb84c8f8d57e0850a361a5bdfc21084a1c30fb7797ce6280e057309b7":"":"":"":"7243964051082c0617e200fcbbe7ff45"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"7b389118af3d0f8336b41cf58c2d810f0e5f9940703fd56a46c10a315fb09aafd7670c9e96ffa61e0cb750cb2aa6a7fe":"76e92e9f00fc7d0c525c48739a8b3601c51f8f5996117a7e07497afee36829636e714dbcb84c8f8d57e0850a361a5bdfc21084a1c30fb7797ce6280e057309b7":"":"":"":"7243964051082c0617e200fcbbe7ff45"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #12
-ctr_drbg_validate_nopr:"e50d38434e9dfe3601e7ea1765d9fe777d467d9918974b5599ec19f42d7054b70ff6db63a3403d2fd09333eda17a5e76":"c9aa4739011c60f8e99db0580b3cad4269874d1dda1c81ffa872f01669e8f75215aaad1ccc301c12f90cd240bf99ad42bb06965afb0aa2bd3fcb681c710aa375":"":"":"":"28499495c94c6ceec1bd494e364ad97c"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"e50d38434e9dfe3601e7ea1765d9fe777d467d9918974b5599ec19f42d7054b70ff6db63a3403d2fd09333eda17a5e76":"c9aa4739011c60f8e99db0580b3cad4269874d1dda1c81ffa872f01669e8f75215aaad1ccc301c12f90cd240bf99ad42bb06965afb0aa2bd3fcb681c710aa375":"":"":"":"28499495c94c6ceec1bd494e364ad97c"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #13
-ctr_drbg_validate_nopr:"3253cb074d610db602b0a0d2836df1f20c3ee162d80b90b31660bb86ef3f0789fa857af4f45a5897bdd73c2295f879b6":"b06960a92d32a9e9658d9800de87a3800f3595e173fdc46bef22966264953672e2d7c638cc7b1cada747026726baf6cea4c64ba956be8bb1d1801158bee5e5d4":"":"":"":"b6608d6e5fcb4591a718f9149b79f8f1"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"3253cb074d610db602b0a0d2836df1f20c3ee162d80b90b31660bb86ef3f0789fa857af4f45a5897bdd73c2295f879b6":"b06960a92d32a9e9658d9800de87a3800f3595e173fdc46bef22966264953672e2d7c638cc7b1cada747026726baf6cea4c64ba956be8bb1d1801158bee5e5d4":"":"":"":"b6608d6e5fcb4591a718f9149b79f8f1"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #14
-ctr_drbg_validate_nopr:"83e4733566f90c8d69e6bcbe9fb52521ff3e26f806d9b7b86e9344cca0305dbf106de855240f1d35492cc6d651b8b6ae":"0e0105b12af35ac87cb23cf9ca8fb6a44307c3dcdc5bc890eb5253f4034c1533392a1760c98ba30d7751af93dd865d4bd66fbbeb215d7ff239b700527247775d":"":"":"":"68d64d1522c09a859b9b85b528d0d912"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"83e4733566f90c8d69e6bcbe9fb52521ff3e26f806d9b7b86e9344cca0305dbf106de855240f1d35492cc6d651b8b6ae":"0e0105b12af35ac87cb23cf9ca8fb6a44307c3dcdc5bc890eb5253f4034c1533392a1760c98ba30d7751af93dd865d4bd66fbbeb215d7ff239b700527247775d":"":"":"":"68d64d1522c09a859b9b85b528d0d912"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #0
-ctr_drbg_validate_nopr:"a94da55afdc50ce51c9a3b8a4c4484408b52a24a93c34ea71e1ca705eb829ba65de4d4e07fa3d86b37845ff1c7d5f6d2":"a53e371017439193591e475087aaddd5c1c386cdca0ddb68e002d80fdc401a47dd40e5987b2716731568d276bf0c6715757903d3dede914642ddd467c879c81e":"20f422edf85ca16a01cfbe5f8d6c947fae12a857db2aa9bfc7b36581808d0d46":"7fd81fbd2ab51c115d834e99f65ca54020ed388ed59ee07593fe125e5d73fb75":"cd2cff14693e4c9efdfe260de986004930bab1c65057772a62392c3b74ebc90d":"4f78beb94d978ce9d097feadfafd355e"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"a94da55afdc50ce51c9a3b8a4c4484408b52a24a93c34ea71e1ca705eb829ba65de4d4e07fa3d86b37845ff1c7d5f6d2":"a53e371017439193591e475087aaddd5c1c386cdca0ddb68e002d80fdc401a47dd40e5987b2716731568d276bf0c6715757903d3dede914642ddd467c879c81e":"20f422edf85ca16a01cfbe5f8d6c947fae12a857db2aa9bfc7b36581808d0d46":"7fd81fbd2ab51c115d834e99f65ca54020ed388ed59ee07593fe125e5d73fb75":"cd2cff14693e4c9efdfe260de986004930bab1c65057772a62392c3b74ebc90d":"4f78beb94d978ce9d097feadfafd355e"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #1
-ctr_drbg_validate_nopr:"e8649d4f86b3de85fe39ff04d7afe6e4dd00770931330b27e975a7b1e7b5206ee2f247d50401a372c3a27197fec5da46":"78d7d65c457218a63e2eb1eba287f121c5466728ac4f963aeaabf593b9d72b6376daea6436e55415ad097dee10c40a1ff61fca1c30b8ab51ed11ff090d19ef9a":"cc57adc98b2540664403ad6fd50c9042f0bf0e0b54ed33584ee189e072d0fb8f":"ab2f99e2d983aa8dd05336a090584f4f84d485a4763e00ced42ddda72483cd84":"0ecd7680e2e9f0250a43e28f2f8936d7ef16f45d79c0fa3f69e4fafce4aeb362":"08e38625611bb0fb844f43439550bd7a"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"e8649d4f86b3de85fe39ff04d7afe6e4dd00770931330b27e975a7b1e7b5206ee2f247d50401a372c3a27197fec5da46":"78d7d65c457218a63e2eb1eba287f121c5466728ac4f963aeaabf593b9d72b6376daea6436e55415ad097dee10c40a1ff61fca1c30b8ab51ed11ff090d19ef9a":"cc57adc98b2540664403ad6fd50c9042f0bf0e0b54ed33584ee189e072d0fb8f":"ab2f99e2d983aa8dd05336a090584f4f84d485a4763e00ced42ddda72483cd84":"0ecd7680e2e9f0250a43e28f2f8936d7ef16f45d79c0fa3f69e4fafce4aeb362":"08e38625611bb0fb844f43439550bd7a"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #2
-ctr_drbg_validate_nopr:"6c79e1556889b3c074fc083a120d73784b888c5acb877899f17ce52e424b84178d144441aa9f328c730a951b02b048df":"c78ff6b9fc91cbce246c9fcc2366d5f7dd6d99fb1325d8997f36819232d5fcd12ccafdcbefd01409d90acd0e0ffb7427c820b2d729fe7e845e6a6168fc1af0b5":"60cba10826de22c5e85d06357de63d6b2ff0719694dafca6ab33283f3a4aacdd":"8943c22fb68b30811790a99b9cbb056e1a2c329185a199c76ba5aeceb2fcd769":"70671a50e8387bf232989d904c19215c7535ad2d0c5dec30a744c8d2706be6ec":"f6b94b671cae8dfa8387719bfd75ee84"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"6c79e1556889b3c074fc083a120d73784b888c5acb877899f17ce52e424b84178d144441aa9f328c730a951b02b048df":"c78ff6b9fc91cbce246c9fcc2366d5f7dd6d99fb1325d8997f36819232d5fcd12ccafdcbefd01409d90acd0e0ffb7427c820b2d729fe7e845e6a6168fc1af0b5":"60cba10826de22c5e85d06357de63d6b2ff0719694dafca6ab33283f3a4aacdd":"8943c22fb68b30811790a99b9cbb056e1a2c329185a199c76ba5aeceb2fcd769":"70671a50e8387bf232989d904c19215c7535ad2d0c5dec30a744c8d2706be6ec":"f6b94b671cae8dfa8387719bfd75ee84"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #3
-ctr_drbg_validate_nopr:"f5ab77b2a8e370548b88febfd79772144cd5fc8d78062582addd4ff1e5c10094b390e66b3c4efb087510de1b9d25703f":"21a21c9314b37d4ade4a50a5d85995e0be07e358ed9bca19daa867a8d47847105dca7a424f32f715adb8fea5d3a41cfe388872a42ab18aa5cbcd7bde4adc3f8b":"023d582569a7ff1405e44cf09ceebb9d3254eef72286e4b87e6577a8ab091a06":"39597519872d49fbd186704241ba1dc10b1f84f9296fb61d597dbd655a18f997":"3091c9fe96109b41da63aa5fa00d716b5fa20e96d4f3e0f9c97666a706fa56f1":"1fb57058b3ba8751df5a99f018798983"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"f5ab77b2a8e370548b88febfd79772144cd5fc8d78062582addd4ff1e5c10094b390e66b3c4efb087510de1b9d25703f":"21a21c9314b37d4ade4a50a5d85995e0be07e358ed9bca19daa867a8d47847105dca7a424f32f715adb8fea5d3a41cfe388872a42ab18aa5cbcd7bde4adc3f8b":"023d582569a7ff1405e44cf09ceebb9d3254eef72286e4b87e6577a8ab091a06":"39597519872d49fbd186704241ba1dc10b1f84f9296fb61d597dbd655a18f997":"3091c9fe96109b41da63aa5fa00d716b5fa20e96d4f3e0f9c97666a706fa56f1":"1fb57058b3ba8751df5a99f018798983"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #4
-ctr_drbg_validate_nopr:"f0b79e292d0e393e78b6d6117e06d2e725823fe35bde1146502967a78d99d6bca564f0e2f324272f968be5baab4aeb29":"192054dddac02157a35eb7f75ae8ebdb43d6b969e33942fb16ff06cd6d8a602506c41e4e743b8230e8239b71b31b2d5e3614e3a65d79e91d5b9fc9d2a66f8553":"b12241e90d80f129004287c5b9911a70f7159794e6f9c1023b3b68da9237e8b7":"59e9c3c0f90e91f22c35a3be0c65f16157c569c7e3c78a545d9840f648c60069":"089a59af69f47ddb4191bd27720bb4c29216f738c48c0e14d2b8afd68de63c17":"15287156e544617529e7eede4aa9c70e"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"f0b79e292d0e393e78b6d6117e06d2e725823fe35bde1146502967a78d99d6bca564f0e2f324272f968be5baab4aeb29":"192054dddac02157a35eb7f75ae8ebdb43d6b969e33942fb16ff06cd6d8a602506c41e4e743b8230e8239b71b31b2d5e3614e3a65d79e91d5b9fc9d2a66f8553":"b12241e90d80f129004287c5b9911a70f7159794e6f9c1023b3b68da9237e8b7":"59e9c3c0f90e91f22c35a3be0c65f16157c569c7e3c78a545d9840f648c60069":"089a59af69f47ddb4191bd27720bb4c29216f738c48c0e14d2b8afd68de63c17":"15287156e544617529e7eede4aa9c70e"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #5
-ctr_drbg_validate_nopr:"e3f33843aecb35d01001ff92ab9a0f1a5431ba9de3e4f3247cda8c62acc86f7066448f639d8ba8b5249337f8c353bbbd":"ef081af1f62400a3d193969d689a40234998afb646d99a7c4b9cbbf47e650cda93a90e754a16fffa25fc2a2edab09720b4520c47309ec4f6d9f76f0162af6cae":"e7cc55b72862544a8661b5034e15587b1e5a45eb5dc744f5fa1db9b267f1c3ff":"882d30c888eb8e344b1d17057074606fe232ceb42eb71055264ede7bb638f2a2":"9ce65e95c1e735fe950e52c324e7551403d0ef70ad865bd31fef1e22b129fdd6":"205e3a53367c4a5183be74bb875fa717"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"e3f33843aecb35d01001ff92ab9a0f1a5431ba9de3e4f3247cda8c62acc86f7066448f639d8ba8b5249337f8c353bbbd":"ef081af1f62400a3d193969d689a40234998afb646d99a7c4b9cbbf47e650cda93a90e754a16fffa25fc2a2edab09720b4520c47309ec4f6d9f76f0162af6cae":"e7cc55b72862544a8661b5034e15587b1e5a45eb5dc744f5fa1db9b267f1c3ff":"882d30c888eb8e344b1d17057074606fe232ceb42eb71055264ede7bb638f2a2":"9ce65e95c1e735fe950e52c324e7551403d0ef70ad865bd31fef1e22b129fdd6":"205e3a53367c4a5183be74bb875fa717"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #6
-ctr_drbg_validate_nopr:"f30a18d597d8591a22dee908de95c5af74884b025f39b4f6707d28447d9d0a3114a57bc2d9eed8e621ec75e8ce389a16":"fae3d554d12a14e29de1b622922f27559559ca1518c9f800375a37a212e8b9a653cc3700223e9404d5bf781d15fccf638050a1394592caba001cfc65d61ef90b":"54240edd89016ed27e3bb3977a206836f5ef1fba0f000af95337d79caca9cf71":"250611e51852d933ff1a177b509c05e3228cb9f46dfb7b26848a68aad2ce4779":"f8b602d89fa1a0bfb31d0bd49246b458200a1adb28b64a68f7c197f335d69706":"7b63bfb325bafe7d9ef342cd14ea40a4"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"f30a18d597d8591a22dee908de95c5af74884b025f39b4f6707d28447d9d0a3114a57bc2d9eed8e621ec75e8ce389a16":"fae3d554d12a14e29de1b622922f27559559ca1518c9f800375a37a212e8b9a653cc3700223e9404d5bf781d15fccf638050a1394592caba001cfc65d61ef90b":"54240edd89016ed27e3bb3977a206836f5ef1fba0f000af95337d79caca9cf71":"250611e51852d933ff1a177b509c05e3228cb9f46dfb7b26848a68aad2ce4779":"f8b602d89fa1a0bfb31d0bd49246b458200a1adb28b64a68f7c197f335d69706":"7b63bfb325bafe7d9ef342cd14ea40a4"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #7
-ctr_drbg_validate_nopr:"c8dbc3d39beb612811c52e2b46ef76d2b7bd5d3a90ceddf9fb864fe6f44e36687d88158d61014e192f9a3cd474338e13":"8e60115b4af9c8e5606223792539e9ba87e9ef46cd16fcc09046db1ef8d3c036241cae5d61141711818e9e861dbd833632069ebf5af1bd6d4e513f059ab1efd3":"9b56eba0838457f736fc5efa2cfbe698908340f07d4680e279d21dd530fdc8c8":"62c47ece469a7a409e4b2b76d1c793aaf11654e177cc8bf63faff3e6c5a5395c":"4251597013d0c949c53bbd945477b78aa91baa95f1ff757c3a039ccc4e1f4789":"af2f37160940f0cc27d144a043ddf79b"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"c8dbc3d39beb612811c52e2b46ef76d2b7bd5d3a90ceddf9fb864fe6f44e36687d88158d61014e192f9a3cd474338e13":"8e60115b4af9c8e5606223792539e9ba87e9ef46cd16fcc09046db1ef8d3c036241cae5d61141711818e9e861dbd833632069ebf5af1bd6d4e513f059ab1efd3":"9b56eba0838457f736fc5efa2cfbe698908340f07d4680e279d21dd530fdc8c8":"62c47ece469a7a409e4b2b76d1c793aaf11654e177cc8bf63faff3e6c5a5395c":"4251597013d0c949c53bbd945477b78aa91baa95f1ff757c3a039ccc4e1f4789":"af2f37160940f0cc27d144a043ddf79b"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #8
-ctr_drbg_validate_nopr:"a37f9ed6c4e8f74ff16046b0678ef7bd24fcdca247b771ea1ce1fd48e3f5d2067e38aaf64ec59f1f49d96fa85e60ef03":"95da91f4185b254322ef0fc852473a9b9e4c274b242ded8a4eae6f1e2badde0664cf57f2128aa3dc83e436f7e80928a01d93bf25011eedf0190d0bf3619cd555":"b4a22f5598f79d34f0b9600763c081b0200ba489da7028ad0283828545c6d594":"fa3edc0962b20a9d9e1d0afcad907c8097c21d7a65c0e47c63d65cea94bf43bd":"49ba791a227e9e391e04225ad67f43f64754daac0b0bb4c6db77320943231ec3":"32f313ded225289793c14a71d1d32c9f"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"a37f9ed6c4e8f74ff16046b0678ef7bd24fcdca247b771ea1ce1fd48e3f5d2067e38aaf64ec59f1f49d96fa85e60ef03":"95da91f4185b254322ef0fc852473a9b9e4c274b242ded8a4eae6f1e2badde0664cf57f2128aa3dc83e436f7e80928a01d93bf25011eedf0190d0bf3619cd555":"b4a22f5598f79d34f0b9600763c081b0200ba489da7028ad0283828545c6d594":"fa3edc0962b20a9d9e1d0afcad907c8097c21d7a65c0e47c63d65cea94bf43bd":"49ba791a227e9e391e04225ad67f43f64754daac0b0bb4c6db77320943231ec3":"32f313ded225289793c14a71d1d32c9f"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #9
-ctr_drbg_validate_nopr:"87f85b9c19eba1d953b6613cf555c21bc74428d9a8fee15e6cd717e240506f3e80860423973a66c61820d4ce1c6bb77d":"f22dd3517350176e35e1b7ecc8c00bea4747f0ac17bda1b1ddf8cdf7be53ff8c326268366e89cf3b023a9646177a0dcca902f0c98bf3840c9cbdf5c0494bee3c":"611caa00f93d4456fd2abb90de4dbcd934afbf1a56c2c4633b704c998f649960":"cba68367dc2fc92250e23e2b1a547fb3231b2beaab5e5a2ee39c5c74c9bab5f5":"f4895c9653b44a96152b893b7c94db80057fb67824d61c5c4186b9d8f16d3d98":"a05de6531a1aa1b2ba3faea8ad6ac209"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"87f85b9c19eba1d953b6613cf555c21bc74428d9a8fee15e6cd717e240506f3e80860423973a66c61820d4ce1c6bb77d":"f22dd3517350176e35e1b7ecc8c00bea4747f0ac17bda1b1ddf8cdf7be53ff8c326268366e89cf3b023a9646177a0dcca902f0c98bf3840c9cbdf5c0494bee3c":"611caa00f93d4456fd2abb90de4dbcd934afbf1a56c2c4633b704c998f649960":"cba68367dc2fc92250e23e2b1a547fb3231b2beaab5e5a2ee39c5c74c9bab5f5":"f4895c9653b44a96152b893b7c94db80057fb67824d61c5c4186b9d8f16d3d98":"a05de6531a1aa1b2ba3faea8ad6ac209"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #10
-ctr_drbg_validate_nopr:"9670deb707caabc888a3b0df7270942934732e02be728a4bedb5fc9ca4d675b2f3b47c7132c364ce6292cef7c19b60c7":"bba34e6f4ee27e5d4e885e59f8bbb0dc7353a8912e66637d7515a66e5398d9a8cbd328fed32f71bdd34c73cdf97e0d211be6dabfb0144e1011fd136cf01ea4e4":"9f55da36babd6ea42082f5f5d4330f023440bb864f8ad5498a29cf89757eaeab":"8013a309058c91c80f4d966f98bce1d4291003ad547e915777a3fce8ae2eaf77":"c83106272d44e832e94c7096c9c11f6342e12ec06d5db336424af73d12451406":"bc8d4d00609662c1163dca930901821d"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"9670deb707caabc888a3b0df7270942934732e02be728a4bedb5fc9ca4d675b2f3b47c7132c364ce6292cef7c19b60c7":"bba34e6f4ee27e5d4e885e59f8bbb0dc7353a8912e66637d7515a66e5398d9a8cbd328fed32f71bdd34c73cdf97e0d211be6dabfb0144e1011fd136cf01ea4e4":"9f55da36babd6ea42082f5f5d4330f023440bb864f8ad5498a29cf89757eaeab":"8013a309058c91c80f4d966f98bce1d4291003ad547e915777a3fce8ae2eaf77":"c83106272d44e832e94c7096c9c11f6342e12ec06d5db336424af73d12451406":"bc8d4d00609662c1163dca930901821d"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #11
-ctr_drbg_validate_nopr:"6d984c8ab923a7e118447fd53ad287b8f01d1e6112cff12bfb338ecd3ed16bafdd634677c600bdd68f852a946f45c3d9":"ed0e524ed2990ef348dbb15b3f964b12ad3109978d6952ae193b21e94510a47406926620798e71a0ffcbdd2e54ec45509d784a8bfc9d59cb733f9f11fc474b5e":"0a3a32260d04dd7a82fb0873ecae7db5e5a4b6a51b09f4bf8a989e1afacbda3b":"3cbcabb83aab5a3e54836bbf12d3a7862a18e2dffeeb8bdd5770936d61fd839a":"f63b30a3efc0273eba03bf3cf90b1e4ac20b00e53a317dbf77b0fe70960e7c60":"ab9af144e8fad6a978a636ad84e0469e"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"6d984c8ab923a7e118447fd53ad287b8f01d1e6112cff12bfb338ecd3ed16bafdd634677c600bdd68f852a946f45c3d9":"ed0e524ed2990ef348dbb15b3f964b12ad3109978d6952ae193b21e94510a47406926620798e71a0ffcbdd2e54ec45509d784a8bfc9d59cb733f9f11fc474b5e":"0a3a32260d04dd7a82fb0873ecae7db5e5a4b6a51b09f4bf8a989e1afacbda3b":"3cbcabb83aab5a3e54836bbf12d3a7862a18e2dffeeb8bdd5770936d61fd839a":"f63b30a3efc0273eba03bf3cf90b1e4ac20b00e53a317dbf77b0fe70960e7c60":"ab9af144e8fad6a978a636ad84e0469e"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #12
-ctr_drbg_validate_nopr:"2c59520d6f8ce946dcc5222f4fc80ba83f38df9dce2861412eebb1614245331626e7fb93eedbad33a12e94c276deff0a":"2882d4a30b22659b87ad2d71db1d7cf093ffca80079a4ef21660de9223940969afec70b0384a54b1de9bcca6b43fb182e58d8dfcad82b0df99a8929201476ae9":"d3c17a2d9c5da051b2d1825120814eaee07dfca65ab4df01195c8b1fcea0ed41":"dcc39555b87f31973ae085f83eaf497441d22ab6d87b69e47296b0ab51733687":"9a8a1b4ccf8230e3d3a1be79e60ae06c393fe6b1ca245281825317468ca114c7":"fba523a09c587ecad4e7e7fd81e5ca39"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"2c59520d6f8ce946dcc5222f4fc80ba83f38df9dce2861412eebb1614245331626e7fb93eedbad33a12e94c276deff0a":"2882d4a30b22659b87ad2d71db1d7cf093ffca80079a4ef21660de9223940969afec70b0384a54b1de9bcca6b43fb182e58d8dfcad82b0df99a8929201476ae9":"d3c17a2d9c5da051b2d1825120814eaee07dfca65ab4df01195c8b1fcea0ed41":"dcc39555b87f31973ae085f83eaf497441d22ab6d87b69e47296b0ab51733687":"9a8a1b4ccf8230e3d3a1be79e60ae06c393fe6b1ca245281825317468ca114c7":"fba523a09c587ecad4e7e7fd81e5ca39"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #13
-ctr_drbg_validate_nopr:"1c1207f50b645aaed5c16fe36f6aae83af4924e6b98a7e2a2533a584c1bac123f8b6f0e05109e0132950ae97b389001a":"8ae9a5903da32a38b7c6fed92dd0c6a035ca5104a3528d71a3eacc2f1681379724991a0053e8dac65e35f3deee0435e99f86364577c8ebdba321872973dc9790":"568bfee681d7f9be23a175a3cbf441b513829a9cbdf0706c145fdcd7803ce099":"e32cb5fec72c068894aaeabfc1b8d5e0de0b5acdf287a82e130a46e846770dc2":"d4418c333687a1c15cac7d4021f7d8823a114bb98f92c8a6dccc59ff8ad51c1f":"194e3018377cef71610794006b95def5"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"1c1207f50b645aaed5c16fe36f6aae83af4924e6b98a7e2a2533a584c1bac123f8b6f0e05109e0132950ae97b389001a":"8ae9a5903da32a38b7c6fed92dd0c6a035ca5104a3528d71a3eacc2f1681379724991a0053e8dac65e35f3deee0435e99f86364577c8ebdba321872973dc9790":"568bfee681d7f9be23a175a3cbf441b513829a9cbdf0706c145fdcd7803ce099":"e32cb5fec72c068894aaeabfc1b8d5e0de0b5acdf287a82e130a46e846770dc2":"d4418c333687a1c15cac7d4021f7d8823a114bb98f92c8a6dccc59ff8ad51c1f":"194e3018377cef71610794006b95def5"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #14
-ctr_drbg_validate_nopr:"28254014c5d6ebf9bd9e5f3946fc98e55fe351deee8fc70333e4f20f1f7719a522b3ea9a4424afe68208d1cc6c128c47":"98a0db985544c33990aee0f69655dba7198e6720ce56ff9d4662e26f0c6b4ee7ab599932c05295f6c5a4011085c5b2c861a5a8ae4f572ce614ff2dafc0fddb34":"64215cbe384f1f4cf548078ffd51f91eee9a8bae5aacdd19ca16bcaaf354f8ad":"2e21df638dabe24aebf62d97e25f701f781d12d0064f2f5a4a44d320c90b7260":"7f936274f74a466cbf69dbfe46db79f3c349377df683cb461f2da3b842ad438e":"25c469cc8407b82f42e34f11db3d8462"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"28254014c5d6ebf9bd9e5f3946fc98e55fe351deee8fc70333e4f20f1f7719a522b3ea9a4424afe68208d1cc6c128c47":"98a0db985544c33990aee0f69655dba7198e6720ce56ff9d4662e26f0c6b4ee7ab599932c05295f6c5a4011085c5b2c861a5a8ae4f572ce614ff2dafc0fddb34":"64215cbe384f1f4cf548078ffd51f91eee9a8bae5aacdd19ca16bcaaf354f8ad":"2e21df638dabe24aebf62d97e25f701f781d12d0064f2f5a4a44d320c90b7260":"7f936274f74a466cbf69dbfe46db79f3c349377df683cb461f2da3b842ad438e":"25c469cc8407b82f42e34f11db3d8462"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #0
-ctr_drbg_validate_nopr:"e26c8a13dae5c2da81023f27ab10b878":"fea104f90c5881df7ad1c863307bad22c98770ecd0d717513a2807682582e3e18e81d7935c8a7bacddd5176e7ca4911b9f8f5b1d9c349152fa215393eb006384":"":"":"":"fd87337c305a0a8ef8eef797601732c2"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"e26c8a13dae5c2da81023f27ab10b878":"fea104f90c5881df7ad1c863307bad22c98770ecd0d717513a2807682582e3e18e81d7935c8a7bacddd5176e7ca4911b9f8f5b1d9c349152fa215393eb006384":"":"":"":"fd87337c305a0a8ef8eef797601732c2"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #1
-ctr_drbg_validate_nopr:"8d7dda20a9807804bfc37bd7472d3b0c":"1d723cbc2ff2c115160e7240340adbf31c717696d0fdfecf3ec21150fca00cde477d37e2abbe32f399a505b74d82e502fbff94cecac87e87127d1397d3d76532":"":"":"":"7221761b913b1f50125abca6c3b2f229"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"8d7dda20a9807804bfc37bd7472d3b0c":"1d723cbc2ff2c115160e7240340adbf31c717696d0fdfecf3ec21150fca00cde477d37e2abbe32f399a505b74d82e502fbff94cecac87e87127d1397d3d76532":"":"":"":"7221761b913b1f50125abca6c3b2f229"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #2
-ctr_drbg_validate_nopr:"c02e3b6fd4fea7ec517a232f48aaa8cb":"0820fc21cecba6b2fe053a269a34e6a7637dedaf55ef46d266f672ca7cfd9cc21cd807e2b7f6a1c640b4f059952ae6da7282c5c32959fed39f734a5e88a408d2":"":"":"":"667d4dbefe938d6a662440a17965a334"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"c02e3b6fd4fea7ec517a232f48aaa8cb":"0820fc21cecba6b2fe053a269a34e6a7637dedaf55ef46d266f672ca7cfd9cc21cd807e2b7f6a1c640b4f059952ae6da7282c5c32959fed39f734a5e88a408d2":"":"":"":"667d4dbefe938d6a662440a17965a334"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #3
-ctr_drbg_validate_nopr:"9aee0326f9b16f88a4114e8d49b8e282":"ef0aae3f9c425253205215e5bf0ad70f141ad8cc72a332247cfe989601ca4fc52ba48b82db4d00fe1f279979b5aed1ae2ec2b02d2c921ee2d9cb89e3a900b97d":"":"":"":"651ad783fe3def80a8456552e405b98d"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"9aee0326f9b16f88a4114e8d49b8e282":"ef0aae3f9c425253205215e5bf0ad70f141ad8cc72a332247cfe989601ca4fc52ba48b82db4d00fe1f279979b5aed1ae2ec2b02d2c921ee2d9cb89e3a900b97d":"":"":"":"651ad783fe3def80a8456552e405b98d"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #4
-ctr_drbg_validate_nopr:"1e7a4961d1cd2fd30f571b92a763c2c5":"a9262ed5b54880cc8ecd4119cce9afe3de8875d403f7ca6b8ed8c88559470b29e644fddd83e127c5f938bc8a425db169c33c5c2d0b0c5133c8f87bbc0b0a7d79":"":"":"":"1124c509ca52693977cf461b0f0a0da9"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"1e7a4961d1cd2fd30f571b92a763c2c5":"a9262ed5b54880cc8ecd4119cce9afe3de8875d403f7ca6b8ed8c88559470b29e644fddd83e127c5f938bc8a425db169c33c5c2d0b0c5133c8f87bbc0b0a7d79":"":"":"":"1124c509ca52693977cf461b0f0a0da9"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #5
-ctr_drbg_validate_nopr:"ae0b0d2e84f48c632f031356cdea60ac":"554cf6fad1c376ad6148cd40b53105c16e2f5dd5fa564865b26faa8c318150bfb2294e711735df5eb86ff4b4e778531793bad42403d93a80d05c5421229a53da":"":"":"":"1212e5d3070b1cdf52c0217866481c58"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"ae0b0d2e84f48c632f031356cdea60ac":"554cf6fad1c376ad6148cd40b53105c16e2f5dd5fa564865b26faa8c318150bfb2294e711735df5eb86ff4b4e778531793bad42403d93a80d05c5421229a53da":"":"":"":"1212e5d3070b1cdf52c0217866481c58"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #6
-ctr_drbg_validate_nopr:"16b8c7495d43cd2ff5f65ad2ab48ecef":"7cffe2bef0d42374f7263a386b67fba991e59cefd73590cbcde3a4dc635a5a328f1a8e5edd3ada75854f251ee9f2de6cd247f64c6ca4f6c983805aa0fe9d3106":"":"":"":"d3869a9c5004b8a6ae8d8f0f461b602b"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"16b8c7495d43cd2ff5f65ad2ab48ecef":"7cffe2bef0d42374f7263a386b67fba991e59cefd73590cbcde3a4dc635a5a328f1a8e5edd3ada75854f251ee9f2de6cd247f64c6ca4f6c983805aa0fe9d3106":"":"":"":"d3869a9c5004b8a6ae8d8f0f461b602b"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #7
-ctr_drbg_validate_nopr:"a2d5eff6f73f98e5b04c01967dffa69b":"59759bb91b3c4feb18c0f086269ec52e097b67698f4dfe91ebe8bef851caa35cadb3fd22d1309f13510e1252856c71394a8e210fdbf3c7aae7998865f98e8744":"":"":"":"a1f99bd9522342e963af2ec8eed25c08"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"a2d5eff6f73f98e5b04c01967dffa69b":"59759bb91b3c4feb18c0f086269ec52e097b67698f4dfe91ebe8bef851caa35cadb3fd22d1309f13510e1252856c71394a8e210fdbf3c7aae7998865f98e8744":"":"":"":"a1f99bd9522342e963af2ec8eed25c08"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #8
-ctr_drbg_validate_nopr:"ea1f47fe5e281136706419ea9b652967":"0ec7c617f85bec74044111020c977be32ab8050b326ebc03715bbbffa5a34622f2264d4b5141b7883281c21ea91981155a64fb7b902e674e9a41a8a86c32052b":"":"":"":"daf75b8288fc66802b23af5fd04a9434"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"ea1f47fe5e281136706419ea9b652967":"0ec7c617f85bec74044111020c977be32ab8050b326ebc03715bbbffa5a34622f2264d4b5141b7883281c21ea91981155a64fb7b902e674e9a41a8a86c32052b":"":"":"":"daf75b8288fc66802b23af5fd04a9434"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #9
-ctr_drbg_validate_nopr:"6f072c681a82c00dcd0d9dd5b7ffa2af":"cd7ce90f0141e80f6bd6ff3d981d8a0a877d0ddae7c98f9091763b5946fc38b64c1ef698485007d53251ad278daf5d4ae94a725d617fc9a45a919a9e785a9849":"":"":"":"39c0144f28c5a490eff6221b62384602"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"6f072c681a82c00dcd0d9dd5b7ffa2af":"cd7ce90f0141e80f6bd6ff3d981d8a0a877d0ddae7c98f9091763b5946fc38b64c1ef698485007d53251ad278daf5d4ae94a725d617fc9a45a919a9e785a9849":"":"":"":"39c0144f28c5a490eff6221b62384602"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #10
-ctr_drbg_validate_nopr:"9d730655366e2aa89ee09332bd0a5053":"854766e842eb165a31551f96008354bca1628a9520d29c3cc4f6a41068bf76d8054b75b7d69f5865266c310b5e9f0290af37c5d94535cb5dc9c854ea1cb36eb7":"":"":"":"baa2a3ed6fdc049d0f158693db8c70ef"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"9d730655366e2aa89ee09332bd0a5053":"854766e842eb165a31551f96008354bca1628a9520d29c3cc4f6a41068bf76d8054b75b7d69f5865266c310b5e9f0290af37c5d94535cb5dc9c854ea1cb36eb7":"":"":"":"baa2a3ed6fdc049d0f158693db8c70ef"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #11
-ctr_drbg_validate_nopr:"3363881611bfd5d16814360e83d8544f":"6abfab14cbf222d553d0e930a38941f6f271b48943ea6f69e796e30135bc9eb30204b77ab416ac066da0a649c8558e5a0eac62f54f2f6e66c207cab461c71510":"":"":"":"5be410ce54288e881acd3e566964df78"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"3363881611bfd5d16814360e83d8544f":"6abfab14cbf222d553d0e930a38941f6f271b48943ea6f69e796e30135bc9eb30204b77ab416ac066da0a649c8558e5a0eac62f54f2f6e66c207cab461c71510":"":"":"":"5be410ce54288e881acd3e566964df78"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #12
-ctr_drbg_validate_nopr:"14e589065423528ff84a1f89507ab519":"0d2e446cad387a962ff2217c7cf4826dcabb997ab7f74f64aa18fbcb69151993f263925ae71f9dfdff122bb61802480f2803930efce01a3f37c97101893c140f":"":"":"":"fc2d3df6c9aae68fb01d8382fcd82104"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"14e589065423528ff84a1f89507ab519":"0d2e446cad387a962ff2217c7cf4826dcabb997ab7f74f64aa18fbcb69151993f263925ae71f9dfdff122bb61802480f2803930efce01a3f37c97101893c140f":"":"":"":"fc2d3df6c9aae68fb01d8382fcd82104"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #13
-ctr_drbg_validate_nopr:"974c5ae90347d839475f0f994f2bf01d":"aa04d9fc56349fdd31d868e9efc2938f9104c0291e55ac0aa0c24ec4609731b8e0ac04b42180bde1af6ad1b26faff8a6de60a8a4a828cd6f8758c54b6037a0ee":"":"":"":"3caec482015003643d5a319a2af48fb4"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"974c5ae90347d839475f0f994f2bf01d":"aa04d9fc56349fdd31d868e9efc2938f9104c0291e55ac0aa0c24ec4609731b8e0ac04b42180bde1af6ad1b26faff8a6de60a8a4a828cd6f8758c54b6037a0ee":"":"":"":"3caec482015003643d5a319a2af48fb4"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #14
-ctr_drbg_validate_nopr:"b3a110587a16c1eafe51128a66816ecf":"203bba645fb5ccee3383cf402e04c713b7a6b6cca8b154e827520daac4ea3a0247bbdc3b2cd853e170587d22c70fb96c320ea71cb80c04826316c7317c797b8a":"":"":"":"9af4f67a30a4346e0cfcf51c45fd2589"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"b3a110587a16c1eafe51128a66816ecf":"203bba645fb5ccee3383cf402e04c713b7a6b6cca8b154e827520daac4ea3a0247bbdc3b2cd853e170587d22c70fb96c320ea71cb80c04826316c7317c797b8a":"":"":"":"9af4f67a30a4346e0cfcf51c45fd2589"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #0
-ctr_drbg_validate_nopr:"55546068cd524c51496c5fc9622b64c6":"951e712d057028158831ca8c74d4ae303c6e4641c344a1c80292260bdd9d8e2f5b97606370e95903e3124659de3e3f6e021cd9ccc86aa4a619c0e94b2a9aa3cc":"2d6de8661c7a30a0ca6a20c13c4c04421ba200fbef4f6eb499c17aee1561faf1":"41797b2eeaccb8a002538d3480cb0b76060ee5ba9d7e4a2bb2b201154f61c975":"b744980bb0377e176b07f48e7994fffd7b0d8a539e1f02a5535d2f4051f054f3":"65b9f7382ed578af03efa2008dbdd56f"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"55546068cd524c51496c5fc9622b64c6":"951e712d057028158831ca8c74d4ae303c6e4641c344a1c80292260bdd9d8e2f5b97606370e95903e3124659de3e3f6e021cd9ccc86aa4a619c0e94b2a9aa3cc":"2d6de8661c7a30a0ca6a20c13c4c04421ba200fbef4f6eb499c17aee1561faf1":"41797b2eeaccb8a002538d3480cb0b76060ee5ba9d7e4a2bb2b201154f61c975":"b744980bb0377e176b07f48e7994fffd7b0d8a539e1f02a5535d2f4051f054f3":"65b9f7382ed578af03efa2008dbdd56f"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #1
-ctr_drbg_validate_nopr:"a0c92565640a3315cac8da6d0458fb07":"6e9b31755c1f45df7d685f86044ab3bc25433a3ff08ab5de7154e06b0867f4e3531ed2e2a15ab63c611fc2894240fdac1d3292d1b36da87caa2080d1c41bcf24":"c6c74690bdee26288d2f87a06435d664431206b23b24f426e847fb892d40d5d5":"4e7dc1adbc8bc16ba7b584c18a0d7e4383c470bff2f320af54ad5ade5f43265b":"c6fb8ee194a339726f5051b91925c6a214079a661ec78358e98fc4f41e8c4724":"c3f849ee7d87291301e11b467fa2162f"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"a0c92565640a3315cac8da6d0458fb07":"6e9b31755c1f45df7d685f86044ab3bc25433a3ff08ab5de7154e06b0867f4e3531ed2e2a15ab63c611fc2894240fdac1d3292d1b36da87caa2080d1c41bcf24":"c6c74690bdee26288d2f87a06435d664431206b23b24f426e847fb892d40d5d5":"4e7dc1adbc8bc16ba7b584c18a0d7e4383c470bff2f320af54ad5ade5f43265b":"c6fb8ee194a339726f5051b91925c6a214079a661ec78358e98fc4f41e8c4724":"c3f849ee7d87291301e11b467fa2162f"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #2
-ctr_drbg_validate_nopr:"63e143bd6a87065a00eea930593f9b29":"62c2c790cb56518ed2d8d65952bbd4ab85a56463495c940b94f403a93338bdc96129feea9335b1a3e0ada7cf4c207f4732013bc6a52db41407bf5d6fe9183b3c":"7b4e9ff0c8f8c90f8b324c7189226d3adccd79df2d0c22b52fb31dbb5dfefba6":"49e1aecf2b96a366325dc1892c016a5535dd2480360a382e9cc78bf75b2bba37":"f4ce1d27e759f3ba4a56aaab713642b4c56810c9995fbfc04ce285429f95a8f4":"513111abaae3069e599b56f7e5fb91d1"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"63e143bd6a87065a00eea930593f9b29":"62c2c790cb56518ed2d8d65952bbd4ab85a56463495c940b94f403a93338bdc96129feea9335b1a3e0ada7cf4c207f4732013bc6a52db41407bf5d6fe9183b3c":"7b4e9ff0c8f8c90f8b324c7189226d3adccd79df2d0c22b52fb31dbb5dfefba6":"49e1aecf2b96a366325dc1892c016a5535dd2480360a382e9cc78bf75b2bba37":"f4ce1d27e759f3ba4a56aaab713642b4c56810c9995fbfc04ce285429f95a8f4":"513111abaae3069e599b56f7e5fb91d1"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #3
-ctr_drbg_validate_nopr:"98dc16e95f97b5b9d8287875774d9d19":"2fab4a629e4b21f27488a0c9ed36fc8e75bee0c386346c6ec59a6f045975e29818440a6638eb3b9e952e19df82d6dc7b8b9c18530aef763d0709b3b55433ddc6":"2e9d2f52a55df05fb8b9549947f8690c9ce410268d1d3aa7d69e63cbb28e4eb8":"57ecdad71d709dcdb1eba6cf36e0ecf04aaccd7527ca44c6f96768968027274f":"7b2da3d1ae252a71bccbb318e0eec95493a236f0dec97f2600de9f0743030529":"841882e4d9346bea32b1216eebc06aac"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"98dc16e95f97b5b9d8287875774d9d19":"2fab4a629e4b21f27488a0c9ed36fc8e75bee0c386346c6ec59a6f045975e29818440a6638eb3b9e952e19df82d6dc7b8b9c18530aef763d0709b3b55433ddc6":"2e9d2f52a55df05fb8b9549947f8690c9ce410268d1d3aa7d69e63cbb28e4eb8":"57ecdad71d709dcdb1eba6cf36e0ecf04aaccd7527ca44c6f96768968027274f":"7b2da3d1ae252a71bccbb318e0eec95493a236f0dec97f2600de9f0743030529":"841882e4d9346bea32b1216eebc06aac"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #4
-ctr_drbg_validate_nopr:"5dbac5c313527d4d0e5ca9b6f5596ed7":"c00b28c78da4f9ce159741437fe7f90e4e23ecd01cd292f197202decbbc823d9ce46b8191c11e8f8d007d38e2ecd93b8bd9bbad5812aaf547ddf4c7a6738b777":"460c54f4c3fe49d9b25b069ff6664517ed3b234890175a59cde5c3bc230c0a9e":"bf5187f1f55ae6711c2bc1884324490bf2d29d29e95cad7a1c295045eed5a310":"28fd8277dcb807741d4d5cb255a8d9a32ef56a880ccf2b3dcca54645bd6f1013":"b488f5c13bb017b0d9de2092d577c76e"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"5dbac5c313527d4d0e5ca9b6f5596ed7":"c00b28c78da4f9ce159741437fe7f90e4e23ecd01cd292f197202decbbc823d9ce46b8191c11e8f8d007d38e2ecd93b8bd9bbad5812aaf547ddf4c7a6738b777":"460c54f4c3fe49d9b25b069ff6664517ed3b234890175a59cde5c3bc230c0a9e":"bf5187f1f55ae6711c2bc1884324490bf2d29d29e95cad7a1c295045eed5a310":"28fd8277dcb807741d4d5cb255a8d9a32ef56a880ccf2b3dcca54645bd6f1013":"b488f5c13bb017b0d9de2092d577c76e"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #5
-ctr_drbg_validate_nopr:"254d5f5044415c694a89249b0b6e1a2c":"4c1cc9ebe7a03cde31860637d8222faeefa9cbf789fab62e99a98d83084fef29eafcf7177d62d55435a1acb77e7a61ad86c47d1950b8683e167fe3ece3f8c9e8":"71af584657160f0f0b81740ef93017a37c174bee5a02c8967f087fdbfd33bfde":"96e8522f6ed8e8a9772ffb19e9416a1c6293ad6d1ecd317972e2f6258d7d68dd":"3aaa5e4d6af79055742150e630c5e3a46288e216d6607793c021d6705349f96a":"66629af4a0e90550b9bd3811243d6b86"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"254d5f5044415c694a89249b0b6e1a2c":"4c1cc9ebe7a03cde31860637d8222faeefa9cbf789fab62e99a98d83084fef29eafcf7177d62d55435a1acb77e7a61ad86c47d1950b8683e167fe3ece3f8c9e8":"71af584657160f0f0b81740ef93017a37c174bee5a02c8967f087fdbfd33bfde":"96e8522f6ed8e8a9772ffb19e9416a1c6293ad6d1ecd317972e2f6258d7d68dd":"3aaa5e4d6af79055742150e630c5e3a46288e216d6607793c021d6705349f96a":"66629af4a0e90550b9bd3811243d6b86"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #6
-ctr_drbg_validate_nopr:"b46fceed0fcc29665815cc9459971913":"ff62d52aed55d8e966044f7f7c5013b4915197c73668e01b4487c3243bbf5f9248a4fdd6ef0f63b87fc8d1c5d514ff243319b2fbdfa474d5f83b935399655e15":"994d6b5393fbf0351f0bcfb48e1e763b377b732c73bf8e28dec720a2cadcb8a5":"118bb8c7a43b9c30afaf9ce4db3e6a60a3f9d01c30b9ab3572662955808b41e4":"bb47e443090afc32ee34873bd106bf867650adf5b5d90a2e7d0e58ed0ae83e8a":"1865fee6024db510690725f16b938487"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"b46fceed0fcc29665815cc9459971913":"ff62d52aed55d8e966044f7f7c5013b4915197c73668e01b4487c3243bbf5f9248a4fdd6ef0f63b87fc8d1c5d514ff243319b2fbdfa474d5f83b935399655e15":"994d6b5393fbf0351f0bcfb48e1e763b377b732c73bf8e28dec720a2cadcb8a5":"118bb8c7a43b9c30afaf9ce4db3e6a60a3f9d01c30b9ab3572662955808b41e4":"bb47e443090afc32ee34873bd106bf867650adf5b5d90a2e7d0e58ed0ae83e8a":"1865fee6024db510690725f16b938487"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #7
-ctr_drbg_validate_nopr:"e1a5dd32fc7cefb281d5d6ce3200f4ca":"bf1ba4166007b53fcaee41f9c54771c8a0b309a52ea7894a005783c1e3e43e2eb9871d7909a1c3567953aabdf75e38c8f5578c51a692d883755102a0c82c7c12":"32e9922bd780303828091a140274d04f879cd821f352bd18bcaa49ffef840010":"01830ddd2f0e323c90830beddedf1480e6c23b0d99c2201871f18cc308ab3139":"f36d792dbde7609b8bf4724d7d71362840b309c5f2961e2537c8b5979a569ae8":"7080e8379a43c2e28e07d0c7ed9705a8"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"e1a5dd32fc7cefb281d5d6ce3200f4ca":"bf1ba4166007b53fcaee41f9c54771c8a0b309a52ea7894a005783c1e3e43e2eb9871d7909a1c3567953aabdf75e38c8f5578c51a692d883755102a0c82c7c12":"32e9922bd780303828091a140274d04f879cd821f352bd18bcaa49ffef840010":"01830ddd2f0e323c90830beddedf1480e6c23b0d99c2201871f18cc308ab3139":"f36d792dbde7609b8bf4724d7d71362840b309c5f2961e2537c8b5979a569ae8":"7080e8379a43c2e28e07d0c7ed9705a8"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #8
-ctr_drbg_validate_nopr:"d1b7be857a422b425ae62c61e90a192a":"6ac34c4ce22b644632283ab13e294df2093e939d32411340b046c26fcc449d0fd6d14132c7205df303dbb663190e6e86ad12e14e145b6603308241f38d94eb5d":"aacfe8553d5ffef6abc3fd8f94d796cae2079ff04f7ab1b41982003f02427c7a":"01d2d1bc29d6a6b52bb29bd6652be772096ca23c838c40730d5b4a4f8f735daa":"27af728ee07d3f5902f4e56453b6a9feb308ef14795eb5630b2651debdd36d5b":"b03fbcd03fa1cc69db0a4e3492a52bad"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"d1b7be857a422b425ae62c61e90a192a":"6ac34c4ce22b644632283ab13e294df2093e939d32411340b046c26fcc449d0fd6d14132c7205df303dbb663190e6e86ad12e14e145b6603308241f38d94eb5d":"aacfe8553d5ffef6abc3fd8f94d796cae2079ff04f7ab1b41982003f02427c7a":"01d2d1bc29d6a6b52bb29bd6652be772096ca23c838c40730d5b4a4f8f735daa":"27af728ee07d3f5902f4e56453b6a9feb308ef14795eb5630b2651debdd36d5b":"b03fbcd03fa1cc69db0a4e3492a52bad"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #9
-ctr_drbg_validate_nopr:"a2c49aa6f3f92e36266bf267af5877ed":"5684c3eb99314127078484959314d52b3bc50cb3615c0eef6b48850d98aee04c528b0693be13ed1bb4040e8e96cb13c316143f0815cd68d1bb7931a3d9b88a3d":"566522085426b76bdef152adefd73ef0f76eee4614bc5a4391629ec49e0acffb":"30ef9585148dd2270c41540a4235328de8952f28cf5472df463e88e837419e99":"adc46e0afcf69302f62c84c5c4bfcbb7132f8db118d1a84dc2b910753fe86a2d":"4edc4383977ee91aaa2f5b9ac4257570"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"a2c49aa6f3f92e36266bf267af5877ed":"5684c3eb99314127078484959314d52b3bc50cb3615c0eef6b48850d98aee04c528b0693be13ed1bb4040e8e96cb13c316143f0815cd68d1bb7931a3d9b88a3d":"566522085426b76bdef152adefd73ef0f76eee4614bc5a4391629ec49e0acffb":"30ef9585148dd2270c41540a4235328de8952f28cf5472df463e88e837419e99":"adc46e0afcf69302f62c84c5c4bfcbb7132f8db118d1a84dc2b910753fe86a2d":"4edc4383977ee91aaa2f5b9ac4257570"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #10
-ctr_drbg_validate_nopr:"43852c53041a3a4f710435dbd3e4382b":"ab7bca5595084bccdba80ade7ac3df2a0ce198fa49d29414c0249ec3d1c50d271ca74ba5c3521576a89a1964e6deded2d5ba7ff28a364a8f9235981bec1bedfa":"c5612a9540b64fc134074cb36f4c9ea62fff993938709b5d354a917e5265adee":"eee2258aba665aa6d3f5b8c2207f135276f597adb2a0fbfb16a20460e8cc3c68":"a6d6d126bed13dbcf2b327aa884b7260a9c388cb03751dbe9feb28a3fe351d62":"e04c3de51a1ffe8cda89e881c396584b"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"43852c53041a3a4f710435dbd3e4382b":"ab7bca5595084bccdba80ade7ac3df2a0ce198fa49d29414c0249ec3d1c50d271ca74ba5c3521576a89a1964e6deded2d5ba7ff28a364a8f9235981bec1bedfa":"c5612a9540b64fc134074cb36f4c9ea62fff993938709b5d354a917e5265adee":"eee2258aba665aa6d3f5b8c2207f135276f597adb2a0fbfb16a20460e8cc3c68":"a6d6d126bed13dbcf2b327aa884b7260a9c388cb03751dbe9feb28a3fe351d62":"e04c3de51a1ffe8cda89e881c396584b"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #11
-ctr_drbg_validate_nopr:"52628551ce90c338ed94b655d4f05811":"b3a4a3c4d3d53ffa41b85ce3b8f292b1cc8e5af7488286d4c581005f8c02c5545c09bb08d8470b8cffdf62731b1d4b75c036af7dc4f2f1fc7e9a496f3d235f2d":"f5f9d5b51075b12aa300afdc7b8ea3944fc8cf4d1e95625cc4e42fdfdcbeb169":"60bccbc7345f23733fe8f8eb9760975057238705d9cee33b3269f9bfedd72202":"c0fa3afd6e9decfbffa7ea6678d2481c5f55ec0a35172ff93214b997400e97c3":"5a113906e1ef76b7b75fefbf20d78ef8"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"52628551ce90c338ed94b655d4f05811":"b3a4a3c4d3d53ffa41b85ce3b8f292b1cc8e5af7488286d4c581005f8c02c5545c09bb08d8470b8cffdf62731b1d4b75c036af7dc4f2f1fc7e9a496f3d235f2d":"f5f9d5b51075b12aa300afdc7b8ea3944fc8cf4d1e95625cc4e42fdfdcbeb169":"60bccbc7345f23733fe8f8eb9760975057238705d9cee33b3269f9bfedd72202":"c0fa3afd6e9decfbffa7ea6678d2481c5f55ec0a35172ff93214b997400e97c3":"5a113906e1ef76b7b75fefbf20d78ef8"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #12
-ctr_drbg_validate_nopr:"0e4873c4cbcde280abc6711a66dbb81a":"1ab7c7d8fe8f505e1dd7ddb8e7cda962572f7004b2a14c7a7c5bcf24bd16616e2c42c50ae5db9981ccd7d0c79062ac572d3893486bd0ae1f99cbc1d28a9e4c1e":"e4b89e28663e853f8b380c8a4491b54121fe6927340a74342362c37d8d615b66":"619775878879eff9ee2189790ff6f187baed4ed1b156029b80e7a070a1072a09":"ba3d673e5e41bd1abbc7191cc4b9a945201b8fef0016e4774047ee2abf499e74":"4758fd021c34a5cf6bea760ad09438a0"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"0e4873c4cbcde280abc6711a66dbb81a":"1ab7c7d8fe8f505e1dd7ddb8e7cda962572f7004b2a14c7a7c5bcf24bd16616e2c42c50ae5db9981ccd7d0c79062ac572d3893486bd0ae1f99cbc1d28a9e4c1e":"e4b89e28663e853f8b380c8a4491b54121fe6927340a74342362c37d8d615b66":"619775878879eff9ee2189790ff6f187baed4ed1b156029b80e7a070a1072a09":"ba3d673e5e41bd1abbc7191cc4b9a945201b8fef0016e4774047ee2abf499e74":"4758fd021c34a5cf6bea760ad09438a0"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #13
-ctr_drbg_validate_nopr:"0684e8ef93c3363ba535c4e573af1c24":"748a5f5fde271c563a8f8d15520d6818f7ed0efb9b434adf2ff9471b391dd225b37868179ffa9a6e58df3b1b765b8945685a2f966d29648dd86a42078339650b":"e90c82153d2280f1ddb55bd65e7752bf6717fbe08c49414f6c129bf608578db7":"c17e97c93cfabe0b925ca5d22615a06430a201b7595ad0d9967cc89a4777947d":"3d554c430c8928dcdb1f6d5e5a4306b309856a9b78c5f431c55d7ebd519443bb":"d3da71af70e196483c951d95eb3f0135"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"0684e8ef93c3363ba535c4e573af1c24":"748a5f5fde271c563a8f8d15520d6818f7ed0efb9b434adf2ff9471b391dd225b37868179ffa9a6e58df3b1b765b8945685a2f966d29648dd86a42078339650b":"e90c82153d2280f1ddb55bd65e7752bf6717fbe08c49414f6c129bf608578db7":"c17e97c93cfabe0b925ca5d22615a06430a201b7595ad0d9967cc89a4777947d":"3d554c430c8928dcdb1f6d5e5a4306b309856a9b78c5f431c55d7ebd519443bb":"d3da71af70e196483c951d95eb3f0135"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #14
-ctr_drbg_validate_nopr:"89b885ddb12abc4f7422334f27c00439":"e2366eec626bfd9cb932bcaa0569de6a7a37cf1dfde1f25d00d1a0c89fe25fea592cbd2af7c8202521fa48e15f7cc7e97e431b222b516a3ad2bb7b55b7fcf7f4":"c77ee92bd17939efe9bee48af66589aee1d9fe4cd6c8ae26b74b3799e35342a6":"23e80d36ca72ecc38551e7e0a4f9502bed0e160f382d802f48fb2714ec6e3315":"6b83f7458dc813ce0b963b231c424e8bced599d002c0ef91a9c20dcc3f172ea5":"81d13a6b79f05137e233e3c3a1091360"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"89b885ddb12abc4f7422334f27c00439":"e2366eec626bfd9cb932bcaa0569de6a7a37cf1dfde1f25d00d1a0c89fe25fea592cbd2af7c8202521fa48e15f7cc7e97e431b222b516a3ad2bb7b55b7fcf7f4":"c77ee92bd17939efe9bee48af66589aee1d9fe4cd6c8ae26b74b3799e35342a6":"23e80d36ca72ecc38551e7e0a4f9502bed0e160f382d802f48fb2714ec6e3315":"6b83f7458dc813ce0b963b231c424e8bced599d002c0ef91a9c20dcc3f172ea5":"81d13a6b79f05137e233e3c3a1091360"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #0
-ctr_drbg_validate_nopr:"ff568be02a46343113f06949a16cc7d9da315aef82f5681f0459650e5e180e65d1d77b00e5ce3e3f9eb6c18efff4db36":"77de4e5db3b308c38c814228583dfd1eb415771f4ae30f9cc2d35b48075286a4e8c2c6f441d1aac496d0d4be395d078519e31cb77d06d6f7fd4c033bc40fd659":"":"":"":"448ac707ba934c909335425de62944d6"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"ff568be02a46343113f06949a16cc7d9da315aef82f5681f0459650e5e180e65d1d77b00e5ce3e3f9eb6c18efff4db36":"77de4e5db3b308c38c814228583dfd1eb415771f4ae30f9cc2d35b48075286a4e8c2c6f441d1aac496d0d4be395d078519e31cb77d06d6f7fd4c033bc40fd659":"":"":"":"448ac707ba934c909335425de62944d6"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #1
-ctr_drbg_validate_nopr:"6f092b85eb9f96427642f69467911172cba6df86e0db08d04e824cde6fb91d9b9af2cea53f42d53c45ee3e69a2327172":"667d3ed9f41a154ea33b55182b8bee4d7d46eff8e890c7036cf7c2665d44c28f9e3a8cff166dabfaf262933d337e729e0b6a60a51d00ba18f877bdc9d0cc659e":"":"":"":"16a200f683ab862947e061cddaac5597"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"6f092b85eb9f96427642f69467911172cba6df86e0db08d04e824cde6fb91d9b9af2cea53f42d53c45ee3e69a2327172":"667d3ed9f41a154ea33b55182b8bee4d7d46eff8e890c7036cf7c2665d44c28f9e3a8cff166dabfaf262933d337e729e0b6a60a51d00ba18f877bdc9d0cc659e":"":"":"":"16a200f683ab862947e061cddaac5597"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #2
-ctr_drbg_validate_nopr:"26e635a6a2b6402b968c1eea13c6a980a0ee9b8497abc14fccdc5bf8439008861f74de2c200505185bf5907d3adc9de2":"80e56f9893beb9f22b2b03caa8f1861d5b31b37f636f2ccbc7e4040ad3073aa20f2f3c6bfefc041df8e57e7100794c42732b6d4b63d8bb51329ca99671d53c7c":"":"":"":"807586c977febcf2ad28fcd45e1a1deb"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"26e635a6a2b6402b968c1eea13c6a980a0ee9b8497abc14fccdc5bf8439008861f74de2c200505185bf5907d3adc9de2":"80e56f9893beb9f22b2b03caa8f1861d5b31b37f636f2ccbc7e4040ad3073aa20f2f3c6bfefc041df8e57e7100794c42732b6d4b63d8bb51329ca99671d53c7c":"":"":"":"807586c977febcf2ad28fcd45e1a1deb"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #3
-ctr_drbg_validate_nopr:"b239c485d319ce964d69bd3dbc5b7ab9cc72ac9134a25e641bcd3c8b6f89e7e08ef2d0a45cf67667a4e2e634b32d73ff":"c963e17ef46b7b2c68756019704ec7435ec093c423600b3f2f99dd8989f8539a11b1b0598e93e84d50b65e816e794421ab546b202e4b224a8494538dda85da82":"":"":"":"2a3218b4d59f99bd3825631a6eefb09c"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"b239c485d319ce964d69bd3dbc5b7ab9cc72ac9134a25e641bcd3c8b6f89e7e08ef2d0a45cf67667a4e2e634b32d73ff":"c963e17ef46b7b2c68756019704ec7435ec093c423600b3f2f99dd8989f8539a11b1b0598e93e84d50b65e816e794421ab546b202e4b224a8494538dda85da82":"":"":"":"2a3218b4d59f99bd3825631a6eefb09c"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #4
-ctr_drbg_validate_nopr:"0239545a23735b803ae7cb7766194917d6cce164f7ec4f65c6ccd5ec1db5297722d4b7466589da4d39f4585856bc1d7e":"71a440b70a2b5ce41b85de27d987fa2a0628d7990dd7cd1460fddc5410ce6e9bb0ae4f90231f45bc71188fd94e4170389a8bbe4a7e781c95c9a97ad78ba7d07b":"":"":"":"9dafaa8b727c4829dda10a831e67419d"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"0239545a23735b803ae7cb7766194917d6cce164f7ec4f65c6ccd5ec1db5297722d4b7466589da4d39f4585856bc1d7e":"71a440b70a2b5ce41b85de27d987fa2a0628d7990dd7cd1460fddc5410ce6e9bb0ae4f90231f45bc71188fd94e4170389a8bbe4a7e781c95c9a97ad78ba7d07b":"":"":"":"9dafaa8b727c4829dda10a831e67419d"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #5
-ctr_drbg_validate_nopr:"237e8916eadd65e3422fe59ab257b7e6957fe24f760b499fbd052241879e8294b01d2169ec2b98f52660d9f5170dee22":"d8908cfc1ea8518c1442e46731f30fdad85399894db262b8f4fdc0dbcbf11b60b60b25d3108f4b169fcbef621a14c635525fa3af8ccef6b91f808479509967f4":"":"":"":"593c39c56bb9e476550299ee8d85d2fc"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"237e8916eadd65e3422fe59ab257b7e6957fe24f760b499fbd052241879e8294b01d2169ec2b98f52660d9f5170dee22":"d8908cfc1ea8518c1442e46731f30fdad85399894db262b8f4fdc0dbcbf11b60b60b25d3108f4b169fcbef621a14c635525fa3af8ccef6b91f808479509967f4":"":"":"":"593c39c56bb9e476550299ee8d85d2fc"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #6
-ctr_drbg_validate_nopr:"28b6639b415c79012c749dc2a0d18433ec36eda55815f0841241453fa11b9d572b7c29208e01dbb0be91e1075f305d7f":"6767c3eb6ba1b19412c32bfe44e4d0317beba10f3abea328cda7b7c14109b72046c8691c1c7b28487037d381f77a3bbc8464a51b87de68bdc50ec9c658f915ab":"":"":"":"e390806219fa727e74a90011b4835ed6"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"28b6639b415c79012c749dc2a0d18433ec36eda55815f0841241453fa11b9d572b7c29208e01dbb0be91e1075f305d7f":"6767c3eb6ba1b19412c32bfe44e4d0317beba10f3abea328cda7b7c14109b72046c8691c1c7b28487037d381f77a3bbc8464a51b87de68bdc50ec9c658f915ab":"":"":"":"e390806219fa727e74a90011b4835ed6"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #7
-ctr_drbg_validate_nopr:"ce735a8549fc3f9dfc7b96bf0d48936a711439ac7271d715a278718aca9e2fe3c801030bc74b048ac1e40852345e87cc":"510b0dc06e84ceb901c7195c2f00ad7a04bdd75e0ab52b3d2cd47ddfcd89248dd58e3f1aa8c1ffe306f493905f65369eaed2a5b337dff8ac81c4c1e8903a6ad5":"":"":"":"ba871ba5843083b553a57cf8defa39d7"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"ce735a8549fc3f9dfc7b96bf0d48936a711439ac7271d715a278718aca9e2fe3c801030bc74b048ac1e40852345e87cc":"510b0dc06e84ceb901c7195c2f00ad7a04bdd75e0ab52b3d2cd47ddfcd89248dd58e3f1aa8c1ffe306f493905f65369eaed2a5b337dff8ac81c4c1e8903a6ad5":"":"":"":"ba871ba5843083b553a57cf8defa39d7"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #8
-ctr_drbg_validate_nopr:"841ea92fa42c06769c5c52fe152d07837b8ff0048392caa5dd045054353d363b25439eb5885e96771dded4005f2baf42":"97511ae52590a0b64b75c37e10b89671880d2d6e8f90780ac27263dbc0e32d0824be5e80a88cf8fc3d4c607eb873c0322d09b9ca3498c4015c53ca6fee890093":"":"":"":"a8fb31362bd997adf4d9116e23dbaf10"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"841ea92fa42c06769c5c52fe152d07837b8ff0048392caa5dd045054353d363b25439eb5885e96771dded4005f2baf42":"97511ae52590a0b64b75c37e10b89671880d2d6e8f90780ac27263dbc0e32d0824be5e80a88cf8fc3d4c607eb873c0322d09b9ca3498c4015c53ca6fee890093":"":"":"":"a8fb31362bd997adf4d9116e23dbaf10"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #9
-ctr_drbg_validate_nopr:"55cd76fa5f004b97bb8e14170f79f52715d18c60f142b06d16e8e06c274798190a79c8b325163989d86323c03dbe0d68":"bafc0ba64669c9a36514bde6169034101f29e2a0a4b9a55c0aae7dff0c5aca2371b523e26dc44bf75493bdaa023d1555294178288b70f1ae72150d9f7265b4e6":"":"":"":"fa16dbdaf01b3c202426adabf61fa64a"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"55cd76fa5f004b97bb8e14170f79f52715d18c60f142b06d16e8e06c274798190a79c8b325163989d86323c03dbe0d68":"bafc0ba64669c9a36514bde6169034101f29e2a0a4b9a55c0aae7dff0c5aca2371b523e26dc44bf75493bdaa023d1555294178288b70f1ae72150d9f7265b4e6":"":"":"":"fa16dbdaf01b3c202426adabf61fa64a"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #10
-ctr_drbg_validate_nopr:"ff3f3098fa3d2b23b38ed982e7afb61d46b4848c878b9280f8e5ed6bd81176e76f0a2a85071a411829cf84421c22f23e":"92194e2c700fa724489683d0b6ddcf72c89b9c3f3ff584e802ae426be4908b1ade093bcf9baf7738b988dc0fde1739498a97c9610da853a7c83981c6a7b68096":"":"":"":"f85490426dc243ba09f9719bff73545a"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"ff3f3098fa3d2b23b38ed982e7afb61d46b4848c878b9280f8e5ed6bd81176e76f0a2a85071a411829cf84421c22f23e":"92194e2c700fa724489683d0b6ddcf72c89b9c3f3ff584e802ae426be4908b1ade093bcf9baf7738b988dc0fde1739498a97c9610da853a7c83981c6a7b68096":"":"":"":"f85490426dc243ba09f9719bff73545a"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #11
-ctr_drbg_validate_nopr:"7242c1020a63770cccf6f8100970990232a9d11d61c9b0d38fe5e7a568a86252a66481212e5d53c868561298dd5bdeec":"7c3806a32ccf3252ac27a92a07209cd7000b160faa70b9024420b903587d1d77f002d3abe28b563d32ccc502b88f83bc5996f3dbbf0f57835839eadd94563b9d":"":"":"":"2232181f08c1569efaad1a82bcb5f3ba"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"7242c1020a63770cccf6f8100970990232a9d11d61c9b0d38fe5e7a568a86252a66481212e5d53c868561298dd5bdeec":"7c3806a32ccf3252ac27a92a07209cd7000b160faa70b9024420b903587d1d77f002d3abe28b563d32ccc502b88f83bc5996f3dbbf0f57835839eadd94563b9d":"":"":"":"2232181f08c1569efaad1a82bcb5f3ba"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #12
-ctr_drbg_validate_nopr:"a2e445290fed8187df6d2a57e68385bb62d700cb8f140410766b53e69e6a0f2939bbfa7ce091525c9051f064e383a2e1":"fdae5f1ea253108fcb255d215a3ce1dc1d101acf89de4423b75a74619e95f3feaa35b5e0bec430b0ad9567df818989c36c77742129af335c90ceb6dd79c7d2c4":"":"":"":"3841e2d795b17cb9a2081d6016a1a71d"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"a2e445290fed8187df6d2a57e68385bb62d700cb8f140410766b53e69e6a0f2939bbfa7ce091525c9051f064e383a2e1":"fdae5f1ea253108fcb255d215a3ce1dc1d101acf89de4423b75a74619e95f3feaa35b5e0bec430b0ad9567df818989c36c77742129af335c90ceb6dd79c7d2c4":"":"":"":"3841e2d795b17cb9a2081d6016a1a71d"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #13
-ctr_drbg_validate_nopr:"bc885454e385d911336dda9b7a609a6a7079a4a5a860fcd704161c34658bd98685bb03418b7f24f2ed9475eb8ceb232e":"77bef884a91126564b3214029ac6842d86e4c1fa283e33d6828d428377416f66947e39a4a6708e10bfdae8337a6f302420a6649fc109d0f094c18c1e9361375a":"":"":"":"ea20780ed280d8109f811a6a398c3e76"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"bc885454e385d911336dda9b7a609a6a7079a4a5a860fcd704161c34658bd98685bb03418b7f24f2ed9475eb8ceb232e":"77bef884a91126564b3214029ac6842d86e4c1fa283e33d6828d428377416f66947e39a4a6708e10bfdae8337a6f302420a6649fc109d0f094c18c1e9361375a":"":"":"":"ea20780ed280d8109f811a6a398c3e76"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #14
-ctr_drbg_validate_nopr:"c1825cf00cdc2da93adb3e7a33c1f3a76c49166887883744ea2683ddca23f31900f25c434364c992a6d913f753a9c42a":"56940a6fc4823c9e42e8ffed63fc3cf46d0a2b305c236a511b0b5ec7005ecd8989bf2006ebe52ed55845f7cc25d3d0086cece95f0bff6fa7e17ddf474704abfe":"":"":"":"b037c7f0f85f4d7eaeeb17f4c8643a74"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"c1825cf00cdc2da93adb3e7a33c1f3a76c49166887883744ea2683ddca23f31900f25c434364c992a6d913f753a9c42a":"56940a6fc4823c9e42e8ffed63fc3cf46d0a2b305c236a511b0b5ec7005ecd8989bf2006ebe52ed55845f7cc25d3d0086cece95f0bff6fa7e17ddf474704abfe":"":"":"":"b037c7f0f85f4d7eaeeb17f4c8643a74"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #0
-ctr_drbg_validate_nopr:"19b83c0deea6463a3912d21ffc8d8041a5b30640352abc9652770cfca99dc53c9c09942ddd67b91f4da50a8615462ce4":"5d85c56d0d20ee39958a90f301d2f8bb136fa34d09b41a0c9375114a0df9c1dcdb2a62c4be398d9eaf2440949b806f0e5a977da608eeb652a41711d1e9b72655":"9c1db928b95c84cb674060a6d2f6b7a6a5d43e9ee967e9f821bf309ca5f8821f":"a3111cb57365c617df0b0bb3a1aada49ca789bc75903eeb21e42a7d3d0dd0825":"ce7f557c70676987d13aca60bc4585147efeed97be139871a1b29caa1e180af9":"4a49430277d64446e2fa75763eb79ec6"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"19b83c0deea6463a3912d21ffc8d8041a5b30640352abc9652770cfca99dc53c9c09942ddd67b91f4da50a8615462ce4":"5d85c56d0d20ee39958a90f301d2f8bb136fa34d09b41a0c9375114a0df9c1dcdb2a62c4be398d9eaf2440949b806f0e5a977da608eeb652a41711d1e9b72655":"9c1db928b95c84cb674060a6d2f6b7a6a5d43e9ee967e9f821bf309ca5f8821f":"a3111cb57365c617df0b0bb3a1aada49ca789bc75903eeb21e42a7d3d0dd0825":"ce7f557c70676987d13aca60bc4585147efeed97be139871a1b29caa1e180af9":"4a49430277d64446e2fa75763eb79ec6"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #1
-ctr_drbg_validate_nopr:"239f21be6cda23e8660c8a5e04c79f6dad6f363ac6dcffd9228699ae43fbce5ac3c51645500cb3eae68f0b604dc4472c":"2975a099f7e6530e5576534c25171f39131d6bffb99259f7f2bbf7d77de9fb1e829052b54a9631a733113021692eba1097438347c6de82307a0c2bb308edf065":"d451a54584e6d1d634217379e7e60e67303e19dd4ba63b097899c7349a5a7433":"a33dc24c6a656eb26275415581d568b7c2424a9c5fb9e2944ca35ecbf641f713":"8dfccc62379af46844df136122b72a878d9d61b40ccaa029b09e6b9f0b4d0192":"005e91760d89ecb64b5fc3b0e222fca3"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"239f21be6cda23e8660c8a5e04c79f6dad6f363ac6dcffd9228699ae43fbce5ac3c51645500cb3eae68f0b604dc4472c":"2975a099f7e6530e5576534c25171f39131d6bffb99259f7f2bbf7d77de9fb1e829052b54a9631a733113021692eba1097438347c6de82307a0c2bb308edf065":"d451a54584e6d1d634217379e7e60e67303e19dd4ba63b097899c7349a5a7433":"a33dc24c6a656eb26275415581d568b7c2424a9c5fb9e2944ca35ecbf641f713":"8dfccc62379af46844df136122b72a878d9d61b40ccaa029b09e6b9f0b4d0192":"005e91760d89ecb64b5fc3b0e222fca3"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #2
-ctr_drbg_validate_nopr:"e326abbe1db3ead3738d2ca4d9f1d62080cd23ff3396f43a0af992bed2420cec6661dfaac83c3c4d83347ac840f7dc14":"37c94d11ed0e93b8199d43d6eb242165dddd12fe39c0bea4cdef6bcfeb5d17bb866f080a9daef128f685fb3bc59c945927fb0aa3e17068515c3c92fbdf04a228":"1ff41405dbb3b12b8ddc973069edc2d2801af0e0dc9bde2cdd35c5b2d4091509":"138b6d2eabef4b32174afb0156ad1df570cf6e5f6ebde5d19cc30daffd9ca4f2":"f27cf7422808c54c58fcdde1cece92f5342c7a10ac43ab3b2e53362b2272e3ad":"506d6fae6fff9f222e65ac86df61a832"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"e326abbe1db3ead3738d2ca4d9f1d62080cd23ff3396f43a0af992bed2420cec6661dfaac83c3c4d83347ac840f7dc14":"37c94d11ed0e93b8199d43d6eb242165dddd12fe39c0bea4cdef6bcfeb5d17bb866f080a9daef128f685fb3bc59c945927fb0aa3e17068515c3c92fbdf04a228":"1ff41405dbb3b12b8ddc973069edc2d2801af0e0dc9bde2cdd35c5b2d4091509":"138b6d2eabef4b32174afb0156ad1df570cf6e5f6ebde5d19cc30daffd9ca4f2":"f27cf7422808c54c58fcdde1cece92f5342c7a10ac43ab3b2e53362b2272e3ad":"506d6fae6fff9f222e65ac86df61a832"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #3
-ctr_drbg_validate_nopr:"cb0229d2bb72d910b0169e8f93318905aef8dd93ed91a2f8388545db32db3f2489e7988b50de64c49a9f7feb5abe8630":"514ec8c02439290853434e75e3d0bd159eacd5ac13b8f202cfd5c36cdc0fe99b53a1b7a1619e94eb661ac825a48ea5ef8bb9120dd6efc351e39eb7cc5223f637":"a6ed69c9216c551793107f1bdaa04944f6d76fe4474f64bb08b0ebc10a18f337":"e0bc1cc56fdfeef686e0c7ec359e2e8bd48d76c8643c40d12325328170bbf702":"87c5b23aa3c100ff9e368fc47534ff8fa2f9e2bfd3599519ee6f60164485cf6d":"bd419968f636e374268ccdd62403f79c"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"cb0229d2bb72d910b0169e8f93318905aef8dd93ed91a2f8388545db32db3f2489e7988b50de64c49a9f7feb5abe8630":"514ec8c02439290853434e75e3d0bd159eacd5ac13b8f202cfd5c36cdc0fe99b53a1b7a1619e94eb661ac825a48ea5ef8bb9120dd6efc351e39eb7cc5223f637":"a6ed69c9216c551793107f1bdaa04944f6d76fe4474f64bb08b0ebc10a18f337":"e0bc1cc56fdfeef686e0c7ec359e2e8bd48d76c8643c40d12325328170bbf702":"87c5b23aa3c100ff9e368fc47534ff8fa2f9e2bfd3599519ee6f60164485cf6d":"bd419968f636e374268ccdd62403f79c"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #4
-ctr_drbg_validate_nopr:"bdd156ef3c4e09b77fe8781c446eac55b562e4ee1b7d15515a966882d4c7fadb0fc7b37554ba03908838db40499ded5b":"9facd9f4587819acb358e4936d9f44b67ddf82616e79a44ffd6a2510f652f6b9cebc1424b5c642362b19f63c615f49686df66a8f80ddffb56ce0c0d8540150fb":"35ea316fe302786f626e3831530622b62eb33a3608d4af3384ecfcbd198f3f05":"8d4fae22290b6ef8618ded1c3412e85fab7b8d17fb9cbd09dbc87f97279cc72d":"2f54928372e4ce447201427a3ae05769ae1c54b2e83bdc86d380a90b07f2890c":"8045e8da88b1bc126785c8a771db5354"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"bdd156ef3c4e09b77fe8781c446eac55b562e4ee1b7d15515a966882d4c7fadb0fc7b37554ba03908838db40499ded5b":"9facd9f4587819acb358e4936d9f44b67ddf82616e79a44ffd6a2510f652f6b9cebc1424b5c642362b19f63c615f49686df66a8f80ddffb56ce0c0d8540150fb":"35ea316fe302786f626e3831530622b62eb33a3608d4af3384ecfcbd198f3f05":"8d4fae22290b6ef8618ded1c3412e85fab7b8d17fb9cbd09dbc87f97279cc72d":"2f54928372e4ce447201427a3ae05769ae1c54b2e83bdc86d380a90b07f2890c":"8045e8da88b1bc126785c8a771db5354"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #5
-ctr_drbg_validate_nopr:"154876298a1b63334624b367da984eb31d7260abe79ced41de35ba68a716233a5df0937b90f89dde7fd55a9693c9031f":"36895f574e9e9d08e6c885d305eb4764c1e5689d1f99c2462b3ebdf659e8ce43818dfc886ec797843bfee361b554cd5f969b0c7b0381b53f4afc1bcadbf7eb1c":"c3a46105c50a167a5b0391053f3814a06c90cea2c1fa9329d97fdbc62887ff6d":"54c7d66c65dbddb4665981bff0f503de37d724362aeb67abce6a870fd6a7398a":"58204ca953cbd46dd6c8870b358cba77c436870db49bcd3e2f92697bb580b460":"cd903c0f11ea701214f91715cfec11a3"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"154876298a1b63334624b367da984eb31d7260abe79ced41de35ba68a716233a5df0937b90f89dde7fd55a9693c9031f":"36895f574e9e9d08e6c885d305eb4764c1e5689d1f99c2462b3ebdf659e8ce43818dfc886ec797843bfee361b554cd5f969b0c7b0381b53f4afc1bcadbf7eb1c":"c3a46105c50a167a5b0391053f3814a06c90cea2c1fa9329d97fdbc62887ff6d":"54c7d66c65dbddb4665981bff0f503de37d724362aeb67abce6a870fd6a7398a":"58204ca953cbd46dd6c8870b358cba77c436870db49bcd3e2f92697bb580b460":"cd903c0f11ea701214f91715cfec11a3"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #6
-ctr_drbg_validate_nopr:"94e273fde1e699f84aeef343eb0277c50d169bb5496575301021a2be50df6a555d1422ea88e0e4d905158e93fd8d0089":"1cd97b6e6e7f19401e409aea7b3ec33a8faefd71402b8f34a73c1cb1af215e0e87debe68bce590d41c1f90c6ad9db3d30b3901862e076d765ffdf58776e5fb7e":"6ee75e9f9aee6ac93e20f742f20427e5eb9b4ad2ed06fbba8c7b7870a96941ac":"0ba60399893ede284372bc4e0a37702a23b16aa8e5fe70ea95429af87ff291aa":"94bd2b51c32d29cd14e2123221e45ec0cf1f38766fb6bb0716856d0138f6fa39":"831793686abd406f7b385cd59e497b18"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"94e273fde1e699f84aeef343eb0277c50d169bb5496575301021a2be50df6a555d1422ea88e0e4d905158e93fd8d0089":"1cd97b6e6e7f19401e409aea7b3ec33a8faefd71402b8f34a73c1cb1af215e0e87debe68bce590d41c1f90c6ad9db3d30b3901862e076d765ffdf58776e5fb7e":"6ee75e9f9aee6ac93e20f742f20427e5eb9b4ad2ed06fbba8c7b7870a96941ac":"0ba60399893ede284372bc4e0a37702a23b16aa8e5fe70ea95429af87ff291aa":"94bd2b51c32d29cd14e2123221e45ec0cf1f38766fb6bb0716856d0138f6fa39":"831793686abd406f7b385cd59e497b18"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #7
-ctr_drbg_validate_nopr:"5a699113ebf98bff9cb780ce29747a61ba2d7581a5716065d018c89348d7c2ed3f5bba32442cd192c1e37b77b98f5791":"de6d2a3b6ad9af07058d3b1d1976cf61d49566b965eb4e9b74a4cad8e286e7a40b254b860e2e209a8cb4cff3a8e615b84f5ae7505957a758e266a4c3e915d251":"ed18c16a61ba5ecc0755f94c286390a6d46e6e26439dadd36c83ebdee42b4b4c":"7c4550d058b85580be2053fd9d933c87041c5c3f62a5b6b303259dafc90d9041":"ebebfcb9b4b3595e516939ca0688422bbdfc4b9f67b0d6619757cb315b7d7908":"1a5a496aa2268483444b3740c9cc4104"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"5a699113ebf98bff9cb780ce29747a61ba2d7581a5716065d018c89348d7c2ed3f5bba32442cd192c1e37b77b98f5791":"de6d2a3b6ad9af07058d3b1d1976cf61d49566b965eb4e9b74a4cad8e286e7a40b254b860e2e209a8cb4cff3a8e615b84f5ae7505957a758e266a4c3e915d251":"ed18c16a61ba5ecc0755f94c286390a6d46e6e26439dadd36c83ebdee42b4b4c":"7c4550d058b85580be2053fd9d933c87041c5c3f62a5b6b303259dafc90d9041":"ebebfcb9b4b3595e516939ca0688422bbdfc4b9f67b0d6619757cb315b7d7908":"1a5a496aa2268483444b3740c9cc4104"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #8
-ctr_drbg_validate_nopr:"42450f2689b87a3dd940f3b9e3b32d4654c725a24ddd2c22f006694321dacf1980b50f7ac0401626453ec836039bfdc9":"4765399ccbbf3d33433bb992ee29e4381f28d800b05431f1c5b3e949c5db72c582bfe8ba08db1575b866816cabbe5e1d31d8a870ceed49fb75676c97020d1f22":"6ee5a7613c25ecec263a2fd2288948b2df9a05d50040c4031b0653878fdb067f":"68a1038481be7412d6a7c8474d4b2a2535c9b55ea301ee800d5a846127d345cb":"7a1915cf78e6da2dc7840cba40390d668d07571608b77857d2224c4531c17bb8":"80a6c622e64495f9a391f5a8a9c76818"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"42450f2689b87a3dd940f3b9e3b32d4654c725a24ddd2c22f006694321dacf1980b50f7ac0401626453ec836039bfdc9":"4765399ccbbf3d33433bb992ee29e4381f28d800b05431f1c5b3e949c5db72c582bfe8ba08db1575b866816cabbe5e1d31d8a870ceed49fb75676c97020d1f22":"6ee5a7613c25ecec263a2fd2288948b2df9a05d50040c4031b0653878fdb067f":"68a1038481be7412d6a7c8474d4b2a2535c9b55ea301ee800d5a846127d345cb":"7a1915cf78e6da2dc7840cba40390d668d07571608b77857d2224c4531c17bb8":"80a6c622e64495f9a391f5a8a9c76818"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #9
-ctr_drbg_validate_nopr:"873869e194201b822b140bdd7797dd1ed408f2190b759c068b7019e6707f60751e101d3465c4ec57dbf9d1ea7597fa44":"d2f92706ca3fb9ced8183c74704440d7eedee1542c2e812f65afc83f4b62dadf1c51fa68f8d5f457a893211c8afc82c93e6a1e15822eff0d4ada6efd25d271a0":"8d0393d2a1ae8930ea88773adfa47b49060f0bf2d3def2acc57786bfbd1e2d6f":"5bcf5ff4fbd9eaabf8bf82ec7c59b043fd64b0025ad1ab2b384e399b9e13147a":"6e2d05e286c90502a3abf2ee72ab7ffb520ce5facfb27e095787a09a412abec3":"e1ceda71b8feb4b0d14d35bbb57a79a2"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"873869e194201b822b140bdd7797dd1ed408f2190b759c068b7019e6707f60751e101d3465c4ec57dbf9d1ea7597fa44":"d2f92706ca3fb9ced8183c74704440d7eedee1542c2e812f65afc83f4b62dadf1c51fa68f8d5f457a893211c8afc82c93e6a1e15822eff0d4ada6efd25d271a0":"8d0393d2a1ae8930ea88773adfa47b49060f0bf2d3def2acc57786bfbd1e2d6f":"5bcf5ff4fbd9eaabf8bf82ec7c59b043fd64b0025ad1ab2b384e399b9e13147a":"6e2d05e286c90502a3abf2ee72ab7ffb520ce5facfb27e095787a09a412abec3":"e1ceda71b8feb4b0d14d35bbb57a79a2"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #10
-ctr_drbg_validate_nopr:"1fecb5fe87c2a208b4f193e9c3ff810954c554150d544baea1685fb4774320315d5cb651be493ef120ef6966e3e7518c":"34bc292809674352ffb60786dca59ec799188aa401b366a48cdeddf37c12ee4c666f8fb3a0d53df4cd7191166d50ff01d992f94cd92da7a385ffe5795b197ced":"38249fed34a907768eac49267c2c613a65154eec5b73b541d7d7b314b5080061":"115be9cb914b50480fffe078d8170870b56129a0a74271dee063f8b2049e1be3":"69fa6faf7223f5bb1b55f35a544f78181579b1745990053357916fe507e51db6":"60cc92d3ba3ff0715f5627182334ed1b"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"1fecb5fe87c2a208b4f193e9c3ff810954c554150d544baea1685fb4774320315d5cb651be493ef120ef6966e3e7518c":"34bc292809674352ffb60786dca59ec799188aa401b366a48cdeddf37c12ee4c666f8fb3a0d53df4cd7191166d50ff01d992f94cd92da7a385ffe5795b197ced":"38249fed34a907768eac49267c2c613a65154eec5b73b541d7d7b314b5080061":"115be9cb914b50480fffe078d8170870b56129a0a74271dee063f8b2049e1be3":"69fa6faf7223f5bb1b55f35a544f78181579b1745990053357916fe507e51db6":"60cc92d3ba3ff0715f5627182334ed1b"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #11
-ctr_drbg_validate_nopr:"4d283eb5ecd85a1613c975e24832770643613c9a5aee0d8649bc0d68c89cf1ea6ec3a1a22eefd9e212d602c338d64c6e":"4aa6917a5c9f370590d70536fdd89c916fec5e5bcbade8c6a6cfcf5b232c98a6b3e6b79a2dfb0778fbc3f1da7b06044d7b0fa2c04ffc3b71324aca1ee19f936b":"05a7092a684ba7a7fbd33533f9be58a4140a3855d4c5f44a31d665a0720c1739":"557ef1bedc890d1543de6cfeb25642782683d77a46bc8aa0836b07157599c7c3":"e87e45073ff8e36c38b128cd2275a160e431787b5e81f6c2fd7a37909eb72ea5":"31ecfb1bcf3253ba5f71b185a66c7cff"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"4d283eb5ecd85a1613c975e24832770643613c9a5aee0d8649bc0d68c89cf1ea6ec3a1a22eefd9e212d602c338d64c6e":"4aa6917a5c9f370590d70536fdd89c916fec5e5bcbade8c6a6cfcf5b232c98a6b3e6b79a2dfb0778fbc3f1da7b06044d7b0fa2c04ffc3b71324aca1ee19f936b":"05a7092a684ba7a7fbd33533f9be58a4140a3855d4c5f44a31d665a0720c1739":"557ef1bedc890d1543de6cfeb25642782683d77a46bc8aa0836b07157599c7c3":"e87e45073ff8e36c38b128cd2275a160e431787b5e81f6c2fd7a37909eb72ea5":"31ecfb1bcf3253ba5f71b185a66c7cff"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #12
-ctr_drbg_validate_nopr:"a6f488104a6c03e354d5d1805c62dcd3016322d218747fa83f9199e20f6ab1cfbc2b889536bda1187f59b7294d557ff2":"22f8ad57a2dfa8010e2865ad6263823652917b84dfea61f639efdb0fdbb35c6341ca7721095d69686212dffe78410c0d0db94f04756d52e7d76165d5a1d516d9":"fb9951d563f7aa88db545874b1a3049c5f79774d486e7a28aed1ed75f59224a5":"b1ea7c6b53e79e4e947e63086dee32dcc17bc4f27fba6142f8215ec081cdd5c9":"0d12cc0a39bfbf87194e4070f6b54caaabbe48fa192b96cfed2a794d95fa299d":"62a1c5678e6e8fc738d375e2ca48751f"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"a6f488104a6c03e354d5d1805c62dcd3016322d218747fa83f9199e20f6ab1cfbc2b889536bda1187f59b7294d557ff2":"22f8ad57a2dfa8010e2865ad6263823652917b84dfea61f639efdb0fdbb35c6341ca7721095d69686212dffe78410c0d0db94f04756d52e7d76165d5a1d516d9":"fb9951d563f7aa88db545874b1a3049c5f79774d486e7a28aed1ed75f59224a5":"b1ea7c6b53e79e4e947e63086dee32dcc17bc4f27fba6142f8215ec081cdd5c9":"0d12cc0a39bfbf87194e4070f6b54caaabbe48fa192b96cfed2a794d95fa299d":"62a1c5678e6e8fc738d375e2ca48751f"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #13
-ctr_drbg_validate_nopr:"9d67e017e0abdd7c079bc0354f33dab696ad64146802f06d6cefd9cdefbf55b197f5899e5efaa269cc0432c87648ce18":"d8be0ec1119ff959c32c9cf29914e3f7bf2b01bdbf806c2d9ba119ae2a2cfb565871762b02ee7bf68f1d280532fd7ae7368517f6f751739b228d23df2f207f35":"74a5e24477e8759bedfbaa196f398777108392efb8c64c65c0c9ecd6cd3b5f04":"70cbc6cfe1d6ab4bc30d66fa162d5d4b3029e4b1b9d759f3eae17fb508e91a46":"d3c538e042f0eb796b4af9b4e65cd850425c72e2c896fcea741c17172faf27d9":"559a5e04b75cec250aac2433176a725e"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"9d67e017e0abdd7c079bc0354f33dab696ad64146802f06d6cefd9cdefbf55b197f5899e5efaa269cc0432c87648ce18":"d8be0ec1119ff959c32c9cf29914e3f7bf2b01bdbf806c2d9ba119ae2a2cfb565871762b02ee7bf68f1d280532fd7ae7368517f6f751739b228d23df2f207f35":"74a5e24477e8759bedfbaa196f398777108392efb8c64c65c0c9ecd6cd3b5f04":"70cbc6cfe1d6ab4bc30d66fa162d5d4b3029e4b1b9d759f3eae17fb508e91a46":"d3c538e042f0eb796b4af9b4e65cd850425c72e2c896fcea741c17172faf27d9":"559a5e04b75cec250aac2433176a725e"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #14
-ctr_drbg_validate_nopr:"10914608a6d373a26c53ab83014283b678d73dfea65b4a3540af17f2fafa3b3cf698925b423edb9f946b906f43110795":"9ded87d289412dfda8935e5b08ec66b68abd1bae1fc5363e4341f58db954f1f9bc4b681c0d930ba080f85f8fd04c173cb2b77723ce67692efa7ade48b82b6926":"225159b4c679094f277516b2335b1e8b7d0a7ea33fd56822906d481fe412586d":"4967cd401cd466aba0be5f55615ca0d9fb8adbde5cb4e6ae3a0159fcd6c36bf0":"fec14f325b8b458ddf3e7f2e10938f4c2d04c8d9885bb5b9277bdc229c70b354":"1cd5c0bdeb87c79235bead416c565d32"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"10914608a6d373a26c53ab83014283b678d73dfea65b4a3540af17f2fafa3b3cf698925b423edb9f946b906f43110795":"9ded87d289412dfda8935e5b08ec66b68abd1bae1fc5363e4341f58db954f1f9bc4b681c0d930ba080f85f8fd04c173cb2b77723ce67692efa7ade48b82b6926":"225159b4c679094f277516b2335b1e8b7d0a7ea33fd56822906d481fe412586d":"4967cd401cd466aba0be5f55615ca0d9fb8adbde5cb4e6ae3a0159fcd6c36bf0":"fec14f325b8b458ddf3e7f2e10938f4c2d04c8d9885bb5b9277bdc229c70b354":"1cd5c0bdeb87c79235bead416c565d32"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #0
-ctr_drbg_validate_nopr:"b023f6a6f73d4749b36eb54867994432":"2462ad760ddbca4e013688bf61381f190c7b2de57cbeeec81d6ab7b6f067b75adc3545887f8d2aa5d9b9dfcbfa425d610faa9c247eb5d71145f302918e908ae5":"":"":"":"c0620c68515a4618e572db6e4c14473d"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"b023f6a6f73d4749b36eb54867994432":"2462ad760ddbca4e013688bf61381f190c7b2de57cbeeec81d6ab7b6f067b75adc3545887f8d2aa5d9b9dfcbfa425d610faa9c247eb5d71145f302918e908ae5":"":"":"":"c0620c68515a4618e572db6e4c14473d"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #1
-ctr_drbg_validate_nopr:"7e0fcd953c1c8bb8d03d7a0e918fb59d":"56b2e11d5c2d87d2c9c90c285e0041beb4594a6efdd577580095612e50cf47c0b76208337e1e18453082d725629667d86226ab22944bbfb40c38b7986e489adb":"":"":"":"7194eee0d333fa5282dc44db964ecf5b"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"7e0fcd953c1c8bb8d03d7a0e918fb59d":"56b2e11d5c2d87d2c9c90c285e0041beb4594a6efdd577580095612e50cf47c0b76208337e1e18453082d725629667d86226ab22944bbfb40c38b7986e489adb":"":"":"":"7194eee0d333fa5282dc44db964ecf5b"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #2
-ctr_drbg_validate_nopr:"0130217d4a3945402ed99d7b8504fe4b":"28e592fd9db72b40ae4888078aedde260f6de4f0472a7601258e694d7bb6af6810ff4eabdffb332932765fa1d66650fb78cc2be484c0ba803eb9a2502020e865":"":"":"":"4652f0545385fdbe02d05aec21668608"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"0130217d4a3945402ed99d7b8504fe4b":"28e592fd9db72b40ae4888078aedde260f6de4f0472a7601258e694d7bb6af6810ff4eabdffb332932765fa1d66650fb78cc2be484c0ba803eb9a2502020e865":"":"":"":"4652f0545385fdbe02d05aec21668608"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #3
-ctr_drbg_validate_nopr:"07854447e33521d2d997d90c0887f42d":"c561ab6acfbfb98879982ac7add92b80471e0154b77ccc9fd98e7c2013c411e8075948e97ab4db7505797a99d456e54e6585042efeff7e3970e399ea0d27537c":"":"":"":"1a14a810c11b4f0af23c6467c47bbde0"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"07854447e33521d2d997d90c0887f42d":"c561ab6acfbfb98879982ac7add92b80471e0154b77ccc9fd98e7c2013c411e8075948e97ab4db7505797a99d456e54e6585042efeff7e3970e399ea0d27537c":"":"":"":"1a14a810c11b4f0af23c6467c47bbde0"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #4
-ctr_drbg_validate_nopr:"68a8ec01581d6066391f3e5977465026":"747c7e9aace6d4f840c7b5261e0af796c516477421d52850a7072a0ab2c768fcc80c9ba8d18b228e77a7f6131c788a76515fe31aef4ed67376568231a4700fac":"":"":"":"a5723c43743442fae3637bb553891aeb"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"68a8ec01581d6066391f3e5977465026":"747c7e9aace6d4f840c7b5261e0af796c516477421d52850a7072a0ab2c768fcc80c9ba8d18b228e77a7f6131c788a76515fe31aef4ed67376568231a4700fac":"":"":"":"a5723c43743442fae3637bb553891aeb"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #5
-ctr_drbg_validate_nopr:"1459038c60b70bae7af0da6cfab707a2":"9f7d839310846bd452827a185539c0eb0f106acc7bc4de80d3521a970b23483d57826b1484d329a2d1c2ecfeaf8eeffbaa6e1a305e3f1e47b96ad48a711ad1aa":"":"":"":"5fcd6bf108fe68b85f61f85c0556f5c0"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"1459038c60b70bae7af0da6cfab707a2":"9f7d839310846bd452827a185539c0eb0f106acc7bc4de80d3521a970b23483d57826b1484d329a2d1c2ecfeaf8eeffbaa6e1a305e3f1e47b96ad48a711ad1aa":"":"":"":"5fcd6bf108fe68b85f61f85c0556f5c0"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #6
-ctr_drbg_validate_nopr:"a3357db173df98da4dd02ee24ce5c303":"f1ce08587ac0338b4d0b8e075b42b6501e77758b30087de028a8622fb7abd7f65e3b4f802d1a472dedb9c1a6dc9263c65918d8b7fafd0ae7e9c39e2e8684af3f":"":"":"":"8a5fa11d8e78fbf1ca4e4ca3e1ae82b8"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"a3357db173df98da4dd02ee24ce5c303":"f1ce08587ac0338b4d0b8e075b42b6501e77758b30087de028a8622fb7abd7f65e3b4f802d1a472dedb9c1a6dc9263c65918d8b7fafd0ae7e9c39e2e8684af3f":"":"":"":"8a5fa11d8e78fbf1ca4e4ca3e1ae82b8"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #7
-ctr_drbg_validate_nopr:"212f4c80c7e9287c8d25e3b965f91a3c":"bf1d715b3f56c433827c9cb429bee5ca61c80a8d9b2fd4498e1c86ce703637f8f7f34056ab0039e0baa63320df0ec61de60354f2ece06356d9be3c6d1cdcc4cf":"":"":"":"04ac2f969e828f375b03ee16317e8572"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"212f4c80c7e9287c8d25e3b965f91a3c":"bf1d715b3f56c433827c9cb429bee5ca61c80a8d9b2fd4498e1c86ce703637f8f7f34056ab0039e0baa63320df0ec61de60354f2ece06356d9be3c6d1cdcc4cf":"":"":"":"04ac2f969e828f375b03ee16317e8572"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #8
-ctr_drbg_validate_nopr:"46e85752e0af82fc63932950120e4b5d":"ae4316424fa765179404188eb8839ce84ad8db92cb12f39089a93a2dbdc371e2fdbef1ad080eb354eecdda3a10ea66ef647aa095afa1786c01bd1c9f70d8da4f":"":"":"":"de576284d8ad36b31bd4f8f3da633e36"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"46e85752e0af82fc63932950120e4b5d":"ae4316424fa765179404188eb8839ce84ad8db92cb12f39089a93a2dbdc371e2fdbef1ad080eb354eecdda3a10ea66ef647aa095afa1786c01bd1c9f70d8da4f":"":"":"":"de576284d8ad36b31bd4f8f3da633e36"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #9
-ctr_drbg_validate_nopr:"ec2459b1dd7f50df63e14e40aa4a4e66":"b964a24bf98264327c0b9e2e1c99ed1b35f534be801c996f318bc2074ed2500ba8488c4feb442b507c3220523c0041c9543133379365e65e092850a5e3f96cc9":"":"":"":"4d466e2f388aae40d1b31ce1f8ddc5e8"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"ec2459b1dd7f50df63e14e40aa4a4e66":"b964a24bf98264327c0b9e2e1c99ed1b35f534be801c996f318bc2074ed2500ba8488c4feb442b507c3220523c0041c9543133379365e65e092850a5e3f96cc9":"":"":"":"4d466e2f388aae40d1b31ce1f8ddc5e8"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #10
-ctr_drbg_validate_nopr:"acf480d54f4c66d611519b72f2c0dca6":"d5b3277cf8badf6be86af27dd36f23ffc580847c5fcb56c4d8a42339336f185c38ffb86f4d8aa7646c1aaed6c2b0c7ae7e4d435f481d62bb01e632f6bbb2abf9":"":"":"":"746aaa5423ef77ea6b1eda47410262dd"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"acf480d54f4c66d611519b72f2c0dca6":"d5b3277cf8badf6be86af27dd36f23ffc580847c5fcb56c4d8a42339336f185c38ffb86f4d8aa7646c1aaed6c2b0c7ae7e4d435f481d62bb01e632f6bbb2abf9":"":"":"":"746aaa5423ef77ea6b1eda47410262dd"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #11
-ctr_drbg_validate_nopr:"edb80fddc595b234e3c5c03b2be3d721":"94aad8c772201435543efd9013c9f5f022038db6864e9ed4141ea75beb236844da6e6a17109262bc80f528427b37d9da6df03c7dd25be233774384a7f53197ea":"":"":"":"511927f10f800445b705ea3cfe6ec823"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"edb80fddc595b234e3c5c03b2be3d721":"94aad8c772201435543efd9013c9f5f022038db6864e9ed4141ea75beb236844da6e6a17109262bc80f528427b37d9da6df03c7dd25be233774384a7f53197ea":"":"":"":"511927f10f800445b705ea3cfe6ec823"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #12
-ctr_drbg_validate_nopr:"c7790c9888b0e731ca6ccd60c32bb98a":"967050c11050a6d99a5da428d1f0fc8068b29ba4c66965addbfd31b745cb07d2439d268ab32a5fa2b1934bf277ff586506a941768468905ed980537d8baa1d07":"":"":"":"978493f0cece6f94d21863a519e06dbe"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"c7790c9888b0e731ca6ccd60c32bb98a":"967050c11050a6d99a5da428d1f0fc8068b29ba4c66965addbfd31b745cb07d2439d268ab32a5fa2b1934bf277ff586506a941768468905ed980537d8baa1d07":"":"":"":"978493f0cece6f94d21863a519e06dbe"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #13
-ctr_drbg_validate_nopr:"58c75625771df61c48a82590eeed3378":"be3120e8515a98701b4b2fb0667de2bad3f32bcbf10fb9b820956f9aa7ffa1bbbafb70002a9c7fdd1cf7e76a735261798dc60a1163919d58e39ef0c38b54b27b":"":"":"":"90f5c486e7efe932258610e744506487"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"58c75625771df61c48a82590eeed3378":"be3120e8515a98701b4b2fb0667de2bad3f32bcbf10fb9b820956f9aa7ffa1bbbafb70002a9c7fdd1cf7e76a735261798dc60a1163919d58e39ef0c38b54b27b":"":"":"":"90f5c486e7efe932258610e744506487"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,0) #14
-ctr_drbg_validate_nopr:"d3f64c11aa21bb2d12278847547fb11b":"855c0e3a7567730b11e197c136e5c22b1dc7271d4dbe04bcdfd2fc0ef806b3c05b4264ee6c60d526506622ebf6130738dba4bf35c13ce33db19487312ee691fe":"":"":"":"33ed7089ebae738c6a7e6e2390d573e4"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"d3f64c11aa21bb2d12278847547fb11b":"855c0e3a7567730b11e197c136e5c22b1dc7271d4dbe04bcdfd2fc0ef806b3c05b4264ee6c60d526506622ebf6130738dba4bf35c13ce33db19487312ee691fe":"":"":"":"33ed7089ebae738c6a7e6e2390d573e4"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #0
-ctr_drbg_validate_nopr:"132ad1c40afb066620f004f08409c59e":"2e5beadd89b663b3903d3a63c3ab5605bfb1a0045a42430e0220243c51a69f7ff7678c2f8edb7bb4a29b646f3edfaca2463f9defd342da87d22b1b8fdb012fd5":"150deb841d1a4d90e66e85b036d9f5a7efca726b907ae3e8f05e1d1338cdfd32":"fb199beeeaf3939be2a5f9e6ba22f97cdd2c7576e81eccc686facbdf8bb4f2aa":"4293341721f57e4548ce8c003531d38622446c8825904e1b868dcddc626c5164":"66d8f3bfb78186b57136ec2c1602e1ef"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"132ad1c40afb066620f004f08409c59e":"2e5beadd89b663b3903d3a63c3ab5605bfb1a0045a42430e0220243c51a69f7ff7678c2f8edb7bb4a29b646f3edfaca2463f9defd342da87d22b1b8fdb012fd5":"150deb841d1a4d90e66e85b036d9f5a7efca726b907ae3e8f05e1d1338cdfd32":"fb199beeeaf3939be2a5f9e6ba22f97cdd2c7576e81eccc686facbdf8bb4f2aa":"4293341721f57e4548ce8c003531d38622446c8825904e1b868dcddc626c5164":"66d8f3bfb78186b57136ec2c1602e1ef"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #1
-ctr_drbg_validate_nopr:"1c1502ca97c109399a72a77c8d6cc22b":"1d33b1b257a3ae1210fa2099307916a73dd92270769697ea2d7901f56865e3cae1be94b5024d0da3880bce06f0b31231c5a889f8ba3d92a20844b61009db672d":"23eede46eff4a04b08dcc2133e4537b332351f8469630f11b0c8853fb762a4bc":"6fd9f9da108e68aea9d1cecd81c49bcd0e7bedb348890f2248cb31c4277369f7":"76bcc11bd952123f78dd2ba60dd932d49203e418bb832d60b45c083e1e129834":"a1eee46001616f2bf87729895da0d0d1"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"1c1502ca97c109399a72a77c8d6cc22b":"1d33b1b257a3ae1210fa2099307916a73dd92270769697ea2d7901f56865e3cae1be94b5024d0da3880bce06f0b31231c5a889f8ba3d92a20844b61009db672d":"23eede46eff4a04b08dcc2133e4537b332351f8469630f11b0c8853fb762a4bc":"6fd9f9da108e68aea9d1cecd81c49bcd0e7bedb348890f2248cb31c4277369f7":"76bcc11bd952123f78dd2ba60dd932d49203e418bb832d60b45c083e1e129834":"a1eee46001616f2bf87729895da0d0d1"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #2
-ctr_drbg_validate_nopr:"c79c0a1db75e83af258cdf9ead81264d":"5e8cc0fdadc170ed0f5e12f79a6b9e585f9d7c2926c163686a6a724495d88fabcec940d752545cae63f1792dcb966a7325f61997ba8883559ad6f6f8fc09898a":"a2cf6c1c9e4489f504e17f385f08aa82775aa2b0a84abd0b7ee3c6b393d7fd50":"c7529b874e07d4b876196786d510cc038c9e1ab93c461df2474eba484ae6876f":"63c6e7f3548529386c9f47c5aece52ce8454da5db9a807a1b960f7730a61582b":"43b7931e0b3b3769ef8972d0026896a3"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"c79c0a1db75e83af258cdf9ead81264d":"5e8cc0fdadc170ed0f5e12f79a6b9e585f9d7c2926c163686a6a724495d88fabcec940d752545cae63f1792dcb966a7325f61997ba8883559ad6f6f8fc09898a":"a2cf6c1c9e4489f504e17f385f08aa82775aa2b0a84abd0b7ee3c6b393d7fd50":"c7529b874e07d4b876196786d510cc038c9e1ab93c461df2474eba484ae6876f":"63c6e7f3548529386c9f47c5aece52ce8454da5db9a807a1b960f7730a61582b":"43b7931e0b3b3769ef8972d0026896a3"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #3
-ctr_drbg_validate_nopr:"b44d1dd914e88840bc65a94ee199b3ac":"c3dae1863d323cc78f43ccb3f632fde29130e6b23b843ff5a8d79fddc3c1f92b55cd3dcaf7848d40d189c0de7790bebb889e01be05980dcdf30d2b3333426c50":"41e2fce9b48642a1b9bd1695314adcdd38e1a8afe4891e633c5088c6753438a2":"1eb3f8bbacb0c6b901718bfd7eba29f6f87e1fe056ad442d6d38c1351a684e1f":"85570db773f3f5202967376f91a0a9c09c89cd4eddd58cdc6210335fd5e7acef":"bd53036538d9ed904a49966b5428a2a8"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"b44d1dd914e88840bc65a94ee199b3ac":"c3dae1863d323cc78f43ccb3f632fde29130e6b23b843ff5a8d79fddc3c1f92b55cd3dcaf7848d40d189c0de7790bebb889e01be05980dcdf30d2b3333426c50":"41e2fce9b48642a1b9bd1695314adcdd38e1a8afe4891e633c5088c6753438a2":"1eb3f8bbacb0c6b901718bfd7eba29f6f87e1fe056ad442d6d38c1351a684e1f":"85570db773f3f5202967376f91a0a9c09c89cd4eddd58cdc6210335fd5e7acef":"bd53036538d9ed904a49966b5428a2a8"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #4
-ctr_drbg_validate_nopr:"5ef97f7af7df5cc6fa94f8428ec7be5c":"be67434ac4d77f0f50ec5bacc8112d1480bd9f20d6b4ea768d9b51bb69c1dffcd8c30e4412127644aaa6fc453e59fb633f6a5a8c2f69e40d1863e35d4d4c0227":"a64195b1e56cf97fd81e99fa1833d191faf62f534c874def4b8bed0ae7195ac7":"353cd3a8d9cd92bce82cd8d1cc198baa9276db478b0cfe50249e30c3042ee9db":"393ab4726f088fdfeb4df752e1b2aec678e41fa60781bc5e914296227d6b3dfc":"24bdc2cad5dccd2309425f11a24c8c39"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"5ef97f7af7df5cc6fa94f8428ec7be5c":"be67434ac4d77f0f50ec5bacc8112d1480bd9f20d6b4ea768d9b51bb69c1dffcd8c30e4412127644aaa6fc453e59fb633f6a5a8c2f69e40d1863e35d4d4c0227":"a64195b1e56cf97fd81e99fa1833d191faf62f534c874def4b8bed0ae7195ac7":"353cd3a8d9cd92bce82cd8d1cc198baa9276db478b0cfe50249e30c3042ee9db":"393ab4726f088fdfeb4df752e1b2aec678e41fa60781bc5e914296227d6b3dfc":"24bdc2cad5dccd2309425f11a24c8c39"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #5
-ctr_drbg_validate_nopr:"567130da4e7ecc4db0f035d7ecb11878":"cc070df6aa3623f74afd85b59d1bef2b1fcd9c8093362512ff109ebfe992ed75bd58b5ae1561d702b69065eb3cc0bd328ab698d4c6ca274e96d673309b5df5df":"42033054cefa1f20b3443f8ab7d9635ae8f047b833c8529245ba8b4aa07edba3":"72972fb947bff60df291888ddbfd91e698e0c1c26a346b95fc7c5dac596d0073":"af29b6a13602ba9c6b11f8dbdeb6cb52e211f9cd2fc96e63b61e3c1ec631d2ea":"b0849f8317e043271a3fc5f2eaaaaba2"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"567130da4e7ecc4db0f035d7ecb11878":"cc070df6aa3623f74afd85b59d1bef2b1fcd9c8093362512ff109ebfe992ed75bd58b5ae1561d702b69065eb3cc0bd328ab698d4c6ca274e96d673309b5df5df":"42033054cefa1f20b3443f8ab7d9635ae8f047b833c8529245ba8b4aa07edba3":"72972fb947bff60df291888ddbfd91e698e0c1c26a346b95fc7c5dac596d0073":"af29b6a13602ba9c6b11f8dbdeb6cb52e211f9cd2fc96e63b61e3c1ec631d2ea":"b0849f8317e043271a3fc5f2eaaaaba2"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #6
-ctr_drbg_validate_nopr:"2c20ae36f1e74542ed8b0a177b8050aa":"c4bf7a39caf26dc3f61311f54ab3095493c626a988f5abee2826c67a4f4b4d6a02329c99a6bcb5e387fa160741c871acc2929c1cc07f2f0a7ce1619eb7da1ec4":"97c148dd10c3dd72b1eaaafbe37a9310ed15b23872e9f2b62d1feb91ea81ffe3":"23df0c30c68bf2eeb55d273a596f1f54ed916271595b906e4f7793b7a52f2573":"22f120fa09215105116919aaf8eebcb69eccd5da42feb737018a05268bf08e46":"b7c73b9ceea2e6ca0be6a3773cdd6886"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"2c20ae36f1e74542ed8b0a177b8050aa":"c4bf7a39caf26dc3f61311f54ab3095493c626a988f5abee2826c67a4f4b4d6a02329c99a6bcb5e387fa160741c871acc2929c1cc07f2f0a7ce1619eb7da1ec4":"97c148dd10c3dd72b1eaaafbe37a9310ed15b23872e9f2b62d1feb91ea81ffe3":"23df0c30c68bf2eeb55d273a596f1f54ed916271595b906e4f7793b7a52f2573":"22f120fa09215105116919aaf8eebcb69eccd5da42feb737018a05268bf08e46":"b7c73b9ceea2e6ca0be6a3773cdd6886"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #7
-ctr_drbg_validate_nopr:"2076f9e116a2648e1e664b815b1b3674":"979b5aeafe555aeba152ed66e32e30e110df20ee1f227932a72acfb8218aec767941efaefa091c0128dad9b93b06b28fc76e01f275e8ce1c02f0eb567c914f89":"d12fb10b9fa6d2fd0f39cf76294cd44dcbfa80dca7c2f8537c75453d985ef551":"4228a99faf35547a58c1a4d842301dca374f1f13c6fd067b7c1b815863b73158":"a3a7d5f1e2dcf95a90715ec5fd32e7f88c38b0a452b6ccd1f107458db4f74fd6":"8a63a5002a3636b241f0bec14fd9c2ac"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"2076f9e116a2648e1e664b815b1b3674":"979b5aeafe555aeba152ed66e32e30e110df20ee1f227932a72acfb8218aec767941efaefa091c0128dad9b93b06b28fc76e01f275e8ce1c02f0eb567c914f89":"d12fb10b9fa6d2fd0f39cf76294cd44dcbfa80dca7c2f8537c75453d985ef551":"4228a99faf35547a58c1a4d842301dca374f1f13c6fd067b7c1b815863b73158":"a3a7d5f1e2dcf95a90715ec5fd32e7f88c38b0a452b6ccd1f107458db4f74fd6":"8a63a5002a3636b241f0bec14fd9c2ac"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #8
-ctr_drbg_validate_nopr:"a71015cf06ddd0a6cd72fa014cf0aee6":"c810cb9db0f169dbc30fda85ccb6d4c40db68d429eeb3653070db7641fbbaba60ef0ff970eaf40887b7e154e2ecd5331de7004689ec604e69927da630a8dd7a7":"5f99f45d8770041703e5a14521c501904fd05ff3340835ac0c41b86442e4939c":"eb7efa6e46ab926ea04c87eb9ce454f5b10717bd9d85305f27d71bea1bc991b3":"cbc80c6171d098fc81023486d327efe2415a0f32e5fa6f6793ce1d0e98783258":"a353f6b350404f3f7b4fb724f84a948a"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"a71015cf06ddd0a6cd72fa014cf0aee6":"c810cb9db0f169dbc30fda85ccb6d4c40db68d429eeb3653070db7641fbbaba60ef0ff970eaf40887b7e154e2ecd5331de7004689ec604e69927da630a8dd7a7":"5f99f45d8770041703e5a14521c501904fd05ff3340835ac0c41b86442e4939c":"eb7efa6e46ab926ea04c87eb9ce454f5b10717bd9d85305f27d71bea1bc991b3":"cbc80c6171d098fc81023486d327efe2415a0f32e5fa6f6793ce1d0e98783258":"a353f6b350404f3f7b4fb724f84a948a"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #9
-ctr_drbg_validate_nopr:"395931837614c322d8488ec6a2c4c919":"831fc8d63592b6ce358c08aeac39d67c3e48b4c2617735b6fe5e9fa44d7aee9d60f2fcf549db239d5bed9c608c94e8f8c23b32901442ac53442127377bdcf205":"eb261c737c0a17c8cb1ae055c143f701b74c96c852e4a76ca3ea045e7efdf5ee":"153276007b3843a897efbf022bd1bcabcf655c7eb8acef9baac710b339ecfd99":"a8a5cb17a2945e5b41ff370cc88ac498389b89b6cd82bb3bbde81c212f7c17d4":"537fc2b73183d2c0c106886937a6609c"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"395931837614c322d8488ec6a2c4c919":"831fc8d63592b6ce358c08aeac39d67c3e48b4c2617735b6fe5e9fa44d7aee9d60f2fcf549db239d5bed9c608c94e8f8c23b32901442ac53442127377bdcf205":"eb261c737c0a17c8cb1ae055c143f701b74c96c852e4a76ca3ea045e7efdf5ee":"153276007b3843a897efbf022bd1bcabcf655c7eb8acef9baac710b339ecfd99":"a8a5cb17a2945e5b41ff370cc88ac498389b89b6cd82bb3bbde81c212f7c17d4":"537fc2b73183d2c0c106886937a6609c"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #10
-ctr_drbg_validate_nopr:"9a1983859dd6c4cb602970d705952b2b":"68c5cf31f7959ffaa83af9dd55a75ec001befbf835e42a789ac42d39d96128eb6d9b3f07ced15e57e39760390c065fb4425c19ef7184635c18e5ed28256937e1":"e06497a181a5362980579c91d263f630ad4794519a64261ede8b36cf0ac5e713":"714e4fc52aea763e23a1f5b18949ab8fd949f1768560559bccb49d78d51dfab5":"6b6b7f65fd472ad428df2bbb86b85067d0a6f89d9233eea92f5189a9163d0419":"e32af8a81c59dc44540ed8845b447fdb"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"9a1983859dd6c4cb602970d705952b2b":"68c5cf31f7959ffaa83af9dd55a75ec001befbf835e42a789ac42d39d96128eb6d9b3f07ced15e57e39760390c065fb4425c19ef7184635c18e5ed28256937e1":"e06497a181a5362980579c91d263f630ad4794519a64261ede8b36cf0ac5e713":"714e4fc52aea763e23a1f5b18949ab8fd949f1768560559bccb49d78d51dfab5":"6b6b7f65fd472ad428df2bbb86b85067d0a6f89d9233eea92f5189a9163d0419":"e32af8a81c59dc44540ed8845b447fdb"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #11
-ctr_drbg_validate_nopr:"230576e9518fb9a6a8391a84919b0d97":"6193f0e7b33ce19fde922aec9c93f1271ebcdd296d9c8c77029b59afa2064e3159088e07e91c14a4a3dc23b6005dd8ef1425d7d2ae8282a5b30b7498b6754234":"ffaca30a256d18836a0d49bbaad599a28fc7821d71aa91b97158a492d84a6280":"a3da13852d0717afed7c58c52530d2ae047b645a5e7aa8cfabc11478444151ac":"e15fdaeea31c95555fc509d2a266abf78d86ca11aa2f87ce1041142eb9f82bae":"7906f8da1e140345c191dbc2de5ead1b"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"230576e9518fb9a6a8391a84919b0d97":"6193f0e7b33ce19fde922aec9c93f1271ebcdd296d9c8c77029b59afa2064e3159088e07e91c14a4a3dc23b6005dd8ef1425d7d2ae8282a5b30b7498b6754234":"ffaca30a256d18836a0d49bbaad599a28fc7821d71aa91b97158a492d84a6280":"a3da13852d0717afed7c58c52530d2ae047b645a5e7aa8cfabc11478444151ac":"e15fdaeea31c95555fc509d2a266abf78d86ca11aa2f87ce1041142eb9f82bae":"7906f8da1e140345c191dbc2de5ead1b"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #12
-ctr_drbg_validate_nopr:"e08a3a33adb4399a9be72fead224155f":"cfbe8b1464b00bb9e0d18b04d2040ed9bd822741188812b98a440fbc66ff018ddf6c0ea20c62d01b8237bc7c3da9e3f9fb874fca79a360b4f0f967d8d02083ba":"56f975849197e2eae5a2e6fb445a93c1fadf57280ac27e27c7cbea2cb00c10cc":"0a6d9e2d6e181addab0ea1ee89c65ce557e10fb8e8d43a24cdd27033d3fff507":"823e9400a9f563cc1fa5daf10f4ff1ab8affa18d8371f9cd0e067fcddce8caed":"5ded298f98cffb2e7f5ea97bd50c7e3e"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"e08a3a33adb4399a9be72fead224155f":"cfbe8b1464b00bb9e0d18b04d2040ed9bd822741188812b98a440fbc66ff018ddf6c0ea20c62d01b8237bc7c3da9e3f9fb874fca79a360b4f0f967d8d02083ba":"56f975849197e2eae5a2e6fb445a93c1fadf57280ac27e27c7cbea2cb00c10cc":"0a6d9e2d6e181addab0ea1ee89c65ce557e10fb8e8d43a24cdd27033d3fff507":"823e9400a9f563cc1fa5daf10f4ff1ab8affa18d8371f9cd0e067fcddce8caed":"5ded298f98cffb2e7f5ea97bd50c7e3e"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #13
-ctr_drbg_validate_nopr:"11c13b917d9f94fd7a008566d8598e89":"f53343a5a455132df3d1b03db39e44d933855b375d7422ad0d07dfdfb352af28946eb29980793456ec8634bf113e75783246bbd05aa8a7cb5886d372fa012f58":"ff1d8d33083023ffbe28f153bddfa9d9f3c221da16f8f20967d2508fa7752b55":"66a98c7d778d798617e1d31d4bdfabf8d381d38b82125838ddf43fb7f5b27dc6":"407c72d7c890c00b249be00a53ae722e5d8033c84b1e1a6a69d4b278ba5db9eb":"67ab88156f20d03b3a1bc363daefc0c6"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"11c13b917d9f94fd7a008566d8598e89":"f53343a5a455132df3d1b03db39e44d933855b375d7422ad0d07dfdfb352af28946eb29980793456ec8634bf113e75783246bbd05aa8a7cb5886d372fa012f58":"ff1d8d33083023ffbe28f153bddfa9d9f3c221da16f8f20967d2508fa7752b55":"66a98c7d778d798617e1d31d4bdfabf8d381d38b82125838ddf43fb7f5b27dc6":"407c72d7c890c00b249be00a53ae722e5d8033c84b1e1a6a69d4b278ba5db9eb":"67ab88156f20d03b3a1bc363daefc0c6"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,0,256) #14
-ctr_drbg_validate_nopr:"7b95343a4ac0f8c8b2645c33757a3146":"3d7e2987860cbcba14a12594e1a394ee754c9a7a65cecc990bc79b5e86e672e12f8c144d843e1abca46b4759a11b3d29f4e219077a8696efadee618f254cb80a":"16297534a79c4ae7493178226b29e42a6f1e0066aeaee8b5af65bcefa2ee3ebb":"b429ee986f16fb35fe2c47c03c0918870b4560f4ec4678f9df471cbd7ca6a887":"2b14d612eb00c7fba0d8e23bf91df91daef6f8e279e0050d5497ddf0f3466c76":"8f72c17405163090fe0bd795b65811c6"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"7b95343a4ac0f8c8b2645c33757a3146":"3d7e2987860cbcba14a12594e1a394ee754c9a7a65cecc990bc79b5e86e672e12f8c144d843e1abca46b4759a11b3d29f4e219077a8696efadee618f254cb80a":"16297534a79c4ae7493178226b29e42a6f1e0066aeaee8b5af65bcefa2ee3ebb":"b429ee986f16fb35fe2c47c03c0918870b4560f4ec4678f9df471cbd7ca6a887":"2b14d612eb00c7fba0d8e23bf91df91daef6f8e279e0050d5497ddf0f3466c76":"8f72c17405163090fe0bd795b65811c6"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #0
-ctr_drbg_validate_nopr:"327290da2e9a19c840de8d33e425efaa5aa7a7afa4e5a812065965478d640f78520cf3c670b098943fec1914d4c8c411":"80bdf18288cb8adb6e3dacb09c553af2e7317c194d37f433eec27e324a0bad752899bda91fd41e5a08acdfd76007aecabc19c95a8bcede310f7320ce97aaad0e":"":"":"":"c26222662ed3a649a1745dee5df4eef0"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"327290da2e9a19c840de8d33e425efaa5aa7a7afa4e5a812065965478d640f78520cf3c670b098943fec1914d4c8c411":"80bdf18288cb8adb6e3dacb09c553af2e7317c194d37f433eec27e324a0bad752899bda91fd41e5a08acdfd76007aecabc19c95a8bcede310f7320ce97aaad0e":"":"":"":"c26222662ed3a649a1745dee5df4eef0"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #1
-ctr_drbg_validate_nopr:"be14f473472db07a43b7f9a517735d7f7ede2aa70dbdb729bc4f578a0dce9d7fe9fd97939cd1ef731262417b5213bd7f":"ac71ff53140c1383eb379e5311e37637af933db494e5e689d065661e9095b8302e4174c392f324fac43695d9381e3cf4626a5347938ed9e21502cbd789cca363":"":"":"":"4bab95f9f05fc36a337b6f2582c2ce98"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"be14f473472db07a43b7f9a517735d7f7ede2aa70dbdb729bc4f578a0dce9d7fe9fd97939cd1ef731262417b5213bd7f":"ac71ff53140c1383eb379e5311e37637af933db494e5e689d065661e9095b8302e4174c392f324fac43695d9381e3cf4626a5347938ed9e21502cbd789cca363":"":"":"":"4bab95f9f05fc36a337b6f2582c2ce98"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #2
-ctr_drbg_validate_nopr:"88c31e24f4f859b668946ce73f8600621a70731440762b3c267ceab52a9d77a23d6f70ddba0e46a786697a906ccb18a3":"bf9bf25a949d447274a8c72f1ae51399521f8aca39b1b37bb7b4d5cf3c67d55ef8dbacfb71aa9c5949416e2868b968883e517215bc20292894f8406ab39c1ea1":"":"":"":"841aaa0b171d1526ef365b9201adbff3"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"88c31e24f4f859b668946ce73f8600621a70731440762b3c267ceab52a9d77a23d6f70ddba0e46a786697a906ccb18a3":"bf9bf25a949d447274a8c72f1ae51399521f8aca39b1b37bb7b4d5cf3c67d55ef8dbacfb71aa9c5949416e2868b968883e517215bc20292894f8406ab39c1ea1":"":"":"":"841aaa0b171d1526ef365b9201adbff3"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #3
-ctr_drbg_validate_nopr:"8545a0de5ea028c8e5976d5b58fa50079b20ba716f0856cc1af7b98537c895f0266b956542d2b8ca661aef5da1f7f8c5":"686f4f9ee74c3402845fbad9353d7dfeff727584d892eb64bd84b764110cbe4ac8581e7e23acb95caf12979983e8947c570264aec292f1c7b756f7184007dcba":"":"":"":"f6d6ae6449b2984df8bcb69584fb16f3"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"8545a0de5ea028c8e5976d5b58fa50079b20ba716f0856cc1af7b98537c895f0266b956542d2b8ca661aef5da1f7f8c5":"686f4f9ee74c3402845fbad9353d7dfeff727584d892eb64bd84b764110cbe4ac8581e7e23acb95caf12979983e8947c570264aec292f1c7b756f7184007dcba":"":"":"":"f6d6ae6449b2984df8bcb69584fb16f3"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #4
-ctr_drbg_validate_nopr:"d6cd4b4fb9105374605deac7bb49ad792eb225daa560f2a86f66269bf9afc2ea01b6ee6f0eb4926d2f09329df6e90d79":"5d1b8fa0ca2ee127d1bd41423c17b9a8c736715cc2906818e9216dfd81b7637b66c89b772b55ae707c6effa2d9ce7425df26f966646ab613d5599143cf51e5e8":"":"":"":"c36ab451116d733eb4377de3511db5ce"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"d6cd4b4fb9105374605deac7bb49ad792eb225daa560f2a86f66269bf9afc2ea01b6ee6f0eb4926d2f09329df6e90d79":"5d1b8fa0ca2ee127d1bd41423c17b9a8c736715cc2906818e9216dfd81b7637b66c89b772b55ae707c6effa2d9ce7425df26f966646ab613d5599143cf51e5e8":"":"":"":"c36ab451116d733eb4377de3511db5ce"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #5
-ctr_drbg_validate_nopr:"e73ebae0d0834fdff1829ac3d9722fe9f1bc65b5f652fae5f7615af116440e3d5709b5cddd6065d568c246820de46b09":"2026cf7c1b1fe9645ab8759958ac04fb1d8938b9913c3b7f22da81e398b2c00b1921e1d4edb5d21c4531515cb0f9644fe8068685b9fca813176e6780796e8ded":"":"":"":"98d1dce30593de8a8d5b4d956f6c684b"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"e73ebae0d0834fdff1829ac3d9722fe9f1bc65b5f652fae5f7615af116440e3d5709b5cddd6065d568c246820de46b09":"2026cf7c1b1fe9645ab8759958ac04fb1d8938b9913c3b7f22da81e398b2c00b1921e1d4edb5d21c4531515cb0f9644fe8068685b9fca813176e6780796e8ded":"":"":"":"98d1dce30593de8a8d5b4d956f6c684b"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #6
-ctr_drbg_validate_nopr:"a53c1813c06b609eff9ddc77204b085ca985f22170b8ecfcbbf45ea11c45c24fcf25bc33150f9f97ce48244d5beb685c":"1d0dd1a87d59c69f28e118e1083d65f1ee0df31f6308a92dcc47503ec4d20a018d9821c6a7d64385724f0e941231426e028efe6d75e53ff8edf095ef1baf2656":"":"":"":"035cec3a24ba7c44e5c19436c2689a75"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"a53c1813c06b609eff9ddc77204b085ca985f22170b8ecfcbbf45ea11c45c24fcf25bc33150f9f97ce48244d5beb685c":"1d0dd1a87d59c69f28e118e1083d65f1ee0df31f6308a92dcc47503ec4d20a018d9821c6a7d64385724f0e941231426e028efe6d75e53ff8edf095ef1baf2656":"":"":"":"035cec3a24ba7c44e5c19436c2689a75"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #7
-ctr_drbg_validate_nopr:"16d5b8290693a5c40c5a526dd6d653ac54cabb5608d77bb2cb7d6270b96c2fe2de076716ae8cf0a5c781edbde861dc70":"aa82a5ea33439d0c16a1cc13cbae53b169f4d369bcbdae81a9a38129c65ae0ea4f720576c012f8d7eb1c0202003c39d28453a22e502b4949cf5ba23a727721bf":"":"":"":"de4ed9d163d11e9b52470d078df4c869"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"16d5b8290693a5c40c5a526dd6d653ac54cabb5608d77bb2cb7d6270b96c2fe2de076716ae8cf0a5c781edbde861dc70":"aa82a5ea33439d0c16a1cc13cbae53b169f4d369bcbdae81a9a38129c65ae0ea4f720576c012f8d7eb1c0202003c39d28453a22e502b4949cf5ba23a727721bf":"":"":"":"de4ed9d163d11e9b52470d078df4c869"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #8
-ctr_drbg_validate_nopr:"68bfabdbb821cb978527ff18ce37c96c79ad751756551f36b6991981285a68854ec7f72f548c3395ad3ee40410064d4b":"3da9e9518eb1f1b6268e4597f158844ff672ddb414f7ec23fa66d6c86b90a732a7b3016a3387ec3dbed34eb479413d017932ebf9f2a2fea0b35d2bf4e06718f9":"":"":"":"ec4e3e2b6b8763deb17b8611d1fe7953"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"68bfabdbb821cb978527ff18ce37c96c79ad751756551f36b6991981285a68854ec7f72f548c3395ad3ee40410064d4b":"3da9e9518eb1f1b6268e4597f158844ff672ddb414f7ec23fa66d6c86b90a732a7b3016a3387ec3dbed34eb479413d017932ebf9f2a2fea0b35d2bf4e06718f9":"":"":"":"ec4e3e2b6b8763deb17b8611d1fe7953"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #9
-ctr_drbg_validate_nopr:"171a74ab694a7d7c2baa3ccf103ad94f11094e07a955ae9ac3bad370f1448753e99b63cc23d1878ab66f94136ec2ecac":"72ebeda7342770d03bc0e531754f946ca5cca684c41f9d089fe9147fad93b6154919c5cb2e6d162fbfde7b9ff0aa590a17993ca6c80bd59eee4134fc2ce944d8":"":"":"":"582ab4f105c3e1fed9593f58fc335fc3"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"171a74ab694a7d7c2baa3ccf103ad94f11094e07a955ae9ac3bad370f1448753e99b63cc23d1878ab66f94136ec2ecac":"72ebeda7342770d03bc0e531754f946ca5cca684c41f9d089fe9147fad93b6154919c5cb2e6d162fbfde7b9ff0aa590a17993ca6c80bd59eee4134fc2ce944d8":"":"":"":"582ab4f105c3e1fed9593f58fc335fc3"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #10
-ctr_drbg_validate_nopr:"caed30015b34064762591eba9a59f440566a6621832f650572362229e8a38cd0f5d6d322afd8444132056690d6fa5540":"8e27f0dbeae4613bcf0011105f824ed2ecb150a83a0994f8f6607833755216e016fb175e51d42370afe27b11c18477886b530c95bc31bd1c0f8fe00f61fc15a0":"":"":"":"d42787e97147d457f1590c742443ad92"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"caed30015b34064762591eba9a59f440566a6621832f650572362229e8a38cd0f5d6d322afd8444132056690d6fa5540":"8e27f0dbeae4613bcf0011105f824ed2ecb150a83a0994f8f6607833755216e016fb175e51d42370afe27b11c18477886b530c95bc31bd1c0f8fe00f61fc15a0":"":"":"":"d42787e97147d457f1590c742443ad92"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #11
-ctr_drbg_validate_nopr:"c58d62f8145622cd86cfbda66bc26d2ce4c5610cd9cd1c326b99b60355a6fe751783c07f2cc21ba68f1f20ca70f0ad31":"38a8b685e6bbab67824f4cc72995043ea2854f067f2afaec762c9e78ff9d585a25bc63c8d0d075d06d43f3f694733982d26cbe0648b2d0cf8053918b912c303a":"":"":"":"84001709f15a2fd167c161b5d376d86d"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"c58d62f8145622cd86cfbda66bc26d2ce4c5610cd9cd1c326b99b60355a6fe751783c07f2cc21ba68f1f20ca70f0ad31":"38a8b685e6bbab67824f4cc72995043ea2854f067f2afaec762c9e78ff9d585a25bc63c8d0d075d06d43f3f694733982d26cbe0648b2d0cf8053918b912c303a":"":"":"":"84001709f15a2fd167c161b5d376d86d"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #12
-ctr_drbg_validate_nopr:"dc9719050d5257152d8a7d60d3ef1fc5b8cb1700bafc7de863c019f244779c464b6214f21a2f6d0aa3ca282007615ce5":"f188a1ba21b1791ebf8a08d8ba555e49423d9178a561bcc1672539c3a7ba1d856eae9922c4d96c181ed045d6f1d15e855690cdae451edac60f1ca2021f1fec57":"":"":"":"7540fed313c96261cac255bf83b5ae99"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"dc9719050d5257152d8a7d60d3ef1fc5b8cb1700bafc7de863c019f244779c464b6214f21a2f6d0aa3ca282007615ce5":"f188a1ba21b1791ebf8a08d8ba555e49423d9178a561bcc1672539c3a7ba1d856eae9922c4d96c181ed045d6f1d15e855690cdae451edac60f1ca2021f1fec57":"":"":"":"7540fed313c96261cac255bf83b5ae99"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #13
-ctr_drbg_validate_nopr:"ff057781af4a4a1eefeb26ab38f82a2efb6f065de290ebf225bd693dfb1f97455b49143bdb430324c9d945c48824f6cc":"0ddd0f4a43a7b54d9abb0928a2242c378db7a95a0b206baa642afe5cd55108f412f1d727fd591bca2c76355aa62aa8638cfa1916739bc66e02b9459ccd0881ba":"":"":"":"8b6e74a94fcac0d2f212d3594213fbb6"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"ff057781af4a4a1eefeb26ab38f82a2efb6f065de290ebf225bd693dfb1f97455b49143bdb430324c9d945c48824f6cc":"0ddd0f4a43a7b54d9abb0928a2242c378db7a95a0b206baa642afe5cd55108f412f1d727fd591bca2c76355aa62aa8638cfa1916739bc66e02b9459ccd0881ba":"":"":"":"8b6e74a94fcac0d2f212d3594213fbb6"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,0) #14
-ctr_drbg_validate_nopr:"ef027327e47fc5875c01cb17d798fdc2b27a5c78000727842f8a516f4e8dd34afc167ae145b1e763bebdca51e2f461a7":"128566fe6c5b5595742190519445c25db85ee0ce29371f4cab213400d479d2bfe27655155be0fa237173abb214f0226a2f1770802dd69485adb25e6d837485e1":"":"":"":"76cd1553b2b73d4ef6043a09fb90d679"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"ef027327e47fc5875c01cb17d798fdc2b27a5c78000727842f8a516f4e8dd34afc167ae145b1e763bebdca51e2f461a7":"128566fe6c5b5595742190519445c25db85ee0ce29371f4cab213400d479d2bfe27655155be0fa237173abb214f0226a2f1770802dd69485adb25e6d837485e1":"":"":"":"76cd1553b2b73d4ef6043a09fb90d679"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #0
-ctr_drbg_validate_nopr:"8e1a59210f876d017109cb90c7d5dd669b375d971266b7320ba8db9bd79b373bcc895974460e08eadd07a00ce7bdade9":"23677c04a2d6ab446b7b3c582a8071654d27859441b10799f08b788378b926ca4306e7cb5c0f9f104c607fbf0c379be49426e53bf5637225b551f0cc694d6593":"19e914ffbc6d872be010d66b17874010ec8b036a3d60d7f7dda5accc6962a542":"bd7a0c09e780e0ad783fd708355b8df77b4454c3d606fb8de053bffa5ecf9021":"d284dc2caf6d214f8909efc9a75297bccfc04353c2788a96f8b752749c7fec0c":"129d256e7db6269e5a0a160d2278f305"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"8e1a59210f876d017109cb90c7d5dd669b375d971266b7320ba8db9bd79b373bcc895974460e08eadd07a00ce7bdade9":"23677c04a2d6ab446b7b3c582a8071654d27859441b10799f08b788378b926ca4306e7cb5c0f9f104c607fbf0c379be49426e53bf5637225b551f0cc694d6593":"19e914ffbc6d872be010d66b17874010ec8b036a3d60d7f7dda5accc6962a542":"bd7a0c09e780e0ad783fd708355b8df77b4454c3d606fb8de053bffa5ecf9021":"d284dc2caf6d214f8909efc9a75297bccfc04353c2788a96f8b752749c7fec0c":"129d256e7db6269e5a0a160d2278f305"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #1
-ctr_drbg_validate_nopr:"00674e633670c9971be7af789d37d5a4ef567b3ca4766722cd8f67e09d21cbbfa08d43ea1aa259999c6a307ae6347d62":"ec47b029643f85ea19388b6e9de6ab22705b060ae10cee71262027d0bdff5efd7393af619bc6658612fabc78439a0bd5a01255563a96013fa130dd06fd0f5442":"5b92bce3f87645126daa4704fd7df98b880aa07743a57399b985ad1a00b1f2fc":"8199de1338c688234c77262ef35423f4695b277726c76d8b5f426399c14d83b5":"eb95f5a4d8400cec2d4e0f548b6e92636b5e284fb6b61766a1f35bb9cdc5df0a":"9fbe95817578eb272aa9da2f509c2a06"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"00674e633670c9971be7af789d37d5a4ef567b3ca4766722cd8f67e09d21cbbfa08d43ea1aa259999c6a307ae6347d62":"ec47b029643f85ea19388b6e9de6ab22705b060ae10cee71262027d0bdff5efd7393af619bc6658612fabc78439a0bd5a01255563a96013fa130dd06fd0f5442":"5b92bce3f87645126daa4704fd7df98b880aa07743a57399b985ad1a00b1f2fc":"8199de1338c688234c77262ef35423f4695b277726c76d8b5f426399c14d83b5":"eb95f5a4d8400cec2d4e0f548b6e92636b5e284fb6b61766a1f35bb9cdc5df0a":"9fbe95817578eb272aa9da2f509c2a06"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #2
-ctr_drbg_validate_nopr:"2553423c3cb0fae8ca54af56f496e9935d5af4738898f77f789a9bee867dfbc6010c4e5bc68da2b922cdd84eea68e1da":"a9bebd13711c0c22c94b3252654854515a9dc015fe69e688fbac9676b3d77ab67e19b020cd2427ac789ca17f656e499be3ba3ab2075ff95247c6355157eebc79":"e74e45fa28697a06dab08545fde0cc26e7eca31c40aa68ee41c4de402fdcc961":"5aa8abf7062079929d6a131cd3844a5fb6514c07061e25cad67677d867297685":"84819109b2e09b46ba3f5464c34b28ce25a186f0e0fd83fe5fa0ab026c01292a":"3846f3406e49040c48b5cfc9cbc75d1a"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"2553423c3cb0fae8ca54af56f496e9935d5af4738898f77f789a9bee867dfbc6010c4e5bc68da2b922cdd84eea68e1da":"a9bebd13711c0c22c94b3252654854515a9dc015fe69e688fbac9676b3d77ab67e19b020cd2427ac789ca17f656e499be3ba3ab2075ff95247c6355157eebc79":"e74e45fa28697a06dab08545fde0cc26e7eca31c40aa68ee41c4de402fdcc961":"5aa8abf7062079929d6a131cd3844a5fb6514c07061e25cad67677d867297685":"84819109b2e09b46ba3f5464c34b28ce25a186f0e0fd83fe5fa0ab026c01292a":"3846f3406e49040c48b5cfc9cbc75d1a"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #3
-ctr_drbg_validate_nopr:"856f1371454bb9aa06be897dcda9b295817c6eeb865a9acb3a89d145bfe29ce5e1b3b12b714571afdfaca7951cd47e33":"a691b8bf6a407c93a36d18aeced4c75f76d8397d4ecbcd4e8f820cb393186897f05c1ef668b027fc78ba6da9bd554cc31a467d47b5e534b5340c7799383ec05c":"2c81d1e94b33164a177d0183d182fe7d23ef4f88444246464e58bdd0de38d82c":"1b5dae81c96771bea091521c0973c5af76a03e3624160e2511e57ff43a1d32a9":"bf5878e2bd139f8f058f3d834acd771514da6d4c5b9ef84466e5a4e0e4b2eaaf":"6a5ea73aad476ce201e173d4d5a7ffcc"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"856f1371454bb9aa06be897dcda9b295817c6eeb865a9acb3a89d145bfe29ce5e1b3b12b714571afdfaca7951cd47e33":"a691b8bf6a407c93a36d18aeced4c75f76d8397d4ecbcd4e8f820cb393186897f05c1ef668b027fc78ba6da9bd554cc31a467d47b5e534b5340c7799383ec05c":"2c81d1e94b33164a177d0183d182fe7d23ef4f88444246464e58bdd0de38d82c":"1b5dae81c96771bea091521c0973c5af76a03e3624160e2511e57ff43a1d32a9":"bf5878e2bd139f8f058f3d834acd771514da6d4c5b9ef84466e5a4e0e4b2eaaf":"6a5ea73aad476ce201e173d4d5a7ffcc"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #4
-ctr_drbg_validate_nopr:"0436075cf8cf62ce623c2301ebd45203c98282611cfa5a12dd7c04525ffa7eb343a607af2f57feb7ce3af97e0abc2285":"1ab9ada5eeebc3fc8e53f358b643476fcfd4dd9f092f21d2bc1c4bb1ffd01a0c5b207aaa09ff76a9cab0aa6ce62b6a65b2650ab448b8bb2e8696a7aa4b6f4e8d":"62f07d1f49e40f7f472985947ac4d8ef2d58216d918f7942b9c70f43daff8972":"37ae758141fbc890ee7e1d0854426b2984fb1c094677e6a61546e9315bab0898":"353d1dd0c8d8656bc418a6a3ace138ecd62819d4e21b8bd87694ea683ec0cc37":"bfee6bb4afc228da981bfe7f0d17578b"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"0436075cf8cf62ce623c2301ebd45203c98282611cfa5a12dd7c04525ffa7eb343a607af2f57feb7ce3af97e0abc2285":"1ab9ada5eeebc3fc8e53f358b643476fcfd4dd9f092f21d2bc1c4bb1ffd01a0c5b207aaa09ff76a9cab0aa6ce62b6a65b2650ab448b8bb2e8696a7aa4b6f4e8d":"62f07d1f49e40f7f472985947ac4d8ef2d58216d918f7942b9c70f43daff8972":"37ae758141fbc890ee7e1d0854426b2984fb1c094677e6a61546e9315bab0898":"353d1dd0c8d8656bc418a6a3ace138ecd62819d4e21b8bd87694ea683ec0cc37":"bfee6bb4afc228da981bfe7f0d17578b"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #5
-ctr_drbg_validate_nopr:"d004a0893bf326d50ee52e04cb3e64409f204f4e9af780d5dd092d04162d088385b1f243000914c62cba3dadf9827c81":"c36004075f5fd078137ea08de6cb15f71aeb9eca21c891cfdf7a8c0d21790c94ffa93be5fa06beb5e82d9fbf173ef9b29c18511fee2455dbbe61d6b01baf024a":"7d313ada131650c7a506d2c194444ed202d568544caa75bbc60e57a0b74c9a10":"791d60238677ff53150cf7074061eac68335c0a7cec7de43ea63a5df0f312cd8":"6754366be264deb9e94f39e92ac2894bd93c1d7e1198d39e6eddccb0ea486f4d":"1c29795f03e3c771603293473e347ab4"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"d004a0893bf326d50ee52e04cb3e64409f204f4e9af780d5dd092d04162d088385b1f243000914c62cba3dadf9827c81":"c36004075f5fd078137ea08de6cb15f71aeb9eca21c891cfdf7a8c0d21790c94ffa93be5fa06beb5e82d9fbf173ef9b29c18511fee2455dbbe61d6b01baf024a":"7d313ada131650c7a506d2c194444ed202d568544caa75bbc60e57a0b74c9a10":"791d60238677ff53150cf7074061eac68335c0a7cec7de43ea63a5df0f312cd8":"6754366be264deb9e94f39e92ac2894bd93c1d7e1198d39e6eddccb0ea486f4d":"1c29795f03e3c771603293473e347ab4"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #6
-ctr_drbg_validate_nopr:"9a8c79b48ada409183f7260aa1415c9ee4e0b662e0fb81b5c56f85d76ed75efac5751dd4de7e7f8b53a36ee0dce2bc9e":"c4d68b76dc0e785823be2da9d339dc900132f12721e8a63ebe92e36d740c5a5e5564c367bff4a52bc70b1c60c86f0bcb7c1d99c414956a259963207184f01246":"04c7060f36569a5d9578c718627fc2695e8d783c0c8aefca2744da6664e67c8c":"1d4b7d587421dea4f7f3e77fcf997607ecfeb6e665a9a184138eb5736b16f516":"8cb8daf9cda230d8d39b829b968aaa5f5d3e3106d8b693227ab1b6201b78a7b8":"faa146098526546927a43fa4a5073e46"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"9a8c79b48ada409183f7260aa1415c9ee4e0b662e0fb81b5c56f85d76ed75efac5751dd4de7e7f8b53a36ee0dce2bc9e":"c4d68b76dc0e785823be2da9d339dc900132f12721e8a63ebe92e36d740c5a5e5564c367bff4a52bc70b1c60c86f0bcb7c1d99c414956a259963207184f01246":"04c7060f36569a5d9578c718627fc2695e8d783c0c8aefca2744da6664e67c8c":"1d4b7d587421dea4f7f3e77fcf997607ecfeb6e665a9a184138eb5736b16f516":"8cb8daf9cda230d8d39b829b968aaa5f5d3e3106d8b693227ab1b6201b78a7b8":"faa146098526546927a43fa4a5073e46"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #7
-ctr_drbg_validate_nopr:"a0736a5a8b0a394625d8985b05e3a9f277c7ba03b253c0e783359a8c4c086121cb46ea469c7756d5f099f5ee8ed16243":"ea7a046fa1760866bcb37fecf9ade7bcea4444662ea782d6f2820b22a96bab97b4c5adcb0a50ced885121b6b85a5074444b1555d9655f4f6ded31fe15281b30e":"47f3655dd05c42454fad68e330aabca49f27c76ba05ef07b6d77fba41153c0ab":"a5d07da3e399cc51d136096599fcbd9779e839b1fd86f21d7d1e23acd91f9fa7":"150b028b64a988fc1ffdfc9e66b4c8dfe4fcd8538ee976c89923638ebad33802":"6ffdc685169b174ad0dd84cdeed050a7"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"a0736a5a8b0a394625d8985b05e3a9f277c7ba03b253c0e783359a8c4c086121cb46ea469c7756d5f099f5ee8ed16243":"ea7a046fa1760866bcb37fecf9ade7bcea4444662ea782d6f2820b22a96bab97b4c5adcb0a50ced885121b6b85a5074444b1555d9655f4f6ded31fe15281b30e":"47f3655dd05c42454fad68e330aabca49f27c76ba05ef07b6d77fba41153c0ab":"a5d07da3e399cc51d136096599fcbd9779e839b1fd86f21d7d1e23acd91f9fa7":"150b028b64a988fc1ffdfc9e66b4c8dfe4fcd8538ee976c89923638ebad33802":"6ffdc685169b174ad0dd84cdeed050a7"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #8
-ctr_drbg_validate_nopr:"d445a3d9332c8577715c1e93f119521bd31a464db08cdbd73d50080d62d5a48fba4cef2dd097ec749973037e33e8d6fa":"da5f9b2db13d0555846c00da96115036bb75ace66d56fc582d6cd0171e3e23335c5c2b8691e58af8899ed0204316479f849ca6f47309cae571ccb42d3d35c166":"79346394f795f05c5a5199423649b8b5345355ef11eb4239db1c767c68afa70a":"c22810de9987b228c19680eb044da22a08032148a6015f358849d6d608a214b9":"7747d68ca8bcb43931f1edce4f8c9727dd56c1d1d2600ad1fb767eb4fbc7b2d6":"f5c40babbec97cb60ba65200e82d7a68"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"d445a3d9332c8577715c1e93f119521bd31a464db08cdbd73d50080d62d5a48fba4cef2dd097ec749973037e33e8d6fa":"da5f9b2db13d0555846c00da96115036bb75ace66d56fc582d6cd0171e3e23335c5c2b8691e58af8899ed0204316479f849ca6f47309cae571ccb42d3d35c166":"79346394f795f05c5a5199423649b8b5345355ef11eb4239db1c767c68afa70a":"c22810de9987b228c19680eb044da22a08032148a6015f358849d6d608a214b9":"7747d68ca8bcb43931f1edce4f8c9727dd56c1d1d2600ad1fb767eb4fbc7b2d6":"f5c40babbec97cb60ba65200e82d7a68"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #9
-ctr_drbg_validate_nopr:"2728be06796e2a77c60a401752cd36e4a051724aa3276a146b4b351017eee79c8257398c612fc1129c0e74ecef455cd3":"d663d2cfcddf40ff61377c3811266d927a5dfc7b73cf549e673e5a15f4056ad1f9733c8ed875ff77928284dc1cdb33accc47971d3626615a45b9a16d9baf426e":"62349efbac4a4747d0e92727c67a6bc7f8404cf746002e7d3eeffb9a9be0bbdc":"381c0cffbdfa61a6af3f11ccd0e543208b584c3f520130e33617564ec7a48cf7":"6974043362f834fd793de07ceebd051599163d50489441005afc9db09a9ab44f":"df7894746c599e02d985b195ca3b4863"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"2728be06796e2a77c60a401752cd36e4a051724aa3276a146b4b351017eee79c8257398c612fc1129c0e74ecef455cd3":"d663d2cfcddf40ff61377c3811266d927a5dfc7b73cf549e673e5a15f4056ad1f9733c8ed875ff77928284dc1cdb33accc47971d3626615a45b9a16d9baf426e":"62349efbac4a4747d0e92727c67a6bc7f8404cf746002e7d3eeffb9a9be0bbdc":"381c0cffbdfa61a6af3f11ccd0e543208b584c3f520130e33617564ec7a48cf7":"6974043362f834fd793de07ceebd051599163d50489441005afc9db09a9ab44f":"df7894746c599e02d985b195ca3b4863"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #10
-ctr_drbg_validate_nopr:"2b65b56de410ee82e55bd2bf80e6cee356a37c3a3aa7042df45fa750a74e097b071fc18d6eed96523dd4fbb677b8c729":"bf03a6b3e8e23ff53369b971217dc3d3f4c1211329c94847347b3aa77dc7a3e0670381573527844a1ade786f18631944558defffb9a00900ca55f97ec726126b":"59255e5cd2221316c945bd614471df76d5b2f394b8829de82e5c30bc178565e2":"5739bc14f0f2ef9d3393928aee67b0908adaf587650928916d8ae78b0077a3b3":"6b236cf0ee0dba0c92b26c60235d3868715a80c0efbc0c898b6f0b1ace8146e9":"8374b571d7f2d94ce2bdadeb9d815397"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"2b65b56de410ee82e55bd2bf80e6cee356a37c3a3aa7042df45fa750a74e097b071fc18d6eed96523dd4fbb677b8c729":"bf03a6b3e8e23ff53369b971217dc3d3f4c1211329c94847347b3aa77dc7a3e0670381573527844a1ade786f18631944558defffb9a00900ca55f97ec726126b":"59255e5cd2221316c945bd614471df76d5b2f394b8829de82e5c30bc178565e2":"5739bc14f0f2ef9d3393928aee67b0908adaf587650928916d8ae78b0077a3b3":"6b236cf0ee0dba0c92b26c60235d3868715a80c0efbc0c898b6f0b1ace8146e9":"8374b571d7f2d94ce2bdadeb9d815397"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #11
-ctr_drbg_validate_nopr:"8756ee2c5e381c7c1dc530748b76a6274ef6583090e555d85210e2356feb2974a8f15119a04e9b481cd3bc557a197b8e":"19705743eaaaa0e8890a0faa2e0df37c820d556c7a45f04d76276f9f9ce2e7c133258ae6d1ba9cdf7745d01745763d18dcd1af2c9e9b0bed2806e60f0f9b636c":"2b4a92b682e9a557466af97b735e2ffdbac3bfc31fd5be2cd212cfbd4b8d690a":"e86504f10317bbeab346f3b9e4b310cbe9fbd81a42054f358eacd08cccab6eff":"19ffad856a6675268cc464ca6fdb8afd0912143e552668528d1484c9a54592cf":"f347fd58aff2999530e258be77591701"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"8756ee2c5e381c7c1dc530748b76a6274ef6583090e555d85210e2356feb2974a8f15119a04e9b481cd3bc557a197b8e":"19705743eaaaa0e8890a0faa2e0df37c820d556c7a45f04d76276f9f9ce2e7c133258ae6d1ba9cdf7745d01745763d18dcd1af2c9e9b0bed2806e60f0f9b636c":"2b4a92b682e9a557466af97b735e2ffdbac3bfc31fd5be2cd212cfbd4b8d690a":"e86504f10317bbeab346f3b9e4b310cbe9fbd81a42054f358eacd08cccab6eff":"19ffad856a6675268cc464ca6fdb8afd0912143e552668528d1484c9a54592cf":"f347fd58aff2999530e258be77591701"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #12
-ctr_drbg_validate_nopr:"f58be57e5035d5c455b17a41ccf7542ffd77f5c009e0a737118ed6c4188f78fcbdbe946bf82e1fa50fd81691de82dcf3":"f9939592ab2b31d92ac72673da013a588ea17bbf02cfd6e79d79f8296601633d04ceb005110f266e6100040ef33194858def8b535314c73caa0e48fc4d2f6e2d":"bb1cb21a316d4b88093cbfc7917d614dca97090cdc8bb340d864547cb3e1fef6":"7e42d5439d81680c8edf5c571d548699730cfada33b650a4d510172a42b298bb":"e9e3cf180f72ba2c1a45d0a94b822943612143e0b642398796b0428ae1af6cf5":"d0c83a4bf3517648b441d411ddcb808c"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"f58be57e5035d5c455b17a41ccf7542ffd77f5c009e0a737118ed6c4188f78fcbdbe946bf82e1fa50fd81691de82dcf3":"f9939592ab2b31d92ac72673da013a588ea17bbf02cfd6e79d79f8296601633d04ceb005110f266e6100040ef33194858def8b535314c73caa0e48fc4d2f6e2d":"bb1cb21a316d4b88093cbfc7917d614dca97090cdc8bb340d864547cb3e1fef6":"7e42d5439d81680c8edf5c571d548699730cfada33b650a4d510172a42b298bb":"e9e3cf180f72ba2c1a45d0a94b822943612143e0b642398796b0428ae1af6cf5":"d0c83a4bf3517648b441d411ddcb808c"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #13
-ctr_drbg_validate_nopr:"898064243e44ff67151736ce8bb6f1c759cab4aaca9b87543a1ac984ef955cd5db76c1aa56aff83f1f6799f18fe531cc":"b8d6be3036eeb5657fb10766354d4be897bd27973b3530270ccc02a08169a2e437b30a3635eb6ccb310f319257f58d8aa030c8aab616418e0914a46131306a0c":"37572428df5826e6ae5ce95db4ef63f41e908f685204a7b64edb9f473c41e45c":"28beda0e0e346b447d32208c6b4c42dcd567acfe1e483fb4a95ea82cb8ce55a5":"7a0fffa541d723e16340eeb960b1b9c9aae912477e0ebfac03f8f1a3a8bdc531":"611c9f6fc5193dbe3db96cbcd276168a"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"898064243e44ff67151736ce8bb6f1c759cab4aaca9b87543a1ac984ef955cd5db76c1aa56aff83f1f6799f18fe531cc":"b8d6be3036eeb5657fb10766354d4be897bd27973b3530270ccc02a08169a2e437b30a3635eb6ccb310f319257f58d8aa030c8aab616418e0914a46131306a0c":"37572428df5826e6ae5ce95db4ef63f41e908f685204a7b64edb9f473c41e45c":"28beda0e0e346b447d32208c6b4c42dcd567acfe1e483fb4a95ea82cb8ce55a5":"7a0fffa541d723e16340eeb960b1b9c9aae912477e0ebfac03f8f1a3a8bdc531":"611c9f6fc5193dbe3db96cbcd276168a"
CTR_DRBG NIST Validation (AES-256 use df,False,256,128,256,256) #14
-ctr_drbg_validate_nopr:"50de72903b9d99764123ffaa0c721e14ad1ab5c46a34c040f25324ba1d937b8ef10467161fcf2978c2a680ac5570c6d2":"5c9954fd0143e62c3bf2d5734052e3c9370f7b9d75c70f58fe33b12e3997ee2c8db84f8467affd7cfd9a9e7ec60da6f31bf9bf32aedf644e4934bd1fc916bc8d":"d5dc4c9fc7171fcbfdaead558a565ffd55d245a58b22ad1666ee05131e33f49e":"ea3114e92e6a19f53b207a0a54cd363a6d053fed0a827f92556f0a8580f7a342":"53686f069b455af4692888d11fac15cf7b4bd38e198de4e62b7098f875198a75":"9fb0df053e0345e5640aa97fedef50a6"
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_between:"50de72903b9d99764123ffaa0c721e14ad1ab5c46a34c040f25324ba1d937b8ef10467161fcf2978c2a680ac5570c6d2":"5c9954fd0143e62c3bf2d5734052e3c9370f7b9d75c70f58fe33b12e3997ee2c8db84f8467affd7cfd9a9e7ec60da6f31bf9bf32aedf644e4934bd1fc916bc8d":"d5dc4c9fc7171fcbfdaead558a565ffd55d245a58b22ad1666ee05131e33f49e":"ea3114e92e6a19f53b207a0a54cd363a6d053fed0a827f92556f0a8580f7a342":"53686f069b455af4692888d11fac15cf7b4bd38e198de4e62b7098f875198a75":"9fb0df053e0345e5640aa97fedef50a6"
+
+CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,0) block 1 #0
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"496f25b0f1301b4f501be30380a137eb":"36401940fa8b1fba91a1661f211d78a0b9389a74e5bccfece8d766af1a6d3b14":"":"":"5862eb38bd558dd978a696e6df164782ddd887e7e9a6c9f3f1fbafb78941b535a64912dfd224c6dc7454e5250b3d97165e16260c2faf1cc7735cb75fb4f07e1d"
+
+CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,256) block 1 #0
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"41c71a24d17d974190982bb7515ce7f5":"8148d65d86513ce7d38923ec2f26b9e7c677dcc8997e325b7372619e753ed944":"55b446046c2d14bdd0cdba4b71873fd4762650695a11507949462da8d964ab6a":"91468f1a097d99ee339462ca916cb4a10f63d53850a4f17f598eac490299b02e":"54603d1a506132bbfa05b153a04f22a1d516cc46323cef15111af221f030f38d6841d4670518b4914a4631af682e7421dffaac986a38e94d92bfa758e2eb101f"
+
+CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,0) block 2 #0
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"bac0fdc0c417aa269bbdea77e928f9f8":"8b0bcb3f932170416739ea42e7dcdc6fa960645bc018820134f714b3c6912b56":"":"":"d9c4fd81f6621a8cf06d612e9a84b80fa13d098dceaf2c083dc81cd80caedd105c7f2789963a167d72f76e81178001fd93de4623c260fe9eebced89f7b4b047a"
+
+CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,256) block 2 #0
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"69ff3310141dbf3ece409ade58745113":"d67439abf1e162e5b25941605a8aeba7d686dec133257f6c220e1c595e954a07":"03e795be8379c481cb32534011ca6bf524dc754978ee5ebee475129ad39eca98":"5685c7330f33004515f8c0ab27f2a1cbe0c8a4a6806d6c8486e0217b43e859f2":"a6d22a4370251c51978fedc7e7753c78179ed1943d2ff1b5a374860106041a304b124d47cfa304c909f7d417843846d52dcc7ebcf5c93afef885c893b40c81ed"
+
+CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,0) block 3 #0
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"aaa46610681167ff8d4d2c51e77911d4":"58a5f79da44b9f23a98a39352972ad16031fe13637bd18d6cb6c9f5269d8e240":"":"":"c1714f89459ce746b151509e5066d4811a06ad06c1e9b13b50c0fc7cdd77ceedc233908ebe1ea8140ec2dc262a43201be667008e081e5476b19b27214111d325"
+
+CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,256) block 3 #0
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"6ca848651d420fb02f9b66f06b377e59":"001ec3b192ddc765553e15742dffeb21cc7d97a4bcf866e3664d8a5ecb4c2463":"99f139ab5ee4f7eed6148e82d79ad5f2b9fa638d574e5db79b650c0e682ca466":"6e7bf0ae28a797ccbb47101f26bfe5a0b1e450c57aedf731272411fa7b6c4ed4":"865b6dd4363c5940d6228cc90ba8f1a21efbaa99b0c7b37361f7fed7e969a97b68d550dd6ad4bbfaf6626779bfb43c66845c2923df9f55307c8bc9f0a3872fa7"
+
+CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,0) block 4 #0
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"1c6a80d82012c39c9f14a808643f08e7":"4ee68b3352b874e1cc29375028851dee9d5dfd88a40664c79e2b724fb11b2808":"":"":"7c58d2a5522a88341fb55facefdb6e24840cae283948d53148a384e13b5407d7712c33434bd3d19448b43270c54860bf3495579057c70bff3084dddff08a091d"
+
+CTR_DRBG CAVS 14.3 (AES-256 no df,no reseed,256,128,0,256) block 4 #0
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"70bdedbc6825c4fe0a9f7e45290ddd51":"481e505bf7a36f9d96690d49154d98d6a247c14a703dbfed7cf1b7a71bee737f":"5b07610c2c946eda2975a26ddadf7d73e3d287e923d9b1a2d2070776a446d8e6":"2792a988ebb2e768eee0d5c263bcd76a675d6f339e5f1ab2ca595e6b3b4d024a":"303448a355fc0a69a130b6ab194997b220970bf680914913da904e92109dee3d9f23871130c407045cf463ce783a5dfafd603a8384790573af385d479acd7206"
+
+CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,0) block 1 #0
+depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"aad471ef3ef1d203":"890eb067acf7382eff80b0c73bc872c6":"":"":"a5514ed7095f64f3d0d3a5760394ab42062f373a25072a6ea6bcfd8489e94af6cf18659fea22ed1ca0a9e33f718b115ee536b12809c31b72b08ddd8be1910fa3"
+
+CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,128) block 1 #0
+depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"026c768fd577b92a":"b408cefb5bc7157d3f26cb95a8b1d7ac":"5737ef81dee365b6dadb3feebf5d1084":"3368a516b3431a3daaa60dc8743c8297":"4e909ebb24147a0004063a5e47ee044fead610d62324bd0f963f756fb91361e8b87e3a76a398143fe88130fe1b547b661a6480c711b739f18a9df3ae51d41bc9"
+
+CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,0) block 2 #0
+depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"259195269ec11af6":"2d2ab564202918c4ef5b102dda385a18":"":"":"2c5cd79ed87622a91b8654c8903d852242cd49cb5df2d4b4150584301c59f01fd95a702ac157c84cc15f42c8211335672d8ce1291ef9b1def78149a04fa2697c"
+
+CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,128) block 2 #0
+depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"b25716931b6e3cc1":"adf5711f93d8c8997349429ccaedae0a":"abf8cd66dd39758b01d7dbb99ab17dc3":"4be0f6b2755377c6e881fbb261b56beb":"d420604dee6467492db5957c86207a708fd242ed67942aed299425335c83b41437418582f41bc7fc0ef0d6927f34d83acd67c70133644fd711dd5a65731f9f02"
+
+CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,0) block 3 #0
+depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"38aa5590f6bfaa4b":"2e1724db482232a3e61f92c1c266faf8":"":"":"4438b48a45fb0141e31f0a9624dfe6fcc2f9edc075c0a52bc5fc46d85a966c853feee6af913234b3f9a679f667898dc15a24aaed89f035bfa5da516e435bbad1"
+
+CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,128) block 3 #0
+depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"111d8612a0f04e2a":"9bfaefb698b1b5fcc62db2c16498c33a":"aedbe02847b1b08b6a673bdf25b0224c":"9901ead62ce56573b0f71cd020fe3469":"dff8bf2aec531f8532607e738bd79f91d6085cb19568b7b0240ce6a6b371a282bafcdba02137df990535d9ebf0ba77117751626b2678aca7be4decfd6b9d4b38"
+
+CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,0) block 4 #0
+depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"e78c5571c5f926f9":"6bdf5332bdce4655d45c2cfea897b000":"":"":"e0715688765a3285e7b7db555f277924e7171f7541bf26122b13dbaaa39f9e2b0345c659583ff8c9cfd888f1abd2f3b36a7c9d47c687b01c819a9f9888542e0f"
+
+CTR_DRBG CAVS 14.3 (AES-128 use df,no reseed,128,64,0,128) block 4 #0
+depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_no_reseed:"7ee2614ead3c128e":"8b80936e69c67edb771c28f9b9452124":"fc35cba97a1e211bc420e8af53f8e13c":"fba438aaa75a3cd4cd0cce399bfec74a":"6721cc1ada5ebc1713f74c759000765652eeb5f3f9c24fb9341b36a369cec1d27ea80d6b73b56047af07138c5a43c99a87753115c471b8587ea65fa2065e3ce0"
+
+CTR_DRBG CAVS 14.3 (AES-256 use df,False,256,128,0,0) #0
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_first:"0bf814b411f65ec4866be1abb59d3c32":"2d4c9f46b981c6a0b2b5d8c69391e569ff13851437ebc0fc00d616340252fed593500fae4fa32b86033b7a7bac9d37e710dcc67ca266bc8607d665937766d207":"":"":"":"322dd28670e75c0ea638f3cb68d6a9d6e50ddfd052b772a7b1d78263a7b8978b6740c2b65a9550c3a76325866fa97e16d74006bc96f26249b9f0a90d076f08e5"
+
+CTR_DRBG CAVS 14.3 (AES-128 use df,False,128,64,0,0) #0
+depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_reseed_first:"5209e5b4ed82a234":"0f65da13dca407999d4773c2b4a11d851dea0a12c52bf64339dd291c80d8ca89":"":"":"":"2859cc468a76b08661ffd23b28547ffd0997ad526a0f51261b99ed3a37bd407bf418dbe6c6c3e26ed0ddefcb7474d899bd99f3655427519fc5b4057bcaf306d4"
+
+CTR_DRBG CAVS 14.3 (AES-256 use df,True,256,128,0,0) #0
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_pr:"a2d015f22d854e29de278d910c573de5":"16a1f035388cd8d956026e3b0117cb524dd3eb563f9a7720bb7dcb0fc6fbe743cf140bcd4d7130e7e3ea14046c56442b57c43b34ad219553e7105c18f6e561afe27c9f0be60d82d6cc474efb7fc737b16a6895d9a3a45b971d19b743c1a4ac8f":"":"":"b4e8395bcb7503410a94633f70e9904a5b30e62c35bc6dd2a03496c4a49932e184fbffdbcf1de1c72c50d36dc2ae8f04f40f96aae159c3fb816ca16df99b6c3e"
+
+CTR_DRBG CAVS 14.3 (AES-128 use df,True,128,64,0,0) #0
+depends_on:MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ctr_drbg_validate_pr:"d4f1f4ae08bcb3e1":"5d4041942bcf68864a4997d8171f1f9fef55a769b7eaf03fe082029bb32a2b9d8239e865c0a42e14b964b9c09de85a20":"":"":"4155320287eedcf7d484c2c2a1e2eb64b9c9ce77c87202a1ae1616c7a5cfd1c687c7a0bfcc85bda48fdd4629fd330c22d0a76076f88fc7cd04037ee06b7af602"
CTR_DRBG entropy usage
ctr_drbg_entropy_usage:
@@ -731,5 +1083,6 @@
ctr_drbg_special_behaviours:
CTR_DRBG self test
+depends_on:!MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
ctr_drbg_selftest:
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index d8ffebe..4a97826 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -1,14 +1,97 @@
/* BEGIN_HEADER */
+#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
+#include "string.h"
-static int test_offset_idx;
+/* Modes for ctr_drbg_validate */
+enum reseed_mode
+{
+ RESEED_NEVER, /* never reseed */
+ RESEED_FIRST, /* instantiate, reseed, generate, generate */
+ RESEED_SECOND, /* instantiate, generate, reseed, generate */
+ RESEED_ALWAYS /* prediction resistance, no explicit reseed */
+};
+
+static size_t test_offset_idx = 0;
+static size_t test_max_idx = 0;
static int mbedtls_test_entropy_func( void *data, unsigned char *buf, size_t len )
{
const unsigned char *p = (unsigned char *) data;
+ if( test_offset_idx + len > test_max_idx )
+ return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
memcpy( buf, p + test_offset_idx, len );
test_offset_idx += len;
return( 0 );
}
+
+static void ctr_drbg_validate_internal( int reseed_mode, data_t * nonce,
+ int entropy_len_arg, data_t * entropy,
+ data_t * reseed,
+ data_t * add1, data_t * add2,
+ data_t * result )
+{
+ mbedtls_ctr_drbg_context ctx;
+ unsigned char buf[64];
+
+ size_t entropy_chunk_len = (size_t) entropy_len_arg;
+
+ TEST_ASSERT( entropy_chunk_len <= sizeof( buf ) );
+
+ test_offset_idx = 0;
+ mbedtls_ctr_drbg_init( &ctx );
+
+ test_max_idx = entropy->len;
+
+ /* CTR_DRBG_Instantiate(entropy[:entropy->len], nonce, perso, <ignored>)
+ * where nonce||perso = nonce[nonce->len] */
+ TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len(
+ &ctx,
+ mbedtls_test_entropy_func, entropy->x,
+ nonce->x, nonce->len,
+ entropy_chunk_len ) == 0 );
+ if( reseed_mode == RESEED_ALWAYS )
+ mbedtls_ctr_drbg_set_prediction_resistance(
+ &ctx,
+ MBEDTLS_CTR_DRBG_PR_ON );
+
+ if( reseed_mode == RESEED_FIRST )
+ {
+ /* CTR_DRBG_Reseed(entropy[idx:idx+entropy->len],
+ * reseed[:reseed->len]) */
+ TEST_ASSERT( mbedtls_ctr_drbg_reseed(
+ &ctx,
+ reseed->x, reseed->len ) == 0 );
+ }
+
+ /* CTR_DRBG_Generate(result->len * 8 bits, add1[:add1->len]) -> buf */
+ /* Then reseed if prediction resistance is enabled. */
+ TEST_ASSERT( mbedtls_ctr_drbg_random_with_add(
+ &ctx,
+ buf, result->len,
+ add1->x, add1->len ) == 0 );
+
+
+ if( reseed_mode == RESEED_SECOND )
+ {
+ /* CTR_DRBG_Reseed(entropy[idx:idx+entropy->len],
+ * reseed[:reseed->len]) */
+ TEST_ASSERT( mbedtls_ctr_drbg_reseed(
+ &ctx,
+ reseed->x, reseed->len ) == 0 );
+ }
+
+ /* CTR_DRBG_Generate(result->len * 8 bits, add2->x[:add2->len]) -> buf */
+ /* Then reseed if prediction resistance is enabled. */
+ TEST_ASSERT( mbedtls_ctr_drbg_random_with_add(
+ &ctx,
+ buf, result->len,
+ add2->x, add2->len ) == 0 );
+ TEST_ASSERT( memcmp( buf, result->x, result->len ) == 0 );
+
+exit:
+ mbedtls_ctr_drbg_free( &ctx );
+}
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -49,92 +132,76 @@
}
/* END_CASE */
+
/* BEGIN_CASE */
-void ctr_drbg_validate_pr( char *add_init_string, char *entropy_string,
- char *add1_string, char *add2_string,
- char *result_str )
+void ctr_drbg_validate_no_reseed( data_t * add_init, data_t * entropy,
+ data_t * add1, data_t * add2,
+ data_t * result_string )
{
- unsigned char entropy[512];
- unsigned char add_init[512];
- unsigned char add1[512];
- unsigned char add2[512];
- mbedtls_ctr_drbg_context ctx;
- unsigned char buf[512];
- unsigned char output_str[512];
- int add_init_len, add1_len, add2_len;
-
- mbedtls_ctr_drbg_init( &ctx );
- memset( output_str, 0, 512 );
-
- unhexify( entropy, entropy_string );
- add_init_len = unhexify( add_init, add_init_string );
- add1_len = unhexify( add1, add1_string );
- add2_len = unhexify( add2, add2_string );
-
- test_offset_idx = 0;
- TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy, add_init, add_init_len, 32 ) == 0 );
- mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
-
- TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add1, add1_len ) == 0 );
- TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add2, add2_len ) == 0 );
- hexify( output_str, buf, 16 );
- TEST_ASSERT( strcmp( (char *) output_str, result_str ) == 0 );
-
-exit:
- mbedtls_ctr_drbg_free( &ctx );
+ data_t empty = { 0, 0 };
+ ctr_drbg_validate_internal( RESEED_NEVER, add_init,
+ entropy->len, entropy,
+ &empty, add1, add2,
+ result_string );
+ goto exit; // goto is needed to avoid warning ( no test assertions in func)
}
/* END_CASE */
/* BEGIN_CASE */
-void ctr_drbg_validate_nopr( char *add_init_string, char *entropy_string,
- char *add1_string, char *add_reseed_string,
- char *add2_string, char *result_str )
+void ctr_drbg_validate_pr( data_t * add_init, data_t * entropy,
+ data_t * add1, data_t * add2,
+ data_t * result_string )
{
- unsigned char entropy[512];
- unsigned char add_init[512];
- unsigned char add1[512];
- unsigned char add_reseed[512];
- unsigned char add2[512];
- mbedtls_ctr_drbg_context ctx;
- unsigned char buf[512];
- unsigned char output_str[512];
- int add_init_len, add1_len, add_reseed_len, add2_len;
-
- mbedtls_ctr_drbg_init( &ctx );
- memset( output_str, 0, 512 );
-
- unhexify( entropy, entropy_string );
- add_init_len = unhexify( add_init, add_init_string );
- add1_len = unhexify( add1, add1_string );
- add_reseed_len = unhexify( add_reseed, add_reseed_string );
- add2_len = unhexify( add2, add2_string );
-
- test_offset_idx = 0;
- TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy, add_init, add_init_len, 32 ) == 0 );
-
- TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add1, add1_len ) == 0 );
- TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, add_reseed, add_reseed_len ) == 0 );
- TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add2, add2_len ) == 0 );
- hexify( output_str, buf, 16 );
- TEST_ASSERT( strcmp( (char *) output_str, result_str ) == 0 );
-
-exit:
- mbedtls_ctr_drbg_free( &ctx );
+ data_t empty = { 0, 0 };
+ ctr_drbg_validate_internal( RESEED_ALWAYS, add_init,
+ entropy->len / 3, entropy,
+ &empty, add1, add2,
+ result_string );
+ goto exit; // goto is needed to avoid warning ( no test assertions in func)
}
/* END_CASE */
/* BEGIN_CASE */
-void ctr_drbg_entropy_usage( )
+void ctr_drbg_validate_reseed_between( data_t * add_init, data_t * entropy,
+ data_t * add1, data_t * add_reseed,
+ data_t * add2, data_t * result_string )
+{
+ ctr_drbg_validate_internal( RESEED_SECOND, add_init,
+ entropy->len / 2, entropy,
+ add_reseed, add1, add2,
+ result_string );
+ goto exit; // goto is needed to avoid warning ( no test assertions in func)
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ctr_drbg_validate_reseed_first( data_t * add_init, data_t * entropy,
+ data_t * add1, data_t * add_reseed,
+ data_t * add2, data_t * result_string )
+{
+ ctr_drbg_validate_internal( RESEED_FIRST, add_init,
+ entropy->len / 2, entropy,
+ add_reseed, add1, add2,
+ result_string );
+ goto exit; // goto is needed to avoid warning ( no test assertions in func)
+}
+/* END_CASE */
+
+
+
+/* BEGIN_CASE */
+void ctr_drbg_entropy_usage( )
{
unsigned char out[16];
unsigned char add[16];
unsigned char entropy[1024];
mbedtls_ctr_drbg_context ctx;
size_t i, reps = 10;
- int last_idx;
+ size_t last_idx;
mbedtls_ctr_drbg_init( &ctx );
test_offset_idx = 0;
+ test_max_idx = sizeof( entropy );
memset( entropy, 0, sizeof( entropy ) );
memset( out, 0, sizeof( out ) );
memset( add, 0, sizeof( add ) );
@@ -177,9 +244,11 @@
}
TEST_ASSERT( last_idx == test_offset_idx );
- /* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT)
- * (just make sure it doesn't cause memory corruption) */
- mbedtls_ctr_drbg_update( &ctx, entropy, sizeof( entropy ) );
+ /* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT).
+ * Make sure it's detected as an error and doesn't cause memory
+ * corruption. */
+ TEST_ASSERT( mbedtls_ctr_drbg_update_ret(
+ &ctx, entropy, sizeof( entropy ) ) != 0 );
/* Now enable PR, so the next few calls should all reseed */
mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
@@ -203,7 +272,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void ctr_drbg_seed_file( char *path, int ret )
+void ctr_drbg_seed_file( char * path, int ret )
{
mbedtls_ctr_drbg_context ctx;
@@ -219,7 +288,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void ctr_drbg_selftest( )
+void ctr_drbg_selftest( )
{
TEST_ASSERT( mbedtls_ctr_drbg_self_test( 1 ) == 0 );
}
diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data
index 7f747d0..eb99b79 100644
--- a/tests/suites/test_suite_debug.data
+++ b/tests/suites/test_suite_debug.data
@@ -39,11 +39,11 @@
Debug print certificate #1 (RSA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2011-02-12 14\:44\:06\nMyFile(0999)\: expires on \: 2021-02-12 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
+mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
Debug print certificate #2 (EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2013-09-24 15\:49\:48\nMyFile(0999)\: expires on \: 2023-09-22 15\:49\:48\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
+mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
Debug print mbedtls_mpi #1
mbedtls_debug_print_mpi:16:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n"
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index 98f98b0..377d630 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -1,5 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/debug.h"
+#include "string.h"
struct buffer_data
{
@@ -47,8 +48,8 @@
*/
/* BEGIN_CASE */
-void debug_print_msg_threshold( int threshold, int level, char *file, int line,
- char *result_str )
+void debug_print_msg_threshold( int threshold, int level, char * file,
+ int line, char * result_str )
{
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
@@ -76,8 +77,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_debug_print_ret( char *file, int line, char *text, int value,
- char *result_str )
+void mbedtls_debug_print_ret( char * file, int line, char * text, int value,
+ char * result_str )
{
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
@@ -103,28 +104,24 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_debug_print_buf( char *file, int line, char *text,
- char *data_string, char *result_str )
+void mbedtls_debug_print_buf( char * file, int line, char * text,
+ data_t * data, char * result_str )
{
- unsigned char data[10000];
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
struct buffer_data buffer;
- size_t data_len;
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
- memset( &data, 0, sizeof( data ) );
memset( buffer.buf, 0, 2000 );
buffer.ptr = buffer.buf;
- data_len = unhexify( data, data_string );
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
- mbedtls_debug_print_buf( &ssl, 0, file, line, text, data, data_len );
+ mbedtls_debug_print_buf( &ssl, 0, file, line, text, data->x, data->len );
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
@@ -135,8 +132,8 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_debug_print_crt( char *crt_file, char *file, int line,
- char *prefix, char *result_str )
+void mbedtls_debug_print_crt( char * crt_file, char * file, int line,
+ char * prefix, char * result_str )
{
mbedtls_x509_crt crt;
mbedtls_ssl_context ssl;
@@ -166,8 +163,8 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_BIGNUM_C */
-void mbedtls_debug_print_mpi( int radix, char *value, char *file, int line,
- char *prefix, char *result_str )
+void mbedtls_debug_print_mpi( int radix, char * value, char * file, int line,
+ char * prefix, char * result_str )
{
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function
index 2e73a77..b5acb7b 100644
--- a/tests/suites/test_suite_des.function
+++ b/tests/suites/test_suite_des.function
@@ -8,42 +8,27 @@
*/
/* BEGIN_CASE */
-void des_check_weak( char *key_hex, int ret )
+void des_check_weak( data_t * key, int ret )
{
- unsigned char key[MBEDTLS_DES_KEY_SIZE];
-
- memset( key, 0, sizeof key );
-
- unhexify( key, key_hex );
-
- TEST_ASSERT( mbedtls_des_key_check_weak( key ) == ret );
+ TEST_ASSERT( mbedtls_des_key_check_weak( key->x ) == ret );
}
/* END_CASE */
/* BEGIN_CASE */
-void des_encrypt_ecb( char *hex_key_string, char *hex_src_string,
- char *hex_dst_string )
+void des_encrypt_ecb( data_t * key_str, data_t * src_str,
+ data_t * hex_dst_string )
{
- unsigned char key_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_des_context ctx;
- memset(key_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_des_init( &ctx );
- unhexify( key_str, hex_key_string );
- unhexify( src_str, hex_src_string );
- mbedtls_des_setkey_enc( &ctx, key_str );
- TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str, output ) == 0 );
- hexify( dst_str, output, 8 );
+ mbedtls_des_setkey_enc( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
exit:
mbedtls_des_free( &ctx );
@@ -51,29 +36,20 @@
/* END_CASE */
/* BEGIN_CASE */
-void des_decrypt_ecb( char *hex_key_string, char *hex_src_string,
- char *hex_dst_string )
+void des_decrypt_ecb( data_t * key_str, data_t * src_str,
+ data_t * hex_dst_string )
{
- unsigned char key_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_des_context ctx;
- memset(key_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_des_init( &ctx );
- unhexify( key_str, hex_key_string );
- unhexify( src_str, hex_src_string );
- mbedtls_des_setkey_dec( &ctx, key_str );
- TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str, output ) == 0 );
- hexify( dst_str, output, 8 );
+ mbedtls_des_setkey_dec( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
exit:
mbedtls_des_free( &ctx );
@@ -81,35 +57,23 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des_encrypt_cbc( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string, int cbc_result )
+void des_encrypt_cbc( data_t * key_str, data_t * iv_str,
+ data_t * src_str, data_t * hex_dst_string,
+ int cbc_result )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_des_context ctx;
- int src_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_des_init( &ctx );
- unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- src_len = unhexify( src_str, hex_src_string );
- mbedtls_des_setkey_enc( &ctx, key_str );
- TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_ENCRYPT, src_len, iv_str, src_str, output ) == cbc_result );
+ mbedtls_des_setkey_enc( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0 )
{
- hexify( dst_str, output, src_len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
}
exit:
@@ -118,35 +82,23 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des_decrypt_cbc( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string, int cbc_result )
+void des_decrypt_cbc( data_t * key_str, data_t * iv_str,
+ data_t * src_str, data_t * hex_dst_string,
+ int cbc_result )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_des_context ctx;
- int src_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_des_init( &ctx );
- unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- src_len = unhexify( src_str, hex_src_string );
- mbedtls_des_setkey_dec( &ctx, key_str );
- TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_DECRYPT, src_len, iv_str, src_str, output ) == cbc_result );
+ mbedtls_des_setkey_dec( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0 )
{
- hexify( dst_str, output, src_len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
}
exit:
@@ -155,35 +107,26 @@
/* END_CASE */
/* BEGIN_CASE */
-void des3_encrypt_ecb( int key_count, char *hex_key_string,
- char *hex_src_string, char *hex_dst_string )
+void des3_encrypt_ecb( int key_count, data_t * key_str,
+ data_t * src_str, data_t * hex_dst_string )
{
- unsigned char key_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_des3_context ctx;
- memset(key_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_des3_init( &ctx );
- unhexify( key_str, hex_key_string );
- unhexify( src_str, hex_src_string );
if( key_count == 2 )
- mbedtls_des3_set2key_enc( &ctx, key_str );
+ mbedtls_des3_set2key_enc( &ctx, key_str->x );
else if( key_count == 3 )
- mbedtls_des3_set3key_enc( &ctx, key_str );
+ mbedtls_des3_set3key_enc( &ctx, key_str->x );
else
TEST_ASSERT( 0 );
- TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str, output ) == 0 );
- hexify( dst_str, output, 8 );
+ TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
exit:
mbedtls_des3_free( &ctx );
@@ -191,35 +134,26 @@
/* END_CASE */
/* BEGIN_CASE */
-void des3_decrypt_ecb( int key_count, char *hex_key_string,
- char *hex_src_string, char *hex_dst_string )
+void des3_decrypt_ecb( int key_count, data_t * key_str,
+ data_t * src_str, data_t * hex_dst_string )
{
- unsigned char key_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_des3_context ctx;
- memset(key_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_des3_init( &ctx );
- unhexify( key_str, hex_key_string );
- unhexify( src_str, hex_src_string );
if( key_count == 2 )
- mbedtls_des3_set2key_dec( &ctx, key_str );
+ mbedtls_des3_set2key_dec( &ctx, key_str->x );
else if( key_count == 3 )
- mbedtls_des3_set3key_dec( &ctx, key_str );
+ mbedtls_des3_set3key_dec( &ctx, key_str->x );
else
TEST_ASSERT( 0 );
- TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str, output ) == 0 );
- hexify( dst_str, output, 8 );
+ TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
exit:
mbedtls_des3_free( &ctx );
@@ -227,43 +161,30 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des3_encrypt_cbc( int key_count, char *hex_key_string,
- char *hex_iv_string, char *hex_src_string,
- char *hex_dst_string, int cbc_result )
+void des3_encrypt_cbc( int key_count, data_t * key_str,
+ data_t * iv_str, data_t * src_str,
+ data_t * hex_dst_string, int cbc_result )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_des3_context ctx;
- int src_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_des3_init( &ctx );
- unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- src_len = unhexify( src_str, hex_src_string );
if( key_count == 2 )
- mbedtls_des3_set2key_enc( &ctx, key_str );
+ mbedtls_des3_set2key_enc( &ctx, key_str->x );
else if( key_count == 3 )
- mbedtls_des3_set3key_enc( &ctx, key_str );
+ mbedtls_des3_set3key_enc( &ctx, key_str->x );
else
TEST_ASSERT( 0 );
- TEST_ASSERT( mbedtls_des3_crypt_cbc( &ctx, MBEDTLS_DES_ENCRYPT, src_len, iv_str, src_str, output ) == cbc_result );
+ TEST_ASSERT( mbedtls_des3_crypt_cbc( &ctx, MBEDTLS_DES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0 )
{
- hexify( dst_str, output, src_len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
}
exit:
@@ -272,43 +193,30 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des3_decrypt_cbc( int key_count, char *hex_key_string,
- char *hex_iv_string, char *hex_src_string,
- char *hex_dst_string, int cbc_result )
+void des3_decrypt_cbc( int key_count, data_t * key_str,
+ data_t * iv_str, data_t * src_str,
+ data_t * hex_dst_string, int cbc_result )
{
- unsigned char key_str[100];
- unsigned char iv_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_des3_context ctx;
- int src_len;
- memset(key_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
mbedtls_des3_init( &ctx );
- unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- src_len = unhexify( src_str, hex_src_string );
if( key_count == 2 )
- mbedtls_des3_set2key_dec( &ctx, key_str );
+ mbedtls_des3_set2key_dec( &ctx, key_str->x );
else if( key_count == 3 )
- mbedtls_des3_set3key_dec( &ctx, key_str );
+ mbedtls_des3_set3key_dec( &ctx, key_str->x );
else
TEST_ASSERT( 0 );
- TEST_ASSERT( mbedtls_des3_crypt_cbc( &ctx, MBEDTLS_DES_DECRYPT, src_len, iv_str, src_str, output ) == cbc_result );
+ TEST_ASSERT( mbedtls_des3_crypt_cbc( &ctx, MBEDTLS_DES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0 )
{
- hexify( dst_str, output, src_len );
- TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
}
exit:
@@ -317,7 +225,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void des_key_parity_run()
+void des_key_parity_run( )
{
int i, j, cnt;
unsigned char key[MBEDTLS_DES_KEY_SIZE];
@@ -360,7 +268,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void des_selftest()
+void des_selftest( )
{
TEST_ASSERT( mbedtls_des_self_test( 1 ) == 0 );
}
diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data
index 734fd97..edebce0 100644
--- a/tests/suites/test_suite_dhm.data
+++ b/tests/suites/test_suite_dhm.data
@@ -1,3 +1,6 @@
+Diffie-Hellman parameter validation
+dhm_invalid_params:
+
Diffie-Hellman full exchange #1
dhm_do_dhm:10:"23":10:"5":0
diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function
index 4fd8fff..8a05a38 100644
--- a/tests/suites/test_suite_dhm.function
+++ b/tests/suites/test_suite_dhm.function
@@ -7,6 +7,113 @@
* END_DEPENDENCIES
*/
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void dhm_invalid_params( )
+{
+ mbedtls_dhm_context ctx;
+ unsigned char buf[42] = { 0 };
+ unsigned char *buf_null = NULL;
+ mbedtls_mpi X;
+ size_t const buflen = sizeof( buf );
+ size_t len;
+
+ TEST_INVALID_PARAM( mbedtls_dhm_init( NULL ) );
+ TEST_VALID_PARAM( mbedtls_dhm_free( NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_read_params( NULL,
+ (unsigned char**) &buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_read_params( &ctx, &buf_null, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_read_params( &ctx, NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_read_params( &ctx,
+ (unsigned char**) &buf,
+ NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_make_params( NULL, buflen,
+ buf, &len,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_make_params( &ctx, buflen,
+ NULL, &len,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_make_params( &ctx, buflen,
+ buf, NULL,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_make_params( &ctx, buflen,
+ buf, &len,
+ NULL,
+ NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_set_group( NULL, &X, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_set_group( &ctx, NULL, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_set_group( &ctx, &X, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_read_public( NULL, buf, buflen ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_read_public( &ctx, NULL, buflen ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_make_public( NULL, buflen,
+ buf, buflen,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_make_public( &ctx, buflen,
+ NULL, buflen,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_make_public( &ctx, buflen,
+ buf, buflen,
+ NULL,
+ NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_calc_secret( NULL, buf, buflen,
+ &len, rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_calc_secret( &ctx, NULL, buflen,
+ &len, rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_calc_secret( &ctx, buf, buflen,
+ NULL, rnd_std_rand,
+ NULL ) );
+
+#if defined(MBEDTLS_ASN1_PARSE_C)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_parse_dhm( NULL, buf, buflen ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_parse_dhm( &ctx, NULL, buflen ) );
+
+#if defined(MBEDTLS_FS_IO)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_parse_dhmfile( NULL, "" ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
+ mbedtls_dhm_parse_dhmfile( &ctx, NULL ) );
+#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
+exit:
+ return;
+}
+/* END_CASE */
+
/* BEGIN_CASE */
void dhm_do_dhm( int radix_P, char *input_P,
int radix_G, char *input_G, int result )
@@ -100,7 +207,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void dhm_file( char *filename, char *p, char *g, int len )
+void dhm_file( char * filename, char * p, char * g, int len )
{
mbedtls_dhm_context ctx;
mbedtls_mpi P, G;
@@ -124,7 +231,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void dhm_selftest()
+void dhm_selftest( )
{
TEST_ASSERT( mbedtls_dhm_self_test( 1 ) == 0 );
}
diff --git a/tests/suites/test_suite_ecdh.data b/tests/suites/test_suite_ecdh.data
index f7119de..fb4a232 100644
--- a/tests/suites/test_suite_ecdh.data
+++ b/tests/suites/test_suite_ecdh.data
@@ -1,3 +1,9 @@
+ECDH - Valid parameters
+ecdh_valid_param:
+
+ECDH - Invalid parameters
+ecdh_invalid_param:
+
ECDH primitive random #1
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecdh_primitive_random:MBEDTLS_ECP_DP_SECP192R1
@@ -37,3 +43,67 @@
ECDH exchange #2
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecdh_exchange:MBEDTLS_ECP_DP_SECP521R1
+
+ECDH restartable rfc 5903 p256 restart enabled max_ops=0 (disabled)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":1:0:0:0
+
+ECDH restartable rfc 5903 p256 restart enabled max_ops=1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":1:1:1:10000
+
+ECDH restartable rfc 5903 p256 restart enabled max_ops=10000
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":1:10000:0:0
+
+ECDH restartable rfc 5903 p256 restart enabled max_ops=250
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":1:250:2:32
+
+ECDH restartable rfc 5903 p256 restart disabled max_ops=0 (disabled)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":0:0:0:0
+
+ECDH restartable rfc 5903 p256 restart disabled max_ops=1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":0:1:0:0
+
+ECDH restartable rfc 5903 p256 restart disabled max_ops=10000
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":0:10000:0:0
+
+ECDH restartable rfc 5903 p256 restart disabled max_ops=250
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":0:250:0:0
+
+ECDH exchange legacy context
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecdh_exchange_legacy:MBEDTLS_ECP_DP_SECP192R1
+
+ECDH calc_secret: ours first, SECP256R1 (RFC 5903)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_SECP256R1:"c6ef9c5d78ae012a011164acb397ce2088685d8f06bf9be0b283ab46476bee53":"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":0:"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
+
+ECDH calc_secret: theirs first, SECP256R1 (RFC 5903)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_SECP256R1:"c6ef9c5d78ae012a011164acb397ce2088685d8f06bf9be0b283ab46476bee53":"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":1:"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
+
+ecdh calc_secret: ours first (Alice), curve25519 (rfc 7748)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_CURVE25519:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":"de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f":0:"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742"
+
+ecdh calc_secret: theirs first (Alice), curve25519 (rfc 7748)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_CURVE25519:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":"de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f":1:"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742"
+
+ecdh calc_secret: ours first (Bob), curve25519 (rfc 7748)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_CURVE25519:"5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb":"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":0:"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742"
+
+ECDH get_params with mismatched groups: our BP256R1, their SECP256R1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecdh_exchange_get_params_fail:MBEDTLS_ECP_DP_BP256R1:"1234567812345678123456781234567812345678123456781234567812345678":MBEDTLS_ECP_DP_SECP256R1:"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":0:MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+
+ECDH get_params with mismatched groups: their SECP256R1, our BP256R1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecdh_exchange_get_params_fail:MBEDTLS_ECP_DP_BP256R1:"1234567812345678123456781234567812345678123456781234567812345678":MBEDTLS_ECP_DP_SECP256R1:"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":1:MBEDTLS_ERR_ECP_BAD_INPUT_DATA
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index 4c6a97b..d6bed7f 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -1,5 +1,40 @@
/* BEGIN_HEADER */
#include "mbedtls/ecdh.h"
+
+static int load_public_key( int grp_id, data_t *point,
+ mbedtls_ecp_keypair *ecp )
+{
+ int ok = 0;
+ TEST_ASSERT( mbedtls_ecp_group_load( &ecp->grp, grp_id ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_point_read_binary( &ecp->grp,
+ &ecp->Q,
+ point->x,
+ point->len ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_check_pubkey( &ecp->grp,
+ &ecp->Q ) == 0 );
+ ok = 1;
+exit:
+ return( ok );
+}
+
+static int load_private_key( int grp_id, data_t *private_key,
+ mbedtls_ecp_keypair *ecp,
+ rnd_pseudo_info *rnd_info )
+{
+ int ok = 0;
+ TEST_ASSERT( mbedtls_ecp_read_key( grp_id, ecp,
+ private_key->x,
+ private_key->len ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_check_privkey( &ecp->grp, &ecp->d ) == 0 );
+ /* Calculate the public key from the private key. */
+ TEST_ASSERT( mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d,
+ &ecp->grp.G,
+ &rnd_pseudo_rand, rnd_info ) == 0 );
+ ok = 1;
+exit:
+ return( ok );
+}
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -8,6 +43,148 @@
*/
/* BEGIN_CASE */
+void ecdh_valid_param( )
+{
+ TEST_VALID_PARAM( mbedtls_ecdh_free( NULL ) );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void ecdh_invalid_param( )
+{
+ mbedtls_ecp_group grp;
+ mbedtls_ecdh_context ctx;
+ mbedtls_mpi m;
+ mbedtls_ecp_point P;
+ mbedtls_ecp_keypair kp;
+ size_t olen;
+ unsigned char buf[42] = { 0 };
+ const unsigned char *buf_null = NULL;
+ size_t const buflen = sizeof( buf );
+ int invalid_side = 42;
+ mbedtls_ecp_group_id valid_grp = MBEDTLS_ECP_DP_SECP192R1;
+
+ TEST_INVALID_PARAM( mbedtls_ecdh_init( NULL ) );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ TEST_INVALID_PARAM( mbedtls_ecdh_enable_restart( NULL ) );
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_gen_public( NULL, &m, &P,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_gen_public( &grp, NULL, &P,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_gen_public( &grp, &m, NULL,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_gen_public( &grp, &m, &P,
+ NULL, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_compute_shared( NULL, &m, &P, &m,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_compute_shared( &grp, NULL, &P, &m,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_compute_shared( &grp, &m, NULL, &m,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_compute_shared( &grp, &m, &P, NULL,
+ rnd_std_rand, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_setup( NULL, valid_grp ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_make_params( NULL, &olen,
+ buf, buflen,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_make_params( &ctx, NULL,
+ buf, buflen,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_make_params( &ctx, &olen,
+ NULL, buflen,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_make_params( &ctx, &olen,
+ buf, buflen,
+ NULL, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_read_params( NULL,
+ (const unsigned char**) &buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_read_params( &ctx, &buf_null,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_read_params( &ctx, NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_read_params( &ctx,
+ (const unsigned char**) &buf,
+ NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_get_params( NULL, &kp,
+ MBEDTLS_ECDH_OURS ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_get_params( &ctx, NULL,
+ MBEDTLS_ECDH_OURS ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_get_params( &ctx, &kp,
+ invalid_side ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_make_public( NULL, &olen,
+ buf, buflen,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_make_public( &ctx, NULL,
+ buf, buflen,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_make_public( &ctx, &olen,
+ NULL, buflen,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_make_public( &ctx, &olen,
+ buf, buflen,
+ NULL,
+ NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_read_public( NULL, buf, buflen ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_read_public( &ctx, NULL, buflen ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen,
+ rnd_std_rand,
+ NULL ) );
+
+exit:
+ return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void ecdh_primitive_random( int id )
{
mbedtls_ecp_group grp;
@@ -43,15 +220,13 @@
/* END_CASE */
/* BEGIN_CASE */
-void ecdh_primitive_testvec( int id, char *dA_str, char *xA_str, char *yA_str,
- char *dB_str, char *xB_str, char *yB_str,
- char *z_str )
+void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str,
+ char * yA_str, data_t * rnd_buf_B,
+ char * xB_str, char * yB_str, char * z_str )
{
mbedtls_ecp_group grp;
mbedtls_ecp_point qA, qB;
mbedtls_mpi dA, dB, zA, zB, check;
- unsigned char rnd_buf_A[MBEDTLS_ECP_MAX_BYTES];
- unsigned char rnd_buf_B[MBEDTLS_ECP_MAX_BYTES];
rnd_buf_info rnd_info_A, rnd_info_B;
mbedtls_ecp_group_init( &grp );
@@ -61,36 +236,36 @@
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- rnd_info_A.buf = rnd_buf_A;
- rnd_info_A.length = unhexify( rnd_buf_A, dA_str );
+ rnd_info_A.buf = rnd_buf_A->x;
+ rnd_info_A.length = rnd_buf_A->len;
- /* Fix rnd_buf_A by shifting it left if necessary */
+ /* Fix rnd_buf_A->x by shifting it left if necessary */
if( grp.nbits % 8 != 0 )
{
unsigned char shift = 8 - ( grp.nbits % 8 );
size_t i;
for( i = 0; i < rnd_info_A.length - 1; i++ )
- rnd_buf_A[i] = rnd_buf_A[i] << shift
- | rnd_buf_A[i+1] >> ( 8 - shift );
+ rnd_buf_A->x[i] = rnd_buf_A->x[i] << shift
+ | rnd_buf_A->x[i+1] >> ( 8 - shift );
- rnd_buf_A[rnd_info_A.length-1] <<= shift;
+ rnd_buf_A->x[rnd_info_A.length-1] <<= shift;
}
- rnd_info_B.buf = rnd_buf_B;
- rnd_info_B.length = unhexify( rnd_buf_B, dB_str );
+ rnd_info_B.buf = rnd_buf_B->x;
+ rnd_info_B.length = rnd_buf_B->len;
- /* Fix rnd_buf_B by shifting it left if necessary */
+ /* Fix rnd_buf_B->x by shifting it left if necessary */
if( grp.nbits % 8 != 0 )
{
unsigned char shift = 8 - ( grp.nbits % 8 );
size_t i;
for( i = 0; i < rnd_info_B.length - 1; i++ )
- rnd_buf_B[i] = rnd_buf_B[i] << shift
- | rnd_buf_B[i+1] >> ( 8 - shift );
+ rnd_buf_B->x[i] = rnd_buf_B->x[i] << shift
+ | rnd_buf_B->x[i+1] >> ( 8 - shift );
- rnd_buf_B[rnd_info_B.length-1] <<= shift;
+ rnd_buf_B->x[rnd_info_B.length-1] <<= shift;
}
TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA,
@@ -131,6 +306,171 @@
const unsigned char *vbuf;
size_t len;
rnd_pseudo_info rnd_info;
+ unsigned char res_buf[1000];
+ size_t res_len;
+
+ mbedtls_ecdh_init( &srv );
+ mbedtls_ecdh_init( &cli );
+ memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+
+ TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 );
+
+ memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
+ TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000,
+ &rnd_pseudo_rand, &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
+
+ memset( buf, 0x00, sizeof( buf ) );
+ TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000,
+ &rnd_pseudo_rand, &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
+
+ TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000,
+ &rnd_pseudo_rand, &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &res_len, res_buf, 1000,
+ NULL, NULL ) == 0 );
+ TEST_ASSERT( len == res_len );
+ TEST_ASSERT( memcmp( buf, res_buf, len ) == 0 );
+
+exit:
+ mbedtls_ecdh_free( &srv );
+ mbedtls_ecdh_free( &cli );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
+void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str,
+ int enable, int max_ops, int min_restart, int max_restart )
+{
+ int ret;
+ mbedtls_ecdh_context srv, cli;
+ unsigned char buf[1000];
+ const unsigned char *vbuf;
+ size_t len;
+ unsigned char z[MBEDTLS_ECP_MAX_BYTES];
+ size_t z_len;
+ unsigned char rnd_buf_A[MBEDTLS_ECP_MAX_BYTES];
+ unsigned char rnd_buf_B[MBEDTLS_ECP_MAX_BYTES];
+ rnd_buf_info rnd_info_A, rnd_info_B;
+ int cnt_restart;
+ mbedtls_ecp_group grp;
+
+ mbedtls_ecp_group_init( &grp );
+ mbedtls_ecdh_init( &srv );
+ mbedtls_ecdh_init( &cli );
+
+ z_len = unhexify( z, z_str );
+
+ rnd_info_A.buf = rnd_buf_A;
+ rnd_info_A.length = unhexify( rnd_buf_A, dA_str );
+
+ rnd_info_B.buf = rnd_buf_B;
+ rnd_info_B.length = unhexify( rnd_buf_B, dB_str );
+
+ /* The ECDH context is not guaranteed ot have an mbedtls_ecp_group structure
+ * in every configuration, therefore we load it separately. */
+ TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+
+ /* Otherwise we would have to fix the random buffer,
+ * as in ecdh_primitive_testvec. */
+ TEST_ASSERT( grp.nbits % 8 == 0 );
+
+ TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 );
+
+ /* set up restart parameters */
+ mbedtls_ecp_set_max_ops( max_ops );
+
+ if( enable )
+ {
+ mbedtls_ecdh_enable_restart( &srv );
+ mbedtls_ecdh_enable_restart( &cli );
+ }
+
+ /* server writes its parameters */
+ memset( buf, 0x00, sizeof( buf ) );
+ len = 0;
+
+ cnt_restart = 0;
+ do {
+ ret = mbedtls_ecdh_make_params( &srv, &len, buf, sizeof( buf ),
+ rnd_buffer_rand, &rnd_info_A );
+ } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+
+ TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( cnt_restart >= min_restart );
+ TEST_ASSERT( cnt_restart <= max_restart );
+
+ /* client read server params */
+ vbuf = buf;
+ TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
+
+ /* client writes its key share */
+ memset( buf, 0x00, sizeof( buf ) );
+ len = 0;
+
+ cnt_restart = 0;
+ do {
+ ret = mbedtls_ecdh_make_public( &cli, &len, buf, sizeof( buf ),
+ rnd_buffer_rand, &rnd_info_B );
+ } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+
+ TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( cnt_restart >= min_restart );
+ TEST_ASSERT( cnt_restart <= max_restart );
+
+ /* server reads client key share */
+ TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
+
+ /* server computes shared secret */
+ memset( buf, 0, sizeof( buf ) );
+ len = 0;
+
+ cnt_restart = 0;
+ do {
+ ret = mbedtls_ecdh_calc_secret( &srv, &len, buf, sizeof( buf ),
+ NULL, NULL );
+ } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+
+ TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( cnt_restart >= min_restart );
+ TEST_ASSERT( cnt_restart <= max_restart );
+
+ TEST_ASSERT( len == z_len );
+ TEST_ASSERT( memcmp( buf, z, len ) == 0 );
+
+ /* client computes shared secret */
+ memset( buf, 0, sizeof( buf ) );
+ len = 0;
+
+ cnt_restart = 0;
+ do {
+ ret = mbedtls_ecdh_calc_secret( &cli, &len, buf, sizeof( buf ),
+ NULL, NULL );
+ } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+
+ TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( cnt_restart >= min_restart );
+ TEST_ASSERT( cnt_restart <= max_restart );
+
+ TEST_ASSERT( len == z_len );
+ TEST_ASSERT( memcmp( buf, z, len ) == 0 );
+
+exit:
+ mbedtls_ecp_group_free( &grp );
+ mbedtls_ecdh_free( &srv );
+ mbedtls_ecdh_free( &cli );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ECDH_LEGACY_CONTEXT */
+void ecdh_exchange_legacy( int id )
+{
+ mbedtls_ecdh_context srv, cli;
+ unsigned char buf[1000];
+ const unsigned char *vbuf;
+ size_t len;
+
+ rnd_pseudo_info rnd_info;
mbedtls_ecdh_init( &srv );
mbedtls_ecdh_init( &cli );
@@ -145,12 +485,13 @@
memset( buf, 0x00, sizeof( buf ) );
TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000,
- &rnd_pseudo_rand, &rnd_info ) == 0 );
+ &rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000,
- &rnd_pseudo_rand, &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &len, buf, 1000, NULL, NULL ) == 0 );
+ &rnd_pseudo_rand, &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &len, buf, 1000, NULL,
+ NULL ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &srv.z, &cli.z ) == 0 );
exit:
@@ -158,3 +499,107 @@
mbedtls_ecdh_free( &cli );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void ecdh_exchange_calc_secret( int grp_id,
+ data_t *our_private_key,
+ data_t *their_point,
+ int ours_first,
+ data_t *expected )
+{
+ rnd_pseudo_info rnd_info;
+ mbedtls_ecp_keypair our_key;
+ mbedtls_ecp_keypair their_key;
+ mbedtls_ecdh_context ecdh;
+ unsigned char shared_secret[MBEDTLS_ECP_MAX_BYTES];
+ size_t shared_secret_length = 0;
+
+ memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+ mbedtls_ecdh_init( &ecdh );
+ mbedtls_ecp_keypair_init( &our_key );
+ mbedtls_ecp_keypair_init( &their_key );
+
+ if( ! load_private_key( grp_id, our_private_key, &our_key, &rnd_info ) )
+ goto exit;
+ if( ! load_public_key( grp_id, their_point, &their_key ) )
+ goto exit;
+
+ /* Import the keys to the ECDH calculation. */
+ if( ours_first )
+ {
+ TEST_ASSERT( mbedtls_ecdh_get_params(
+ &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
+ TEST_ASSERT( mbedtls_ecdh_get_params(
+ &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
+ }
+ else
+ {
+ TEST_ASSERT( mbedtls_ecdh_get_params(
+ &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
+ TEST_ASSERT( mbedtls_ecdh_get_params(
+ &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
+ }
+
+ /* Perform the ECDH calculation. */
+ TEST_ASSERT( mbedtls_ecdh_calc_secret(
+ &ecdh,
+ &shared_secret_length,
+ shared_secret, sizeof( shared_secret ),
+ &rnd_pseudo_rand, &rnd_info ) == 0 );
+ TEST_ASSERT( shared_secret_length == expected->len );
+ TEST_ASSERT( memcmp( expected->x, shared_secret,
+ shared_secret_length ) == 0 );
+
+exit:
+ mbedtls_ecdh_free( &ecdh );
+ mbedtls_ecp_keypair_free( &our_key );
+ mbedtls_ecp_keypair_free( &their_key );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ecdh_exchange_get_params_fail( int our_grp_id,
+ data_t *our_private_key,
+ int their_grp_id,
+ data_t *their_point,
+ int ours_first,
+ int expected_ret )
+{
+ rnd_pseudo_info rnd_info;
+ mbedtls_ecp_keypair our_key;
+ mbedtls_ecp_keypair their_key;
+ mbedtls_ecdh_context ecdh;
+
+ memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+ mbedtls_ecdh_init( &ecdh );
+ mbedtls_ecp_keypair_init( &our_key );
+ mbedtls_ecp_keypair_init( &their_key );
+
+ if( ! load_private_key( our_grp_id, our_private_key, &our_key, &rnd_info ) )
+ goto exit;
+ if( ! load_public_key( their_grp_id, their_point, &their_key ) )
+ goto exit;
+
+ if( ours_first )
+ {
+ TEST_ASSERT( mbedtls_ecdh_get_params(
+ &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
+ TEST_ASSERT( mbedtls_ecdh_get_params(
+ &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) ==
+ expected_ret );
+ }
+ else
+ {
+ TEST_ASSERT( mbedtls_ecdh_get_params(
+ &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
+ TEST_ASSERT( mbedtls_ecdh_get_params(
+ &ecdh, &our_key, MBEDTLS_ECDH_OURS ) ==
+ expected_ret );
+ }
+
+exit:
+ mbedtls_ecdh_free( &ecdh );
+ mbedtls_ecp_keypair_free( &our_key );
+ mbedtls_ecp_keypair_free( &their_key );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data
index 19c51d3..59e209b 100644
--- a/tests/suites/test_suite_ecdsa.data
+++ b/tests/suites/test_suite_ecdsa.data
@@ -1,3 +1,6 @@
+ECDSA Parameter validation
+ecdsa_invalid_param:
+
ECDSA primitive random #1
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecdsa_prim_random:MBEDTLS_ECP_DP_SECP192R1
@@ -50,7 +53,7 @@
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecdsa_write_read_random:MBEDTLS_ECP_DP_SECP521R1
-ECDSA deterministic test vector rfc 6979 p192 mbedtls_sha1
+ECDSA deterministic test vector rfc 6979 p192 sha1
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA1:"sample":"98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF":"57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64"
@@ -58,7 +61,7 @@
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA224:"sample":"A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5":"E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A"
-ECDSA deterministic test vector rfc 6979 p192 mbedtls_sha256
+ECDSA deterministic test vector rfc 6979 p192 sha256
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA256:"sample":"4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55":"CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85"
@@ -66,11 +69,11 @@
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA384:"sample":"DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5":"C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E"
-ECDSA deterministic test vector rfc 6979 p192 mbedtls_sha512
+ECDSA deterministic test vector rfc 6979 p192 sha512
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA512:"sample":"4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8":"3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67"
-ECDSA deterministic test vector rfc 6979 p192 mbedtls_sha1
+ECDSA deterministic test vector rfc 6979 p192 sha1
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA1:"test":"0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D":"EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7"
@@ -78,7 +81,7 @@
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA224:"test":"6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34":"B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293"
-ECDSA deterministic test vector rfc 6979 p192 mbedtls_sha256
+ECDSA deterministic test vector rfc 6979 p192 sha256
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA256:"test":"3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE":"5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F"
@@ -86,11 +89,11 @@
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA384:"test":"B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367":"7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A"
-ECDSA deterministic test vector rfc 6979 p192 mbedtls_sha512
+ECDSA deterministic test vector rfc 6979 p192 sha512
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA512:"test":"FE4F4AE86A58B6507946715934FE2D8FF9D95B6B098FE739":"74CF5605C98FBA0E1EF34D4B5A1577A7DCF59457CAE52290"
-ECDSA deterministic test vector rfc 6979 p224 mbedtls_sha1
+ECDSA deterministic test vector rfc 6979 p224 sha1
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA1_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA1:"sample":"22226F9D40A96E19C4A301CE5B74B115303C0F3A4FD30FC257FB57AC":"66D1CDD83E3AF75605DD6E2FEFF196D30AA7ED7A2EDF7AF475403D69"
@@ -98,7 +101,7 @@
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA224:"sample":"1CDFE6662DDE1E4A1EC4CDEDF6A1F5A2FB7FBD9145C12113E6ABFD3E":"A6694FD7718A21053F225D3F46197CA699D45006C06F871808F43EBC"
-ECDSA deterministic test vector rfc 6979 p224 mbedtls_sha256
+ECDSA deterministic test vector rfc 6979 p224 sha256
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA256:"sample":"61AA3DA010E8E8406C656BC477A7A7189895E7E840CDFE8FF42307BA":"BC814050DAB5D23770879494F9E0A680DC1AF7161991BDE692B10101"
@@ -106,11 +109,11 @@
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA384:"sample":"0B115E5E36F0F9EC81F1325A5952878D745E19D7BB3EABFABA77E953":"830F34CCDFE826CCFDC81EB4129772E20E122348A2BBD889A1B1AF1D"
-ECDSA deterministic test vector rfc 6979 p224 mbedtls_sha512
+ECDSA deterministic test vector rfc 6979 p224 sha512
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA512:"sample":"074BD1D979D5F32BF958DDC61E4FB4872ADCAFEB2256497CDAC30397":"A4CECA196C3D5A1FF31027B33185DC8EE43F288B21AB342E5D8EB084"
-ECDSA deterministic test vector rfc 6979 p224 mbedtls_sha1
+ECDSA deterministic test vector rfc 6979 p224 sha1
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA1_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA1:"test":"DEAA646EC2AF2EA8AD53ED66B2E2DDAA49A12EFD8356561451F3E21C":"95987796F6CF2062AB8135271DE56AE55366C045F6D9593F53787BD2"
@@ -118,7 +121,7 @@
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA224:"test":"C441CE8E261DED634E4CF84910E4C5D1D22C5CF3B732BB204DBEF019":"902F42847A63BDC5F6046ADA114953120F99442D76510150F372A3F4"
-ECDSA deterministic test vector rfc 6979 p224 mbedtls_sha256
+ECDSA deterministic test vector rfc 6979 p224 sha256
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA256:"test":"AD04DDE87B84747A243A631EA47A1BA6D1FAA059149AD2440DE6FBA6":"178D49B1AE90E3D8B629BE3DB5683915F4E8C99FDF6E666CF37ADCFD"
@@ -126,11 +129,11 @@
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA384:"test":"389B92682E399B26518A95506B52C03BC9379A9DADF3391A21FB0EA4":"414A718ED3249FF6DBC5B50C27F71F01F070944DA22AB1F78F559AAB"
-ECDSA deterministic test vector rfc 6979 p224 mbedtls_sha512
+ECDSA deterministic test vector rfc 6979 p224 sha512
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA512:"test":"049F050477C5ADD858CAC56208394B5A55BAEBBE887FDF765047C17C":"077EB13E7005929CEFA3CD0403C7CDCC077ADF4E44F3C41B2F60ECFF"
-ECDSA deterministic test vector rfc 6979 p256 mbedtls_sha1
+ECDSA deterministic test vector rfc 6979 p256 sha1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA1:"sample":"61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D32":"6D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB"
@@ -138,7 +141,7 @@
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA224:"sample":"53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F":"B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C"
-ECDSA deterministic test vector rfc 6979 p256 mbedtls_sha256
+ECDSA deterministic test vector rfc 6979 p256 sha256
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"sample":"EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716":"F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8"
@@ -146,11 +149,11 @@
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA384:"sample":"0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF7719":"4861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954"
-ECDSA deterministic test vector rfc 6979 p256 mbedtls_sha512
+ECDSA deterministic test vector rfc 6979 p256 sha512
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA512:"sample":"8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F00":"2362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE"
-ECDSA deterministic test vector rfc 6979 p256 mbedtls_sha1
+ECDSA deterministic test vector rfc 6979 p256 sha1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA1:"test":"0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89":"01B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1"
@@ -158,7 +161,7 @@
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA224:"test":"C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692":"C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D"
-ECDSA deterministic test vector rfc 6979 p256 mbedtls_sha256
+ECDSA deterministic test vector rfc 6979 p256 sha256
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"test":"F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367":"019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083"
@@ -166,11 +169,11 @@
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA384:"test":"83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB6":"8DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C"
-ECDSA deterministic test vector rfc 6979 p256 mbedtls_sha512
+ECDSA deterministic test vector rfc 6979 p256 sha512
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA512:"test":"461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04":"39AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55"
-ECDSA deterministic test vector rfc 6979 p384 mbedtls_sha1
+ECDSA deterministic test vector rfc 6979 p384 sha1
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA1:"sample":"EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2":"A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443"
@@ -178,7 +181,7 @@
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA224:"sample":"42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE060122":"9DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D"
-ECDSA deterministic test vector rfc 6979 p384 mbedtls_sha256
+ECDSA deterministic test vector rfc 6979 p384 sha256
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA256:"sample":"21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD":"F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0"
@@ -186,11 +189,11 @@
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA384:"sample":"94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE46":"99EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8"
-ECDSA deterministic test vector rfc 6979 p384 mbedtls_sha512
+ECDSA deterministic test vector rfc 6979 p384 sha512
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA512:"sample":"ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799CFE30F35CC900056D7C99CD7882433709":"512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112DC7CC3EF3446DEFCEB01A45C2667FDD5"
-ECDSA deterministic test vector rfc 6979 p384 mbedtls_sha1
+ECDSA deterministic test vector rfc 6979 p384 sha1
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA1:"test":"4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7":"D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282"
@@ -198,7 +201,7 @@
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA224:"test":"E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72":"07041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66"
-ECDSA deterministic test vector rfc 6979 p384 mbedtls_sha256
+ECDSA deterministic test vector rfc 6979 p384 sha256
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA256:"test":"6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B":"2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265"
@@ -206,11 +209,11 @@
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA384:"test":"8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB":"DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5"
-ECDSA deterministic test vector rfc 6979 p384 mbedtls_sha512
+ECDSA deterministic test vector rfc 6979 p384 sha512
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA512:"test":"A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D06FB6495CD21B4B6E340FC236584FB277":"976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B224634A2092CD3792E0159AD9CEE37659C736"
-ECDSA deterministic test vector rfc 6979 p521 mbedtls_sha1
+ECDSA deterministic test vector rfc 6979 p521 sha1
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA1_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA1:"sample":"0343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D":"0E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16"
@@ -218,7 +221,7 @@
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA224:"sample":"1776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E":"050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F"
-ECDSA deterministic test vector rfc 6979 p521 mbedtls_sha256
+ECDSA deterministic test vector rfc 6979 p521 sha256
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA256:"sample":"1511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7":"04A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC"
@@ -226,11 +229,11 @@
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA384:"sample":"1EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451":"1F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61"
-ECDSA deterministic test vector rfc 6979 p521 mbedtls_sha512
+ECDSA deterministic test vector rfc 6979 p521 sha512
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA512:"sample":"0C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F174E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E377FA":"0617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF282623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A67A"
-ECDSA deterministic test vector rfc 6979 p521 mbedtls_sha1
+ECDSA deterministic test vector rfc 6979 p521 sha1
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA1_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA1:"test":"13BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367":"1E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF"
@@ -238,7 +241,7 @@
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA224:"test":"1C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB":"177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4"
-ECDSA deterministic test vector rfc 6979 p521 mbedtls_sha256
+ECDSA deterministic test vector rfc 6979 p521 sha256
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA256_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA256:"test":"00E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8":"0CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86"
@@ -246,10 +249,42 @@
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA384:"test":"14BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C":"133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979"
-ECDSA deterministic test vector rfc 6979 p521 mbedtls_sha512
+ECDSA deterministic test vector rfc 6979 p521 sha512
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA512_C
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA512:"test":"13E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D":"1FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3"
+ECDSA restartable read-verify: max_ops=0 (disabled)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdsa_read_restart:MBEDTLS_ECP_DP_SECP256R1:"04e8f573412a810c5f81ecd2d251bb94387e72f28af70dced90ebe75725c97a6428231069c2b1ef78509a22c59044319f6ed3cb750dfe64c2a282b35967a458ad6":"dee9d4d8b0e40a034602d6e638197998060f6e9f353ae1d10c94cd56476d3c92":"304502210098a5a1392abe29e4b0a4da3fefe9af0f8c32e5b839ab52ba6a05da9c3b7edd0f0220596f0e195ae1e58c1e53e9e7f0f030b274348a8c11232101778d89c4943f5ad2":0:0:0
+
+ECDSA restartable read-verify: max_ops=1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdsa_read_restart:MBEDTLS_ECP_DP_SECP256R1:"04e8f573412a810c5f81ecd2d251bb94387e72f28af70dced90ebe75725c97a6428231069c2b1ef78509a22c59044319f6ed3cb750dfe64c2a282b35967a458ad6":"dee9d4d8b0e40a034602d6e638197998060f6e9f353ae1d10c94cd56476d3c92":"304502210098a5a1392abe29e4b0a4da3fefe9af0f8c32e5b839ab52ba6a05da9c3b7edd0f0220596f0e195ae1e58c1e53e9e7f0f030b274348a8c11232101778d89c4943f5ad2":1:42:10000
+
+ECDSA restartable read-verify: max_ops=10000
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdsa_read_restart:MBEDTLS_ECP_DP_SECP256R1:"04e8f573412a810c5f81ecd2d251bb94387e72f28af70dced90ebe75725c97a6428231069c2b1ef78509a22c59044319f6ed3cb750dfe64c2a282b35967a458ad6":"dee9d4d8b0e40a034602d6e638197998060f6e9f353ae1d10c94cd56476d3c92":"304502210098a5a1392abe29e4b0a4da3fefe9af0f8c32e5b839ab52ba6a05da9c3b7edd0f0220596f0e195ae1e58c1e53e9e7f0f030b274348a8c11232101778d89c4943f5ad2":10000:0:0
+
+ECDSA restartable read-verify: max_ops=250
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdsa_read_restart:MBEDTLS_ECP_DP_SECP256R1:"04e8f573412a810c5f81ecd2d251bb94387e72f28af70dced90ebe75725c97a6428231069c2b1ef78509a22c59044319f6ed3cb750dfe64c2a282b35967a458ad6":"dee9d4d8b0e40a034602d6e638197998060f6e9f353ae1d10c94cd56476d3c92":"304502210098a5a1392abe29e4b0a4da3fefe9af0f8c32e5b839ab52ba6a05da9c3b7edd0f0220596f0e195ae1e58c1e53e9e7f0f030b274348a8c11232101778d89c4943f5ad2":250:4:64
+
+ECDSA restartable sign-write: secp256r1 max_ops=0 (disabled)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+ecdsa_write_restart:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":0:0:0
+
+ECDSA restartable sign-write: secp256r1 restart max_ops=1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+ecdsa_write_restart:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":1:1:10000
+
+ECDSA restartable sign-write: secp256r1 restart max_ops=10000
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+ecdsa_write_restart:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":10000:0:0
+
+ECDSA restartable sign-write: secp256r1 restart max_ops=250
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+ecdsa_write_restart:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:32
+
ECDSA zero private parameter p192
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"0":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B15":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9C":"98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF":"57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64":MBEDTLS_ERR_ECP_INVALID_KEY
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index b730953..22d92b6 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -7,6 +7,201 @@
* END_DEPENDENCIES
*/
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void ecdsa_invalid_param( )
+{
+ mbedtls_ecdsa_context ctx;
+ mbedtls_ecp_keypair key;
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1;
+ mbedtls_ecp_point P;
+ mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
+ mbedtls_mpi m;
+ size_t slen;
+ unsigned char buf[42] = { 0 };
+
+ TEST_INVALID_PARAM( mbedtls_ecdsa_init( NULL ) );
+ TEST_VALID_PARAM( mbedtls_ecdsa_free( NULL ) );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ TEST_INVALID_PARAM( mbedtls_ecdsa_restart_init( NULL ) );
+ TEST_VALID_PARAM( mbedtls_ecdsa_restart_free( NULL ) );
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign( NULL, &m, &m, &m,
+ buf, sizeof( buf ),
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign( &grp, NULL, &m, &m,
+ buf, sizeof( buf ),
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign( &grp, &m, NULL, &m,
+ buf, sizeof( buf ),
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign( &grp, &m, &m, NULL,
+ buf, sizeof( buf ),
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign( &grp, &m, &m, &m,
+ NULL, sizeof( buf ),
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign( &grp, &m, &m, &m,
+ buf, sizeof( buf ),
+ NULL, NULL ) );
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign_det( NULL, &m, &m, &m,
+ buf, sizeof( buf ),
+ valid_md ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign_det( &grp, NULL, &m, &m,
+ buf, sizeof( buf ),
+ valid_md ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign_det( &grp, &m, NULL, &m,
+ buf, sizeof( buf ),
+ valid_md ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign_det( &grp, &m, &m, NULL,
+ buf, sizeof( buf ),
+ valid_md ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_sign_det( &grp, &m, &m, &m,
+ NULL, sizeof( buf ),
+ valid_md ) );
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_verify( NULL,
+ buf, sizeof( buf ),
+ &P, &m, &m ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_verify( &grp,
+ NULL, sizeof( buf ),
+ &P, &m, &m ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_verify( &grp,
+ buf, sizeof( buf ),
+ NULL, &m, &m ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_verify( &grp,
+ buf, sizeof( buf ),
+ &P, NULL, &m ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_verify( &grp,
+ buf, sizeof( buf ),
+ &P, &m, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature( NULL,
+ valid_md,
+ buf, sizeof( buf ),
+ buf, &slen,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature( &ctx,
+ valid_md,
+ NULL, sizeof( buf ),
+ buf, &slen,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature( &ctx,
+ valid_md,
+ buf, sizeof( buf ),
+ NULL, &slen,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature( &ctx,
+ valid_md,
+ buf, sizeof( buf ),
+ buf, NULL,
+ rnd_std_rand,
+ NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature_restartable( NULL,
+ valid_md,
+ buf, sizeof( buf ),
+ buf, &slen,
+ rnd_std_rand,
+ NULL, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature_restartable( &ctx,
+ valid_md,
+ NULL, sizeof( buf ),
+ buf, &slen,
+ rnd_std_rand,
+ NULL, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature_restartable( &ctx,
+ valid_md,
+ buf, sizeof( buf ),
+ NULL, &slen,
+ rnd_std_rand,
+ NULL, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature_restartable( &ctx,
+ valid_md,
+ buf, sizeof( buf ),
+ buf, NULL,
+ rnd_std_rand,
+ NULL, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_read_signature( NULL,
+ buf, sizeof( buf ),
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_read_signature( &ctx,
+ NULL, sizeof( buf ),
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_read_signature( &ctx,
+ buf, sizeof( buf ),
+ NULL, sizeof( buf ) ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_read_signature_restartable( NULL,
+ buf, sizeof( buf ),
+ buf, sizeof( buf ),
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_read_signature_restartable( &ctx,
+ NULL, sizeof( buf ),
+ buf, sizeof( buf ),
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_read_signature_restartable( &ctx,
+ buf, sizeof( buf ),
+ NULL, sizeof( buf ),
+ NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_genkey( NULL, valid_group,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_genkey( &ctx, valid_group,
+ NULL, NULL ) );
+
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_from_keypair( NULL, &key ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_from_keypair( &ctx, NULL ) );
+
+exit:
+ return;
+}
+/* END_CASE */
+
/* BEGIN_CASE */
void ecdsa_prim_random( int id )
{
@@ -14,7 +209,7 @@
mbedtls_ecp_point Q;
mbedtls_mpi d, r, s;
rnd_pseudo_info rnd_info;
- unsigned char buf[66];
+ unsigned char buf[MBEDTLS_MD_MAX_SIZE];
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &Q );
@@ -40,46 +235,42 @@
/* END_CASE */
/* BEGIN_CASE */
-void ecdsa_prim_test_vectors( int id, char *d_str, char *xQ_str, char *yQ_str,
- char *k_str, char *hash_str, char *r_str,
- char *s_str, int result )
+void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str,
+ char * yQ_str, data_t * rnd_buf,
+ data_t * hash, char * r_str, char * s_str,
+ int result )
{
mbedtls_ecp_group grp;
mbedtls_ecp_point Q;
mbedtls_mpi d, r, s, r_check, s_check;
- unsigned char hash[66], rnd_buf[66];
- size_t hlen;
rnd_buf_info rnd_info;
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &Q );
mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
- memset( hash, 0, sizeof( hash ) );
- memset( rnd_buf, 0, sizeof( rnd_buf ) );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
- hlen = unhexify(hash, hash_str);
- rnd_info.buf = rnd_buf;
- rnd_info.length = unhexify( rnd_buf, k_str );
+ rnd_info.buf = rnd_buf->x;
+ rnd_info.length = rnd_buf->len;
- /* Fix rnd_buf by shifting it left if necessary */
+ /* Fix rnd_buf->x by shifting it left if necessary */
if( grp.nbits % 8 != 0 )
{
unsigned char shift = 8 - ( grp.nbits % 8 );
size_t i;
for( i = 0; i < rnd_info.length - 1; i++ )
- rnd_buf[i] = rnd_buf[i] << shift | rnd_buf[i+1] >> ( 8 - shift );
+ rnd_buf->x[i] = rnd_buf->x[i] << shift | rnd_buf->x[i+1] >> ( 8 - shift );
- rnd_buf[rnd_info.length-1] <<= shift;
+ rnd_buf->x[rnd_info.length-1] <<= shift;
}
- TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash, hlen,
+ TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash->x, hash->len,
rnd_buffer_rand, &rnd_info ) == result );
if ( result == 0)
@@ -87,7 +278,17 @@
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
- TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, &Q, &r_check, &s_check ) == 0 );
+ TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q, &r_check, &s_check ) == 0 );
+
+ TEST_ASSERT( mbedtls_mpi_sub_int( &r, &r, 1 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_add_int( &s, &s, 1 ) == 0 );
+
+ TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
+ &Q, &r, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
+ &Q, &r_check, &s ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len,
+ &grp.G, &r_check, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
}
exit:
@@ -99,8 +300,8 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_DETERMINISTIC */
-void ecdsa_det_test_vectors( int id, char *d_str, int md_alg,
- char *msg, char *r_str, char *s_str )
+void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg,
+ char * r_str, char * s_str )
{
mbedtls_ecp_group grp;
mbedtls_mpi d, r, s, r_check, s_check;
@@ -121,7 +322,8 @@
md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL );
hlen = mbedtls_md_get_size( md_info );
- mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash );
+ TEST_ASSERT( mbedtls_md( md_info, (const unsigned char *) msg,
+ strlen( msg ), hash ) == 0 );
TEST_ASSERT( mbedtls_ecdsa_sign_det( &grp, &r, &s, &d, hash, hlen, md_alg ) == 0 );
@@ -181,13 +383,13 @@
/* try modifying r */
sig[10]++;
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len ) != 0 );
+ sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
sig[10]--;
/* try modifying s */
sig[sig_len - 1]++;
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len ) != 0 );
+ sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
sig[sig_len - 1]--;
exit:
@@ -195,3 +397,130 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
+void ecdsa_read_restart( int id, char *k_str, char *h_str, char *s_str,
+ int max_ops, int min_restart, int max_restart )
+{
+ mbedtls_ecdsa_context ctx;
+ mbedtls_ecdsa_restart_ctx rs_ctx;
+ unsigned char hash[64];
+ unsigned char sig[200];
+ unsigned char pk[65];
+ size_t sig_len, hash_len, pk_len;
+ int ret, cnt_restart;
+
+ mbedtls_ecdsa_init( &ctx );
+ mbedtls_ecdsa_restart_init( &rs_ctx );
+
+ hash_len = unhexify(hash, h_str);
+ sig_len = unhexify(sig, s_str);
+ pk_len = unhexify(pk, k_str);
+
+ TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q, pk, pk_len ) == 0 );
+
+ mbedtls_ecp_set_max_ops( max_ops );
+
+ cnt_restart = 0;
+ do {
+ ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
+ hash, hash_len, sig, sig_len, &rs_ctx );
+ } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+
+ TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( cnt_restart >= min_restart );
+ TEST_ASSERT( cnt_restart <= max_restart );
+
+ /* try modifying r */
+ sig[10]++;
+ do {
+ ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
+ hash, hash_len, sig, sig_len, &rs_ctx );
+ } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+ TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ sig[10]--;
+
+ /* try modifying s */
+ sig[sig_len - 1]++;
+ do {
+ ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
+ hash, hash_len, sig, sig_len, &rs_ctx );
+ } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+ TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ sig[sig_len - 1]--;
+
+ /* Do we leak memory when aborting an operation?
+ * This test only makes sense when we actually restart */
+ if( min_restart > 0 )
+ {
+ ret = mbedtls_ecdsa_read_signature_restartable( &ctx,
+ hash, hash_len, sig, sig_len, &rs_ctx );
+ TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+ }
+
+exit:
+ mbedtls_ecdsa_free( &ctx );
+ mbedtls_ecdsa_restart_free( &rs_ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_DETERMINISTIC */
+void ecdsa_write_restart( int id, char *d_str, int md_alg,
+ char *msg, char *sig_str,
+ int max_ops, int min_restart, int max_restart )
+{
+ int ret, cnt_restart;
+ mbedtls_ecdsa_restart_ctx rs_ctx;
+ mbedtls_ecdsa_context ctx;
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+ unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
+ unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN];
+ size_t hlen, slen, slen_check;
+ const mbedtls_md_info_t *md_info;
+
+ mbedtls_ecdsa_restart_init( &rs_ctx );
+ mbedtls_ecdsa_init( &ctx );
+ memset( hash, 0, sizeof( hash ) );
+ memset( sig, 0, sizeof( sig ) );
+ memset( sig_check, 0, sizeof( sig_check ) );
+
+ TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &ctx.d, 16, d_str ) == 0 );
+ slen_check = unhexify( sig_check, sig_str );
+
+ md_info = mbedtls_md_info_from_type( md_alg );
+ TEST_ASSERT( md_info != NULL );
+
+ hlen = mbedtls_md_get_size( md_info );
+ mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash );
+
+ mbedtls_ecp_set_max_ops( max_ops );
+
+ slen = sizeof( sig );
+ cnt_restart = 0;
+ do {
+ ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
+ md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
+ } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+
+ TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( slen == slen_check );
+ TEST_ASSERT( memcmp( sig, sig_check, slen ) == 0 );
+
+ TEST_ASSERT( cnt_restart >= min_restart );
+ TEST_ASSERT( cnt_restart <= max_restart );
+
+ /* Do we leak memory when aborting an operation?
+ * This test only makes sense when we actually restart */
+ if( min_restart > 0 )
+ {
+ ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
+ md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
+ TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+ }
+
+exit:
+ mbedtls_ecdsa_restart_free( &rs_ctx );
+ mbedtls_ecdsa_free( &ctx );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_ecjpake.data b/tests/suites/test_suite_ecjpake.data
index 1a772a9..84c99c9 100644
--- a/tests/suites/test_suite_ecjpake.data
+++ b/tests/suites/test_suite_ecjpake.data
@@ -1,3 +1,6 @@
+ECJPAKE parameter validation
+ecjpake_invalid_param:
+
ECJPAKE selftest
ecjpake_selftest:
diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function
index 5c8856b..d267295 100644
--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@@ -98,56 +98,172 @@
* END_DEPENDENCIES
*/
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void ecjpake_invalid_param( )
+{
+ mbedtls_ecjpake_context ctx;
+ unsigned char buf[42] = { 0 };
+ size_t olen;
+ size_t const len = sizeof( buf );
+ mbedtls_ecjpake_role valid_role = MBEDTLS_ECJPAKE_SERVER;
+ mbedtls_ecjpake_role invalid_role = (mbedtls_ecjpake_role) 42;
+ mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
+ mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP256R1;
+
+ TEST_INVALID_PARAM( mbedtls_ecjpake_init( NULL ) );
+ TEST_VALID_PARAM( mbedtls_ecjpake_free( NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_setup( NULL,
+ valid_role,
+ valid_md,
+ valid_group,
+ buf, len ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_setup( &ctx,
+ invalid_role,
+ valid_md,
+ valid_group,
+ buf, len ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_setup( &ctx,
+ valid_role,
+ valid_md,
+ valid_group,
+ NULL, len ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_check( NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_one( NULL,
+ buf, len,
+ &olen,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_one( &ctx,
+ NULL, len,
+ &olen,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_one( &ctx,
+ buf, len,
+ NULL,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_one( &ctx,
+ buf, len,
+ &olen,
+ NULL,
+ NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_two( NULL,
+ buf, len,
+ &olen,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_two( &ctx,
+ NULL, len,
+ &olen,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_two( &ctx,
+ buf, len,
+ NULL,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_two( &ctx,
+ buf, len,
+ &olen,
+ NULL,
+ NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_read_round_one( NULL,
+ buf, len ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_read_round_one( &ctx,
+ NULL, len ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_read_round_two( NULL,
+ buf, len ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_read_round_two( &ctx,
+ NULL, len ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_derive_secret( NULL,
+ buf, len,
+ &olen,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_derive_secret( &ctx,
+ NULL, len,
+ &olen,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_derive_secret( &ctx,
+ buf, len,
+ NULL,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_derive_secret( &ctx,
+ buf, len,
+ &olen,
+ NULL,
+ NULL ) );
+
+exit:
+ return;
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void ecjpake_selftest()
+void ecjpake_selftest( )
{
TEST_ASSERT( mbedtls_ecjpake_self_test( 1 ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void read_round_one( int role, char *data, int ref_ret )
+void read_round_one( int role, data_t * msg, int ref_ret )
{
mbedtls_ecjpake_context ctx;
-
const unsigned char * pw = NULL;
const size_t pw_len = 0;
- unsigned char *msg;
- size_t len;
-
mbedtls_ecjpake_init( &ctx );
- msg = unhexify_alloc( data, &len );
- TEST_ASSERT( msg != NULL );
-
TEST_ASSERT( mbedtls_ecjpake_setup( &ctx, role,
MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, pw_len ) == 0 );
- TEST_ASSERT( mbedtls_ecjpake_read_round_one( &ctx, msg, len ) == ref_ret );
+ TEST_ASSERT( mbedtls_ecjpake_read_round_one( &ctx, msg->x, msg->len ) == ref_ret );
exit:
mbedtls_ecjpake_free( &ctx );
- mbedtls_free( msg );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void read_round_two_cli( char *data, int ref_ret )
+void read_round_two_cli( data_t * msg, int ref_ret )
{
mbedtls_ecjpake_context ctx;
-
const unsigned char * pw = NULL;
const size_t pw_len = 0;
- unsigned char *msg;
- size_t len;
-
mbedtls_ecjpake_init( &ctx );
- msg = unhexify_alloc( data, &len );
- TEST_ASSERT( msg != NULL );
-
TEST_ASSERT( mbedtls_ecjpake_setup( &ctx, MBEDTLS_ECJPAKE_CLIENT,
MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, pw_len ) == 0 );
@@ -157,30 +273,22 @@
ADD_SIZE( ecjpake_test_X3 ), ADD_SIZE( ecjpake_test_X4 ) )
== 0 );
- TEST_ASSERT( mbedtls_ecjpake_read_round_two( &ctx, msg, len ) == ref_ret );
+ TEST_ASSERT( mbedtls_ecjpake_read_round_two( &ctx, msg->x, msg->len ) == ref_ret );
exit:
mbedtls_ecjpake_free( &ctx );
- mbedtls_free( msg );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void read_round_two_srv( char *data, int ref_ret )
+void read_round_two_srv( data_t * msg, int ref_ret )
{
mbedtls_ecjpake_context ctx;
-
const unsigned char * pw = NULL;
const size_t pw_len = 0;
- unsigned char *msg;
- size_t len;
-
mbedtls_ecjpake_init( &ctx );
- msg = unhexify_alloc( data, &len );
- TEST_ASSERT( msg != NULL );
-
TEST_ASSERT( mbedtls_ecjpake_setup( &ctx, MBEDTLS_ECJPAKE_SERVER,
MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, pw_len ) == 0 );
@@ -190,10 +298,9 @@
ADD_SIZE( ecjpake_test_X1 ), ADD_SIZE( ecjpake_test_X2 ) )
== 0 );
- TEST_ASSERT( mbedtls_ecjpake_read_round_two( &ctx, msg, len ) == ref_ret );
+ TEST_ASSERT( mbedtls_ecjpake_read_round_two( &ctx, msg->x, msg->len ) == ref_ret );
exit:
mbedtls_ecjpake_free( &ctx );
- mbedtls_free( msg );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 8e9d9fa..8653366 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -1,3 +1,9 @@
+ECP valid params
+ecp_valid_param:
+
+ECP invalid params
+ecp_invalid_param:
+
ECP curve info #1
depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
mbedtls_ecp_curve_info:MBEDTLS_ECP_DP_BP512R1:28:512:"brainpoolP512r1"
@@ -46,10 +52,6 @@
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_SECP224K1:"E2000000000000BB3A13D43B323337383935321F0603551D":"100101FF040830060101FF02010A30220603551D0E041B04636FC0C0":"101":MBEDTLS_ERR_ECP_INVALID_KEY
-ECP write binary #0 (zero, bad format)
-depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
-ecp_write_binary:MBEDTLS_ECP_DP_SECP192R1:"01":"01":"00":ECP_PF_UNKNOWN:"00":1:MBEDTLS_ERR_ECP_BAD_INPUT_DATA
-
ECP write binary #1 (zero, uncompressed, buffer just fits)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_write_binary:MBEDTLS_ECP_DP_SECP192R1:"01":"01":"00":MBEDTLS_ECP_PF_UNCOMPRESSED:"00":1:0
@@ -86,6 +88,14 @@
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_write_binary:MBEDTLS_ECP_DP_SECP192R1:"48d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":"93112b28345b7d1d7799611e49bea9d8290cb2d7afe1f9f3":"01":MBEDTLS_ECP_PF_COMPRESSED:"0348d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":25:0
+ECP write binary #10 (Montgomery, buffer just fits)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_write_binary:MBEDTLS_ECP_DP_CURVE25519:"11223344556677889900aabbccddeeff11223344556677889900aabbccddeeff":"0":"1":MBEDTLS_ECP_PF_COMPRESSED:"ffeeddccbbaa00998877665544332211ffeeddccbbaa00998877665544332211":32:0
+
+ECP write binary #11 (Montgomery, buffer too small)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_write_binary:MBEDTLS_ECP_DP_CURVE25519:"11223344556677889900aabbccddeeff11223344556677889900aabbccddeeff":"0":"1":MBEDTLS_ECP_PF_COMPRESSED:"ffeeddccbbaa00998877665544332211ffeeddccbbaa00998877665544332211":31:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+
ECP read binary #1 (zero, invalid ilen)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_read_binary:MBEDTLS_ECP_DP_SECP192R1:"0000":"01":"01":"00":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
@@ -110,6 +120,30 @@
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_read_binary:MBEDTLS_ECP_DP_SECP192R1:"0448d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc99336ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"48d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":"6ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"01":0
+ECP read binary #7 (Curve25519, OK)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":"6a4e9baa8ea9a4ebf41a38260d3abf0d5af73eb4dc7d8b7454a7308909f02085":"0":"1":0
+
+ECP read binary #8 (Curve25519, masked first bit)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4efa":"7a4e9baa8ea9a4ebf41a38260d3abf0d5af73eb4dc7d8b7454a7308909f02085":"0":"1":0
+
+ECP read binary #9 (Curve25519, too short)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"20f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":"6a4e9baa8ea9a4ebf41a38260d3abf0d5af73eb4dc7d8b7454a7308909f020":"0":"1":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+
+ECP read binary #10 (Curve25519, non-canonical)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f":"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"0":"1":0
+
+ECP read binary #11 (Curve25519, masked non-canonical)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"0":"1":0
+
+ECP read binary #12 (Curve25519, too long)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a00":"6a4e9baa8ea9a4ebf41a38260d3abf0d5af73eb4dc7d8b7454a7308909f02085":"0":"1":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+
ECP tls read point #1 (zero, invalid length byte)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_tls_read_point:MBEDTLS_ECP_DP_SECP192R1:"0200":"01":"01":"00":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
@@ -135,21 +169,21 @@
ecp_tls_write_read_point:MBEDTLS_ECP_DP_SECP521R1
ECP tls read group #1 (record too short)
-mbedtls_ecp_tls_read_group:"0313":MBEDTLS_ERR_ECP_BAD_INPUT_DATA:0
+mbedtls_ecp_tls_read_group:"0313":MBEDTLS_ERR_ECP_BAD_INPUT_DATA:0:0
ECP tls read group #2 (bad curve_type)
-mbedtls_ecp_tls_read_group:"010013":MBEDTLS_ERR_ECP_BAD_INPUT_DATA:0
+mbedtls_ecp_tls_read_group:"010013":MBEDTLS_ERR_ECP_BAD_INPUT_DATA:0:0
ECP tls read group #3 (unknown curve)
-mbedtls_ecp_tls_read_group:"030010":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:0
+mbedtls_ecp_tls_read_group:"030010":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:0:0
ECP tls read group #4 (OK, buffer just fits)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_ecp_tls_read_group:"030017":0:256
+mbedtls_ecp_tls_read_group:"030017":0:256:3
ECP tls read group #5 (OK, buffer continues)
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_ecp_tls_read_group:"0300180000":0:384
+mbedtls_ecp_tls_read_group:"0300180000":0:384:3
ECP tls write-read group #1
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
@@ -242,6 +276,68 @@
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_gen_key:MBEDTLS_ECP_DP_SECP192R1
+ECP read key #1 (short weierstrass, too small)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"00":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP read key #2 (short weierstrass, smallest)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"01":0
+
+ECP read key #3 (short weierstrass, biggest)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22830":0
+
+ECP read key #4 (short weierstrass, too big)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP read key #5 (Curve25519, most significant bit set)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"000000000000000000000000000000000000000000000000000000000000000C":0
+
+ECP read key #6 (Curve25519, second most significant bit unset)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3":0
+
+ECP read key #7 (Curve25519, msb OK)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"0000000000000000000000000000000000000000000000000000000000000004":0
+
+ECP read key #8 (Curve25519, bit 0 set)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"1000000000000000000000000000000000000000000000000000000000000000":0
+
+ECP read key #9 (Curve25519, bit 1 set)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"2000000000000000000000000000000000000000000000000000000000000004":0
+
+ECP read key #10 (Curve25519, bit 2 set)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"4000000000000000000000000000000000000000000000000000000000000004":0
+
+ECP read key #11 (Curve25519, OK)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7":0
+
+ECP read key #12 (Curve25519, too long)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"00000000000000000000000000000000000000000000000000000000000000000C":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP read key #13 (Curve25519, not long enough)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP read key #14 (Curve448, not supported)
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE448:"FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
+
+ECP read key #15 (Curve25519, not supported)
+depends_on:!MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
+
+ECP read key #15 (invalid curve)
+mbedtls_ecp_read_key:INT_MAX:"8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
+
ECP mod p192 small (more than 192 bits, less limbs than 2 * 192 bits)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"0100000000000103010000000000010201000000000001010100000000000100"
@@ -348,3 +444,35 @@
ECP selftest
ecp_selftest:
+
+ECP restartable mul secp256r1 max_ops=0 (disabled)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":0:0:0
+
+ECP restartable mul secp256r1 max_ops=1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":1:1:5000
+
+ECP restartable mul secp256r1 max_ops=10000
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":10000:0:0
+
+ECP restartable mul secp256r1 max_ops=250
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_test_vect_restart:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF":"2AF502F3BE8952F2C9B5A8D4160D09E97165BE50BC42AE4A5E8D3B4BA83AEB15":"EB0FAF4CA986C4D38681A0F9872D79D56795BD4BFF6E6DE3C0F5015ECE5EFD85":"2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41":"DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788":"0357DCCD4C804D0D8D33AA42B848834AA5605F9AB0D37239A115BBB647936F50":250:2:32
+
+ECP restartable muladd secp256r1 max_ops=0 (disabled)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":0:0:0
+
+ECP restartable muladd secp256r1 max_ops=1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":1:1:10000
+
+ECP restartable muladd secp256r1 max_ops=10000
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":10000:0:0
+
+ECP restartable muladd secp256r1 max_ops=250
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_muladd_restart:MBEDTLS_ECP_DP_SECP256R1:"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"2B57C0235FB7489768D058FF4911C20FDBE71E3699D91339AFBB903EE17255DC":"C3875E57C85038A0D60370A87505200DC8317C8C534948BEA6559C7C18E6D4CE":"3B4E49C4FDBFC006FF993C81A50EAE221149076D6EC09DDD9FB3B787F85B6483":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":250:4:64
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 99780c0..7eeea28 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -2,6 +2,10 @@
#include "mbedtls/ecp.h"
#define ECP_PF_UNKNOWN -1
+
+#define ECP_PT_RESET( x ) \
+ mbedtls_ecp_point_free( x ); \
+ mbedtls_ecp_point_init( x );
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -10,7 +14,352 @@
*/
/* BEGIN_CASE */
-void mbedtls_ecp_curve_info( int id, int tls_id, int size, char *name )
+void ecp_valid_param( )
+{
+ TEST_VALID_PARAM( mbedtls_ecp_group_free( NULL ) );
+ TEST_VALID_PARAM( mbedtls_ecp_keypair_free( NULL ) );
+ TEST_VALID_PARAM( mbedtls_ecp_point_free( NULL ) );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ TEST_VALID_PARAM( mbedtls_ecp_restart_free( NULL ) );
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+exit:
+ return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void ecp_invalid_param( )
+{
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_keypair kp;
+ mbedtls_ecp_point P;
+ mbedtls_mpi m;
+ const char *x = "deadbeef";
+ int valid_fmt = MBEDTLS_ECP_PF_UNCOMPRESSED;
+ int invalid_fmt = 42;
+ size_t olen;
+ unsigned char buf[42] = { 0 };
+ const unsigned char *null_buf = NULL;
+ mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1;
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ mbedtls_ecp_restart_ctx restart_ctx;
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+ TEST_INVALID_PARAM( mbedtls_ecp_point_init( NULL ) );
+ TEST_INVALID_PARAM( mbedtls_ecp_keypair_init( NULL ) );
+ TEST_INVALID_PARAM( mbedtls_ecp_group_init( NULL ) );
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ TEST_INVALID_PARAM( mbedtls_ecp_restart_init( NULL ) );
+ TEST_INVALID_PARAM( mbedtls_ecp_check_budget( NULL, &restart_ctx, 42 ) );
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_copy( NULL, &P ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_copy( &P, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_group_copy( NULL, &grp ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_group_copy( &grp, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_privkey( NULL,
+ &m,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_privkey( &grp,
+ NULL,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_privkey( &grp,
+ &m,
+ NULL,
+ NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_set_zero( NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_is_zero( NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_cmp( NULL, &P ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_cmp( &P, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_read_string( NULL, 2,
+ x, x ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_read_string( &P, 2,
+ NULL, x ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_read_string( &P, 2,
+ x, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_write_binary( NULL, &P,
+ valid_fmt,
+ &olen,
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_write_binary( &grp, NULL,
+ valid_fmt,
+ &olen,
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_write_binary( &grp, &P,
+ invalid_fmt,
+ &olen,
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_write_binary( &grp, &P,
+ valid_fmt,
+ NULL,
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_write_binary( &grp, &P,
+ valid_fmt,
+ &olen,
+ NULL, sizeof( buf ) ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_read_binary( NULL, &P, buf,
+ sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_read_binary( &grp, NULL, buf,
+ sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_point_read_binary( &grp, &P, NULL,
+ sizeof( buf ) ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_point( NULL, &P,
+ (const unsigned char **) &buf,
+ sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_point( &grp, NULL,
+ (const unsigned char **) &buf,
+ sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_point( &grp, &P, &null_buf,
+ sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_point( &grp, &P, NULL,
+ sizeof( buf ) ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_write_point( NULL, &P,
+ valid_fmt,
+ &olen,
+ buf,
+ sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_write_point( &grp, NULL,
+ valid_fmt,
+ &olen,
+ buf,
+ sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_write_point( &grp, &P,
+ invalid_fmt,
+ &olen,
+ buf,
+ sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_write_point( &grp, &P,
+ valid_fmt,
+ NULL,
+ buf,
+ sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_write_point( &grp, &P,
+ valid_fmt,
+ &olen,
+ NULL,
+ sizeof( buf ) ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_group_load( NULL, valid_group ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_group( NULL,
+ (const unsigned char **) &buf,
+ sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_group( &grp, NULL,
+ sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_group( &grp, &null_buf,
+ sizeof( buf ) ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_group_id( NULL,
+ (const unsigned char **) &buf,
+ sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_group_id( &valid_group, NULL,
+ sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_read_group_id( &valid_group,
+ &null_buf,
+ sizeof( buf ) ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_write_group( NULL, &olen,
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_write_group( &grp, NULL,
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_tls_write_group( &grp, &olen,
+ NULL, sizeof( buf ) ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_mul( NULL, &P, &m, &P,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_mul( &grp, NULL, &m, &P,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_mul( &grp, &P, NULL, &P,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_mul( &grp, &P, &m, NULL,
+ rnd_std_rand, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_mul_restartable( NULL, &P, &m, &P,
+ rnd_std_rand, NULL , NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_mul_restartable( &grp, NULL, &m, &P,
+ rnd_std_rand, NULL , NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_mul_restartable( &grp, &P, NULL, &P,
+ rnd_std_rand, NULL , NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_mul_restartable( &grp, &P, &m, NULL,
+ rnd_std_rand, NULL , NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd( NULL, &P, &m, &P,
+ &m, &P ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd( &grp, NULL, &m, &P,
+ &m, &P ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd( &grp, &P, NULL, &P,
+ &m, &P ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd( &grp, &P, &m, NULL,
+ &m, &P ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd( &grp, &P, &m, &P,
+ NULL, &P ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd( &grp, &P, &m, &P,
+ &m, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd_restartable( NULL, &P, &m, &P,
+ &m, &P, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd_restartable( &grp, NULL, &m, &P,
+ &m, &P, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd_restartable( &grp, &P, NULL, &P,
+ &m, &P, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd_restartable( &grp, &P, &m, NULL,
+ &m, &P, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd_restartable( &grp, &P, &m, &P,
+ NULL, &P, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_muladd_restartable( &grp, &P, &m, &P,
+ &m, NULL, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_check_pubkey( NULL, &P ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_check_pubkey( &grp, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_check_pub_priv( NULL, &kp ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_check_pub_priv( &kp, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_check_privkey( NULL, &m ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_check_privkey( &grp, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair_base( NULL, &P,
+ &m, &P,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair_base( &grp, NULL,
+ &m, &P,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair_base( &grp, &P,
+ NULL, &P,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair_base( &grp, &P,
+ &m, NULL,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair_base( &grp, &P,
+ &m, &P,
+ NULL,
+ NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair( NULL,
+ &m, &P,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair( &grp,
+ NULL, &P,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair( &grp,
+ &m, NULL,
+ rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_keypair( &grp,
+ &m, &P,
+ NULL,
+ NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_key( valid_group, NULL,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecp_gen_key( valid_group, &kp,
+ NULL, NULL ) );
+
+exit:
+ return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_ecp_curve_info( int id, int tls_id, int size, char * name )
{
const mbedtls_ecp_curve_info *by_id, *by_tls, *by_name;
@@ -29,7 +378,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void ecp_check_pub( int grp_id, char *x_hex, char *y_hex, char *z_hex, int ret )
+void ecp_check_pub( int grp_id, char * x_hex, char * y_hex, char * z_hex,
+ int ret )
{
mbedtls_ecp_group grp;
mbedtls_ecp_point P;
@@ -51,10 +401,177 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
+void ecp_test_vect_restart( int id,
+ char *dA_str, char *xA_str, char *yA_str,
+ char *dB_str, char *xZ_str, char *yZ_str,
+ int max_ops, int min_restarts, int max_restarts )
+{
+ /*
+ * Test for early restart. Based on test vectors like ecp_test_vect(),
+ * but for the sake of simplicity only does half of each side. It's
+ * important to test both base point and random point, though, as memory
+ * management is different in each case.
+ *
+ * Don't try using too precise bounds for restarts as the exact number
+ * will depend on settings such as MBEDTLS_ECP_FIXED_POINT_OPTIM and
+ * MBEDTLS_ECP_WINDOW_SIZE, as well as implementation details that may
+ * change in the future. A factor 2 is a minimum safety margin.
+ *
+ * For reference, with mbed TLS 2.4 and default settings, for P-256:
+ * - Random point mult: ~3250M
+ * - Cold base point mult: ~3300M
+ * - Hot base point mult: ~1100M
+ * With MBEDTLS_ECP_WINDOW_SIZE set to 2 (minimum):
+ * - Random point mult: ~3850M
+ */
+ mbedtls_ecp_restart_ctx ctx;
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_point R, P;
+ mbedtls_mpi dA, xA, yA, dB, xZ, yZ;
+ int cnt_restarts;
+ int ret;
+
+ mbedtls_ecp_restart_init( &ctx );
+ mbedtls_ecp_group_init( &grp );
+ mbedtls_ecp_point_init( &R ); mbedtls_ecp_point_init( &P );
+ mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &yA );
+ mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xZ ); mbedtls_mpi_init( &yZ );
+
+ TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+
+ TEST_ASSERT( mbedtls_mpi_read_string( &dA, 16, dA_str ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &xA, 16, xA_str ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &yA, 16, yA_str ) == 0 );
+
+ TEST_ASSERT( mbedtls_mpi_read_string( &dB, 16, dB_str ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &xZ, 16, xZ_str ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &yZ, 16, yZ_str ) == 0 );
+
+ mbedtls_ecp_set_max_ops( (unsigned) max_ops );
+
+ /* Base point case */
+ cnt_restarts = 0;
+ do {
+ ECP_PT_RESET( &R );
+ ret = mbedtls_ecp_mul_restartable( &grp, &R, &dA, &grp.G, NULL, NULL, &ctx );
+ } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts );
+
+ TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yA ) == 0 );
+
+ TEST_ASSERT( cnt_restarts >= min_restarts );
+ TEST_ASSERT( cnt_restarts <= max_restarts );
+
+ /* Non-base point case */
+ mbedtls_ecp_copy( &P, &R );
+ cnt_restarts = 0;
+ do {
+ ECP_PT_RESET( &R );
+ ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P, NULL, NULL, &ctx );
+ } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts );
+
+ TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 );
+
+ TEST_ASSERT( cnt_restarts >= min_restarts );
+ TEST_ASSERT( cnt_restarts <= max_restarts );
+
+ /* Do we leak memory when aborting an operation?
+ * This test only makes sense when we actually restart */
+ if( min_restarts > 0 )
+ {
+ ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P, NULL, NULL, &ctx );
+ TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+ }
+
+exit:
+ mbedtls_ecp_restart_free( &ctx );
+ mbedtls_ecp_group_free( &grp );
+ mbedtls_ecp_point_free( &R ); mbedtls_ecp_point_free( &P );
+ mbedtls_mpi_free( &dA ); mbedtls_mpi_free( &xA ); mbedtls_mpi_free( &yA );
+ mbedtls_mpi_free( &dB ); mbedtls_mpi_free( &xZ ); mbedtls_mpi_free( &yZ );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */
+void ecp_muladd_restart( int id, char *xR_str, char *yR_str,
+ char *u1_str, char *u2_str,
+ char *xQ_str, char *yQ_str,
+ int max_ops, int min_restarts, int max_restarts )
+{
+ /*
+ * Compute R = u1 * G + u2 * Q
+ * (test vectors mostly taken from ECDSA intermediate results)
+ *
+ * See comments at the top of ecp_test_vect_restart()
+ */
+ mbedtls_ecp_restart_ctx ctx;
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_point R, Q;
+ mbedtls_mpi u1, u2, xR, yR;
+ int cnt_restarts;
+ int ret;
+
+ mbedtls_ecp_restart_init( &ctx );
+ mbedtls_ecp_group_init( &grp );
+ mbedtls_ecp_point_init( &R );
+ mbedtls_ecp_point_init( &Q );
+ mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 );
+ mbedtls_mpi_init( &xR ); mbedtls_mpi_init( &yR );
+
+ TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+
+ TEST_ASSERT( mbedtls_mpi_read_string( &u1, 16, u1_str ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &u2, 16, u2_str ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &xR, 16, xR_str ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &yR, 16, yR_str ) == 0 );
+
+ TEST_ASSERT( mbedtls_mpi_read_string( &Q.X, 16, xQ_str ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &Q.Y, 16, yQ_str ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_lset( &Q.Z, 1 ) == 0 );
+
+ mbedtls_ecp_set_max_ops( (unsigned) max_ops );
+
+ cnt_restarts = 0;
+ do {
+ ECP_PT_RESET( &R );
+ ret = mbedtls_ecp_muladd_restartable( &grp, &R,
+ &u1, &grp.G, &u2, &Q, &ctx );
+ } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts );
+
+ TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xR ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yR ) == 0 );
+
+ TEST_ASSERT( cnt_restarts >= min_restarts );
+ TEST_ASSERT( cnt_restarts <= max_restarts );
+
+ /* Do we leak memory when aborting an operation?
+ * This test only makes sense when we actually restart */
+ if( min_restarts > 0 )
+ {
+ ret = mbedtls_ecp_muladd_restartable( &grp, &R,
+ &u1, &grp.G, &u2, &Q, &ctx );
+ TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+ }
+
+exit:
+ mbedtls_ecp_restart_free( &ctx );
+ mbedtls_ecp_group_free( &grp );
+ mbedtls_ecp_point_free( &R );
+ mbedtls_ecp_point_free( &Q );
+ mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 );
+ mbedtls_mpi_free( &xR ); mbedtls_mpi_free( &yR );
+}
+/* END_CASE */
+
/* BEGIN_CASE */
-void ecp_test_vect( int id, char *dA_str, char *xA_str, char *yA_str,
- char *dB_str, char *xB_str, char *yB_str, char *xZ_str,
- char *yZ_str )
+void ecp_test_vect( int id, char * dA_str, char * xA_str, char * yA_str,
+ char * dB_str, char * xB_str, char * yB_str,
+ char * xZ_str, char * yZ_str )
{
mbedtls_ecp_group grp;
mbedtls_ecp_point R;
@@ -107,8 +624,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void ecp_test_vec_x( int id, char *dA_hex, char *xA_hex,
- char *dB_hex, char *xB_hex, char *xS_hex )
+void ecp_test_vec_x( int id, char * dA_hex, char * xA_hex, char * dB_hex,
+ char * xB_hex, char * xS_hex )
{
mbedtls_ecp_group grp;
mbedtls_ecp_point R;
@@ -158,7 +675,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void ecp_fast_mod( int id, char *N_str )
+void ecp_fast_mod( int id, char * N_str )
{
mbedtls_ecp_group grp;
mbedtls_mpi N, R;
@@ -191,16 +708,15 @@
/* END_CASE */
/* BEGIN_CASE */
-void ecp_write_binary( int id, char *x, char *y, char *z, int format,
- char *out, int blen, int ret )
+void ecp_write_binary( int id, char * x, char * y, char * z, int format,
+ data_t * out, int blen, int ret )
{
mbedtls_ecp_group grp;
mbedtls_ecp_point P;
- unsigned char buf[256], str[512];
+ unsigned char buf[256];
size_t olen;
memset( buf, 0, sizeof( buf ) );
- memset( str, 0, sizeof( str ) );
mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &P );
@@ -215,8 +731,7 @@
if( ret == 0 )
{
- hexify( str, buf, olen );
- TEST_ASSERT( strcasecmp( (char *) str, out ) == 0 );
+ TEST_ASSERT( hexcmp( buf, out->x, olen, out->len ) == 0 );
}
exit:
@@ -225,16 +740,13 @@
/* END_CASE */
/* BEGIN_CASE */
-void ecp_read_binary( int id, char *input, char *x, char *y, char *z,
+void ecp_read_binary( int id, data_t * buf, char * x, char * y, char * z,
int ret )
{
mbedtls_ecp_group grp;
mbedtls_ecp_point P;
mbedtls_mpi X, Y, Z;
- int ilen;
- unsigned char buf[256];
- memset( buf, 0, sizeof( buf ) );
mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &P );
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
@@ -245,15 +757,23 @@
TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Z, 16, z ) == 0 );
- ilen = unhexify( buf, input );
-
- TEST_ASSERT( mbedtls_ecp_point_read_binary( &grp, &P, buf, ilen ) == ret );
+ TEST_ASSERT( mbedtls_ecp_point_read_binary( &grp, &P, buf->x, buf->len ) == ret );
if( ret == 0 )
{
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.X, &X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Y, &Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Z, &Z ) == 0 );
+ if( mbedtls_ecp_get_type( &grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
+ {
+ TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, 0 ) == 0 );
+ TEST_ASSERT( P.Y.p == NULL );
+ TEST_ASSERT( mbedtls_mpi_cmp_int( &Z, 1 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_int( &P.Z, 1 ) == 0 );
+ }
+ else
+ {
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Y, &Y ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Z, &Z ) == 0 );
+ }
}
exit:
@@ -263,17 +783,14 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ecp_tls_read_point( int id, char *input, char *x, char *y, char *z,
- int ret )
+void mbedtls_ecp_tls_read_point( int id, data_t * buf, char * x, char * y,
+ char * z, int ret )
{
mbedtls_ecp_group grp;
mbedtls_ecp_point P;
mbedtls_mpi X, Y, Z;
- size_t ilen;
- unsigned char buf[256];
- const unsigned char *vbuf = buf;
+ const unsigned char *vbuf = buf->x;
- memset( buf, 0, sizeof( buf ) );
mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &P );
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
@@ -284,16 +801,14 @@
TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Z, 16, z ) == 0 );
- ilen = unhexify( buf, input );
-
- TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &P, &vbuf, ilen ) == ret );
+ TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &P, &vbuf, buf->len ) == ret );
if( ret == 0 )
{
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.X, &X ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Y, &Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Z, &Z ) == 0 );
- TEST_ASSERT( *vbuf == 0x00 );
+ TEST_ASSERT( (uint32_t)( vbuf - buf->x ) == buf->len );
}
exit:
@@ -355,25 +870,22 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ecp_tls_read_group( char *record, int result, int bits )
+void mbedtls_ecp_tls_read_group( data_t * buf, int result, int bits,
+ int record_len )
{
mbedtls_ecp_group grp;
- unsigned char buf[10];
- const unsigned char *vbuf = buf;
- int len, ret;
+ const unsigned char *vbuf = buf->x;
+ int ret;
mbedtls_ecp_group_init( &grp );
- memset( buf, 0x00, sizeof( buf ) );
- len = unhexify( buf, record );
-
- ret = mbedtls_ecp_tls_read_group( &grp, &vbuf, len );
+ ret = mbedtls_ecp_tls_read_group( &grp, &vbuf, buf->len );
TEST_ASSERT( ret == result );
if( ret == 0)
{
TEST_ASSERT( mbedtls_mpi_bitlen( &grp.P ) == (size_t) bits );
- TEST_ASSERT( *vbuf == 0x00 );
+ TEST_ASSERT( vbuf - buf->x == record_len);
}
exit:
@@ -413,7 +925,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ecp_check_privkey( int id, char *key_hex, int ret )
+void mbedtls_ecp_check_privkey( int id, char * key_hex, int ret )
{
mbedtls_ecp_group grp;
mbedtls_mpi d;
@@ -433,8 +945,9 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_ecp_check_pub_priv( int id_pub, char *Qx_pub, char *Qy_pub,
- int id, char *d, char *Qx, char *Qy, int ret )
+void mbedtls_ecp_check_pub_priv( int id_pub, char * Qx_pub, char * Qy_pub,
+ int id, char * d, char * Qx, char * Qy,
+ int ret )
{
mbedtls_ecp_keypair pub, prv;
@@ -505,8 +1018,30 @@
}
/* END_CASE */
+/* BEGIN_CASE */
+void mbedtls_ecp_read_key( int grp_id, data_t* in_key, int expected )
+{
+ int ret = 0;
+ mbedtls_ecp_keypair key;
+
+ mbedtls_ecp_keypair_init( &key );
+
+ ret = mbedtls_ecp_read_key( grp_id, &key, in_key->x, in_key->len );
+ TEST_ASSERT( ret == expected );
+
+ if( expected == 0 )
+ {
+ ret = mbedtls_ecp_check_privkey( &key.grp, &key.d );
+ TEST_ASSERT( ret == 0 );
+ }
+
+exit:
+ mbedtls_ecp_keypair_free( &key );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void ecp_selftest()
+void ecp_selftest( )
{
TEST_ASSERT( mbedtls_ecp_self_test( 1 ) == 0 );
}
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index 2bab796..0b1cfe8 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -1,6 +1,7 @@
/* BEGIN_HEADER */
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
+#include "string.h"
/*
* Number of calls made to entropy_dummy_source()
@@ -124,7 +125,7 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
-void entropy_seed_file( char *path, int ret )
+void entropy_seed_file( char * path, int ret )
{
mbedtls_entropy_context ctx;
@@ -139,7 +140,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void entropy_too_many_sources( )
+void entropy_too_many_sources( )
{
mbedtls_entropy_context ctx;
size_t i;
@@ -193,7 +194,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void entropy_source_fail( char *path )
+void entropy_source_fail( char * path )
{
mbedtls_entropy_context ctx;
int fail = -1;
@@ -260,7 +261,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
-void nv_seed_file_create()
+void nv_seed_file_create( )
{
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
@@ -271,7 +272,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO:MBEDTLS_PLATFORM_NV_SEED_ALT */
-void entropy_nv_seed_std_io()
+void entropy_nv_seed_std_io( )
{
unsigned char io_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
unsigned char check_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
@@ -301,7 +302,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT:MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
-void entropy_nv_seed( char *read_seed_str )
+void entropy_nv_seed( data_t * read_seed )
{
mbedtls_sha512_context accumulator;
mbedtls_entropy_context ctx;
@@ -310,7 +311,6 @@
unsigned char entropy[MBEDTLS_ENTROPY_BLOCK_SIZE];
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
unsigned char empty[MBEDTLS_ENTROPY_BLOCK_SIZE];
- unsigned char read_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
unsigned char check_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
unsigned char check_entropy[MBEDTLS_ENTROPY_BLOCK_SIZE];
@@ -322,8 +322,7 @@
memset( check_entropy, 3, MBEDTLS_ENTROPY_BLOCK_SIZE );
// Set the initial NV seed to read
- unhexify( read_seed, read_seed_str );
- memcpy( buffer_seed, read_seed, MBEDTLS_ENTROPY_BLOCK_SIZE );
+ memcpy( buffer_seed, read_seed->x, read_seed->len );
// Make sure we read/write NV seed from our buffers
mbedtls_platform_set_nv_seed( buffer_nv_seed_read, buffer_nv_seed_write );
@@ -348,7 +347,7 @@
// First run for updating write_seed
header[0] = 0;
mbedtls_sha512_update( &accumulator, header, 2 );
- mbedtls_sha512_update( &accumulator, read_seed, MBEDTLS_ENTROPY_BLOCK_SIZE );
+ mbedtls_sha512_update( &accumulator, read_seed->x, read_seed->len );
mbedtls_sha512_finish( &accumulator, buf );
memset( &accumulator, 0, sizeof( mbedtls_sha512_context ) );
diff --git a/tests/suites/test_suite_error.function b/tests/suites/test_suite_error.function
index c99b1fd..68831ce 100644
--- a/tests/suites/test_suite_error.function
+++ b/tests/suites/test_suite_error.function
@@ -8,7 +8,7 @@
*/
/* BEGIN_CASE */
-void error_strerror( int code, char *result_str )
+void error_strerror( int code, char * result_str )
{
char buf[500];
diff --git a/tests/suites/test_suite_gcm.aes128_de.data b/tests/suites/test_suite_gcm.aes128_de.data
index 2a2e32f..a42fe85 100644
--- a/tests/suites/test_suite_gcm.aes128_de.data
+++ b/tests/suites/test_suite_gcm.aes128_de.data
@@ -1,674 +1,674 @@
AES-GCM NIST Validation (AES-128,128,0,0,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d785dafea3e966731ef6fc6202262584":"":"d91a46205ee94058b3b8403997592dd2":"":128:"3b92a17c1b9c3578a68cffea5a5b6245":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d785dafea3e966731ef6fc6202262584":"":"d91a46205ee94058b3b8403997592dd2":"":128:"3b92a17c1b9c3578a68cffea5a5b6245":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aec963833b9098de1ababc853ab74d96":"":"4e0ffd93beffd732c6f7d6ad606a2d24":"":128:"e9fcedc176dfe587dc61b2011010cdf1":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aec963833b9098de1ababc853ab74d96":"":"4e0ffd93beffd732c6f7d6ad606a2d24":"":128:"e9fcedc176dfe587dc61b2011010cdf1":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c4fb9e3393681da9cec5ec96f87c5c31":"":"845e910bc055d895879f62101d08b4c7":"":128:"99fb783c497416e4b6e2a5de7c782057":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c4fb9e3393681da9cec5ec96f87c5c31":"":"845e910bc055d895879f62101d08b4c7":"":128:"99fb783c497416e4b6e2a5de7c782057":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,0,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2a930f2e09beceacd9919cb76f2ac8d3":"":"340d9af44f6370eff534c653033a785a":"":120:"0c1e5e9c8fe5edfd11f114f3503d63":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2a930f2e09beceacd9919cb76f2ac8d3":"":"340d9af44f6370eff534c653033a785a":"":120:"0c1e5e9c8fe5edfd11f114f3503d63":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe71177e02073b1c407b5724e2263a5e":"":"83c23d20d2a9d4b8f92da96587c96b18":"":120:"43b2ca795420f35f6cb39f5dfa47a2":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe71177e02073b1c407b5724e2263a5e":"":"83c23d20d2a9d4b8f92da96587c96b18":"":120:"43b2ca795420f35f6cb39f5dfa47a2":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b02392fd7f228888c281e59d1eaa15fb":"":"2726344ba8912c737e195424e1e6679e":"":120:"a10b601ca8053536a2af2cc255d2b6":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b02392fd7f228888c281e59d1eaa15fb":"":"2726344ba8912c737e195424e1e6679e":"":120:"a10b601ca8053536a2af2cc255d2b6":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"21895cbafc16b7b8bf5867e88e0853d4":"":"f987ce1005d9bbd31d2452fb80957753":"":112:"952a7e265830d58a6778d68b9450":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"21895cbafc16b7b8bf5867e88e0853d4":"":"f987ce1005d9bbd31d2452fb80957753":"":112:"952a7e265830d58a6778d68b9450":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bb9742bf47f68caf64963d7c10a97b0":"":"34a85669de64e1cd44731905fddbcbc5":"":112:"e9b6be928aa77b2de28b480ae74c":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bb9742bf47f68caf64963d7c10a97b0":"":"34a85669de64e1cd44731905fddbcbc5":"":112:"e9b6be928aa77b2de28b480ae74c":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4e9708e4b37e2e1b5feaf4f5ab54e2a6":"":"1c53a9fdd23919b036d99560619a9939":"":112:"6611b50d6fbca83047f9f5fe1768":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4e9708e4b37e2e1b5feaf4f5ab54e2a6":"":"1c53a9fdd23919b036d99560619a9939":"":112:"6611b50d6fbca83047f9f5fe1768":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"82fede79db25f00be96eb050a22cea87":"":"e9c50b517ab26c89b83c1f0cac50162c":"":104:"d0c0ce9db60b77b0e31d05e048":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"82fede79db25f00be96eb050a22cea87":"":"e9c50b517ab26c89b83c1f0cac50162c":"":104:"d0c0ce9db60b77b0e31d05e048":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1d98566fca5201abb12914311a8bd532":"":"590aef4b46a9023405d075edab7e6849":"":104:"a1cfd1a27b341f49eda2ca8305":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1d98566fca5201abb12914311a8bd532":"":"590aef4b46a9023405d075edab7e6849":"":104:"a1cfd1a27b341f49eda2ca8305":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,0,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3038771820c2e1319f02a74b8a7a0c08":"":"e556d9f07fb69d7e9a644261c80fac92":"":104:"4d2f005d662b6a8787f231c5e1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3038771820c2e1319f02a74b8a7a0c08":"":"e556d9f07fb69d7e9a644261c80fac92":"":104:"4d2f005d662b6a8787f231c5e1":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,0,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0fb7eef50de598d7d8b508d019a30d5a":"":"a2a2617040116c2c7e4236d2d8278213":"":96:"68413c58df7bb5f067197ca0":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0fb7eef50de598d7d8b508d019a30d5a":"":"a2a2617040116c2c7e4236d2d8278213":"":96:"68413c58df7bb5f067197ca0":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,0,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8cc58b609204215c8ab4908286e56e5c":"":"fb83ea637279332677b5f68081173e99":"":96:"a2a9160d82739a55d8cd419f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8cc58b609204215c8ab4908286e56e5c":"":"fb83ea637279332677b5f68081173e99":"":96:"a2a9160d82739a55d8cd419f":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,0,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"81a5fd184742a478432963f6477e8f92":"":"da297cbb53b11d7c379e0566299b4d5a":"":96:"200bee49466fdda2f21f0062":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"81a5fd184742a478432963f6477e8f92":"":"da297cbb53b11d7c379e0566299b4d5a":"":96:"200bee49466fdda2f21f0062":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,0,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f604ac66d626959e595cbb7b4128e096":"":"269d2a49d533c6bb38008711f38e0b39":"":64:"468200fa4683e8be":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f604ac66d626959e595cbb7b4128e096":"":"269d2a49d533c6bb38008711f38e0b39":"":64:"468200fa4683e8be":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,0,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2e308ba7903e925f768c1d00ff3eb623":"":"335acd2aa48a47a37cfe21e491f1b141":"":64:"4872bfd5e2ff55f6":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2e308ba7903e925f768c1d00ff3eb623":"":"335acd2aa48a47a37cfe21e491f1b141":"":64:"4872bfd5e2ff55f6":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1304e2a5a3520454a5109df61a67da7a":"":"dbe8b452acf4fa1444c3668e9ee72d26":"":64:"83a0d3440200ca95":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1304e2a5a3520454a5109df61a67da7a":"":"dbe8b452acf4fa1444c3668e9ee72d26":"":64:"83a0d3440200ca95":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,0,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ecf1ec2c9a8f2e9cc799f9b9fddb3232":"":"ddf0b695aef5df2b594fcaae72b7e41c":"":32:"2819aedf":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ecf1ec2c9a8f2e9cc799f9b9fddb3232":"":"ddf0b695aef5df2b594fcaae72b7e41c":"":32:"2819aedf":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9ab5c8ca905b5fe50461f4a68941144b":"":"96dd3927a96e16123f2e9d6b367d303f":"":32:"6e0c53ef":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9ab5c8ca905b5fe50461f4a68941144b":"":"96dd3927a96e16123f2e9d6b367d303f":"":32:"6e0c53ef":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5fc7af605721a9cfe61c1ee6a4b3e22":"":"6b757d4055823d1035d01077666037d6":"":32:"e8c09ddd":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5fc7af605721a9cfe61c1ee6a4b3e22":"":"6b757d4055823d1035d01077666037d6":"":32:"e8c09ddd":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"03c0b4a6e508a8490db0d086a82c9db7":"":"ac52f6c1a05030321fa39f87e89fdb5e":"33316ca79d10a79f4fd038593e8eef09625089dc4e0ffe4bc1f2871554fa6666ab3e7fe7885edef694b410456f3ec0e513bb25f1b48d95e4820c5972c1aabb25c84c08566002dadc36df334c1ce86847964a122016d389ac873bca8c335a7a99bcef91e1b985ae5d488a2d7f78b4bf14e0c2dc715e814f4e24276057cf668172":128:"756292d8b4653887edef51679b161812":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"03c0b4a6e508a8490db0d086a82c9db7":"":"ac52f6c1a05030321fa39f87e89fdb5e":"33316ca79d10a79f4fd038593e8eef09625089dc4e0ffe4bc1f2871554fa6666ab3e7fe7885edef694b410456f3ec0e513bb25f1b48d95e4820c5972c1aabb25c84c08566002dadc36df334c1ce86847964a122016d389ac873bca8c335a7a99bcef91e1b985ae5d488a2d7f78b4bf14e0c2dc715e814f4e24276057cf668172":128:"756292d8b4653887edef51679b161812":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b228d3d15219ea9ad5651fce02c8374d":"":"5c7eafaead029c3fe3cf3835fe758d0e":"8c35dd805c08686b9b4d460f81b4dcb8c46c6d57842dc3e72ba90952e2bebf17fe7184445b02f801800a944486d662a127d01d3b7f42679052cdc73ce533129af8d13957415c5495142157d6ce8a68aa977e56f562fed98e468e42522767656ce50369471060381bb752dd5e77c79677a4cadffa39e518e30a789e793b07ea21":128:"a4dde1ab93c84937c3bbc3ad5237818d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b228d3d15219ea9ad5651fce02c8374d":"":"5c7eafaead029c3fe3cf3835fe758d0e":"8c35dd805c08686b9b4d460f81b4dcb8c46c6d57842dc3e72ba90952e2bebf17fe7184445b02f801800a944486d662a127d01d3b7f42679052cdc73ce533129af8d13957415c5495142157d6ce8a68aa977e56f562fed98e468e42522767656ce50369471060381bb752dd5e77c79677a4cadffa39e518e30a789e793b07ea21":128:"a4dde1ab93c84937c3bbc3ad5237818d":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"776afcbabedd5577fe660a60f920b536":"":"5bbb7f1b14084e520408dd87b97705e9":"44631fc9d4a07416b0dfb4e2b42071e3e2be45502c9ddf72b3e61810eeda31a7d685ebb2ee43a2c06af374569f439ee1668c550067de2dece9ec46ee72b260858d6033f814e85275c5ae669b60803a8c516de32804fa34d3a213ccfaf6689046e25eeb30b9e1608e689f4d31cc664b83a468a51165f5625f12f098a6bf7ddab2":128:"a5347d41d93b587240651bcd5230264f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"776afcbabedd5577fe660a60f920b536":"":"5bbb7f1b14084e520408dd87b97705e9":"44631fc9d4a07416b0dfb4e2b42071e3e2be45502c9ddf72b3e61810eeda31a7d685ebb2ee43a2c06af374569f439ee1668c550067de2dece9ec46ee72b260858d6033f814e85275c5ae669b60803a8c516de32804fa34d3a213ccfaf6689046e25eeb30b9e1608e689f4d31cc664b83a468a51165f5625f12f098a6bf7ddab2":128:"a5347d41d93b587240651bcd5230264f":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"20abeafa25fc4ea7d0592cb3e9b4d5fe":"":"3aba79a58c5aa664856b41d552c7a8d3":"98cfecaae9eb9a7c3b17e6bc5f80d8a4bf7a9f4fa5e01b74cae15ee6af14633205aafe3b28fb7b7918e12322ea27352056a603746d728a61361134a561619400ff2bf679045bac2e0fbc2c1d41f8faba4b27c7827bceda4e9bf505df4185515dd3a5e26f7639c8ad5a38bc5906a44be062f02cc53862678ae36fa3de3c02c982":120:"2a67ad1471a520fe09a304f0975f31":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"20abeafa25fc4ea7d0592cb3e9b4d5fe":"":"3aba79a58c5aa664856b41d552c7a8d3":"98cfecaae9eb9a7c3b17e6bc5f80d8a4bf7a9f4fa5e01b74cae15ee6af14633205aafe3b28fb7b7918e12322ea27352056a603746d728a61361134a561619400ff2bf679045bac2e0fbc2c1d41f8faba4b27c7827bceda4e9bf505df4185515dd3a5e26f7639c8ad5a38bc5906a44be062f02cc53862678ae36fa3de3c02c982":120:"2a67ad1471a520fe09a304f0975f31":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2bc73fba942ff105823b5dccf6befb1c":"":"902c3e3b69b1ef8395d7281ff74cce38":"4adec0b4ac00325a860044d9f9519daa4f7c163229a75819b0fd7d8e23319f030e61dfa8eadabff42ea27bc36bdb6cad249e801ca631b656836448b7172c11126bad2781e6a1aa4f62c4eda53409408b008c057e0b81215cc13ddabbb8f1915f4bbab854f8b00763a530ad5055d265778cd3080d0bd35b76a329bdd5b5a2d268":120:"ebdd7c8e87fe733138a433543542d1":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2bc73fba942ff105823b5dccf6befb1c":"":"902c3e3b69b1ef8395d7281ff74cce38":"4adec0b4ac00325a860044d9f9519daa4f7c163229a75819b0fd7d8e23319f030e61dfa8eadabff42ea27bc36bdb6cad249e801ca631b656836448b7172c11126bad2781e6a1aa4f62c4eda53409408b008c057e0b81215cc13ddabbb8f1915f4bbab854f8b00763a530ad5055d265778cd3080d0bd35b76a329bdd5b5a2d268":120:"ebdd7c8e87fe733138a433543542d1":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"356a4c245868243d61756cabe86da887":"":"b442f2ec6d45a17144c258fd59fe5b3b":"12cccc3c60474b0a1579c5006c2134850724fa6c9da3a7022d4f65fd238b052bdf34ea34aa7dbadad64996065acee588ab6bd29726d07ed24ffae2d33aadf3e66ebb87f57e689fd85128be1c9e3d8362fad1f8096ee391f75b576fb213d394cef6f091fc5488d9aa152be69475b9167abd6dd4fd93bbbc7b8ca316c952eb19c6":120:"ed26080dcb670590613d97d7c47cf4":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"356a4c245868243d61756cabe86da887":"":"b442f2ec6d45a17144c258fd59fe5b3b":"12cccc3c60474b0a1579c5006c2134850724fa6c9da3a7022d4f65fd238b052bdf34ea34aa7dbadad64996065acee588ab6bd29726d07ed24ffae2d33aadf3e66ebb87f57e689fd85128be1c9e3d8362fad1f8096ee391f75b576fb213d394cef6f091fc5488d9aa152be69475b9167abd6dd4fd93bbbc7b8ca316c952eb19c6":120:"ed26080dcb670590613d97d7c47cf4":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dfa7e93aff73600fc552324253066e2c":"":"c20001e93f1cd05253c277a9445d61e4":"a64d1e20058a1f7e698622a02f7ff8dc11886717ede17bbdc3c4645a66a71d8b04346fb389a251ffb0a7f445a25faf642bb7e4697d2cacf925e78c4be98457996afb25b0516b50f179441d1923312364947f8f1e0f5715b43bd537727bf943d7b4679b0b0b28b94e56e7bbf554d9cf79fcee4387f32bb6f91efdd23620035be6":112:"6ba5e4dace9a54b50b901d9b73ad":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dfa7e93aff73600fc552324253066e2c":"":"c20001e93f1cd05253c277a9445d61e4":"a64d1e20058a1f7e698622a02f7ff8dc11886717ede17bbdc3c4645a66a71d8b04346fb389a251ffb0a7f445a25faf642bb7e4697d2cacf925e78c4be98457996afb25b0516b50f179441d1923312364947f8f1e0f5715b43bd537727bf943d7b4679b0b0b28b94e56e7bbf554d9cf79fcee4387f32bb6f91efdd23620035be6":112:"6ba5e4dace9a54b50b901d9b73ad":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2ecea80b48d2ecd194a7699aa7d8ccfc":"":"8b4db08bafc23b65ae50a2d20661d270":"efc2ca1a3b41b90f8ddf74291d68f072a6e025d0c91c3ce2b133525943c73ebadc71f150be20afeb097442fa51be31a641df65d90ebd81dcbaf32711ed31f5e0271421377ffe14ddafea3ca60a600588d484856a98de73f56a766ae60bae384a4ae01a1a06821cf0c7a6b4ee4c8f413748457b3777283d3310218fb55c107293":112:"246a9d37553088b6411ebb62aa16":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2ecea80b48d2ecd194a7699aa7d8ccfc":"":"8b4db08bafc23b65ae50a2d20661d270":"efc2ca1a3b41b90f8ddf74291d68f072a6e025d0c91c3ce2b133525943c73ebadc71f150be20afeb097442fa51be31a641df65d90ebd81dcbaf32711ed31f5e0271421377ffe14ddafea3ca60a600588d484856a98de73f56a766ae60bae384a4ae01a1a06821cf0c7a6b4ee4c8f413748457b3777283d3310218fb55c107293":112:"246a9d37553088b6411ebb62aa16":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d38fee3fd3d6d08224c3c83529a25d08":"":"a942ccb11cf9468186fabfc18c899801":"1c92a4ce0a1dae27e720d6f9b1e460276538de437f3812ab1177cf0273b05908f296f33ba0f4c790abe2ce958b1d92b930a0d81243e6ad09ef86ee8e3270243095096537cb1054fcfcf537d828b65af9b6cf7c50f5b8470f7908f314d0859107eed772ee1732c78e8a2e35b2493f3e8c1e601b08aeab8d9729e0294dca168c62":112:"803a08700ec86fdeb88f7a388921":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d38fee3fd3d6d08224c3c83529a25d08":"":"a942ccb11cf9468186fabfc18c899801":"1c92a4ce0a1dae27e720d6f9b1e460276538de437f3812ab1177cf0273b05908f296f33ba0f4c790abe2ce958b1d92b930a0d81243e6ad09ef86ee8e3270243095096537cb1054fcfcf537d828b65af9b6cf7c50f5b8470f7908f314d0859107eed772ee1732c78e8a2e35b2493f3e8c1e601b08aeab8d9729e0294dca168c62":112:"803a08700ec86fdeb88f7a388921":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1899b0cbae41d705c6eed3226afb5bc0":"":"82d0910aa53e300a487d880d018d0dea":"6bf5583cc1007d74f3529db63b8d4e085400ccf3725eab8e19cb145f3910c61465a21486740a26f74691866a9f632af9fae81f5f0bffedf0c28a6ce0fd520bb4db04a3cd1a7d29d8801e05e4b9c9374fd89bcb539489c2f7f1f801c253a1cc737408669bcd133b62da357f7399a52179125aa59fae6707d340846886d730a835":104:"c5d58870fee9ce157f5ec1fa8f":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1899b0cbae41d705c6eed3226afb5bc0":"":"82d0910aa53e300a487d880d018d0dea":"6bf5583cc1007d74f3529db63b8d4e085400ccf3725eab8e19cb145f3910c61465a21486740a26f74691866a9f632af9fae81f5f0bffedf0c28a6ce0fd520bb4db04a3cd1a7d29d8801e05e4b9c9374fd89bcb539489c2f7f1f801c253a1cc737408669bcd133b62da357f7399a52179125aa59fae6707d340846886d730a835":104:"c5d58870fee9ce157f5ec1fa8f":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8b95323d86d02754f4c2874b42ec6eb0":"":"4f76084acbdef9999c71dcc794238d7c":"ebc75788377c0b264818a6f97c19cf92c29f1c7cdeb6b5f0a92d238fa4614bc35d0cfe4ec9d045cd628ff6262c460679ac15b0c6366d9289bbd217e5012279e0af0fb2cfcbdf51fe16935968cbb727f725fe5bcd4428905849746c8493600ce8b2cfc1b61b04c8b752b915fed611d6b54ef73ec4e3950d6db1807b1ce7ed1dcc":104:"c4724ff1d2c57295eb733e9cad":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8b95323d86d02754f4c2874b42ec6eb0":"":"4f76084acbdef9999c71dcc794238d7c":"ebc75788377c0b264818a6f97c19cf92c29f1c7cdeb6b5f0a92d238fa4614bc35d0cfe4ec9d045cd628ff6262c460679ac15b0c6366d9289bbd217e5012279e0af0fb2cfcbdf51fe16935968cbb727f725fe5bcd4428905849746c8493600ce8b2cfc1b61b04c8b752b915fed611d6b54ef73ec4e3950d6db1807b1ce7ed1dcc":104:"c4724ff1d2c57295eb733e9cad":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30da555559eb11cf7e0eff9d99e9607d":"":"7799275bf12335f281ec94a870f90a0b":"e735d556e15aec78d9736016c8c99db753ed14d4e4adaaa1dd7eaad702ea5dc337433f8c2b45afdf2f385fdf6c55574425571e079ca759b6235f877ed11618ff212bafd865a22b80b76b3b5cf1acfd24d92fd41607bbb7382f26cd703757088d497b16b32de80e1256c734a9b83356b6fced207177de75458481eaef59a431d7":104:"3c82272130e17c4a0a007a908e":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30da555559eb11cf7e0eff9d99e9607d":"":"7799275bf12335f281ec94a870f90a0b":"e735d556e15aec78d9736016c8c99db753ed14d4e4adaaa1dd7eaad702ea5dc337433f8c2b45afdf2f385fdf6c55574425571e079ca759b6235f877ed11618ff212bafd865a22b80b76b3b5cf1acfd24d92fd41607bbb7382f26cd703757088d497b16b32de80e1256c734a9b83356b6fced207177de75458481eaef59a431d7":104:"3c82272130e17c4a0a007a908e":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ed2ac74af896c5190c271cfa6af02fd2":"":"e0226e2d8da47badad1fb78b9a797f27":"8f11353ae476ff923013e6e736ffc9d23101a1c471ccc07ad372a8430d6559c376075efce2e318cdf4c9443dbf132e7e6da5524045028c97e904633b44c4d189a4b64237ac7692dd03c0e751ce9f04d0fdbd8a96074cd7dfa2fd441a52328b4ac3974b4902db45663f7b6f24947dba618f8b9769e927faf84c9f49ad8239b9fb":96:"db8af7a0d548fc54d9457c73":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ed2ac74af896c5190c271cfa6af02fd2":"":"e0226e2d8da47badad1fb78b9a797f27":"8f11353ae476ff923013e6e736ffc9d23101a1c471ccc07ad372a8430d6559c376075efce2e318cdf4c9443dbf132e7e6da5524045028c97e904633b44c4d189a4b64237ac7692dd03c0e751ce9f04d0fdbd8a96074cd7dfa2fd441a52328b4ac3974b4902db45663f7b6f24947dba618f8b9769e927faf84c9f49ad8239b9fb":96:"db8af7a0d548fc54d9457c73":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0225b73fe5fbbe52f838d873173959d8":"":"02a048764f48d9aed1147ee922395bbf":"9b46a57b06e156c877e94c089814493ead879397dab3dfcab2db349ef387efcd0cc339a7e79131a2c580188fc7429044a465b8329d74cd8f47272a4ed32582b1c5c7e3d32341ae902ea4923dc33df8062bc24bb51a11d2ecc82f464f615041387f9c82bd2135d4e240fe56fa8a68e6a9a417e6702430a434b14d70cf02db3181":96:"e2c2ce4022c49a95c9ac9026":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0225b73fe5fbbe52f838d873173959d8":"":"02a048764f48d9aed1147ee922395bbf":"9b46a57b06e156c877e94c089814493ead879397dab3dfcab2db349ef387efcd0cc339a7e79131a2c580188fc7429044a465b8329d74cd8f47272a4ed32582b1c5c7e3d32341ae902ea4923dc33df8062bc24bb51a11d2ecc82f464f615041387f9c82bd2135d4e240fe56fa8a68e6a9a417e6702430a434b14d70cf02db3181":96:"e2c2ce4022c49a95c9ac9026":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"89ca3771a0ef3287568b4ac036120198":"":"7e83d2ffa8af8c554cfd71a0db56ef5b":"1bd7a9d6262882bd12c62bd50942965b3cdcadf5e0fab2dc4d0daf0ee4b16e92c6e2464c0caa423cdce88e4d843490609716ec5e44c41672c656ac0e444d3622557ea8420c94deae3ad190ddaf859f6f8c23e4e2e32a46d28df23de4f99bd6c34f69e06eddfdfa5f263dbe8baf9d4296b2c543e4c4847271e7590374edf46234":96:"06b2bf62591dc7ec1b814705":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"89ca3771a0ef3287568b4ac036120198":"":"7e83d2ffa8af8c554cfd71a0db56ef5b":"1bd7a9d6262882bd12c62bd50942965b3cdcadf5e0fab2dc4d0daf0ee4b16e92c6e2464c0caa423cdce88e4d843490609716ec5e44c41672c656ac0e444d3622557ea8420c94deae3ad190ddaf859f6f8c23e4e2e32a46d28df23de4f99bd6c34f69e06eddfdfa5f263dbe8baf9d4296b2c543e4c4847271e7590374edf46234":96:"06b2bf62591dc7ec1b814705":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a41a297bd96e224942998fe2192934a1":"":"6827f2c5a0b7ecd6bbc696abb0adf556":"f32041abd8543415cbac423d945dda5378a16a7e94d9ab5dbd2d32eb1c5048cc7c8e4df3ca84ec725f18c34cfdeaa7595392aabfd66d9e2f37c1165369cd806cd9d2110def6f5fad4345e5a6e2326c9300199438fcc078cd9fcf4d76872cac77fc9a0a8ac7e4d63995078a9addecf798460ff5910861b76c71bccfb6b629d722":64:"49a4917eef61f78e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a41a297bd96e224942998fe2192934a1":"":"6827f2c5a0b7ecd6bbc696abb0adf556":"f32041abd8543415cbac423d945dda5378a16a7e94d9ab5dbd2d32eb1c5048cc7c8e4df3ca84ec725f18c34cfdeaa7595392aabfd66d9e2f37c1165369cd806cd9d2110def6f5fad4345e5a6e2326c9300199438fcc078cd9fcf4d76872cac77fc9a0a8ac7e4d63995078a9addecf798460ff5910861b76c71bccfb6b629d722":64:"49a4917eef61f78e":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a9372c058f42e0a1d019bdb528313919":"":"8d03f423230c8f00a5b6b712d426a2af":"cfef4e70fcc1821eeccf7c7b5eb3c0c3b5f72dc762426e0bd26242f8aa68c5b716ab97eded5e5720caccc1965da603d556d8214d5828f2cf276d95bf552d47313876796221f62ccb818a6d801088755d58cfb751bfed0d5a19718d4e0f94b850e0279b3a69295d1837cba958a6cc56e7594080b9e5b954a199fdc9e54ddc8583":64:"b82cd11cd3575c8d":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a9372c058f42e0a1d019bdb528313919":"":"8d03f423230c8f00a5b6b712d426a2af":"cfef4e70fcc1821eeccf7c7b5eb3c0c3b5f72dc762426e0bd26242f8aa68c5b716ab97eded5e5720caccc1965da603d556d8214d5828f2cf276d95bf552d47313876796221f62ccb818a6d801088755d58cfb751bfed0d5a19718d4e0f94b850e0279b3a69295d1837cba958a6cc56e7594080b9e5b954a199fdc9e54ddc8583":64:"b82cd11cd3575c8d":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6302b7338f8fa84195ad9abbacd89b4e":"":"e1bed5c53547cbc85f3411fbb43bb08b":"bcd329c076e8da2797d50dcdcf271cecf3ce12f3c136ed746edc722f907be6133276ee099038fdc5d73eec812739c7489d4bcc275f95451b44890416e3ffe5a1b6fa3986b84eee3adad774c6feaecb1f785053eeda2cfc18953b8547866d98918dbe0a6abc168ac7d77467a367f11c284924d9d186ef64ef0fd54eacd75156d2":64:"5222d092e9e8bd6c":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6302b7338f8fa84195ad9abbacd89b4e":"":"e1bed5c53547cbc85f3411fbb43bb08b":"bcd329c076e8da2797d50dcdcf271cecf3ce12f3c136ed746edc722f907be6133276ee099038fdc5d73eec812739c7489d4bcc275f95451b44890416e3ffe5a1b6fa3986b84eee3adad774c6feaecb1f785053eeda2cfc18953b8547866d98918dbe0a6abc168ac7d77467a367f11c284924d9d186ef64ef0fd54eacd75156d2":64:"5222d092e9e8bd6c":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"78b5c28d62e4b2097873a1180bd5a3a5":"":"c93902c2819ee494f0fc4b259ee65dd8":"e6b1192674a02083a6cf36d4ba93ba40a5331fadf63fd1eb2efa2ee9c0d8818472aaaf2b4705746011753f30f447c8f58dd34d29606daf57eadc172529837058cb78a378b19da8d63c321f550dfa256b5fd9f30e93d8f377443bfcd125f86a079a1765d2010be73d060f24eebae8d05e644688b2149bc39e18bd527bc066f2ba":32:"eae48137":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"78b5c28d62e4b2097873a1180bd5a3a5":"":"c93902c2819ee494f0fc4b259ee65dd8":"e6b1192674a02083a6cf36d4ba93ba40a5331fadf63fd1eb2efa2ee9c0d8818472aaaf2b4705746011753f30f447c8f58dd34d29606daf57eadc172529837058cb78a378b19da8d63c321f550dfa256b5fd9f30e93d8f377443bfcd125f86a079a1765d2010be73d060f24eebae8d05e644688b2149bc39e18bd527bc066f2ba":32:"eae48137":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d84130578070e036c9e3df5b5509473":"":"3b9b4950523a19c6866fd2b0cde541fd":"a764931e1b21a140c54a8619aacdb4358834987fb6e263cec525f888f9e9764c165aaa7db74f2c42273f912daeae6d72b232a872ac2c652d7cd3af3a5753f58331c11b6c866475697876dbc4c6ca0e52a00ba015ee3c3b7fb444c6e50a4b4b9bbe135fc0632d32a3f79f333d8f487771ed12522e664b9cf90e66da267f47a74d":32:"79987692":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d84130578070e036c9e3df5b5509473":"":"3b9b4950523a19c6866fd2b0cde541fd":"a764931e1b21a140c54a8619aacdb4358834987fb6e263cec525f888f9e9764c165aaa7db74f2c42273f912daeae6d72b232a872ac2c652d7cd3af3a5753f58331c11b6c866475697876dbc4c6ca0e52a00ba015ee3c3b7fb444c6e50a4b4b9bbe135fc0632d32a3f79f333d8f487771ed12522e664b9cf90e66da267f47a74d":32:"79987692":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"08428605ab4742a3e8a55354d4764620":"":"128f5f4a817e4af04113847a223adeb0":"464b484ed79d93a48e0f804e04df69d7ca10ad04ba7188d69e6549ab50503baaec67e0acba5537d1163c868fd3e350e9d0ae9123046bc76815c201a947aa4a7e4ed239ce889d4ff9c8d043877de06df5fc27cf67442b729b02e9c30287c0821ef9fa15d4cccbc53a95fa9ec3ed432ca960ebbf5a169ccada95a5bf4c7c968830":32:"3eb3e3a2":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"08428605ab4742a3e8a55354d4764620":"":"128f5f4a817e4af04113847a223adeb0":"464b484ed79d93a48e0f804e04df69d7ca10ad04ba7188d69e6549ab50503baaec67e0acba5537d1163c868fd3e350e9d0ae9123046bc76815c201a947aa4a7e4ed239ce889d4ff9c8d043877de06df5fc27cf67442b729b02e9c30287c0821ef9fa15d4cccbc53a95fa9ec3ed432ca960ebbf5a169ccada95a5bf4c7c968830":32:"3eb3e3a2":"":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0dd358bc3f992f26e81e3a2f3aa2d517":"87cc4fd75788c9d5cc83bae5d764dd249d178ab23224049795d4288b5ed9ea3f317068a39a7574b300c8544226e87b08e008fbe241d094545c211d56ac44437d41491a438272738968c8d371aa7787b5f606c8549a9d868d8a71380e9657d3c0337979feb01de5991fc1470dfc59eb02511efbbff3fcb479a862ba3844a25aaa":"d8c750bb443ee1a169dfe97cfe4d855b":"":128:"a81d13973baa22a751833d7d3f94b3b1":"77949b29f085bb3abb71a5386003811233056d3296eb093370f7777dadd306d93d59dcb9754d3857cf2758091ba661f845ef0582f6ae0e134328106f0d5d16b541cd74fdc756dc7b53f4f8a194daeea9369ebb1630c01ccb307b848e9527da20a39898d748fd59206f0b79d0ed946a8958033a45bd9ae673518b32606748eb65":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0dd358bc3f992f26e81e3a2f3aa2d517":"87cc4fd75788c9d5cc83bae5d764dd249d178ab23224049795d4288b5ed9ea3f317068a39a7574b300c8544226e87b08e008fbe241d094545c211d56ac44437d41491a438272738968c8d371aa7787b5f606c8549a9d868d8a71380e9657d3c0337979feb01de5991fc1470dfc59eb02511efbbff3fcb479a862ba3844a25aaa":"d8c750bb443ee1a169dfe97cfe4d855b":"":128:"a81d13973baa22a751833d7d3f94b3b1":"":"77949b29f085bb3abb71a5386003811233056d3296eb093370f7777dadd306d93d59dcb9754d3857cf2758091ba661f845ef0582f6ae0e134328106f0d5d16b541cd74fdc756dc7b53f4f8a194daeea9369ebb1630c01ccb307b848e9527da20a39898d748fd59206f0b79d0ed946a8958033a45bd9ae673518b32606748eb65":0
AES-GCM NIST Validation (AES-128,128,1024,0,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"43b5f18227e5c74288dbeff03801acd6":"f58d630f10cfca61d4644d4f6505bab629e8e8faf1673e64417f9b79e622966a7011cfb3ff74db5cebf09ad3f41643d4437d213204a6c8397e7d59b8a5b1970aed2b6bb5ea1933c72c351f6ba96c0b0b98188f6e373f5db6c5ebece911ec7a1848abd3ae335515c774e0027dab7d1c07d047d3b8825ff94222dbaf6f9ab597ee":"08ee12246cf7edb81da3d610f3ebd167":"":128:"82d83b2f7da218d1d1441a5b37bcb065":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"43b5f18227e5c74288dbeff03801acd6":"f58d630f10cfca61d4644d4f6505bab629e8e8faf1673e64417f9b79e622966a7011cfb3ff74db5cebf09ad3f41643d4437d213204a6c8397e7d59b8a5b1970aed2b6bb5ea1933c72c351f6ba96c0b0b98188f6e373f5db6c5ebece911ec7a1848abd3ae335515c774e0027dab7d1c07d047d3b8825ff94222dbaf6f9ab597ee":"08ee12246cf7edb81da3d610f3ebd167":"":128:"82d83b2f7da218d1d1441a5b37bcb065":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a433c612d7e1bdff881e4d63ba8b141":"ce10758332f423228b5e4ae31efda7677586934a1d8f05d9b7a0dc4e2010ec3eaacb71a527a5fff8e787d75ebd24ad163394c891b33477ed9e2a2d853c364cb1c5d0bc317fcaf4010817dbe5f1fd1037c701b291b3a66b164bc818bf5c00a4c210a1671faa574d74c7f3543f6c09aaf117e12e2eb3dae55edb1cc5b4086b617d":"8b670cf31f470f79a6c0b79e73863ca1":"":128:"8526fd25daf890e79946a205b698f287":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a433c612d7e1bdff881e4d63ba8b141":"ce10758332f423228b5e4ae31efda7677586934a1d8f05d9b7a0dc4e2010ec3eaacb71a527a5fff8e787d75ebd24ad163394c891b33477ed9e2a2d853c364cb1c5d0bc317fcaf4010817dbe5f1fd1037c701b291b3a66b164bc818bf5c00a4c210a1671faa574d74c7f3543f6c09aaf117e12e2eb3dae55edb1cc5b4086b617d":"8b670cf31f470f79a6c0b79e73863ca1":"":128:"8526fd25daf890e79946a205b698f287":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8e9d75c781d63b29f1816859f7a0e0a0":"a9f1883f58e4ef78377992101ab86da0dafcefa827904dd94dff6f6704b1e45517165a34c5555a55b04c6992fb6d0840a71bd262fe59815e5c7b80fe803b47d5ba44982a3f72cb42f591d8b62df38c9f56a5868af8f68242e3a15f97be8ef2399dbace1273f509623b6f9e4d27a97436aebf2d044e75f1c62694db77ceac05de":"748a3b486b62a164cedcf1bab9325add":"":120:"131e0e4ce46d768674a7bcacdcef9c":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8e9d75c781d63b29f1816859f7a0e0a0":"a9f1883f58e4ef78377992101ab86da0dafcefa827904dd94dff6f6704b1e45517165a34c5555a55b04c6992fb6d0840a71bd262fe59815e5c7b80fe803b47d5ba44982a3f72cb42f591d8b62df38c9f56a5868af8f68242e3a15f97be8ef2399dbace1273f509623b6f9e4d27a97436aebf2d044e75f1c62694db77ceac05de":"748a3b486b62a164cedcf1bab9325add":"":120:"131e0e4ce46d768674a7bcacdcef9c":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe6b8553002c69396d9976bb48d30779":"786f4801b16de7a4931ab143b269c7acc68f1ed9b17a95e8929ccec7d53413059fd4267bedbf079d9d69e90314c1345bc9cb9132f1af69323157ddf7533ced42b4b7bd39004f14d326f5b03bc19084d231d93bcab328312d99b426c1e86e8e049d380bb492e2e32ad690af4cf86838d89a0dfdcbc30e8c9e9039e423a234e113":"595b17d0d76b83780235f5e0c92bd21f":"":120:"8879de07815a88877b0623de9be411":"b15dc7cd44adcb0783f30f592e5e03ccd47851725af9fe45bfc5b01ae35779b9a8b3f26fec468b188ec3cad40785c608d6bfd867b0ccf07a836ec20d2d9b8451636df153a32b637e7dcdbd606603d9e53f6e4c4cc8396286ce64b0ea638c10e5a567c0bc8e808080b71be51381e051336e60bf1663f6d2d7640a575e0752553b":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe6b8553002c69396d9976bb48d30779":"786f4801b16de7a4931ab143b269c7acc68f1ed9b17a95e8929ccec7d53413059fd4267bedbf079d9d69e90314c1345bc9cb9132f1af69323157ddf7533ced42b4b7bd39004f14d326f5b03bc19084d231d93bcab328312d99b426c1e86e8e049d380bb492e2e32ad690af4cf86838d89a0dfdcbc30e8c9e9039e423a234e113":"595b17d0d76b83780235f5e0c92bd21f":"":120:"8879de07815a88877b0623de9be411":"":"b15dc7cd44adcb0783f30f592e5e03ccd47851725af9fe45bfc5b01ae35779b9a8b3f26fec468b188ec3cad40785c608d6bfd867b0ccf07a836ec20d2d9b8451636df153a32b637e7dcdbd606603d9e53f6e4c4cc8396286ce64b0ea638c10e5a567c0bc8e808080b71be51381e051336e60bf1663f6d2d7640a575e0752553b":0
AES-GCM NIST Validation (AES-128,128,1024,0,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"14898c56009b459172fef9c17993b54f":"e7ba6ef722273238b975d551f95d3e77e9b75b24c547b86eafb457d409803bdf6e1443839d8604ee497020e1a3dbd687a819b17fdde0fcf240ce2129792792a58bfcd825773001ee959bf9ec8d228e27ce1cd93d7fb86769a3793361b6f82bf7daf284afc1ece657a1ee6346ea9294880755b9b623563ad2657ba2286488a2ef":"0862f8f87289988711a877d3231d44eb":"":120:"36938974301ae733760f83439437c4":"3fd56897a62743e0ab4a465bcc9777d5fd21ad2c9a59d7e4e1a60feccdc722b9820ec65cb47e1d1160d12ff2ea93abe11bc101b82514ead7d542007fee7b4e2dd6822849cd3e82d761ff7cf5ce4f40ad9fec54050a632a401451b426812cf03c2b16a8667a88bb3f7497e3308a91de6fd646d6a3562c92c24272411229a90802":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"14898c56009b459172fef9c17993b54f":"e7ba6ef722273238b975d551f95d3e77e9b75b24c547b86eafb457d409803bdf6e1443839d8604ee497020e1a3dbd687a819b17fdde0fcf240ce2129792792a58bfcd825773001ee959bf9ec8d228e27ce1cd93d7fb86769a3793361b6f82bf7daf284afc1ece657a1ee6346ea9294880755b9b623563ad2657ba2286488a2ef":"0862f8f87289988711a877d3231d44eb":"":120:"36938974301ae733760f83439437c4":"":"3fd56897a62743e0ab4a465bcc9777d5fd21ad2c9a59d7e4e1a60feccdc722b9820ec65cb47e1d1160d12ff2ea93abe11bc101b82514ead7d542007fee7b4e2dd6822849cd3e82d761ff7cf5ce4f40ad9fec54050a632a401451b426812cf03c2b16a8667a88bb3f7497e3308a91de6fd646d6a3562c92c24272411229a90802":0
AES-GCM NIST Validation (AES-128,128,1024,0,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe5253d4b071793b081ebc122cc2a5f8":"b57a0bd7714ae95e77fa9452e11a7ed4a2bec60f81ad6ddb956d4b1cb5dfc277dcb4034d501801b26733b5e08c710c3cfdccc1b208dc7a92cd7ebe166320582bcaff64cc943c36fbe7008f004e5db70c40de05fa68b0c9d4c16c8f976130f20702b99674cd2f4c93aeaeb3abca4b1114dbc3a4b33e1226ad801aa0e21f7cc49b":"49e82d86804e196421ec19ddc8541066":"":112:"e8b8ae34f842277fe92729e891e3":"c4a31c7ec820469f895d57579f987733337ec6547d78d17c44a18fab91f0322cfe05f23f9afaf019cf9531dec2d420f3591d334f40d78643fd957b91ab588a7e392447bd702652017ede7fb0d61d444a3b3cc4136e1d4df13d9532eb71bcf3ff0ae65e847e1c572a2f90632362bc424da2249b36a84be2c2bb216ae7708f745c":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe5253d4b071793b081ebc122cc2a5f8":"b57a0bd7714ae95e77fa9452e11a7ed4a2bec60f81ad6ddb956d4b1cb5dfc277dcb4034d501801b26733b5e08c710c3cfdccc1b208dc7a92cd7ebe166320582bcaff64cc943c36fbe7008f004e5db70c40de05fa68b0c9d4c16c8f976130f20702b99674cd2f4c93aeaeb3abca4b1114dbc3a4b33e1226ad801aa0e21f7cc49b":"49e82d86804e196421ec19ddc8541066":"":112:"e8b8ae34f842277fe92729e891e3":"":"c4a31c7ec820469f895d57579f987733337ec6547d78d17c44a18fab91f0322cfe05f23f9afaf019cf9531dec2d420f3591d334f40d78643fd957b91ab588a7e392447bd702652017ede7fb0d61d444a3b3cc4136e1d4df13d9532eb71bcf3ff0ae65e847e1c572a2f90632362bc424da2249b36a84be2c2bb216ae7708f745c":0
AES-GCM NIST Validation (AES-128,128,1024,0,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b3502d6f0d172246e16503cdf5793296":"09268b8046f1558794e35cdc4945b94227a176dd8cb77f92f883542b1c4be698c379541fd1d557c2a07c7206afdd49506d6a1559123de1783c7a60006df06d87f9119fb105e9b278eb93f81fd316b6fdc38ef702a2b9feaa878a0d1ea999db4c593438f32e0f849f3adabf277a161afb5c1c3460039156eec78944d5666c2563":"6ce994689ff72f9df62f386a187c1a13":"":112:"21cdf44ff4993eb54b55d58e5a8f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b3502d6f0d172246e16503cdf5793296":"09268b8046f1558794e35cdc4945b94227a176dd8cb77f92f883542b1c4be698c379541fd1d557c2a07c7206afdd49506d6a1559123de1783c7a60006df06d87f9119fb105e9b278eb93f81fd316b6fdc38ef702a2b9feaa878a0d1ea999db4c593438f32e0f849f3adabf277a161afb5c1c3460039156eec78944d5666c2563":"6ce994689ff72f9df62f386a187c1a13":"":112:"21cdf44ff4993eb54b55d58e5a8f":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5fb33dd73db309b9dfd3aee605cd94bf":"f4e011f8c99038c46854b427475f23488077ebf051c4b705a1adfdd493a0a10af7a7e9453965b94f52f61ae62ce9243a82a2dbf9c5a285db3fe34ed34ed08b5926f34c48171195f7062d02a6e6e795322a0475017371cb8f645cdcac94afc66dc43e7583bdf1c25790f4235076a53de6c64f3bc5004e5a9ce4783fbf639fad97":"3f6486f9e9e645292e0e425bac232268":"":112:"7ee5e0e2082b18d09abf141f902e":"0503cb531f1c967dae24f16dd651d544988a732020134896a0f109222e8639bf29ff69877c6ef4ac3df1b260842f909384e3d4409b99a47112681c4b17430041ca447a903a6c1b138f0efbb3b850d8290fceac9723a32edbf8e2d6e8143b1cbc7bf2d28d1b6c7f341a69918758cc82bbab5d898fa0f572d4ceaa11234cb511ec":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5fb33dd73db309b9dfd3aee605cd94bf":"f4e011f8c99038c46854b427475f23488077ebf051c4b705a1adfdd493a0a10af7a7e9453965b94f52f61ae62ce9243a82a2dbf9c5a285db3fe34ed34ed08b5926f34c48171195f7062d02a6e6e795322a0475017371cb8f645cdcac94afc66dc43e7583bdf1c25790f4235076a53de6c64f3bc5004e5a9ce4783fbf639fad97":"3f6486f9e9e645292e0e425bac232268":"":112:"7ee5e0e2082b18d09abf141f902e":"":"0503cb531f1c967dae24f16dd651d544988a732020134896a0f109222e8639bf29ff69877c6ef4ac3df1b260842f909384e3d4409b99a47112681c4b17430041ca447a903a6c1b138f0efbb3b850d8290fceac9723a32edbf8e2d6e8143b1cbc7bf2d28d1b6c7f341a69918758cc82bbab5d898fa0f572d4ceaa11234cb511ec":0
AES-GCM NIST Validation (AES-128,128,1024,0,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a958fe3b520081b638d9e4c7d5da7ac7":"dfa9487378c7d8af9c8dbd9e533cd81503d9e4e7dab43133bad11fd3050a53a833df9cc3208af1a86110567d311d5fc54b0d627de433c381b10e113898203ac5225140f951cdb64c6494592b6453f9b6f952ec5ece732fb46c09a324f26b27cdad63588006bb5c6c00b9aa10d5d3b2f9eaab69beeddd6f93966654f964260018":"c396109e96afde6f685d3c38aa3c2fae":"":104:"06ca91004be43cf46ed4599e23":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a958fe3b520081b638d9e4c7d5da7ac7":"dfa9487378c7d8af9c8dbd9e533cd81503d9e4e7dab43133bad11fd3050a53a833df9cc3208af1a86110567d311d5fc54b0d627de433c381b10e113898203ac5225140f951cdb64c6494592b6453f9b6f952ec5ece732fb46c09a324f26b27cdad63588006bb5c6c00b9aa10d5d3b2f9eaab69beeddd6f93966654f964260018":"c396109e96afde6f685d3c38aa3c2fae":"":104:"06ca91004be43cf46ed4599e23":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ec319fb143eac8215b51541daec268f2":"d298d988e74927736237eb8ab09d7a86b854fa2fd1f7f3be83b417ac10aa9291f4af5b3fbaf75a296ac32369ad57ded3984b84711953e477de3035ba430a30ffb84c941936e6c8d2cae8d80159876f87dd682747f2dccc36d7c32ab227032b8ac70b313fa4202ea236e3ec4d9e4d8b48cf3b90b378edc5b1dbeec929549344f8":"8a4684f42a1775b03806574f401cff78":"":104:"e91acb1bfda191630b560debc9":"27ce4a622959930f4059f247d29d1438257093cc973bf1bae4e0515da88b9a7e21ec59c7e4d062035cdf88b91254d856b11c8c1944865fa12922227ded3eecccaa36341ecf5405c708e9ea173f1e6cdf090499d3bb079910771080814607a1efe62ec6835dc0333d19dd39dd9ea9f31cd3632128536149a122050bb9365b521d":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ec319fb143eac8215b51541daec268f2":"d298d988e74927736237eb8ab09d7a86b854fa2fd1f7f3be83b417ac10aa9291f4af5b3fbaf75a296ac32369ad57ded3984b84711953e477de3035ba430a30ffb84c941936e6c8d2cae8d80159876f87dd682747f2dccc36d7c32ab227032b8ac70b313fa4202ea236e3ec4d9e4d8b48cf3b90b378edc5b1dbeec929549344f8":"8a4684f42a1775b03806574f401cff78":"":104:"e91acb1bfda191630b560debc9":"":"27ce4a622959930f4059f247d29d1438257093cc973bf1bae4e0515da88b9a7e21ec59c7e4d062035cdf88b91254d856b11c8c1944865fa12922227ded3eecccaa36341ecf5405c708e9ea173f1e6cdf090499d3bb079910771080814607a1efe62ec6835dc0333d19dd39dd9ea9f31cd3632128536149a122050bb9365b521d":0
AES-GCM NIST Validation (AES-128,128,1024,0,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"14a3e69f351ac39b4297749a90c1365c":"051224f7b208549dcfda5f9d56ce5f0a072ef1f23f3810c693516c92622be6ed4d7a9e0f9450980ba490b2e9e3468ea7eef10bc9ebd673d91f32b748c1bf2c50cc4ebb59fc409c6d780bba00700d563ce1dc9927a6c860095a42ed053f3d640debfbfa7a4e6d5de234af19755000d95e7f414f1f78285ee165410c020038286b":"eb1c6c04437aa5a32bcc208bb3c01724":"":104:"e418815960559aefee8e0c3831":"797310a6ed9ce47cdc25f7f88f5dbbf6f8f4837701704d7afced250585922744598d6f95ba2eecf86e030cc5ee71b328fc1c4f2d4df945d1b91a2803d6ae8eba6881be5fe0f298dd0c0279e12720ede60b9e857ccca5abe9b4d7ee7f25108beebbfe33f05c0d9903bf613c2e7ed6a87b71b5e386d81b3ae53efd01055bbcccc2":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"14a3e69f351ac39b4297749a90c1365c":"051224f7b208549dcfda5f9d56ce5f0a072ef1f23f3810c693516c92622be6ed4d7a9e0f9450980ba490b2e9e3468ea7eef10bc9ebd673d91f32b748c1bf2c50cc4ebb59fc409c6d780bba00700d563ce1dc9927a6c860095a42ed053f3d640debfbfa7a4e6d5de234af19755000d95e7f414f1f78285ee165410c020038286b":"eb1c6c04437aa5a32bcc208bb3c01724":"":104:"e418815960559aefee8e0c3831":"":"797310a6ed9ce47cdc25f7f88f5dbbf6f8f4837701704d7afced250585922744598d6f95ba2eecf86e030cc5ee71b328fc1c4f2d4df945d1b91a2803d6ae8eba6881be5fe0f298dd0c0279e12720ede60b9e857ccca5abe9b4d7ee7f25108beebbfe33f05c0d9903bf613c2e7ed6a87b71b5e386d81b3ae53efd01055bbcccc2":0
AES-GCM NIST Validation (AES-128,128,1024,0,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c34827771fc3918d1cee09ba9401b832":"ce79701b661066e53191c9acdaf677ad41622314898d7216e3f113e2e6e215d26d8bd139827f06ab3ea5c4105694e87db1dd6cec10e1f86a8744d4c541f08e40319e22ab42fc1a6c89edfd486b6f142c6bbbf84a73912e0b2e55b79db306ccabf839855afdd889e52ae981520c89e7dc29bb2adb1906cca8c93fcb21290a095b":"2379bbd39a1c22bc93b9b9cc45f3840b":"":96:"26e1f6cf0d9e0f36dfd669eb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c34827771fc3918d1cee09ba9401b832":"ce79701b661066e53191c9acdaf677ad41622314898d7216e3f113e2e6e215d26d8bd139827f06ab3ea5c4105694e87db1dd6cec10e1f86a8744d4c541f08e40319e22ab42fc1a6c89edfd486b6f142c6bbbf84a73912e0b2e55b79db306ccabf839855afdd889e52ae981520c89e7dc29bb2adb1906cca8c93fcb21290a095b":"2379bbd39a1c22bc93b9b9cc45f3840b":"":96:"26e1f6cf0d9e0f36dfd669eb":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b1f9bd2006ec550b7b9913d383200b5d":"6d9fc8f586d50d6e0128172ae147844e80136905d3a297497a9566ca7c7445029028f14c9950acee92a5c12a9150f5e024e01c7505dd83937542b0b1288de9c292ae8ad918a09b2edf8493540b74c73d2794f2eb6eed18eba520ddea9567462c83330f33d7892fcde0b10c73a4e26ab1bef037cec7e0190b95188e9a752fee6f":"ca28fa6b64bb3b32ef7d211f1c8be759":"":96:"c87aac7ad0e85dbb103c0733":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b1f9bd2006ec550b7b9913d383200b5d":"6d9fc8f586d50d6e0128172ae147844e80136905d3a297497a9566ca7c7445029028f14c9950acee92a5c12a9150f5e024e01c7505dd83937542b0b1288de9c292ae8ad918a09b2edf8493540b74c73d2794f2eb6eed18eba520ddea9567462c83330f33d7892fcde0b10c73a4e26ab1bef037cec7e0190b95188e9a752fee6f":"ca28fa6b64bb3b32ef7d211f1c8be759":"":96:"c87aac7ad0e85dbb103c0733":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8b2cef1a92aa0af2b00fb2a99855d5bc":"fd09525ef3c65ab5823e1b6c36b4a9449a3975c5d3a9e7e33c61fb32edcbb8e8c915b6202e3fbce87d73cc3b66d83d9ea7e1e353cc7468f08626932cf0235563e2a28953ee5a0afadb1c3cb513b1f1fc9a8a6cf326174b877448672f7731dd6430a51619da1a169ab302da5af5b38802f8bbf5890b5d9b45deda799679501dc4":"08d87b7acee87d884667f6b1e32e34d0":"":96:"3bd7685318010b0c5fe3308b":"583e64631c218549923e8ad33b728d07f23b0f19d2aff1ad7e20d564c591db0e117caa8f21e3f3345e3d84f0ccbb27274cddf9274410fc342cb2a5d4aea4e925d0dd5350389ee0dea23a842ff3f5c1198374a96f41e055f999cfbc2f47ceaa883da8eb6ff729f583eff1f91bd3f3254d4e81e60d9993b3455e67f405708e4422":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8b2cef1a92aa0af2b00fb2a99855d5bc":"fd09525ef3c65ab5823e1b6c36b4a9449a3975c5d3a9e7e33c61fb32edcbb8e8c915b6202e3fbce87d73cc3b66d83d9ea7e1e353cc7468f08626932cf0235563e2a28953ee5a0afadb1c3cb513b1f1fc9a8a6cf326174b877448672f7731dd6430a51619da1a169ab302da5af5b38802f8bbf5890b5d9b45deda799679501dc4":"08d87b7acee87d884667f6b1e32e34d0":"":96:"3bd7685318010b0c5fe3308b":"":"583e64631c218549923e8ad33b728d07f23b0f19d2aff1ad7e20d564c591db0e117caa8f21e3f3345e3d84f0ccbb27274cddf9274410fc342cb2a5d4aea4e925d0dd5350389ee0dea23a842ff3f5c1198374a96f41e055f999cfbc2f47ceaa883da8eb6ff729f583eff1f91bd3f3254d4e81e60d9993b3455e67f405708e4422":0
AES-GCM NIST Validation (AES-128,128,1024,0,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"175c306f8644b0c4b894ae3d0971505e":"fbe7ced7048f83e3a075661c4924eb77da1b4d6019d504afb942d728b31fd3b17557bd101c08453540a5e28d3505aeb8801a448afac2d9f68d20c0a31c7ef22bd95438851789eef1bebe8d96ac29607025b7e1366fecd3690ba90c315528dc435d9a786d36a16808d4b3e2c7c5175a1279792f1daccf51b2f91ac839465bb89a":"9860268ca2e10974f3726a0e5b9b310f":"":64:"f809105e5fc5b13c":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"175c306f8644b0c4b894ae3d0971505e":"fbe7ced7048f83e3a075661c4924eb77da1b4d6019d504afb942d728b31fd3b17557bd101c08453540a5e28d3505aeb8801a448afac2d9f68d20c0a31c7ef22bd95438851789eef1bebe8d96ac29607025b7e1366fecd3690ba90c315528dc435d9a786d36a16808d4b3e2c7c5175a1279792f1daccf51b2f91ac839465bb89a":"9860268ca2e10974f3726a0e5b9b310f":"":64:"f809105e5fc5b13c":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"08c0edcfe342a676ccdc04bdf854b4b0":"1fc8ef8480c32d908b4bcbfa7074a38e915c20ed7a1c608422087e89442d7c5af6fe9c9a716c55793248062d8e6c6e8e904e2804da3a43701e4c78ecdb67e0b25308afc6d9b463356439cd095cff1bdf0fd91ab301c79fd257046cba79a5d5cd99f2502ad968420e4d499110106072dc687f434db0955c756a174a9024373c48":"4a7b70753930fe659f8cc38e5833f0c7":"":64:"9ab1e2f3c4606376":"983458c3f198bc685d98cea2b23cf71f0eb126e90937cab3492a46d9dc85d76bbb8035c6e209c34b2a7187df007faabe9f3064dc63f1cb15bf5a10655e39b94732e0c6583d56327e9701344e048887a81b256181cdfa9ec42ebc990875e4852240ddcb3cbc4ea4e6307075fd314f7190f3553267bd68b19e954e310ec3f8dbab":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"08c0edcfe342a676ccdc04bdf854b4b0":"1fc8ef8480c32d908b4bcbfa7074a38e915c20ed7a1c608422087e89442d7c5af6fe9c9a716c55793248062d8e6c6e8e904e2804da3a43701e4c78ecdb67e0b25308afc6d9b463356439cd095cff1bdf0fd91ab301c79fd257046cba79a5d5cd99f2502ad968420e4d499110106072dc687f434db0955c756a174a9024373c48":"4a7b70753930fe659f8cc38e5833f0c7":"":64:"9ab1e2f3c4606376":"":"983458c3f198bc685d98cea2b23cf71f0eb126e90937cab3492a46d9dc85d76bbb8035c6e209c34b2a7187df007faabe9f3064dc63f1cb15bf5a10655e39b94732e0c6583d56327e9701344e048887a81b256181cdfa9ec42ebc990875e4852240ddcb3cbc4ea4e6307075fd314f7190f3553267bd68b19e954e310ec3f8dbab":0
AES-GCM NIST Validation (AES-128,128,1024,0,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"241067a0301edf0f825d793e03383ea1":"6984bb9830843529fad7f5e7760db89c778d62c764fcd2136ffb35d7d869f62f61d7fef64f65b7136398c1b5a792844528a18a13fba40b186ae08d1153b538007fc460684e2add8a9ed8dd82acbb8d357240daaa0c4deb979e54715545db03fe22e6d3906e89bdc81d535dae53075a58f65099434bfeed943dbc6024a92aa06a":"a30994261f48a66bb6c1fc3d69659228":"":64:"36c3b4a732ba75ae":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"241067a0301edf0f825d793e03383ea1":"6984bb9830843529fad7f5e7760db89c778d62c764fcd2136ffb35d7d869f62f61d7fef64f65b7136398c1b5a792844528a18a13fba40b186ae08d1153b538007fc460684e2add8a9ed8dd82acbb8d357240daaa0c4deb979e54715545db03fe22e6d3906e89bdc81d535dae53075a58f65099434bfeed943dbc6024a92aa06a":"a30994261f48a66bb6c1fc3d69659228":"":64:"36c3b4a732ba75ae":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"03cccb5357bd2848332d1696f2ff90cb":"5e2f18cbc1e773df9f28be08abb3d0b64d545c870c5778ac8bb396bef857d2ac1342ae1afb3bf5d64e667bf837458415d48396204fe560e3b635eb10e560e437f2d0396952998fd36e116cd047c1d7f6fc9901094454d24165c557a8816e0d0a8e0ce41e040ba6f26ca567c74fc47d9738b8cd8dae5dfc831c65bc1ba9603a07":"e0754022dfb1f813ccaf321558790806":"":32:"c75f0246":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"03cccb5357bd2848332d1696f2ff90cb":"5e2f18cbc1e773df9f28be08abb3d0b64d545c870c5778ac8bb396bef857d2ac1342ae1afb3bf5d64e667bf837458415d48396204fe560e3b635eb10e560e437f2d0396952998fd36e116cd047c1d7f6fc9901094454d24165c557a8816e0d0a8e0ce41e040ba6f26ca567c74fc47d9738b8cd8dae5dfc831c65bc1ba9603a07":"e0754022dfb1f813ccaf321558790806":"":32:"c75f0246":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4e5e53c84a05d5a5348bac7b2611cf62":"489c00c05dec06f282924c680f621ab99ac87f7d33ebbb4ca0eee187ec177d30d2b4afb4ee9f0dc019cf1a4da16d84b7f5f5c7fce72a32461db115b5a5a433024fd5ed3d47161836bb057a0189ed768f95e45fa967d0cc512fc91b555808c4033c945e8f2f7d36428dcb61f697e791b74e5c79b2bcb9cb81bec70d8119cd8d76":"47e40543b7d16bc9122c40b106d31d43":"":32:"81eec75d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4e5e53c84a05d5a5348bac7b2611cf62":"489c00c05dec06f282924c680f621ab99ac87f7d33ebbb4ca0eee187ec177d30d2b4afb4ee9f0dc019cf1a4da16d84b7f5f5c7fce72a32461db115b5a5a433024fd5ed3d47161836bb057a0189ed768f95e45fa967d0cc512fc91b555808c4033c945e8f2f7d36428dcb61f697e791b74e5c79b2bcb9cb81bec70d8119cd8d76":"47e40543b7d16bc9122c40b106d31d43":"":32:"81eec75d":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c94008bf377f90b7a1c0d2ea38f730c":"7b3d619d115de9970b2df4e1f25194940b3f3da04c653231e8e6946de9dc08ae5ba37e2a93c232e1f9445f31c01333045f22bd832e3b5f9833f37070fafb0ef1c44cc5637058ab64d9e07bb81b32852d4cf749a3ddbfdb494f8de8bb4e31f46033f8a16bc22e2595d023845505ea5db74dd69ab4ca940078b09efb4ff19bdb66":"abfe92931a8411a39986b74560a38211":"":32:"47d42e78":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c94008bf377f90b7a1c0d2ea38f730c":"7b3d619d115de9970b2df4e1f25194940b3f3da04c653231e8e6946de9dc08ae5ba37e2a93c232e1f9445f31c01333045f22bd832e3b5f9833f37070fafb0ef1c44cc5637058ab64d9e07bb81b32852d4cf749a3ddbfdb494f8de8bb4e31f46033f8a16bc22e2595d023845505ea5db74dd69ab4ca940078b09efb4ff19bdb66":"abfe92931a8411a39986b74560a38211":"":32:"47d42e78":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"69eedf3777e594c30e94e9c5e2bce467":"5114e9983c96fecec3f7304ca42f52aa16cb7c6aadfb62ad537c93a3188835ca0703dad34c73cf96435b668b68a7a1d056931959316e8d3ab956bf64c4e07479c7767f9d488b0c0c351333ccf400b7e0be19a0fd173e3f2a1ae313f27e516952260fd2da9ab9daca478ebb93cd07d0b7503b32364d8e308d904d966c58f226bb":"a3330638a809ba358d6c098e4342b81e":"df4e3f2b47cf0e8590228fcf9913fb8a5eb9751bba318fd2d57be68c7e788e04fabf303699b99f26313d1c4956105cd2817aad21b91c28f3b9251e9c0b354490fa5abfcea0065aa3cc9b96772eb8af06a1a9054bf12d3ae698dfb01a13f989f8b8a4bb61686cf3adf58f05873a24d403a62a092290c2481e4159588fea6b9a09":128:"5de3068e1e20eed469265000077b1db9":"208e6321238bf5c6e2ef55a4b8f531cbbfb0d77374fe32df6dd663486cf79beeed39bb6910c3c78dd0cc30707a0a12b226b2d06024db25dcd8a4e620f009cafa5242121e864c7f3f4360aaf1e9d4e548d99615156f156008418c1c41ff2bbc007cecf8f209c73203e6df89b32871de637b3d6af2e277d146ae03f3404d387b77":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"69eedf3777e594c30e94e9c5e2bce467":"5114e9983c96fecec3f7304ca42f52aa16cb7c6aadfb62ad537c93a3188835ca0703dad34c73cf96435b668b68a7a1d056931959316e8d3ab956bf64c4e07479c7767f9d488b0c0c351333ccf400b7e0be19a0fd173e3f2a1ae313f27e516952260fd2da9ab9daca478ebb93cd07d0b7503b32364d8e308d904d966c58f226bb":"a3330638a809ba358d6c098e4342b81e":"df4e3f2b47cf0e8590228fcf9913fb8a5eb9751bba318fd2d57be68c7e788e04fabf303699b99f26313d1c4956105cd2817aad21b91c28f3b9251e9c0b354490fa5abfcea0065aa3cc9b96772eb8af06a1a9054bf12d3ae698dfb01a13f989f8b8a4bb61686cf3adf58f05873a24d403a62a092290c2481e4159588fea6b9a09":128:"5de3068e1e20eed469265000077b1db9":"":"208e6321238bf5c6e2ef55a4b8f531cbbfb0d77374fe32df6dd663486cf79beeed39bb6910c3c78dd0cc30707a0a12b226b2d06024db25dcd8a4e620f009cafa5242121e864c7f3f4360aaf1e9d4e548d99615156f156008418c1c41ff2bbc007cecf8f209c73203e6df89b32871de637b3d6af2e277d146ae03f3404d387b77":0
AES-GCM NIST Validation (AES-128,128,1024,1024,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"45cc35311eedf0ba093bf901931a7036":"5dc8d7525eaad035c19714ae1b1e538cb66a4089027245351e0ad9297410fb3a0c1155407c10a8bb95a9ca624a9c9925dac003ee78926c6e90ff4ccdba10e8a78bda1c4478162a0e302de5ff05fb0f94c89c3c7429fb94828bdcd97d21333c2ee72963ee6f056ce272b8bab007e653a42b01d1d2041ba627f169c8c0d32e6dae":"fed5084de3c348f5a0adf4c2fd4e848a":"6e210914e4aed188d576f5ad7fc7e4cf7dd8d82f34ea3bcbdb7267cfd9045f806978dbff3460c4e8ff8c4edb6ad2edba405a8d915729d89aab2116b36a70b54f5920a97f5a571977e0329eda6c696749be940eabfc6d8b0bbd6fbdb87657b3a7695da9f5d3a7384257f20e0becd8512d3705cc246ee6ca1e610921cf92603d79":128:"266a895fc21da5176b44b446d7d1921d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"45cc35311eedf0ba093bf901931a7036":"5dc8d7525eaad035c19714ae1b1e538cb66a4089027245351e0ad9297410fb3a0c1155407c10a8bb95a9ca624a9c9925dac003ee78926c6e90ff4ccdba10e8a78bda1c4478162a0e302de5ff05fb0f94c89c3c7429fb94828bdcd97d21333c2ee72963ee6f056ce272b8bab007e653a42b01d1d2041ba627f169c8c0d32e6dae":"fed5084de3c348f5a0adf4c2fd4e848a":"6e210914e4aed188d576f5ad7fc7e4cf7dd8d82f34ea3bcbdb7267cfd9045f806978dbff3460c4e8ff8c4edb6ad2edba405a8d915729d89aab2116b36a70b54f5920a97f5a571977e0329eda6c696749be940eabfc6d8b0bbd6fbdb87657b3a7695da9f5d3a7384257f20e0becd8512d3705cc246ee6ca1e610921cf92603d79":128:"266a895fc21da5176b44b446d7d1921d":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9edb5231ca4a136b4df4ae22b8588f9f":"493df801c57f8bb591955712d92d3fc34518f0599fec8533b2b4473364e1df4f560c12444cf50eeb584676b7e955c742189de6b50b8e012dfa6642f3679fb02bc6d8e08d1db88c8ae955a7946263e06494e17f8df246b672942661e5563302252208f2e00a0d77068a020e26082c291a75a06f63c41e2830292a418b2b5fd9dd":"c342e9bdabe7be922b2695f5894e032c":"a45c7f8032ac5144deef8d5380f033aea2786b0592720a867f4831eaccc6b85d3fd568aedc6e472e017455b0b5b30cf7a08ea43ca587f35e1646ecd9b4dc774d11e350c82c65692be1e9541cbd72a283bdcf93dc7115545f373747b4f8d5915ed0c42fbeefd3e9bd86003d65efc2361fde5b874ddabcf8265e6b884615102eff":128:"5ed3ea75c8172fa0e8755fef7b4c90f1":"56696e501fac1e8d5b83ef911ed11337d5d51ff5342a82993dd5340bb9632e6606eef68ec5fe8cec6b34ebbc596c279e6cbc9221c4cde933f6d93ae014e3c4ca49593f35eaa638606d059519bac3a3373519e6184e7227d2aa62170c36479fe239cb698bfca863925a4c9fb1338685a55a6dfd3bd9c52d8ae12be8551fce6e1a":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9edb5231ca4a136b4df4ae22b8588f9f":"493df801c57f8bb591955712d92d3fc34518f0599fec8533b2b4473364e1df4f560c12444cf50eeb584676b7e955c742189de6b50b8e012dfa6642f3679fb02bc6d8e08d1db88c8ae955a7946263e06494e17f8df246b672942661e5563302252208f2e00a0d77068a020e26082c291a75a06f63c41e2830292a418b2b5fd9dd":"c342e9bdabe7be922b2695f5894e032c":"a45c7f8032ac5144deef8d5380f033aea2786b0592720a867f4831eaccc6b85d3fd568aedc6e472e017455b0b5b30cf7a08ea43ca587f35e1646ecd9b4dc774d11e350c82c65692be1e9541cbd72a283bdcf93dc7115545f373747b4f8d5915ed0c42fbeefd3e9bd86003d65efc2361fde5b874ddabcf8265e6b884615102eff":128:"5ed3ea75c8172fa0e8755fef7b4c90f1":"":"56696e501fac1e8d5b83ef911ed11337d5d51ff5342a82993dd5340bb9632e6606eef68ec5fe8cec6b34ebbc596c279e6cbc9221c4cde933f6d93ae014e3c4ca49593f35eaa638606d059519bac3a3373519e6184e7227d2aa62170c36479fe239cb698bfca863925a4c9fb1338685a55a6dfd3bd9c52d8ae12be8551fce6e1a":0
AES-GCM NIST Validation (AES-128,128,1024,1024,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d5fdcb8f5225090e63fae9b68f92c7cb":"d39b9cba95e3a3aab9bc1d03ff475c04faeb5b7f0510777f39e5a05756606eb7ddd154aac035d9ddaf3535629821dd8f014dedd52cd184f52fc706e3c89a3a271398c9125d9a624dafb297a56022ca2ea331ea7359ab5e65f8e14814788e64e0a886a9b1a0144bf268fdcf9d94c3d10a0452f40111da9df108252e9039eacea3":"581c818282a0905df5ffff652e5604e9":"f1ae6cd7b07f261105f555cf812a1d5bf8dd9aac07666318acffa11abb77d0238156663acbf7543825b45c6e9cddb481a40995ecd78bb5f4cba5df7c7efb00fc19c7f45e94d37697aca8ef368b99165393b6107f900194c797cd3289cb097eb5915f2abfd6aa52dd1effffdde448e30075a1c053246db54b0ec16eadca1c0071":120:"827e66b5b70dce56215cfb86c9a642":"cec11a12e47fd443f878e8e9fe23c65f29dd2d53cec59b799bcb0928de8e2f92fe85c27cec5c842ef30967b919accafe0c0d731b57f0bb5685d90a3061cb473e50e8aeca1346d1f47f7db06941f83f21ba5976d97c28cab547d8c1f38387a04b8a0b212da55b75fbaf9562eeeabd78eadcbab66457f0cd4e0d28133a64cb063f":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d5fdcb8f5225090e63fae9b68f92c7cb":"d39b9cba95e3a3aab9bc1d03ff475c04faeb5b7f0510777f39e5a05756606eb7ddd154aac035d9ddaf3535629821dd8f014dedd52cd184f52fc706e3c89a3a271398c9125d9a624dafb297a56022ca2ea331ea7359ab5e65f8e14814788e64e0a886a9b1a0144bf268fdcf9d94c3d10a0452f40111da9df108252e9039eacea3":"581c818282a0905df5ffff652e5604e9":"f1ae6cd7b07f261105f555cf812a1d5bf8dd9aac07666318acffa11abb77d0238156663acbf7543825b45c6e9cddb481a40995ecd78bb5f4cba5df7c7efb00fc19c7f45e94d37697aca8ef368b99165393b6107f900194c797cd3289cb097eb5915f2abfd6aa52dd1effffdde448e30075a1c053246db54b0ec16eadca1c0071":120:"827e66b5b70dce56215cfb86c9a642":"":"cec11a12e47fd443f878e8e9fe23c65f29dd2d53cec59b799bcb0928de8e2f92fe85c27cec5c842ef30967b919accafe0c0d731b57f0bb5685d90a3061cb473e50e8aeca1346d1f47f7db06941f83f21ba5976d97c28cab547d8c1f38387a04b8a0b212da55b75fbaf9562eeeabd78eadcbab66457f0cd4e0d28133a64cb063f":0
AES-GCM NIST Validation (AES-128,128,1024,1024,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"036198cd3a3ab9319684d0f811cf2992":"6b95b9e82a695fb7b466ce3adb536f525d8314f95eada39efb49baf121093ce7d5439f0d8223e03530b85accd388a70650ca9f7e63eb32afecb7b1916ed9b762128cc641caf3e08e027c3d88481d653b6b15172e977dfb9b3f88465911aee162501cbf8501ce2b66ee151bbfdc23225f638f18750c239d62471663e5ee2a5856":"47dffc6b3b80ffef4b943bde87b9cf3c":"ec4de476cd337f564a3facb544d0ff31cd89af4c3d9a28543e45156189f8eff8f804494dda83a1fb2c30ce858884a01ec63db59268452b1eea0f0d48280bb7340eaacc84509469dd94d303774d053d7ab4fb5f6c26581efeb19165f8cb09d58ec314d09ab8356731e87fd081f661e7b2d1a7c3aa4af5448a12b742e7b210b0b0":120:"6cf68a374bea08a977ec8a04b92e8b":"5c2f7c408167be3d266ff634e1993fe291aef7efae245fa0b6b5bde886a810c866ae6a078286684d1b66116e636e285f03646e09f3c4ed7b184e7c171ba84f3bfd9500c6f35964a404892b4cdcdd3f697fc5b01934a86019810987a9fea7efca016049873f1072f62df3c17f57ea1d88ccd8757f7e3c5d96e8a18d5366a39ea9":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"036198cd3a3ab9319684d0f811cf2992":"6b95b9e82a695fb7b466ce3adb536f525d8314f95eada39efb49baf121093ce7d5439f0d8223e03530b85accd388a70650ca9f7e63eb32afecb7b1916ed9b762128cc641caf3e08e027c3d88481d653b6b15172e977dfb9b3f88465911aee162501cbf8501ce2b66ee151bbfdc23225f638f18750c239d62471663e5ee2a5856":"47dffc6b3b80ffef4b943bde87b9cf3c":"ec4de476cd337f564a3facb544d0ff31cd89af4c3d9a28543e45156189f8eff8f804494dda83a1fb2c30ce858884a01ec63db59268452b1eea0f0d48280bb7340eaacc84509469dd94d303774d053d7ab4fb5f6c26581efeb19165f8cb09d58ec314d09ab8356731e87fd081f661e7b2d1a7c3aa4af5448a12b742e7b210b0b0":120:"6cf68a374bea08a977ec8a04b92e8b":"":"5c2f7c408167be3d266ff634e1993fe291aef7efae245fa0b6b5bde886a810c866ae6a078286684d1b66116e636e285f03646e09f3c4ed7b184e7c171ba84f3bfd9500c6f35964a404892b4cdcdd3f697fc5b01934a86019810987a9fea7efca016049873f1072f62df3c17f57ea1d88ccd8757f7e3c5d96e8a18d5366a39ea9":0
AES-GCM NIST Validation (AES-128,128,1024,1024,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c9fbbff8f25f951ba874dfc5ff38584e":"ca401071396da00376add467490abc6e6a7d8a85852026979f7013a09cf689113c8d833560cd6c5b8fdaa8fdd818e773ac13954839a0a2c91efeaf4e0e14de43308419a8b86fa2ae600a88a6bd39dfaabc16a3c7c1b77a5c2aab7f7caceb2f8595324125efbb7c96ba16c47d0bd10568b24bf445d72d683268466e68e46df500":"1c1fc752673be6d4ff4cc749fc11e0fe":"abfde0b60acfe265b62ed68ebebc1f5f725f155c4b8a8aeec8d704701c51ff7817060c1b0ce6b80d6efc9836c9ea2bc022ec67db4cd34e945e3a1b153fd2e0f7ac84bb4b07e04cbb529ee24014b16067f9f082b940c9d5e54024d3e5e910310457478560721587da7b5343d89eec5a8fce389c01185db15e7faa9a3fa32e8ab9":120:"ff0b2c384e03b50e7e829c7a9f95aa":"239637fac6e180e71b2c9fa63ce8805f453d81499623ec2deba9b033350250662897867bffaf0c314244baf9e1fe3e1bb7c626d616bfbf3e0ac09a32aaf718b432337c9dc57c2d6fc4a0a09bdc05b9184d1b90c7193b7869f91e2caa8b3b35c10c6621ffae4c609bdf4e4e3f06e930541c381451ef58f4f30a559d2b79b0e6b6":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c9fbbff8f25f951ba874dfc5ff38584e":"ca401071396da00376add467490abc6e6a7d8a85852026979f7013a09cf689113c8d833560cd6c5b8fdaa8fdd818e773ac13954839a0a2c91efeaf4e0e14de43308419a8b86fa2ae600a88a6bd39dfaabc16a3c7c1b77a5c2aab7f7caceb2f8595324125efbb7c96ba16c47d0bd10568b24bf445d72d683268466e68e46df500":"1c1fc752673be6d4ff4cc749fc11e0fe":"abfde0b60acfe265b62ed68ebebc1f5f725f155c4b8a8aeec8d704701c51ff7817060c1b0ce6b80d6efc9836c9ea2bc022ec67db4cd34e945e3a1b153fd2e0f7ac84bb4b07e04cbb529ee24014b16067f9f082b940c9d5e54024d3e5e910310457478560721587da7b5343d89eec5a8fce389c01185db15e7faa9a3fa32e8ab9":120:"ff0b2c384e03b50e7e829c7a9f95aa":"":"239637fac6e180e71b2c9fa63ce8805f453d81499623ec2deba9b033350250662897867bffaf0c314244baf9e1fe3e1bb7c626d616bfbf3e0ac09a32aaf718b432337c9dc57c2d6fc4a0a09bdc05b9184d1b90c7193b7869f91e2caa8b3b35c10c6621ffae4c609bdf4e4e3f06e930541c381451ef58f4f30a559d2b79b0e6b6":0
AES-GCM NIST Validation (AES-128,128,1024,1024,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3a314ec178da96311e42334a616fb38b":"518b3f5384ab54f80497d55be7a5d6902bc7718386212c2ec7537db331514b3838f104bf9054e03039a4cfb73f41e5d0a9648e569ed738cea8d33917430dff6afa8f07a75e324b9262fa196a4439dcd66b0535ee5bea0d292600227c2a79ed03be0671740e5cb7b306d855612bd3abcbf02cf7e7cecbb6cdbb33d57b4e3234a2":"d7ea27c819e3eb2666611bb1c7fc068d":"db8dcc31a5681f13d56abd51bd2dcb0d2b171628186e215a68bf16167b4acd00c3441973c3fa62fa2698ee5c6749fc20e542364d63c40756d8bcff780269e5201bafdced3cdc97931d8203873431882c84522c151b775285d0a3c5d7667254c74724ff0ea9d417aa6c62835865dfded34edd331c0c235a089427672c5a9211c9":112:"1e774647b1ca406e0ed7141a8e1e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3a314ec178da96311e42334a616fb38b":"518b3f5384ab54f80497d55be7a5d6902bc7718386212c2ec7537db331514b3838f104bf9054e03039a4cfb73f41e5d0a9648e569ed738cea8d33917430dff6afa8f07a75e324b9262fa196a4439dcd66b0535ee5bea0d292600227c2a79ed03be0671740e5cb7b306d855612bd3abcbf02cf7e7cecbb6cdbb33d57b4e3234a2":"d7ea27c819e3eb2666611bb1c7fc068d":"db8dcc31a5681f13d56abd51bd2dcb0d2b171628186e215a68bf16167b4acd00c3441973c3fa62fa2698ee5c6749fc20e542364d63c40756d8bcff780269e5201bafdced3cdc97931d8203873431882c84522c151b775285d0a3c5d7667254c74724ff0ea9d417aa6c62835865dfded34edd331c0c235a089427672c5a9211c9":112:"1e774647b1ca406e0ed7141a8e1e":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e818372a63b7e2c23b524e29ba752bdb":"c1bf1b702a95ceaa6b48a1cdd888ae51f58a9fc3232bd6c784529a83301c6d0cdda6e605ad9a2563f54a8d59f624ae7c589e48b85041a010dcb6fb8739d43e79a456fc0e8574af086df78680460c3cdc4e00dc3b9d4e76b0de26e9aec546705249fa7e7466c01001c2667eaf2813be1f0f116916f34843a06b201d653aa1b27e":"36e617e787cb25e154f73af1da68cb06":"71801d69796c2ce36b043c157aec9fd2e06fd1ec596126d10c26b6d44e3dc36c4fa30a030d65c382b6ddfd958e71fe9c16732e595137a3d6764c15480fc3358e9a113ba492b31274663f5842df5d1cc6bad70e83b34675a4411e2e70755aede0ff5035601be130562e27a20283d6f144ff1bdb5276dec05fad80d51b28d50688":112:"3744262bc76f283964c1c15dc069":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e818372a63b7e2c23b524e29ba752bdb":"c1bf1b702a95ceaa6b48a1cdd888ae51f58a9fc3232bd6c784529a83301c6d0cdda6e605ad9a2563f54a8d59f624ae7c589e48b85041a010dcb6fb8739d43e79a456fc0e8574af086df78680460c3cdc4e00dc3b9d4e76b0de26e9aec546705249fa7e7466c01001c2667eaf2813be1f0f116916f34843a06b201d653aa1b27e":"36e617e787cb25e154f73af1da68cb06":"71801d69796c2ce36b043c157aec9fd2e06fd1ec596126d10c26b6d44e3dc36c4fa30a030d65c382b6ddfd958e71fe9c16732e595137a3d6764c15480fc3358e9a113ba492b31274663f5842df5d1cc6bad70e83b34675a4411e2e70755aede0ff5035601be130562e27a20283d6f144ff1bdb5276dec05fad80d51b28d50688":112:"3744262bc76f283964c1c15dc069":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a04f16882ff45816739d1b6697ce8b7":"6a4f3dbb3371f64258fd1f831349e745a4e19a33aad794b1de3788729618beed619586092120e9e5dc3ac6e0d52f991f7be61afbfaa4399ac716ad79a2734827254b1627791dc92a128a6f43426b8085dee94242e83176a3d762658f18ecc1e37e3e1531648c9caed212ea2cf3b3843cb92cb07730f30fe2dca3925470fadd06":"66f504d9a9128ad7fb7f1430d37c4784":"f641c53c83c4fb1ff8044bfa97cdf63fe75d8159d65b3e5ad585b89c083a53cf4a2f7a58eaeaf45fa71f2c07bc5725a6b03307d7f32884a133a4c803700bf1e12564b98b71f63b434ddf13ad2c467dda25ffa6effcafa72452b20c34cfae71e47096f8745b487e9f1945f5bec83f7ec2709a13b504d92315b1b727a78902be84":112:"fbb37084396394fecd9581741f3c":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a04f16882ff45816739d1b6697ce8b7":"6a4f3dbb3371f64258fd1f831349e745a4e19a33aad794b1de3788729618beed619586092120e9e5dc3ac6e0d52f991f7be61afbfaa4399ac716ad79a2734827254b1627791dc92a128a6f43426b8085dee94242e83176a3d762658f18ecc1e37e3e1531648c9caed212ea2cf3b3843cb92cb07730f30fe2dca3925470fadd06":"66f504d9a9128ad7fb7f1430d37c4784":"f641c53c83c4fb1ff8044bfa97cdf63fe75d8159d65b3e5ad585b89c083a53cf4a2f7a58eaeaf45fa71f2c07bc5725a6b03307d7f32884a133a4c803700bf1e12564b98b71f63b434ddf13ad2c467dda25ffa6effcafa72452b20c34cfae71e47096f8745b487e9f1945f5bec83f7ec2709a13b504d92315b1b727a78902be84":112:"fbb37084396394fecd9581741f3c":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"38cf029a4b20607030586cd2d82146e6":"f4c9f4476561c9ebdac71b282ae6e2f9f03547da98e66d4d857720db2fcc9ed1f363858db34c9dcaca0109d7c81db24150493115f2bb6985efa8686e3d2ab719d33b230aa4c5c70696bf42f225fb3c6704711c054a882d89b320884a78cb59cd2100496edf4010487597fb9135d8ca79693a43843e9626fd6c64a8722b3a27dc":"6330084319e2bf32cd5240f4826944bc":"80746cfb0127c592f8164d751b0e14a5b379056a884cece7ee4e9b80538d7ff6be56a3b19c135786722aaf315123b47672b0251e87ea45f0fd3601cf93f9efa6cbd9ad537f54d57f1e187f821faac24096ecec19d137c9f4cf145c278af4cd8de01c7758784fda06f1cc62d92ae1977786f3d0645714ab4ab6f48c8794b12f73":104:"7b021de5cda915ba58f90ceef4":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"38cf029a4b20607030586cd2d82146e6":"f4c9f4476561c9ebdac71b282ae6e2f9f03547da98e66d4d857720db2fcc9ed1f363858db34c9dcaca0109d7c81db24150493115f2bb6985efa8686e3d2ab719d33b230aa4c5c70696bf42f225fb3c6704711c054a882d89b320884a78cb59cd2100496edf4010487597fb9135d8ca79693a43843e9626fd6c64a8722b3a27dc":"6330084319e2bf32cd5240f4826944bc":"80746cfb0127c592f8164d751b0e14a5b379056a884cece7ee4e9b80538d7ff6be56a3b19c135786722aaf315123b47672b0251e87ea45f0fd3601cf93f9efa6cbd9ad537f54d57f1e187f821faac24096ecec19d137c9f4cf145c278af4cd8de01c7758784fda06f1cc62d92ae1977786f3d0645714ab4ab6f48c8794b12f73":104:"7b021de5cda915ba58f90ceef4":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cf4d81fc5997c744a572bed71f4ae609":"f3d65d70326e641fbe7fd945fe9cf66c74f17d0d1020ae8ac488f39b7285c99d8632bc2201960f3d77daccfecc04428abe0853aa8d82b90a93127c72b2d2af53f7f1bd0afb99d50f0b3b24e934ec98eddb278b2c65866442cebf10208c7ce1b7ecf764858480b2a269b106fa6d2428d5ad17612e53e62ccc7ad1184663aeb9a7":"bc4e20c56931c967ce8e3b8f5f1c392f":"b6b8294abf7da5703f864721f7904d3821f5568bf4b269e44edef4f1c95ddc172d83a06c0ad9f7f1fd2e292c17a876392bc5bb705d370b2f16ff721bef7648f423346fd3a4d762676e6fcf2d690553a47224af29afed0f452d263be90eb8150a13d720f1db6f1abc1c2ec18cfbf93b8ed3c5aa7cfc1dcb514d69f90409687a4d":104:"0a86142a0af81c8df64ba689f4":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cf4d81fc5997c744a572bed71f4ae609":"f3d65d70326e641fbe7fd945fe9cf66c74f17d0d1020ae8ac488f39b7285c99d8632bc2201960f3d77daccfecc04428abe0853aa8d82b90a93127c72b2d2af53f7f1bd0afb99d50f0b3b24e934ec98eddb278b2c65866442cebf10208c7ce1b7ecf764858480b2a269b106fa6d2428d5ad17612e53e62ccc7ad1184663aeb9a7":"bc4e20c56931c967ce8e3b8f5f1c392f":"b6b8294abf7da5703f864721f7904d3821f5568bf4b269e44edef4f1c95ddc172d83a06c0ad9f7f1fd2e292c17a876392bc5bb705d370b2f16ff721bef7648f423346fd3a4d762676e6fcf2d690553a47224af29afed0f452d263be90eb8150a13d720f1db6f1abc1c2ec18cfbf93b8ed3c5aa7cfc1dcb514d69f90409687a4d":104:"0a86142a0af81c8df64ba689f4":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d88ad40b42ead744f1b7a36685658be1":"e99d2566fe6bcb2a04d167605db7c0f1e5567ff2d8d3292c15bbccc5d1e872bcb15a30b3bb8b1eb45e02fba15946e6bca310583a6740845a0f74f4ebfd5c59ced46875823e369e0447cc3e5d03dae530adf3c9846362c94e7f9d17207bf92d4d59981d8fd904eb8b96a0a23eb0f8d7e7a87e8e8892a2451524da6841ce575c27":"52c3158f5bd65a0a7ce1c5b57b9b295e":"dde2663335c40e5550ae192b843fa9fb4ef357b5c09d9f39dafda3296a4d14031817ee4dc1a201d677597d81e37050cd3dc86c25adbd551e947a080b6c47ec7be8a927ef7920bd1bb81f2c59801a2b9d745d33344cbe4838bcf2eb8dce53ab82c75c9bbab8e406597f6908aaa81fbbdef25aa69116c8f7a8cdc9958435aa32ac":104:"7643b3534eb5cb38331ed2e572":"6f87f6be2f4e7421aa26fe321045d1e23066a02158634bef35890581c92367d0bc232940de30974c70a66c60137a9f3924d12db1e5bc1b0e7131ea3620a25eb805b7d670263b82c8bbfcd6839305025390fc17d42d82daebe1b24f73ff9aa4617e3866785dded88f8b55ef89b2798ea2641a592a46428d9020f9bf853c194576":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d88ad40b42ead744f1b7a36685658be1":"e99d2566fe6bcb2a04d167605db7c0f1e5567ff2d8d3292c15bbccc5d1e872bcb15a30b3bb8b1eb45e02fba15946e6bca310583a6740845a0f74f4ebfd5c59ced46875823e369e0447cc3e5d03dae530adf3c9846362c94e7f9d17207bf92d4d59981d8fd904eb8b96a0a23eb0f8d7e7a87e8e8892a2451524da6841ce575c27":"52c3158f5bd65a0a7ce1c5b57b9b295e":"dde2663335c40e5550ae192b843fa9fb4ef357b5c09d9f39dafda3296a4d14031817ee4dc1a201d677597d81e37050cd3dc86c25adbd551e947a080b6c47ec7be8a927ef7920bd1bb81f2c59801a2b9d745d33344cbe4838bcf2eb8dce53ab82c75c9bbab8e406597f6908aaa81fbbdef25aa69116c8f7a8cdc9958435aa32ac":104:"7643b3534eb5cb38331ed2e572":"":"6f87f6be2f4e7421aa26fe321045d1e23066a02158634bef35890581c92367d0bc232940de30974c70a66c60137a9f3924d12db1e5bc1b0e7131ea3620a25eb805b7d670263b82c8bbfcd6839305025390fc17d42d82daebe1b24f73ff9aa4617e3866785dded88f8b55ef89b2798ea2641a592a46428d9020f9bf853c194576":0
AES-GCM NIST Validation (AES-128,128,1024,1024,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c3ce86a212a30e724b4c624057db4e79":"3582ef7a9565c9a8e4496750ee5ca3e3a80df6238f7b7608e3394ec56d1360777921da039ede34abcedd01081babd496ba4de74a7de501181d6bb2022a6cc7f79d89a4c6a97676fb0f2b42f70e2d0bc1eaac364c3646df4f611c1d6b09737451b81b5a4da73c05fb58391c74e44498b80b26f1c29562d23c39b5d3f086b280cb":"9e03f0dd4cb2b3d830a6925e4400ed89":"92c48a39d93ea3308f55f6650d33fdf17a902076d582a94a82ac99496de9f62312292b844bbca5a683ef0f0710bbc1c7f89cbcca8f9c0299f154590d32059bd99fca5d78c450ede0d11d55075947caf2151218ce7a06c1e81985a7781a3444054170b457fd7ba816026310112abb47c8eddfd3ab7f679a0f60efc6c6dd3b759e":96:"3230fe94b6ccd63e605f87d0":"052347a4273cddba65b2a0b961477f07edee440a9117ab204359d2dd45ad2a6dad3b60ead891e7da6d79f3017ac90f95725a0089f04d25ce537bf53b7ea8e1ea58692d34c221db141e2a9fd7211adcee03ef8b5bf3c5d36311d20bb3d81f70f7e7272d0e2b6d12293b1a2c31b70f140a8f08d98c6231a3c429c3d0a10b2e1c1c":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c3ce86a212a30e724b4c624057db4e79":"3582ef7a9565c9a8e4496750ee5ca3e3a80df6238f7b7608e3394ec56d1360777921da039ede34abcedd01081babd496ba4de74a7de501181d6bb2022a6cc7f79d89a4c6a97676fb0f2b42f70e2d0bc1eaac364c3646df4f611c1d6b09737451b81b5a4da73c05fb58391c74e44498b80b26f1c29562d23c39b5d3f086b280cb":"9e03f0dd4cb2b3d830a6925e4400ed89":"92c48a39d93ea3308f55f6650d33fdf17a902076d582a94a82ac99496de9f62312292b844bbca5a683ef0f0710bbc1c7f89cbcca8f9c0299f154590d32059bd99fca5d78c450ede0d11d55075947caf2151218ce7a06c1e81985a7781a3444054170b457fd7ba816026310112abb47c8eddfd3ab7f679a0f60efc6c6dd3b759e":96:"3230fe94b6ccd63e605f87d0":"":"052347a4273cddba65b2a0b961477f07edee440a9117ab204359d2dd45ad2a6dad3b60ead891e7da6d79f3017ac90f95725a0089f04d25ce537bf53b7ea8e1ea58692d34c221db141e2a9fd7211adcee03ef8b5bf3c5d36311d20bb3d81f70f7e7272d0e2b6d12293b1a2c31b70f140a8f08d98c6231a3c429c3d0a10b2e1c1c":0
AES-GCM NIST Validation (AES-128,128,1024,1024,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a0155360b84420b5bf4fb410ea02f31e":"ecdb51522fc440f7471ea6a31f7c1ef1ec2153e5bcf6303297dbf8ddb3830b45ed9866157375ce4bdeb5e32fcbc6607984fccd7e6552628736608ab13072856d432ceccd3e90d1bb52ca9ada9cee90eb89ac10e887a1978fd0fb3d7bb20caaf35539e150be8044b725b8427c4c4a910f79980865d36344a8784bcc3d58460acb":"46f0386be7363887e7e357376305eab5":"611bc290f91798ad84f0a5ecb5a7cb8fa35e9ab6a5a51c9869a68a076e96f92c9c117595f92cbac5d33343fa2accd2541473907cbc54792c5e215ae857424c921b04ca4b81376bbedbfcc0e565c118f2aced08f247698eed5e2d202c48245161cabeac9fa195219f9799fa253e339561e13012167f1d02b4012b7791b7c863ba":96:"ac5addcc10cae6c1345520f1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a0155360b84420b5bf4fb410ea02f31e":"ecdb51522fc440f7471ea6a31f7c1ef1ec2153e5bcf6303297dbf8ddb3830b45ed9866157375ce4bdeb5e32fcbc6607984fccd7e6552628736608ab13072856d432ceccd3e90d1bb52ca9ada9cee90eb89ac10e887a1978fd0fb3d7bb20caaf35539e150be8044b725b8427c4c4a910f79980865d36344a8784bcc3d58460acb":"46f0386be7363887e7e357376305eab5":"611bc290f91798ad84f0a5ecb5a7cb8fa35e9ab6a5a51c9869a68a076e96f92c9c117595f92cbac5d33343fa2accd2541473907cbc54792c5e215ae857424c921b04ca4b81376bbedbfcc0e565c118f2aced08f247698eed5e2d202c48245161cabeac9fa195219f9799fa253e339561e13012167f1d02b4012b7791b7c863ba":96:"ac5addcc10cae6c1345520f1":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"694f621f594d96b16c32254ff06f3f9c":"e61476b8b7f101ca6005f25af2b9bee795d62720bbbf59357057ca7cd473e00f0d465255fce8d6164657603323549fb4e3d33fa51054b1a70cc7e492916dea85453e9107fe781bfeb4a622c5b2306a8dddef99386dc50745003aa7220cd7f32fb0a060fa7682576769a48f9169c7d11fe0a8a61b95f5d6dfcf216f7d0c652a84":"542db4e107485a3cd24c7ad337a4f1b5":"27b7bfa5eb34ba376e515e58ab8b6556c396820d0074a1fe3b984945dcf5251ca450456ccb4bb66ec739b03fdc5f72d24553e843255adc012d1f1c95aa3cdac5d12926465354217203052cbd4869a8b5be2e01d0fe66b5a6a8da0a2ce351557e2991ce77baa812b9c67b8e1c5a1fc348710e1a73a0fd49acfd538b7db6bef8b3":96:"0bdef4d771a1740381e7db97":"8b27a338fd2153d304f04655e09bd9bdf4468890ecce1e3b51de2c9a25a8d9336a9acd753ce270b1fe8d50196feac68145e0fd59c9cb3aa7c1e8af03494bc4279c6e287c849f3c775ada584ae173100946ae6921ef7c96bbc6f216093548702cf1867bb1bf1f4c9e90a34230a2b2aeb584622dd615023a43a406e64428bd9170":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"694f621f594d96b16c32254ff06f3f9c":"e61476b8b7f101ca6005f25af2b9bee795d62720bbbf59357057ca7cd473e00f0d465255fce8d6164657603323549fb4e3d33fa51054b1a70cc7e492916dea85453e9107fe781bfeb4a622c5b2306a8dddef99386dc50745003aa7220cd7f32fb0a060fa7682576769a48f9169c7d11fe0a8a61b95f5d6dfcf216f7d0c652a84":"542db4e107485a3cd24c7ad337a4f1b5":"27b7bfa5eb34ba376e515e58ab8b6556c396820d0074a1fe3b984945dcf5251ca450456ccb4bb66ec739b03fdc5f72d24553e843255adc012d1f1c95aa3cdac5d12926465354217203052cbd4869a8b5be2e01d0fe66b5a6a8da0a2ce351557e2991ce77baa812b9c67b8e1c5a1fc348710e1a73a0fd49acfd538b7db6bef8b3":96:"0bdef4d771a1740381e7db97":"":"8b27a338fd2153d304f04655e09bd9bdf4468890ecce1e3b51de2c9a25a8d9336a9acd753ce270b1fe8d50196feac68145e0fd59c9cb3aa7c1e8af03494bc4279c6e287c849f3c775ada584ae173100946ae6921ef7c96bbc6f216093548702cf1867bb1bf1f4c9e90a34230a2b2aeb584622dd615023a43a406e64428bd9170":0
AES-GCM NIST Validation (AES-128,128,1024,1024,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"78826a5215a1d5e1b39cad5a06861f8f":"0fe2c798d7015d3e2f8725648d95729c45d357dc0c89fc63b9df5a68d3e65419540f663e9190793a29c58c495d5c6a731782acf119e2df8a96fb180ad772c301d098dbc5e3560ac45b6631a01cef7eed6db51f223775d601d2e11b9baa55e2f0651344777e5a03f6738a2013626a891b5f134f07b16598b8cbe3aeaefa1c2a26":"feb9d740fd1e221e328b5ef5ed19eff5":"ca9411b368d8295210d7a04da05a351d287f2f67d978ef1bb936de9f8065473f6fa11495da2eab13a1002231c86411d5409bbc718e2042ee99e013b1df1ef786e9fc1f2d43293c854128184efb9317c4ef82a002eac8b28fcd91d8a714a3aa25fc3c0ae4af9f4bcf5ad19a30cd8ec4b1785df70aa92074da419abe433dd4c435":64:"a724bbb295a02883":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"78826a5215a1d5e1b39cad5a06861f8f":"0fe2c798d7015d3e2f8725648d95729c45d357dc0c89fc63b9df5a68d3e65419540f663e9190793a29c58c495d5c6a731782acf119e2df8a96fb180ad772c301d098dbc5e3560ac45b6631a01cef7eed6db51f223775d601d2e11b9baa55e2f0651344777e5a03f6738a2013626a891b5f134f07b16598b8cbe3aeaefa1c2a26":"feb9d740fd1e221e328b5ef5ed19eff5":"ca9411b368d8295210d7a04da05a351d287f2f67d978ef1bb936de9f8065473f6fa11495da2eab13a1002231c86411d5409bbc718e2042ee99e013b1df1ef786e9fc1f2d43293c854128184efb9317c4ef82a002eac8b28fcd91d8a714a3aa25fc3c0ae4af9f4bcf5ad19a30cd8ec4b1785df70aa92074da419abe433dd4c435":64:"a724bbb295a02883":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d450f5253251121606e56687952bf2f1":"479b4f421bd8ac7f615c4a507da187cb5d4b1f1e2c6113d1f9678c1ba92dc5e17c5b525d7f3208733223eb82af0820b8476e9b08ca714ce044417b24d2238720cb8ffdc69db558cbaff52e3651b400e16c9d5ac8ed8949a19c35516f80394a04bd1cfdced7b204f779d792086e00b2ebca2f55a1140e85f5ee9ac7cfc5a31747":"fe7ff90b020fc77d7fcd90bc583850ac":"a3bca9ff25a60006eb18f993dcdc99681e414e27605264dfd25652195d7fe1489550afd07fc7346b88d93b59eb6642913646e93bf50ee1db5dd30106cf181124d8ad01c72ed99038c9798620abdf5c78c419b08c97f982b34d9e9105d9aa4538afcd37f62e2412f14f7a248fcd60abaf2b66cd4554767f99030f1a495d56a5ae":64:"6446398aff73ed23":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d450f5253251121606e56687952bf2f1":"479b4f421bd8ac7f615c4a507da187cb5d4b1f1e2c6113d1f9678c1ba92dc5e17c5b525d7f3208733223eb82af0820b8476e9b08ca714ce044417b24d2238720cb8ffdc69db558cbaff52e3651b400e16c9d5ac8ed8949a19c35516f80394a04bd1cfdced7b204f779d792086e00b2ebca2f55a1140e85f5ee9ac7cfc5a31747":"fe7ff90b020fc77d7fcd90bc583850ac":"a3bca9ff25a60006eb18f993dcdc99681e414e27605264dfd25652195d7fe1489550afd07fc7346b88d93b59eb6642913646e93bf50ee1db5dd30106cf181124d8ad01c72ed99038c9798620abdf5c78c419b08c97f982b34d9e9105d9aa4538afcd37f62e2412f14f7a248fcd60abaf2b66cd4554767f99030f1a495d56a5ae":64:"6446398aff73ed23":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90a59f6b0abf932311f0b65623c17740":"be5a948a771a8df12adaf74d702f064a75f6483c03203365fbde7d184844fe6dee0b84cf344be05b1d163817ba1516fcb87b9167ed81f884ada73b0058e2b38cba515bbbe462f4c21f8de1d41bca2cf4340aa659f9f07886c2bb620d9c3295318c07fa3c17fe8242409359c08bcb337e5cf268880839b6a20f4ee4b3f04e7024":"20778bea82a6717038e7064f48a31981":"4022d04f1454a72d2efe57533bd32757595220b20f3a37d166cec0412fb1eb2588f939ecd906c805f4827338669888e9f730905001eb1b136b95e306edf70d9ba1e5cd0aa13a25a1f28ab55cff36f9cd7036c735e3b285d26002ad2ed1074b566e252ea3ec8a9ce10882375dc3f1d9676e301dcb179eaae991120b796cc35648":64:"dc77c1d7e0902d48":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90a59f6b0abf932311f0b65623c17740":"be5a948a771a8df12adaf74d702f064a75f6483c03203365fbde7d184844fe6dee0b84cf344be05b1d163817ba1516fcb87b9167ed81f884ada73b0058e2b38cba515bbbe462f4c21f8de1d41bca2cf4340aa659f9f07886c2bb620d9c3295318c07fa3c17fe8242409359c08bcb337e5cf268880839b6a20f4ee4b3f04e7024":"20778bea82a6717038e7064f48a31981":"4022d04f1454a72d2efe57533bd32757595220b20f3a37d166cec0412fb1eb2588f939ecd906c805f4827338669888e9f730905001eb1b136b95e306edf70d9ba1e5cd0aa13a25a1f28ab55cff36f9cd7036c735e3b285d26002ad2ed1074b566e252ea3ec8a9ce10882375dc3f1d9676e301dcb179eaae991120b796cc35648":64:"dc77c1d7e0902d48":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6be4ef629f0b38194c74f7b66418922d":"b67ea20a320f4ec0e4185c62a4ad79a3c97a8189a5e4d1deff9d3edff0f9a9323532853c1a2a2c1e62e4d1afebfcdf1d8461921ea601750380e63b912d8b7389198f976851d88a19f1aa32c97143668ad00838d98da1c4f2be0e6e2dc964d170d7f7ad2e2997982e5ca110e744b6e10c24ca18eadff6b129b1f290c8a7e0a593":"fb77a4b9b246271abfc656433f87628c":"e5d5227725a19a3050fbf2a97a6e854bc1218b94a4a3403b721ace3447daff68fff5553a26edd41219e68fb61fb9e964d0a3c29796251ae4eb942187cdc55d13a09dfb487e93d9e2072d7271456a77c6ccb81154443eea176314d6e3a08619b52cd880f1c28ae5214ac0090a3855dbd74f87389fe8afebd464330fb683dff81a":32:"3d8fc6fb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6be4ef629f0b38194c74f7b66418922d":"b67ea20a320f4ec0e4185c62a4ad79a3c97a8189a5e4d1deff9d3edff0f9a9323532853c1a2a2c1e62e4d1afebfcdf1d8461921ea601750380e63b912d8b7389198f976851d88a19f1aa32c97143668ad00838d98da1c4f2be0e6e2dc964d170d7f7ad2e2997982e5ca110e744b6e10c24ca18eadff6b129b1f290c8a7e0a593":"fb77a4b9b246271abfc656433f87628c":"e5d5227725a19a3050fbf2a97a6e854bc1218b94a4a3403b721ace3447daff68fff5553a26edd41219e68fb61fb9e964d0a3c29796251ae4eb942187cdc55d13a09dfb487e93d9e2072d7271456a77c6ccb81154443eea176314d6e3a08619b52cd880f1c28ae5214ac0090a3855dbd74f87389fe8afebd464330fb683dff81a":32:"3d8fc6fb":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c50e37244931e8debc12b3d561c83ba2":"b9abf0796f2d2f774735546cf809030f65ed0c7f6bd469ef2fe0ef32aa0225b57fbce07c36017bbc1806a81ff1a429278160a07643f864485b4e0e35d57553dc1a131e32aa10f1f91d663b10f0a418f472ed7b4bca54fd7ffdbb22c4d7764d94a7ffd04730614459431eb64335b9b65363de292c04275d40a7b968c0f5c486e9":"6c0b1fd7ab424a6883c36457d1b5521f":"516dc25f6452ae169ce293c5cee440de47353ca5ba770dca0f04175950e87a2d4c3f84fbc6eeacaac436853492929680066f959e74de4b736ab924d8367b90aaa6e9492561ad4b5aa78b6737d562e960edc3b983e2e01a186e9f22896f48d8dfcfb6a42cfe2c6006c687a27772820a1e8875bdf09e8104248ce4db883376bc04":32:"7d4393f0":"962509e494f10269b70ebad02b0cd799d1d41191a734863ef502aff3d3ba48dc2acf9da9a3fc3f40be4d210dc5e128bc00499aec57aa0a4669863165428687b88d46fad41e36af8ea6605586eaa5c0736d0d53b9d523e0cb5a0b285048e060a73cbf4b587d2cd787debdb2b4c8cda731a61a15b19fe8b561fbdd3a7373853ae1":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c50e37244931e8debc12b3d561c83ba2":"b9abf0796f2d2f774735546cf809030f65ed0c7f6bd469ef2fe0ef32aa0225b57fbce07c36017bbc1806a81ff1a429278160a07643f864485b4e0e35d57553dc1a131e32aa10f1f91d663b10f0a418f472ed7b4bca54fd7ffdbb22c4d7764d94a7ffd04730614459431eb64335b9b65363de292c04275d40a7b968c0f5c486e9":"6c0b1fd7ab424a6883c36457d1b5521f":"516dc25f6452ae169ce293c5cee440de47353ca5ba770dca0f04175950e87a2d4c3f84fbc6eeacaac436853492929680066f959e74de4b736ab924d8367b90aaa6e9492561ad4b5aa78b6737d562e960edc3b983e2e01a186e9f22896f48d8dfcfb6a42cfe2c6006c687a27772820a1e8875bdf09e8104248ce4db883376bc04":32:"7d4393f0":"":"962509e494f10269b70ebad02b0cd799d1d41191a734863ef502aff3d3ba48dc2acf9da9a3fc3f40be4d210dc5e128bc00499aec57aa0a4669863165428687b88d46fad41e36af8ea6605586eaa5c0736d0d53b9d523e0cb5a0b285048e060a73cbf4b587d2cd787debdb2b4c8cda731a61a15b19fe8b561fbdd3a7373853ae1":0
AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8531ddb03977383405baf2ee9ca7d64b":"d90c9e26509bdba9b1dea8d2b94f2b1881d22c2bd756ad23cd61944710a1c1f2807170ed47a6870ae654e44757fcb3822ef28b37946cafc07284f8a0c22ae3552954f0d87b8d8c825bd546935b494cacb4262d9e2a88f254f200ad31367d8b3715afbabea5f34214ffedb14d7c84806022aba2dc8f88a314ffbb24017d1a9b9f":"baf623867d6a25fd85d1f08e599c0566":"18f92cdd37dcd7f99b06838f3f68748aba367baabaebd0da9ee787d70e752fa07dea553a43b643b8d8f460175c0746675205e20a7a98acfcac864d7c4cf5ab4c41c031738c76882acda003c5af47b1c4df8894a827a317935d970d4afaee17715c9cfd1883e8c345f19d1f89e229b8edba6b4f53b86d8da1c0f159afb83b6b33":32:"2fc9de46":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8531ddb03977383405baf2ee9ca7d64b":"d90c9e26509bdba9b1dea8d2b94f2b1881d22c2bd756ad23cd61944710a1c1f2807170ed47a6870ae654e44757fcb3822ef28b37946cafc07284f8a0c22ae3552954f0d87b8d8c825bd546935b494cacb4262d9e2a88f254f200ad31367d8b3715afbabea5f34214ffedb14d7c84806022aba2dc8f88a314ffbb24017d1a9b9f":"baf623867d6a25fd85d1f08e599c0566":"18f92cdd37dcd7f99b06838f3f68748aba367baabaebd0da9ee787d70e752fa07dea553a43b643b8d8f460175c0746675205e20a7a98acfcac864d7c4cf5ab4c41c031738c76882acda003c5af47b1c4df8894a827a317935d970d4afaee17715c9cfd1883e8c345f19d1f89e229b8edba6b4f53b86d8da1c0f159afb83b6b33":32:"2fc9de46":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,0,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"862dd5b362cfa556ca37e73cff7f4a0e":"":"81530a243655a60d22d9ab40d2520447":"":128:"3b9b2af54e610ed0b3dda96961dd8783":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"862dd5b362cfa556ca37e73cff7f4a0e":"":"81530a243655a60d22d9ab40d2520447":"":128:"3b9b2af54e610ed0b3dda96961dd8783":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3452b7bc100c334292e08343f139b9d0":"":"8f92739a30fe4ba24079f5d42753d6ac":"":128:"0eeca69f8b95e1a902cc3ab1aaa8e2af":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3452b7bc100c334292e08343f139b9d0":"":"8f92739a30fe4ba24079f5d42753d6ac":"":128:"0eeca69f8b95e1a902cc3ab1aaa8e2af":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"31a0cbaf21b943f8badc939e94eac7eb":"":"d5bb2c4eaec47088230972ae34fcda9c":"":128:"580e728512c8e44fbb3fe2c498e05323":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"31a0cbaf21b943f8badc939e94eac7eb":"":"d5bb2c4eaec47088230972ae34fcda9c":"":128:"580e728512c8e44fbb3fe2c498e05323":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9e8fca537746e7cbff97f1dcd40a3392":"":"43e9f2bf186b2af8cc022e7c7412d641":"":120:"4465a3f9d9751789bcef5c7c58cbc5":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9e8fca537746e7cbff97f1dcd40a3392":"":"43e9f2bf186b2af8cc022e7c7412d641":"":120:"4465a3f9d9751789bcef5c7c58cbc5":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"35b5854ca83792ad691dbda1a66790fb":"":"cff61cf9b32ea30cf7e3692aa6e74bed":"":120:"726793199df533dd9055b0ac7c939d":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"35b5854ca83792ad691dbda1a66790fb":"":"cff61cf9b32ea30cf7e3692aa6e74bed":"":120:"726793199df533dd9055b0ac7c939d":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"07259267c1c6a015437a5d8cfa92f9e6":"":"18b9cf2ad7ace6ec1c8366b72878cf20":"":120:"4340f6263f0ba2d82c2eb79cb0cc7e":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"07259267c1c6a015437a5d8cfa92f9e6":"":"18b9cf2ad7ace6ec1c8366b72878cf20":"":120:"4340f6263f0ba2d82c2eb79cb0cc7e":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fa1df8955aa3ef191900b06e7c1b7d46":"":"6928c138c98a4350c318fbdccd3f44ba":"":112:"7c89d9e77515d271b6ed54c9c4e3":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fa1df8955aa3ef191900b06e7c1b7d46":"":"6928c138c98a4350c318fbdccd3f44ba":"":112:"7c89d9e77515d271b6ed54c9c4e3":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,0,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c04200ce41ce77d772babb206315ec7d":"":"a885d58f0f38f9ff26d906fa1bfb12f4":"":112:"9ee0d025421f2bf18caf563953fb":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c04200ce41ce77d772babb206315ec7d":"":"a885d58f0f38f9ff26d906fa1bfb12f4":"":112:"9ee0d025421f2bf18caf563953fb":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"650df049461be341c3099bd1613dcead":"":"8a4ff6327b49d297248ce2d5bd38afa8":"":112:"13f067ef0d7b448d56e70d282fed":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"650df049461be341c3099bd1613dcead":"":"8a4ff6327b49d297248ce2d5bd38afa8":"":112:"13f067ef0d7b448d56e70d282fed":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,0,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ee61b5bf5060fcc637dc833926898508":"":"b2dcf21f9ffa4a883044d29f087f9b85":"":104:"9ab1d66666d4dea3cbb5982238":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ee61b5bf5060fcc637dc833926898508":"":"b2dcf21f9ffa4a883044d29f087f9b85":"":104:"9ab1d66666d4dea3cbb5982238":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"01cc56ca7e64db7fbef66236a5c49493":"":"8ea5b63004189792cc040ef18b37e550":"":104:"d685aeb54aa129a21bed17766e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"01cc56ca7e64db7fbef66236a5c49493":"":"8ea5b63004189792cc040ef18b37e550":"":104:"d685aeb54aa129a21bed17766e":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,0,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"134dd72ac8e28ab46720c2f42284a303":"":"c6368e4c0ba0ec90fa7488af9997a4c7":"":104:"4ad9cdf19ff7d7fd7e273efced":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"134dd72ac8e28ab46720c2f42284a303":"":"c6368e4c0ba0ec90fa7488af9997a4c7":"":104:"4ad9cdf19ff7d7fd7e273efced":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"180c04b2bde6901edcda66085f73ecd9":"":"9193b206beade4cb036f01a9db187cb8":"":96:"530f5e9ed0879ccef3a7b360":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"180c04b2bde6901edcda66085f73ecd9":"":"9193b206beade4cb036f01a9db187cb8":"":96:"530f5e9ed0879ccef3a7b360":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aaac85742a55ffa07e98106d6d6b1004":"":"630cd8ab849253c4da95ac80324ecc28":"":96:"37911820c810e3700c3a9321":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aaac85742a55ffa07e98106d6d6b1004":"":"630cd8ab849253c4da95ac80324ecc28":"":96:"37911820c810e3700c3a9321":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,0,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ab663c4f8f2fdc7d5eabf6ef26169b4e":"":"86e6100669929e329a1d258cd3552dc9":"":96:"958d6141f7fb2b2dc7d851a6":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ab663c4f8f2fdc7d5eabf6ef26169b4e":"":"86e6100669929e329a1d258cd3552dc9":"":96:"958d6141f7fb2b2dc7d851a6":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,0,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0dd756d49fd25380c4026ea03cafc2da":"":"6a6f7e39b0d730ea1670e13d16c12c28":"":64:"872ef05a28da5ea1":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0dd756d49fd25380c4026ea03cafc2da":"":"6a6f7e39b0d730ea1670e13d16c12c28":"":64:"872ef05a28da5ea1":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"bd8a834b288bdc7578b6c6ab36f5d068":"":"aa77de0af5fa4dd1ed2ada5cb94813a0":"":64:"c5c094e83755f2b6":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"bd8a834b288bdc7578b6c6ab36f5d068":"":"aa77de0af5fa4dd1ed2ada5cb94813a0":"":64:"c5c094e83755f2b6":"":"":0
AES-GCM NIST Validation (AES-128,128,0,0,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"020d280dbd06939bbb5e6edc6f6d39c6":"":"09aea6f0e57598452719d6f63b6fe5a0":"":64:"05d6c56ba601e85b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"020d280dbd06939bbb5e6edc6f6d39c6":"":"09aea6f0e57598452719d6f63b6fe5a0":"":64:"05d6c56ba601e85b":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,0,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e47f41a27a2722df293c1431badc0f90":"":"227c036fca03171a890806b9fa0c250d":"":32:"86c22189":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e47f41a27a2722df293c1431badc0f90":"":"227c036fca03171a890806b9fa0c250d":"":32:"86c22189":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,0,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9d3e112114b94e26e93d3855d4be26bd":"":"99b98525160c4bb2029da5553ff82b59":"":32:"33bee715":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9d3e112114b94e26e93d3855d4be26bd":"":"99b98525160c4bb2029da5553ff82b59":"":32:"33bee715":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,0,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5b4b7688588125349fbb66004a30d5d4":"":"b4ae363edb529d8b927c051cf21a2d9d":"":32:"6a920617":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5b4b7688588125349fbb66004a30d5d4":"":"b4ae363edb529d8b927c051cf21a2d9d":"":32:"6a920617":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c4b6c5b8e21c32f36b0ae4ef3b75d5cd":"":"3d1036bf0000e6f1b77a799f2ef32dec":"1cf2b6cbe86a87b4b5bb3cc50024aeb27c48143658d47b41f2f20b87ed67bd6fc3b85a3a803f66d3576608f5d6ce6cad11e02fe12de5390722dccb8242e1dd140051bef51aa9716c860d45d45bca6effbb1a4797e6e7406a04db5d823766c0f011ebc28e9a8cd4446ec8a75ea8bdc1b2fdbb5cc364fa9877886e30404593df34":128:"a49725014c214ef7cc2d28b9b2b53da7":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c4b6c5b8e21c32f36b0ae4ef3b75d5cd":"":"3d1036bf0000e6f1b77a799f2ef32dec":"1cf2b6cbe86a87b4b5bb3cc50024aeb27c48143658d47b41f2f20b87ed67bd6fc3b85a3a803f66d3576608f5d6ce6cad11e02fe12de5390722dccb8242e1dd140051bef51aa9716c860d45d45bca6effbb1a4797e6e7406a04db5d823766c0f011ebc28e9a8cd4446ec8a75ea8bdc1b2fdbb5cc364fa9877886e30404593df34":128:"a49725014c214ef7cc2d28b9b2b53da7":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"63c3f81500746eaf383fe3975d84f849":"":"0799d4152fd73c1604b4610cf7171fe1":"cb8248e5f904cc9ccccf6f273fe621eee1b4d7ed98480f9e806a48b84e2d6a733772ecf8fb7fe91805715cddab2b462b89f6e6c7cf873f65031f13c357d5f57b00b7c391c39e78ad1ed94be236ca0ae316bce11bc33c5d701fdfc58abbe918b9c42f7b3d6e89d46f9784b388a6e6daf47730b9fa665d755a17e89932fa669c44":128:"c53d01e53ee4a6ea106ea4a66538265e":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"63c3f81500746eaf383fe3975d84f849":"":"0799d4152fd73c1604b4610cf7171fe1":"cb8248e5f904cc9ccccf6f273fe621eee1b4d7ed98480f9e806a48b84e2d6a733772ecf8fb7fe91805715cddab2b462b89f6e6c7cf873f65031f13c357d5f57b00b7c391c39e78ad1ed94be236ca0ae316bce11bc33c5d701fdfc58abbe918b9c42f7b3d6e89d46f9784b388a6e6daf47730b9fa665d755a17e89932fa669c44":128:"c53d01e53ee4a6ea106ea4a66538265e":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0c88b191ce6e8e4a3941f7960b7eae5":"":"e2a899961c332c815685c553351fa519":"308bf10570af48d632911f3641dea60d78046211c01a63bb8e4e5cbddfff8841d2f2b11e18ccb2170805ef4cacf7804d64e0feef40731a1704907f33b77788c18ccf35b224ec3046a67664ac9a3481d2385b6ddeec6da4f32423f94ea9663a5c51cc388cef33744a8159b4fb654dfdb5092718bf926c824be31197f07f276b5f":128:"92604d37407aff33f8b677326cbb94fc":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0c88b191ce6e8e4a3941f7960b7eae5":"":"e2a899961c332c815685c553351fa519":"308bf10570af48d632911f3641dea60d78046211c01a63bb8e4e5cbddfff8841d2f2b11e18ccb2170805ef4cacf7804d64e0feef40731a1704907f33b77788c18ccf35b224ec3046a67664ac9a3481d2385b6ddeec6da4f32423f94ea9663a5c51cc388cef33744a8159b4fb654dfdb5092718bf926c824be31197f07f276b5f":128:"92604d37407aff33f8b677326cbb94fc":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c818dfa0885a09f65ef78712f5ce6609":"":"ca279284723530fdd68ae880e0ce775c":"2a562abdbb483ca5f355f9cc1c5e607bdd624a078a76b717ce0f8f35d0d4c54b629f372f15d20c848d01420c6af5a7040d42063704a17b46259dcc53723caf2d4bf556143ff9117c752fa4f22c9c155c99b7bf5949d089cdafd562165b9cbf53ff51cec21f49128c8a599718bbcdb4a5d705d20509c44c8945e2a133164b9942":120:"20e9a3a98d71d460743e1efaab13c6":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c818dfa0885a09f65ef78712f5ce6609":"":"ca279284723530fdd68ae880e0ce775c":"2a562abdbb483ca5f355f9cc1c5e607bdd624a078a76b717ce0f8f35d0d4c54b629f372f15d20c848d01420c6af5a7040d42063704a17b46259dcc53723caf2d4bf556143ff9117c752fa4f22c9c155c99b7bf5949d089cdafd562165b9cbf53ff51cec21f49128c8a599718bbcdb4a5d705d20509c44c8945e2a133164b9942":120:"20e9a3a98d71d460743e1efaab13c6":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2354c6b6afaa883e7ce91faca4981f8b":"":"604f2730c756c8c39a0527093bc2feb5":"959b4b0b9ce2e9120b327d2d090117553999ee10bdd384a546fc6de0957ef4b447daf07b3d07ef7dbc811f36b0fc09a175d26e4d1263cb5e21eda5ecab85d763807bb20b3cb6ac3f31d548dff00aae058d434ebcf6f7e3a37f11324134f453dd0ea7f51094863486426ff1706129a5a93c53d8c5ccb56cafa5881981fe233cb0":120:"3588c9aa769897dfa328549fbbd10a":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2354c6b6afaa883e7ce91faca4981f8b":"":"604f2730c756c8c39a0527093bc2feb5":"959b4b0b9ce2e9120b327d2d090117553999ee10bdd384a546fc6de0957ef4b447daf07b3d07ef7dbc811f36b0fc09a175d26e4d1263cb5e21eda5ecab85d763807bb20b3cb6ac3f31d548dff00aae058d434ebcf6f7e3a37f11324134f453dd0ea7f51094863486426ff1706129a5a93c53d8c5ccb56cafa5881981fe233cb0":120:"3588c9aa769897dfa328549fbbd10a":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0af48e6aebbb6ff5b7c92bd140b085f":"":"d210d6502a5221ac1274a9c7f5a81725":"d725311ca10eb4b4aa24e6dd19c5e72dc34fc1ff53feb25d924a9b7d8d72205790ca4b1275bd93ad60c27a5587a45659bca07c111e9748fb683a03465153ffd735b7d134b479674ab8596f0596496fe2090f623fd1e4dd730c5283d8b172db8a25df42d9b34f388ed32676a56b8ba03347e47379702654508ccd0a21ff03516e":120:"e6222f068a1e18f09ba6c771eabd86":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0af48e6aebbb6ff5b7c92bd140b085f":"":"d210d6502a5221ac1274a9c7f5a81725":"d725311ca10eb4b4aa24e6dd19c5e72dc34fc1ff53feb25d924a9b7d8d72205790ca4b1275bd93ad60c27a5587a45659bca07c111e9748fb683a03465153ffd735b7d134b479674ab8596f0596496fe2090f623fd1e4dd730c5283d8b172db8a25df42d9b34f388ed32676a56b8ba03347e47379702654508ccd0a21ff03516e":120:"e6222f068a1e18f09ba6c771eabd86":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a05fe482fe164b2eca7f6c3e377b39d8":"":"145327bcc10335fccb93afbf4b17e6e7":"ea6f2e93b5e1bf127d40440b8d6397405246b1b48eebe16964f18928f6b4b8ee2c36322d7126905c1a5b816996e340404b586edc2d77afac11a6c1266511f9eff1a320b035442d4078f8e42ca63cf26d12a971a7adf4645d1bd9a8e4d0a20722f7c2d529beaecc4033f7738075e1cdc6d8a929da5582540678935b82e7b7ba68":112:"3900bde9fa9ae2cbeee54d04f224":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a05fe482fe164b2eca7f6c3e377b39d8":"":"145327bcc10335fccb93afbf4b17e6e7":"ea6f2e93b5e1bf127d40440b8d6397405246b1b48eebe16964f18928f6b4b8ee2c36322d7126905c1a5b816996e340404b586edc2d77afac11a6c1266511f9eff1a320b035442d4078f8e42ca63cf26d12a971a7adf4645d1bd9a8e4d0a20722f7c2d529beaecc4033f7738075e1cdc6d8a929da5582540678935b82e7b7ba68":112:"3900bde9fa9ae2cbeee54d04f224":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dacbadf819eb16a63f6f091d13ed04d4":"":"b9ebce724b0dcb0989ac2d8e7ff8aaec":"7dc6e2189d8a96f3507e352e05e8fd1b4bab988c2f1c706115887119f63b78084f015d85f6b460901a02880103e4d36e8f6527dfd74e4a3acd3f578c0cc726b528875f701ff8b66e5c11b4689c346a098e123bebfa253362cb86829be73c2b85a6881fa976aa730fabb76775027feec7fd920a6c8965a4a509ea812d7c413a95":112:"8988fca83c8cfb1f8feefac46f04":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dacbadf819eb16a63f6f091d13ed04d4":"":"b9ebce724b0dcb0989ac2d8e7ff8aaec":"7dc6e2189d8a96f3507e352e05e8fd1b4bab988c2f1c706115887119f63b78084f015d85f6b460901a02880103e4d36e8f6527dfd74e4a3acd3f578c0cc726b528875f701ff8b66e5c11b4689c346a098e123bebfa253362cb86829be73c2b85a6881fa976aa730fabb76775027feec7fd920a6c8965a4a509ea812d7c413a95":112:"8988fca83c8cfb1f8feefac46f04":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"969244c7444f3f3bf193b28f8e8e96dc":"":"49b2845a1a1c87fa66eb8f78c05ac029":"1414a07e86d8b61d1eff43e1ff4ab42c1c95e159058b74c731e3007d21a5eb78bc17b7e920363a3974aeb8608813dc9a4655199b6703ed337450702d8ab16a89776831b2c7c811fec3acc23598a0aa01680a7bf42a4e258145beb08c9f0eacf2bb5f56d26bea3ad11e1a956a630b80f3d22bf35592b4704f7c464b08b06dd7f8":112:"a291c7527385f037f62e60fd8a96":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"969244c7444f3f3bf193b28f8e8e96dc":"":"49b2845a1a1c87fa66eb8f78c05ac029":"1414a07e86d8b61d1eff43e1ff4ab42c1c95e159058b74c731e3007d21a5eb78bc17b7e920363a3974aeb8608813dc9a4655199b6703ed337450702d8ab16a89776831b2c7c811fec3acc23598a0aa01680a7bf42a4e258145beb08c9f0eacf2bb5f56d26bea3ad11e1a956a630b80f3d22bf35592b4704f7c464b08b06dd7f8":112:"a291c7527385f037f62e60fd8a96":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"525abe490c8434802b69439c590a5290":"":"141f79f0501316e66451c41c7af0f0cd":"be440db66d3f81be467605a7b2805ec1df5e71e1b1b04bd7a4d05e912f5aa1912ba08de72df18613b32b7edf78963c48c80c25178b3b19262b85bb829f5377e0b368b500d6d3b442f54172d4ca4500eb5b4d478b602e5dc11d090539455087ce1e5b9ea74355fc06e9b60cbf25a9804d3f8c623fff130abc48bc2d8d116b8366":104:"038c7e95f790e6ca5ce73f9551":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"525abe490c8434802b69439c590a5290":"":"141f79f0501316e66451c41c7af0f0cd":"be440db66d3f81be467605a7b2805ec1df5e71e1b1b04bd7a4d05e912f5aa1912ba08de72df18613b32b7edf78963c48c80c25178b3b19262b85bb829f5377e0b368b500d6d3b442f54172d4ca4500eb5b4d478b602e5dc11d090539455087ce1e5b9ea74355fc06e9b60cbf25a9804d3f8c623fff130abc48bc2d8d116b8366":104:"038c7e95f790e6ca5ce73f9551":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"51644e025659de983f5c8156516b812e":"":"614837c743d0974e9cca497f13038c02":"60c5d062ade2c5c2dec68b734dd3e58ec474a586d1c4797fdfa2337800510134cb27a10d501927632af3c1febc275010c0d2e5abee630cd2bc792963fa82a42286ab047b934a261927311b40f5f953bfd661427921147cac7613d95ee86e16326ef67c1ed097e8fb87a78753d785de34e03a182232786079cb6be00182e41c9e":104:"77e3deba2c7f9386f85bc4a801":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"51644e025659de983f5c8156516b812e":"":"614837c743d0974e9cca497f13038c02":"60c5d062ade2c5c2dec68b734dd3e58ec474a586d1c4797fdfa2337800510134cb27a10d501927632af3c1febc275010c0d2e5abee630cd2bc792963fa82a42286ab047b934a261927311b40f5f953bfd661427921147cac7613d95ee86e16326ef67c1ed097e8fb87a78753d785de34e03a182232786079cb6be00182e41c9e":104:"77e3deba2c7f9386f85bc4a801":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"08566ca7310302dfb84d76ea0525ba20":"":"5f20ec9c35c08aa7f1c0e8a20fdbd2b3":"5d84e32768b8d1e7e3c426b3118d48e35491bf1bb454b359c8429220216efd8826be94fe1919409a128ccd8125a594f1691c9421fc3dbbb3f757bf2355bb0d074ceec165eb70e26eb53fa2cb5d84dfae06babb557805ef7b8c61c1bc76137571bcc5e84bf5987dc49013831d78bd497ccc49cde7dca2cb75e7ab967da8c6ce81":104:"873f037fc05252a44dc76f8155":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"08566ca7310302dfb84d76ea0525ba20":"":"5f20ec9c35c08aa7f1c0e8a20fdbd2b3":"5d84e32768b8d1e7e3c426b3118d48e35491bf1bb454b359c8429220216efd8826be94fe1919409a128ccd8125a594f1691c9421fc3dbbb3f757bf2355bb0d074ceec165eb70e26eb53fa2cb5d84dfae06babb557805ef7b8c61c1bc76137571bcc5e84bf5987dc49013831d78bd497ccc49cde7dca2cb75e7ab967da8c6ce81":104:"873f037fc05252a44dc76f8155":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dfb54db96383fa911bf5b4fa1218ef9a":"":"7e849e24983f63f1194b396bbd2d55e0":"d3fb689c5818810dd104693f3306a10b27178444af26798a194f7c2ab31ff3a172904b951942b1a26c8ae5b5b1ee2d86dc78bb72a335fde350766d7d9aef6f549871dd46b04b2cc319fcdd47be437d431ad18cab82d51ca9fa57f4108a8de622a92f87d28c0349fab27757fd773413f559a8c00d30e258c1f6cd96f9759bd957":96:"dada7fc7fed58db462854ef6":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dfb54db96383fa911bf5b4fa1218ef9a":"":"7e849e24983f63f1194b396bbd2d55e0":"d3fb689c5818810dd104693f3306a10b27178444af26798a194f7c2ab31ff3a172904b951942b1a26c8ae5b5b1ee2d86dc78bb72a335fde350766d7d9aef6f549871dd46b04b2cc319fcdd47be437d431ad18cab82d51ca9fa57f4108a8de622a92f87d28c0349fab27757fd773413f559a8c00d30e258c1f6cd96f9759bd957":96:"dada7fc7fed58db462854ef6":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"389cf888474e9403e5f4d0e22ffec439":"":"ef57794cf6fac9f9cea3e8499b53b1d6":"7ea7f7f4763ad208eb6199285b6b2819756c4e3caf2d0ac6f5076ae6785fecdcc4b138a51860ff8b87aaac3a18c2df778a4818308d458dba28f5017513e1454f60be20dae68736ea6d48b1f9deadb517df63140acbd329fbfbc9b82f3ca1862c9e998f0faff1d3ae60b005bf66829f5cf0c5fa03efbdd92d39351e3954be0257":96:"92726d90ad26130e65f2beb4":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"389cf888474e9403e5f4d0e22ffec439":"":"ef57794cf6fac9f9cea3e8499b53b1d6":"7ea7f7f4763ad208eb6199285b6b2819756c4e3caf2d0ac6f5076ae6785fecdcc4b138a51860ff8b87aaac3a18c2df778a4818308d458dba28f5017513e1454f60be20dae68736ea6d48b1f9deadb517df63140acbd329fbfbc9b82f3ca1862c9e998f0faff1d3ae60b005bf66829f5cf0c5fa03efbdd92d39351e3954be0257":96:"92726d90ad26130e65f2beb4":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e55abb2ca36c822bf2a030ac703cb8b4":"":"d86f7177e8ec90f9e9edf10175d5012d":"777a9d93091de56324c10712243f5541722e0b27e1f303fef6faa387a8666161ab354dbea6c43c82a24e8623bfec39aab13164add6be0dfd55d23204c0975b4ba6fbda51363befde482a9ccc1eb9f151e6ad59c77a1e24dd268389e4686f198a936dd603044a3fb653d63cff80597f5a2913c8a2ec1b7d9dce5728dd56c78c2c":96:"65025250343ed8c09b3fceed":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e55abb2ca36c822bf2a030ac703cb8b4":"":"d86f7177e8ec90f9e9edf10175d5012d":"777a9d93091de56324c10712243f5541722e0b27e1f303fef6faa387a8666161ab354dbea6c43c82a24e8623bfec39aab13164add6be0dfd55d23204c0975b4ba6fbda51363befde482a9ccc1eb9f151e6ad59c77a1e24dd268389e4686f198a936dd603044a3fb653d63cff80597f5a2913c8a2ec1b7d9dce5728dd56c78c2c":96:"65025250343ed8c09b3fceed":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"586114f3b1dc087e1b2739b28c592dfe":"":"ae5a38ddd455505284434a4bcfe81ef2":"531ff8c285e532d961f49bd210a5523cd9b19a697a3a3fb26db940a496f253862405b1e825daeda7eb0445c98022b8342c8f8ea20301618483f8ab04b6ebccd7e7fc57878fb544a5bf78fa896f50ac30126ff8afca8a86388666b64c643d16812729bfd7e5c03ba52f7e6ea4c6a685404f7bcbd956964417fa0ea9a6d7290c41":64:"467a815610faeb82":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"586114f3b1dc087e1b2739b28c592dfe":"":"ae5a38ddd455505284434a4bcfe81ef2":"531ff8c285e532d961f49bd210a5523cd9b19a697a3a3fb26db940a496f253862405b1e825daeda7eb0445c98022b8342c8f8ea20301618483f8ab04b6ebccd7e7fc57878fb544a5bf78fa896f50ac30126ff8afca8a86388666b64c643d16812729bfd7e5c03ba52f7e6ea4c6a685404f7bcbd956964417fa0ea9a6d7290c41":64:"467a815610faeb82":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cbfe806bddb7f06b3826b097550c68f5":"":"04c1b6c9fd2ab76fc2adfe15d3421bbb":"cfa86d02599652cb4ffff027b9c6ef2336dc9fe946f64fa5ce83f624e144563d4738381bc5371c3cb55cf41ceda07e62cb635ff37246bfa428785229c6e869d5df69d7949a8577889a29e3d05b788ddd43608d9c14e3f1b51ce2085b9a976fe843e3396a74922babe6797d5f01c37ead623b5b582505bcd29edf8a6ea36b0fc7":64:"0697ac372a9acafd":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cbfe806bddb7f06b3826b097550c68f5":"":"04c1b6c9fd2ab76fc2adfe15d3421bbb":"cfa86d02599652cb4ffff027b9c6ef2336dc9fe946f64fa5ce83f624e144563d4738381bc5371c3cb55cf41ceda07e62cb635ff37246bfa428785229c6e869d5df69d7949a8577889a29e3d05b788ddd43608d9c14e3f1b51ce2085b9a976fe843e3396a74922babe6797d5f01c37ead623b5b582505bcd29edf8a6ea36b0fc7":64:"0697ac372a9acafd":"":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"96ce3a095a91effdd91d616f1f02ddcd":"":"579d6633ec6687afa24ef874899b58e0":"3ff3c0038148ed391b6a10aad623a82fe9209c5ba74482f11506d597b5fc7af977235d8ee9e28cf2160346ddd0e33a5bd1fb67b87dad7167fdd4b2b4000d8460ef7b3e1b59b9d61d06cfbe7945379ed6b650de86f396a38cc70d47b8a349f067d00144c903c276b323be6a929a7d7dd8ae7d254d640cdc1176f98e01a1d8c82f":64:"55a0f61032e048f3":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"96ce3a095a91effdd91d616f1f02ddcd":"":"579d6633ec6687afa24ef874899b58e0":"3ff3c0038148ed391b6a10aad623a82fe9209c5ba74482f11506d597b5fc7af977235d8ee9e28cf2160346ddd0e33a5bd1fb67b87dad7167fdd4b2b4000d8460ef7b3e1b59b9d61d06cfbe7945379ed6b650de86f396a38cc70d47b8a349f067d00144c903c276b323be6a929a7d7dd8ae7d254d640cdc1176f98e01a1d8c82f":64:"55a0f61032e048f3":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"24ece168c2971cf2b404ea206dc9e29d":"":"e9db62a42491664a6c46cbb0b2bafc92":"3579f6c0cb3d2a5d0c4548855c7c052d36b6a8dfc60f4ca1b4bbe28ed87306119e71982dd84c4205ceba918d675472753df1b5192d3693dbf6a061c6056e312135ffc5ff426895a7e30f7f675d2cb21de06eea5e3761b94deef7537b985d324864c9ff6ab6e230a1006720f98c958912b604a6d03e3979887c07be3ceaafc78f":32:"d2b15a23":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"24ece168c2971cf2b404ea206dc9e29d":"":"e9db62a42491664a6c46cbb0b2bafc92":"3579f6c0cb3d2a5d0c4548855c7c052d36b6a8dfc60f4ca1b4bbe28ed87306119e71982dd84c4205ceba918d675472753df1b5192d3693dbf6a061c6056e312135ffc5ff426895a7e30f7f675d2cb21de06eea5e3761b94deef7537b985d324864c9ff6ab6e230a1006720f98c958912b604a6d03e3979887c07be3ceaafc78f":32:"d2b15a23":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d3c3cf993f6740a019e61ce13c29955c":"":"af900ac348082ff32d2e0ab886079516":"2ddd0e8c99661f0757f04aa79a1ffa24ad48fbe5da68b9e71f7a0cf1b4f2ca9b757695900b7549d48847ae49950dc9b270b1569d29dcbef412216737bd83509c17ae41c34ccda318939cb37a0a380762993a7568c0b07794e78746173dd5c0d921cd50de4b548c1589e142c3dadbad42161aaeda2310f3c6d5c722d9ac69e96d":32:"f2d3a6ff":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d3c3cf993f6740a019e61ce13c29955c":"":"af900ac348082ff32d2e0ab886079516":"2ddd0e8c99661f0757f04aa79a1ffa24ad48fbe5da68b9e71f7a0cf1b4f2ca9b757695900b7549d48847ae49950dc9b270b1569d29dcbef412216737bd83509c17ae41c34ccda318939cb37a0a380762993a7568c0b07794e78746173dd5c0d921cd50de4b548c1589e142c3dadbad42161aaeda2310f3c6d5c722d9ac69e96d":32:"f2d3a6ff":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,0,1024,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5f1e5bd45ee8bb207ebbd730510ff218":"":"8846424a194f5de858556e6be5b65d7f":"e968947fc0e49136e730b97f6b16e393d5e4fdf3e4803a23af79211ef59f29167c60ead72fd489da32d2ffa43b2bca2074f9d1b4f5396ca65004b0806cb7c6dfa751fb6afbee3e443f3c9b0e3df6722e0d1320441400c5ca508afb657c2b7f1669b0de21761dccab9a40fc513768bd1f552692626ce35078a2e0e12f5d930647":32:"0d6c15da":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5f1e5bd45ee8bb207ebbd730510ff218":"":"8846424a194f5de858556e6be5b65d7f":"e968947fc0e49136e730b97f6b16e393d5e4fdf3e4803a23af79211ef59f29167c60ead72fd489da32d2ffa43b2bca2074f9d1b4f5396ca65004b0806cb7c6dfa751fb6afbee3e443f3c9b0e3df6722e0d1320441400c5ca508afb657c2b7f1669b0de21761dccab9a40fc513768bd1f552692626ce35078a2e0e12f5d930647":32:"0d6c15da":"":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3997050377cfbb802cc438d973661688":"b02f0dd373e42c65e8e1db2dd76a432e0b2bf6e630c8aaf0d48af51b3709b175de9a19b3245ae75818274c771c06fae225c4f8b002236712336e805ab006449eb29cc5e29abd82b06c32d4c36ee99acb9a6d7d9eae6ec6ec263c002a22c4a898c74f6abd6d92112367ca7ffe82787c5b39e7012ba22825d3612af3d41e8008a8":"c95c84c263bdfd5f1de66e7e616cf3fb":"":128:"b35b3cf6ed59ccb69dbc9b47a3f284ae":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3997050377cfbb802cc438d973661688":"b02f0dd373e42c65e8e1db2dd76a432e0b2bf6e630c8aaf0d48af51b3709b175de9a19b3245ae75818274c771c06fae225c4f8b002236712336e805ab006449eb29cc5e29abd82b06c32d4c36ee99acb9a6d7d9eae6ec6ec263c002a22c4a898c74f6abd6d92112367ca7ffe82787c5b39e7012ba22825d3612af3d41e8008a8":"c95c84c263bdfd5f1de66e7e616cf3fb":"":128:"b35b3cf6ed59ccb69dbc9b47a3f284ae":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c58583f6479d9bc9f1bffddefee66e59":"564a9f700cbc1f895e4f4fa6426f73b4956896a15e6127e7560d74e3fd0b980d2ee45b7a6a3884fa613d91d13921e3f90967d7132bdafcd146dd8ff7147ed1964c2bdb3e12f4133d3dbbc3bf030ff37b1d2147c493ce885068d9ba5bebae24903aaac004aa0ab73fe789e4150e75ddc2bde2700db02e6398d53e88ac652964ac":"cee448b48d3506ff3ecc227a87987846":"":128:"361fc2896d7ee986ecef7cbe665bc60c":"9cce7db3fc087d8cb384f6b1a81f03b3fafa2e3281e9f0fcf08a8283929f32439bb0d302516f0ab65b79181fc223a42345bad6e46ff8bcb55add90207f74481227f71a6230a3e13739ef2d015f5003638234b01e58537b7cfab5a8edac19721f41d46948987d1bb1b1d9485a672647bb3b5cb246a1d753a0d107bff036ac7d95":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c58583f6479d9bc9f1bffddefee66e59":"564a9f700cbc1f895e4f4fa6426f73b4956896a15e6127e7560d74e3fd0b980d2ee45b7a6a3884fa613d91d13921e3f90967d7132bdafcd146dd8ff7147ed1964c2bdb3e12f4133d3dbbc3bf030ff37b1d2147c493ce885068d9ba5bebae24903aaac004aa0ab73fe789e4150e75ddc2bde2700db02e6398d53e88ac652964ac":"cee448b48d3506ff3ecc227a87987846":"":128:"361fc2896d7ee986ecef7cbe665bc60c":"":"9cce7db3fc087d8cb384f6b1a81f03b3fafa2e3281e9f0fcf08a8283929f32439bb0d302516f0ab65b79181fc223a42345bad6e46ff8bcb55add90207f74481227f71a6230a3e13739ef2d015f5003638234b01e58537b7cfab5a8edac19721f41d46948987d1bb1b1d9485a672647bb3b5cb246a1d753a0d107bff036ac7d95":0
AES-GCM NIST Validation (AES-128,128,1024,0,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0bc2bde877e881aea512068105694968":"1a6369a45e8ef2846c42d54f92d0d140a94f9633432782dcbf094f1444a1d006acd07ef6076cd0faee226f9ff14adc1fb23e3c63ed818c9a743efbe16624981663e5a64f03f411dcd326e0c259bcadca3b3dd7660ed985c1b77f13a3b232a5934f8b54e46f8368c6e6eb75f933196fa973e7413e4b1442b9dee5e265b44255ed":"05f0c34ab2e8e8026b0a23719344b71f":"":128:"46bab9fc2dbe87b8f6ca0ed4d73e5368":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0bc2bde877e881aea512068105694968":"1a6369a45e8ef2846c42d54f92d0d140a94f9633432782dcbf094f1444a1d006acd07ef6076cd0faee226f9ff14adc1fb23e3c63ed818c9a743efbe16624981663e5a64f03f411dcd326e0c259bcadca3b3dd7660ed985c1b77f13a3b232a5934f8b54e46f8368c6e6eb75f933196fa973e7413e4b1442b9dee5e265b44255ed":"05f0c34ab2e8e8026b0a23719344b71f":"":128:"46bab9fc2dbe87b8f6ca0ed4d73e5368":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e14f45ba5d1eb52e0412240da5d7b5f9":"9a85fda19ce923f093a0c25b0c52f5d9534828af7c7687d22307004ae2d10c4592242c0f2704070307ab55b137780d1e2013a19396ab43ff6a295b63fdcf323456d149758f9a2bb37f1418d62ea6368b24d5067b9c63d2968e06d6586c7e3275faffa005f7c7bfef51303e4c2b2ed4564acd17d50efac9f5e3e7f16ce589c39b":"d7f8ef12f66f8b7c60aea02ef6ff688f":"":120:"beede05e4928c808bc660f3de95634":"4ad5b9ace0c0c7c07df2900faf37a902899471e7aa4a0a1ad5387f8f56d73f78f619be79a4e253f95b15d52895a05bae9ecffa916d35efacd8baf1c704d2aa4a38c234efc4dcfb191ec0fa0b522328fa5b5dff55e8c443fee660ebe3d8ad85de157a889aefc823720030a4cd6ba94a6309dd61806f0abb27772432018bc61701":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e14f45ba5d1eb52e0412240da5d7b5f9":"9a85fda19ce923f093a0c25b0c52f5d9534828af7c7687d22307004ae2d10c4592242c0f2704070307ab55b137780d1e2013a19396ab43ff6a295b63fdcf323456d149758f9a2bb37f1418d62ea6368b24d5067b9c63d2968e06d6586c7e3275faffa005f7c7bfef51303e4c2b2ed4564acd17d50efac9f5e3e7f16ce589c39b":"d7f8ef12f66f8b7c60aea02ef6ff688f":"":120:"beede05e4928c808bc660f3de95634":"":"4ad5b9ace0c0c7c07df2900faf37a902899471e7aa4a0a1ad5387f8f56d73f78f619be79a4e253f95b15d52895a05bae9ecffa916d35efacd8baf1c704d2aa4a38c234efc4dcfb191ec0fa0b522328fa5b5dff55e8c443fee660ebe3d8ad85de157a889aefc823720030a4cd6ba94a6309dd61806f0abb27772432018bc61701":0
AES-GCM NIST Validation (AES-128,128,1024,0,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a64579f3601b0022d357b601cd876ab":"88be1f4bc8c81b8a9d7abc073cb2751e209ab6b912c15dc094002f95a57a660b9f08b1b34f5947223205b579e704d70a9ecb54520ce3491e52965be643f729516f5cb018beeedc68a7d66c0d40a3f392ec7729c566ce1e9f964c4c0bd61b291ccb96e3d1fac18a401a302f3775697c71edb8ff5a8275a815eba9dd3b912e3759":"515efc6d036f95db7df56b1bbec0aff2":"":120:"13ea92ba35fced366d1e47c97ca5c9":"7fc8565760c168d640f24896c69758355b17310dbc359f38b73fc7b57fe3f4b6ecad3f298be931c96a639df3c5744f7e932b32d222f5534efb8eb5d5b98d218dce3efef5c8c7ce65738bf63412d0a8ed209071218a6fa2f7be79b38d0b2f5b571ec73f1a91721bd409b1722b313683e97d53df19ded95fd471124fa5f294a4bb":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a64579f3601b0022d357b601cd876ab":"88be1f4bc8c81b8a9d7abc073cb2751e209ab6b912c15dc094002f95a57a660b9f08b1b34f5947223205b579e704d70a9ecb54520ce3491e52965be643f729516f5cb018beeedc68a7d66c0d40a3f392ec7729c566ce1e9f964c4c0bd61b291ccb96e3d1fac18a401a302f3775697c71edb8ff5a8275a815eba9dd3b912e3759":"515efc6d036f95db7df56b1bbec0aff2":"":120:"13ea92ba35fced366d1e47c97ca5c9":"":"7fc8565760c168d640f24896c69758355b17310dbc359f38b73fc7b57fe3f4b6ecad3f298be931c96a639df3c5744f7e932b32d222f5534efb8eb5d5b98d218dce3efef5c8c7ce65738bf63412d0a8ed209071218a6fa2f7be79b38d0b2f5b571ec73f1a91721bd409b1722b313683e97d53df19ded95fd471124fa5f294a4bb":0
AES-GCM NIST Validation (AES-128,128,1024,0,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1bda4acfd10ab635f357935bb0ab7020":"c9ac8d4ef7d83848fdc03664957c28b9b76710797d5db1c21e713e85eb0898892223e52be1644fc7362c95026ebb9c9ca74d7d3739eff10cab1eda00c36628dae0b98d119a14635800e37cd340faa6fbba9c3d41d52722cc3969612b1a8c5ca9a68773f5ee654506cb88ea65fb1eddf5ab6312d0170dc03324e483342448b854":"48b77c587616ffaa449533a91230b449":"":120:"8325e4394c91719691145e68e56439":"1287ad3719508a9be70c19e3b134a2eaa4415d736c55922e9abcfd7f621ea07ffb9b78d8a9668c74bbd548b5e6519ea12609d2d6197c8bd3da9c13c46628f218e7ff81884ff7eb34664ab00f86e09cd623bec248d8898ef054fce8f718a0e0978e8b5d037709c524114ec37809ac3fd1604e223e08f594e7aa12097f7dc1850b":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1bda4acfd10ab635f357935bb0ab7020":"c9ac8d4ef7d83848fdc03664957c28b9b76710797d5db1c21e713e85eb0898892223e52be1644fc7362c95026ebb9c9ca74d7d3739eff10cab1eda00c36628dae0b98d119a14635800e37cd340faa6fbba9c3d41d52722cc3969612b1a8c5ca9a68773f5ee654506cb88ea65fb1eddf5ab6312d0170dc03324e483342448b854":"48b77c587616ffaa449533a91230b449":"":120:"8325e4394c91719691145e68e56439":"":"1287ad3719508a9be70c19e3b134a2eaa4415d736c55922e9abcfd7f621ea07ffb9b78d8a9668c74bbd548b5e6519ea12609d2d6197c8bd3da9c13c46628f218e7ff81884ff7eb34664ab00f86e09cd623bec248d8898ef054fce8f718a0e0978e8b5d037709c524114ec37809ac3fd1604e223e08f594e7aa12097f7dc1850b":0
AES-GCM NIST Validation (AES-128,128,1024,0,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d21cf24bc5bd176b4b0fd4c8477bb70d":"2e7108fd25c88b799263791940594ec80b26ccd53455c837b2e6cf4e27fcf9707af3f0fe311355e1b03ac3b5ee0af09fb6fb9f0311f8545d40a658119e6a87ba8ba72cc5fdb1386bc455c8fec51a7c0fec957bed4d6441180741197962d51b17c393b57553e53602f2a343a0871ea2dc4b1506663b2768ce271b89c4ed99eec6":"208cb9dced20b18edddb91596e902124":"":112:"7edfb9daf8ca2babcc02537463e9":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d21cf24bc5bd176b4b0fd4c8477bb70d":"2e7108fd25c88b799263791940594ec80b26ccd53455c837b2e6cf4e27fcf9707af3f0fe311355e1b03ac3b5ee0af09fb6fb9f0311f8545d40a658119e6a87ba8ba72cc5fdb1386bc455c8fec51a7c0fec957bed4d6441180741197962d51b17c393b57553e53602f2a343a0871ea2dc4b1506663b2768ce271b89c4ed99eec6":"208cb9dced20b18edddb91596e902124":"":112:"7edfb9daf8ca2babcc02537463e9":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d02e2b02170986944487cba8448f998":"bc1d7553f4a28754cf59ed6f7a901901f04ce62a449db2b45ad60329d0341bb9ba421c783c28a9200b41da8ab6328d826293134a7d0c9a5775dd2735e7767efda4ad183566e0847d6d978abd1a8ab13b16b8323acef05ced3b571631e1e24ad44d65e6ffa64e03c9970e94bacb9f721aba06cda6a08806a3be63dddd8029301d":"6336077bb83eff1c9ea715de99b372cd":"":112:"0466bb2957281f64b59eafed3509":"5f395958f2f7acafb1bca6d3a6ec48b717f2ceeac1b77e1b0edc09a09e4a299d2ec722cc7daf34c8f4121a93c80b2adb20a2fc95afd09320f91085c93c8b082dd703814c9777501d23bf9b328f07f04652592dc5a3f4321626a695b8db8e65c8617c809eb2978d8c9a882ffa82a4bb707c1a8f9a965bdacce5c041bafc94a1c6":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d02e2b02170986944487cba8448f998":"bc1d7553f4a28754cf59ed6f7a901901f04ce62a449db2b45ad60329d0341bb9ba421c783c28a9200b41da8ab6328d826293134a7d0c9a5775dd2735e7767efda4ad183566e0847d6d978abd1a8ab13b16b8323acef05ced3b571631e1e24ad44d65e6ffa64e03c9970e94bacb9f721aba06cda6a08806a3be63dddd8029301d":"6336077bb83eff1c9ea715de99b372cd":"":112:"0466bb2957281f64b59eafed3509":"":"5f395958f2f7acafb1bca6d3a6ec48b717f2ceeac1b77e1b0edc09a09e4a299d2ec722cc7daf34c8f4121a93c80b2adb20a2fc95afd09320f91085c93c8b082dd703814c9777501d23bf9b328f07f04652592dc5a3f4321626a695b8db8e65c8617c809eb2978d8c9a882ffa82a4bb707c1a8f9a965bdacce5c041bafc94a1c6":0
AES-GCM NIST Validation (AES-128,128,1024,0,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cd1ad1de0521d41645d13c97a18f4a20":"588c2617517329f3e1e7ba6206a183dc9232e6a4fa8c8b89532d46235af1e542acaa7eae4d034f139b00449076ba2ef9a692cae422998878dabdac60993dce9880d280bec1419803ba937366e5285c4a7f31a5f232f8d3ef73efe7267b3ef82a02f97d320ebc9db6219fbdf1c7f611e8e5164e9ecf25b32f9c07dfa12aa705af":"413873a0b063ad039da5513896233286":"":112:"d4dbe9cae116553b0cbe1984d176":"bd519b7e6921e6026784cd7b836c89bc1fa98e4013b41d2bf091ef0d602e44a70df89816c068d37f0c6377af46c8bfa73ec0d5bc0b61966f23e55a15a83cea49f37cc02213b4996f9353ee2b73a798b626e524b9c15937ecf98a4eded83fb62e6deea1de31e0a7f1d210f6d964bc3e69b269da834720fd33487874489b8932a8":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cd1ad1de0521d41645d13c97a18f4a20":"588c2617517329f3e1e7ba6206a183dc9232e6a4fa8c8b89532d46235af1e542acaa7eae4d034f139b00449076ba2ef9a692cae422998878dabdac60993dce9880d280bec1419803ba937366e5285c4a7f31a5f232f8d3ef73efe7267b3ef82a02f97d320ebc9db6219fbdf1c7f611e8e5164e9ecf25b32f9c07dfa12aa705af":"413873a0b063ad039da5513896233286":"":112:"d4dbe9cae116553b0cbe1984d176":"":"bd519b7e6921e6026784cd7b836c89bc1fa98e4013b41d2bf091ef0d602e44a70df89816c068d37f0c6377af46c8bfa73ec0d5bc0b61966f23e55a15a83cea49f37cc02213b4996f9353ee2b73a798b626e524b9c15937ecf98a4eded83fb62e6deea1de31e0a7f1d210f6d964bc3e69b269da834720fd33487874489b8932a8":0
AES-GCM NIST Validation (AES-128,128,1024,0,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cb120e9cd718b5119b4a58af0644eff":"4c8e8fb8c87ff6b994ae71bfbf0fa4529f03bad86edf9d27cf899ea93a32972640697e00546136c1dbc7e63662200951b6479c58ae26b1bd8c3b4f507c0d945d615183196868ec4f4865d1d00bb919a00184e9663f6cb9a7a0ddfc73ee2901f7a56ef2074d554f48cef254be558fca35651be405f91c39e0367762b4715d05fa":"5a7087989bfe2f6eddcb56fde4d72529":"":104:"95d8bd12af8a5ab677309df0fb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cb120e9cd718b5119b4a58af0644eff":"4c8e8fb8c87ff6b994ae71bfbf0fa4529f03bad86edf9d27cf899ea93a32972640697e00546136c1dbc7e63662200951b6479c58ae26b1bd8c3b4f507c0d945d615183196868ec4f4865d1d00bb919a00184e9663f6cb9a7a0ddfc73ee2901f7a56ef2074d554f48cef254be558fca35651be405f91c39e0367762b4715d05fa":"5a7087989bfe2f6eddcb56fde4d72529":"":104:"95d8bd12af8a5ab677309df0fb":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"315b206778c28ed0bfdd6e66088a5c39":"6186f57a85b65f54efbf9974a193012b1396fc0ca887227e1865f1c915ac2af9bbd55969f7de57ce9fb87604cf11c7bc822b542f745be8a101877a810ed72bf4544d0acb91f0f9d3c30b6a18c48b82557433d0db930e03bcecc6fb53530bfd99ee89f9e154aa1a3e2a2c2a7a9e08c9aed1deab7fae8ea5a31158b50bca2f5e79":"7ec6f47ec56dda5b52bbdaa6ad2eb6da":"":104:"930750c53effc7b84aa10b2276":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"315b206778c28ed0bfdd6e66088a5c39":"6186f57a85b65f54efbf9974a193012b1396fc0ca887227e1865f1c915ac2af9bbd55969f7de57ce9fb87604cf11c7bc822b542f745be8a101877a810ed72bf4544d0acb91f0f9d3c30b6a18c48b82557433d0db930e03bcecc6fb53530bfd99ee89f9e154aa1a3e2a2c2a7a9e08c9aed1deab7fae8ea5a31158b50bca2f5e79":"7ec6f47ec56dda5b52bbdaa6ad2eb6da":"":104:"930750c53effc7b84aa10b2276":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e886de1c907c97e7db8ec80a79df90f8":"c64cc9596d7c738746ab800f688eec190a4c802c55b2528931d74d294496892b81f53d3073d48f9bef1d58ce3be26547474cdda2868abeab71aff566fff613b4e5bfed1be1d2fff35d8ffa33302d3da1c82e421aa3a23848f31e26d90c0cb2ac2ae136ada73404ed3e0e1d3e7cb355a11cd2a4f9393b4d5eac988104fe1cf959":"612cacbf33266353d0a29a24532f3c0c":"":104:"76634e58d8f3a48f15875ac1d6":"7001d7395efb432e2804cc65c0ba5d4719ce84177ce46292c4fd62a5596bd2bab1d5c44217ac43235bd94489c43d01618a11f047d2e247062c3b88d6e59adaa1f46514fb33b7843483920bee60a41f3cb312322c305d25251b4704fb66da58637c95a9d539731434f60ef44fe3cd6d37e2c8e7089880a563938dcc98b43f08fd":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e886de1c907c97e7db8ec80a79df90f8":"c64cc9596d7c738746ab800f688eec190a4c802c55b2528931d74d294496892b81f53d3073d48f9bef1d58ce3be26547474cdda2868abeab71aff566fff613b4e5bfed1be1d2fff35d8ffa33302d3da1c82e421aa3a23848f31e26d90c0cb2ac2ae136ada73404ed3e0e1d3e7cb355a11cd2a4f9393b4d5eac988104fe1cf959":"612cacbf33266353d0a29a24532f3c0c":"":104:"76634e58d8f3a48f15875ac1d6":"":"7001d7395efb432e2804cc65c0ba5d4719ce84177ce46292c4fd62a5596bd2bab1d5c44217ac43235bd94489c43d01618a11f047d2e247062c3b88d6e59adaa1f46514fb33b7843483920bee60a41f3cb312322c305d25251b4704fb66da58637c95a9d539731434f60ef44fe3cd6d37e2c8e7089880a563938dcc98b43f08fd":0
AES-GCM NIST Validation (AES-128,128,1024,0,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3b936e09a6477f3bd52030a29df5001d":"65cf11d1afad19b34f282f98f140315992392f5d4eed4265085b29e1e5553f4783fec681ba2d368486ba6a54c00e71c82c08ca3d097904f021ce4b0acba2d2a7005e28e5f8750ea3d18a4f78363c37583e85104234498942c639a0564b0d80055c21cb7735dd44348298291ab602f345b1d74d624750c0177fbd5cca6f99223b":"f93105be83fa5e315d73acfdcf578de7":"":96:"91b55bb5e3f3f1abcf335db5":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3b936e09a6477f3bd52030a29df5001d":"65cf11d1afad19b34f282f98f140315992392f5d4eed4265085b29e1e5553f4783fec681ba2d368486ba6a54c00e71c82c08ca3d097904f021ce4b0acba2d2a7005e28e5f8750ea3d18a4f78363c37583e85104234498942c639a0564b0d80055c21cb7735dd44348298291ab602f345b1d74d624750c0177fbd5cca6f99223b":"f93105be83fa5e315d73acfdcf578de7":"":96:"91b55bb5e3f3f1abcf335db5":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dc9e2095de7b1b48481b56bf6a3604cd":"ed61ff94a3f84c72147faefa615e2df00324fb01790cf9764c72c1b8ba47f17866a1fd64ee5c2f53865d1bc24ec93165a6774466a59603199ee476c1f2da7d932c8943d126aa172d532d8475a484d42bb45fcf92766feafd7f3e2e3d42d22f6f84a90e7e688232f799d80cd2cc152ddd21ecfb137701ecafcb2b65abe2e4e6f4":"9e5268db19a1b51c0496a160ca76f8f7":"":96:"0fa9588536fca71bb44260f7":"ef562e301fcf923ff1a1acd3aff9b1c963058228655fe8a66cab01396547dbd2aa1f79a22eefc62944b86d1a31ebe2d17130175b8c003d6755b0eb8b79895b0f7f8046c5ae888a067ba17bc8e11a8f6e5023a9cd42f6461966c28e505b371c0f72a2606bff430a58016e99713d25ce11f10391fb4a922e27989422c6a64f9107":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dc9e2095de7b1b48481b56bf6a3604cd":"ed61ff94a3f84c72147faefa615e2df00324fb01790cf9764c72c1b8ba47f17866a1fd64ee5c2f53865d1bc24ec93165a6774466a59603199ee476c1f2da7d932c8943d126aa172d532d8475a484d42bb45fcf92766feafd7f3e2e3d42d22f6f84a90e7e688232f799d80cd2cc152ddd21ecfb137701ecafcb2b65abe2e4e6f4":"9e5268db19a1b51c0496a160ca76f8f7":"":96:"0fa9588536fca71bb44260f7":"":"ef562e301fcf923ff1a1acd3aff9b1c963058228655fe8a66cab01396547dbd2aa1f79a22eefc62944b86d1a31ebe2d17130175b8c003d6755b0eb8b79895b0f7f8046c5ae888a067ba17bc8e11a8f6e5023a9cd42f6461966c28e505b371c0f72a2606bff430a58016e99713d25ce11f10391fb4a922e27989422c6a64f9107":0
AES-GCM NIST Validation (AES-128,128,1024,0,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3f93901fd7cc88db3ba76a158d658c7b":"16402fded879fcbfe9405902aa63ca2a520889e0045f687455469b7bb867829a01208b8dc5dcc852d8ee478993c30e6d9ec6408773b367821310a0ae171d38d71e06981ff6e845acffbc794142b87c748e12484c0636419d79be3d798cde59e9dae0a4a4a4346596427e6b235ad52e6a1b02d6f4df0c7de35fc390cae36aef14":"7e98de461e6d96c0ce6c8d8b3854cf49":"":96:"86c9a70e4bab304ae46e6542":"1b4c09569b42c469b3ab6b39312c214502ec09f5fe2fed1d1933d13cdc6a7b77a5d135123fa69d9207d6844b0357b26b7a2f53b33a5cd218dacda87b78b09cf259e48e74076812c432e2d0833fb269721f9347c96e158500f9b2283342a35c8de0a022edce711118d72d8fbaa354bfb0ffee465844ef2d37e24ec2cea8556648":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3f93901fd7cc88db3ba76a158d658c7b":"16402fded879fcbfe9405902aa63ca2a520889e0045f687455469b7bb867829a01208b8dc5dcc852d8ee478993c30e6d9ec6408773b367821310a0ae171d38d71e06981ff6e845acffbc794142b87c748e12484c0636419d79be3d798cde59e9dae0a4a4a4346596427e6b235ad52e6a1b02d6f4df0c7de35fc390cae36aef14":"7e98de461e6d96c0ce6c8d8b3854cf49":"":96:"86c9a70e4bab304ae46e6542":"":"1b4c09569b42c469b3ab6b39312c214502ec09f5fe2fed1d1933d13cdc6a7b77a5d135123fa69d9207d6844b0357b26b7a2f53b33a5cd218dacda87b78b09cf259e48e74076812c432e2d0833fb269721f9347c96e158500f9b2283342a35c8de0a022edce711118d72d8fbaa354bfb0ffee465844ef2d37e24ec2cea8556648":0
AES-GCM NIST Validation (AES-128,128,1024,0,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"42289f3d3cd5838e250ef54b128e60d1":"3edae1d554b67d2036f5fdbdb2945cc112f100adc1b47009c2e23f6a2eaee78d1f39ce8a98f715853cc29fc793fb6981ec3036834188dea7d668185ccc8642071b15de1332f6a59c8a9b4399733eb4b3d8f224af57ba6b4a8e64494bb6630b9d28e7ec3349064350febcef6a3ad1d6cca1b1da74f3d2921c2b28a2dd399c3416":"e557389a216ad724aafdab0180e1892e":"":64:"6f78bc809f31393e":"25c476659cc7b343a69088baf868a811ba37daca85c4093105bf98235a90aeca015ab034da008af0982f9b2e80df804c186a9b2e97f74cffd70ebb7771d874fcaf12f6d01c44a8b0ec2898cf4493cf09a16a88a65cd77909bbf0430c9603869bd5f20d56cb51d8a3f0a032fc30d925c96599d296b1ec41c2912bda426adea4fb":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"42289f3d3cd5838e250ef54b128e60d1":"3edae1d554b67d2036f5fdbdb2945cc112f100adc1b47009c2e23f6a2eaee78d1f39ce8a98f715853cc29fc793fb6981ec3036834188dea7d668185ccc8642071b15de1332f6a59c8a9b4399733eb4b3d8f224af57ba6b4a8e64494bb6630b9d28e7ec3349064350febcef6a3ad1d6cca1b1da74f3d2921c2b28a2dd399c3416":"e557389a216ad724aafdab0180e1892e":"":64:"6f78bc809f31393e":"":"25c476659cc7b343a69088baf868a811ba37daca85c4093105bf98235a90aeca015ab034da008af0982f9b2e80df804c186a9b2e97f74cffd70ebb7771d874fcaf12f6d01c44a8b0ec2898cf4493cf09a16a88a65cd77909bbf0430c9603869bd5f20d56cb51d8a3f0a032fc30d925c96599d296b1ec41c2912bda426adea4fb":0
AES-GCM NIST Validation (AES-128,128,1024,0,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d772eabb7f19475665ca2a7e693bcfc":"e9fc4d86f5b857fa6057b73f967351e06f87288c40a95b9e378c84f1a4c0f4b80ed0a0b44ff90a8973be4199c0c4006fc4f5ea19d5f1fe8b9c8c01f4675ab85afab0592bb3daba36bb4fc7ed9eea867e9d8cc50c19fb62a5a57956e9efacebac5e9f849649d35a329bd68de97bb6e5ff7bef477a86765c2c9ec15e24cbba5c6e":"0747cbb486a013453fde1ca6abb11dbe":"":64:"8e761ffaea68f967":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d772eabb7f19475665ca2a7e693bcfc":"e9fc4d86f5b857fa6057b73f967351e06f87288c40a95b9e378c84f1a4c0f4b80ed0a0b44ff90a8973be4199c0c4006fc4f5ea19d5f1fe8b9c8c01f4675ab85afab0592bb3daba36bb4fc7ed9eea867e9d8cc50c19fb62a5a57956e9efacebac5e9f849649d35a329bd68de97bb6e5ff7bef477a86765c2c9ec15e24cbba5c6e":"0747cbb486a013453fde1ca6abb11dbe":"":64:"8e761ffaea68f967":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fb7fd753ee6eaaf283a42a121dab4e43":"fd5cecb2c0287cb8229e97d9cc4b9885f428710528884ce663ed1728cd44cb2df93e56ef17ace0678d1e341366c652f4ba7ee45797d39be4a05c1151e5cde499e13e5d45549b5d95a174d03616d06ef96e9d7b2b6bb0d79a726b253dd64223a5f09611671b234ccf9b383952f8888814b2c167e774cfbf54e9c6b99a753f4fa9":"8164929fb54485377ecccc9b9621af5e":"":64:"40a2fa7f4370afb2":"6208d068be60f7b04b80fc611062e6caaef9a5cf59f850d174b7446c78c039ea9aefe4885e19c2b33911d32ce1fe3c48ddffa4b03e450fd35da03f40c4e7c5bb3b1c3f3049dbfad3ac81ca1b79cafbaa172f4900e3829d38edea3b64000f93924a801259bc4b2523445c64bc23bfee190b952468507fa4baf6dc2bec66fcf0d8":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fb7fd753ee6eaaf283a42a121dab4e43":"fd5cecb2c0287cb8229e97d9cc4b9885f428710528884ce663ed1728cd44cb2df93e56ef17ace0678d1e341366c652f4ba7ee45797d39be4a05c1151e5cde499e13e5d45549b5d95a174d03616d06ef96e9d7b2b6bb0d79a726b253dd64223a5f09611671b234ccf9b383952f8888814b2c167e774cfbf54e9c6b99a753f4fa9":"8164929fb54485377ecccc9b9621af5e":"":64:"40a2fa7f4370afb2":"":"6208d068be60f7b04b80fc611062e6caaef9a5cf59f850d174b7446c78c039ea9aefe4885e19c2b33911d32ce1fe3c48ddffa4b03e450fd35da03f40c4e7c5bb3b1c3f3049dbfad3ac81ca1b79cafbaa172f4900e3829d38edea3b64000f93924a801259bc4b2523445c64bc23bfee190b952468507fa4baf6dc2bec66fcf0d8":0
AES-GCM NIST Validation (AES-128,128,1024,0,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30d757fd73a0fd5fa49159ad0653296d":"17d485b258f80d8924e35291118cfdcffd86c47851b65f0b06a7c1f5202de82f3f460fc61b1aa38fdba7c8ded375c92cf005afe63e59d362c0960044af39241b81ca24e85c5faa43903229355b7313fee21b992ef3931d9d2407b32b3cf72dd7acbc7948395eb513cb2fd428b215ba2bd1e29c62f45d0ce231884f62480c6d8f":"b35b8df0aebd0608517f2830e0e70cd0":"":32:"954c0e99":"022618d2598f79104e918a09c937a82b3db59243b5e13de731fcb912e4366105797ce47f6dce7f08073f2f41e5c15fd6b1ec4b5861469a4880c3b0bd769b78c696ff29c28c9349d5a46a6e5ad9211bd4b708a8c0b6928ebbb0dac1c0a5f5ce6b05de6a50073128566a23f09cc1b826aa5803f9f750aa4debf59f24ae9f98c9b5":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30d757fd73a0fd5fa49159ad0653296d":"17d485b258f80d8924e35291118cfdcffd86c47851b65f0b06a7c1f5202de82f3f460fc61b1aa38fdba7c8ded375c92cf005afe63e59d362c0960044af39241b81ca24e85c5faa43903229355b7313fee21b992ef3931d9d2407b32b3cf72dd7acbc7948395eb513cb2fd428b215ba2bd1e29c62f45d0ce231884f62480c6d8f":"b35b8df0aebd0608517f2830e0e70cd0":"":32:"954c0e99":"":"022618d2598f79104e918a09c937a82b3db59243b5e13de731fcb912e4366105797ce47f6dce7f08073f2f41e5c15fd6b1ec4b5861469a4880c3b0bd769b78c696ff29c28c9349d5a46a6e5ad9211bd4b708a8c0b6928ebbb0dac1c0a5f5ce6b05de6a50073128566a23f09cc1b826aa5803f9f750aa4debf59f24ae9f98c9b5":0
AES-GCM NIST Validation (AES-128,128,1024,0,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d9d3cfd5900de5d5e2109e7721cfeef6":"e4243cc37cc32dfcedf9bb76890e706af6ab1e06b290b8ccfe2a55e5dabe68cb390f7636dc9676b431d4dc8ad3f6d989e510194294ab7ab0556789046743cf374d8b6462f5f95a17f3f44337d6c69ee47b0e1ad7e5ce6f9b224c54099a104e70d2d06af869b921ea47febe08f90c591ed49c1f12003afceabd2c7bba458a0111":"b4b9dfb013de6f7c44779e5a9daaf5e5":"":32:"2b81e8ce":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d9d3cfd5900de5d5e2109e7721cfeef6":"e4243cc37cc32dfcedf9bb76890e706af6ab1e06b290b8ccfe2a55e5dabe68cb390f7636dc9676b431d4dc8ad3f6d989e510194294ab7ab0556789046743cf374d8b6462f5f95a17f3f44337d6c69ee47b0e1ad7e5ce6f9b224c54099a104e70d2d06af869b921ea47febe08f90c591ed49c1f12003afceabd2c7bba458a0111":"b4b9dfb013de6f7c44779e5a9daaf5e5":"":32:"2b81e8ce":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,0,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"68dc138f19354d73eaa1cf0e79231d74":"ce345567a76bc30d8b4fd2239788221cfa75e1a310aeeeb8c355f8eea57d80967f3047fbd4e6173fac5caeb22151fa607065953c4c35e0537b9e3788cc80de9eedf2a340698bde99a6a1bdc81265319da3e52f7a53883b7f21749237fcfd3cd4f149bb2be7a4ddd9ef0544cfe0789040d1dc951b6447304942f03ab0beae8866":"e7147749560f491420a2d893c075bb76":"":32:"70a83f6f":"64b021612c78b3e192e8349d48b77d02927e7fd70c7160d37cb8ef472f6bcd9df9d93431627c1c80875e208724ae05f94fdd2e005e9707b78a1bf3bbca7beec4b03ddd4d9de6235ffd6d84a8b9a1842e104c1e22df4566f6c4d3d4e3d96a56b9b8a5cdce9da70aa236109b289266036f285564060b204dfd7ac915eea0dd0b1e":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"68dc138f19354d73eaa1cf0e79231d74":"ce345567a76bc30d8b4fd2239788221cfa75e1a310aeeeb8c355f8eea57d80967f3047fbd4e6173fac5caeb22151fa607065953c4c35e0537b9e3788cc80de9eedf2a340698bde99a6a1bdc81265319da3e52f7a53883b7f21749237fcfd3cd4f149bb2be7a4ddd9ef0544cfe0789040d1dc951b6447304942f03ab0beae8866":"e7147749560f491420a2d893c075bb76":"":32:"70a83f6f":"":"64b021612c78b3e192e8349d48b77d02927e7fd70c7160d37cb8ef472f6bcd9df9d93431627c1c80875e208724ae05f94fdd2e005e9707b78a1bf3bbca7beec4b03ddd4d9de6235ffd6d84a8b9a1842e104c1e22df4566f6c4d3d4e3d96a56b9b8a5cdce9da70aa236109b289266036f285564060b204dfd7ac915eea0dd0b1e":0
AES-GCM NIST Validation (AES-128,128,1024,1024,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7362c86344e0aefb0cf0d04768f9c05d":"8baffc7836004deb87c0111d47c182512bf861874021ddfcd559acf2c4a51cf5bc4bfdee2d039b9c005b6af95a2607643dcf4d9cd9d62412f709334556db22fc91d7b40438505d6806ccb2f2c21ae731bc1f1c825d28a71ab27095a39985e96ccd07cfb2e75243ccafd474494a2338c324ef533ca5f17d2ac1b1883140342ced":"7e8d12c2f0dcf4f792247134234ac94b":"86d2b5debc3b10495da353d6821f6cad380776d805bd8660b08dcdb1acd87026e4f344b547a4db47b5f44cded314bec4ce9a417ce40a2acd5a21460c42dfcd27483abf3f38dd8cc5fa523b6768a26513df5896435baa97781cff1966e2e3d6ec6d0a9cdc013de5a50e4d46831667055bad04f784024a82f9cd087ae4cd37dd64":128:"9594da428fd8c1b13ecb23afa2c1af2e":"e2c424f42aedd56f0e17a39d43ad19c8e2731efc7a25f077aef51d55280b10e667e338bd981b82a975ef62bf53bc52496b6995d33c90c7ae14767c126826e3f32bd23f444ddcfd7a0dd323b0ae2c22defad04ce63892b45c176bd0b86f5fa057a3dc371359744cb80bbfb4a195755136a0ea90b4044a45bc1b069f3cb3695c04":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7362c86344e0aefb0cf0d04768f9c05d":"8baffc7836004deb87c0111d47c182512bf861874021ddfcd559acf2c4a51cf5bc4bfdee2d039b9c005b6af95a2607643dcf4d9cd9d62412f709334556db22fc91d7b40438505d6806ccb2f2c21ae731bc1f1c825d28a71ab27095a39985e96ccd07cfb2e75243ccafd474494a2338c324ef533ca5f17d2ac1b1883140342ced":"7e8d12c2f0dcf4f792247134234ac94b":"86d2b5debc3b10495da353d6821f6cad380776d805bd8660b08dcdb1acd87026e4f344b547a4db47b5f44cded314bec4ce9a417ce40a2acd5a21460c42dfcd27483abf3f38dd8cc5fa523b6768a26513df5896435baa97781cff1966e2e3d6ec6d0a9cdc013de5a50e4d46831667055bad04f784024a82f9cd087ae4cd37dd64":128:"9594da428fd8c1b13ecb23afa2c1af2e":"":"e2c424f42aedd56f0e17a39d43ad19c8e2731efc7a25f077aef51d55280b10e667e338bd981b82a975ef62bf53bc52496b6995d33c90c7ae14767c126826e3f32bd23f444ddcfd7a0dd323b0ae2c22defad04ce63892b45c176bd0b86f5fa057a3dc371359744cb80bbfb4a195755136a0ea90b4044a45bc1b069f3cb3695c04":0
AES-GCM NIST Validation (AES-128,128,1024,1024,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"58748bb204ccb7bdafdbf739b6c19a3e":"b72902c9ebb72a86be539b19a52fd9af00aa4de081d90c0d8ad580ebb5900177a036f40a1e9b43e3a07d715466526d6d7544e5a5551805b62463f956cd519fc99182c2d54bd62fc7ffc6e5ebf1503859b706da11a1b6c707a67a70789dbfc10ef726bd360f9f2347326e068e757c8443ddc9308a171e682359ae1bfe87194ab5":"93ac298c73c88e127a4d9dd81bf24e3d":"8f168fc4d1da13bdbefae3f9d6ac1d8cb19fcec1f43f727951af0a466d8826649a46c3cb50c045ea83849fce0eedbc042a1a435e6d9d59017997a2d5459b940078b8a7f3b6b0ff279ff8c560248296a17240ff1b0643d1f436b6e3f2079363fc49fb45f410debbdde083b92057916368cb807d603cb82e2c0dc01658bff7f1ab":128:"efba4589d4a03555766bbc3b421dd60f":"d5c97a659f016904ff76286f810e8e92da6f8db2c63d8a42e617760780637e32105503440cdf04d1fe67813312f1479fda8d746c8b0b080591eba83850382f600e9d8680516c6579669f0b3d0a30323510f9de1c92512790b8347751994d022156cae64da0808a649d163a0e99e869fdf224b7c1a6a8fbc613d5917eca8ee08c":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"58748bb204ccb7bdafdbf739b6c19a3e":"b72902c9ebb72a86be539b19a52fd9af00aa4de081d90c0d8ad580ebb5900177a036f40a1e9b43e3a07d715466526d6d7544e5a5551805b62463f956cd519fc99182c2d54bd62fc7ffc6e5ebf1503859b706da11a1b6c707a67a70789dbfc10ef726bd360f9f2347326e068e757c8443ddc9308a171e682359ae1bfe87194ab5":"93ac298c73c88e127a4d9dd81bf24e3d":"8f168fc4d1da13bdbefae3f9d6ac1d8cb19fcec1f43f727951af0a466d8826649a46c3cb50c045ea83849fce0eedbc042a1a435e6d9d59017997a2d5459b940078b8a7f3b6b0ff279ff8c560248296a17240ff1b0643d1f436b6e3f2079363fc49fb45f410debbdde083b92057916368cb807d603cb82e2c0dc01658bff7f1ab":128:"efba4589d4a03555766bbc3b421dd60f":"":"d5c97a659f016904ff76286f810e8e92da6f8db2c63d8a42e617760780637e32105503440cdf04d1fe67813312f1479fda8d746c8b0b080591eba83850382f600e9d8680516c6579669f0b3d0a30323510f9de1c92512790b8347751994d022156cae64da0808a649d163a0e99e869fdf224b7c1a6a8fbc613d5917eca8ee08c":0
AES-GCM NIST Validation (AES-128,128,1024,1024,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6cc13cbd62428bb8658dd3954fe9181f":"2c9ec982d1cfb644ddbc53c0759b10493206d5186affc6882fbb2ba3aa430f9bae1209db2d78dcc125f3c909a54dd84fdff96c71e678216a58390ef4308bdd90f94f7109c4edefa76a74fda64b201b7a435bbabc27298f3eaa4c2d1393bd584f811fff52638f6ad2f6d86a8c3c9c030d9d4264c8c079592a36178d25991cff09":"86740da7ce4efbed70af55e1d6c10fdf":"be561ac15e3cfda624b422af97c26719c140bb50e4a993d636efe9c7f1963fb9047a0762169b571a698ff310bc417e34d4039b7562a95af710ccc1b197964a376c986fd2ed8ac4b0c7b4e843c37a41366f2f483c821a1823f317416c7e4f32eed9b9dc2ae1a2f3ed32c4b3187358a2329aa42191b7c2fe87b6e27ff20303cb29":128:"76b990a1e010e5f088f6ae90bec40b32":"0b9a5f5d2e6852b75b9cf26c1b310b2200e56dafcf3c941478862cdf9737ac8e2cb9b38d41bd4a1872ea1b4cfd51a1a0b9b743aca439eefa10de8459a0a7a221c5429b3dee393f17031ca6c399df8e05657c3db55be9c9dd29e690042a4ed8db732efce7c58d6b20a2a0f7c79e42e5ada43b87ab00f481c20cac1b35514dcdc9":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6cc13cbd62428bb8658dd3954fe9181f":"2c9ec982d1cfb644ddbc53c0759b10493206d5186affc6882fbb2ba3aa430f9bae1209db2d78dcc125f3c909a54dd84fdff96c71e678216a58390ef4308bdd90f94f7109c4edefa76a74fda64b201b7a435bbabc27298f3eaa4c2d1393bd584f811fff52638f6ad2f6d86a8c3c9c030d9d4264c8c079592a36178d25991cff09":"86740da7ce4efbed70af55e1d6c10fdf":"be561ac15e3cfda624b422af97c26719c140bb50e4a993d636efe9c7f1963fb9047a0762169b571a698ff310bc417e34d4039b7562a95af710ccc1b197964a376c986fd2ed8ac4b0c7b4e843c37a41366f2f483c821a1823f317416c7e4f32eed9b9dc2ae1a2f3ed32c4b3187358a2329aa42191b7c2fe87b6e27ff20303cb29":128:"76b990a1e010e5f088f6ae90bec40b32":"":"0b9a5f5d2e6852b75b9cf26c1b310b2200e56dafcf3c941478862cdf9737ac8e2cb9b38d41bd4a1872ea1b4cfd51a1a0b9b743aca439eefa10de8459a0a7a221c5429b3dee393f17031ca6c399df8e05657c3db55be9c9dd29e690042a4ed8db732efce7c58d6b20a2a0f7c79e42e5ada43b87ab00f481c20cac1b35514dcdc9":0
AES-GCM NIST Validation (AES-128,128,1024,1024,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"286d3f5080cfe88538571188fbeb2dd5":"55135928997711360622eda1820c815aa22115204b1e9bb567e231ac6ea2594b4d652627b6816bdc6c40a4411fd6b12fab9a1f169d81c476dbf77151bff13f98ca0d1dc0a68ea681652be089fadbc66c604284eebfc8ce4cf10f4ca6bda0e0f6634023db6e3f0f1de626c3249a28a642ecc9ec5ff401e941fa8a3c691566c0ae":"da6140bd4dc6456ddab19069e86efb35":"5d350a04562a605e9082ebd8faec6c27e561425849e7f0f05f5049859c2c1bd2c4682ebf9773fab6177d2601fd5a086cefc3adef5a2f8f6b5dc9e649e98dd0a3d1a2524419f01305bd0fcfff52d84a20d1b14dea2138dcc54eea2bf263c6fe27c3e7255f1f359d0d00fb1b350d7a04965af30027632520197e85eb41de6bb286":120:"d90d34094d740214dd3de685010ce3":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"286d3f5080cfe88538571188fbeb2dd5":"55135928997711360622eda1820c815aa22115204b1e9bb567e231ac6ea2594b4d652627b6816bdc6c40a4411fd6b12fab9a1f169d81c476dbf77151bff13f98ca0d1dc0a68ea681652be089fadbc66c604284eebfc8ce4cf10f4ca6bda0e0f6634023db6e3f0f1de626c3249a28a642ecc9ec5ff401e941fa8a3c691566c0ae":"da6140bd4dc6456ddab19069e86efb35":"5d350a04562a605e9082ebd8faec6c27e561425849e7f0f05f5049859c2c1bd2c4682ebf9773fab6177d2601fd5a086cefc3adef5a2f8f6b5dc9e649e98dd0a3d1a2524419f01305bd0fcfff52d84a20d1b14dea2138dcc54eea2bf263c6fe27c3e7255f1f359d0d00fb1b350d7a04965af30027632520197e85eb41de6bb286":120:"d90d34094d740214dd3de685010ce3":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"726ae113a096769b657f973ea6d2d5dd":"90636012ba8c51d16f8f6df3d3bcabc3f09aeffbe2a762f62e677913188045b861b2e7d9a7bd93dcee46e9e4832e497a6f79db52b4e45c8dab20fa568ff9c4ace55be3216f514a3284768a25d86b1c7da5377622f3e90ed4c7bd4571715af4d0a2ab5181d0475f699202e4406bb9cfdbd4fa7f22d0dd744d36b3223134658496":"2f9900226c97585d200dd20a279c154a":"761663c3fcbf1db12bc25546b2425b8229b3153e75f79fa63958819caee3febff74603d99264b5a82ef5980439bef89301ae3206a1d01a3bbd7a6c99d27d1e934cc725daeb483f826c2c9d788fd1f67a627864cf8b5f94df777bb59ef90cb6781a2000e6f0baa4f1ea4754b47bb7cbd2699f83634e4d8ab16b325b2c49f13499":120:"d095bfb8990d4fd64752ee24f3de1e":"9f7759c6d24fd9aa0df02a7c0cc5f17e61622c63195f85dfafa5d820d3ad218c7288ec017821100f1fade10f9bb447a4a01e3698b045548c7619a08f2304e2818a9bf55e70b40f8b994b7dcf0cb243848cf3f6fdfec3ebbb147d01df84a3ec62cd8fa5d78ad9f2f28cd288a35eb49a5172339e9872e8e7e3350b0d69f59acd07":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"726ae113a096769b657f973ea6d2d5dd":"90636012ba8c51d16f8f6df3d3bcabc3f09aeffbe2a762f62e677913188045b861b2e7d9a7bd93dcee46e9e4832e497a6f79db52b4e45c8dab20fa568ff9c4ace55be3216f514a3284768a25d86b1c7da5377622f3e90ed4c7bd4571715af4d0a2ab5181d0475f699202e4406bb9cfdbd4fa7f22d0dd744d36b3223134658496":"2f9900226c97585d200dd20a279c154a":"761663c3fcbf1db12bc25546b2425b8229b3153e75f79fa63958819caee3febff74603d99264b5a82ef5980439bef89301ae3206a1d01a3bbd7a6c99d27d1e934cc725daeb483f826c2c9d788fd1f67a627864cf8b5f94df777bb59ef90cb6781a2000e6f0baa4f1ea4754b47bb7cbd2699f83634e4d8ab16b325b2c49f13499":120:"d095bfb8990d4fd64752ee24f3de1e":"":"9f7759c6d24fd9aa0df02a7c0cc5f17e61622c63195f85dfafa5d820d3ad218c7288ec017821100f1fade10f9bb447a4a01e3698b045548c7619a08f2304e2818a9bf55e70b40f8b994b7dcf0cb243848cf3f6fdfec3ebbb147d01df84a3ec62cd8fa5d78ad9f2f28cd288a35eb49a5172339e9872e8e7e3350b0d69f59acd07":0
AES-GCM NIST Validation (AES-128,128,1024,1024,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"73a9eeda721c6f292e6b399e2647f8a6":"215fc7e52abe4c751ca2f7f9a5cbde9ab8b44b8d4054bb62dcea6df5b936145ca6ec83a2b78b070638fd6e5ea3bad5d0caf1b8f755f391c3e0962a92337e3eba575585eb83680075fc818860388c587746af78d5fc75ccd0a63f1612abb1ba0f04a2228ca27fbddba4878f9b2683683f516b6d6fe4f6622e603bd3c5ad45e332":"c1e80eb723960049cc4448b66433f1cf":"fb2a0b1f817404e74aee0a6ec8f2cd86f0c9114ed367b2690c44ad80f9d3377d7fd5066beaf1daa739d27ed3fba98379188016b1fe901204a174f9ffca370c181aece5e5d40939a0d460913b40b895e78a3b80ddf3d613c05e4e27bfd161ea2ef42271a2679f2cdca5b728ffb2319781c946a4f3ecacf486b754b30bb04ea60b":120:"e08161262234d0d5be22f09e5646bf":"b5e286183f16dd9403bec6786bd4836cc6add47947ef111fb1d5503c18c333c8fe60959502f58390d0e0f69fbe5fee13c72aed65fe6e32f6ea45877fe44f8a556aa5157b112e572197c1c350b7943c6cf2e9146018599524d27599f09c86027f2c5927e4a20c63833870e8369baa36ecc07cdb3ced520b5ae46869ff357ca089":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"73a9eeda721c6f292e6b399e2647f8a6":"215fc7e52abe4c751ca2f7f9a5cbde9ab8b44b8d4054bb62dcea6df5b936145ca6ec83a2b78b070638fd6e5ea3bad5d0caf1b8f755f391c3e0962a92337e3eba575585eb83680075fc818860388c587746af78d5fc75ccd0a63f1612abb1ba0f04a2228ca27fbddba4878f9b2683683f516b6d6fe4f6622e603bd3c5ad45e332":"c1e80eb723960049cc4448b66433f1cf":"fb2a0b1f817404e74aee0a6ec8f2cd86f0c9114ed367b2690c44ad80f9d3377d7fd5066beaf1daa739d27ed3fba98379188016b1fe901204a174f9ffca370c181aece5e5d40939a0d460913b40b895e78a3b80ddf3d613c05e4e27bfd161ea2ef42271a2679f2cdca5b728ffb2319781c946a4f3ecacf486b754b30bb04ea60b":120:"e08161262234d0d5be22f09e5646bf":"":"b5e286183f16dd9403bec6786bd4836cc6add47947ef111fb1d5503c18c333c8fe60959502f58390d0e0f69fbe5fee13c72aed65fe6e32f6ea45877fe44f8a556aa5157b112e572197c1c350b7943c6cf2e9146018599524d27599f09c86027f2c5927e4a20c63833870e8369baa36ecc07cdb3ced520b5ae46869ff357ca089":0
AES-GCM NIST Validation (AES-128,128,1024,1024,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90dbda7397d8fc46215a1218a6ffd0d8":"4f82a1eca6c9184240f50f7e0cfec07ec772cad5276d93043c462d8364addd9a652eed385ccc6b0faa6ca679ab3a4c3d0be6a759425fd38316ee6a1b1b0c52c1bb3b57a9bd7c8a3be95c82f37800c2e3b42dde031851937398811f8f8dc2a15bfd2d6be99a572d56f536e62bc5b041d3944da666081cd755ec347f464214bf33":"7be477d14df5dc15877ae537b62e1a56":"7358ddf1310a58871a2f76705f1cf64223c015c4d1574104d2e38783bb866205042f05c86e76c47a2516ce284911f1d2cbee079982dd77167e328b8324eec47c9244cc5668cf908c679bb586d4dd32c6c99ed99a6b571cf18b00689463e7a88cea6ea32d288301a10a9139ed6092ffe298e25b8cfb6b4be8217f16076dcd0a90":112:"776d871944159c51b2f5ec1980a6":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90dbda7397d8fc46215a1218a6ffd0d8":"4f82a1eca6c9184240f50f7e0cfec07ec772cad5276d93043c462d8364addd9a652eed385ccc6b0faa6ca679ab3a4c3d0be6a759425fd38316ee6a1b1b0c52c1bb3b57a9bd7c8a3be95c82f37800c2e3b42dde031851937398811f8f8dc2a15bfd2d6be99a572d56f536e62bc5b041d3944da666081cd755ec347f464214bf33":"7be477d14df5dc15877ae537b62e1a56":"7358ddf1310a58871a2f76705f1cf64223c015c4d1574104d2e38783bb866205042f05c86e76c47a2516ce284911f1d2cbee079982dd77167e328b8324eec47c9244cc5668cf908c679bb586d4dd32c6c99ed99a6b571cf18b00689463e7a88cea6ea32d288301a10a9139ed6092ffe298e25b8cfb6b4be8217f16076dcd0a90":112:"776d871944159c51b2f5ec1980a6":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0c85174d428fc1c7c89ca5d1b8aaba25":"3735cbfb8000260021d1938d2a18e7737f378ecddb11a46ce387bf04e20bbfcc902457637fd152ab87017185601f32a7f906057123b6c2da31a1069c93e3cacc59a359aebd3e31b302e1a1f7d5d8f1b2917a8fe79181fa633b925ce03a1198dac48f4c959076b55bc6b3d50188af2c6aa33d83698aa8db22649f39825ba54775":"b3c9dfa4c55388a128fbf62aa5927361":"3f552d45b61cf05ae2aa92668e89f3338a15ec7c5b7113b6571cfcd9e4c4a962043ccd9323f828dd645e8a91b007ce2112b7f978ad22ee9821698a4f2559d987ae4421452ad2e8d180953297156426d4540aff2104d8637b56b034a3a1823cf962bffbc465fe6148097975a8821ca7487e6e6c7ff4ee4de899fe67345676bb1c":112:"1e7dec83830183d56f443a16471d":"3d98cabca4afb7c1f6b8eeed521f4666ae252ac12d17ebf4a710b9a22d839b69458387ba4bbec2f6400e0cff80fbe4682c24efcd3b8c594d9b515ca7842c9d5988c42b59b6526c29a99256451e2927f5b956ef262f97c733dfa8bff73644473b9a8562bdfca748f4733ddce94a60024dfbfcde62fb3cbd7c3d955012d5338b91":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0c85174d428fc1c7c89ca5d1b8aaba25":"3735cbfb8000260021d1938d2a18e7737f378ecddb11a46ce387bf04e20bbfcc902457637fd152ab87017185601f32a7f906057123b6c2da31a1069c93e3cacc59a359aebd3e31b302e1a1f7d5d8f1b2917a8fe79181fa633b925ce03a1198dac48f4c959076b55bc6b3d50188af2c6aa33d83698aa8db22649f39825ba54775":"b3c9dfa4c55388a128fbf62aa5927361":"3f552d45b61cf05ae2aa92668e89f3338a15ec7c5b7113b6571cfcd9e4c4a962043ccd9323f828dd645e8a91b007ce2112b7f978ad22ee9821698a4f2559d987ae4421452ad2e8d180953297156426d4540aff2104d8637b56b034a3a1823cf962bffbc465fe6148097975a8821ca7487e6e6c7ff4ee4de899fe67345676bb1c":112:"1e7dec83830183d56f443a16471d":"":"3d98cabca4afb7c1f6b8eeed521f4666ae252ac12d17ebf4a710b9a22d839b69458387ba4bbec2f6400e0cff80fbe4682c24efcd3b8c594d9b515ca7842c9d5988c42b59b6526c29a99256451e2927f5b956ef262f97c733dfa8bff73644473b9a8562bdfca748f4733ddce94a60024dfbfcde62fb3cbd7c3d955012d5338b91":0
AES-GCM NIST Validation (AES-128,128,1024,1024,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d89f06eb07744d43d44734faf9751d07":"36cc3b2f563305208a03378f7dc036119f7de3fee77cefac06515853d36609a622382ed026c59783fbc0d9910767874c516e10c7bf3e3d104f73b3463c8d93a63418c76cb0d05e62e9c8642cb4f32caced2620912cb6c79e5110a27d5fba1ef3b4d0578077858526c5e4254365f2b2ab47a45df4af08980b3b7a9b66dff5b38c":"185f8d033713ee629e93561cf8d5acb8":"743bcb671d0aa1c547b5448d64d7c6b290777625ba28f25ca0fbf1fc66495a2fde0648a8db51039b0e7340d993aef8afb48269e660cb599837d1e46f72727762d887ee84c073d6136d1b0bc7d4c78f5673a4a6b73375937e8d54a47304845f38ca6b4f51cf14136a0826016535dc5ed003e38c3ac362b9d58ba8b555a05a1412":112:"fcad48076eb03ebe85c6d64f6357":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d89f06eb07744d43d44734faf9751d07":"36cc3b2f563305208a03378f7dc036119f7de3fee77cefac06515853d36609a622382ed026c59783fbc0d9910767874c516e10c7bf3e3d104f73b3463c8d93a63418c76cb0d05e62e9c8642cb4f32caced2620912cb6c79e5110a27d5fba1ef3b4d0578077858526c5e4254365f2b2ab47a45df4af08980b3b7a9b66dff5b38c":"185f8d033713ee629e93561cf8d5acb8":"743bcb671d0aa1c547b5448d64d7c6b290777625ba28f25ca0fbf1fc66495a2fde0648a8db51039b0e7340d993aef8afb48269e660cb599837d1e46f72727762d887ee84c073d6136d1b0bc7d4c78f5673a4a6b73375937e8d54a47304845f38ca6b4f51cf14136a0826016535dc5ed003e38c3ac362b9d58ba8b555a05a1412":112:"fcad48076eb03ebe85c6d64f6357":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6150f14dc53f391e815acfabed9f9e20":"fd8f337017e1b60d6618e6e4ad37c1f230cdeb78891579c2c63d4e6a4f7d2cb7252e99de333c73db45958808c08e91359c885a7385ab6f9ed98a27927a5b83c3a456ce2e01869712675e527155ba1e339ac14a3ccd7a4b87360902f2b8381308fe5a4eac5c90d0b84da4bf5b907de6ff3139cffd23b49a78750006100183032a":"7e92dd558bd2662c3a539dfe21a352cf":"9b4624e9118e6aa5dc65b69856638f77fd3f9f562046f50ba92a64e988258637932af7979f000505b84a71ff5dd7b60bad62586b1a8837a61c15a1a1ba7f06668272c28169915d7f06297b6c2a96c8c44203a422bfd25500c82e11274ffe07706365bfd3da34af4c4dd8ad7b620de7284a5af729bea9c4ed2631bdcba2ebdb7d":104:"922a7b48ad5bf61e6d70751cfe":"f272a3ee9b981f97785cc6fad350e516d72d402dae0d8a531c064ec64598b2a5760f9b279c10aa1ff71bec07300ab0373187138e7a103fc4130105afa6b6346f3d368b40d6f542375de97878ad4d976d64c5c4968a17be2b1757a17c03100231c34721250cd37cc596678764083ade89ae3b1a2151ff9151edcd7ba0eb8a4649":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6150f14dc53f391e815acfabed9f9e20":"fd8f337017e1b60d6618e6e4ad37c1f230cdeb78891579c2c63d4e6a4f7d2cb7252e99de333c73db45958808c08e91359c885a7385ab6f9ed98a27927a5b83c3a456ce2e01869712675e527155ba1e339ac14a3ccd7a4b87360902f2b8381308fe5a4eac5c90d0b84da4bf5b907de6ff3139cffd23b49a78750006100183032a":"7e92dd558bd2662c3a539dfe21a352cf":"9b4624e9118e6aa5dc65b69856638f77fd3f9f562046f50ba92a64e988258637932af7979f000505b84a71ff5dd7b60bad62586b1a8837a61c15a1a1ba7f06668272c28169915d7f06297b6c2a96c8c44203a422bfd25500c82e11274ffe07706365bfd3da34af4c4dd8ad7b620de7284a5af729bea9c4ed2631bdcba2ebdb7d":104:"922a7b48ad5bf61e6d70751cfe":"":"f272a3ee9b981f97785cc6fad350e516d72d402dae0d8a531c064ec64598b2a5760f9b279c10aa1ff71bec07300ab0373187138e7a103fc4130105afa6b6346f3d368b40d6f542375de97878ad4d976d64c5c4968a17be2b1757a17c03100231c34721250cd37cc596678764083ade89ae3b1a2151ff9151edcd7ba0eb8a4649":0
AES-GCM NIST Validation (AES-128,128,1024,1024,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3e8216072ed6fcde0fe0f636b27ed718":"3b50f2a8dca9f70178503d861d9e37f5edfafc80ee023bfed390a477372986e4794175ec22ac038c3461aba50c9b2379cab48512946efdfe2cb9c12a858b373a5309324f410e6a05e88ba892759dbee6e486dc9665f66cb5950ea7e71317fa94abbebd67a3948746a998173fbbb4f14f9effbdf66d3b6e346053496a4b1934ce":"23a122cf363c3117b8c663388c760ee4":"28ce0b4a44fa83323e060f3ff6436b8829d4f842090296bdc952b6d4a6b1b1a66be06168c63c4643e6ac186f7ffd8d144f603b2d4bc0d65be48121676f9fa1f359029c512bebfd75075ff357bc55f20fc76d9f2477c9930f16408f9f09c5ae86efa2529d2f1449ceeb635b83ca13662860ef9ac04a3d8ab4605eccd2d9ae5a71":104:"531a65cc5dfeca671cc64078d1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3e8216072ed6fcde0fe0f636b27ed718":"3b50f2a8dca9f70178503d861d9e37f5edfafc80ee023bfed390a477372986e4794175ec22ac038c3461aba50c9b2379cab48512946efdfe2cb9c12a858b373a5309324f410e6a05e88ba892759dbee6e486dc9665f66cb5950ea7e71317fa94abbebd67a3948746a998173fbbb4f14f9effbdf66d3b6e346053496a4b1934ce":"23a122cf363c3117b8c663388c760ee4":"28ce0b4a44fa83323e060f3ff6436b8829d4f842090296bdc952b6d4a6b1b1a66be06168c63c4643e6ac186f7ffd8d144f603b2d4bc0d65be48121676f9fa1f359029c512bebfd75075ff357bc55f20fc76d9f2477c9930f16408f9f09c5ae86efa2529d2f1449ceeb635b83ca13662860ef9ac04a3d8ab4605eccd2d9ae5a71":104:"531a65cc5dfeca671cc64078d1":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1af434b73a1210b08595ffa686079832":"13f6c1c2d4edcf1438a7b4e85bcd1c84a989831a64d205e7854fce8817ddfceab67d10506ccf6ed9ce50080ef809e28e46cba7b0c96be6a811f59cd09cb3b7b3fe5073ee6763f40aee61e3e65356093f97deef5a8721d995e71db27a51f60a50e34ac3348852c445188cfc64337455f317f87535d465c6f96006f4079396eba3":"ae318f3cb881d1680f6afbf6713a9a2f":"3763c9241be0d9d9a9e46e64b12e107d16cca267ff87844c2325af910cc9a485c7015d95bbe62398864d079fb2b577ba0cfad923c24fa30691ad7d767d651eed4a33d0be8f06fed43f58b2e0bb04959f10b9e8e73bd80d3a6a8c8ce637bfbdb9d02c2b0a3dd8317c4997822031a35d34b3b61819b425c10c64e839b29874ddfb":104:"2ae7350dd3d1909a73f8d64255":"3cd2a770300ce4c85740666640936a0fe48888788702fc37e7a8296adb40b862ec799f257a16821adaa7315bd31e8dec60e4a8faeb8ba2ee606340f0219a6440e9c1d3168425e58fac02e8a88865f30649913d988353ab81f42a5ad43f960055f0877acda20f493208c2c40754fbf4ccee040975aa358ea3fe62cbd028c1611a":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1af434b73a1210b08595ffa686079832":"13f6c1c2d4edcf1438a7b4e85bcd1c84a989831a64d205e7854fce8817ddfceab67d10506ccf6ed9ce50080ef809e28e46cba7b0c96be6a811f59cd09cb3b7b3fe5073ee6763f40aee61e3e65356093f97deef5a8721d995e71db27a51f60a50e34ac3348852c445188cfc64337455f317f87535d465c6f96006f4079396eba3":"ae318f3cb881d1680f6afbf6713a9a2f":"3763c9241be0d9d9a9e46e64b12e107d16cca267ff87844c2325af910cc9a485c7015d95bbe62398864d079fb2b577ba0cfad923c24fa30691ad7d767d651eed4a33d0be8f06fed43f58b2e0bb04959f10b9e8e73bd80d3a6a8c8ce637bfbdb9d02c2b0a3dd8317c4997822031a35d34b3b61819b425c10c64e839b29874ddfb":104:"2ae7350dd3d1909a73f8d64255":"":"3cd2a770300ce4c85740666640936a0fe48888788702fc37e7a8296adb40b862ec799f257a16821adaa7315bd31e8dec60e4a8faeb8ba2ee606340f0219a6440e9c1d3168425e58fac02e8a88865f30649913d988353ab81f42a5ad43f960055f0877acda20f493208c2c40754fbf4ccee040975aa358ea3fe62cbd028c1611a":0
AES-GCM NIST Validation (AES-128,128,1024,1024,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"04036d2f5273c6ff5b8364aa595359c9":"acf79b6099490af938fb5fd8913255b3daa22786b03356cdf3e0ffaf570f9f866047b8e15c9953f893d97e7098265297396868ebc383be8547e8ec9d974b6a65b5dc5147cdadef2e2ad96696e84e44f364c2ba18c8aabe21f99489957b2b5484bf3fb4fecaf5ddaa1d373e910059c978918a3d01b955de2adb475914bf2c2067":"edc433c381140dff929d9df9f62f4cb6":"404acfeeea342aeea8c8b7449af9e20ddf5b85dc7770d2144a4dd05959613d04d0cfece5a21cbb1a9175ddc9443ffacd2085332eb4c337a12a7bb294c95960e7c0bde4b8ab30a91e50267bbd0b8d2a4ed381409ea2e4c84f9a2070a793ce3c90ea8a4b140651b452674f85d5b76d0055df115608bf3a3c60996108023ebabe65":96:"71f818f1a2b789fabbda8ec1":"4729cb642304de928b9dca32bb3d7b7836dd3973bbccf3f013c8ff4b59eca56f5d34d1b8f030a7b581b2f8fdc1e22b76a4cbc10095559876736d318d6c96c5c64cbd9fbd1d8eb4df38a2d56640d67d490d03acc1cd32d3f377eb1907bbd600f21d740b578080ba9c6ddc7dc6c50cdcee41fec51499cb944713c0961fc64f5a70":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"04036d2f5273c6ff5b8364aa595359c9":"acf79b6099490af938fb5fd8913255b3daa22786b03356cdf3e0ffaf570f9f866047b8e15c9953f893d97e7098265297396868ebc383be8547e8ec9d974b6a65b5dc5147cdadef2e2ad96696e84e44f364c2ba18c8aabe21f99489957b2b5484bf3fb4fecaf5ddaa1d373e910059c978918a3d01b955de2adb475914bf2c2067":"edc433c381140dff929d9df9f62f4cb6":"404acfeeea342aeea8c8b7449af9e20ddf5b85dc7770d2144a4dd05959613d04d0cfece5a21cbb1a9175ddc9443ffacd2085332eb4c337a12a7bb294c95960e7c0bde4b8ab30a91e50267bbd0b8d2a4ed381409ea2e4c84f9a2070a793ce3c90ea8a4b140651b452674f85d5b76d0055df115608bf3a3c60996108023ebabe65":96:"71f818f1a2b789fabbda8ec1":"":"4729cb642304de928b9dca32bb3d7b7836dd3973bbccf3f013c8ff4b59eca56f5d34d1b8f030a7b581b2f8fdc1e22b76a4cbc10095559876736d318d6c96c5c64cbd9fbd1d8eb4df38a2d56640d67d490d03acc1cd32d3f377eb1907bbd600f21d740b578080ba9c6ddc7dc6c50cdcee41fec51499cb944713c0961fc64f5a70":0
AES-GCM NIST Validation (AES-128,128,1024,1024,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"59fe44c6e28d025b2ad05e6e867051ab":"20e66bae1215de9a87a0b878d39015d17e0d4542a1aaba2000cefbd5f892c26a410f55f0d7dc2f6b66690f2997032985e5516e068bfc6ec8a3669f566e280b0cefded519023b735ee3bcbfc5b6ce8203b727933a750f9bd515ec448c1f3a030aa0f40e607727a3239ebbe655d46b38a3d867e481ccf0fadbf0d59b665d2ed6b5":"eb0c30320029433f66d29b3fd5c6563b":"49b7418b87374b462d25309b1c06e3132a3c8f4a4fcf29fed58e0902509426be712639db21c076df7b83dcfcc2c2c8fcc88576f4622a4366eb42f84ebf760e3eb22b14f8b5ff83f06a6f04a924eaab05b912e126e80da22461abf7f1925fd72ebdf2aea335a044726e7c2ebbb2b8aeebab4f7de5e186b50f275b700794d895d8":96:"296c4cdaeb94beb2847dc53d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"59fe44c6e28d025b2ad05e6e867051ab":"20e66bae1215de9a87a0b878d39015d17e0d4542a1aaba2000cefbd5f892c26a410f55f0d7dc2f6b66690f2997032985e5516e068bfc6ec8a3669f566e280b0cefded519023b735ee3bcbfc5b6ce8203b727933a750f9bd515ec448c1f3a030aa0f40e607727a3239ebbe655d46b38a3d867e481ccf0fadbf0d59b665d2ed6b5":"eb0c30320029433f66d29b3fd5c6563b":"49b7418b87374b462d25309b1c06e3132a3c8f4a4fcf29fed58e0902509426be712639db21c076df7b83dcfcc2c2c8fcc88576f4622a4366eb42f84ebf760e3eb22b14f8b5ff83f06a6f04a924eaab05b912e126e80da22461abf7f1925fd72ebdf2aea335a044726e7c2ebbb2b8aeebab4f7de5e186b50f275b700794d895d8":96:"296c4cdaeb94beb2847dc53d":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c314264cee0e6db30ebe9b2f6d4991b2":"d436ff9abfb044a332c4e009b591719a67b12a5366da0a66edf19605c34daa37588e15dd3da0d1a097215e469439de79cca74e04cd4904e5b4a6cb4e0ea54e6ba4e624ed6bd48be32d1ef68ffea1639a14e91a5914c2346ea526df95cbd4ad1b8ee842da210b35b6315c3075ecc267d51643c4b39202d0ad793cbb0045ebdc19":"4cd4431bb6dea8eb18ae74e4c35a6698":"0eeafbfd04f9a0ea18e5bdc688c7df27183f346187e9574b61222006f2b3e12e8d9d9bf1f0f15949ee1a7ee8e5c80ee903b8ba2860e15ccb999929f280200b159c2adca481748d0632a7b40601c45055f8cb5126148e6cbab2c76f543537ab54eb276188343cea3c4ab0d7b65b8754e55cfe3f6a5c41b6ea3c08b81fcecc968a":96:"fda18d2f795d900f057fe872":"cb9e0fb0ac13ca730b79e34745584b362d0716c344e4de90d8352b21117471ba12c97f193150b33774baee5e4a0f11b10428eaf0106c958e16aa46c5f6f3d99eed93d1b9ba3957bed05a8b9cc8c5511cf813a66dc7d773cb735b0523d8d6b0b80639b031ddc375f714c6dd50055320cd7ed44a471c8d5645c938a9005d0b5050":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c314264cee0e6db30ebe9b2f6d4991b2":"d436ff9abfb044a332c4e009b591719a67b12a5366da0a66edf19605c34daa37588e15dd3da0d1a097215e469439de79cca74e04cd4904e5b4a6cb4e0ea54e6ba4e624ed6bd48be32d1ef68ffea1639a14e91a5914c2346ea526df95cbd4ad1b8ee842da210b35b6315c3075ecc267d51643c4b39202d0ad793cbb0045ebdc19":"4cd4431bb6dea8eb18ae74e4c35a6698":"0eeafbfd04f9a0ea18e5bdc688c7df27183f346187e9574b61222006f2b3e12e8d9d9bf1f0f15949ee1a7ee8e5c80ee903b8ba2860e15ccb999929f280200b159c2adca481748d0632a7b40601c45055f8cb5126148e6cbab2c76f543537ab54eb276188343cea3c4ab0d7b65b8754e55cfe3f6a5c41b6ea3c08b81fcecc968a":96:"fda18d2f795d900f057fe872":"":"cb9e0fb0ac13ca730b79e34745584b362d0716c344e4de90d8352b21117471ba12c97f193150b33774baee5e4a0f11b10428eaf0106c958e16aa46c5f6f3d99eed93d1b9ba3957bed05a8b9cc8c5511cf813a66dc7d773cb735b0523d8d6b0b80639b031ddc375f714c6dd50055320cd7ed44a471c8d5645c938a9005d0b5050":0
AES-GCM NIST Validation (AES-128,128,1024,1024,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"26072018bd0bda524b5beb66a622c63e":"91c524b359dae3bc49117eebfa610672af1e7754054607317d4c417e7b1a68453f72d355468f825aeb7fde044b20049aed196ec6646cce1eeeccf06cb394286272b573220cdb846613ebc4683442dccc7a19ec86ef1ec971c115726584ae1f4008f94e47d1290d8b6b7a932cfe07165fd2b94e8f96d15f73bf72939c73f4bd11":"c783d6d3b8392160e3b68038b43cf1f4":"8ae7c809a9dc40a6732a7384e3c64abb359c1b09dcb752e5a6b584873e3890230c6fc572b9ad24d849766f849c73f060fc48f664c1af9e6707e223691b77e170966ed164e0cc25ede3fbc3541c480f75b71e7be88fe730d8b361ea2733c6f37e6a59621de6004e020894b51dfb525973d641efe8d5fd9077a0bbc9dc7933a5de":64:"edffe55c60235556":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"26072018bd0bda524b5beb66a622c63e":"91c524b359dae3bc49117eebfa610672af1e7754054607317d4c417e7b1a68453f72d355468f825aeb7fde044b20049aed196ec6646cce1eeeccf06cb394286272b573220cdb846613ebc4683442dccc7a19ec86ef1ec971c115726584ae1f4008f94e47d1290d8b6b7a932cfe07165fd2b94e8f96d15f73bf72939c73f4bd11":"c783d6d3b8392160e3b68038b43cf1f4":"8ae7c809a9dc40a6732a7384e3c64abb359c1b09dcb752e5a6b584873e3890230c6fc572b9ad24d849766f849c73f060fc48f664c1af9e6707e223691b77e170966ed164e0cc25ede3fbc3541c480f75b71e7be88fe730d8b361ea2733c6f37e6a59621de6004e020894b51dfb525973d641efe8d5fd9077a0bbc9dc7933a5de":64:"edffe55c60235556":"FAIL":"":0
AES-GCM NIST Validation (AES-128,128,1024,1024,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"201751d3da98bd39ff4e5990a56cfea7":"2965af0bde3565a00e61cebbfe0b51b5b5ee98dbbfff7b1b5bf61da5ba537e6f4cf5fa07d2b20e518232c4961e6bc3ae247b797429da5d7eee2fc675b07066ac2e670261c6e9a91d920c7076101d86d5ef422b58e74bdc1e0b1d58298d3ee0f510ee3a3f63a3bbc24a55be556e465c20525dd100e33815c2a128ac89574884c1":"6172468634bf4e5dda96f67d433062d7":"ae2d770f40706e1eaa36e087b0093ec11ed58afbde4695794745e7523be0a1e4e54daade393f68ba770956d1cfb267b083431851d713249ffe4b61227f1784769ce8c9127f54271526d54181513aca69dc013b2dfb4a5277f4798b1ff674bca79b3dec4a7a27fcf2905ae0ce03f727c315662cd906e57aa557d1023cce2acd84":64:"66c247e5ad4e1d6a":"efd064d4b4ef4c37b48ddf2fa6f5facc5e9cc4c3255b23a1e3765fabb5a339fa0eda754a5381b72989fc1323ff9a6bbaecd904eb4835e5a511b922927574673061ed8de23299ea1456054e7ebb62869878c34fb95e48c8385b5ebceecb962654cf1586b3f54e7887ce31850363e9a22be9e6fbc22e694db81aa055490495dbf2":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"201751d3da98bd39ff4e5990a56cfea7":"2965af0bde3565a00e61cebbfe0b51b5b5ee98dbbfff7b1b5bf61da5ba537e6f4cf5fa07d2b20e518232c4961e6bc3ae247b797429da5d7eee2fc675b07066ac2e670261c6e9a91d920c7076101d86d5ef422b58e74bdc1e0b1d58298d3ee0f510ee3a3f63a3bbc24a55be556e465c20525dd100e33815c2a128ac89574884c1":"6172468634bf4e5dda96f67d433062d7":"ae2d770f40706e1eaa36e087b0093ec11ed58afbde4695794745e7523be0a1e4e54daade393f68ba770956d1cfb267b083431851d713249ffe4b61227f1784769ce8c9127f54271526d54181513aca69dc013b2dfb4a5277f4798b1ff674bca79b3dec4a7a27fcf2905ae0ce03f727c315662cd906e57aa557d1023cce2acd84":64:"66c247e5ad4e1d6a":"":"efd064d4b4ef4c37b48ddf2fa6f5facc5e9cc4c3255b23a1e3765fabb5a339fa0eda754a5381b72989fc1323ff9a6bbaecd904eb4835e5a511b922927574673061ed8de23299ea1456054e7ebb62869878c34fb95e48c8385b5ebceecb962654cf1586b3f54e7887ce31850363e9a22be9e6fbc22e694db81aa055490495dbf2":0
AES-GCM NIST Validation (AES-128,128,1024,1024,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3bc0dcb5261a641a08e6cb00d23e4deb":"d533ad89a1a578db330c01b4e04d08238b020e36aebe87cf2b0bf0b01f1ce4197be8b0596e475a95946918152e8b334ba89f60486c31f0bd8773ca4ff1319fe92197088b131e728d64405441c4fb5466641f0b8682e6cb371f8a8936140b16677f6def8b3dd9cbf47a73f553f1dca4320ad76f387e92f910f9434543f0df0626":"16fa19f69fceed9e97173207158755a5":"92ddd3b98f08fc8538f6106f6434a1efa0a7441cc7f6fd0841103c2e4dd181ea0c9a4811b3cb1bad1986a44d8addabc02dd6980daf7d60405b38dadc836bb1d0620ceab84e0134aca7c30f9f9490436b27acfd7052f9d7f0379b8e7116571017add46b9976f4b41431d47bae6f5f34dc42410793bc26c84bfe84fb53ae138c85":64:"f5289e1204ace3b2":"be0c30deeffbe51706247928132002b24d29272eee6b9d618483868e67280236632fa1ae06f3ef793f67bd01b1b01f70a827367c1cd28f778910457c7cbd977dfefff1f84a522247e19b2fd01fa22ce67cef9503d45c80a5084741f04108f2462b7cdd06a8f1f044fea2b05e920bcc061fbc6910175d732f45102a63c76ae48c":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3bc0dcb5261a641a08e6cb00d23e4deb":"d533ad89a1a578db330c01b4e04d08238b020e36aebe87cf2b0bf0b01f1ce4197be8b0596e475a95946918152e8b334ba89f60486c31f0bd8773ca4ff1319fe92197088b131e728d64405441c4fb5466641f0b8682e6cb371f8a8936140b16677f6def8b3dd9cbf47a73f553f1dca4320ad76f387e92f910f9434543f0df0626":"16fa19f69fceed9e97173207158755a5":"92ddd3b98f08fc8538f6106f6434a1efa0a7441cc7f6fd0841103c2e4dd181ea0c9a4811b3cb1bad1986a44d8addabc02dd6980daf7d60405b38dadc836bb1d0620ceab84e0134aca7c30f9f9490436b27acfd7052f9d7f0379b8e7116571017add46b9976f4b41431d47bae6f5f34dc42410793bc26c84bfe84fb53ae138c85":64:"f5289e1204ace3b2":"":"be0c30deeffbe51706247928132002b24d29272eee6b9d618483868e67280236632fa1ae06f3ef793f67bd01b1b01f70a827367c1cd28f778910457c7cbd977dfefff1f84a522247e19b2fd01fa22ce67cef9503d45c80a5084741f04108f2462b7cdd06a8f1f044fea2b05e920bcc061fbc6910175d732f45102a63c76ae48c":0
AES-GCM NIST Validation (AES-128,128,1024,1024,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"239c15492d6deec979e79236baca4635":"d64886ce5f5b4adb7fe8f95904bc1461749c931655b02819ffdd0ae31bad4175125aa68962f8e36ec834a7d53a191a74c937e81ec93ad9ce0d3b286d3c11ff1733c0b7780130768c120b1833933561cf07399ca49b912370ae34f0e49b9c8cb9920eddc6816ab2ae261c6d7f70058a9b83a494026f249e58c4c613eefafe6974":"916b8b5417578fa83d2e9e9b8e2e7f6b":"b39eb732bc296c555cc9f00cf4caaf37d012329f344a6b74a873baf0d8dde9631f5e57b45b957d6aec0f7978e573dd78b43d459b77756037cd64d10d49966eb3a2a08d0f4d5e4f5dcb8713f4e4756acdf9925c5fc6120c477f6dffc59b0b47a3d5efd32b8c9052b321bb9b5129e5c6a095d8de563601b34608456f58d7221f2d":32:"fc08cbbe":"95c169721ea007c3f292e4ec7562a426d9baa7d374fd82e1e48d1eaca93d891d5ffa9acf5e3bd82e713ac627141e26a8b654920baffab948401cc3c390d6eea9d7b78c4fcb080b0aa9222e4d51bf201ccfd9328995831435e065d92ad37ee41c7c4366cc1efe15c07fc0470608866aeea96997772ecf926934c5d02efe05f250":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"239c15492d6deec979e79236baca4635":"d64886ce5f5b4adb7fe8f95904bc1461749c931655b02819ffdd0ae31bad4175125aa68962f8e36ec834a7d53a191a74c937e81ec93ad9ce0d3b286d3c11ff1733c0b7780130768c120b1833933561cf07399ca49b912370ae34f0e49b9c8cb9920eddc6816ab2ae261c6d7f70058a9b83a494026f249e58c4c613eefafe6974":"916b8b5417578fa83d2e9e9b8e2e7f6b":"b39eb732bc296c555cc9f00cf4caaf37d012329f344a6b74a873baf0d8dde9631f5e57b45b957d6aec0f7978e573dd78b43d459b77756037cd64d10d49966eb3a2a08d0f4d5e4f5dcb8713f4e4756acdf9925c5fc6120c477f6dffc59b0b47a3d5efd32b8c9052b321bb9b5129e5c6a095d8de563601b34608456f58d7221f2d":32:"fc08cbbe":"":"95c169721ea007c3f292e4ec7562a426d9baa7d374fd82e1e48d1eaca93d891d5ffa9acf5e3bd82e713ac627141e26a8b654920baffab948401cc3c390d6eea9d7b78c4fcb080b0aa9222e4d51bf201ccfd9328995831435e065d92ad37ee41c7c4366cc1efe15c07fc0470608866aeea96997772ecf926934c5d02efe05f250":0
AES-GCM NIST Validation (AES-128,128,1024,1024,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"db68a96e216b0dd9945f14b878487e03":"5634196a32d4cbfa7a2f874a1e0f86287d2942090e0cc6a82bd5caf40136a27ddf524a17713ce4af04ca6cb640a7205cce4ac9cb2d0ab380d533e1e968089ea5740c0fcbfa51f2424008e0b89dc7b3396b224cfaed53b3ac0604879983d3e6e6d36053de4866f52976890f72b8f4b9505e4ebdd04c0497048c3ce19336133ea4":"8a1a72e7bb740ec37ea4619c3007f8ae":"1b4f37190a59a4fff41d348798d1829031204fd7ac2a1be7b5ea385567e95e2ace25bf9e324488dd3ab8ce7f29d4c9a4f4b1a8a97f774871ee825e2c17700128d3c55908d3b684a1f550fdb8b38149ff759c21debdd54e49d64d3e8aac803dfd81600464ed484749bb993f89d4224b3d7d55c756b454466ff9fd609019ed5e83":32:"9251d3e3":"0c6bb3ee5de5cbb4b39d85d509bcacb3dda63fa50897936531339882962e8dc54c285c8944768d12096d4a3c2b42ffa92603cee2da9b435ec52908fca6d38ed74f898fe0ffa761f96038ff7dfeccc65bb841c3457b8de1e97d9bee82e2911602ee2dc555b33a227424dea86d610d37c447776295b412b412903ad2cede5170b6":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"db68a96e216b0dd9945f14b878487e03":"5634196a32d4cbfa7a2f874a1e0f86287d2942090e0cc6a82bd5caf40136a27ddf524a17713ce4af04ca6cb640a7205cce4ac9cb2d0ab380d533e1e968089ea5740c0fcbfa51f2424008e0b89dc7b3396b224cfaed53b3ac0604879983d3e6e6d36053de4866f52976890f72b8f4b9505e4ebdd04c0497048c3ce19336133ea4":"8a1a72e7bb740ec37ea4619c3007f8ae":"1b4f37190a59a4fff41d348798d1829031204fd7ac2a1be7b5ea385567e95e2ace25bf9e324488dd3ab8ce7f29d4c9a4f4b1a8a97f774871ee825e2c17700128d3c55908d3b684a1f550fdb8b38149ff759c21debdd54e49d64d3e8aac803dfd81600464ed484749bb993f89d4224b3d7d55c756b454466ff9fd609019ed5e83":32:"9251d3e3":"":"0c6bb3ee5de5cbb4b39d85d509bcacb3dda63fa50897936531339882962e8dc54c285c8944768d12096d4a3c2b42ffa92603cee2da9b435ec52908fca6d38ed74f898fe0ffa761f96038ff7dfeccc65bb841c3457b8de1e97d9bee82e2911602ee2dc555b33a227424dea86d610d37c447776295b412b412903ad2cede5170b6":0
AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"659b9e729d12f68b73fdc2f7260ab114":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":32:"8e5a6a79":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"659b9e729d12f68b73fdc2f7260ab114":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":32:"8e5a6a79":"FAIL":"":0
AES-GCM Bad IV (AES-128,128,0,0,32) #0
depends_on:MBEDTLS_AES_C
diff --git a/tests/suites/test_suite_gcm.aes192_de.data b/tests/suites/test_suite_gcm.aes192_de.data
index 9e7bad0..34f74ac 100644
--- a/tests/suites/test_suite_gcm.aes192_de.data
+++ b/tests/suites/test_suite_gcm.aes192_de.data
@@ -1,674 +1,674 @@
AES-GCM NIST Validation (AES-192,128,0,0,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"806766a4d2b6507cc4113bc0e46eebe120eacd948c24dc7f":"":"4f801c772395c4519ec830980c8ca5a4":"":128:"8fa16452b132bebc6aa521e92cb3b0ea":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"806766a4d2b6507cc4113bc0e46eebe120eacd948c24dc7f":"":"4f801c772395c4519ec830980c8ca5a4":"":128:"8fa16452b132bebc6aa521e92cb3b0ea":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0c2abdcd2e4ae4137509761a38e6ca436b99c21b141f28f5":"":"335ca01a07081fea4e605eb5f23a778e":"":128:"d7f475dfcb92a75bc8521c12bb2e8b86":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0c2abdcd2e4ae4137509761a38e6ca436b99c21b141f28f5":"":"335ca01a07081fea4e605eb5f23a778e":"":128:"d7f475dfcb92a75bc8521c12bb2e8b86":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"eef490a0c2ecb32472e1654184340cc7433c34da981c062d":"":"d9172c3344d37ff93d2dcb2170ea5d01":"":128:"017fef05260a496654896d4703db3888":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"eef490a0c2ecb32472e1654184340cc7433c34da981c062d":"":"d9172c3344d37ff93d2dcb2170ea5d01":"":128:"017fef05260a496654896d4703db3888":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe0c3490f1f0dba23cf5c64e6e1740d06f85e0afec6772f3":"":"f47e915163fa3df7f6c15b9d69f53907":"":120:"14e1a057a2e7ffbd2208e9c25dbba1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe0c3490f1f0dba23cf5c64e6e1740d06f85e0afec6772f3":"":"f47e915163fa3df7f6c15b9d69f53907":"":120:"14e1a057a2e7ffbd2208e9c25dbba1":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4356b3b1f308df3573509945afe5268984f9d953f01096de":"":"a35b397b34a14a8e24d05a37be4d1822":"":120:"e045ecba220d22c80826b77a21b013":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4356b3b1f308df3573509945afe5268984f9d953f01096de":"":"a35b397b34a14a8e24d05a37be4d1822":"":120:"e045ecba220d22c80826b77a21b013":"":"":0
AES-GCM NIST Validation (AES-192,128,0,0,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e2898937cc575c8bb7444413884deafe8eaf326be8849e42":"":"169a449ccb3eb29805b15304d603b132":"":120:"3a807251f3d6242849a69972b14f6d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e2898937cc575c8bb7444413884deafe8eaf326be8849e42":"":"169a449ccb3eb29805b15304d603b132":"":120:"3a807251f3d6242849a69972b14f6d":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"75683c7df0442e10b5368fcd6bb481f0bff8d95aae90487e":"":"538641f7d1cc5c68715971cee607da73":"":112:"07d68fffe417adc3397706d73b95":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"75683c7df0442e10b5368fcd6bb481f0bff8d95aae90487e":"":"538641f7d1cc5c68715971cee607da73":"":112:"07d68fffe417adc3397706d73b95":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0724ee1f317997ce77bb659446fcb5a557490f40597341c7":"":"0d8eb78032d83c676820b2ef5ccc2cc8":"":112:"7da181563b26c7aefeb29e71cc69":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0724ee1f317997ce77bb659446fcb5a557490f40597341c7":"":"0d8eb78032d83c676820b2ef5ccc2cc8":"":112:"7da181563b26c7aefeb29e71cc69":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"be2f0f4ae4ab851b258ec5602628df261b6a69e309ff9043":"":"646a91d83ae72b9b9e9fce64135cbf73":"":112:"169e717e2bae42e3eb61d0a1a29b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"be2f0f4ae4ab851b258ec5602628df261b6a69e309ff9043":"":"646a91d83ae72b9b9e9fce64135cbf73":"":112:"169e717e2bae42e3eb61d0a1a29b":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"583c328daecd18c2ac5c83a0c263de194a4c73aa4700fe76":"":"55e10d5e9b438b02505d30f211b16fea":"":104:"95c0a4ea9e80f91a4acce500f7":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"583c328daecd18c2ac5c83a0c263de194a4c73aa4700fe76":"":"55e10d5e9b438b02505d30f211b16fea":"":104:"95c0a4ea9e80f91a4acce500f7":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b40857e7e6f26050f1e9a6cbe05e15a0ba07c2055634ad47":"":"e25ef162a4295d7d24de75a673172346":"":104:"89ea4d1f34edb716b322ea7f6f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b40857e7e6f26050f1e9a6cbe05e15a0ba07c2055634ad47":"":"e25ef162a4295d7d24de75a673172346":"":104:"89ea4d1f34edb716b322ea7f6f":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"627008956e31fea497fb120b438a2a043c23b1b38dc6bc10":"":"08ea464baac54469b0498419d83820e6":"":104:"ab064a8d380fe2cda38e61f9e1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"627008956e31fea497fb120b438a2a043c23b1b38dc6bc10":"":"08ea464baac54469b0498419d83820e6":"":104:"ab064a8d380fe2cda38e61f9e1":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8c386d67d7c2bfd46b8571d8685b35741e87a3ed4a46c9db":"":"766996fb67ace9e6a22d7f802455d4ef":"":96:"9a641be173dc3557ea015372":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8c386d67d7c2bfd46b8571d8685b35741e87a3ed4a46c9db":"":"766996fb67ace9e6a22d7f802455d4ef":"":96:"9a641be173dc3557ea015372":"":"":0
AES-GCM NIST Validation (AES-192,128,0,0,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"711bc5aa6b94fa3287fad0167ac1a9ef5e8e01c16a79e95a":"":"75cdb8b83017f3dc5ac8733016ab47c7":"":96:"81e3a5580234d8e0b2204bc3":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"711bc5aa6b94fa3287fad0167ac1a9ef5e8e01c16a79e95a":"":"75cdb8b83017f3dc5ac8733016ab47c7":"":96:"81e3a5580234d8e0b2204bc3":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c74620828402e0bdf3f7a5353668505dc1550a31debce59a":"":"cfbefe265583ab3a2285e8080141ba48":"":96:"355a43bcebbe7f72b6cd27ea":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c74620828402e0bdf3f7a5353668505dc1550a31debce59a":"":"cfbefe265583ab3a2285e8080141ba48":"":96:"355a43bcebbe7f72b6cd27ea":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1eb53aa548b41bfdc85c657ebdebdae0c7e525a6432bc012":"":"37ffc64d4b2d9c82dd17d1ad3076d82b":"":64:"34b8e037084b3f2d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1eb53aa548b41bfdc85c657ebdebdae0c7e525a6432bc012":"":"37ffc64d4b2d9c82dd17d1ad3076d82b":"":64:"34b8e037084b3f2d":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"50d077575f6db91024a8e564db83324539e9b7add7bb98e4":"":"118d0283294d4084127cce4b0cd5b5fa":"":64:"507a361d8ac59882":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"50d077575f6db91024a8e564db83324539e9b7add7bb98e4":"":"118d0283294d4084127cce4b0cd5b5fa":"":64:"507a361d8ac59882":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d9ddca0807305025d61919ed7893d7d5c5a3c9f012f4842f":"":"b78d518b6c41a9e031a00b10fb178327":"":64:"f401d546c8b739ff":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d9ddca0807305025d61919ed7893d7d5c5a3c9f012f4842f":"":"b78d518b6c41a9e031a00b10fb178327":"":64:"f401d546c8b739ff":"":"":0
AES-GCM NIST Validation (AES-192,128,0,0,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6ed8d8afde4dc3872cbc274d7c47b719205518496dd7951d":"":"14eb280288740d464e3b8f296c642daa":"":32:"39e64d7a":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6ed8d8afde4dc3872cbc274d7c47b719205518496dd7951d":"":"14eb280288740d464e3b8f296c642daa":"":32:"39e64d7a":"":"":0
AES-GCM NIST Validation (AES-192,128,0,0,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"80aace5ab74f261bc09ac6f66898f69e7f348f805d52404d":"":"f54bf4aac8fb631c8b6ff5e96465fae6":"":32:"1ec1c1a1":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"80aace5ab74f261bc09ac6f66898f69e7f348f805d52404d":"":"f54bf4aac8fb631c8b6ff5e96465fae6":"":32:"1ec1c1a1":"":"":0
AES-GCM NIST Validation (AES-192,128,0,0,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"23b76efd0dbc8d501885ab7d43a7dacde91edd9cde1e1048":"":"75532d15e582e6c477b411e727d4171e":"":32:"76a0e017":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"23b76efd0dbc8d501885ab7d43a7dacde91edd9cde1e1048":"":"75532d15e582e6c477b411e727d4171e":"":32:"76a0e017":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"94c50453dd3ef7f7ea763ae13fa34debb9c1198abbf32326":"":"1afe962bc46e36099165552ddb329ac6":"b2920dd9b0325a87e8edda8db560bfe287e44df79cf61edba3b2c95e34629638ecb86584f05a303603065e63323523f6ccc5b605679d1722cde5561f89d268d5f8db8e6bdffda4839c4a04982e8314da78e89f8f8ad9c0fee86332906bf78d2f20afcaabdc282008c6d09df2bfe9be2c9027bb49268b8be8936be39fa8b1ae03":128:"51e1f19a7dea5cfe9b9ca9d09096c3e7":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"94c50453dd3ef7f7ea763ae13fa34debb9c1198abbf32326":"":"1afe962bc46e36099165552ddb329ac6":"b2920dd9b0325a87e8edda8db560bfe287e44df79cf61edba3b2c95e34629638ecb86584f05a303603065e63323523f6ccc5b605679d1722cde5561f89d268d5f8db8e6bdffda4839c4a04982e8314da78e89f8f8ad9c0fee86332906bf78d2f20afcaabdc282008c6d09df2bfe9be2c9027bb49268b8be8936be39fa8b1ae03":128:"51e1f19a7dea5cfe9b9ca9d09096c3e7":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c6a98102af3d875bcdebe594661d3a6b376970c02b11d019":"":"bea8cd85a28a2c05bf7406b8eef1efcc":"f2f80e2c042092cc7240b598ab30fad055bce85408aa0f8cefaf8a7204f0e2acb87c78f46a5867b1f1c19461cbf5ed5d2ca21c96a63fb1f42f10f394952e63520795c56df77d6a04cb5ad006ee865a47dc2349a814a630b3d4c4e0fd149f51e8fa846656ea569fd29a1ebafc061446eb80ec182f833f1f6d9083545abf52fa4c":128:"04b80f25ae9d07f5fd8220263ac3f2f7":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c6a98102af3d875bcdebe594661d3a6b376970c02b11d019":"":"bea8cd85a28a2c05bf7406b8eef1efcc":"f2f80e2c042092cc7240b598ab30fad055bce85408aa0f8cefaf8a7204f0e2acb87c78f46a5867b1f1c19461cbf5ed5d2ca21c96a63fb1f42f10f394952e63520795c56df77d6a04cb5ad006ee865a47dc2349a814a630b3d4c4e0fd149f51e8fa846656ea569fd29a1ebafc061446eb80ec182f833f1f6d9083545abf52fa4c":128:"04b80f25ae9d07f5fd8220263ac3f2f7":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ec3cc45a22fdc7cc79ed658d9e9dbc138dcc7d6e795cba1a":"":"b10d9c70205e142704f9d1f74caee0f6":"714994017c169c574aaff2f8bad15f8fa6a385117f5405f74846eca873ca4a8f4876adf704f2fcaff2dfa75c17afefd08a4707292debc6d9fafda6244ca509bc52b0c6b70f09b14c0d7c667583c091d4064e241ba1f82dd43dc3ea4b8922be65faf5583f6b21ff5b22d3632eb4a426675648250e4b3e37c688d6129b954ef6a8":128:"d22407fd3ae1921d1b380461d2e60210":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ec3cc45a22fdc7cc79ed658d9e9dbc138dcc7d6e795cba1a":"":"b10d9c70205e142704f9d1f74caee0f6":"714994017c169c574aaff2f8bad15f8fa6a385117f5405f74846eca873ca4a8f4876adf704f2fcaff2dfa75c17afefd08a4707292debc6d9fafda6244ca509bc52b0c6b70f09b14c0d7c667583c091d4064e241ba1f82dd43dc3ea4b8922be65faf5583f6b21ff5b22d3632eb4a426675648250e4b3e37c688d6129b954ef6a8":128:"d22407fd3ae1921d1b380461d2e60210":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a32ebc7a2338038ced36d2b85cbc6c45cca9845a7c5aa99":"":"9afe0882e418c9af205eeb90e131d212":"61ff8a8bc22803f17e8e9f01aff865bc7d3083ff413ce392a989e46ebed5114894de906f7d36439024d8f2e69cc815ac043fff2f75169f6c9aa9761ff32d10a1353213ac756cb84bd3613f8261ef390e1d00c3a8fb82764b0cda4e0049219e87d2e92c38f78ffac242391f838a248f608bb2b56b31bbb453d1098e99d079ea1b":120:"fcbb932ddb0128df78a71971c52838":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a32ebc7a2338038ced36d2b85cbc6c45cca9845a7c5aa99":"":"9afe0882e418c9af205eeb90e131d212":"61ff8a8bc22803f17e8e9f01aff865bc7d3083ff413ce392a989e46ebed5114894de906f7d36439024d8f2e69cc815ac043fff2f75169f6c9aa9761ff32d10a1353213ac756cb84bd3613f8261ef390e1d00c3a8fb82764b0cda4e0049219e87d2e92c38f78ffac242391f838a248f608bb2b56b31bbb453d1098e99d079ea1b":120:"fcbb932ddb0128df78a71971c52838":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bf22885e7f13bcc63bb0a2ca90c20e5c86001f05edf85d8":"":"99dec21f4781284722b5074ea567c171":"9f4176dacf26e27aa0e669cd4d44bca41f83468c70b54c745a601408a214bf876941ae2ae4d26929113f5de2e7d15a7bb656541292137bf2129fdc31f06f070e3cfaf0a7b30d93d8d3c76a981d75cd0ffa0bcacb34597d5be1a055c35eefeddc07ee098603e48ad88eb7a2ec19c1aefc5c7be9a237797397aa27590d5261f67a":120:"18fd1feec5e3bbf0985312dd6100d1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bf22885e7f13bcc63bb0a2ca90c20e5c86001f05edf85d8":"":"99dec21f4781284722b5074ea567c171":"9f4176dacf26e27aa0e669cd4d44bca41f83468c70b54c745a601408a214bf876941ae2ae4d26929113f5de2e7d15a7bb656541292137bf2129fdc31f06f070e3cfaf0a7b30d93d8d3c76a981d75cd0ffa0bcacb34597d5be1a055c35eefeddc07ee098603e48ad88eb7a2ec19c1aefc5c7be9a237797397aa27590d5261f67a":120:"18fd1feec5e3bbf0985312dd6100d1":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cfd75a9d3788d965895553ab5fb7a8ff0aa383b7594850a6":"":"a6df69e5f77f4d99d5318c45c87451b2":"041aeb2fa0f7df027cd7709a992e041179d499f5dbccd389035bf7e514a38b5f8368379d2d7b5015d4fa6fadfd7c75abd2d855f5ea4220315fad2c2d435d910253bf76f252a21c57fe74f7247dac32f4276d793d30d48dd61d0e14a4b7f07a56c94d3799d04324dfb2b27a22a5077e280422d4f014f253d138e74c9ac3428a7b":120:"fd78b9956e4e4522605db410f97e84":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cfd75a9d3788d965895553ab5fb7a8ff0aa383b7594850a6":"":"a6df69e5f77f4d99d5318c45c87451b2":"041aeb2fa0f7df027cd7709a992e041179d499f5dbccd389035bf7e514a38b5f8368379d2d7b5015d4fa6fadfd7c75abd2d855f5ea4220315fad2c2d435d910253bf76f252a21c57fe74f7247dac32f4276d793d30d48dd61d0e14a4b7f07a56c94d3799d04324dfb2b27a22a5077e280422d4f014f253d138e74c9ac3428a7b":120:"fd78b9956e4e4522605db410f97e84":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0b21ae138485591c6bef7b3d5a0aa0e9762c30a50e4bba2":"":"56dc980e1cba1bc2e3b4a0733d7897ca":"a38458e5cc71f22f6f5880dc018c5777c0e6c8a1301e7d0300c02c976423c2b65f522db4a90401035346d855c892cbf27092c81b969e99cb2b6198e450a95c547bb0145652c9720aaf72a975e4cb5124b483a42f84b5cd022367802c5f167a7dfc885c1f983bb4525a88c8257df3067b6d36d2dbf6323df80c3eaeffc2d176a5":112:"b11f5c0e8cb6fea1a170c9342437":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0b21ae138485591c6bef7b3d5a0aa0e9762c30a50e4bba2":"":"56dc980e1cba1bc2e3b4a0733d7897ca":"a38458e5cc71f22f6f5880dc018c5777c0e6c8a1301e7d0300c02c976423c2b65f522db4a90401035346d855c892cbf27092c81b969e99cb2b6198e450a95c547bb0145652c9720aaf72a975e4cb5124b483a42f84b5cd022367802c5f167a7dfc885c1f983bb4525a88c8257df3067b6d36d2dbf6323df80c3eaeffc2d176a5":112:"b11f5c0e8cb6fea1a170c9342437":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8775665aba345b1c3e626128b5afa3d0da8f4d36b8cf1ca6":"":"cd17f761670e1f104f8ea4fb0cec7166":"2ee08a51ceaca1dbbb3ee09b72f57427fd34bd95da5b4c0933cbb0fc2f7270cffd3476aa05deeb892a7e6a8a3407e61f8631d1a00e47d46efb918393ee5099df7d65c12ab8c9640bfcb3a6cce00c3243d0b3f316f0822cfeae05ee67b419393cc81846b60c42aeb5c53f0ede1280dc36aa8ef59addd10668dd61557ce760c544":112:"6cdf60e62c91a6a944fa80da1854":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8775665aba345b1c3e626128b5afa3d0da8f4d36b8cf1ca6":"":"cd17f761670e1f104f8ea4fb0cec7166":"2ee08a51ceaca1dbbb3ee09b72f57427fd34bd95da5b4c0933cbb0fc2f7270cffd3476aa05deeb892a7e6a8a3407e61f8631d1a00e47d46efb918393ee5099df7d65c12ab8c9640bfcb3a6cce00c3243d0b3f316f0822cfeae05ee67b419393cc81846b60c42aeb5c53f0ede1280dc36aa8ef59addd10668dd61557ce760c544":112:"6cdf60e62c91a6a944fa80da1854":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cc9922299b47725952f06272168b728218d2443028d81597":"":"9b2f1a40717afcdbb6a95d6e335c9e4d":"bcfca8420bc7b9df0290d8c1bcf4e3e66d3a4be1c947af82dd541336e44e2c4fa7c6b456980b174948de30b694232b03f8eb990f849b5f57762886b449671e4f0b5e7a173f12910393bdf5c162163584c774ad3bba39794767a4cc45f4a582d307503960454631cdf551e528a863f2e014b1fca4955a78bd545dec831e4d71c7":112:"dd515e5a8b41ecc441443a749b31":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cc9922299b47725952f06272168b728218d2443028d81597":"":"9b2f1a40717afcdbb6a95d6e335c9e4d":"bcfca8420bc7b9df0290d8c1bcf4e3e66d3a4be1c947af82dd541336e44e2c4fa7c6b456980b174948de30b694232b03f8eb990f849b5f57762886b449671e4f0b5e7a173f12910393bdf5c162163584c774ad3bba39794767a4cc45f4a582d307503960454631cdf551e528a863f2e014b1fca4955a78bd545dec831e4d71c7":112:"dd515e5a8b41ecc441443a749b31":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a27d718f21c5cbdc52a745b931bc77bd1afa8b1231f8815":"":"59661051912fba45023aef4e6f9380a5":"2b7ce5cea81300ed23501493310f1316581ef8a50e37eaadd4bb5f527add6deb09e7dcc67652e44ac889b48726d8c0ae80e2b3a89dd34232eb1da32f7f4fcd5bf8e920d286db8604f23ab06eab3e6f99beb55fe3725107e9d67a491cdada1580717bbf64c28799c9ab67922da9194747f32fd84197070a86838d1c9ebae379b7":104:"f33e8f42b58f45a0456f83a13e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a27d718f21c5cbdc52a745b931bc77bd1afa8b1231f8815":"":"59661051912fba45023aef4e6f9380a5":"2b7ce5cea81300ed23501493310f1316581ef8a50e37eaadd4bb5f527add6deb09e7dcc67652e44ac889b48726d8c0ae80e2b3a89dd34232eb1da32f7f4fcd5bf8e920d286db8604f23ab06eab3e6f99beb55fe3725107e9d67a491cdada1580717bbf64c28799c9ab67922da9194747f32fd84197070a86838d1c9ebae379b7":104:"f33e8f42b58f45a0456f83a13e":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b83e933cf54ac58f8c7e5ed18e4ed2213059158ed9cb2c30":"":"8710af55dd79da45a4b24f6e972bc60a":"b7a428bc68696cee06f2f8b43f63b47914e29f04a4a40c0eec6193a9a24bbe012d68bea5573382dd579beeb0565b0e0334cce6724997138b198fce8325f07069d6890ac4c052e127aa6e70a6248e6536d1d3c6ac60d8cd14d9a45200f6540305f882df5fca2cac48278f94fe502b5abe2992fa2719b0ce98b7ef1b5582e0151c":104:"380128ad7f35be87a17c9590fa":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b83e933cf54ac58f8c7e5ed18e4ed2213059158ed9cb2c30":"":"8710af55dd79da45a4b24f6e972bc60a":"b7a428bc68696cee06f2f8b43f63b47914e29f04a4a40c0eec6193a9a24bbe012d68bea5573382dd579beeb0565b0e0334cce6724997138b198fce8325f07069d6890ac4c052e127aa6e70a6248e6536d1d3c6ac60d8cd14d9a45200f6540305f882df5fca2cac48278f94fe502b5abe2992fa2719b0ce98b7ef1b5582e0151c":104:"380128ad7f35be87a17c9590fa":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d2f85f92092385f15da43a086cff64c7448b4ee5a83ed72e":"":"9026dfd09e4553cd51c4c13ce70830de":"3c8de64c14df73c1b470a9d8aa693af96e487d548d03a92ce59c0baec8576129945c722586a66f03deb5029cbda029fb22d355952c3dadfdede20b63f4221f27c8e5d710e2b335c2d9a9b7ca899597a03c41ee6508e40a6d74814441ac3acb64a20f48a61e8a18f4bbcbd3e7e59bb3cd2be405afd6ac80d47ce6496c4b9b294c":104:"e9e5beea7d39c9250347a2a33d":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d2f85f92092385f15da43a086cff64c7448b4ee5a83ed72e":"":"9026dfd09e4553cd51c4c13ce70830de":"3c8de64c14df73c1b470a9d8aa693af96e487d548d03a92ce59c0baec8576129945c722586a66f03deb5029cbda029fb22d355952c3dadfdede20b63f4221f27c8e5d710e2b335c2d9a9b7ca899597a03c41ee6508e40a6d74814441ac3acb64a20f48a61e8a18f4bbcbd3e7e59bb3cd2be405afd6ac80d47ce6496c4b9b294c":104:"e9e5beea7d39c9250347a2a33d":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"de7df44ce007c99f7baad6a6955195f14e60999ed9818707":"":"4d209e414965fe99636c1c6493bba3a3":"da3bc6bdd414a1e07e00981cf9199371192a1fb2eaae20f7091e5fe5368e26d61b981f7f1d29f1a9085ad2789d101155a980de98d961c093941502268adb70537ad9783e6c7d5157c939f59b8ad474c3d7fc1fcc91165cdf8dd9d6ec70d6400086d564b68ebead0d03ebd3aa66ded555692b8de0baf43bc0ddef42e3a9eb34ab":96:"24483a57c20826a709b7d10a":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"de7df44ce007c99f7baad6a6955195f14e60999ed9818707":"":"4d209e414965fe99636c1c6493bba3a3":"da3bc6bdd414a1e07e00981cf9199371192a1fb2eaae20f7091e5fe5368e26d61b981f7f1d29f1a9085ad2789d101155a980de98d961c093941502268adb70537ad9783e6c7d5157c939f59b8ad474c3d7fc1fcc91165cdf8dd9d6ec70d6400086d564b68ebead0d03ebd3aa66ded555692b8de0baf43bc0ddef42e3a9eb34ab":96:"24483a57c20826a709b7d10a":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1dfa5ff20046c775b5e768c2bd9775066ae766345b7befc3":"":"2d49409b869b8b9fc5b67767979ca8cd":"e35d34478b228bc903ea2423697e603cc077967d7cfb062e95bc11d89fbe0a1f1d4569f89b2a7047300c1f5131d91564ec9bce014d18ba605a1c1e4e15e3e5c18413b8b59cbb25ab8f088885225de1235c16c7d9a8d06a23cb0b38fd1d5c6c19617fe08fd6bf01c965ed593149a1c6295435e98463e4f03a511d1a7e82c11f01":96:"23012503febbf26dc2d872dc":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1dfa5ff20046c775b5e768c2bd9775066ae766345b7befc3":"":"2d49409b869b8b9fc5b67767979ca8cd":"e35d34478b228bc903ea2423697e603cc077967d7cfb062e95bc11d89fbe0a1f1d4569f89b2a7047300c1f5131d91564ec9bce014d18ba605a1c1e4e15e3e5c18413b8b59cbb25ab8f088885225de1235c16c7d9a8d06a23cb0b38fd1d5c6c19617fe08fd6bf01c965ed593149a1c6295435e98463e4f03a511d1a7e82c11f01":96:"23012503febbf26dc2d872dc":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2df3ee3a6484c48fdd0d37bab443228c7d873c984529dfb4":"":"dc6aeb41415c115d66443fbd7acdfc8f":"eafc6007fafb461d3b151bdff459e56dd09b7b48b93ea730c85e5424f762b4a9080de44497a7c56dd7855628ffc61c7b4faeb7d6f413d464fe5ec6401f3028427ae3e62db3ff39cd0f5333a664d3505ff42caa8899b96a92ec01934d4b59556feb9055e8dfb81f55e60135345bfce3e4199bfcdb3ce42523e7d24be2a04cdb67":96:"e8e80bf6e5c4a55e7964f455":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2df3ee3a6484c48fdd0d37bab443228c7d873c984529dfb4":"":"dc6aeb41415c115d66443fbd7acdfc8f":"eafc6007fafb461d3b151bdff459e56dd09b7b48b93ea730c85e5424f762b4a9080de44497a7c56dd7855628ffc61c7b4faeb7d6f413d464fe5ec6401f3028427ae3e62db3ff39cd0f5333a664d3505ff42caa8899b96a92ec01934d4b59556feb9055e8dfb81f55e60135345bfce3e4199bfcdb3ce42523e7d24be2a04cdb67":96:"e8e80bf6e5c4a55e7964f455":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ce0787f65e6c24a1c444c35dcd38195197530aa20f1f6f3b":"":"55300431b1eaac0375681d7821e1eb7a":"84a699a34a1e597061ef95e8ec3c21b592e9236ddb98c68d7e05f1e709937b48ec34a4b88d99708d133a2cc33f5cf6819d5e7b82888e49faa5d54147d36c9e486630aa68fef88d55537119db1d57df0402f56e219f7ece7b4bb5f996dbe1c664a75174c880a00b0f2a56e35d17b69c550921961505afabf4bfd66cf04dc596d1":64:"74264163131d16ac":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ce0787f65e6c24a1c444c35dcd38195197530aa20f1f6f3b":"":"55300431b1eaac0375681d7821e1eb7a":"84a699a34a1e597061ef95e8ec3c21b592e9236ddb98c68d7e05f1e709937b48ec34a4b88d99708d133a2cc33f5cf6819d5e7b82888e49faa5d54147d36c9e486630aa68fef88d55537119db1d57df0402f56e219f7ece7b4bb5f996dbe1c664a75174c880a00b0f2a56e35d17b69c550921961505afabf4bfd66cf04dc596d1":64:"74264163131d16ac":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3a15541b5857a668dc9899b2e198d2416e83bac13282ca46":"":"89bf8ab0cea6f59616eeb9b314d7c333":"4d2843f34f9ea13a1ac521479457005178bcf8b2ebeaeb09097ea4471da9f6cc60a532bcda1c18cab822af541de3b87de606999e994ace3951f58a02de0d6620c9ae04549326da449a3e90364a17b90b6b17debc0f454bb0e7e98aef56a1caccf8c91614d1616db30fc8223dbcd8e77bf55d8253efe034fd66f7191e0303c52f":64:"8f4877806daff10e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3a15541b5857a668dc9899b2e198d2416e83bac13282ca46":"":"89bf8ab0cea6f59616eeb9b314d7c333":"4d2843f34f9ea13a1ac521479457005178bcf8b2ebeaeb09097ea4471da9f6cc60a532bcda1c18cab822af541de3b87de606999e994ace3951f58a02de0d6620c9ae04549326da449a3e90364a17b90b6b17debc0f454bb0e7e98aef56a1caccf8c91614d1616db30fc8223dbcd8e77bf55d8253efe034fd66f7191e0303c52f":64:"8f4877806daff10e":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b61cdfd19c136ee2acbe09b7993a4683a713427518f8e559":"":"4066118061c904ed1e866d4f31d11234":"153c075ecdd184fd8a0fca25cae8f720201361ef84f3c638b148ca32c51d091a0e394236d0b51c1d2ee601914120c56dfea1289af470dbc9ef462ec5f974e455e6a83e215a2c8e27c0c5b5b45b662b7f58635a29866e8f76ab41ee628c12a24ab4d5f7954665c3e4a3a346739f20393fc5700ec79d2e3c2722c3fb3c77305337":64:"4eff7227b42f9a7d":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b61cdfd19c136ee2acbe09b7993a4683a713427518f8e559":"":"4066118061c904ed1e866d4f31d11234":"153c075ecdd184fd8a0fca25cae8f720201361ef84f3c638b148ca32c51d091a0e394236d0b51c1d2ee601914120c56dfea1289af470dbc9ef462ec5f974e455e6a83e215a2c8e27c0c5b5b45b662b7f58635a29866e8f76ab41ee628c12a24ab4d5f7954665c3e4a3a346739f20393fc5700ec79d2e3c2722c3fb3c77305337":64:"4eff7227b42f9a7d":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ce175a7df7e429fcc233540e6b8524323e91f40f592ba144":"":"c34484b4857b93e309df8e1a0e1ec9a3":"ce8d8775f047b543a6cc0d9ef9bc0db5ac5d610dc3ff6e12e0ad7cd3a399ebb762331e3c1101a189b3433a7ff4cd880a0639d2581b71e398dd982f55a11bf0f4e6ee95bacd897e8ec34649e1c256ee6ccecb33e36c76927cc5124bc2962713ad44cbd435ae3c1143796d3037fa1d659e5dad7ebf3c8cbdb5b619113d7ce8c483":32:"ff355f10":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ce175a7df7e429fcc233540e6b8524323e91f40f592ba144":"":"c34484b4857b93e309df8e1a0e1ec9a3":"ce8d8775f047b543a6cc0d9ef9bc0db5ac5d610dc3ff6e12e0ad7cd3a399ebb762331e3c1101a189b3433a7ff4cd880a0639d2581b71e398dd982f55a11bf0f4e6ee95bacd897e8ec34649e1c256ee6ccecb33e36c76927cc5124bc2962713ad44cbd435ae3c1143796d3037fa1d659e5dad7ebf3c8cbdb5b619113d7ce8c483":32:"ff355f10":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5f659ed236ba60494e9bf1ee2cb40edcf3f25a2bac2e5bc5":"":"ad49f12f202320255406c2f40e55b034":"6da62892f436dfe9790e72d26f4858ca156d1d655c9cc4336fcf282b0f3f0b201e47f799c3019109af89ef5fd48a4811980930e82cd95f86b1995d977c847bbb06ecdcc98b1aae100b23c9c2f0dcf317a1fb36f14e90e396e6c0c594bcc0dc5f3ebf86ce7ecd4b06d1c43202734d53f55751a6e6bbda982104102af240def4eb":32:"cb4d8c1d":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5f659ed236ba60494e9bf1ee2cb40edcf3f25a2bac2e5bc5":"":"ad49f12f202320255406c2f40e55b034":"6da62892f436dfe9790e72d26f4858ca156d1d655c9cc4336fcf282b0f3f0b201e47f799c3019109af89ef5fd48a4811980930e82cd95f86b1995d977c847bbb06ecdcc98b1aae100b23c9c2f0dcf317a1fb36f14e90e396e6c0c594bcc0dc5f3ebf86ce7ecd4b06d1c43202734d53f55751a6e6bbda982104102af240def4eb":32:"cb4d8c1d":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a73f318b1e298ba4ac0ab2aed74f73543b1017cccbd1b240":"":"abe33b7e8d88bd30deb96d1e90c4e951":"6de616b000047b14b6759015183dd753c61499c0e665d06a89e4fb0cd0dd3064ff8651582e901ef5d0cdf3344c29c70c3aabc2aaf83cb3f284c6fe4104906d389b027e7d9ca60d010f06ef8cd9e55db2483d06552ddbe3fc43b24c55085cd998eae3edec36673445bf626e933c15b6af08ea21cbace4720b0b68fe1a374877d5":32:"4a28ec97":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a73f318b1e298ba4ac0ab2aed74f73543b1017cccbd1b240":"":"abe33b7e8d88bd30deb96d1e90c4e951":"6de616b000047b14b6759015183dd753c61499c0e665d06a89e4fb0cd0dd3064ff8651582e901ef5d0cdf3344c29c70c3aabc2aaf83cb3f284c6fe4104906d389b027e7d9ca60d010f06ef8cd9e55db2483d06552ddbe3fc43b24c55085cd998eae3edec36673445bf626e933c15b6af08ea21cbace4720b0b68fe1a374877d5":32:"4a28ec97":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"73d5be74615bc5b627eedfb95746fb5f17cbf25b500a597f":"fc40993eb8559e6b127315c03103ce31b70fc0e07a766d9eecf2e4e8d973faa4afd3053c9ebef0282c9e3d2289d21b6c339748273fa1edf6d6ef5c8f1e1e9301b250297092d9ac4f4843125ea7299d5370f7f49c258eac2a58cc9df14c162604ba0801728994dc82cb625981130c3ca8cdb3391658d4e034691e62ece0a6e407":"eb16ed8de81efde2915a901f557fba95":"":128:"804056dca9f102c4a13a930c81d77eca":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"73d5be74615bc5b627eedfb95746fb5f17cbf25b500a597f":"fc40993eb8559e6b127315c03103ce31b70fc0e07a766d9eecf2e4e8d973faa4afd3053c9ebef0282c9e3d2289d21b6c339748273fa1edf6d6ef5c8f1e1e9301b250297092d9ac4f4843125ea7299d5370f7f49c258eac2a58cc9df14c162604ba0801728994dc82cb625981130c3ca8cdb3391658d4e034691e62ece0a6e407":"eb16ed8de81efde2915a901f557fba95":"":128:"804056dca9f102c4a13a930c81d77eca":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a249135c9f2f5a8b1af66442a4d4e101771a918ef8acee05":"c62b39b937edbdc9b644321d5d284e62eaa4154010c7a3208c1ef4706fba90223da04b2f686a28b975eff17386598ba77e212855692f384782c1f3c00be011e466e145f6f8b65c458e41409e01a019b290773992e19334ffaca544e28fc9044a5e86bcd2fa5ad2e76f2be3f014d8c387456a8fcfded3ae4d1194d0e3e53a2031":"80b6e48fe4a3b08d40c1636b25dfd2c4":"":128:"951c1c89b6d95661630d739dd9120a73":"b865f8dd64a6f51a500bcfc8cadbc9e9f5d54d2d27d815ecfe3d5731e1b230c587b46958c6187e41b52ff187a14d26aa41c5f9909a3b77859429232e5bd6c6dc22cf5590402476d033a32682e8ab8dc7ed0b089c5ab20ab9a8c5d6a3be9ea7aa56c9d3ab08de4a4a019abb447db448062f16a533d416951a8ff6f13ed5608f77":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a249135c9f2f5a8b1af66442a4d4e101771a918ef8acee05":"c62b39b937edbdc9b644321d5d284e62eaa4154010c7a3208c1ef4706fba90223da04b2f686a28b975eff17386598ba77e212855692f384782c1f3c00be011e466e145f6f8b65c458e41409e01a019b290773992e19334ffaca544e28fc9044a5e86bcd2fa5ad2e76f2be3f014d8c387456a8fcfded3ae4d1194d0e3e53a2031":"80b6e48fe4a3b08d40c1636b25dfd2c4":"":128:"951c1c89b6d95661630d739dd9120a73":"":"b865f8dd64a6f51a500bcfc8cadbc9e9f5d54d2d27d815ecfe3d5731e1b230c587b46958c6187e41b52ff187a14d26aa41c5f9909a3b77859429232e5bd6c6dc22cf5590402476d033a32682e8ab8dc7ed0b089c5ab20ab9a8c5d6a3be9ea7aa56c9d3ab08de4a4a019abb447db448062f16a533d416951a8ff6f13ed5608f77":0
AES-GCM NIST Validation (AES-192,128,1024,0,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fa832a4b37dcb3c0879a771bb8ae734f0d88b9be497797a8":"0f1105f9ec24121232b60b6ef3c3e8ca9eec1a3d7625004b857d1d77f292b6ec065d92f5bb97e0dc2fdfdf823a5db275109a9472690caea04730e4bd732c33548718e9f7658bbf3e30b8d07790cd540c5754486ed8e4d6920cefaeb1c182c4d67ebed0d205ba0bd9441a599d55e45094b380f3478bcfca9646a0d7aa18d08e52":"70835abab9f945c84ef4e97cdcf2a694":"":128:"a459be0b349f6e8392c2a86edd8a9da5":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fa832a4b37dcb3c0879a771bb8ae734f0d88b9be497797a8":"0f1105f9ec24121232b60b6ef3c3e8ca9eec1a3d7625004b857d1d77f292b6ec065d92f5bb97e0dc2fdfdf823a5db275109a9472690caea04730e4bd732c33548718e9f7658bbf3e30b8d07790cd540c5754486ed8e4d6920cefaeb1c182c4d67ebed0d205ba0bd9441a599d55e45094b380f3478bcfca9646a0d7aa18d08e52":"70835abab9f945c84ef4e97cdcf2a694":"":128:"a459be0b349f6e8392c2a86edd8a9da5":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dda216287910d1f5c0a312f63c243612388bc510cb76c5ba":"d6617d583344d4fe472099d2a688297857215a3e31b47d1bf355ccfe9cf2398a3eba362c670c88f8c7162903275dfd4761d095900bd97eba72200d4045d72bd239bda156829c36b38b1ff5e4230125e5695f623e129829721e889da235bb7d4b9da07cce8c3ceb96964fd2f9dd1ff0997e1a3e253a688ceb1bfec76a7c567266":"7f770140df5b8678bc9c4b962b8c9034":"":120:"9823e3242b3f890c6a456f1837e039":"b4910277224025f58a5d0f37385b03fcd488dfef7580eb5c270c10bd7a6f6d9c7ddc2d1368d68d4e04f90e3df029ed028432a09f710be1610b2a75bd05f31bae83920573929573affd0eb03c63e0cec7a027deab792f43ee6307fd3c5078d43d5b1407ac023824d41c9437d66eeec172488f28d700aa4b54931aad7cd458456f":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dda216287910d1f5c0a312f63c243612388bc510cb76c5ba":"d6617d583344d4fe472099d2a688297857215a3e31b47d1bf355ccfe9cf2398a3eba362c670c88f8c7162903275dfd4761d095900bd97eba72200d4045d72bd239bda156829c36b38b1ff5e4230125e5695f623e129829721e889da235bb7d4b9da07cce8c3ceb96964fd2f9dd1ff0997e1a3e253a688ceb1bfec76a7c567266":"7f770140df5b8678bc9c4b962b8c9034":"":120:"9823e3242b3f890c6a456f1837e039":"":"b4910277224025f58a5d0f37385b03fcd488dfef7580eb5c270c10bd7a6f6d9c7ddc2d1368d68d4e04f90e3df029ed028432a09f710be1610b2a75bd05f31bae83920573929573affd0eb03c63e0cec7a027deab792f43ee6307fd3c5078d43d5b1407ac023824d41c9437d66eeec172488f28d700aa4b54931aad7cd458456f":0
AES-GCM NIST Validation (AES-192,128,1024,0,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c5afa1e61d4594b1c2fa637f64f18dd557e4df3255b47f24":"5c772cdf19571cd51d71fc166d33a0b892fbca4eae36ab0ac94e6164d51acb2d4e60d4f3a19c3757a93960e7fd90b9a6cdf98bdf259b370ed6c7ef8cb96dba7e3a875e6e7fe6abc76aabad30c8743b3e47c8de5d604c748eeb16806c2e75180a96af7741904eca61769d39e943eb4c4c25f2afd68e9472043de2bb03e9edae20":"151fd3ba32f5bde72adce6291bcf63ea":"":120:"f0626cc07f2ed1a7570386a4110fc1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c5afa1e61d4594b1c2fa637f64f18dd557e4df3255b47f24":"5c772cdf19571cd51d71fc166d33a0b892fbca4eae36ab0ac94e6164d51acb2d4e60d4f3a19c3757a93960e7fd90b9a6cdf98bdf259b370ed6c7ef8cb96dba7e3a875e6e7fe6abc76aabad30c8743b3e47c8de5d604c748eeb16806c2e75180a96af7741904eca61769d39e943eb4c4c25f2afd68e9472043de2bb03e9edae20":"151fd3ba32f5bde72adce6291bcf63ea":"":120:"f0626cc07f2ed1a7570386a4110fc1":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"febd4ff0fedd9f16bccb62380d59cd41b8eff1834347d8fa":"dc971c8f65ece2ea4130afd4db38fc657c085ea19c76fef50f5bd0f8dd364cc22471c2fa36be8cde78529f58a78888e9de10961760a01af005e42fc5b03e6f64962e6b18eaedea979d33d1b06e2038b1aad8993e5b20cae6cc93f3f7cf2ad658fbba633d74f21a2003dded5f5dda3b46ed7424845c11bab439fbb987f0be09f8":"743699d3759781e82a3d21c7cd7991c8":"":120:"1da347f9b6341049e63140395ad445":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"febd4ff0fedd9f16bccb62380d59cd41b8eff1834347d8fa":"dc971c8f65ece2ea4130afd4db38fc657c085ea19c76fef50f5bd0f8dd364cc22471c2fa36be8cde78529f58a78888e9de10961760a01af005e42fc5b03e6f64962e6b18eaedea979d33d1b06e2038b1aad8993e5b20cae6cc93f3f7cf2ad658fbba633d74f21a2003dded5f5dda3b46ed7424845c11bab439fbb987f0be09f8":"743699d3759781e82a3d21c7cd7991c8":"":120:"1da347f9b6341049e63140395ad445":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d280d079110c1c826cc77f490d807dd8d508eb579a160c49":"a286d19610a990d64f3accd329fc005d468465a98cfa2f3606c6d0fbeb9732879bad3ca8094322a334a43155baed02d8e13a2fbf259d80066c6f418a1a74b23e0f6238f505b2b3dc906ffcb4910ce6c878b595bb4e5f8f3e2ede912b38dbafdf4659a93b056a1a67cb0ec1dbf00d93223f3b20b3f64a157105c5445b61628abf":"85b241d516b94759c9ef975f557bccea":"":112:"bbf289df539f78c3a912b141da3a":"b9286ab91645c20de040a805020fed53c612d493a8ce9c71649ae16bd50eab6fb7f3a9180e1651d5413aa542608d7ecbf9fc7378c0bef4d439bc35434b6cf803976b8783aecc83a91e95cea72c2a26a883b710252e0c2a6baa115739a0692c85f6d34ff06234fbdc79b8c4a8ea0a7056fb48c18f73aaf5084868abb0dfaa287d":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d280d079110c1c826cc77f490d807dd8d508eb579a160c49":"a286d19610a990d64f3accd329fc005d468465a98cfa2f3606c6d0fbeb9732879bad3ca8094322a334a43155baed02d8e13a2fbf259d80066c6f418a1a74b23e0f6238f505b2b3dc906ffcb4910ce6c878b595bb4e5f8f3e2ede912b38dbafdf4659a93b056a1a67cb0ec1dbf00d93223f3b20b3f64a157105c5445b61628abf":"85b241d516b94759c9ef975f557bccea":"":112:"bbf289df539f78c3a912b141da3a":"":"b9286ab91645c20de040a805020fed53c612d493a8ce9c71649ae16bd50eab6fb7f3a9180e1651d5413aa542608d7ecbf9fc7378c0bef4d439bc35434b6cf803976b8783aecc83a91e95cea72c2a26a883b710252e0c2a6baa115739a0692c85f6d34ff06234fbdc79b8c4a8ea0a7056fb48c18f73aaf5084868abb0dfaa287d":0
AES-GCM NIST Validation (AES-192,128,1024,0,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5e80f87fa2156c62df7be2ad16c4890de5ee5868a684fcf9":"c829073efd5c5150d2b7e2cdaeff979830d1aa983c747724ade6472c647a6e8e5033046e0359ea62fc26b4c95bccb3ac416fdf54e95815c35bf86d3fdd7856abbb618fe8fcd35a9295114926a0c9df92317d44ba1885a0c67c10b9ba24b8b2f3a464308c5578932247bf9c79d939aa3576376d2d6b4f14a378ab775531fe8abf":"9769f71c76b5b6c60462a845d2c123ad":"":112:"394b6c631a69be3ed8c90770f3d4":"f886bd92ca9d73a52e626b0c63a3daa138faaacf7809086d04f5c0c899362aa22e25d8659653b59c3103668461d9785bb425c6c1026ad9c924271cec9f27a9b341f708ca86f1d82a77aae88b25da9061b78b97276f3216720352629bd1a27ebf890da6f42d8c63d68342a93c382442d49dd4b62219504785cee89dffdc36f868":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5e80f87fa2156c62df7be2ad16c4890de5ee5868a684fcf9":"c829073efd5c5150d2b7e2cdaeff979830d1aa983c747724ade6472c647a6e8e5033046e0359ea62fc26b4c95bccb3ac416fdf54e95815c35bf86d3fdd7856abbb618fe8fcd35a9295114926a0c9df92317d44ba1885a0c67c10b9ba24b8b2f3a464308c5578932247bf9c79d939aa3576376d2d6b4f14a378ab775531fe8abf":"9769f71c76b5b6c60462a845d2c123ad":"":112:"394b6c631a69be3ed8c90770f3d4":"":"f886bd92ca9d73a52e626b0c63a3daa138faaacf7809086d04f5c0c899362aa22e25d8659653b59c3103668461d9785bb425c6c1026ad9c924271cec9f27a9b341f708ca86f1d82a77aae88b25da9061b78b97276f3216720352629bd1a27ebf890da6f42d8c63d68342a93c382442d49dd4b62219504785cee89dffdc36f868":0
AES-GCM NIST Validation (AES-192,128,1024,0,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d8a7b99e53f5e5b197364d4516cace4b928de50e571315e3":"d0db0ac5e14bf03729125f3137d4854b4d8ce2d264f8646da17402bdad7034c0d84d7a80f107eb202aeadbfdf063904ae9793c6ae91ee8bcc0fc0674d8111f6aea6607633f92e4be3cfbb64418101db8b0a9225c83e60ffcf7a7f71f77149a13f8c5227cd92855241e11ee363062a893a76ac282fb47b523b306cd8235cd81c2":"4b12c6701534098e23e1b4659f684d6f":"":112:"729b31c65d8699c93d741caac8e3":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d8a7b99e53f5e5b197364d4516cace4b928de50e571315e3":"d0db0ac5e14bf03729125f3137d4854b4d8ce2d264f8646da17402bdad7034c0d84d7a80f107eb202aeadbfdf063904ae9793c6ae91ee8bcc0fc0674d8111f6aea6607633f92e4be3cfbb64418101db8b0a9225c83e60ffcf7a7f71f77149a13f8c5227cd92855241e11ee363062a893a76ac282fb47b523b306cd8235cd81c2":"4b12c6701534098e23e1b4659f684d6f":"":112:"729b31c65d8699c93d741caac8e3":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c874b427b7181b0c90b887147c36f242827149324fd5c945":"bdd90190d587a564af022f06c8bd1a68735b6f18f04113fdcec24c6027aaf0271b183336fb713d247a173d9e095dae6e9badb0ab069712302875406f14320151fd43b90a3d6f35cc856636b1a6f98afc797cb5259567e2e9b7ce62d7b3370b5ee852722faf740edf815b3af460cdd7de90ca6ab6cd173844216c064b16ea3696":"4b8dda046a5b7c46abeeca2f2f9bcaf8":"":104:"fe1e427bcb15ce026413a0da87":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c874b427b7181b0c90b887147c36f242827149324fd5c945":"bdd90190d587a564af022f06c8bd1a68735b6f18f04113fdcec24c6027aaf0271b183336fb713d247a173d9e095dae6e9badb0ab069712302875406f14320151fd43b90a3d6f35cc856636b1a6f98afc797cb5259567e2e9b7ce62d7b3370b5ee852722faf740edf815b3af460cdd7de90ca6ab6cd173844216c064b16ea3696":"4b8dda046a5b7c46abeeca2f2f9bcaf8":"":104:"fe1e427bcb15ce026413a0da87":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"56543cd6e2ebb1e3dc136a826bfc37eddb12f7a26430a1b4":"d541dd3acec2da042e6ea26fb90ff9a3861191926423b6dc99c5110b3bf150b362017159d0b85ffea397106a0d8299ec22791cb06103cd44036eed0d6d9f953724fb003068b3c3d97da129c28d97f09e6300cbea06ba66f410ca61c3311ce334c55f077c37acb3b7129c481748f79c958bc3bbeb2d3ff445ad361ed4bbc79f0a":"927ce8a596ed28c85d9cb8e688a829e6":"":104:"3a98f471112a8a646460e8efd0":"a602d61e7a35cbe0e463119bb66fd4bb6c75d1fe0b211b9d6a0a6e9e84b0794282318f0d33ec053f2cfba1623e865681affeaf29f3da3113995e87d51a5ab4872bb05b5be8ef2b14dfc3df5a48cbc9b10853a708ee4886a7390e8e4d286740a0dd41c025c8d72eda3f73f3cec5c33d5e50b643afd7691213cccccc2c41b9bd7a":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"56543cd6e2ebb1e3dc136a826bfc37eddb12f7a26430a1b4":"d541dd3acec2da042e6ea26fb90ff9a3861191926423b6dc99c5110b3bf150b362017159d0b85ffea397106a0d8299ec22791cb06103cd44036eed0d6d9f953724fb003068b3c3d97da129c28d97f09e6300cbea06ba66f410ca61c3311ce334c55f077c37acb3b7129c481748f79c958bc3bbeb2d3ff445ad361ed4bbc79f0a":"927ce8a596ed28c85d9cb8e688a829e6":"":104:"3a98f471112a8a646460e8efd0":"":"a602d61e7a35cbe0e463119bb66fd4bb6c75d1fe0b211b9d6a0a6e9e84b0794282318f0d33ec053f2cfba1623e865681affeaf29f3da3113995e87d51a5ab4872bb05b5be8ef2b14dfc3df5a48cbc9b10853a708ee4886a7390e8e4d286740a0dd41c025c8d72eda3f73f3cec5c33d5e50b643afd7691213cccccc2c41b9bd7a":0
AES-GCM NIST Validation (AES-192,128,1024,0,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"caaf81cd380f3af7885ef0d6196a1688c9372c5850dc5b0b":"6f269929b92c6281e00672eaec183f187b2ddecc11c9045319521d245b595ab154dd50f045a660c4d53ae07d1b7a7fd6b21da10976eb5ffcddda08c1e9075a3b4d785faa003b4dd243f379e0654740b466704d9173bc43292ae0e279a903a955ce33b299bf2842b3461f7c9a2bd311f3e87254b5413d372ec543d6efa237b95a":"508c55f1726896f5b9f0a7024fe2fad0":"":104:"3b8026268caf599ee677ecfd70":"c4a96fb08d7c2eebd17046172b98569bc2441929fc0d6876aa1f389b80c05e2ede74dc6f8c3896a2ccf518e1b375ee75e4967f7cca21fa81ee176f8fb8753381ce03b2df873897131adc62a0cbebf718c8e0bb8eeed3104535f17a9c706d178d95a1b232e9dac31f2d1bdb3a1b098f3056f0e3d18be36bd746675779c0f80a10":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"caaf81cd380f3af7885ef0d6196a1688c9372c5850dc5b0b":"6f269929b92c6281e00672eaec183f187b2ddecc11c9045319521d245b595ab154dd50f045a660c4d53ae07d1b7a7fd6b21da10976eb5ffcddda08c1e9075a3b4d785faa003b4dd243f379e0654740b466704d9173bc43292ae0e279a903a955ce33b299bf2842b3461f7c9a2bd311f3e87254b5413d372ec543d6efa237b95a":"508c55f1726896f5b9f0a7024fe2fad0":"":104:"3b8026268caf599ee677ecfd70":"":"c4a96fb08d7c2eebd17046172b98569bc2441929fc0d6876aa1f389b80c05e2ede74dc6f8c3896a2ccf518e1b375ee75e4967f7cca21fa81ee176f8fb8753381ce03b2df873897131adc62a0cbebf718c8e0bb8eeed3104535f17a9c706d178d95a1b232e9dac31f2d1bdb3a1b098f3056f0e3d18be36bd746675779c0f80a10":0
AES-GCM NIST Validation (AES-192,128,1024,0,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2fc9d9ac8469cfc718add2b03a4d8c8dcc2eeca08e5ff7bc":"bc84d8a962a9cfd179d242788473d980d177abd0af9edccb14c6dc41535439a1768978158eeed99466574ea820dbedea68c819ffd9f9915ca8392c2e03049d7198baeca1d3491fe2345e64c1012aff03985b86c831ad516d4f5eb538109fff25383c7b0fa6b940ae19b0987d8c3e4a37ccbbd2034633c1eb0df1e9ddf3a8239e":"b2a7c0d52fc60bacc3d1a94f33087095":"":96:"0a7a36ec128d0deb60869893":"fc3cd6486dfe944f7cb035787573a554f4fe010c15bd08d6b09f73066f6f272ff84474f3845337b6e429c947d419c511c2945ffb181492c5465940cef85077e8a6a272a07e310a2f3808f11be03d96162913c613d9c3f25c3893c2bd2a58a619a9757fd16cc20c1308f2140557330379f07dbfd8979b26b075977805f1885acc":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2fc9d9ac8469cfc718add2b03a4d8c8dcc2eeca08e5ff7bc":"bc84d8a962a9cfd179d242788473d980d177abd0af9edccb14c6dc41535439a1768978158eeed99466574ea820dbedea68c819ffd9f9915ca8392c2e03049d7198baeca1d3491fe2345e64c1012aff03985b86c831ad516d4f5eb538109fff25383c7b0fa6b940ae19b0987d8c3e4a37ccbbd2034633c1eb0df1e9ddf3a8239e":"b2a7c0d52fc60bacc3d1a94f33087095":"":96:"0a7a36ec128d0deb60869893":"":"fc3cd6486dfe944f7cb035787573a554f4fe010c15bd08d6b09f73066f6f272ff84474f3845337b6e429c947d419c511c2945ffb181492c5465940cef85077e8a6a272a07e310a2f3808f11be03d96162913c613d9c3f25c3893c2bd2a58a619a9757fd16cc20c1308f2140557330379f07dbfd8979b26b075977805f1885acc":0
AES-GCM NIST Validation (AES-192,128,1024,0,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"81ff729efa4a9aa2eccc37c5f846235b53d3b93c79c709c8":"3992ad29eeb97d17bd5c0f04d8589903ee23ccb2b1adc2992a48a2eb62c2644c0df53b4afe4ace60dc5ec249c0c083473ebac3323539a575c14fa74c8381d1ac90cb501240f96d1779b287f7d8ba8775281d453aae37c803185f2711d21f5c00eb45cad37587ed196d1633f1eb0b33abef337447d03ec09c0e3f7fd32e8c69f0":"1bd17f04d1dc2e447b41665952ad9031":"":96:"01b0a815dc6da3e32851e1fb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"81ff729efa4a9aa2eccc37c5f846235b53d3b93c79c709c8":"3992ad29eeb97d17bd5c0f04d8589903ee23ccb2b1adc2992a48a2eb62c2644c0df53b4afe4ace60dc5ec249c0c083473ebac3323539a575c14fa74c8381d1ac90cb501240f96d1779b287f7d8ba8775281d453aae37c803185f2711d21f5c00eb45cad37587ed196d1633f1eb0b33abef337447d03ec09c0e3f7fd32e8c69f0":"1bd17f04d1dc2e447b41665952ad9031":"":96:"01b0a815dc6da3e32851e1fb":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"068500e8d4f8d4af9035cdaa8e005a648352e8f28bdafc8a":"98e32428d9d21c4b60e690a2ce1cf70bee90df31302d1819b7d27fd577dd990f7ffe6ba5ef117caac718cc1880b4ca98f72db281c9609e189307302dc2866f20be3a545a565521368a6881e2642cba63b3cf4c8b5e5a8eabeb3e8b004618b8f77667c111e5402c5d7c66afd297c575ce5092e898d5831031d225cee668c186a1":"5ea9198b860679759357befdbb106b62":"":96:"d58752f66b2cb9bb2bc388eb":"2ef3a17fcdb154f60d5e80263b7301a8526d2de451ea49adb441aa2541986b868dab24027178f48759dbe874ae7aa7b27fb19461c6678a0ba84bbcd8567ba2412a55179e15e7c1a1392730ac392b59c51d48f8366d45b933880095800e1f36ff1ac00753f6363b0e854f494552f1f2efe028d969e6b1a8080149dd853aa6751e":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"068500e8d4f8d4af9035cdaa8e005a648352e8f28bdafc8a":"98e32428d9d21c4b60e690a2ce1cf70bee90df31302d1819b7d27fd577dd990f7ffe6ba5ef117caac718cc1880b4ca98f72db281c9609e189307302dc2866f20be3a545a565521368a6881e2642cba63b3cf4c8b5e5a8eabeb3e8b004618b8f77667c111e5402c5d7c66afd297c575ce5092e898d5831031d225cee668c186a1":"5ea9198b860679759357befdbb106b62":"":96:"d58752f66b2cb9bb2bc388eb":"":"2ef3a17fcdb154f60d5e80263b7301a8526d2de451ea49adb441aa2541986b868dab24027178f48759dbe874ae7aa7b27fb19461c6678a0ba84bbcd8567ba2412a55179e15e7c1a1392730ac392b59c51d48f8366d45b933880095800e1f36ff1ac00753f6363b0e854f494552f1f2efe028d969e6b1a8080149dd853aa6751e":0
AES-GCM NIST Validation (AES-192,128,1024,0,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7474d9b07739001b25baf6867254994e06e54c578508232f":"1cbab2b6e4274caa80987072914f667b887198f7aaf4574608b91b5274f5afc3eb05a457554ff5d346d460f92c068bc626fd301d0bb15cb3726504b3d88ecd46a15077728ddc2b698a2e8c5ea5885fc534ac227b8f103d193f1977badf4f853a0931398da01f8019a9b1ff271b3a783ff0fae6f54db425af6e3a345ba7512cbf":"3ade6c92fe2dc575c136e3fbbba5c484":"":64:"67c25240b8e39b63":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7474d9b07739001b25baf6867254994e06e54c578508232f":"1cbab2b6e4274caa80987072914f667b887198f7aaf4574608b91b5274f5afc3eb05a457554ff5d346d460f92c068bc626fd301d0bb15cb3726504b3d88ecd46a15077728ddc2b698a2e8c5ea5885fc534ac227b8f103d193f1977badf4f853a0931398da01f8019a9b1ff271b3a783ff0fae6f54db425af6e3a345ba7512cbf":"3ade6c92fe2dc575c136e3fbbba5c484":"":64:"67c25240b8e39b63":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d50d4c7d442d8a92d0489a96e897d50dda6fbe47ca7713ee":"b36b4caf1d47b0d10652824bd57b603ec1c16f4720ce7d43edde8af1b9737f61b68b882566e04da50136f27d9af4c4c57fff4c8465c8a85f0aeadc17e02709cc9ba818d9a272709e5fb65dd5612a5c5d700da399b3668a00041a51c23de616ea3f72093d85ecbfd9dd0b5d02b541fb605dcffe81e9f45a5c0c191cc0b92ac56d":"41b37c04ab8a80f5a8d9d82a3a444772":"":64:"4ee54d280829e6ef":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d50d4c7d442d8a92d0489a96e897d50dda6fbe47ca7713ee":"b36b4caf1d47b0d10652824bd57b603ec1c16f4720ce7d43edde8af1b9737f61b68b882566e04da50136f27d9af4c4c57fff4c8465c8a85f0aeadc17e02709cc9ba818d9a272709e5fb65dd5612a5c5d700da399b3668a00041a51c23de616ea3f72093d85ecbfd9dd0b5d02b541fb605dcffe81e9f45a5c0c191cc0b92ac56d":"41b37c04ab8a80f5a8d9d82a3a444772":"":64:"4ee54d280829e6ef":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"38f3ec3ec775dac76ae484d5b6ca61c695c7beafba4606ca":"49726b8cefc842a02f2d7bef099871f38257cc8ea096c9ac50baced6d940acb4e8baf932bec379a973a2c3a3bc49f60f7e9eef45eafdd15bda1dd1557f068e81226af503934eb96564d14c03f0f351974c8a54fb104fb07417fe79272e4b0c0072b9f89b770326562e4e1b14cad784a2cd1b4ae1dc43623ec451a1cae55f6f84":"9af53cf6891a749ab286f5c34238088a":"":64:"6f6f344dd43b0d20":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"38f3ec3ec775dac76ae484d5b6ca61c695c7beafba4606ca":"49726b8cefc842a02f2d7bef099871f38257cc8ea096c9ac50baced6d940acb4e8baf932bec379a973a2c3a3bc49f60f7e9eef45eafdd15bda1dd1557f068e81226af503934eb96564d14c03f0f351974c8a54fb104fb07417fe79272e4b0c0072b9f89b770326562e4e1b14cad784a2cd1b4ae1dc43623ec451a1cae55f6f84":"9af53cf6891a749ab286f5c34238088a":"":64:"6f6f344dd43b0d20":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6db4ef061513ef6690d57aef50d8011e0dd7eb4432d82374":"b7f9206995bc97311855ee832e2b40c41ab2d1a40d9263683c95b14dcc51c74d2de7b6198f9d4766c659e7619fe2693a5b188fac464ccbd5e632c5fd248cedba4028a92de12ed91415077e94cfe7a60f117052dea8916dfe0a51d92c1c03927e93012dbacd29bbbc50ce537a8173348ca904ac86df55940e9394c2895a9fe563":"623df5a0922d1e8c883debb2e0e5e0b1":"":32:"14f690d7":"a6414daa9be693e7ebb32480a783c54292e57feef4abbb3636bebbc3074bfc608ad55896fe9bd5ab875e52a43f715b98f52c07fc9fa6194ea0cd8ed78404f251639069c5a313ccfc6b94fb1657153ff48f16f6e22b3c4a0b7f88e188c90176447fe27fa7ddc2bac3d2b7edecad5f7605093ac4280b38ae6a4c040d2d4d491b42":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6db4ef061513ef6690d57aef50d8011e0dd7eb4432d82374":"b7f9206995bc97311855ee832e2b40c41ab2d1a40d9263683c95b14dcc51c74d2de7b6198f9d4766c659e7619fe2693a5b188fac464ccbd5e632c5fd248cedba4028a92de12ed91415077e94cfe7a60f117052dea8916dfe0a51d92c1c03927e93012dbacd29bbbc50ce537a8173348ca904ac86df55940e9394c2895a9fe563":"623df5a0922d1e8c883debb2e0e5e0b1":"":32:"14f690d7":"":"a6414daa9be693e7ebb32480a783c54292e57feef4abbb3636bebbc3074bfc608ad55896fe9bd5ab875e52a43f715b98f52c07fc9fa6194ea0cd8ed78404f251639069c5a313ccfc6b94fb1657153ff48f16f6e22b3c4a0b7f88e188c90176447fe27fa7ddc2bac3d2b7edecad5f7605093ac4280b38ae6a4c040d2d4d491b42":0
AES-GCM NIST Validation (AES-192,128,1024,0,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8901bec4d3c64071d8c30c720c093221e05efed71da280bf":"7c447e700db7367260dffa42050e612eff062eb0c8a6b4fe34858800bcb8ec2f622cb5213767b5771433783e9b0fa617c9ffb7fde09845dafc16dfc0df61215c0ca1191eabf43293db6603d5285859de7ef3329f5e71201586fb0188f0840ed5b877043ca06039768c77ff8687c5cfc2fd013a0b8da48344c568fce6b39e2b19":"9265abe966cb83838d7fd9302938f49d":"":32:"6f6c38bc":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8901bec4d3c64071d8c30c720c093221e05efed71da280bf":"7c447e700db7367260dffa42050e612eff062eb0c8a6b4fe34858800bcb8ec2f622cb5213767b5771433783e9b0fa617c9ffb7fde09845dafc16dfc0df61215c0ca1191eabf43293db6603d5285859de7ef3329f5e71201586fb0188f0840ed5b877043ca06039768c77ff8687c5cfc2fd013a0b8da48344c568fce6b39e2b19":"9265abe966cb83838d7fd9302938f49d":"":32:"6f6c38bc":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c57eb763f886154d3846cc333fc8ae8b3c7c9c3705f9872":"9fe7d210221773ba4a163850bab290ba9b7bf5e825760ac940c290a1b40cd6dd5b9fb6385ae1a79d35ee7b355b34275857d5b847bef4ac7a58f6f0e9de68687807009f5dc26244935d7bcafc7aed18316ce6c375192d2a7bf0bee8a632fe4f412440292e39339b94b28281622842f88048be4640486f2b21a119658c294ce32e":"9b3781165e7ff113ecd1d83d1df2366d":"":32:"62f32d4e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c57eb763f886154d3846cc333fc8ae8b3c7c9c3705f9872":"9fe7d210221773ba4a163850bab290ba9b7bf5e825760ac940c290a1b40cd6dd5b9fb6385ae1a79d35ee7b355b34275857d5b847bef4ac7a58f6f0e9de68687807009f5dc26244935d7bcafc7aed18316ce6c375192d2a7bf0bee8a632fe4f412440292e39339b94b28281622842f88048be4640486f2b21a119658c294ce32e":"9b3781165e7ff113ecd1d83d1df2366d":"":32:"62f32d4e":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"307d31a594e54f673bea2f977835670aca4f3d45c9c376cc":"d7385a7bd0cb76e1e242fa547c474370bcc7cc7cf3e3fa37b00fe08a56383ca31d023d8c493f6d42e482b0f32e4f244dd100ea08eee6535e5bb8d27f76dbb7eead6ba8e031ccd0eaeb649edee92aeaf0f027d59efd4e39b1f34b15ceb8b592ee0f171b1773b308c0e747790b0e6ace90fc661caa5f942bdc197067f28fbe87d1":"0bdaa353c4904d32432926f27534c73c":"aa39f04559ccc2cae3d563dda831fb238b2582cb2c2bb28cff20cc20200724c8771b9805ef7464b8fc06c7b8060c6920fd2779fbc807c2292c8c1f88f8088755609a1732ff8c0b06606452b970c79997b985889404fd907c4668a0bcc11ba617175f4525523494a244da60b238468c863055f04db20ea489adf545d56c0a71d8":128:"2ddda790aae2ca427f5fb032c29673e6":"0b92262759897f4bd5624a891187eba6040d79322a2a5a60fb75c6c6a5badd117abe40c6d963931bbc72dca1a1bf1f5388030fe323b3b24bd408334b95908177fb59af57c5cc6b31825bc7097eec7fec19f9cdb41c0264fd22f71893bcf881c1510feb8057e64880f1ea2df8dc60bb300fd06b0a582f7be534e522caadc4a2c7":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"307d31a594e54f673bea2f977835670aca4f3d45c9c376cc":"d7385a7bd0cb76e1e242fa547c474370bcc7cc7cf3e3fa37b00fe08a56383ca31d023d8c493f6d42e482b0f32e4f244dd100ea08eee6535e5bb8d27f76dbb7eead6ba8e031ccd0eaeb649edee92aeaf0f027d59efd4e39b1f34b15ceb8b592ee0f171b1773b308c0e747790b0e6ace90fc661caa5f942bdc197067f28fbe87d1":"0bdaa353c4904d32432926f27534c73c":"aa39f04559ccc2cae3d563dda831fb238b2582cb2c2bb28cff20cc20200724c8771b9805ef7464b8fc06c7b8060c6920fd2779fbc807c2292c8c1f88f8088755609a1732ff8c0b06606452b970c79997b985889404fd907c4668a0bcc11ba617175f4525523494a244da60b238468c863055f04db20ea489adf545d56c0a71d8":128:"2ddda790aae2ca427f5fb032c29673e6":"":"0b92262759897f4bd5624a891187eba6040d79322a2a5a60fb75c6c6a5badd117abe40c6d963931bbc72dca1a1bf1f5388030fe323b3b24bd408334b95908177fb59af57c5cc6b31825bc7097eec7fec19f9cdb41c0264fd22f71893bcf881c1510feb8057e64880f1ea2df8dc60bb300fd06b0a582f7be534e522caadc4a2c7":0
AES-GCM NIST Validation (AES-192,128,1024,1024,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"23c201968def551817f20e49b09dbb5aae0033305bef68a0":"77bc8af42d1b64ee39012df5fc33c554af32bfef6d9182804dcfe370dfc4b9d059bdbc55f6ba4eacb8e3a491d96a65360d790864ba60acf1a605f6b28a6591513ea3cfd768ff47aee242a8e9bdfac399b452231bfd59d81c9b91f8dc589ad751d8f9fdad01dd00631f0cb51cb0248332f24194b577e5571ceb5c037a6d0bcfe8":"bd2952d215aed5e915d863e7f7696b3e":"23f35fac583897519b94998084ad6d77666e13595109e874625bc6ccc6d0c7816a62d64b02e670fa664e3bb52c276b1bafbeb44e5f9cc3ae028daf1d787344482f31fce5d2800020732b381a8b11c6837f428204b7ed2f4c4810067f2d4da99987b66e6525fc6b9217a8f6933f1681b7cfa857e102f616a7c84adc2f676e3a8f":128:"bb9ba3a9ac7d63e67bd78d71dc3133b3":"17d93c921009c6b0b3ecf243d08b701422983f2dcaec9c8d7604a2d5565ed96ce5cddcb183cd5882f8d61d3202c9015d207fed16a4c1195ba712428c727601135315fc504e80c253c3a2e4a5593fc6c4a206edce1fd7104e8a888385bbb396d3cdf1eb2b2aa4d0c9e45451e99550d9cfa05aafe6e7b5319c73c33fd6f98db3c5":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"23c201968def551817f20e49b09dbb5aae0033305bef68a0":"77bc8af42d1b64ee39012df5fc33c554af32bfef6d9182804dcfe370dfc4b9d059bdbc55f6ba4eacb8e3a491d96a65360d790864ba60acf1a605f6b28a6591513ea3cfd768ff47aee242a8e9bdfac399b452231bfd59d81c9b91f8dc589ad751d8f9fdad01dd00631f0cb51cb0248332f24194b577e5571ceb5c037a6d0bcfe8":"bd2952d215aed5e915d863e7f7696b3e":"23f35fac583897519b94998084ad6d77666e13595109e874625bc6ccc6d0c7816a62d64b02e670fa664e3bb52c276b1bafbeb44e5f9cc3ae028daf1d787344482f31fce5d2800020732b381a8b11c6837f428204b7ed2f4c4810067f2d4da99987b66e6525fc6b9217a8f6933f1681b7cfa857e102f616a7c84adc2f676e3a8f":128:"bb9ba3a9ac7d63e67bd78d71dc3133b3":"":"17d93c921009c6b0b3ecf243d08b701422983f2dcaec9c8d7604a2d5565ed96ce5cddcb183cd5882f8d61d3202c9015d207fed16a4c1195ba712428c727601135315fc504e80c253c3a2e4a5593fc6c4a206edce1fd7104e8a888385bbb396d3cdf1eb2b2aa4d0c9e45451e99550d9cfa05aafe6e7b5319c73c33fd6f98db3c5":0
AES-GCM NIST Validation (AES-192,128,1024,1024,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6baec0669add30acb8f678ce477a2b171f89d1f41935c491":"5712b84c4c97d75f84edd50561bc1d3f1ba451cc3b358b2403b5e528290954348cf7a235b4dc11a72ddbc503191204e98a9744d85419508c8ca76438c13305f716f1e239a6d9f6423c27217a0057aa75f6d7e2fb356e7194f271459ab5482589ea311b33e3d3845952ff4067dd2b9bcc2e8f83630b0a219e904040abd643d839":"b1472f92f552ca0d62496b8fa622c569":"5ae64edf11b4dbc7294d3d01bc9faf310dc08a92b28e664e0a7525f938d32ef033033f1de8931f39a58df0eabc8784423f0a6355efcff008cae62c1d8e5b7baefd360a5a2aa1b7068522faf8e437e6419be305ada05715bf21d73bd227531fea4bc31a6ce1662aec49f1961ee28e33ae00eb20013fd84b51cfe0d5adbdaff592":128:"29a2d607b2d2d9c96d093000b401a94f":"beb687f062ae7f5159d07609dd58d7b81c478d180bc0b4c07ae799626ff1da2be2e0d78b2a2a1f563257f161491a5ac500cd719da6379e30d0f6d0a7a33203381e058f487fc60989923afbee76e703c03abc73bb01bd262ff6f0ac931f771e9b4f2980e7d8c0a9e939fa6e1094796894f2c78f453e4abe64cb285016435ef0e8":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6baec0669add30acb8f678ce477a2b171f89d1f41935c491":"5712b84c4c97d75f84edd50561bc1d3f1ba451cc3b358b2403b5e528290954348cf7a235b4dc11a72ddbc503191204e98a9744d85419508c8ca76438c13305f716f1e239a6d9f6423c27217a0057aa75f6d7e2fb356e7194f271459ab5482589ea311b33e3d3845952ff4067dd2b9bcc2e8f83630b0a219e904040abd643d839":"b1472f92f552ca0d62496b8fa622c569":"5ae64edf11b4dbc7294d3d01bc9faf310dc08a92b28e664e0a7525f938d32ef033033f1de8931f39a58df0eabc8784423f0a6355efcff008cae62c1d8e5b7baefd360a5a2aa1b7068522faf8e437e6419be305ada05715bf21d73bd227531fea4bc31a6ce1662aec49f1961ee28e33ae00eb20013fd84b51cfe0d5adbdaff592":128:"29a2d607b2d2d9c96d093000b401a94f":"":"beb687f062ae7f5159d07609dd58d7b81c478d180bc0b4c07ae799626ff1da2be2e0d78b2a2a1f563257f161491a5ac500cd719da6379e30d0f6d0a7a33203381e058f487fc60989923afbee76e703c03abc73bb01bd262ff6f0ac931f771e9b4f2980e7d8c0a9e939fa6e1094796894f2c78f453e4abe64cb285016435ef0e8":0
AES-GCM NIST Validation (AES-192,128,1024,1024,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b882a2df81fdb9275fb05d120f32417e8ffedd07457e938":"0aae7213da279b34d6dcf2a691b2d0333112ea22de0c3c68d47cf9f9f4ed8ad4e03d4a60ec18c3a04ac9c2abb73e1023051029b5e8705bb69c4c50afc84deb0379db5077be1f663652f8bd8958271af2c1ac4a87e08cb526bab8a030652f2a29af8055d0f31e35475caee27f84c156ef8642e5bfef89192f5bde3c54279ffe06":"5c064d3418b89388fb21c61d8c74d2c5":"5bfa7113d34e00f34713cf07c386d055e889bb42d7f6c8631ffce5668e98cb19bed8820b90ecb2b35df7134f975700347e5514287cfef7ffa2b0ff48b1de0769b03dca6610995d67cb80052cb2e5914eb4ed43ef5861f4b9364314fde6ad2b82fbba7fd849dfa6e46ecc12edc8cabfff28d9bd23c2bcc8ab3661c9ba4d5fee06":120:"0943abb85adee47741540900cc833f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b882a2df81fdb9275fb05d120f32417e8ffedd07457e938":"0aae7213da279b34d6dcf2a691b2d0333112ea22de0c3c68d47cf9f9f4ed8ad4e03d4a60ec18c3a04ac9c2abb73e1023051029b5e8705bb69c4c50afc84deb0379db5077be1f663652f8bd8958271af2c1ac4a87e08cb526bab8a030652f2a29af8055d0f31e35475caee27f84c156ef8642e5bfef89192f5bde3c54279ffe06":"5c064d3418b89388fb21c61d8c74d2c5":"5bfa7113d34e00f34713cf07c386d055e889bb42d7f6c8631ffce5668e98cb19bed8820b90ecb2b35df7134f975700347e5514287cfef7ffa2b0ff48b1de0769b03dca6610995d67cb80052cb2e5914eb4ed43ef5861f4b9364314fde6ad2b82fbba7fd849dfa6e46ecc12edc8cabfff28d9bd23c2bcc8ab3661c9ba4d5fee06":120:"0943abb85adee47741540900cc833f":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"51d94d21482c00bb5bc7e7e03aa017ba58f5a23494b72c2a":"3a9c69c1ed2340bfde1495658dbf4f54731a19b3922a1d535df8d0b2582f5e803b5891e8ad1aa256c923956dcda2430d0c0696bce63295fb61183e040566e459338f908d23ae51f64020c1ef3d192428f23312b285fc4111d50d1add58f4a49008a22c90d3365230e9158cd56f9d84f079bdd673555d4dc76c74b02fa9920e7d":"fb21cd763e6f25540f8ad455deaccdf0":"019d1db5569eeff83306f65d653b01064854c1be8446cd2516336667c6557e7844fc349adea64a12dc19ac7e8e40b0520a48fac64571a93d669045607085ac9fa78fed99bbf644908d7763fe5f7f503947a9fe8661b7c6aef8da101acca0aed758ca1580eeb2f26ae3bf2de06ce8827a91a694179991a993cdf814efbcc61ca5":120:"a93bd682b57e1d1bf4af97e93b8927":"7093f44703f2cbb3d12d9872b07a8cd44deb62dae48bc573b11a1ee1c9f3105223423fac3181c312a8a61757a432d92719f486c21e311b840aa63cf530710c873df27fecda0956075923f1ecc39bffb862706f48bde2de15612930fc8630d2036e9e4cfc1c69779171bd23d9e1d5de50a9e0a0de4bd82ed3efc45299980bb4cc":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"51d94d21482c00bb5bc7e7e03aa017ba58f5a23494b72c2a":"3a9c69c1ed2340bfde1495658dbf4f54731a19b3922a1d535df8d0b2582f5e803b5891e8ad1aa256c923956dcda2430d0c0696bce63295fb61183e040566e459338f908d23ae51f64020c1ef3d192428f23312b285fc4111d50d1add58f4a49008a22c90d3365230e9158cd56f9d84f079bdd673555d4dc76c74b02fa9920e7d":"fb21cd763e6f25540f8ad455deaccdf0":"019d1db5569eeff83306f65d653b01064854c1be8446cd2516336667c6557e7844fc349adea64a12dc19ac7e8e40b0520a48fac64571a93d669045607085ac9fa78fed99bbf644908d7763fe5f7f503947a9fe8661b7c6aef8da101acca0aed758ca1580eeb2f26ae3bf2de06ce8827a91a694179991a993cdf814efbcc61ca5":120:"a93bd682b57e1d1bf4af97e93b8927":"":"7093f44703f2cbb3d12d9872b07a8cd44deb62dae48bc573b11a1ee1c9f3105223423fac3181c312a8a61757a432d92719f486c21e311b840aa63cf530710c873df27fecda0956075923f1ecc39bffb862706f48bde2de15612930fc8630d2036e9e4cfc1c69779171bd23d9e1d5de50a9e0a0de4bd82ed3efc45299980bb4cc":0
AES-GCM NIST Validation (AES-192,128,1024,1024,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e6756470937f5d9af76f2abe6df2d0bc15ff8e39b5154071":"afae92bd56c426c095d76633701aa9bea5ce05490482c6c64ac24468c3e1af6e6030a6bb6649745b011c6729bde985b9242e22105322fbb8853dcabbd00165d0b07d7b499e0238b6513bf6351eb40635a798f7e6e2d31125dda45ffe8964596fdbff55df22d4e9025bd4f39e7c9b90e74b3ee58d6901f113900ee47a4df5afd7":"4500193711a5d817a9f48deafda39772":"92fa22dba0eee6b1de1ddd24713b1be44c7105df90e6e7a54dcbf19025e560eb4986ee080cf613898a1a69d5ab460a3b8aa2723a95ac4a4af48224b011b55fb7582ae18f6746591eab2bd33d82a8dbbae3f7877e28afef9857a623530b31d8198b2df43f903d6e48ddae0848741f9eaae7b5504c67ad13791818f3c55c9b3d1e":120:"7d9f97c97c3424c79966f5b45af090":"62258d60f0138c0405df4b2ec1e308b374603a9eace45932fdc2999e9e2261de8b1099473d1fc741c46c334023aa5d9359f7ef966240aaf7e310d874b5956fd180fb1124cbeb91cf86020c78a1a0335f5f029bd34677dd2d5076482f3b3e85808f54998f4bac8b8fa968febceec3458fb882fc0530271f144fb3e2ab8c1a6289":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e6756470937f5d9af76f2abe6df2d0bc15ff8e39b5154071":"afae92bd56c426c095d76633701aa9bea5ce05490482c6c64ac24468c3e1af6e6030a6bb6649745b011c6729bde985b9242e22105322fbb8853dcabbd00165d0b07d7b499e0238b6513bf6351eb40635a798f7e6e2d31125dda45ffe8964596fdbff55df22d4e9025bd4f39e7c9b90e74b3ee58d6901f113900ee47a4df5afd7":"4500193711a5d817a9f48deafda39772":"92fa22dba0eee6b1de1ddd24713b1be44c7105df90e6e7a54dcbf19025e560eb4986ee080cf613898a1a69d5ab460a3b8aa2723a95ac4a4af48224b011b55fb7582ae18f6746591eab2bd33d82a8dbbae3f7877e28afef9857a623530b31d8198b2df43f903d6e48ddae0848741f9eaae7b5504c67ad13791818f3c55c9b3d1e":120:"7d9f97c97c3424c79966f5b45af090":"":"62258d60f0138c0405df4b2ec1e308b374603a9eace45932fdc2999e9e2261de8b1099473d1fc741c46c334023aa5d9359f7ef966240aaf7e310d874b5956fd180fb1124cbeb91cf86020c78a1a0335f5f029bd34677dd2d5076482f3b3e85808f54998f4bac8b8fa968febceec3458fb882fc0530271f144fb3e2ab8c1a6289":0
AES-GCM NIST Validation (AES-192,128,1024,1024,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30db73d46b518669c45b81bc67b93bed3d0864f7e9e8e789":"750bc1d2f91d786bb1e621192a376f552538ba8c07d50d9e10b9345f31b3e5f9d8ad7c719c03d8548a3b184b741cd06c49d7fb6fe80258d60c01c2987c337c823211cee7c1cf82077266889bc7767475e0eeabb2ef6b5a1de2089aaef77565d40a1c2c470a880c911e77a186eacca173b25970574f05c0bdcd5428b39b52af7f":"5069e2d2f82b36de8c2eb171f301135d":"ef781dce556b84188adee2b6e1d64dac2751dd8592abc6c72af7b998dfae40cbe692a4cae0b4aa2c95910e270600550fca1e83640c64efb1eb0e0a90a6fc475ae1db863a64ce9cc272f00abac8a63d48dd9f1c0a5f4586224befed05be4afae5bd92249833d565cc6b65fd8955cb8a7d7bd9f4b6a229e3881212871a52c15d1c":112:"a5100c5e9a16aedf0e1bd8604335":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30db73d46b518669c45b81bc67b93bed3d0864f7e9e8e789":"750bc1d2f91d786bb1e621192a376f552538ba8c07d50d9e10b9345f31b3e5f9d8ad7c719c03d8548a3b184b741cd06c49d7fb6fe80258d60c01c2987c337c823211cee7c1cf82077266889bc7767475e0eeabb2ef6b5a1de2089aaef77565d40a1c2c470a880c911e77a186eacca173b25970574f05c0bdcd5428b39b52af7f":"5069e2d2f82b36de8c2eb171f301135d":"ef781dce556b84188adee2b6e1d64dac2751dd8592abc6c72af7b998dfae40cbe692a4cae0b4aa2c95910e270600550fca1e83640c64efb1eb0e0a90a6fc475ae1db863a64ce9cc272f00abac8a63d48dd9f1c0a5f4586224befed05be4afae5bd92249833d565cc6b65fd8955cb8a7d7bd9f4b6a229e3881212871a52c15d1c":112:"a5100c5e9a16aedf0e1bd8604335":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"209f0478f1a62cb54c551181cbd4d24b796e95f3a06b6cb9":"66db7cc97b4a8266c0a2228e8028e38d8986e79fcbcc3caff3050fdd2de87b7ff7a6895b988b0bdb7fcc4d6e2d538dcfaad43ce2f98b6d32500f5a6e6183d84cb19157a699cdde1266d6d75a251ee1a2eb97bfe6405d50be2b17a58ba6eafaee0a023a28d568fd1c914f06041a49c79b9df9efe63d56883cbbbeaba809273d2e":"7be1768f6ffb31599eb6def7d1daa41c":"9cb49357536ebe087e1475a5387907a9e51ad1550697f13c6cc04384ec8a67dea13376bdd5e26b815c84a78f921b506b9e2086de50f849185f05ba7c3041e49e42c0673df856da109a78b8e0ce918c25836f7e781e6b16168e4e5976d27ebc83f20b7bf4beadecb9b4f17a7a0d3a3db27fc65288a754b5031a2f5a1394801e6e":112:"4d2ac05bfd4b59b15a6f70ea7cd0":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"209f0478f1a62cb54c551181cbd4d24b796e95f3a06b6cb9":"66db7cc97b4a8266c0a2228e8028e38d8986e79fcbcc3caff3050fdd2de87b7ff7a6895b988b0bdb7fcc4d6e2d538dcfaad43ce2f98b6d32500f5a6e6183d84cb19157a699cdde1266d6d75a251ee1a2eb97bfe6405d50be2b17a58ba6eafaee0a023a28d568fd1c914f06041a49c79b9df9efe63d56883cbbbeaba809273d2e":"7be1768f6ffb31599eb6def7d1daa41c":"9cb49357536ebe087e1475a5387907a9e51ad1550697f13c6cc04384ec8a67dea13376bdd5e26b815c84a78f921b506b9e2086de50f849185f05ba7c3041e49e42c0673df856da109a78b8e0ce918c25836f7e781e6b16168e4e5976d27ebc83f20b7bf4beadecb9b4f17a7a0d3a3db27fc65288a754b5031a2f5a1394801e6e":112:"4d2ac05bfd4b59b15a6f70ea7cd0":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1bfa30b315e7b908263330140fa2d66ed57104784a43cc70":"8eeee9865e23fa51dbbf197fa41776b7edbdb9381a22c935299cd959a46190788ae82f4e645b0362df89bfc00241964784bc7ef70f6f97e81687d52e552a33af20ae34a3005e0a7b85d094368d707c3c4cd3ef31c0daf3ccaa1676609ed199327f4139d0c120977e6babceed28896d2cb3129630f3ee135572dc39433057e26a":"b7081a3010b524218390ba6dd460a1ec":"8c1f42b5931d69ae351fcde7d2b4136d4898a4fa8ba62d55cef721dadf19beaabf9d1900bdf2e58ee568b808684eecbf7aa3c890f65c54b967b94484be082193b2d8393007389abaa9debbb49d727a2ac16b4dab2c8f276840e9c65a47974d9b04f2e63adf38b6aad763f0d7cdb2c3d58691adde6e51e0a85093a4c4944f5bf2":112:"4da85b8ec861dd8be54787bb83f1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1bfa30b315e7b908263330140fa2d66ed57104784a43cc70":"8eeee9865e23fa51dbbf197fa41776b7edbdb9381a22c935299cd959a46190788ae82f4e645b0362df89bfc00241964784bc7ef70f6f97e81687d52e552a33af20ae34a3005e0a7b85d094368d707c3c4cd3ef31c0daf3ccaa1676609ed199327f4139d0c120977e6babceed28896d2cb3129630f3ee135572dc39433057e26a":"b7081a3010b524218390ba6dd460a1ec":"8c1f42b5931d69ae351fcde7d2b4136d4898a4fa8ba62d55cef721dadf19beaabf9d1900bdf2e58ee568b808684eecbf7aa3c890f65c54b967b94484be082193b2d8393007389abaa9debbb49d727a2ac16b4dab2c8f276840e9c65a47974d9b04f2e63adf38b6aad763f0d7cdb2c3d58691adde6e51e0a85093a4c4944f5bf2":112:"4da85b8ec861dd8be54787bb83f1":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fc47156a693e59a1dea0618c41441fe669fc65dcfb7d0726":"3e4f0a586bad532a08c8863ebba01fd25014baa907e6032ee43d4a7dfc7c3171916dcdf9faee0531f27527872ae4e127b6b9aaee93f5e74d0ab23f3874aa0e291564bc97f17085dd7d5eb9a85d9f44574e5952929eda08863b64c85dd395c91b01fe5bef66e3fa8f9ee5bf62c25d80dc84fbe002ecfd218430b26f3549f734a1":"ea1935ed014883cc427983d7962d9992":"0d85b8513becfe8c91d0f6ffb65ec31f2cf406c51c0da88893c43d1327fd8ad1f4bab2d7b5e27438d643397034a72f8666bf641b6781bc90f764db387eae6720b5723d510194570ccd773e1b3bebfc333cc099d078583e8dac60d174d332925a24a45110c8d2abe8924ea677ac74db66ea789e2838efc96c78bceaa6236c0a67":104:"8781b045a509c4239b9f44624e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fc47156a693e59a1dea0618c41441fe669fc65dcfb7d0726":"3e4f0a586bad532a08c8863ebba01fd25014baa907e6032ee43d4a7dfc7c3171916dcdf9faee0531f27527872ae4e127b6b9aaee93f5e74d0ab23f3874aa0e291564bc97f17085dd7d5eb9a85d9f44574e5952929eda08863b64c85dd395c91b01fe5bef66e3fa8f9ee5bf62c25d80dc84fbe002ecfd218430b26f3549f734a1":"ea1935ed014883cc427983d7962d9992":"0d85b8513becfe8c91d0f6ffb65ec31f2cf406c51c0da88893c43d1327fd8ad1f4bab2d7b5e27438d643397034a72f8666bf641b6781bc90f764db387eae6720b5723d510194570ccd773e1b3bebfc333cc099d078583e8dac60d174d332925a24a45110c8d2abe8924ea677ac74db66ea789e2838efc96c78bceaa6236c0a67":104:"8781b045a509c4239b9f44624e":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5fcd780a03ba80341081ef96b440c0e4348afde4d60c1d5":"6316f3beb32f6f3bf8f2ff6a2c160b432bafd3036d3eefa1e4ec204f24892e37dc4d75c7ce9a24b5c49fb4df901f35ef9d5955f7dc289c56cb74753f4d6b2982267d5269d12237e21202a65061849c65e90e6702dda03a35ace3a3a098d16b4bfbb85b7232404baee37776a9b51af6b3059a5f170f4ebe4ecf11061ca3c1f1f3":"ad20cce056e74ec5d0a76d6280998f15":"28f8fcf23b9c1ba40c19ffc1092632e35f234c1e8b82bcd5309d37bf849a2ce401413d1f242cf255ed597f9a93a1d6e50676997f95aa612e580d88234a86ddc404292746f0b2f5cf15abebcea6659f998ec6a1cb5a9914fee5aa1aa5d04b3c20914e45095e4141ce9c173653dd91c3ebe4ed4a9a28f3915d7b2edba34c2a58d8":104:"2ad4520ddc3b907414d934cc1d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5fcd780a03ba80341081ef96b440c0e4348afde4d60c1d5":"6316f3beb32f6f3bf8f2ff6a2c160b432bafd3036d3eefa1e4ec204f24892e37dc4d75c7ce9a24b5c49fb4df901f35ef9d5955f7dc289c56cb74753f4d6b2982267d5269d12237e21202a65061849c65e90e6702dda03a35ace3a3a098d16b4bfbb85b7232404baee37776a9b51af6b3059a5f170f4ebe4ecf11061ca3c1f1f3":"ad20cce056e74ec5d0a76d6280998f15":"28f8fcf23b9c1ba40c19ffc1092632e35f234c1e8b82bcd5309d37bf849a2ce401413d1f242cf255ed597f9a93a1d6e50676997f95aa612e580d88234a86ddc404292746f0b2f5cf15abebcea6659f998ec6a1cb5a9914fee5aa1aa5d04b3c20914e45095e4141ce9c173653dd91c3ebe4ed4a9a28f3915d7b2edba34c2a58d8":104:"2ad4520ddc3b907414d934cc1d":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4382507dddccf1385fc831da8924147563416d0656e168ec":"e5c5430b960aa35dc8540215c2772d66811270859e33dd4477904759e7e5eb2986a52a4ccc9f592e614147b5ea2ead6636a15c6426336b2995d9a31ab36d76578c3540bc6693842a4bc0491c7963ee9cda2317951cf93244bd30bcdfec69a4767004636fe7d1be7300c35e80627bab9236a075a803e9e1080b9159060c643a78":"a37687c9cd4bdc1ead4e6b8f78bee7f5":"fa9ae30509cbb6fe104c21480ae7b8ec9f12f1afb17320d77b77cdf32ce8c5a3f7f927e501118c7ccd6975b79225059cef530a4fcb0a9719f5e2d3bebe7bb6ec0855e495a31e5075eb50aa6c1227e48b03e3fdf780084ac4912eb3a5674cca9dd6ac037366b230ae631a8580d2d117942dee5d5ddbbb2233afeca53289cc4f68":104:"4221818d4be45306e205813789":"b5b36719bc4d13a5fbf37188ea814cdf3c97a430784330540325c899570e15482300bc82c5b8163074e0544c5132e3ce93bba68bd7a8d2db81d1431b424b697c1158c4d70625666d5ff99145ca34856815c905b5a0fd95806df56b9cd5b384bda3e394b409048eb1037144cc071539c02397e931da28a43cc354d584643afd4f":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4382507dddccf1385fc831da8924147563416d0656e168ec":"e5c5430b960aa35dc8540215c2772d66811270859e33dd4477904759e7e5eb2986a52a4ccc9f592e614147b5ea2ead6636a15c6426336b2995d9a31ab36d76578c3540bc6693842a4bc0491c7963ee9cda2317951cf93244bd30bcdfec69a4767004636fe7d1be7300c35e80627bab9236a075a803e9e1080b9159060c643a78":"a37687c9cd4bdc1ead4e6b8f78bee7f5":"fa9ae30509cbb6fe104c21480ae7b8ec9f12f1afb17320d77b77cdf32ce8c5a3f7f927e501118c7ccd6975b79225059cef530a4fcb0a9719f5e2d3bebe7bb6ec0855e495a31e5075eb50aa6c1227e48b03e3fdf780084ac4912eb3a5674cca9dd6ac037366b230ae631a8580d2d117942dee5d5ddbbb2233afeca53289cc4f68":104:"4221818d4be45306e205813789":"":"b5b36719bc4d13a5fbf37188ea814cdf3c97a430784330540325c899570e15482300bc82c5b8163074e0544c5132e3ce93bba68bd7a8d2db81d1431b424b697c1158c4d70625666d5ff99145ca34856815c905b5a0fd95806df56b9cd5b384bda3e394b409048eb1037144cc071539c02397e931da28a43cc354d584643afd4f":0
AES-GCM NIST Validation (AES-192,128,1024,1024,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7a66db3450dac9a1e63d2639f34c5c6a3fbfb3c8e8230199":"6463a7eb2496379bc8a5635541525926a6f9fa718e338221952118ae4cf03a85f2074b4ebaf108b9c725809be1e6309c3a444b66f12286f6ea9d80c3413706b234b26372e8f00783819314a994c9e3ecf6abdd255cbfe01b3865e1390a35dcd2853a3d99ed992e82ec67ba245f088cb090adade74bdbc8a1bad0f06cbea766a6":"21f8341529b210ade7f2c6055e13007a":"1699bc8c198ab03e22d9bc4f3682aad335c6e35f3f616bb69769a9d5a202511797e770ae0d8d8528ef7b2bb25b4294d47427b43f0580fa71d93fdef667f4f4196f84e41c0b1978796d0de74a94420fb8571bff39137fa231c572b31be9ae72338288bef5f8c992121dc918538551f346e279a9047df14ec9fc0fd399cd3bd8d8":96:"4af02b81b26104d1d31e295a":"53fe6a34d280f2c96d1ae2b2e8baf6abd67cedf7d214312f75dd4a1bec28a641dda3e71aa398726b2b0b1f515e1f4259ee97acaf17f122db9ec7814c2de6a88d36c3ac106396ad03d337c2cd2d2b9b4b7170e23a5848ca7ea129838f967dfdfe83b45ff2a9be699bfb2346115465d59f074f09e24d8fcbd9ece0018c92776c43":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7a66db3450dac9a1e63d2639f34c5c6a3fbfb3c8e8230199":"6463a7eb2496379bc8a5635541525926a6f9fa718e338221952118ae4cf03a85f2074b4ebaf108b9c725809be1e6309c3a444b66f12286f6ea9d80c3413706b234b26372e8f00783819314a994c9e3ecf6abdd255cbfe01b3865e1390a35dcd2853a3d99ed992e82ec67ba245f088cb090adade74bdbc8a1bad0f06cbea766a6":"21f8341529b210ade7f2c6055e13007a":"1699bc8c198ab03e22d9bc4f3682aad335c6e35f3f616bb69769a9d5a202511797e770ae0d8d8528ef7b2bb25b4294d47427b43f0580fa71d93fdef667f4f4196f84e41c0b1978796d0de74a94420fb8571bff39137fa231c572b31be9ae72338288bef5f8c992121dc918538551f346e279a9047df14ec9fc0fd399cd3bd8d8":96:"4af02b81b26104d1d31e295a":"":"53fe6a34d280f2c96d1ae2b2e8baf6abd67cedf7d214312f75dd4a1bec28a641dda3e71aa398726b2b0b1f515e1f4259ee97acaf17f122db9ec7814c2de6a88d36c3ac106396ad03d337c2cd2d2b9b4b7170e23a5848ca7ea129838f967dfdfe83b45ff2a9be699bfb2346115465d59f074f09e24d8fcbd9ece0018c92776c43":0
AES-GCM NIST Validation (AES-192,128,1024,1024,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1f5c818f24d201f9fb23fcca211b0545eee5c5c9b440810d":"9a7566817a06f792e96a6a2ba8e0a01f8837e2de06796e68b0782cc54ed0b04fc5e24a1ad37d5ffb035548b882d88150e89915b89f57cde2bf3c43ab9dae356927daef6bd61cc9edd5e1b7a4abea2f71313677f1b2fdf3d8d4a7e9814ea820fbc3e5c83947db961839a985a57ced7f5e4a1efffcfd17a2c806d4cdc1e79162da":"3a163067bdd90fce0406d1c198a88771":"a5e94e233d04fe0c4b6c4684b386902fe05096702237dfbe76f73befa69b6f30394cf9fe3358997942df65842748fb4f075a3dc06e147bd8d67fc4371113a4d75c70219257c650a6f38a136659e20a1cf3a119397835c304e0fb2a33aa3c3019175c86463043d5edc6992874f61e81cd0d26af8b62cf8c8626901d4f16d84236":96:"b124eea927e2a62a875494a1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1f5c818f24d201f9fb23fcca211b0545eee5c5c9b440810d":"9a7566817a06f792e96a6a2ba8e0a01f8837e2de06796e68b0782cc54ed0b04fc5e24a1ad37d5ffb035548b882d88150e89915b89f57cde2bf3c43ab9dae356927daef6bd61cc9edd5e1b7a4abea2f71313677f1b2fdf3d8d4a7e9814ea820fbc3e5c83947db961839a985a57ced7f5e4a1efffcfd17a2c806d4cdc1e79162da":"3a163067bdd90fce0406d1c198a88771":"a5e94e233d04fe0c4b6c4684b386902fe05096702237dfbe76f73befa69b6f30394cf9fe3358997942df65842748fb4f075a3dc06e147bd8d67fc4371113a4d75c70219257c650a6f38a136659e20a1cf3a119397835c304e0fb2a33aa3c3019175c86463043d5edc6992874f61e81cd0d26af8b62cf8c8626901d4f16d84236":96:"b124eea927e2a62a875494a1":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a301f7edf83da63bcf37216a3a33d7613331c3210281dd7":"e09cc8543db7804870004706a26e94b457c125bd648b581a196f962f2ae8fa55d9bc66530ba5020e22d282080b4720dc9a2096a11c0fcc3d9a67cd1cf95cd7cd2417ba308c761e64be24347a14c9423447094a5c72a0043c288b35e753ba0aa748f208381249fb1c8d195a472192404b6c8172663ee4b4d4ecfa426e1fb003f2":"d73a546b0fa307633ac89506fa86138b":"f57fe548cf4a551a216ffb24a1dcf1b79c95f9abf06443fd58af042d287c2165db373c82a94172db517840f22e45e966e3ead91ce1ddad132bcb844e406e84b76a0b5b0ee23064b66a229f32a2d3b9c71103f020c4ba57fc0f0608b7114914cf2ada0c5a9bc4afbfa9ce5da320f34beb2211d569a142f53bfd262f6d149c4350":96:"f536a3b8c333b1aa520d6440":"124a327a8c22b7652886dac2c84b8997ca8a6f61c9ba9c094b5aea41eaa050a6df6cbf280259e5466071bcfa53b4ebc76c3cc4afc8c0385189a5382933aa57c89aab78dca84331e0fe8f0aab3a7857d3e13f08dcd90ec5f0684f82088ef8eb7fd67e75de43b67afc3a0beb458f5ebd61b2c779e6c539d795c667bb7dcc2b762e":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a301f7edf83da63bcf37216a3a33d7613331c3210281dd7":"e09cc8543db7804870004706a26e94b457c125bd648b581a196f962f2ae8fa55d9bc66530ba5020e22d282080b4720dc9a2096a11c0fcc3d9a67cd1cf95cd7cd2417ba308c761e64be24347a14c9423447094a5c72a0043c288b35e753ba0aa748f208381249fb1c8d195a472192404b6c8172663ee4b4d4ecfa426e1fb003f2":"d73a546b0fa307633ac89506fa86138b":"f57fe548cf4a551a216ffb24a1dcf1b79c95f9abf06443fd58af042d287c2165db373c82a94172db517840f22e45e966e3ead91ce1ddad132bcb844e406e84b76a0b5b0ee23064b66a229f32a2d3b9c71103f020c4ba57fc0f0608b7114914cf2ada0c5a9bc4afbfa9ce5da320f34beb2211d569a142f53bfd262f6d149c4350":96:"f536a3b8c333b1aa520d6440":"":"124a327a8c22b7652886dac2c84b8997ca8a6f61c9ba9c094b5aea41eaa050a6df6cbf280259e5466071bcfa53b4ebc76c3cc4afc8c0385189a5382933aa57c89aab78dca84331e0fe8f0aab3a7857d3e13f08dcd90ec5f0684f82088ef8eb7fd67e75de43b67afc3a0beb458f5ebd61b2c779e6c539d795c667bb7dcc2b762e":0
AES-GCM NIST Validation (AES-192,128,1024,1024,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fd40e8226fd13cb95ba50b7cdf0f07f7ab7037cf8705ca50":"75aa7df5c3c443d48ee998064b6fd112c20d2d90c98e00d025ef08d1ad3595385be99de47fa627549b827c48bc79eb1dcaf2f1be95a45f7e55755b952aee5ae0748e68bee1b014a628f3f7dc88e0ebac1d1d00e268355f5101838ce125c57003aebc02a1c9d6ae2cd6e2592f52c0be38cef21a680ae35c909cab99dce9837aef":"3406e70cbe16b047fedaa537eb892279":"390b18d22d5ecc0b5a524ae9afac6fd948ac72d1360775a88b385aa862cce8a27f3e4b420e539bec6e8958f8c1b5416c313fa0a16f921149a2bfeae29ad2348949b29a73970e5be925ec0c35218b82a020cf21bb68c6931f86b29e01b85500a73f3ee7eb78da60078f42550da83b2e301d151d69b273a050f89e57dfc4787cbf":64:"69e06c72ead69501":"6e8d661cd320b1b39f8494836fcf738b0ab82873d3903c9ee34d74f618aea36099926b54c1589225ec9a9d48ca53657f10d9289c31f199c37c48fb9cbe1cda1e790aaeedf73871f66a3761625cca3c4f642bc4f254868f6b903e80ceeeb015569ace23376567d3712ad16d1289dc504f15d9b2751b23e7722b9e6d8e0827859f":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fd40e8226fd13cb95ba50b7cdf0f07f7ab7037cf8705ca50":"75aa7df5c3c443d48ee998064b6fd112c20d2d90c98e00d025ef08d1ad3595385be99de47fa627549b827c48bc79eb1dcaf2f1be95a45f7e55755b952aee5ae0748e68bee1b014a628f3f7dc88e0ebac1d1d00e268355f5101838ce125c57003aebc02a1c9d6ae2cd6e2592f52c0be38cef21a680ae35c909cab99dce9837aef":"3406e70cbe16b047fedaa537eb892279":"390b18d22d5ecc0b5a524ae9afac6fd948ac72d1360775a88b385aa862cce8a27f3e4b420e539bec6e8958f8c1b5416c313fa0a16f921149a2bfeae29ad2348949b29a73970e5be925ec0c35218b82a020cf21bb68c6931f86b29e01b85500a73f3ee7eb78da60078f42550da83b2e301d151d69b273a050f89e57dfc4787cbf":64:"69e06c72ead69501":"":"6e8d661cd320b1b39f8494836fcf738b0ab82873d3903c9ee34d74f618aea36099926b54c1589225ec9a9d48ca53657f10d9289c31f199c37c48fb9cbe1cda1e790aaeedf73871f66a3761625cca3c4f642bc4f254868f6b903e80ceeeb015569ace23376567d3712ad16d1289dc504f15d9b2751b23e7722b9e6d8e0827859f":0
AES-GCM NIST Validation (AES-192,128,1024,1024,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a85ab87563b809b01725764d64ba4cc6a143e2e0362f0c52":"ef43629721b50bd3656b7ae31b6e4b4ba1cf2c72ed0460ee7d9fb416631ddc597e5f9aebbcf4442b95cc46e28476a464dd87caf9c1c1d6c99d3e3e059dc23f8d2fe155ff5e59c50d640bc052c62adee3aa1295b38732e3458f379e98a8dbdfed04c22a5761792e87fa67ecbcbf3b90eb1bcd1d3f49e60132452f28afece83e90":"9f991ff16a3e3eb164a4f819c9f1821a":"df289511f78d8fa2505afc4c71ab1d7c31a8d15d1e5fcbb29d70f0e56f89c4d7b30f1b3b4745b5d2cc7af34fb4c95461372bf516ec192b400dc8fdb0ca9fe1f30f5320d0fadf20155cfcddcf09233c6f591c1c89917e38a003f56b94a1e2429d1f2b6297db790d7dce84d9fa13d2d86a0e4d100e154050b07178bee4cdf18126":64:"dc4c97fe8cc53350":"ff0e531c7344f0425d62d5fbedf4bc8d3d5cc80647e67b852c1a58ad1516d376d954cb8dda739f6a4df3cf1507e59696610bcb6b34340d6313028e00d7197845d392e73331aaf168b474a67364d8f9dab740509fabf92af75045f0afabc1b5829264d138820952bbc484d1100d058a4de32b4ece82746b2b4a85fb2993d4add8":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a85ab87563b809b01725764d64ba4cc6a143e2e0362f0c52":"ef43629721b50bd3656b7ae31b6e4b4ba1cf2c72ed0460ee7d9fb416631ddc597e5f9aebbcf4442b95cc46e28476a464dd87caf9c1c1d6c99d3e3e059dc23f8d2fe155ff5e59c50d640bc052c62adee3aa1295b38732e3458f379e98a8dbdfed04c22a5761792e87fa67ecbcbf3b90eb1bcd1d3f49e60132452f28afece83e90":"9f991ff16a3e3eb164a4f819c9f1821a":"df289511f78d8fa2505afc4c71ab1d7c31a8d15d1e5fcbb29d70f0e56f89c4d7b30f1b3b4745b5d2cc7af34fb4c95461372bf516ec192b400dc8fdb0ca9fe1f30f5320d0fadf20155cfcddcf09233c6f591c1c89917e38a003f56b94a1e2429d1f2b6297db790d7dce84d9fa13d2d86a0e4d100e154050b07178bee4cdf18126":64:"dc4c97fe8cc53350":"":"ff0e531c7344f0425d62d5fbedf4bc8d3d5cc80647e67b852c1a58ad1516d376d954cb8dda739f6a4df3cf1507e59696610bcb6b34340d6313028e00d7197845d392e73331aaf168b474a67364d8f9dab740509fabf92af75045f0afabc1b5829264d138820952bbc484d1100d058a4de32b4ece82746b2b4a85fb2993d4add8":0
AES-GCM NIST Validation (AES-192,128,1024,1024,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f4f1e03abb927ffd0b081b9dce83a56a6dd419a6313ac34f":"0e70421499bc4bcb3851afa34cdf5be374722815abdd9bcee5f332dbe890bdc1c0210ab10667e5bb924bf3c1120e25a0c074da620076f143940989e222086d1b34a1200d09aea1f810ef6de7d8520c65eef9539fde5a6422606c588fce6264e5f91f934ede6397c4b307d2d7e07a518fce577a427fa92923cbba637ae495afad":"d1e29bb51a3c4e871d15bb0cd86257e2":"ae2911cdaaad1194c5d7868b6d8f30287105df132eb0cecca14b6e23ec7ac39cc01da1c567a0219cca7b902cc2e825e30f9524a473eb6e1d4d1beff5ab4f29103b2c7522a33dd33182fa955c4f09a75196b1072a6f0340fc55a802d29c7067f05219c21857ebff89ada11f648c1f28dfbfdaab56028f05509de17e2381457ebc":64:"44f760787f7bc3c0":"2199fa5051461b67581429ab19de2ccb50b8b02e12c0e1d81a8a14929f84e09d9715b7d198e77e632de4af1c08c5041276204a7ed76646385e288e96e1a4b0b0f2b1a9df7f0892beaea3cb58d9632720158f6daa4cbbfc0ebdc56ff6a5175768ff2abd24cb7669bc3fe40f8aba7869d2dd7dac86b6ebc4e4ce261edbec88db17":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f4f1e03abb927ffd0b081b9dce83a56a6dd419a6313ac34f":"0e70421499bc4bcb3851afa34cdf5be374722815abdd9bcee5f332dbe890bdc1c0210ab10667e5bb924bf3c1120e25a0c074da620076f143940989e222086d1b34a1200d09aea1f810ef6de7d8520c65eef9539fde5a6422606c588fce6264e5f91f934ede6397c4b307d2d7e07a518fce577a427fa92923cbba637ae495afad":"d1e29bb51a3c4e871d15bb0cd86257e2":"ae2911cdaaad1194c5d7868b6d8f30287105df132eb0cecca14b6e23ec7ac39cc01da1c567a0219cca7b902cc2e825e30f9524a473eb6e1d4d1beff5ab4f29103b2c7522a33dd33182fa955c4f09a75196b1072a6f0340fc55a802d29c7067f05219c21857ebff89ada11f648c1f28dfbfdaab56028f05509de17e2381457ebc":64:"44f760787f7bc3c0":"":"2199fa5051461b67581429ab19de2ccb50b8b02e12c0e1d81a8a14929f84e09d9715b7d198e77e632de4af1c08c5041276204a7ed76646385e288e96e1a4b0b0f2b1a9df7f0892beaea3cb58d9632720158f6daa4cbbfc0ebdc56ff6a5175768ff2abd24cb7669bc3fe40f8aba7869d2dd7dac86b6ebc4e4ce261edbec88db17":0
AES-GCM NIST Validation (AES-192,128,1024,1024,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"33efe20433c6a1ad261a1fed494961749e5bf9d35809b59d":"cfbeb61be50def25f513346498f75984bfe797a8ad56be34f2461e2d673f6ce14e7479a59777267b75dadc6b9522599ebe5d7b079495a58ca187ec47796f6ee8c322278ad7451b038c938928adcff6105a8ea3780aedc45b6a3323d3ae6fbce5da4fb59ca5ec0a16a70494c3c4859672348532505e44f915e0b9b8a296ef5225":"dc94673b0c49c6d3b4611e278212c748":"919f7397a6d03836423b7cac53177fcfbe457d4aa4348646f646aae1bc5a15568cdb8c96fabef278ace248aca531110a4f4f9e8ab0c32525ad816ae3facf03175232dc84addcd6065f9cc1f513966b63fd27e91a09f1921b95d6bd8f08f1dbce073bcf827847f774514b478b9d7fb5426847dd4dee6f39b5768c1fb729b32d03":32:"c5098340":"c5e47d8c60b04df1974b68a14095d9bc8429a413d21960b15bae4fd7356bf7872e0da0a1a385ca2982d3aa3182e63ea4bb8ca01410cd4e71ddad34aa1f12c1387902b3d56634f89c619a2e6756648ab3bf90e9bc945afc9140eb935b633bae96bb067e9ee421697bcf80b14b1b88dbf13e010b472a7ca5411db36848b9c7a37f":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"33efe20433c6a1ad261a1fed494961749e5bf9d35809b59d":"cfbeb61be50def25f513346498f75984bfe797a8ad56be34f2461e2d673f6ce14e7479a59777267b75dadc6b9522599ebe5d7b079495a58ca187ec47796f6ee8c322278ad7451b038c938928adcff6105a8ea3780aedc45b6a3323d3ae6fbce5da4fb59ca5ec0a16a70494c3c4859672348532505e44f915e0b9b8a296ef5225":"dc94673b0c49c6d3b4611e278212c748":"919f7397a6d03836423b7cac53177fcfbe457d4aa4348646f646aae1bc5a15568cdb8c96fabef278ace248aca531110a4f4f9e8ab0c32525ad816ae3facf03175232dc84addcd6065f9cc1f513966b63fd27e91a09f1921b95d6bd8f08f1dbce073bcf827847f774514b478b9d7fb5426847dd4dee6f39b5768c1fb729b32d03":32:"c5098340":"":"c5e47d8c60b04df1974b68a14095d9bc8429a413d21960b15bae4fd7356bf7872e0da0a1a385ca2982d3aa3182e63ea4bb8ca01410cd4e71ddad34aa1f12c1387902b3d56634f89c619a2e6756648ab3bf90e9bc945afc9140eb935b633bae96bb067e9ee421697bcf80b14b1b88dbf13e010b472a7ca5411db36848b9c7a37f":0
AES-GCM NIST Validation (AES-192,128,1024,1024,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3ed5dadefa0f6d14fedd1a3cdbab109f6660896a952ac5ab":"aef617f69724e020309ec39d9587520efda68a8e303686c3a41ef700cba05b7c6e43e95aadb1a566f61650c87845835e789eb2366941e3bfef6d9846af0e0dbc43249117ad6f299bbc40669ac383cdf79289ada6ccd8ccfe329a0dc6a38eea1a99550457102d10f641cda50c21f533b1f981663f74a0a7c657c04d9fc6696ff4":"553a14f1e1619f9d7bd07cd823961f25":"eb8ea81d3e328a1113942cd5efd0f2b5e7f088791c8fc05690a34584101c4d493628ee7d0099a2865ac194b9124c3fb924de0c4428d0a1c26ea3ad9a0bc89187a16673e3b6f7e370dfb2dc26e8a56a9cf91f9c2088c020a766efe0d0c91689743a603f2cd1e300a6a84828b3b515a4b9a06e6bb20457bf124cd6ce4ac8b83d51":32:"dc413c4c":"bc1f34991a48aabb0fea513f790f0d223e9feac4c99fa1e8427f01ab8b4b2827cfaf239342de36051a846af0306a3f82e7aed98dd0416fb078bc7f3b617b00ceb2cea4ddafc22dd022efa8303e9804510e0e888065d8427345156d823f796f74130c06db9f9934435552b4fefd051953e20ecba3a4514ac121d7d2097d597439":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3ed5dadefa0f6d14fedd1a3cdbab109f6660896a952ac5ab":"aef617f69724e020309ec39d9587520efda68a8e303686c3a41ef700cba05b7c6e43e95aadb1a566f61650c87845835e789eb2366941e3bfef6d9846af0e0dbc43249117ad6f299bbc40669ac383cdf79289ada6ccd8ccfe329a0dc6a38eea1a99550457102d10f641cda50c21f533b1f981663f74a0a7c657c04d9fc6696ff4":"553a14f1e1619f9d7bd07cd823961f25":"eb8ea81d3e328a1113942cd5efd0f2b5e7f088791c8fc05690a34584101c4d493628ee7d0099a2865ac194b9124c3fb924de0c4428d0a1c26ea3ad9a0bc89187a16673e3b6f7e370dfb2dc26e8a56a9cf91f9c2088c020a766efe0d0c91689743a603f2cd1e300a6a84828b3b515a4b9a06e6bb20457bf124cd6ce4ac8b83d51":32:"dc413c4c":"":"bc1f34991a48aabb0fea513f790f0d223e9feac4c99fa1e8427f01ab8b4b2827cfaf239342de36051a846af0306a3f82e7aed98dd0416fb078bc7f3b617b00ceb2cea4ddafc22dd022efa8303e9804510e0e888065d8427345156d823f796f74130c06db9f9934435552b4fefd051953e20ecba3a4514ac121d7d2097d597439":0
AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6d97e8bff3923a778504fb917dbc1428a1328587047697d9":"dc1a81efd51e967767f5bdd7e2e425732c1d28451f2bf5bdf3f5a6492279330594d360dd8a193e5dbde1be49bf143a35c38bcd059f762ada65c5119e097f0976891347f4d829b087bd72daa3494b344cbd3370c4459ca243bd57aeda4cb86cdd0bf274f07830cdbf5e5be4eb9b742ddffef8aa35626d2b9ea0a29d3c3d058b28":"0c28dc4cd53725091c2fb68a476c2e40":"f3932f5e82d75a1e3eba1591c17769e1a45819ccf057c31e76fa810b93678766d25905e859775c244e96bcafbc75c4a2d95e7d02868ccb2f65e49276f0b645ac8cf6e3758402304a3c25ce2de0a49f401b1acadaff8b57589b45cc79130ddc8387f41cc383e33ef38eec019152051c756198d6f782ccf56297b9fe944269a65a":32:"e6d6df7a":"39327836e9d8cfb59397adcf045a85644c52c3563290795811f26350c8bce8f55ca779cbcd15479efd8144b8a39ef611153955c70bf3a7da9d4d944c2407a0d735784fcb68de1083eebf6940ebc9cf92f9f139c01404b503ff64e61126a94e881351473507884357040fd32714b872c254349071069644e2bd642905521b944e":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6d97e8bff3923a778504fb917dbc1428a1328587047697d9":"dc1a81efd51e967767f5bdd7e2e425732c1d28451f2bf5bdf3f5a6492279330594d360dd8a193e5dbde1be49bf143a35c38bcd059f762ada65c5119e097f0976891347f4d829b087bd72daa3494b344cbd3370c4459ca243bd57aeda4cb86cdd0bf274f07830cdbf5e5be4eb9b742ddffef8aa35626d2b9ea0a29d3c3d058b28":"0c28dc4cd53725091c2fb68a476c2e40":"f3932f5e82d75a1e3eba1591c17769e1a45819ccf057c31e76fa810b93678766d25905e859775c244e96bcafbc75c4a2d95e7d02868ccb2f65e49276f0b645ac8cf6e3758402304a3c25ce2de0a49f401b1acadaff8b57589b45cc79130ddc8387f41cc383e33ef38eec019152051c756198d6f782ccf56297b9fe944269a65a":32:"e6d6df7a":"":"39327836e9d8cfb59397adcf045a85644c52c3563290795811f26350c8bce8f55ca779cbcd15479efd8144b8a39ef611153955c70bf3a7da9d4d944c2407a0d735784fcb68de1083eebf6940ebc9cf92f9f139c01404b503ff64e61126a94e881351473507884357040fd32714b872c254349071069644e2bd642905521b944e":0
AES-GCM NIST Validation (AES-192,128,0,0,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c78e29971e90a01bb65973f81260b9344fa835751f5f142":"":"f1a23ce6e2bc9088a62c887abecd30ae":"":128:"d4d5c22f993c8c610145fcbe4e021687":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c78e29971e90a01bb65973f81260b9344fa835751f5f142":"":"f1a23ce6e2bc9088a62c887abecd30ae":"":128:"d4d5c22f993c8c610145fcbe4e021687":"":"":0
AES-GCM NIST Validation (AES-192,128,0,0,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8c582d5b6a40ef0e4048ec20f0263572d7cc82704e380851":"":"ef221a1c66fda17906190b7c99ab60b8":"":128:"6327dcb46ffb3d0fd8fbf3d2848a8f01":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8c582d5b6a40ef0e4048ec20f0263572d7cc82704e380851":"":"ef221a1c66fda17906190b7c99ab60b8":"":128:"6327dcb46ffb3d0fd8fbf3d2848a8f01":"":"":0
AES-GCM NIST Validation (AES-192,128,0,0,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3a58abadd29e946e23ca9eb09af059913d5394971bda6a4f":"":"7c29b3196d44df78fa514a1967fcd3a6":"":128:"fc123944bbea6c5075a5f987aed9cf99":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3a58abadd29e946e23ca9eb09af059913d5394971bda6a4f":"":"7c29b3196d44df78fa514a1967fcd3a6":"":128:"fc123944bbea6c5075a5f987aed9cf99":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"04bdde4c35c385783715d8a883640851b860ce0e8436ec19":"":"783f9a3c36b6d0c9fd57c15105316535":"":120:"23e21a803cac5237777014686564f2":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"04bdde4c35c385783715d8a883640851b860ce0e8436ec19":"":"783f9a3c36b6d0c9fd57c15105316535":"":120:"23e21a803cac5237777014686564f2":"":"":0
AES-GCM NIST Validation (AES-192,128,0,0,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4ba5fba0c22fbe10c2d1690c5d99938522de9c5186721bac":"":"2acc2073089a34d4651eee39a262e8ae":"":120:"7ac742c859a02a543b50464c66dcf5":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4ba5fba0c22fbe10c2d1690c5d99938522de9c5186721bac":"":"2acc2073089a34d4651eee39a262e8ae":"":120:"7ac742c859a02a543b50464c66dcf5":"":"":0
AES-GCM NIST Validation (AES-192,128,0,0,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f12890b0a8819faa5a8e0e487f7f064af42fa6d5519d009f":"":"c937615675738f4b3227c799833d1e61":"":120:"88300bd65b12dcb341f1f6d8a15584":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f12890b0a8819faa5a8e0e487f7f064af42fa6d5519d009f":"":"c937615675738f4b3227c799833d1e61":"":120:"88300bd65b12dcb341f1f6d8a15584":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"51878f3630298a81297f4a21514fea637faa3815d4f26fae":"":"1f939226feab012dabfc2193637d15b1":"":112:"eed5fcb7607c038b354746d91c5b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"51878f3630298a81297f4a21514fea637faa3815d4f26fae":"":"1f939226feab012dabfc2193637d15b1":"":112:"eed5fcb7607c038b354746d91c5b":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ae596e74840a600556a06f97b13b89e38f67c152f1a1b930":"":"e2076e1050070d468659885ea77e88d0":"":112:"b4586bdbd4b6b899648f2333eee0":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ae596e74840a600556a06f97b13b89e38f67c152f1a1b930":"":"e2076e1050070d468659885ea77e88d0":"":112:"b4586bdbd4b6b899648f2333eee0":"":"":0
AES-GCM NIST Validation (AES-192,128,0,0,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fd33b7a0efae34339ca987b5eb8075385fd1276e63cc8530":"":"2d07bb8616fc0bbb71755a1bd256e7fb":"":112:"6b60d645220cfde42d88296ac193":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fd33b7a0efae34339ca987b5eb8075385fd1276e63cc8530":"":"2d07bb8616fc0bbb71755a1bd256e7fb":"":112:"6b60d645220cfde42d88296ac193":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5685b12a6617d554c36b62af5b8ff2239cb3ffb1d2c40e14":"":"6c31194df99d08881fa5b1dd33b45a92":"":104:"69431593c376c9f8052bf10747":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5685b12a6617d554c36b62af5b8ff2239cb3ffb1d2c40e14":"":"6c31194df99d08881fa5b1dd33b45a92":"":104:"69431593c376c9f8052bf10747":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"036ae037410dae9f0741608516d03b855c9c1851df8c54a4":"":"73599275f8237f14c4a52b283c07275d":"":104:"6f7249d25c9f273434c4720275":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"036ae037410dae9f0741608516d03b855c9c1851df8c54a4":"":"73599275f8237f14c4a52b283c07275d":"":104:"6f7249d25c9f273434c4720275":"":"":0
AES-GCM NIST Validation (AES-192,128,0,0,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ac144f39ebd6124bad85c9c7fb4f75bff389ece2e8085d83":"":"d0871bfc3693245be478e6a257c79efb":"":104:"5a99d59631d0e12f58b7b95ccd":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ac144f39ebd6124bad85c9c7fb4f75bff389ece2e8085d83":"":"d0871bfc3693245be478e6a257c79efb":"":104:"5a99d59631d0e12f58b7b95ccd":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a8a541ff11a1b8548e832d9e015edeccc94b87dadc156065":"":"c72bb300b624c27cded863eba56e7587":"":96:"ea2528e7439be2ed0a0d6b2a":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a8a541ff11a1b8548e832d9e015edeccc94b87dadc156065":"":"c72bb300b624c27cded863eba56e7587":"":96:"ea2528e7439be2ed0a0d6b2a":"":"":0
AES-GCM NIST Validation (AES-192,128,0,0,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30dd8f400335e9c688e13cc0b1007bd21736a6d395d152e2":"":"28899601fa95f532b030f11bbeb87011":"":96:"35625638589bb7f6ccdb0222":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30dd8f400335e9c688e13cc0b1007bd21736a6d395d152e2":"":"28899601fa95f532b030f11bbeb87011":"":96:"35625638589bb7f6ccdb0222":"":"":0
AES-GCM NIST Validation (AES-192,128,0,0,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cb8f672b04d706d7d4125d6830fff5d2ec069569bea050ce":"":"375d4134e8649367f4db9bdb07aa8594":"":96:"70610bf329683e15ecf8c79f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cb8f672b04d706d7d4125d6830fff5d2ec069569bea050ce":"":"375d4134e8649367f4db9bdb07aa8594":"":96:"70610bf329683e15ecf8c79f":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"bf71e5b1cd6eb363ecd89a4958675a1166c10749e1ff1f44":"":"9f502fb5ac90ff5f5616dd1fa837387d":"":64:"a4b5138122e1209d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"bf71e5b1cd6eb363ecd89a4958675a1166c10749e1ff1f44":"":"9f502fb5ac90ff5f5616dd1fa837387d":"":64:"a4b5138122e1209d":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5b9d1dfb2303b66848e363793bdca0e5ada8599cb2c09e24":"":"2ee96384dd29f8a4c4a6102549a026ab":"":64:"3b33a10189338c3b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5b9d1dfb2303b66848e363793bdca0e5ada8599cb2c09e24":"":"2ee96384dd29f8a4c4a6102549a026ab":"":64:"3b33a10189338c3b":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,0,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a35ae271f70ebacb28173b37b921f5abcad1712a1cf5d5db":"":"8d97f354564d8185b57f7727626850a0":"":64:"813d2f98a760130c":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a35ae271f70ebacb28173b37b921f5abcad1712a1cf5d5db":"":"8d97f354564d8185b57f7727626850a0":"":64:"813d2f98a760130c":"":"":0
AES-GCM NIST Validation (AES-192,128,0,0,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bdd0cb826d5d28c2ab9777d5a0c1558e7c8227c53ed4c4f":"":"daf13501a47ee73c0197d8b774eec399":"":32:"a6d108c0":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bdd0cb826d5d28c2ab9777d5a0c1558e7c8227c53ed4c4f":"":"daf13501a47ee73c0197d8b774eec399":"":32:"a6d108c0":"":"":0
AES-GCM NIST Validation (AES-192,128,0,0,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"81b4d5ee4e1cbee1d8966fb3946409e6e64319a4b83231f5":"":"bc2f9320d6b62eea29ebc9cf7fc9f04a":"":32:"a47cdadd":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"81b4d5ee4e1cbee1d8966fb3946409e6e64319a4b83231f5":"":"bc2f9320d6b62eea29ebc9cf7fc9f04a":"":32:"a47cdadd":"":"":0
AES-GCM NIST Validation (AES-192,128,0,0,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5813627d26d568dfe5a0f8184cf561fe455eb98b98841fe0":"":"817199254a912880405c9729d75ed391":"":32:"d81d9b41":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5813627d26d568dfe5a0f8184cf561fe455eb98b98841fe0":"":"817199254a912880405c9729d75ed391":"":32:"d81d9b41":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"94f160e2325da2330fbe4e15910d33c2014f01ace58e5b24":"":"80a1b99750980bf2be84a17032fc2721":"066fdd980cf043a732403ee5f65c82ca81e3fc858ad3cfa343014a8426fd3806770f127e2041efb42e31506ce83390ac5d76de2fe1806df24ce6e4bb894972a107ef99e51e4acfb0e325ab053f9824514b5941ab1ec598fbb57a5d18ed34d72992a19215d914e34ad1a22326e493d1ff2da7bc271c96ad3ab66d0c32bd711293":128:"dd153cfd7aa946280660c445f586fa28":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"94f160e2325da2330fbe4e15910d33c2014f01ace58e5b24":"":"80a1b99750980bf2be84a17032fc2721":"066fdd980cf043a732403ee5f65c82ca81e3fc858ad3cfa343014a8426fd3806770f127e2041efb42e31506ce83390ac5d76de2fe1806df24ce6e4bb894972a107ef99e51e4acfb0e325ab053f9824514b5941ab1ec598fbb57a5d18ed34d72992a19215d914e34ad1a22326e493d1ff2da7bc271c96ad3ab66d0c32bd711293":128:"dd153cfd7aa946280660c445f586fa28":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4785846f7c0524e78f3eb137fd433e1808af64549af69183":"":"5334476a5fa3fa50dcc4b12f8ac00b51":"e70f82d1e3361ac5a5c9a087e47984d5533ba296f9b7e4a192a4ab28a833cdbbd5cece3415cf6fbb2f8055560b5c31c98d83d139954e1c03a464739f1eb5ad982c4371cf20b8984bbd97d5f40b336f5e96df3d272b95f7547be15c3bc05b3caac7d08c5eb5de8bdd246e74f6caa6bff76ea0417730ce72b911867f88fdcf73a0":128:"c59231ddaae98e0e8db6b3fe8f4d3427":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4785846f7c0524e78f3eb137fd433e1808af64549af69183":"":"5334476a5fa3fa50dcc4b12f8ac00b51":"e70f82d1e3361ac5a5c9a087e47984d5533ba296f9b7e4a192a4ab28a833cdbbd5cece3415cf6fbb2f8055560b5c31c98d83d139954e1c03a464739f1eb5ad982c4371cf20b8984bbd97d5f40b336f5e96df3d272b95f7547be15c3bc05b3caac7d08c5eb5de8bdd246e74f6caa6bff76ea0417730ce72b911867f88fdcf73a0":128:"c59231ddaae98e0e8db6b3fe8f4d3427":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"49b085fe1a8e1ae769ed09fc585d29eb24d589689992e6c5":"":"899878b0684fb865d30190821817b88c":"f789eafe3d02826b619ca4fbca7bb1919e5c6f7c33824a2f7f815dc50e329979705f7ef61e9adf7899d34f1b8840384ff62ef6d29eea38c45d12be9249aca69a02222cd744d81958c6816304ff0d81d6714a2023b3dd9d940db5c50afd89c52774d28d6afde2b6c68425b6acbe34682531a2e57e2b9a7729b3e8d96a729b15cc":128:"2c84bf7a8947ab93b10ae408243b4993":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"49b085fe1a8e1ae769ed09fc585d29eb24d589689992e6c5":"":"899878b0684fb865d30190821817b88c":"f789eafe3d02826b619ca4fbca7bb1919e5c6f7c33824a2f7f815dc50e329979705f7ef61e9adf7899d34f1b8840384ff62ef6d29eea38c45d12be9249aca69a02222cd744d81958c6816304ff0d81d6714a2023b3dd9d940db5c50afd89c52774d28d6afde2b6c68425b6acbe34682531a2e57e2b9a7729b3e8d96a729b15cc":128:"2c84bf7a8947ab93b10ae408243b4993":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"75847588760ecb6ca548747b743914c89fea367a5ccb81b6":"":"7d8a9fd254e2061c01e39eb574951924":"b03c57dfd49152401a225357f1d6e533f3a423e5cfce07b8ae7ca9daf68645e5bd67b3ca2421eac447530b27c6dc6bd9c7f1b22441b8cc8c4ac26cec2c9c0d665a35b66d779a3772d714f802d6b6272984808d0740344b6abdb63e626ef4e1ab0469da521c7908b2c95a0fd07437c0e9d4d2451ae189ad61ff19f4efb405127c":120:"e8aac14b53cdbc2028d330fc8d92a7":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"75847588760ecb6ca548747b743914c89fea367a5ccb81b6":"":"7d8a9fd254e2061c01e39eb574951924":"b03c57dfd49152401a225357f1d6e533f3a423e5cfce07b8ae7ca9daf68645e5bd67b3ca2421eac447530b27c6dc6bd9c7f1b22441b8cc8c4ac26cec2c9c0d665a35b66d779a3772d714f802d6b6272984808d0740344b6abdb63e626ef4e1ab0469da521c7908b2c95a0fd07437c0e9d4d2451ae189ad61ff19f4efb405127c":120:"e8aac14b53cdbc2028d330fc8d92a7":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e3a18a96d2e45d2f60780dc39cee7160e28cb810bf09858c":"":"26a4d659665ded39b7a1583de756d0ad":"83f8d9c58169b4c68032321197077ff5c8ee4ebb732b040748e1b55dcf53375ae86fb9646a672b5c5bc805a92c475cbb6d0ed689a58abdf2230250a7d3fbd8cfab07835fa85e738a7f74bc3e93616d844b1ec61b79f23dfea62e1815f295d43f61d7b5956103b31ca88afb0b3d37eb42cf77232dbf2258065232971c397dcbcb":120:"dc034564d4be7de243ff059b5f9160":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e3a18a96d2e45d2f60780dc39cee7160e28cb810bf09858c":"":"26a4d659665ded39b7a1583de756d0ad":"83f8d9c58169b4c68032321197077ff5c8ee4ebb732b040748e1b55dcf53375ae86fb9646a672b5c5bc805a92c475cbb6d0ed689a58abdf2230250a7d3fbd8cfab07835fa85e738a7f74bc3e93616d844b1ec61b79f23dfea62e1815f295d43f61d7b5956103b31ca88afb0b3d37eb42cf77232dbf2258065232971c397dcbcb":120:"dc034564d4be7de243ff059b5f9160":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7be3909170ea7a2ff76f9f28241d8cc48ddeafa8517c6f8c":"":"8dee7e29350c60c5bcfec89da6617d2e":"f6e9e7a7f9716760eb43060d5c80236a0f118b0f750ebd5df01fd2dba95c556ecd2e54a3f337767321abf569c8137a8e48c5b44037ba62951e9f9f709e6e4540a36d769f3945d01a20a2ed1891c415a16d95cab7ddf9bcebf18842c830067509a2a5d49a9684324c433d53824d2f8fd326b149af17f40e5bf5e49185738fba60":120:"942b52277e9dc0a30d737d00f5e597":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7be3909170ea7a2ff76f9f28241d8cc48ddeafa8517c6f8c":"":"8dee7e29350c60c5bcfec89da6617d2e":"f6e9e7a7f9716760eb43060d5c80236a0f118b0f750ebd5df01fd2dba95c556ecd2e54a3f337767321abf569c8137a8e48c5b44037ba62951e9f9f709e6e4540a36d769f3945d01a20a2ed1891c415a16d95cab7ddf9bcebf18842c830067509a2a5d49a9684324c433d53824d2f8fd326b149af17f40e5bf5e49185738fba60":120:"942b52277e9dc0a30d737d00f5e597":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1fe413bafc4753e1511b580c830449bee56e0e5b9acb852c":"":"e30829f64f3eda13bfb2ac572aceb3de":"6c772d08b4d7507e35804572fa697c646c77301954cc5c160941e49e230697ed8c23338b9f30c3ead69b1c1a2329ff025dcd3c0d0a9cc83fee4979448aa71ddb9d569bedc8c497a2a4ac3b60d087d7872f0a110bf90493ae7da03b0953734223156cd2d6c562e4a978a6dd5cdb229dd58dd4d0f50ac015f2f5e89dac4aa29a19":112:"87737873b82586bb29b406946cae":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1fe413bafc4753e1511b580c830449bee56e0e5b9acb852c":"":"e30829f64f3eda13bfb2ac572aceb3de":"6c772d08b4d7507e35804572fa697c646c77301954cc5c160941e49e230697ed8c23338b9f30c3ead69b1c1a2329ff025dcd3c0d0a9cc83fee4979448aa71ddb9d569bedc8c497a2a4ac3b60d087d7872f0a110bf90493ae7da03b0953734223156cd2d6c562e4a978a6dd5cdb229dd58dd4d0f50ac015f2f5e89dac4aa29a19":112:"87737873b82586bb29b406946cae":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b4bc4378d423931f9b320bb57df584c641406c1daa7448ad":"":"eca70e10c0358838a3f4a45c4b016ccd":"68d1c045c1604e3c3dd4f7c7543240aca8dbc5266dc18c5a8071e8b09e3700b7cf819044b2722d8db92021f42a0afb295d7b16ecf4e4704a50a527a2e72d7f53617c358e3b7be3d7fecda612ce6842fcfaa68f2d1b8a59d8b8391779f2fab99f820862c94029f444abe62367c5de0a4becc359660e4a5366f7d482bdc362b866":112:"06f95ca69c222a8985887925b15e":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b4bc4378d423931f9b320bb57df584c641406c1daa7448ad":"":"eca70e10c0358838a3f4a45c4b016ccd":"68d1c045c1604e3c3dd4f7c7543240aca8dbc5266dc18c5a8071e8b09e3700b7cf819044b2722d8db92021f42a0afb295d7b16ecf4e4704a50a527a2e72d7f53617c358e3b7be3d7fecda612ce6842fcfaa68f2d1b8a59d8b8391779f2fab99f820862c94029f444abe62367c5de0a4becc359660e4a5366f7d482bdc362b866":112:"06f95ca69c222a8985887925b15e":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cd4414ffd24e830e2dc49727efa592e430a6a75391cf111":"":"a08e32ad7d63f975de314ad2c0fa13fc":"20a271f1f4c6bea8f1584ab39a7179ec448650e2ff67a7338d1bc9fab7f73b2ce5222cd07ded947d135d9d0670dc368f0a4b50ece85cbf641877f9fe0ac6a7e6afb32fdb1b3cd35360bb80cfffc34cfb94dbcbee9ca5be98a0ca846394a135860fba57c6f0125dcb9fb8b61be681ada31a997638ee172525c03dd13171534a91":112:"c68842cafc50070799f7c8acd62a":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cd4414ffd24e830e2dc49727efa592e430a6a75391cf111":"":"a08e32ad7d63f975de314ad2c0fa13fc":"20a271f1f4c6bea8f1584ab39a7179ec448650e2ff67a7338d1bc9fab7f73b2ce5222cd07ded947d135d9d0670dc368f0a4b50ece85cbf641877f9fe0ac6a7e6afb32fdb1b3cd35360bb80cfffc34cfb94dbcbee9ca5be98a0ca846394a135860fba57c6f0125dcb9fb8b61be681ada31a997638ee172525c03dd13171534a91":112:"c68842cafc50070799f7c8acd62a":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9e0ef9ed5e6f00a721a9893e1f0d9079c5aa667a4cdd2a52":"":"5f015fd556e87ff0d0df586fb452306d":"b82986135e49e03f6f8f3ce4048ded2e63ee0c31ddc84929e022ee8561159179b3bb4403ebdafdf6beae51ac5bf4abed4dbc251433417ece3228b260eca5134e5390cba49a0b6fcbbbabb085378374e4e671d9ba265298e9864bfce256884247c36f9bddceb79b6a3e700cb3dd40088ba7bb6ab6aa11b6be261a7e5348f4a7d1":104:"ec9a79a88a164e1a6253d8312e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9e0ef9ed5e6f00a721a9893e1f0d9079c5aa667a4cdd2a52":"":"5f015fd556e87ff0d0df586fb452306d":"b82986135e49e03f6f8f3ce4048ded2e63ee0c31ddc84929e022ee8561159179b3bb4403ebdafdf6beae51ac5bf4abed4dbc251433417ece3228b260eca5134e5390cba49a0b6fcbbbabb085378374e4e671d9ba265298e9864bfce256884247c36f9bddceb79b6a3e700cb3dd40088ba7bb6ab6aa11b6be261a7e5348f4a7d1":104:"ec9a79a88a164e1a6253d8312e":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bc8f15d98e089d60d4db00808700053f78b33c31652c3e4":"":"5cc0ff9bb7d5b9b2aa06f6ecf669d5bb":"24ac95a6ed2f78853f9ab20f53de47e7f662f72aea454141e2131aace7ed2daeb395bbccdbf004e23ce04ad85909f30151b6526c1ce7934726f99997bbab27055b379e5e43b80ad546e2d1655d1adad4cbe51282643bb4df086deb1b48c1bd3ac3b53c4a406be2687174028ecf7e7976e5c7a11c9a3827813ade32baef9f15ec":104:"9779b7c3ece6c23d5813e243ec":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bc8f15d98e089d60d4db00808700053f78b33c31652c3e4":"":"5cc0ff9bb7d5b9b2aa06f6ecf669d5bb":"24ac95a6ed2f78853f9ab20f53de47e7f662f72aea454141e2131aace7ed2daeb395bbccdbf004e23ce04ad85909f30151b6526c1ce7934726f99997bbab27055b379e5e43b80ad546e2d1655d1adad4cbe51282643bb4df086deb1b48c1bd3ac3b53c4a406be2687174028ecf7e7976e5c7a11c9a3827813ade32baef9f15ec":104:"9779b7c3ece6c23d5813e243ec":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"19afc43a4481f796d77561f80b5b2e1514c96c5d1d86e64c":"":"d4c06595fefd4a81bbbd4b40c2e1989d":"98fcca51352998d0126b5539e3fb9a238ac31c05954fc206d381909aee70983b6ab99d3f3efe8530a1c3cfe3b62756321b1d0771a5940055eba1e71fa64f29291aa5e5b0af0fcc8e6f5a02688d9e93417225eded791a35217822ffb346d3fa2809b65abe729448316be30cf661137d3c0e49846cb0df598d90eda545afb64a5e":104:"ca82448429106009094c21d70b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"19afc43a4481f796d77561f80b5b2e1514c96c5d1d86e64c":"":"d4c06595fefd4a81bbbd4b40c2e1989d":"98fcca51352998d0126b5539e3fb9a238ac31c05954fc206d381909aee70983b6ab99d3f3efe8530a1c3cfe3b62756321b1d0771a5940055eba1e71fa64f29291aa5e5b0af0fcc8e6f5a02688d9e93417225eded791a35217822ffb346d3fa2809b65abe729448316be30cf661137d3c0e49846cb0df598d90eda545afb64a5e":104:"ca82448429106009094c21d70b":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b4fc31dcfef6203fdb296cc928c13b7df56bfe6f32583057":"":"6308a78dc8f3c90442dc52196649c38e":"2567d80c253b080c0158102558551445d8ce4d5ddee2014a2be5cbad62e1717a0fd4d2059447c3151192951eb11a4a7b19a952f6ba261c87f10f4c9032028de3cc5a2a573a4e993a690fc8954daa3ec92743e7343e75b646c4fa9cbc3fceb4f5d59bb439c23754c4d9666fbc16c90c0cac91679b6ad1bfe5dcf6bd1a8a67c6b5":96:"9d1603799e2485a03e7b05a0":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b4fc31dcfef6203fdb296cc928c13b7df56bfe6f32583057":"":"6308a78dc8f3c90442dc52196649c38e":"2567d80c253b080c0158102558551445d8ce4d5ddee2014a2be5cbad62e1717a0fd4d2059447c3151192951eb11a4a7b19a952f6ba261c87f10f4c9032028de3cc5a2a573a4e993a690fc8954daa3ec92743e7343e75b646c4fa9cbc3fceb4f5d59bb439c23754c4d9666fbc16c90c0cac91679b6ad1bfe5dcf6bd1a8a67c6b5":96:"9d1603799e2485a03e7b05a0":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1c2d9412486c381440213e1588b6bb58b0da53300b9d3089":"":"727ed8846daab874d5a9918b47d016f4":"656430f0c1423018b5e2efbb1e32a5385c1a9a1779c4dbd585dea91edc39ea8752ebfc2d8064251a8a5ae71e1845f24a7e42c6371c2ecb31e2229d5f4923bffc21d4804575a84836f3cf90ec6047bb360b558a41a975ece111b5284dfa2441705a6df54fc66ca6cc1af9163ecc46902fac337d5f67f563fde8e8e7e64b8588b7":96:"05ee6ce13711535864674a5b":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1c2d9412486c381440213e1588b6bb58b0da53300b9d3089":"":"727ed8846daab874d5a9918b47d016f4":"656430f0c1423018b5e2efbb1e32a5385c1a9a1779c4dbd585dea91edc39ea8752ebfc2d8064251a8a5ae71e1845f24a7e42c6371c2ecb31e2229d5f4923bffc21d4804575a84836f3cf90ec6047bb360b558a41a975ece111b5284dfa2441705a6df54fc66ca6cc1af9163ecc46902fac337d5f67f563fde8e8e7e64b8588b7":96:"05ee6ce13711535864674a5b":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"abf7a97569427225a4bd5143c716a22e62f84c145bb51511":"":"e255088cdfe8ae5c9fea86d74d2f1b7d":"b850993300f54d078f83ceb9aef7345bbf758f92365b6625c210f61dad4f2a2319f51d883a383a706392d3dfca1706eba585a6fac8bd4294c0bb2cb3f6b454d5c97819e8e5c926754840261b07ec4ef1f87cf281d75c187839689944230306e1903047915e086043990745864819ad713d34a244aa4e9d755fdb137105d7eed8":96:"0c9c17388d0610f99d0a093f":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"abf7a97569427225a4bd5143c716a22e62f84c145bb51511":"":"e255088cdfe8ae5c9fea86d74d2f1b7d":"b850993300f54d078f83ceb9aef7345bbf758f92365b6625c210f61dad4f2a2319f51d883a383a706392d3dfca1706eba585a6fac8bd4294c0bb2cb3f6b454d5c97819e8e5c926754840261b07ec4ef1f87cf281d75c187839689944230306e1903047915e086043990745864819ad713d34a244aa4e9d755fdb137105d7eed8":96:"0c9c17388d0610f99d0a093f":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"45a6df655e88bc880acff41520aafd0cc8aa8aeb8952fd06":"":"1125e1de94970c9e7be70e58e7626ef4":"fe9838a445b8edef19b3e9f33c8c0c265b3a12c97b8ec57ceb94f65ae5227177de38f1e338dccb2b24e5bd0f0eb8127f83eba0f1ddfa55198789df0cdd1d977fcb985ad9c7d51b96e749d2cf3cc7a1ec4dfcbc641a1a022d55def328e081af890a7e699f2dbafdf506389e045aa1219239d5868ba675a3925602b6fb6f6e6d37":64:"1c3bd1e0d4918e36":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"45a6df655e88bc880acff41520aafd0cc8aa8aeb8952fd06":"":"1125e1de94970c9e7be70e58e7626ef4":"fe9838a445b8edef19b3e9f33c8c0c265b3a12c97b8ec57ceb94f65ae5227177de38f1e338dccb2b24e5bd0f0eb8127f83eba0f1ddfa55198789df0cdd1d977fcb985ad9c7d51b96e749d2cf3cc7a1ec4dfcbc641a1a022d55def328e081af890a7e699f2dbafdf506389e045aa1219239d5868ba675a3925602b6fb6f6e6d37":64:"1c3bd1e0d4918e36":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"279f4f2ab4b70778fdb9ca7800cd20e323601d7aa2c75366":"":"0f7b402560735cf03d5da58de5b6c685":"7dd9a8c848bbcf5127161c8a419a436a0dad559f7c1613cdf41594e177016acb1ccf44be852185c42e7120902a42efe83855995ab52cf5c190d499fcfd698c671fd72949dc3ea7ddb874e586a3aa455a021cec7b5f8608462ca66f926aba76e60a5846d4eb204155cd3c1328da51ba35c3007b8bb394f34e3a8b81ddd2ea1115":64:"dab612351f75e2cb":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"279f4f2ab4b70778fdb9ca7800cd20e323601d7aa2c75366":"":"0f7b402560735cf03d5da58de5b6c685":"7dd9a8c848bbcf5127161c8a419a436a0dad559f7c1613cdf41594e177016acb1ccf44be852185c42e7120902a42efe83855995ab52cf5c190d499fcfd698c671fd72949dc3ea7ddb874e586a3aa455a021cec7b5f8608462ca66f926aba76e60a5846d4eb204155cd3c1328da51ba35c3007b8bb394f34e3a8b81ddd2ea1115":64:"dab612351f75e2cb":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6716ab937755684af7403e6fba5452c1b11568a9047bb50f":"":"2fd5a446dd564619ef75b6e00905ffe0":"20d261d3192996c21da69e979c26f5f937e6ea4cb7b05c6ef556ce4d86ca0fe85ec2425d274c43b5212fe9d27bb48b04e887461a9f45f524059b87eaea2e287a8d4537f338b0212012a9d4b6610e8c97dd554e0b3c3133e05c14d0ddab3524c93fd527e223b1996b4cff0a4a7438f1d54890bf573cd803941b69e5fc6212c5d2":64:"f1d743b7e1b73af5":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6716ab937755684af7403e6fba5452c1b11568a9047bb50f":"":"2fd5a446dd564619ef75b6e00905ffe0":"20d261d3192996c21da69e979c26f5f937e6ea4cb7b05c6ef556ce4d86ca0fe85ec2425d274c43b5212fe9d27bb48b04e887461a9f45f524059b87eaea2e287a8d4537f338b0212012a9d4b6610e8c97dd554e0b3c3133e05c14d0ddab3524c93fd527e223b1996b4cff0a4a7438f1d54890bf573cd803941b69e5fc6212c5d2":64:"f1d743b7e1b73af5":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7dc94b5bbd6315ad8d2b67f0c683d10cf456f822a3ebb024":"":"6f3eedeb57dcf12bfb3cd80849893c90":"ee1ff367f4b23c156e3dccff84ae4bf2b8ecec1fb5ffd25ccaa93b6c6834389bd79655bd4bac75238eb0f65d3603ecc57c8774798309e85b6677e78ed2077b712cf28795d0dc8fee994f97373a82338ef67c62378136a79a990ecbcd6367445e805efa98f9168826e57cb8dd7e7b1d5c89ad98358646fa56dd2a71c40e0275a1":32:"4dc74971":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7dc94b5bbd6315ad8d2b67f0c683d10cf456f822a3ebb024":"":"6f3eedeb57dcf12bfb3cd80849893c90":"ee1ff367f4b23c156e3dccff84ae4bf2b8ecec1fb5ffd25ccaa93b6c6834389bd79655bd4bac75238eb0f65d3603ecc57c8774798309e85b6677e78ed2077b712cf28795d0dc8fee994f97373a82338ef67c62378136a79a990ecbcd6367445e805efa98f9168826e57cb8dd7e7b1d5c89ad98358646fa56dd2a71c40e0275a1":32:"4dc74971":"":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3bbe223e253bf272599e28af6861013ecd0c88710947ed41":"":"4fbf09ffaffb600f0de38fb12315cab5":"5388146f6479f7b3b280f45655a95b847ee27c734fb2fd91f6c009b1ab1810c772c7435d3221069f9490d251b76e740147906ac1db1c209c175b21aa10881c44fb307d4d2900aa3b1d56fb0edb9f2a58505653a17fee350e12755b9656bc65c78c1593d5cb7178e29f82209caf53e60fddf725f6957cc9718bf410c4a0229ed4":32:"fb845ab7":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3bbe223e253bf272599e28af6861013ecd0c88710947ed41":"":"4fbf09ffaffb600f0de38fb12315cab5":"5388146f6479f7b3b280f45655a95b847ee27c734fb2fd91f6c009b1ab1810c772c7435d3221069f9490d251b76e740147906ac1db1c209c175b21aa10881c44fb307d4d2900aa3b1d56fb0edb9f2a58505653a17fee350e12755b9656bc65c78c1593d5cb7178e29f82209caf53e60fddf725f6957cc9718bf410c4a0229ed4":32:"fb845ab7":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,0,1024,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"461877813acfe6e9979eab729b52e3d192b3236758bb6563":"":"6985cf77b75a47a3978dd6412d59200b":"385551854a89ab37063ba0ed911501b3d632153c5c2992e154c0a334bc36620476f11495437b842409e0954f7352cbf288d158bdbbaf72621ea2ce75b708bc276f796c5aa7fd0071e522c5f175a9e7787deef79f6362101aa3607b4588f2e1df7127f617c6073593a1c792b959e201e4a7a43ea8b1c3af026376439ef629266c":32:"c840d994":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"461877813acfe6e9979eab729b52e3d192b3236758bb6563":"":"6985cf77b75a47a3978dd6412d59200b":"385551854a89ab37063ba0ed911501b3d632153c5c2992e154c0a334bc36620476f11495437b842409e0954f7352cbf288d158bdbbaf72621ea2ce75b708bc276f796c5aa7fd0071e522c5f175a9e7787deef79f6362101aa3607b4588f2e1df7127f617c6073593a1c792b959e201e4a7a43ea8b1c3af026376439ef629266c":32:"c840d994":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"09770f9114120a2c1c3cc416fe0eb8699e07141158a5bdff":"875e2e5b5c02e0a33e71b678aa29c15ce18ec259cf4b41874893ed3112daa56ff2a7475681b8b3d9028ef184d30658e881c908f3588f69899962074db4ddfc0597f8debb66c8388a1bccf0ffe2cf9f078dc1c93f8191f920754442ad4a325985c62de1a57a25de4e9ed5c2fd0f2c8af33f3b140bac12bf60fdb33e0ec557955b":"cff291d2364fc06a3a89e867b0e67e56":"":128:"81f1eb568d0af29680518df7378ba3e8":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"09770f9114120a2c1c3cc416fe0eb8699e07141158a5bdff":"875e2e5b5c02e0a33e71b678aa29c15ce18ec259cf4b41874893ed3112daa56ff2a7475681b8b3d9028ef184d30658e881c908f3588f69899962074db4ddfc0597f8debb66c8388a1bccf0ffe2cf9f078dc1c93f8191f920754442ad4a325985c62de1a57a25de4e9ed5c2fd0f2c8af33f3b140bac12bf60fdb33e0ec557955b":"cff291d2364fc06a3a89e867b0e67e56":"":128:"81f1eb568d0af29680518df7378ba3e8":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4fbf1c785c087ad06b43d4163cf9b9396deffd3712856379":"96a690e5319c94d94923988025307e543f16fd970aec24524cf9808dc62b093359287251503f4231bf52cd1a16a80bfa82d8f585d96855dc1932f4919a92da2618d6448fc18a234f9acb386ab4ab4a9e38ea341e7c54faceff38c162d74e7fabbca13aadb71e9c8ae6072e7bef4073cf08aa7faaa6d639f98d15bad4ed183ced":"1c8f41424acaf009996ceaa815b24ad4":"":128:"9f3c0349c5a4a740a82d6d63bf00fb17":"6100b091e52366fb422251d9b68974b6c666a62a8bb77a1ffd7c7d1ae586a6ee763b84dc11aace02a25af91d194b70b3265ec46872fded54275b7ddb26ee1f20c857328f46a694fb1dce68bcaecbd587ece5b505d658d57d50333e30b639eea1f6537b37c175f62497c6c84e3cfddae214285d2d68d90dd5cd8ce2273d25c8ca":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4fbf1c785c087ad06b43d4163cf9b9396deffd3712856379":"96a690e5319c94d94923988025307e543f16fd970aec24524cf9808dc62b093359287251503f4231bf52cd1a16a80bfa82d8f585d96855dc1932f4919a92da2618d6448fc18a234f9acb386ab4ab4a9e38ea341e7c54faceff38c162d74e7fabbca13aadb71e9c8ae6072e7bef4073cf08aa7faaa6d639f98d15bad4ed183ced":"1c8f41424acaf009996ceaa815b24ad4":"":128:"9f3c0349c5a4a740a82d6d63bf00fb17":"":"6100b091e52366fb422251d9b68974b6c666a62a8bb77a1ffd7c7d1ae586a6ee763b84dc11aace02a25af91d194b70b3265ec46872fded54275b7ddb26ee1f20c857328f46a694fb1dce68bcaecbd587ece5b505d658d57d50333e30b639eea1f6537b37c175f62497c6c84e3cfddae214285d2d68d90dd5cd8ce2273d25c8ca":0
AES-GCM NIST Validation (AES-192,128,1024,0,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3e0ce4fb4fe4bb2fdf97b23084ff5671b9b899624184acef":"df89974b1534f0ba262bbea5efe39d8b72820cc8a720cc99520fedbf667515c3f6d8c3e25c72c48c1cff042171df58421741aacb2a49f23167257be7d7004d56b14901b2075eaca85946e9fbf1bbf4ae98227efc62bf255a25dd0402d37c67ba553531c699dd89ff797e7a5b5b9a9aa51e73ca2dacfda0f814152aa8ed8c79f9":"a950ab0dd84115e3829ab0ad3bbb1193":"":128:"25cfde73e7a29115828dfe1617f8b53e":"847b54e176ccc83081cb966efc4b4a3bf7809ce0b4885009f620f61fafcaa78feee91a835ae6c1a942571811108b1e81b4c4ddac46aaff599c14988c9a1fb9f387ab7f1357b581568b7b34e167ac2c8c2b2b8a4df3fd7ad8947a363c1c0cb782ec54b1901e928821cf319669dd77eb37b15c67f13ad787ff74312812731ca3e6":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3e0ce4fb4fe4bb2fdf97b23084ff5671b9b899624184acef":"df89974b1534f0ba262bbea5efe39d8b72820cc8a720cc99520fedbf667515c3f6d8c3e25c72c48c1cff042171df58421741aacb2a49f23167257be7d7004d56b14901b2075eaca85946e9fbf1bbf4ae98227efc62bf255a25dd0402d37c67ba553531c699dd89ff797e7a5b5b9a9aa51e73ca2dacfda0f814152aa8ed8c79f9":"a950ab0dd84115e3829ab0ad3bbb1193":"":128:"25cfde73e7a29115828dfe1617f8b53e":"":"847b54e176ccc83081cb966efc4b4a3bf7809ce0b4885009f620f61fafcaa78feee91a835ae6c1a942571811108b1e81b4c4ddac46aaff599c14988c9a1fb9f387ab7f1357b581568b7b34e167ac2c8c2b2b8a4df3fd7ad8947a363c1c0cb782ec54b1901e928821cf319669dd77eb37b15c67f13ad787ff74312812731ca3e6":0
AES-GCM NIST Validation (AES-192,128,1024,0,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6be3c66b20e5e66ababbfba1b38e5a716eafce23a1767b69":"de1cd978354a499415176f260021abe0a8c5bc34d166f53d20e02e413e1377ce4ef5d7f58337c62251a3b4ddea0dea23c40e5de037fd5dd8a558eb53bffa4e8ce94899afa8284afab503c1a485999a154d23777f9d8a031b7ad5c6d23d6abbe3b775c77876ad50f6bed14ac0b2b88fb19c438e4b7eb03f7d4d3fcca90dd01260":"3a2acf69bba19f5d1d1947af2cfda781":"":120:"f826d212f7c1212fb8a8bf23996826":"fd1f7b56e5664cf4c91e58f7c50f6c5e98e42ca2e4adcc00348cee6f662b382ad4022da54a47d8faeb9b76a24dfc4f493c27fc0bc421a4648fad7b14b0df95d8752013feb033b1fd971daa2c9a5df898bece6a3b8fa078dd130071df20a68cd0f394be25dcbb3e85bdfa0df4797fa6f01f5f0da7a6e86320207ddb5b3be53ae0":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6be3c66b20e5e66ababbfba1b38e5a716eafce23a1767b69":"de1cd978354a499415176f260021abe0a8c5bc34d166f53d20e02e413e1377ce4ef5d7f58337c62251a3b4ddea0dea23c40e5de037fd5dd8a558eb53bffa4e8ce94899afa8284afab503c1a485999a154d23777f9d8a031b7ad5c6d23d6abbe3b775c77876ad50f6bed14ac0b2b88fb19c438e4b7eb03f7d4d3fcca90dd01260":"3a2acf69bba19f5d1d1947af2cfda781":"":120:"f826d212f7c1212fb8a8bf23996826":"":"fd1f7b56e5664cf4c91e58f7c50f6c5e98e42ca2e4adcc00348cee6f662b382ad4022da54a47d8faeb9b76a24dfc4f493c27fc0bc421a4648fad7b14b0df95d8752013feb033b1fd971daa2c9a5df898bece6a3b8fa078dd130071df20a68cd0f394be25dcbb3e85bdfa0df4797fa6f01f5f0da7a6e86320207ddb5b3be53ae0":0
AES-GCM NIST Validation (AES-192,128,1024,0,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d16abb9f5b38d7f5abba9dc36995ce6ce928ed822a07b7c4":"e72f29b1fc1dbfc2d93a0f3b79ea4b9806ce9b2c4d490ac5c0c3c793df9dc7df5471e834b84d18afa5a7516f9a6a813a9b65ae2f083a854730547e28a1f60fe97d8dba1d2d433e11847b9bffd8873ec634e64365530c905dd6f274e45c9795ac127a6f356f63cc6c116c5dd8c628e7e17e1fadc58f8452bf21f53c4133198118":"3cd95429c6de1d327b9eb3c45424a87c":"":120:"13521236f190f78e75c0897c5fb237":"cd8bb97c28df092b6783ef653fd26f2bdc27c442bab0a4c7bee2789f389dcd1b280c0231672721bfbbc939a0449557678ec61ba0afb2e5817e6f7d94387f84ecafbfa1216d65e7f5025f47b0d2905cff7c99adf8306a3d9850c5908be05f87cb1d36a4837dba428aac97d7fbc18e3778f8d81a319259504c87fc94bd0766ed93":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d16abb9f5b38d7f5abba9dc36995ce6ce928ed822a07b7c4":"e72f29b1fc1dbfc2d93a0f3b79ea4b9806ce9b2c4d490ac5c0c3c793df9dc7df5471e834b84d18afa5a7516f9a6a813a9b65ae2f083a854730547e28a1f60fe97d8dba1d2d433e11847b9bffd8873ec634e64365530c905dd6f274e45c9795ac127a6f356f63cc6c116c5dd8c628e7e17e1fadc58f8452bf21f53c4133198118":"3cd95429c6de1d327b9eb3c45424a87c":"":120:"13521236f190f78e75c0897c5fb237":"":"cd8bb97c28df092b6783ef653fd26f2bdc27c442bab0a4c7bee2789f389dcd1b280c0231672721bfbbc939a0449557678ec61ba0afb2e5817e6f7d94387f84ecafbfa1216d65e7f5025f47b0d2905cff7c99adf8306a3d9850c5908be05f87cb1d36a4837dba428aac97d7fbc18e3778f8d81a319259504c87fc94bd0766ed93":0
AES-GCM NIST Validation (AES-192,128,1024,0,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0bc344b1a4078807e5f53a6e7e1e36fa83108473ae2fb4c2":"8bd73f94c71e3765bc7d17fdc90a9ba6aff9648b46300e4048985fbbd7c60c39c3766f7c524780bfc2296dc11e1132134921760a373104edc376eab6e91e9a60a5c4a5972935df12eadae074722bdc0147c3caf6a62fd449ef37d76b65f6d210283c94ac524cf13186e444d80a70b01e4373cc0462546f1caee6b49e738a742c":"bd505fcba464e6e2c58fdf29f5695fb9":"":120:"8510fff71bb879f56ea2fe43f6ff50":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0bc344b1a4078807e5f53a6e7e1e36fa83108473ae2fb4c2":"8bd73f94c71e3765bc7d17fdc90a9ba6aff9648b46300e4048985fbbd7c60c39c3766f7c524780bfc2296dc11e1132134921760a373104edc376eab6e91e9a60a5c4a5972935df12eadae074722bdc0147c3caf6a62fd449ef37d76b65f6d210283c94ac524cf13186e444d80a70b01e4373cc0462546f1caee6b49e738a742c":"bd505fcba464e6e2c58fdf29f5695fb9":"":120:"8510fff71bb879f56ea2fe43f6ff50":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c8097398fc21f93eea6a95aa93a3231096817b65520bc549":"80b0abbaebbd537a0810ed75cd172d29d50f5982e4d01f8664ddb2dfda8f57fa0ed87e64a779a1d7f5e568b6acfdc739572a7176752307b430fb1fa1c3c2c346477cebe7d01b16745ca6c8929a7f446c03ad9a9e8a5a935de78ca6c701e8c1c5e6d2550c42949cf5342fb5ef4c6ab9bb02ace8388b16edf72a1237e5d1d0e820":"776248381941e16908f52d19207881f5":"":112:"7fc4388b2f8eab0f0c2d6a08527e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c8097398fc21f93eea6a95aa93a3231096817b65520bc549":"80b0abbaebbd537a0810ed75cd172d29d50f5982e4d01f8664ddb2dfda8f57fa0ed87e64a779a1d7f5e568b6acfdc739572a7176752307b430fb1fa1c3c2c346477cebe7d01b16745ca6c8929a7f446c03ad9a9e8a5a935de78ca6c701e8c1c5e6d2550c42949cf5342fb5ef4c6ab9bb02ace8388b16edf72a1237e5d1d0e820":"776248381941e16908f52d19207881f5":"":112:"7fc4388b2f8eab0f0c2d6a08527e":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"76d4bb5694faaf344db83bc6d6c47d56bb6ab52700826f2d":"9e31fda6a171f0d4a5f2af2c4f827b1312d9dda5d78fa329b8f1b6373b9b29be358601e5bb0d0c615aef4b9e441c811219f1f2ff2d0ab23e0cd829a88b5b615ee72e5e3ea604fa26cc6438ec4c30e90f7348e9116adf8e8efb7498320d2da16679fa546b1aa9afc7720b074c4e48e06862d41428c9e71a4772c2e195a6f36978":"603977845d82faccb401817ecce6e2fe":"":112:"c955a3bc316841be07e406d289c8":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"76d4bb5694faaf344db83bc6d6c47d56bb6ab52700826f2d":"9e31fda6a171f0d4a5f2af2c4f827b1312d9dda5d78fa329b8f1b6373b9b29be358601e5bb0d0c615aef4b9e441c811219f1f2ff2d0ab23e0cd829a88b5b615ee72e5e3ea604fa26cc6438ec4c30e90f7348e9116adf8e8efb7498320d2da16679fa546b1aa9afc7720b074c4e48e06862d41428c9e71a4772c2e195a6f36978":"603977845d82faccb401817ecce6e2fe":"":112:"c955a3bc316841be07e406d289c8":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a3e5020695587984074d78d9c98b8e1a5719e5f88372740e":"c0bfe3b2dc4dad17ec5a7662d86847fb67e582cc0baf469bc9baa7a075d48a8b97521a1072c2798bfbdae5ca3752eda1cb96fe5cf24af989eb77a2948aae3d8b70d83d93f84c49347f788480f34051621c358c03cf8159a70fc72cb8bc02876234ffe76b181da8b22b8796c87b0904da1af46de519c20d8d1b1dc7cc24e39ba5":"4cd56de54e5140a587be7dfd02d3a39e":"":112:"1a29527a41330259f918d99d7509":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a3e5020695587984074d78d9c98b8e1a5719e5f88372740e":"c0bfe3b2dc4dad17ec5a7662d86847fb67e582cc0baf469bc9baa7a075d48a8b97521a1072c2798bfbdae5ca3752eda1cb96fe5cf24af989eb77a2948aae3d8b70d83d93f84c49347f788480f34051621c358c03cf8159a70fc72cb8bc02876234ffe76b181da8b22b8796c87b0904da1af46de519c20d8d1b1dc7cc24e39ba5":"4cd56de54e5140a587be7dfd02d3a39e":"":112:"1a29527a41330259f918d99d7509":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"afe986ead799727063958e2ce13ca846f76c51605439f839":"7c1b354a5bb214bd95147e32d81e658705089c38035d0ea423eb1a5c82f97443c6903d2cf1ba7a007eec7c8ff98b8f82b073d9636a79bd47c7f2f639a8eb4e92076f9ed615766f43ac3a4f1687301ed7d507766605e0e332880ae740ab72e861a2cb6dce1df1ff8be1873d25845ee7c665e712c5bbe029a1788634bce122836c":"f85a95ed10b69623162ab68d1098de94":"":104:"3cf1cdb4a4fdc48da78a8b4e81":"a7f252ad7983e7083260598051bffd83f40f4d4a8b580cc2388d720a0979dde71549ddcb86b0a62c4964fca591d0982f3a203f2f8884ff4991f17e20f759ea7125ba2bb4d993722f23938994eb2709c850f33ed9889e5a3966f9d7b76add46aedf230e8f417425f9db79ccd46b5660361de7c5d87f71a9d82c491c0c3daaf56c":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"afe986ead799727063958e2ce13ca846f76c51605439f839":"7c1b354a5bb214bd95147e32d81e658705089c38035d0ea423eb1a5c82f97443c6903d2cf1ba7a007eec7c8ff98b8f82b073d9636a79bd47c7f2f639a8eb4e92076f9ed615766f43ac3a4f1687301ed7d507766605e0e332880ae740ab72e861a2cb6dce1df1ff8be1873d25845ee7c665e712c5bbe029a1788634bce122836c":"f85a95ed10b69623162ab68d1098de94":"":104:"3cf1cdb4a4fdc48da78a8b4e81":"":"a7f252ad7983e7083260598051bffd83f40f4d4a8b580cc2388d720a0979dde71549ddcb86b0a62c4964fca591d0982f3a203f2f8884ff4991f17e20f759ea7125ba2bb4d993722f23938994eb2709c850f33ed9889e5a3966f9d7b76add46aedf230e8f417425f9db79ccd46b5660361de7c5d87f71a9d82c491c0c3daaf56c":0
AES-GCM NIST Validation (AES-192,128,1024,0,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2cfaa215841826a977ae6adfdd993346210c49dd04d5d493":"e8eb3b6edd0ca4201b49a6a83036445aba1a1db040f3e74511363bce769760a9914e05a067f555ca15a57c6e02e66fbe4e04dd8c8db8d6d14ebc01cc7d84a20ff0aacb69bb3679d6b7d9d2e07deda7c2d4fe4c584fe1166e78d21dc56b9cdad93709c03b9145b887f87b4f605f24f989d5e0534fc71a58e8a8619ee99f69e5f5":"537a4ee307af3072e745570aaaadce34":"":104:"df01cffbd3978850e07328e6b8":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2cfaa215841826a977ae6adfdd993346210c49dd04d5d493":"e8eb3b6edd0ca4201b49a6a83036445aba1a1db040f3e74511363bce769760a9914e05a067f555ca15a57c6e02e66fbe4e04dd8c8db8d6d14ebc01cc7d84a20ff0aacb69bb3679d6b7d9d2e07deda7c2d4fe4c584fe1166e78d21dc56b9cdad93709c03b9145b887f87b4f605f24f989d5e0534fc71a58e8a8619ee99f69e5f5":"537a4ee307af3072e745570aaaadce34":"":104:"df01cffbd3978850e07328e6b8":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"128ddc83d2170c403a517615056dceec0d19d6fd7632e738":"cfe9f7797ee37bfc4f564419bf2268c964479efa7435970874154432930f3b2736438da4dc9c76200009651340e23044bc9d200a32acfd4df2e1b98b0bae3e9ff9d6e8181d926d2d03f89768edc35b963d341931ac57d2739b270ce254f042b64ceac4b75223b233602c9a4bdc925967b051440c28805d816abe76fc9d593f5a":"5124b410c43d875eca6ce298c45994a7":"":104:"56ad9c1653f11a41fd649cccd8":"cf91f087fd7faf362caacf4a68cff51ec57b3075563e4ad0955df20b366e92bd75c3762cf4a6f0eb859872667a5c55aa5d94f5ac9479b1b9c9345b50f82379d551506a2ab02b0441b14b28b78a12b38500d703a8c19888fe612d4710eec7cd18c16d6a4b55d3c69760e2bed99efc8b551dbe2ac9b9b64715f87180b8e14d1795":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"128ddc83d2170c403a517615056dceec0d19d6fd7632e738":"cfe9f7797ee37bfc4f564419bf2268c964479efa7435970874154432930f3b2736438da4dc9c76200009651340e23044bc9d200a32acfd4df2e1b98b0bae3e9ff9d6e8181d926d2d03f89768edc35b963d341931ac57d2739b270ce254f042b64ceac4b75223b233602c9a4bdc925967b051440c28805d816abe76fc9d593f5a":"5124b410c43d875eca6ce298c45994a7":"":104:"56ad9c1653f11a41fd649cccd8":"":"cf91f087fd7faf362caacf4a68cff51ec57b3075563e4ad0955df20b366e92bd75c3762cf4a6f0eb859872667a5c55aa5d94f5ac9479b1b9c9345b50f82379d551506a2ab02b0441b14b28b78a12b38500d703a8c19888fe612d4710eec7cd18c16d6a4b55d3c69760e2bed99efc8b551dbe2ac9b9b64715f87180b8e14d1795":0
AES-GCM NIST Validation (AES-192,128,1024,0,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"98581c28983c4da321ce0c419cc0d476d539e77da513c894":"bdef5b65b5111b29e781a6b71a0160179c52b5bccb1ac5c0377b26cf3f61432f3ccd67633a836357c24b5099db0510a7f8110f59e8227cacd11f17ea1798b5d4d68902ca6c6eccd319fef14545edd135078b38d43b61c9af269fc72f7a209ba7897e4c6dbd21bb71d7e93d2d2426ffa1557cae28e74059d3baf06ba419a47b39":"ff10234524433b871202c2cca6acb194":"":96:"984943355a7aef15c4fb8033":"808e28bfd441cb8890416a757d252c986daa8d607ac9cadd2f4fd29eddbcf3b859ba298e14a4ccefe2c2752b123f87b98d6708fde48faca4bc7dd818a7ea76cfa4357932e59cb6be0e9283bdfb49454b86b9fd04aa8cdef503c65d13fcff42e9cd8f142f8c06cf7daa6d8ef8b9c9d69c39e8afd980048fecf731fd674b2a814b":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"98581c28983c4da321ce0c419cc0d476d539e77da513c894":"bdef5b65b5111b29e781a6b71a0160179c52b5bccb1ac5c0377b26cf3f61432f3ccd67633a836357c24b5099db0510a7f8110f59e8227cacd11f17ea1798b5d4d68902ca6c6eccd319fef14545edd135078b38d43b61c9af269fc72f7a209ba7897e4c6dbd21bb71d7e93d2d2426ffa1557cae28e74059d3baf06ba419a47b39":"ff10234524433b871202c2cca6acb194":"":96:"984943355a7aef15c4fb8033":"":"808e28bfd441cb8890416a757d252c986daa8d607ac9cadd2f4fd29eddbcf3b859ba298e14a4ccefe2c2752b123f87b98d6708fde48faca4bc7dd818a7ea76cfa4357932e59cb6be0e9283bdfb49454b86b9fd04aa8cdef503c65d13fcff42e9cd8f142f8c06cf7daa6d8ef8b9c9d69c39e8afd980048fecf731fd674b2a814b":0
AES-GCM NIST Validation (AES-192,128,1024,0,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"167b8b6df8014c8f3de912b77f5a0c113580aa42d785298f":"4f787de12ba907a589edf74c8e7a6cdaaabebddd465a86e170e1efc289240298b516fddc43c7fd9bb1c51720a4455db4dd630b59aebaa82bd578eb3cb19f8b23ee6897c1fefaef820430efa6eb7d6ff04de4d8b079605fb520b0d33e96c28f0cd71983c4ce76c0ea62fd7209d21ec7b416881d545824a73d1f9f8d3323fdb90c":"49da91e926091a448d57d521cc90f3c0":"":96:"99198f55f9fa763651bba58e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"167b8b6df8014c8f3de912b77f5a0c113580aa42d785298f":"4f787de12ba907a589edf74c8e7a6cdaaabebddd465a86e170e1efc289240298b516fddc43c7fd9bb1c51720a4455db4dd630b59aebaa82bd578eb3cb19f8b23ee6897c1fefaef820430efa6eb7d6ff04de4d8b079605fb520b0d33e96c28f0cd71983c4ce76c0ea62fd7209d21ec7b416881d545824a73d1f9f8d3323fdb90c":"49da91e926091a448d57d521cc90f3c0":"":96:"99198f55f9fa763651bba58e":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"71f5f8505fba62f08fa0557dd5407fc83a852c6007ccecc8":"3e19ec02365e450e946123a3362f9859352eb52902a6bcb8a782285dfac9d2b282f56302b60d6e9f53fddd16bbf04976cf4eb84ef3b6583e9dc2f805276a7b7340dec7abde4916fb94b0ed9c9af6d4917b27e44d25f3952d0444cd32a4a574e165a23fa8c93229ceb48345171a4f20d610b5be7d9e40dcf7209128f029fed6bf":"b5efb9feae3de41b5ce9aa75583b8d21":"":96:"9604d031fa43dcd0853e641c":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"71f5f8505fba62f08fa0557dd5407fc83a852c6007ccecc8":"3e19ec02365e450e946123a3362f9859352eb52902a6bcb8a782285dfac9d2b282f56302b60d6e9f53fddd16bbf04976cf4eb84ef3b6583e9dc2f805276a7b7340dec7abde4916fb94b0ed9c9af6d4917b27e44d25f3952d0444cd32a4a574e165a23fa8c93229ceb48345171a4f20d610b5be7d9e40dcf7209128f029fed6bf":"b5efb9feae3de41b5ce9aa75583b8d21":"":96:"9604d031fa43dcd0853e641c":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4cdb38f8185a4186fc983e58a776a6454b92ecf0bffefe98":"1ca72c50a093076e9a9dfa09888b9c89eb36a942072fc536a81713f05a2669b39fdb2871b82ca47dcaf18393ca81dcb499aafcc4ed57ea79f8d4f9bd63540610215b2c65481b294638cec41264a7fdca4230df5fe1e7e3d8d26dcd0c435fec8e9bf778f9e6f13482157a9722761601e08425f6160d3bb626ae39ee1117b0353c":"aef257dd44d14d0bc75f9311ef24e85a":"":64:"d951becb0d55f9fb":"2eaa7e922dbd8963e2078aae216636276f3f7cb5d7f35fa759e91bddb6e247a93c388241ba1d0d37040c0b9e447c67d35b4991c1acce97914f3bc22ee50171bc5922299983ee70af79303265bc1ae1e7334202460618b4a8891d1a7eaaac5cac1e4dce024ce662d14849993f89e771fb873644b552120fd346250df39aaaa403":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4cdb38f8185a4186fc983e58a776a6454b92ecf0bffefe98":"1ca72c50a093076e9a9dfa09888b9c89eb36a942072fc536a81713f05a2669b39fdb2871b82ca47dcaf18393ca81dcb499aafcc4ed57ea79f8d4f9bd63540610215b2c65481b294638cec41264a7fdca4230df5fe1e7e3d8d26dcd0c435fec8e9bf778f9e6f13482157a9722761601e08425f6160d3bb626ae39ee1117b0353c":"aef257dd44d14d0bc75f9311ef24e85a":"":64:"d951becb0d55f9fb":"":"2eaa7e922dbd8963e2078aae216636276f3f7cb5d7f35fa759e91bddb6e247a93c388241ba1d0d37040c0b9e447c67d35b4991c1acce97914f3bc22ee50171bc5922299983ee70af79303265bc1ae1e7334202460618b4a8891d1a7eaaac5cac1e4dce024ce662d14849993f89e771fb873644b552120fd346250df39aaaa403":0
AES-GCM NIST Validation (AES-192,128,1024,0,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ee8d3aced3aa3cb2166aa66c4a252c12dc0978830d0bc75b":"ee69b2421d43a9f383d99f9802ba4d6cf1c537b42041c86cce681049bb475e5098d4181f1902b0a49c202bf34ef70ea7b787fa685ab8f824fcc27282146d8158925bfef47ccba89aa81c0565eacb087b46b8706c9f886b7edf863701003051d6fb57e45e61d33412591ec818d016eec7dee4254636615a43dacb4f1e6ec35702":"c15c9c0b0b70c7321df044bfde2b15fb":"":64:"c5c9851a6bf686d0":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ee8d3aced3aa3cb2166aa66c4a252c12dc0978830d0bc75b":"ee69b2421d43a9f383d99f9802ba4d6cf1c537b42041c86cce681049bb475e5098d4181f1902b0a49c202bf34ef70ea7b787fa685ab8f824fcc27282146d8158925bfef47ccba89aa81c0565eacb087b46b8706c9f886b7edf863701003051d6fb57e45e61d33412591ec818d016eec7dee4254636615a43dacb4f1e6ec35702":"c15c9c0b0b70c7321df044bfde2b15fb":"":64:"c5c9851a6bf686d0":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4a8538d609444e3197ab740cd33b66db1cf53600096b94e0":"8c2b8fb775d1b21c41a3dcf48ad6d68ab05be3879f9b94b305a6ce4d799e3a992c1c3a65a3e4eab563edb57424927c90c76e49386e29dd5e7de2800fcc0eefbc8b4f977f71be3754c006ee93dc09b1cfa59c424b6b3987aeb56feefc21004c63e8284b6845e395bc8843cca0917267fb4a8f2db1f7daafe7a9da95083a44de70":"0bd64d222532dae8ab63dc299355bf2a":"":64:"3477cad1fd4098b2":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4a8538d609444e3197ab740cd33b66db1cf53600096b94e0":"8c2b8fb775d1b21c41a3dcf48ad6d68ab05be3879f9b94b305a6ce4d799e3a992c1c3a65a3e4eab563edb57424927c90c76e49386e29dd5e7de2800fcc0eefbc8b4f977f71be3754c006ee93dc09b1cfa59c424b6b3987aeb56feefc21004c63e8284b6845e395bc8843cca0917267fb4a8f2db1f7daafe7a9da95083a44de70":"0bd64d222532dae8ab63dc299355bf2a":"":64:"3477cad1fd4098b2":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,0,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"447f0f065771b6129952e52206a64fe0844658ed685e39cd":"fea5d227869e527882c63a68a6623f4a699df82b3dc715c7260a5554336df8376744c05ae89ec27d40da02d9f1c5e9e29405579fd4132143cb21cdbe3edfaaab62128ecc28018725c8dd309d2376223d2e2edfea9765699b2630ff5d9fe9bec416c0ca6418b938d195d31a08e4034c49d79e3a249edd65f985230b33c444dd02":"37e3a300542d9caf3975c6429cb8a2e8":"":32:"06bfca29":"e1bdd1c212b159b87e41a5f64dcba6b27aa0f5c8871fabfb588df0e06bd7730ec1beb0e3388f96c992a573ff69b34870f83c53fb65b420c1c6f92e2aa6f03917e8203d77c7f5ee08baf9fab12f9d38fc0ffb83807ba781c3dd7b62edca2121f68ef230b42b8adbd4cea072209d02713789ed559b83739a54cfde69e68bdc4128":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"447f0f065771b6129952e52206a64fe0844658ed685e39cd":"fea5d227869e527882c63a68a6623f4a699df82b3dc715c7260a5554336df8376744c05ae89ec27d40da02d9f1c5e9e29405579fd4132143cb21cdbe3edfaaab62128ecc28018725c8dd309d2376223d2e2edfea9765699b2630ff5d9fe9bec416c0ca6418b938d195d31a08e4034c49d79e3a249edd65f985230b33c444dd02":"37e3a300542d9caf3975c6429cb8a2e8":"":32:"06bfca29":"":"e1bdd1c212b159b87e41a5f64dcba6b27aa0f5c8871fabfb588df0e06bd7730ec1beb0e3388f96c992a573ff69b34870f83c53fb65b420c1c6f92e2aa6f03917e8203d77c7f5ee08baf9fab12f9d38fc0ffb83807ba781c3dd7b62edca2121f68ef230b42b8adbd4cea072209d02713789ed559b83739a54cfde69e68bdc4128":0
AES-GCM NIST Validation (AES-192,128,1024,0,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f465e95f6fc19fe6968b98319b547104d0c01c17105f8fc0":"2426f108368a00d2a49670a3b64b4f0569c6da9660163e7b209ec3f8d058ee11f7818a8c5030c5f4ce6e1e5a93faa3e5ae3d0bd5d712fbc891cfeb20845707edcf5e29719a5246a3b024fb12d37bd1b81df3812fd50b1dfb3e948ce546dd165cc77f903c07fe32bc7da7fbc25036679017317ce94cd8a00c1bce7379774f1714":"6cba4efc8d4840aa044a92d03d6b4d69":"":32:"92750ac9":"2e59b104c1a6f6d651000396adbfa009bf4cf8cbf714da8e4d3b4a62bd7f522d614decf090c7552a4b9e8d7ee457ba642d5100c0c81c14cbba8c8ff49b12827f6ebd41504ccb6dfc97cdf8532d1f7f7e603c609efa72d2ae0dce036ec4ab36849a0c06f8737d9710075a1daaed3867ca0a7e22111c0e7afae91f553b6fd66c6e":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f465e95f6fc19fe6968b98319b547104d0c01c17105f8fc0":"2426f108368a00d2a49670a3b64b4f0569c6da9660163e7b209ec3f8d058ee11f7818a8c5030c5f4ce6e1e5a93faa3e5ae3d0bd5d712fbc891cfeb20845707edcf5e29719a5246a3b024fb12d37bd1b81df3812fd50b1dfb3e948ce546dd165cc77f903c07fe32bc7da7fbc25036679017317ce94cd8a00c1bce7379774f1714":"6cba4efc8d4840aa044a92d03d6b4d69":"":32:"92750ac9":"":"2e59b104c1a6f6d651000396adbfa009bf4cf8cbf714da8e4d3b4a62bd7f522d614decf090c7552a4b9e8d7ee457ba642d5100c0c81c14cbba8c8ff49b12827f6ebd41504ccb6dfc97cdf8532d1f7f7e603c609efa72d2ae0dce036ec4ab36849a0c06f8737d9710075a1daaed3867ca0a7e22111c0e7afae91f553b6fd66c6e":0
AES-GCM NIST Validation (AES-192,128,1024,0,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f08e3e9f7b3a20ccdc4d98b56f2b567399a28a6b3908deab":"a986e816f1eafb532c716a555cca1839a1b0523410134ea0426ab309520b339fc1fdeb40478ae76823cee4e03b8d3450e6be92d5ff17b2f78400f0176e6d6a3930bd076a7a3c87c3397dcc0520c6b7b4ff9059ea21e71c91912a74aac2ca70eec422b507cc5c60860bb8baca01eec2a3003970ba84011efe576804b2820e306c":"4f4636d1b283bfa72c82809eb4f12519":"":32:"16c80a62":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f08e3e9f7b3a20ccdc4d98b56f2b567399a28a6b3908deab":"a986e816f1eafb532c716a555cca1839a1b0523410134ea0426ab309520b339fc1fdeb40478ae76823cee4e03b8d3450e6be92d5ff17b2f78400f0176e6d6a3930bd076a7a3c87c3397dcc0520c6b7b4ff9059ea21e71c91912a74aac2ca70eec422b507cc5c60860bb8baca01eec2a3003970ba84011efe576804b2820e306c":"4f4636d1b283bfa72c82809eb4f12519":"":32:"16c80a62":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"87b5372571fb244648053c99405999130f87a7c178052297":"ae078d1554fc6a14447a28c3dd753e790f7ef9b53e35c3e0fe63a7b1b326bc56034847f8a31c2d6358049aae990bfe7575b439db370aa515e225e0ec730488c700a7b0a96a7b8e4e8e4c6afec20decd16fe3c0f3f8d7a6cf7a8711d170829d14c706cceb00e133b8c65c8e08cd984b884662eddd2258ce629abf6b9dd28688c9":"a1cc81b87bd36affe3af50546e361c9e":"684ce23f59632308d7db14f7f6eddaf4d83271fb0c27401b09518a775b36252540f14305f0dae13ff6c0dc565c9e570759e070c8ac73dfb97abd3285689a7cdcfc941f6271be3b418740b42ba4a114421065a785be3dfa944c86af56da8209779e8736e62529c418b507c6d8ae002cbc0431747722afd64521734f99273de455":128:"98177b3428e64bc98631375905c0100f":"8be7df33a86b1162464af738de582a357d0ce8e213bba1b7913c0d13ad759d62c3bf4366f5130b3af2b255b7ad530b4977627f9e76b07e360c079d0f763dabbd22e976b98cd5495c6182f95bc963aad4b719446f49d3a448d11cac5bfcba4b675b8e4d88a389e2580e8f383f95bf85c72e698680d2a2bc993c9ee1ce0d1f1ac3":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"87b5372571fb244648053c99405999130f87a7c178052297":"ae078d1554fc6a14447a28c3dd753e790f7ef9b53e35c3e0fe63a7b1b326bc56034847f8a31c2d6358049aae990bfe7575b439db370aa515e225e0ec730488c700a7b0a96a7b8e4e8e4c6afec20decd16fe3c0f3f8d7a6cf7a8711d170829d14c706cceb00e133b8c65c8e08cd984b884662eddd2258ce629abf6b9dd28688c9":"a1cc81b87bd36affe3af50546e361c9e":"684ce23f59632308d7db14f7f6eddaf4d83271fb0c27401b09518a775b36252540f14305f0dae13ff6c0dc565c9e570759e070c8ac73dfb97abd3285689a7cdcfc941f6271be3b418740b42ba4a114421065a785be3dfa944c86af56da8209779e8736e62529c418b507c6d8ae002cbc0431747722afd64521734f99273de455":128:"98177b3428e64bc98631375905c0100f":"":"8be7df33a86b1162464af738de582a357d0ce8e213bba1b7913c0d13ad759d62c3bf4366f5130b3af2b255b7ad530b4977627f9e76b07e360c079d0f763dabbd22e976b98cd5495c6182f95bc963aad4b719446f49d3a448d11cac5bfcba4b675b8e4d88a389e2580e8f383f95bf85c72e698680d2a2bc993c9ee1ce0d1f1ac3":0
AES-GCM NIST Validation (AES-192,128,1024,1024,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a2d069b826455d5e79e65db4f1d2b6a29ae9f401bc623917":"acd6225dc5b9109d56ea565ab38dd4db432a7ec08f0db04f1c6b691c96d2eaaa6be62da7cc7fd75f931716c7f39705ea7cf828f1a5a325955e9b2c77e7fb2d562be6a89b3351b1b3d1355b43b73ed425049430314c16bf0836ed580e9390a3b8e2a652fddbfa939ca4c3c99765b09db7f30bf2ef88e1aa030e68958722cb0da3":"6d40a0c7813bc0410ff73f19bb5d89c9":"9960376b1898618d98c327c1761959d045488cc6198238bbe72662f276d47b41e8aebc06dbce63da5adcb302a61ade140c72b9cf9f6dfad6ecedd7401c9509fae349d3c7debe35117776227ba167f2b75921d7321d79f4ebca13d20af1638a1567043365f179f4162795fe4fd80b5d832e4ca70e7bf9830bc272b82182f70d2e":128:"010195091d4e1684029e58439039d91e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a2d069b826455d5e79e65db4f1d2b6a29ae9f401bc623917":"acd6225dc5b9109d56ea565ab38dd4db432a7ec08f0db04f1c6b691c96d2eaaa6be62da7cc7fd75f931716c7f39705ea7cf828f1a5a325955e9b2c77e7fb2d562be6a89b3351b1b3d1355b43b73ed425049430314c16bf0836ed580e9390a3b8e2a652fddbfa939ca4c3c99765b09db7f30bf2ef88e1aa030e68958722cb0da3":"6d40a0c7813bc0410ff73f19bb5d89c9":"9960376b1898618d98c327c1761959d045488cc6198238bbe72662f276d47b41e8aebc06dbce63da5adcb302a61ade140c72b9cf9f6dfad6ecedd7401c9509fae349d3c7debe35117776227ba167f2b75921d7321d79f4ebca13d20af1638a1567043365f179f4162795fe4fd80b5d832e4ca70e7bf9830bc272b82182f70d2e":128:"010195091d4e1684029e58439039d91e":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f3252351fe8e7c628c418c1a49709bf1f8e20add82539948":"7e8d2816d280c91d232bad43b6610e2d0532a9f670f221a3a975fb16472c2e83b168115e87a487bcd14b37f075e1faa59c42515c353cdefc728ac617b7d273fa96778e3fb5f7a1132f8e2add4a57015b15d1984338b7862356243d1c5aa628406f4a507498eda12d2f652c55e8e58113ed828783b82505790654f036b610f89a":"eacd2b1c3cf01bf4ea7582d8ee2675d5":"141cb39a2fb8e735e0c97207f1b618a4b98f6b9bf8c44a1c8e9ea575a7759cc2a02301274553e7744408b2c577b4c8c2a00e18f8717fd8a6d2f46a44eeb05d685fbef7edeb4229e7ea9b8e419ffcb504d33583b3ae421c84caeca9f9789047dd7b1810318d3765307233567bc40e003401c9f4e1b07a2a7162889e1a092aedc1":128:"63a310b4f43b421a863fb00fafd7eac4":"699c146927ae29025e5b20088b20af27bc75449e4725ee6b7d5dc60b44ba8a06f7d265330c16060fbd6def244630d056c82676be2dc85d891c63d005804085c93ce88f3f57c2d2c0371c31027d0a4a0031e3f473cb373db63d4ff8f65be9ebe74045de813a4e6c688110d000f6b12406881c08085c9348e1f0315038907e33f7":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f3252351fe8e7c628c418c1a49709bf1f8e20add82539948":"7e8d2816d280c91d232bad43b6610e2d0532a9f670f221a3a975fb16472c2e83b168115e87a487bcd14b37f075e1faa59c42515c353cdefc728ac617b7d273fa96778e3fb5f7a1132f8e2add4a57015b15d1984338b7862356243d1c5aa628406f4a507498eda12d2f652c55e8e58113ed828783b82505790654f036b610f89a":"eacd2b1c3cf01bf4ea7582d8ee2675d5":"141cb39a2fb8e735e0c97207f1b618a4b98f6b9bf8c44a1c8e9ea575a7759cc2a02301274553e7744408b2c577b4c8c2a00e18f8717fd8a6d2f46a44eeb05d685fbef7edeb4229e7ea9b8e419ffcb504d33583b3ae421c84caeca9f9789047dd7b1810318d3765307233567bc40e003401c9f4e1b07a2a7162889e1a092aedc1":128:"63a310b4f43b421a863fb00fafd7eac4":"":"699c146927ae29025e5b20088b20af27bc75449e4725ee6b7d5dc60b44ba8a06f7d265330c16060fbd6def244630d056c82676be2dc85d891c63d005804085c93ce88f3f57c2d2c0371c31027d0a4a0031e3f473cb373db63d4ff8f65be9ebe74045de813a4e6c688110d000f6b12406881c08085c9348e1f0315038907e33f7":0
AES-GCM NIST Validation (AES-192,128,1024,1024,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e462957f2c500bf2d6bfa9af97938fdd8930e360ea4175e7":"82a7a6dd82a5ea3d9a8e9541d854978487eda298b483df02b45c76b8b38bac98ffd969dd160a2765595b19d4ea3e64351ce95764a903f595dd673d13facf5a5594e01be1d60a0c6d28b866a1f93a63a74fecb6d73ac6fb26b20c008b93db53e9dc1d3e3902359fd47734fe22a5c6958f97e9001cc4e8b6484d9542dbbdfcfcdc":"b380584a3f4e0e59add4753c282f2cf7":"682b0af6592eef173e559407e7f56574c069251b92092570cbb7f5a2f05e88bed0af48dcda45b2930b1ee7d5da78dc43ec3598a38593df7c548058eda3c9275c1304489aff95f33a6cd79e724e8d12ca0ae92b20273eb3736efcd50dc49e803ad631dcbf64376a45a687eb4e417aef08a3f5f8230d3f0b266ea732c21ed2eed7":120:"28a43253d8b37795433140641e9ffd":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e462957f2c500bf2d6bfa9af97938fdd8930e360ea4175e7":"82a7a6dd82a5ea3d9a8e9541d854978487eda298b483df02b45c76b8b38bac98ffd969dd160a2765595b19d4ea3e64351ce95764a903f595dd673d13facf5a5594e01be1d60a0c6d28b866a1f93a63a74fecb6d73ac6fb26b20c008b93db53e9dc1d3e3902359fd47734fe22a5c6958f97e9001cc4e8b6484d9542dbbdfcfcdc":"b380584a3f4e0e59add4753c282f2cf7":"682b0af6592eef173e559407e7f56574c069251b92092570cbb7f5a2f05e88bed0af48dcda45b2930b1ee7d5da78dc43ec3598a38593df7c548058eda3c9275c1304489aff95f33a6cd79e724e8d12ca0ae92b20273eb3736efcd50dc49e803ad631dcbf64376a45a687eb4e417aef08a3f5f8230d3f0b266ea732c21ed2eed7":120:"28a43253d8b37795433140641e9ffd":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4a62ddd87f41c6df756e8da0985dcd8c91e73ba395b3d79b":"37a83ee6dbdece212446739ea353cb957b9aa409c88bee042bbc3a6e5199aeb28f2b4b00ff433c0c68d6db5a197566019db8a4c7a792e2839a19a302ee02bee046adce04c1fbbd5b0c457d7cbe277992ce2c153d132269e2d1f12b084cf3026a202b4664bc9d11832e9b99c7cc5035dcfde5991dd41aeb4fbf8bec5126a9f524":"1d1843e2118772d76a0244a2c33c60bd":"028b92727b75b14cb8dfeb7a86a7fec50cd5de46aa4a34645754918b8606819d4bf8a2e7531a05ae5505492ca6cbc8c0e6d6ab2dea23bff1fdf581bb780b4a3312aa39639383fd10bcf92489801954733f16b021c2e84809345216f8f28a99773341e40c4a64305a2098eaa39f26a93bd556c97f02090e1a6c181a4e13e17d3a":120:"ab738073228bdf1e8fd4430b5c7d79":"e702f1bb9a1f395c74fca0ce9cdf29e7332c14acaca45200cd432a5767be38929ef8de43d0e1a5e7300c1eb669ac1ab997b31cb1403af8451e77e63505920af0f8c3abf5a9450ea47371039ba1cf2d65a14fa5f013b7ce1d175859404dcf6461a36e8bc260e7abf739d8951ddf1a3754e2d65e0aa31320a5ffca822023bc0906":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4a62ddd87f41c6df756e8da0985dcd8c91e73ba395b3d79b":"37a83ee6dbdece212446739ea353cb957b9aa409c88bee042bbc3a6e5199aeb28f2b4b00ff433c0c68d6db5a197566019db8a4c7a792e2839a19a302ee02bee046adce04c1fbbd5b0c457d7cbe277992ce2c153d132269e2d1f12b084cf3026a202b4664bc9d11832e9b99c7cc5035dcfde5991dd41aeb4fbf8bec5126a9f524":"1d1843e2118772d76a0244a2c33c60bd":"028b92727b75b14cb8dfeb7a86a7fec50cd5de46aa4a34645754918b8606819d4bf8a2e7531a05ae5505492ca6cbc8c0e6d6ab2dea23bff1fdf581bb780b4a3312aa39639383fd10bcf92489801954733f16b021c2e84809345216f8f28a99773341e40c4a64305a2098eaa39f26a93bd556c97f02090e1a6c181a4e13e17d3a":120:"ab738073228bdf1e8fd4430b5c7d79":"":"e702f1bb9a1f395c74fca0ce9cdf29e7332c14acaca45200cd432a5767be38929ef8de43d0e1a5e7300c1eb669ac1ab997b31cb1403af8451e77e63505920af0f8c3abf5a9450ea47371039ba1cf2d65a14fa5f013b7ce1d175859404dcf6461a36e8bc260e7abf739d8951ddf1a3754e2d65e0aa31320a5ffca822023bc0906":0
AES-GCM NIST Validation (AES-192,128,1024,1024,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fc46976d38a581a7042a94ea4b5bfe3587ddc65d1162d71e":"4b9e858fc8f01903e426112192d4ae4686b1ae4d683b75afb2b8c63590275943d0d6d6a23b6d35796a2f101203acba107474ca6f4ff6dd87d6b77785ad1d160ef2755d84092dc70c86db5e639b689943b15efa646aff44b3f51f5d3f4cf6c8f7fc5adfe7bf2d72f75b93b8ee94ef3fa69ea0fc0bb77b3983901fdcd30bcd36f5":"b5e92563dd0339df00b7ffa2239d21bc":"7b6f6e104acbcd7188161477d8e425ff99add22df4d22de7f28d0a0075ca4ef848f68d07ed22d3165c08e40890ce04d1bd05b1a6ccb2fec8193d5f7dffc93d97a0c036b3748f708b011b68247a0249b9e1a60b652164e5c2fd7210377de804ac010c8aa08a11f40af97e8370a59f936cd14c22ea7a236d904145adc04a241fc0":120:"d4356cb417953b01f7b1110c8aa3eb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fc46976d38a581a7042a94ea4b5bfe3587ddc65d1162d71e":"4b9e858fc8f01903e426112192d4ae4686b1ae4d683b75afb2b8c63590275943d0d6d6a23b6d35796a2f101203acba107474ca6f4ff6dd87d6b77785ad1d160ef2755d84092dc70c86db5e639b689943b15efa646aff44b3f51f5d3f4cf6c8f7fc5adfe7bf2d72f75b93b8ee94ef3fa69ea0fc0bb77b3983901fdcd30bcd36f5":"b5e92563dd0339df00b7ffa2239d21bc":"7b6f6e104acbcd7188161477d8e425ff99add22df4d22de7f28d0a0075ca4ef848f68d07ed22d3165c08e40890ce04d1bd05b1a6ccb2fec8193d5f7dffc93d97a0c036b3748f708b011b68247a0249b9e1a60b652164e5c2fd7210377de804ac010c8aa08a11f40af97e8370a59f936cd14c22ea7a236d904145adc04a241fc0":120:"d4356cb417953b01f7b1110c8aa3eb":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"403e49feadd4db763652ed5c4b1e12680cfe0abc30f4696d":"221c61d769febce3913bfead9a201a805f11005ddcac185cbae00ce749de9c4362889b1b0d9546e91598e0ddedb88b673a90acca65d7e71a85636be052f361839a646dc8b834c02f3e2261d370e6bac9636b7536225b5ea77881200c8a3450d21bfd1e11afb3a470e178ecfe944a25a7cd0254e04a42b67723aac8afffd56fee":"1a60258a56e15f92814b4d372255a80d":"a4ffa9e3c612103224c86515dad4343cbca7a7daf277f5828670834f4d9af67b9a935c71b2130dfbc929c4409bffb7974ffa87523b58890770439c33342880b33319c626bf776c1c0aeb9c2a348a7681572f4ff711d94c192f3450e8b1275f9d02c742a2c9f1da316e9918bf787f22699172986cb9b10fc56d5f6b8392ff92b8":112:"62646fc8bfe38b3ba6d62f9011e3":"5c76c90dea7d659804ad873960906259fbdda3614277ec575d9eec730e747a2e7b9df6716b4c38d3451e319eeecee74d1f4918266fc9239de87080f1ad437b47c6904ed2d5514161ad25e3e237655e00e53fe18d452576580e89b2f1f0f6aa7e40a337fd8c48d690fe013a67264a80e9b5dfd009a9152d559aa02a68f401a09b":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"403e49feadd4db763652ed5c4b1e12680cfe0abc30f4696d":"221c61d769febce3913bfead9a201a805f11005ddcac185cbae00ce749de9c4362889b1b0d9546e91598e0ddedb88b673a90acca65d7e71a85636be052f361839a646dc8b834c02f3e2261d370e6bac9636b7536225b5ea77881200c8a3450d21bfd1e11afb3a470e178ecfe944a25a7cd0254e04a42b67723aac8afffd56fee":"1a60258a56e15f92814b4d372255a80d":"a4ffa9e3c612103224c86515dad4343cbca7a7daf277f5828670834f4d9af67b9a935c71b2130dfbc929c4409bffb7974ffa87523b58890770439c33342880b33319c626bf776c1c0aeb9c2a348a7681572f4ff711d94c192f3450e8b1275f9d02c742a2c9f1da316e9918bf787f22699172986cb9b10fc56d5f6b8392ff92b8":112:"62646fc8bfe38b3ba6d62f9011e3":"":"5c76c90dea7d659804ad873960906259fbdda3614277ec575d9eec730e747a2e7b9df6716b4c38d3451e319eeecee74d1f4918266fc9239de87080f1ad437b47c6904ed2d5514161ad25e3e237655e00e53fe18d452576580e89b2f1f0f6aa7e40a337fd8c48d690fe013a67264a80e9b5dfd009a9152d559aa02a68f401a09b":0
AES-GCM NIST Validation (AES-192,128,1024,1024,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c3471259512d1f03ce44c1ddac186e9a56c1434a6ac567c6":"dd5b98b3b3cf03fb92be579068a885afd984630692eb5f155fa6b49f2b1690b803d34b90e8de3cc39c2e61650ffffb51e7ef36d35ad17dc4d91f336363b0734996b162b509c9954cab3dd959bde7e437e9100d84c44104c61e29dbe12492a0272ce6eea2906d390de7808d337e8c650b3301af04a9ed52ab9ea208f3c7439d6c":"50164c63d466148ab371376d5c2b6b72":"11d1f523888bea1fbc680d34bc9b66957d651efa59e788db3d3f6f50e72184b9d14e9ff9bc05fb687520cf423d681812e007025eedf0e78e7e8191e6b62404e8eb400cf837d762a31aa248553367263d6de091fcf7abedc3e69fc118b7efb0594c89b96c387b7c28ed9a7b75db60b6b5133949b891ff81eca5790a265f12a58c":112:"6c5f38232e8a43871ab72a3419ad":"50438ee712720abf2089331e4c058b30c30c3d17834c507c0010ac3f974a256d01b14a45e9ce5193c5cede41330cf31e1a07a1f5e3ceca515cc971bfda0fbe0b823450efc30563e8ed941b0350f146ec75cd31a2c7e1e469c2dd860c0fd5b286219018d4fbacda164a40d2980aa3a27aa95f8b8e2cd8e2f5f20d79a22c3ff028":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c3471259512d1f03ce44c1ddac186e9a56c1434a6ac567c6":"dd5b98b3b3cf03fb92be579068a885afd984630692eb5f155fa6b49f2b1690b803d34b90e8de3cc39c2e61650ffffb51e7ef36d35ad17dc4d91f336363b0734996b162b509c9954cab3dd959bde7e437e9100d84c44104c61e29dbe12492a0272ce6eea2906d390de7808d337e8c650b3301af04a9ed52ab9ea208f3c7439d6c":"50164c63d466148ab371376d5c2b6b72":"11d1f523888bea1fbc680d34bc9b66957d651efa59e788db3d3f6f50e72184b9d14e9ff9bc05fb687520cf423d681812e007025eedf0e78e7e8191e6b62404e8eb400cf837d762a31aa248553367263d6de091fcf7abedc3e69fc118b7efb0594c89b96c387b7c28ed9a7b75db60b6b5133949b891ff81eca5790a265f12a58c":112:"6c5f38232e8a43871ab72a3419ad":"":"50438ee712720abf2089331e4c058b30c30c3d17834c507c0010ac3f974a256d01b14a45e9ce5193c5cede41330cf31e1a07a1f5e3ceca515cc971bfda0fbe0b823450efc30563e8ed941b0350f146ec75cd31a2c7e1e469c2dd860c0fd5b286219018d4fbacda164a40d2980aa3a27aa95f8b8e2cd8e2f5f20d79a22c3ff028":0
AES-GCM NIST Validation (AES-192,128,1024,1024,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ec326a1e0fe6a99421398df4fc7d8fea67b67e5f5fcd50ad":"6d5016c434a0f4b4a5d9e0b6b8e2d848a94f132f055d2d847e54601a4c9cfc5966a654d696f8a3529a48a90b491ea0d31c08eae8ef364f71f8ec7ae7f7e39bb9c331137b2578362ff165628099944ba8deb0d99ac660d5ed2215b9a7626ff1fa6173cd8dd676c988d16c9cf750a0d793f584c3c8f5fd5d167bc278f4d77a629c":"c94aa4baa840a044dbd5942787a0c951":"f8401c578f20d9c250ea86eb945184e007a0190462c7abddf238ce1ceddcc230756aa222386d8ba66ebbba13de008ced140896ac55bc47c231cc81370ca9feadc225e017d59890e6291cc4cca27db3078c0cd6cbb51afb62210226a76837c5454728cb5ce3afe7352e7fe75421f94986e6b7b26321bbca15c75ac7c13dc15f50":112:"3269922affb9d767f5abe041cc8e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ec326a1e0fe6a99421398df4fc7d8fea67b67e5f5fcd50ad":"6d5016c434a0f4b4a5d9e0b6b8e2d848a94f132f055d2d847e54601a4c9cfc5966a654d696f8a3529a48a90b491ea0d31c08eae8ef364f71f8ec7ae7f7e39bb9c331137b2578362ff165628099944ba8deb0d99ac660d5ed2215b9a7626ff1fa6173cd8dd676c988d16c9cf750a0d793f584c3c8f5fd5d167bc278f4d77a629c":"c94aa4baa840a044dbd5942787a0c951":"f8401c578f20d9c250ea86eb945184e007a0190462c7abddf238ce1ceddcc230756aa222386d8ba66ebbba13de008ced140896ac55bc47c231cc81370ca9feadc225e017d59890e6291cc4cca27db3078c0cd6cbb51afb62210226a76837c5454728cb5ce3afe7352e7fe75421f94986e6b7b26321bbca15c75ac7c13dc15f50":112:"3269922affb9d767f5abe041cc8e":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a7ef81652f604e88a72416924c53979dc73cadd3575eda1c":"9ecd19a8eba9fba843486e1bbfb8d9053c5e04b24e30174d4aa89d8307439d653f8630edddafd51719c744bcb4bce3e444847567bd2cdde2995870d0634cc0ba2bde4b6bc2bc583062fb83874a1c25b50aeb945bd109a151772c077438c4d1caaeb5b0c56390ac23c6d117f3a00fd616306fc2ffc4c1e76f934b30fbbc52eec2":"0cc9ae54c9a85f3e9325c5f3658ab3b2":"d0195b744351aa25a57a99df9573dfa3cebe9850139149b64f7e4af37756a430dda8af98e4ed480e913aa82821c01c1f75b187e105a8f39621757d522c083a8d81d7d8bfe6cf15c439d0692b6affd655a11bcd2457046fae996a1075c66029867b88cd23c503ae04037dd41f27bafd5000d1f516002f9fcc0f2500e8c1b27de0":104:"22c2efeddfd5d9cb528861c4eb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a7ef81652f604e88a72416924c53979dc73cadd3575eda1c":"9ecd19a8eba9fba843486e1bbfb8d9053c5e04b24e30174d4aa89d8307439d653f8630edddafd51719c744bcb4bce3e444847567bd2cdde2995870d0634cc0ba2bde4b6bc2bc583062fb83874a1c25b50aeb945bd109a151772c077438c4d1caaeb5b0c56390ac23c6d117f3a00fd616306fc2ffc4c1e76f934b30fbbc52eec2":"0cc9ae54c9a85f3e9325c5f3658ab3b2":"d0195b744351aa25a57a99df9573dfa3cebe9850139149b64f7e4af37756a430dda8af98e4ed480e913aa82821c01c1f75b187e105a8f39621757d522c083a8d81d7d8bfe6cf15c439d0692b6affd655a11bcd2457046fae996a1075c66029867b88cd23c503ae04037dd41f27bafd5000d1f516002f9fcc0f2500e8c1b27de0":104:"22c2efeddfd5d9cb528861c4eb":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"605271a41e263c92dc14fe9df5203e79d58cc2d1289dc361":"2bda3448a283ecba31e0299c0a9e44628cb2b41fa7b1a41107e107cabc381083bdbe048f2804568fdd5fe016f4d607f694042a459ba03a2deda4cccc8cbe4612d8ed0d4575e48bc9f59843369dbe2af6d048e65ff4250e1eef61d7b1b378fe2f3305b133ddc7e37d95ca6de89a971730fc80da943a767ff137707a8d8a24329c":"7f128092a777fc503adc7f6b85eb2006":"aef9f984fb645e08d5f0aa07a31c114d2f8e9eca047e4a8d5471378cfc2ced1159dc093d174788e58447a854be58942ed9a3fd45f3f4a1af7351e087369a267797c525f134e79709097e733b9003b9be0c569fc70ee3462b815b6410e19954ce2efac121300c06fd9e00542a9c6a5a682fe1010c145acbbb8b82333bdb5ddfd9":104:"673afea592b2ce16bd058469f1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"605271a41e263c92dc14fe9df5203e79d58cc2d1289dc361":"2bda3448a283ecba31e0299c0a9e44628cb2b41fa7b1a41107e107cabc381083bdbe048f2804568fdd5fe016f4d607f694042a459ba03a2deda4cccc8cbe4612d8ed0d4575e48bc9f59843369dbe2af6d048e65ff4250e1eef61d7b1b378fe2f3305b133ddc7e37d95ca6de89a971730fc80da943a767ff137707a8d8a24329c":"7f128092a777fc503adc7f6b85eb2006":"aef9f984fb645e08d5f0aa07a31c114d2f8e9eca047e4a8d5471378cfc2ced1159dc093d174788e58447a854be58942ed9a3fd45f3f4a1af7351e087369a267797c525f134e79709097e733b9003b9be0c569fc70ee3462b815b6410e19954ce2efac121300c06fd9e00542a9c6a5a682fe1010c145acbbb8b82333bdb5ddfd9":104:"673afea592b2ce16bd058469f1":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fa076f36cb678e2275561e9553ebdf397360e5a5e44791c4":"513305e86c0cb046c5d3720b25a406392766bd1fb7de2758de370ff2e68281e211922890c61f3659460f22c45a57895b424441262a3ba0606df4e2701f38281fd3436a4d0e0f8efecd231808a9ea063dfb725015a91f27cadfe7909a0ee109eac391ac807afed1767ae0515b9c1b51ae9a48b38fe7fec7fe0ddee562c945e5ae":"1ecd53d94fe287047ff184e8b9b71a26":"5ff25f7bac5f76f533f9edffdfd2b2991d7fc4cd5a0452a1031da6094cd498297fb2a05ae8db71cb3451e4ac33a01172619035a9621d2d54f812ef5343e14b9dedc93838e4cf30e223d215b4d2476ea961a17ac7295069f25b2a12d6e2efe76d91f45632c6d4e61ff19a95d5ae36af960d95050ce98b5791df0b7e322411c884":104:"079e8db9c3e6eddb0335b1cf64":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fa076f36cb678e2275561e9553ebdf397360e5a5e44791c4":"513305e86c0cb046c5d3720b25a406392766bd1fb7de2758de370ff2e68281e211922890c61f3659460f22c45a57895b424441262a3ba0606df4e2701f38281fd3436a4d0e0f8efecd231808a9ea063dfb725015a91f27cadfe7909a0ee109eac391ac807afed1767ae0515b9c1b51ae9a48b38fe7fec7fe0ddee562c945e5ae":"1ecd53d94fe287047ff184e8b9b71a26":"5ff25f7bac5f76f533f9edffdfd2b2991d7fc4cd5a0452a1031da6094cd498297fb2a05ae8db71cb3451e4ac33a01172619035a9621d2d54f812ef5343e14b9dedc93838e4cf30e223d215b4d2476ea961a17ac7295069f25b2a12d6e2efe76d91f45632c6d4e61ff19a95d5ae36af960d95050ce98b5791df0b7e322411c884":104:"079e8db9c3e6eddb0335b1cf64":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ce9dafa0e7e53a8766fc0bc38fba807d04e14e5ed61bc234":"b585b8bf634757dac015f2f69f2ae674372a664f2115ad2d03bd3e0c335306b02d0947d3cda5991f5c0c25f12ead2c3cc2d65d575fd67091c70bc93ddb4b1e21f7b0fc6e6ae652dea93a6564ff13489f927942e64dd94bf8f821c7ffdef16df58bd8306a957821ac256da6f19c9d96e48eee87f88acb83bae05d693b70b9337b":"fd0751af49814ee98b2b0cdf730adaa6":"1cba488a0fc8a012f9a336cc7b01cbcc504178eeb08237dbedbc6c7ac68fdf3a6742751a207e43d43068abf6ef4e12a5e3c17e5a2f9398fc04ced67377cbb858fd6020fad675a880adb249e4aba94b96efa515d1cdf5c0c3071a27a3245968867ea94b2bfc2028a67be34c84c3f475944497aa8ca1ab009f8e4b11c8308c1996":96:"e5dc92f4ad4000e9b62fb637":"95f4324b0656bef19eca5570548fc6a7a9923f4e2a7e42066891bc132fd73bc1c9089755d996756de0072824e69c43f2db8ba2bf6f90d3c4eafc0721ceaccce1af896f9fb15fb19c4746979b6d945f593fad61d550f81d12b5945ed728c02931d7f8d917285c22a3af748d75a6bf163fddd84b941d8564c1a63192c816ad6d6d":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ce9dafa0e7e53a8766fc0bc38fba807d04e14e5ed61bc234":"b585b8bf634757dac015f2f69f2ae674372a664f2115ad2d03bd3e0c335306b02d0947d3cda5991f5c0c25f12ead2c3cc2d65d575fd67091c70bc93ddb4b1e21f7b0fc6e6ae652dea93a6564ff13489f927942e64dd94bf8f821c7ffdef16df58bd8306a957821ac256da6f19c9d96e48eee87f88acb83bae05d693b70b9337b":"fd0751af49814ee98b2b0cdf730adaa6":"1cba488a0fc8a012f9a336cc7b01cbcc504178eeb08237dbedbc6c7ac68fdf3a6742751a207e43d43068abf6ef4e12a5e3c17e5a2f9398fc04ced67377cbb858fd6020fad675a880adb249e4aba94b96efa515d1cdf5c0c3071a27a3245968867ea94b2bfc2028a67be34c84c3f475944497aa8ca1ab009f8e4b11c8308c1996":96:"e5dc92f4ad4000e9b62fb637":"":"95f4324b0656bef19eca5570548fc6a7a9923f4e2a7e42066891bc132fd73bc1c9089755d996756de0072824e69c43f2db8ba2bf6f90d3c4eafc0721ceaccce1af896f9fb15fb19c4746979b6d945f593fad61d550f81d12b5945ed728c02931d7f8d917285c22a3af748d75a6bf163fddd84b941d8564c1a63192c816ad6d6d":0
AES-GCM NIST Validation (AES-192,128,1024,1024,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8a328554fed68dc4838fbc89fd162c99ec105b36651abbc9":"75986f56972c045c850ed68aeb229f203b228fdfc36cad6b16d9bd12037c48700d20d8062a983ffeca76b8d36a67ef51bc8853706e83a34e4e23ff4f4a4eb943f19dbe85e454043d7906be6587a85079f9ccd27962d2905117d2dbeaf725d6ffe87bef52b2138da153ef29b18065b3342b3f9d07837d57b8bc5f2597de06c54f":"e4f7c69a1d026eeebfc45e77bd7b3538":"e349dcedb0bfcc771c820f0d510b80cef32ae3326484e25aa183015941e7844bc46f617d5e61fd64fa71759e90fcb72ae220bcd507f0fb389b689dd3fa29b3b937eded85f26ada9e0f3f5109f82fef47c7eba7313049750ad17969e7550c0d4093ed18ee27843d082bcee8bf3fc7833d569b7723998595a5a1d871089fd238da":96:"8e8320912fff628f47e92430":"a1ed65cfc7e1aeccd0531bce1dc749c7aa84451ec0f29856f12f22c4105888c7d62e2e2fc8ad7a62748610b16e57490f061ad063c88800037d7244ee59e109d445205280473390336d7b6089f3a78218447b1b2398c4d0b3aac8b57a35891ad60dc1b69ad75e2e86248ceac7bb4cf3caade4a896e5ee8c76893ef990f6f65266":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8a328554fed68dc4838fbc89fd162c99ec105b36651abbc9":"75986f56972c045c850ed68aeb229f203b228fdfc36cad6b16d9bd12037c48700d20d8062a983ffeca76b8d36a67ef51bc8853706e83a34e4e23ff4f4a4eb943f19dbe85e454043d7906be6587a85079f9ccd27962d2905117d2dbeaf725d6ffe87bef52b2138da153ef29b18065b3342b3f9d07837d57b8bc5f2597de06c54f":"e4f7c69a1d026eeebfc45e77bd7b3538":"e349dcedb0bfcc771c820f0d510b80cef32ae3326484e25aa183015941e7844bc46f617d5e61fd64fa71759e90fcb72ae220bcd507f0fb389b689dd3fa29b3b937eded85f26ada9e0f3f5109f82fef47c7eba7313049750ad17969e7550c0d4093ed18ee27843d082bcee8bf3fc7833d569b7723998595a5a1d871089fd238da":96:"8e8320912fff628f47e92430":"":"a1ed65cfc7e1aeccd0531bce1dc749c7aa84451ec0f29856f12f22c4105888c7d62e2e2fc8ad7a62748610b16e57490f061ad063c88800037d7244ee59e109d445205280473390336d7b6089f3a78218447b1b2398c4d0b3aac8b57a35891ad60dc1b69ad75e2e86248ceac7bb4cf3caade4a896e5ee8c76893ef990f6f65266":0
AES-GCM NIST Validation (AES-192,128,1024,1024,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6e7f6feb4022312de5c804ed1d7a37580d74499107f8cc8b":"4f5bbdf575ab8f778549f749f2265e17dc7225713e73ee6d7be163ff7071557dcc2240b0705c079008605f81396414ac64f06b1b637876e04c3fca8d0fa576cef4dd3dc553fd6808eaf120f837f9bb1d9dbbd5cf67ed497167fc7db89d3a84151b81aeab0e921057f121583df5ed7f976b206ece17a913f23485385f64c462a8":"6ce13485ffbc80567b02dd542344d7ef":"c6804a2bd8c34de14fe485c8b7caa2564adaf9fcbb754bd2cc1d88ba9183f13d110c762a3c5d2afc0fbc80aedcb91e45efe43d9320075420ee85ab22505f20e77fa4624b0387346c1bd944e9cd54055b5135c7fc92e85390ecf45a7091136b47e3d68d9076594cfad36c36047538e652178c375a2fe59a246a79784577860189":96:"974bd0c4a8cac1563a0e0ce0":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6e7f6feb4022312de5c804ed1d7a37580d74499107f8cc8b":"4f5bbdf575ab8f778549f749f2265e17dc7225713e73ee6d7be163ff7071557dcc2240b0705c079008605f81396414ac64f06b1b637876e04c3fca8d0fa576cef4dd3dc553fd6808eaf120f837f9bb1d9dbbd5cf67ed497167fc7db89d3a84151b81aeab0e921057f121583df5ed7f976b206ece17a913f23485385f64c462a8":"6ce13485ffbc80567b02dd542344d7ef":"c6804a2bd8c34de14fe485c8b7caa2564adaf9fcbb754bd2cc1d88ba9183f13d110c762a3c5d2afc0fbc80aedcb91e45efe43d9320075420ee85ab22505f20e77fa4624b0387346c1bd944e9cd54055b5135c7fc92e85390ecf45a7091136b47e3d68d9076594cfad36c36047538e652178c375a2fe59a246a79784577860189":96:"974bd0c4a8cac1563a0e0ce0":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"46d6e982feff0e7d04a84384c56739b69626dde500e4b7fb":"a5160fb2d397b55a7eba02df33a042404188f02f4492d46f4edc03fc67723d64f5f7fed3a60728438703c60454a30f473ac918ffc8f98be5c5e9779ee984415e415ce3c71f9acc3f808d215be58535d3144cebe7982b9b527edbe41446161094d6fc74dec2e0a1c644bbc2cf5779a22bd4117a7edb11d13e35e95feeb418d3f0":"71a6d1e022a6bdff6460c674fb0cf048":"67a8455c7d3fbfdba3c5ec5f40e0be935fbb9417e805771832ffad06ba38a61b8377997af1f586dc0fa1e3da0b39facd520db1f0ec2bdf1904a3a897f0b507c901fab30a85de51effa9f7d4703ceeb2ca72abe0bd146ba0bd3ffdee11628310db7d65ea1343b018084ea2414995f86fefb45ba91a9dc2236d92078b4305671b5":64:"84f1efd34ff84e83":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"46d6e982feff0e7d04a84384c56739b69626dde500e4b7fb":"a5160fb2d397b55a7eba02df33a042404188f02f4492d46f4edc03fc67723d64f5f7fed3a60728438703c60454a30f473ac918ffc8f98be5c5e9779ee984415e415ce3c71f9acc3f808d215be58535d3144cebe7982b9b527edbe41446161094d6fc74dec2e0a1c644bbc2cf5779a22bd4117a7edb11d13e35e95feeb418d3f0":"71a6d1e022a6bdff6460c674fb0cf048":"67a8455c7d3fbfdba3c5ec5f40e0be935fbb9417e805771832ffad06ba38a61b8377997af1f586dc0fa1e3da0b39facd520db1f0ec2bdf1904a3a897f0b507c901fab30a85de51effa9f7d4703ceeb2ca72abe0bd146ba0bd3ffdee11628310db7d65ea1343b018084ea2414995f86fefb45ba91a9dc2236d92078b4305671b5":64:"84f1efd34ff84e83":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"991dcaa2e8fdad2b4e6e462a3c06c96067ef5e9fb133496a":"9cd0c27f0c2011c1ab947400d28516c7f46d22a409a18fd35c1babf693b8030dfd7822d9ba03bb8fd56a00f9c7149c056640dde690889d2f23978eeeb28ccc26e2fc251220a3682c963f5580c654c1a6736cccb1b8ed104ec7390021d244bd9f92abde89e39a4b83eff8211c8a6259bd6ac2af1da7dfb8cf1355238056c60381":"978913d2c822ba7cc758041d5ee46759":"5a94dc81af011a8af263318b60215b9752292b194b89f6fc013b0fe8e29133de631d981862f2c131ee34905bd93caffc3b8f91aeb0264b27a509e5c6a41ae781209f8c5895d0d35b3c5e1ae34a1a92a2b979e0e62132051394940ea4d9bfffb8d89ba1e8331b15bdf05c41db83a57745a4a651a757cc8648acdcf850a2f25367":64:"15d456da7645abf2":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"991dcaa2e8fdad2b4e6e462a3c06c96067ef5e9fb133496a":"9cd0c27f0c2011c1ab947400d28516c7f46d22a409a18fd35c1babf693b8030dfd7822d9ba03bb8fd56a00f9c7149c056640dde690889d2f23978eeeb28ccc26e2fc251220a3682c963f5580c654c1a6736cccb1b8ed104ec7390021d244bd9f92abde89e39a4b83eff8211c8a6259bd6ac2af1da7dfb8cf1355238056c60381":"978913d2c822ba7cc758041d5ee46759":"5a94dc81af011a8af263318b60215b9752292b194b89f6fc013b0fe8e29133de631d981862f2c131ee34905bd93caffc3b8f91aeb0264b27a509e5c6a41ae781209f8c5895d0d35b3c5e1ae34a1a92a2b979e0e62132051394940ea4d9bfffb8d89ba1e8331b15bdf05c41db83a57745a4a651a757cc8648acdcf850a2f25367":64:"15d456da7645abf2":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f29cff00781f5916930f125489c87d21f6593324d1506f65":"a3e8595747b7147d471ac4fe38014bf4a409931e3f419ff88ae249ba7a7f51bd0ede371bf153bab4b28020b7a82a8ca30b75f1e3bcfee3c13db813cbc85138ef05874dedb14a6e5b6d06d7589a83bd5e052dc64433a8e24c1188b9470ddb2536d13b4b7bff0c5afcfaa9aa0157c3aae3b1774df2df14f965d6dee4332edba67e":"50db7ee25a9f815c784236f908bfd7f2":"ec1482e18692bcd6894a364c4a6abb9c3b9818bb17e5e1fc9ec0b41702c423f3a60907e94c888fad8e78f51e1f724b39969ba7b11d31b503504b304d5c4b4cbd42634f4ec5080a9fe51c82e121ae191270dd2c307af84c82d892d982413a50ccce33698054f761a3fa93da9a1fca321296b378a50d458ba78e57a70da4676150":64:"a1e19ef2f0d4b9f1":"eea18261a4de31d8619e77005ebbb3998c5dcfac2bc120ae465e29d6b4c46de7e6c044c8b148ffe4eda7629c243df8af4e7ceb512d5751a3ee58defb0690b6f26b51086dedfde38748f6f0bbe6b495f4304373188e5d2dc93461bd51bf720149a7d3aa543623b122b9af0123b2cdc9020136b041a49498ec4aa696c2d3c46d06":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f29cff00781f5916930f125489c87d21f6593324d1506f65":"a3e8595747b7147d471ac4fe38014bf4a409931e3f419ff88ae249ba7a7f51bd0ede371bf153bab4b28020b7a82a8ca30b75f1e3bcfee3c13db813cbc85138ef05874dedb14a6e5b6d06d7589a83bd5e052dc64433a8e24c1188b9470ddb2536d13b4b7bff0c5afcfaa9aa0157c3aae3b1774df2df14f965d6dee4332edba67e":"50db7ee25a9f815c784236f908bfd7f2":"ec1482e18692bcd6894a364c4a6abb9c3b9818bb17e5e1fc9ec0b41702c423f3a60907e94c888fad8e78f51e1f724b39969ba7b11d31b503504b304d5c4b4cbd42634f4ec5080a9fe51c82e121ae191270dd2c307af84c82d892d982413a50ccce33698054f761a3fa93da9a1fca321296b378a50d458ba78e57a70da4676150":64:"a1e19ef2f0d4b9f1":"":"eea18261a4de31d8619e77005ebbb3998c5dcfac2bc120ae465e29d6b4c46de7e6c044c8b148ffe4eda7629c243df8af4e7ceb512d5751a3ee58defb0690b6f26b51086dedfde38748f6f0bbe6b495f4304373188e5d2dc93461bd51bf720149a7d3aa543623b122b9af0123b2cdc9020136b041a49498ec4aa696c2d3c46d06":0
AES-GCM NIST Validation (AES-192,128,1024,1024,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2087e14092dad6df8996715cb1cfca90094f030328080ffd":"6d039513061980fb195bdf2f7c7079ca4b7e0fdd50d948cbfab5ba10b99e3aea27f08abd000c428851de82cacb0d64c146cd9567e9d55b89819876d6a635bd68bcaf47ffa41e02d9ee97f5a2363bfe6131ae7a21ea5130ae953a64d57d6cbfd45260c5f1946388d445ce97d23ab7ba31a5069a4896bc940a71de32bde02bc18d":"d30504afb6f8b6ac444b4a76115d79d1":"d95845d268c8d8f9135d310c39e30f55f83ef7ffee69e6ba1f80d08e92ed473b5ac12cc8f7a872bfc8b325e6b8e374609c90beaf52d975f71caeef5ee4c13de08dce80d358ee1cd091faea209a24e3392adcfe01aeb2b2e1738bc75d4a9b7cd31df7f878141cf278d150f6faa83fb3a2fd1225542a39c900606c602f15c06a4f":32:"5412f25c":"1e81a4c10a3440d0002ddc1bfa42ebb08e504fcc8f0497915c51b6f5f75fee3f0cd3e9c5a81ff6528e0fecd68a36192114f17fa1a4cfe21918dac46e3ba1383c2678c7a6889a980024ee2a21bcf737f7723b5735e1ebe78996f7c7eace2802ebb8284216867d73b53a370a57d5b587d070a96db34b5b4f5afe7f39830498c112":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2087e14092dad6df8996715cb1cfca90094f030328080ffd":"6d039513061980fb195bdf2f7c7079ca4b7e0fdd50d948cbfab5ba10b99e3aea27f08abd000c428851de82cacb0d64c146cd9567e9d55b89819876d6a635bd68bcaf47ffa41e02d9ee97f5a2363bfe6131ae7a21ea5130ae953a64d57d6cbfd45260c5f1946388d445ce97d23ab7ba31a5069a4896bc940a71de32bde02bc18d":"d30504afb6f8b6ac444b4a76115d79d1":"d95845d268c8d8f9135d310c39e30f55f83ef7ffee69e6ba1f80d08e92ed473b5ac12cc8f7a872bfc8b325e6b8e374609c90beaf52d975f71caeef5ee4c13de08dce80d358ee1cd091faea209a24e3392adcfe01aeb2b2e1738bc75d4a9b7cd31df7f878141cf278d150f6faa83fb3a2fd1225542a39c900606c602f15c06a4f":32:"5412f25c":"":"1e81a4c10a3440d0002ddc1bfa42ebb08e504fcc8f0497915c51b6f5f75fee3f0cd3e9c5a81ff6528e0fecd68a36192114f17fa1a4cfe21918dac46e3ba1383c2678c7a6889a980024ee2a21bcf737f7723b5735e1ebe78996f7c7eace2802ebb8284216867d73b53a370a57d5b587d070a96db34b5b4f5afe7f39830498c112":0
AES-GCM NIST Validation (AES-192,128,1024,1024,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3fc76d627c775de2f789279dc7b67979a9f1cc23c8dcabc9":"92a60d38fc687b92d44635aafee416a142d11a025680e5aa42e9ba5aa010462991ad3dd7328ca4a693673410f9bba37f05a551b949ab0d43fc61ef3b8996dd3fc1b325e66eec6cc61ea667500f82a83e699756a139d14be6ca9747ed38cd9b1d9da032ece311331bdcd698666ddc970b8be2b746ec55fe60e65d7ae47c6f853c":"8f6fd53eb97e12dcd4d40f2843e25365":"e56995df73e52606a11de9df6c7bfb0ef93b86bf6766e319aea59372060294b0e1b13c6288c2310a4bef725a2dddb174f3e1228649861757903c4497a0eec9c141454fc75f101439a2150e368857c4f0f6e5161c42c77f632bf1c229a52595cbf16e9018de9a8f6a1e6b8b18bd244f93f001eb2eb315405d223c0d27ece9d4d9":32:"613ba486":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3fc76d627c775de2f789279dc7b67979a9f1cc23c8dcabc9":"92a60d38fc687b92d44635aafee416a142d11a025680e5aa42e9ba5aa010462991ad3dd7328ca4a693673410f9bba37f05a551b949ab0d43fc61ef3b8996dd3fc1b325e66eec6cc61ea667500f82a83e699756a139d14be6ca9747ed38cd9b1d9da032ece311331bdcd698666ddc970b8be2b746ec55fe60e65d7ae47c6f853c":"8f6fd53eb97e12dcd4d40f2843e25365":"e56995df73e52606a11de9df6c7bfb0ef93b86bf6766e319aea59372060294b0e1b13c6288c2310a4bef725a2dddb174f3e1228649861757903c4497a0eec9c141454fc75f101439a2150e368857c4f0f6e5161c42c77f632bf1c229a52595cbf16e9018de9a8f6a1e6b8b18bd244f93f001eb2eb315405d223c0d27ece9d4d9":32:"613ba486":"FAIL":"":0
AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"e3dc64e3c02731fe6e6ec0e899183018da347bf8bd476aa7746d7a7729d83a95f64bb732ba987468d0cede154e28169f7bafa36559200795037ee38279e0e4ca40f9cfa85aa0c8035df9649345c8fdffd1c31528b485dfe443c1923180cc8fae5196d16f822be4ad07e3f1234e1d218e7c8fb37a0e4480dc6717c9c09ff5c45f":"ca362e615024a1fe11286668646cc1de":"237d95d86a5ad46035870f576a1757eded636c7234d5ed0f8039f6f59f1333cc31cb893170d1baa98bd4e79576de920120ead0fdecfb343edbc2fcc556540a91607388a05d43bdb8b55f1327552feed3b620614dfcccb2b342083896cbc81dc9670b761add998913ca813163708a45974e6d7b56dfd0511a72eb879f239d6a6d":32:"28d730ea":"dafde27aa8b3076bfa16ab1d89207d339c4997f8a756cc3eb62c0b023976de808ab640ba4467f2b2ea83d238861229c73387594cd43770386512ea595a70888b4c38863472279e06b923e7cf32438199b3e054ac4bc21baa8df39ddaa207ebb17fa4cad6e83ea58c3a92ec74e6e01b0a8979af145dd31d5df29750bb91b42d45":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"e3dc64e3c02731fe6e6ec0e899183018da347bf8bd476aa7746d7a7729d83a95f64bb732ba987468d0cede154e28169f7bafa36559200795037ee38279e0e4ca40f9cfa85aa0c8035df9649345c8fdffd1c31528b485dfe443c1923180cc8fae5196d16f822be4ad07e3f1234e1d218e7c8fb37a0e4480dc6717c9c09ff5c45f":"ca362e615024a1fe11286668646cc1de":"237d95d86a5ad46035870f576a1757eded636c7234d5ed0f8039f6f59f1333cc31cb893170d1baa98bd4e79576de920120ead0fdecfb343edbc2fcc556540a91607388a05d43bdb8b55f1327552feed3b620614dfcccb2b342083896cbc81dc9670b761add998913ca813163708a45974e6d7b56dfd0511a72eb879f239d6a6d":32:"28d730ea":"":"dafde27aa8b3076bfa16ab1d89207d339c4997f8a756cc3eb62c0b023976de808ab640ba4467f2b2ea83d238861229c73387594cd43770386512ea595a70888b4c38863472279e06b923e7cf32438199b3e054ac4bc21baa8df39ddaa207ebb17fa4cad6e83ea58c3a92ec74e6e01b0a8979af145dd31d5df29750bb91b42d45":0
AES-GCM Bad IV (AES-192,128,0,0,32) #0
depends_on:MBEDTLS_AES_C
diff --git a/tests/suites/test_suite_gcm.aes256_de.data b/tests/suites/test_suite_gcm.aes256_de.data
index 9696a62..d207212 100644
--- a/tests/suites/test_suite_gcm.aes256_de.data
+++ b/tests/suites/test_suite_gcm.aes256_de.data
@@ -1,674 +1,674 @@
AES-GCM NIST Validation (AES-256,128,0,0,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c186654406b2b92c9639a7189d4ab5ab0b9bb87c43005027f3fa832fd3507b1":"":"3a0324d63a70400490c92e7604a3ba97":"":128:"4c61cd2e28a13d78a4e87ea7374dd01a":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c186654406b2b92c9639a7189d4ab5ab0b9bb87c43005027f3fa832fd3507b1":"":"3a0324d63a70400490c92e7604a3ba97":"":128:"4c61cd2e28a13d78a4e87ea7374dd01a":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"747d01d82d7382b4263e7cbf25bd198a8a92faabf8d7367584c7e2fa506e9c5f":"":"7156358b203a44ef173706fdc81900f8":"":128:"9687fb231c4742a74d6bf78c62b8ac53":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"747d01d82d7382b4263e7cbf25bd198a8a92faabf8d7367584c7e2fa506e9c5f":"":"7156358b203a44ef173706fdc81900f8":"":128:"9687fb231c4742a74d6bf78c62b8ac53":"":"":0
AES-GCM NIST Validation (AES-256,128,0,0,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cbe30216136b7eaf223e6a7b46c06625176d9a08182fa806a63d8b143aa768b":"":"4fe6ace582c4e26ce71ee7f756fb7a88":"":128:"d5bdf8ec2896acafb7022708d74646c7":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cbe30216136b7eaf223e6a7b46c06625176d9a08182fa806a63d8b143aa768b":"":"4fe6ace582c4e26ce71ee7f756fb7a88":"":128:"d5bdf8ec2896acafb7022708d74646c7":"":"":0
AES-GCM NIST Validation (AES-256,128,0,0,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f31194c83bb8da979a1eabb3337ceb3d38a663790da74380d8f94142ab8b8797":"":"404efd26b665c97ea75437892cf676b6":"":120:"e491075851eec28c723159cc1b2c76":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f31194c83bb8da979a1eabb3337ceb3d38a663790da74380d8f94142ab8b8797":"":"404efd26b665c97ea75437892cf676b6":"":120:"e491075851eec28c723159cc1b2c76":"":"":0
AES-GCM NIST Validation (AES-256,128,0,0,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"daeed52ae4bf5cbe1ad58ae4ccb3da81fb9c0b6f7619ca21979313ad9d3e83c1":"":"4037eadb11249884b6b38b5525ba2df4":"":120:"360c6ef41cbd9cd4a4e649712d2930":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"daeed52ae4bf5cbe1ad58ae4ccb3da81fb9c0b6f7619ca21979313ad9d3e83c1":"":"4037eadb11249884b6b38b5525ba2df4":"":120:"360c6ef41cbd9cd4a4e649712d2930":"":"":0
AES-GCM NIST Validation (AES-256,128,0,0,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3ad81c34389406a965c60edb3214663ac4a6bd5cfd154ae8d9dc86dae93def64":"":"cebbce06a88852d3bb2978dbe2b5995a":"":120:"bd7ca9f6bd1099cde87c0f0d7cc887":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3ad81c34389406a965c60edb3214663ac4a6bd5cfd154ae8d9dc86dae93def64":"":"cebbce06a88852d3bb2978dbe2b5995a":"":120:"bd7ca9f6bd1099cde87c0f0d7cc887":"":"":0
AES-GCM NIST Validation (AES-256,128,0,0,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4c152ba30aefa5b2a08b0b4d9bf3f16fc208bb0bc4c4eca9411dc262d9276bad":"":"008d040fbd7342464209f330cf56722c":"":112:"c87107585751e666bedae2b1b7e8":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4c152ba30aefa5b2a08b0b4d9bf3f16fc208bb0bc4c4eca9411dc262d9276bad":"":"008d040fbd7342464209f330cf56722c":"":112:"c87107585751e666bedae2b1b7e8":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9aed4ae6b1d857fdcbe5aec6db38440613dcc49f24aa31fba1f300b2585723f1":"":"947c5f0432723f2d7b560eca90842df1":"":112:"7d331fedcea0fd1e9e6a84385467":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9aed4ae6b1d857fdcbe5aec6db38440613dcc49f24aa31fba1f300b2585723f1":"":"947c5f0432723f2d7b560eca90842df1":"":112:"7d331fedcea0fd1e9e6a84385467":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cc80bc031676eff5f34dd076388a5130e985f9e06df4b4bf8490ff9ff20aae73":"":"51f639467083377795111d44f7d16592":"":112:"02d31f29e15f60ae3bee1ad7ea65":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cc80bc031676eff5f34dd076388a5130e985f9e06df4b4bf8490ff9ff20aae73":"":"51f639467083377795111d44f7d16592":"":112:"02d31f29e15f60ae3bee1ad7ea65":"":"":0
AES-GCM NIST Validation (AES-256,128,0,0,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"db7a40213b5b4b07e9900dc28f599403b0579cbce13fcd44dff090062f952686":"":"aea6f8690f865bca9f77a5ff843d2365":"":104:"7f2280776d6cd6802b3c85083c":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"db7a40213b5b4b07e9900dc28f599403b0579cbce13fcd44dff090062f952686":"":"aea6f8690f865bca9f77a5ff843d2365":"":104:"7f2280776d6cd6802b3c85083c":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"299b874eaa8b7baf769f81f4988a41e2708ae928e69a5ba7b893e8e6b2db5c3b":"":"2aa04d85d2c0dc6f5294cb71c0d89ac1":"":104:"ea01723a22838ed65ceb80b1cf":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"299b874eaa8b7baf769f81f4988a41e2708ae928e69a5ba7b893e8e6b2db5c3b":"":"2aa04d85d2c0dc6f5294cb71c0d89ac1":"":104:"ea01723a22838ed65ceb80b1cf":"":"":0
AES-GCM NIST Validation (AES-256,128,0,0,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a6c7b4c8175db4cf23d0593ed8ea949043880fc02e2725f0ab90ae638f9dcfce":"":"ae07f8c7ac82c4f4c086e04a20db12bc":"":104:"1132e4fff06db51ff135ed9ced":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a6c7b4c8175db4cf23d0593ed8ea949043880fc02e2725f0ab90ae638f9dcfce":"":"ae07f8c7ac82c4f4c086e04a20db12bc":"":104:"1132e4fff06db51ff135ed9ced":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b98e1bf76828b65a81005449971fdc8b11be546d31de6616cd73c5813050c326":"":"929b006eb30d69b49a7f52392d7d3f11":"":96:"33940d330f7c019a57b74f2d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b98e1bf76828b65a81005449971fdc8b11be546d31de6616cd73c5813050c326":"":"929b006eb30d69b49a7f52392d7d3f11":"":96:"33940d330f7c019a57b74f2d":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"09ccef64ae761a70fe16772cba462b058a69477c91595de26a5f1bd637c3816f":"":"e34b19381f05693f7606ce043626664d":"":96:"2adc2c45947bfa7faa5c464a":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"09ccef64ae761a70fe16772cba462b058a69477c91595de26a5f1bd637c3816f":"":"e34b19381f05693f7606ce043626664d":"":96:"2adc2c45947bfa7faa5c464a":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"654cf46598e5ad3e243472a459bcd80f1e026a65429352dbd56e73fcc5895d1c":"":"a56f27709e670b85e5917d5c1d5b0cc2":"":96:"177b9a5e6d9731419dd33c5c":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"654cf46598e5ad3e243472a459bcd80f1e026a65429352dbd56e73fcc5895d1c":"":"a56f27709e670b85e5917d5c1d5b0cc2":"":96:"177b9a5e6d9731419dd33c5c":"":"":0
AES-GCM NIST Validation (AES-256,128,0,0,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"84bca1b2768b9202bf194f2d5e5a0a5f51fd8bb725f2bab8a3fccbdb64a4ea70":"":"c45b2708c5bdf65ec6cc66b6dfb3623b":"":64:"fe82300adffd8c17":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"84bca1b2768b9202bf194f2d5e5a0a5f51fd8bb725f2bab8a3fccbdb64a4ea70":"":"c45b2708c5bdf65ec6cc66b6dfb3623b":"":64:"fe82300adffd8c17":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c8ae011795c9a60ad7660a31fe354fa6f7e9c2724d7a126436291680cd95c007":"":"1bd9ea6186450f9cd253ccfed2812b1c":"":64:"35214bbc510430e3":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c8ae011795c9a60ad7660a31fe354fa6f7e9c2724d7a126436291680cd95c007":"":"1bd9ea6186450f9cd253ccfed2812b1c":"":64:"35214bbc510430e3":"":"":0
AES-GCM NIST Validation (AES-256,128,0,0,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"df2f0a8a3849f497d12bda44e12ce30a6957f3febcd5ec9bc134171326ca66d3":"":"728cb9608b67a489a382aa677b1f4f5b":"":64:"e2ef5d9cc5791c01":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"df2f0a8a3849f497d12bda44e12ce30a6957f3febcd5ec9bc134171326ca66d3":"":"728cb9608b67a489a382aa677b1f4f5b":"":64:"e2ef5d9cc5791c01":"":"":0
AES-GCM NIST Validation (AES-256,128,0,0,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"78e8a8ad1ecd17446cf9cd9c56facfd4e10faf5762da0fd0da177f6a9b9c3a71":"":"f169ce6f3ccc58f6434ae2b8ad1a63a1":"":32:"0fe57572":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"78e8a8ad1ecd17446cf9cd9c56facfd4e10faf5762da0fd0da177f6a9b9c3a71":"":"f169ce6f3ccc58f6434ae2b8ad1a63a1":"":32:"0fe57572":"":"":0
AES-GCM NIST Validation (AES-256,128,0,0,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"02ca6d8a862e25db9d68e4404abc107e700135df4157cfb135ce98eaa33151c9":"":"7b722fdd43cff20832812f9baf2d6791":"":32:"72dea6cc":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"02ca6d8a862e25db9d68e4404abc107e700135df4157cfb135ce98eaa33151c9":"":"7b722fdd43cff20832812f9baf2d6791":"":32:"72dea6cc":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a2b709dbcc3a4fb15b3ad541fb008c381b7e985b57df52f07ca7cd26ab1ecc4":"":"729baa4c0ef75ed8aae746376b39fe3c":"":32:"2a0d607c":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a2b709dbcc3a4fb15b3ad541fb008c381b7e985b57df52f07ca7cd26ab1ecc4":"":"729baa4c0ef75ed8aae746376b39fe3c":"":32:"2a0d607c":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"449d39f863e4909984b37f2e5c09ea4d4b3e9fac67bd57c299e4e1d1f084aaa3":"":"d8e9118f331bb5a359f0aa8882861b72":"4ddcae0bc24d622e12bdeaac73e8d1ab7957af051d27dfaafce53aeed4cdd3f989ea25989a2f41cfb3c38dbd841c5560b0b5ab1861b1fbcd236865d13da55b50219462e021f8a21848a64a85326031fcec8fe47a6ef4a435dd2b2fff637644ffcf3914ef2dfa5dd556421bfd297be150b31db039f0f2cc422b282e659e70cceb":128:"c595b9d99414891228c9fa5edb5fcce3":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"449d39f863e4909984b37f2e5c09ea4d4b3e9fac67bd57c299e4e1d1f084aaa3":"":"d8e9118f331bb5a359f0aa8882861b72":"4ddcae0bc24d622e12bdeaac73e8d1ab7957af051d27dfaafce53aeed4cdd3f989ea25989a2f41cfb3c38dbd841c5560b0b5ab1861b1fbcd236865d13da55b50219462e021f8a21848a64a85326031fcec8fe47a6ef4a435dd2b2fff637644ffcf3914ef2dfa5dd556421bfd297be150b31db039f0f2cc422b282e659e70cceb":128:"c595b9d99414891228c9fa5edb5fcce3":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3e70e66813fc48f984dcda4d1c9c24f1d5d1b71ecfc8bb9581782e7cca5a5cc6":"":"d804f1051e72c9b7117002b862eb45ff":"0b1ab2b7a87cebac668c7a532fa8fa56a22cabf0c41fc1e6744ffe07c857c6865d623f508351f98f3f0c577d1eb94300a30a445472218c8ac626b0bee7d4c122d33f8130436a89add341e8ef7e00694afb4ad80d314d87ad3f921c7105eed05431b8151df7cff2c8e3790efd4acd3f60332dc7f34fdd90beef70f9093361d65b":128:"c09c2e3fdfefa222f7345ae4efb978fc":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3e70e66813fc48f984dcda4d1c9c24f1d5d1b71ecfc8bb9581782e7cca5a5cc6":"":"d804f1051e72c9b7117002b862eb45ff":"0b1ab2b7a87cebac668c7a532fa8fa56a22cabf0c41fc1e6744ffe07c857c6865d623f508351f98f3f0c577d1eb94300a30a445472218c8ac626b0bee7d4c122d33f8130436a89add341e8ef7e00694afb4ad80d314d87ad3f921c7105eed05431b8151df7cff2c8e3790efd4acd3f60332dc7f34fdd90beef70f9093361d65b":128:"c09c2e3fdfefa222f7345ae4efb978fc":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8e534041090b45b80f287dc5fa20ebda017ad81b0530e680f62c6280fd8881af":"":"ead675b019ef5c6bbf4985f2a382d6c1":"b1db220052c4bebcef27eed6db0dc91be481179d71160c5a2ddb2fe497a05484840b04cce48980057d770fbbd0d5f3d5c633b55470617ad2cab5767188283310337825c4b0eafe13b5b11293dec230dad43b220885105767938c7ec4600fe063f98aa14bc6afb886fc874c10546749da295f571e696305bd9165486e29f43f52":128:"9aa0cdad5686ca515cd58aed94938ef4":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8e534041090b45b80f287dc5fa20ebda017ad81b0530e680f62c6280fd8881af":"":"ead675b019ef5c6bbf4985f2a382d6c1":"b1db220052c4bebcef27eed6db0dc91be481179d71160c5a2ddb2fe497a05484840b04cce48980057d770fbbd0d5f3d5c633b55470617ad2cab5767188283310337825c4b0eafe13b5b11293dec230dad43b220885105767938c7ec4600fe063f98aa14bc6afb886fc874c10546749da295f571e696305bd9165486e29f43f52":128:"9aa0cdad5686ca515cd58aed94938ef4":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2de18874470c09db683cf45cd752bdfa8bf33e7967220b1a69f41f2a02da1d80":"":"af30eb2d0a0c2a50ea413f3285aa88d4":"22889b868d8ccc9f488406813caed199b23091ddd796c8632f564e7cf5a39dfb725266a931fec958659b6fc5b6b9343b8217edb0acb010afc9416601155262b57bd398d62f555953f0e15958e19ae004fbc9cb25e0269a9eaa38a4635a27bfa719fb249fa49337796bcf5f416bba87fbf3b19f0d8c11290c25ca50bbdc822f01":120:"646bbc9b14681af65b0d1c4c9f1d0d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2de18874470c09db683cf45cd752bdfa8bf33e7967220b1a69f41f2a02da1d80":"":"af30eb2d0a0c2a50ea413f3285aa88d4":"22889b868d8ccc9f488406813caed199b23091ddd796c8632f564e7cf5a39dfb725266a931fec958659b6fc5b6b9343b8217edb0acb010afc9416601155262b57bd398d62f555953f0e15958e19ae004fbc9cb25e0269a9eaa38a4635a27bfa719fb249fa49337796bcf5f416bba87fbf3b19f0d8c11290c25ca50bbdc822f01":120:"646bbc9b14681af65b0d1c4c9f1d0d":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1a1bb9122e762ecd7ff861a1d65e52607d98e7ae5bd1c3a944e443710f3b0599":"":"32f99ea4cbf52c2701c2252e5e6c863d":"91b7a70c3a06c1f7f2ea584acb5dd76177ba07323c94f2e8f7cbe93fc0bb7c389c3c88e16aa53174f0fc373bc778a6ccf91bf61b6e92c2969d3441eb17a0a835d30dcf882472a6d3cb036533b04d79f05ebfaadf221ae1c14af3f02fa41867acfdfa35f81e8a9d11d42b9a63288c759063c0c3040c3e6ee69cf7c75f9c33fea1":120:"a8e29e08623a3efdbbe8b111de30a4":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1a1bb9122e762ecd7ff861a1d65e52607d98e7ae5bd1c3a944e443710f3b0599":"":"32f99ea4cbf52c2701c2252e5e6c863d":"91b7a70c3a06c1f7f2ea584acb5dd76177ba07323c94f2e8f7cbe93fc0bb7c389c3c88e16aa53174f0fc373bc778a6ccf91bf61b6e92c2969d3441eb17a0a835d30dcf882472a6d3cb036533b04d79f05ebfaadf221ae1c14af3f02fa41867acfdfa35f81e8a9d11d42b9a63288c759063c0c3040c3e6ee69cf7c75f9c33fea1":120:"a8e29e08623a3efdbbe8b111de30a4":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3bfad1e8f9850577f9ba3f290e9a5e91b494c2d99534220362e171a7543177ac":"":"8410886b70c57d7ded8596443bd1b157":"ca801c83596795515ea931edba00e06e332bf84246b7036e10b317e2d09a51b2981fcb664ee3bf4180bb0b12ed1cda221abc6790b27c26914f5ef9cea9536e2453cd5b247cb054e295c2687b725a97cbc484b8eb86c6ceee03bd07a54a9301a3ac0ddb23aecb825a238252e7575329058b40e75575a7f16439edf5be163ce5f5":120:"e3645db0c600dba52044efcecfc331":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3bfad1e8f9850577f9ba3f290e9a5e91b494c2d99534220362e171a7543177ac":"":"8410886b70c57d7ded8596443bd1b157":"ca801c83596795515ea931edba00e06e332bf84246b7036e10b317e2d09a51b2981fcb664ee3bf4180bb0b12ed1cda221abc6790b27c26914f5ef9cea9536e2453cd5b247cb054e295c2687b725a97cbc484b8eb86c6ceee03bd07a54a9301a3ac0ddb23aecb825a238252e7575329058b40e75575a7f16439edf5be163ce5f5":120:"e3645db0c600dba52044efcecfc331":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"65debdf2f2191a6cd8de8ad4d5d4d0d8f731f67744e2545df6b2a7cba89c1ee0":"":"fdab2ee547dd8b6f5a4ea2dd19697b3e":"d2b0a0438ee0f145aec9a7ca452b788ecb473152b78fb75f6ace721afc7b0ae1942049b790f3a5b6221a8760295659756d35347cc04029be03459f3e23a71209b4e0bbe13a253a888c83db23376d3a6d9a539f7c9fa4a12dc64297e7c93dfa0ab53ef76b6e1d95bf6f3d5e6ee8f08662fc03ec9d40eff0a43f23ac313671bfd9":112:"c25fc157c3f2474885e2eea48aea":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"65debdf2f2191a6cd8de8ad4d5d4d0d8f731f67744e2545df6b2a7cba89c1ee0":"":"fdab2ee547dd8b6f5a4ea2dd19697b3e":"d2b0a0438ee0f145aec9a7ca452b788ecb473152b78fb75f6ace721afc7b0ae1942049b790f3a5b6221a8760295659756d35347cc04029be03459f3e23a71209b4e0bbe13a253a888c83db23376d3a6d9a539f7c9fa4a12dc64297e7c93dfa0ab53ef76b6e1d95bf6f3d5e6ee8f08662fc03ec9d40eff0a43f23ac313671bfd9":112:"c25fc157c3f2474885e2eea48aea":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"496ae810380460d40cd2fdae8c0739f16b87205cc7f57db0a71a473eb361d570":"":"77233de96f5e1744337778212b411bd5":"85f5b54b4c4af5c808120bd28d98e44e96f4126623e57684957e9fc4fd1a2d0583940b8fc8314a249325476e8d05247831b04709580ae714e8187cd38f9559419e14c9fc4f8c454ec191b8ef2a3610988fe3339d0dc6b72f5978f9eff9d596dfabf27056e3a908c6497267461386e860f6b9d65526294bcb92908b5661b06b5a":112:"4ed91af6340e70b0c2b94ab6f82e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"496ae810380460d40cd2fdae8c0739f16b87205cc7f57db0a71a473eb361d570":"":"77233de96f5e1744337778212b411bd5":"85f5b54b4c4af5c808120bd28d98e44e96f4126623e57684957e9fc4fd1a2d0583940b8fc8314a249325476e8d05247831b04709580ae714e8187cd38f9559419e14c9fc4f8c454ec191b8ef2a3610988fe3339d0dc6b72f5978f9eff9d596dfabf27056e3a908c6497267461386e860f6b9d65526294bcb92908b5661b06b5a":112:"4ed91af6340e70b0c2b94ab6f82e":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aca188183b46139cc7cffc82a6aaaeb2fd73cecad14e75c663bd62daf1ec711d":"":"7bbf7fb55eb70cce94cc6a2b67de55ba":"015cfba90f069545fed60f31992ff3d3c3592eb91e7a53df5978ded64291954cb99a57de82d5398ce782b68d14ac04a8b425395bd076ead59eb445721bdb2f45e19fa089117800cbbac7b8313fb165ccb1122acb654e1242dc7fe6885ea1cbb7281b1270cfa1549cdfe9b47caf47b4ac3807e562e48c066566f5e606b5023b47":112:"3bcb5c2a4261d75bfa106fb25ee1":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aca188183b46139cc7cffc82a6aaaeb2fd73cecad14e75c663bd62daf1ec711d":"":"7bbf7fb55eb70cce94cc6a2b67de55ba":"015cfba90f069545fed60f31992ff3d3c3592eb91e7a53df5978ded64291954cb99a57de82d5398ce782b68d14ac04a8b425395bd076ead59eb445721bdb2f45e19fa089117800cbbac7b8313fb165ccb1122acb654e1242dc7fe6885ea1cbb7281b1270cfa1549cdfe9b47caf47b4ac3807e562e48c066566f5e606b5023b47":112:"3bcb5c2a4261d75bfa106fb25ee1":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8cd6815f6ec15f03b7a53f159e877a5981e0ab7f6e6c261ddde4b47cbb2f2366":"":"c431c07d9adf5f61204a017259cddd75":"4e1a835402bde4f5227e64b46a1f8d0f23a9434e189377fcdf1b9621ba1987eb86a7f3b97ed0babfd674e74c5604a03dd016d71000a72bbbd00a7f7fe56ad0fcb36a3e24dd0fdb63bd66d4db415f35012416ed599796ca3f678df7eb5a1b17f75abb348ddd3b366369a7b362c9488aedab836b61f9a158f0b129c8ca0a53a81e":104:"0e463806ff34e206f703dd96b3":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8cd6815f6ec15f03b7a53f159e877a5981e0ab7f6e6c261ddde4b47cbb2f2366":"":"c431c07d9adf5f61204a017259cddd75":"4e1a835402bde4f5227e64b46a1f8d0f23a9434e189377fcdf1b9621ba1987eb86a7f3b97ed0babfd674e74c5604a03dd016d71000a72bbbd00a7f7fe56ad0fcb36a3e24dd0fdb63bd66d4db415f35012416ed599796ca3f678df7eb5a1b17f75abb348ddd3b366369a7b362c9488aedab836b61f9a158f0b129c8ca0a53a81e":104:"0e463806ff34e206f703dd96b3":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8f0a72abcda104aa7fae501f9a3b686d00d3f6fe984731db8a2865bfec587073":"":"ab8acd063775d1b1314f14e90fddd1be":"02c6d426e7f20b725d8cde0a6382e49b029b52126889013ef45251f27b2fadb95ca4a9a3b16ad06999eeca4a473e813045db4942e9b9ff2e5a5e429d9bac298372344d1b781d5facabf6d779643f31ada6124eb50aad599044b54279ec9b25714ac8a3b9ad2487cec7f4b1ee245d7be3d496d6af1d4cbee1c8201312541f3064":104:"3f0ccc134091e0c0425887b1b9":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8f0a72abcda104aa7fae501f9a3b686d00d3f6fe984731db8a2865bfec587073":"":"ab8acd063775d1b1314f14e90fddd1be":"02c6d426e7f20b725d8cde0a6382e49b029b52126889013ef45251f27b2fadb95ca4a9a3b16ad06999eeca4a473e813045db4942e9b9ff2e5a5e429d9bac298372344d1b781d5facabf6d779643f31ada6124eb50aad599044b54279ec9b25714ac8a3b9ad2487cec7f4b1ee245d7be3d496d6af1d4cbee1c8201312541f3064":104:"3f0ccc134091e0c0425887b1b9":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"417135cad74280e6f8597dc791431c95cb8fa63bbf7197e3ab37c4b1d6d9438a":"":"0fe22d9ba1d0e32656e3a9f07a517a27":"a0b2712e81d329d5b076a4be2ad6823cee6dbd17d9a592d065bdebb92b1ff37a56bf2f5e5341f39c574246ccda19e5f35fede49c9ba958f3920cc5440fb404fab7846884ca0c2a3af5b51f4fe97a1395571319cc5b40f8aac986d77de280db82343983982638326ef003e0c013af19c34672975dc99ccc0853a1acf7c617d965":104:"888b836c9111073924a9b43069":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"417135cad74280e6f8597dc791431c95cb8fa63bbf7197e3ab37c4b1d6d9438a":"":"0fe22d9ba1d0e32656e3a9f07a517a27":"a0b2712e81d329d5b076a4be2ad6823cee6dbd17d9a592d065bdebb92b1ff37a56bf2f5e5341f39c574246ccda19e5f35fede49c9ba958f3920cc5440fb404fab7846884ca0c2a3af5b51f4fe97a1395571319cc5b40f8aac986d77de280db82343983982638326ef003e0c013af19c34672975dc99ccc0853a1acf7c617d965":104:"888b836c9111073924a9b43069":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"304824914e32ea0efd61be6972586093349bd2cc2cf0cff44be943682b2dbff5":"":"b6d927a71929029f6766be42746f7cb1":"7281c81c7514f4b17cb125c4649006ef8959a400a1e4d609d277e363e433725fa32346a10bcbd826b6afc8222158920d0a2db1e6fc915e81231c34c3941ecf3c6f94ffe2136190cae3dc39a4277acbc247f36291b5614a8433b1a0780434a6c50521b72ec25145bbd3b192647155d5dd9df9e66762d39592602ea99bf9bfff49":96:"b6044c4d7f59491f68b2c61e":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"304824914e32ea0efd61be6972586093349bd2cc2cf0cff44be943682b2dbff5":"":"b6d927a71929029f6766be42746f7cb1":"7281c81c7514f4b17cb125c4649006ef8959a400a1e4d609d277e363e433725fa32346a10bcbd826b6afc8222158920d0a2db1e6fc915e81231c34c3941ecf3c6f94ffe2136190cae3dc39a4277acbc247f36291b5614a8433b1a0780434a6c50521b72ec25145bbd3b192647155d5dd9df9e66762d39592602ea99bf9bfff49":96:"b6044c4d7f59491f68b2c61e":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8a10e9abe9389738e12a4bb6f553ae81e8bd320e0dfbc05fbae2128c1fde7a23":"":"6da44354e198e3beb54792718becbcc1":"199d754630135b669bf2ec581d3027a569412ab39a78dd9d482e87b778ec65c6473656260c27827e00e566f1e3728fd7bc1853a39d00e43752c6f62c6f9b542a302eea4fd314473674f6926a878ec1e4b475d889126ce6317115aea7660b86ab7f7595695787f6954903f72361c917523615a86d6ce724bd4a20c9257984c0c6":96:"5c5683e587baf2bd32de3df5":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8a10e9abe9389738e12a4bb6f553ae81e8bd320e0dfbc05fbae2128c1fde7a23":"":"6da44354e198e3beb54792718becbcc1":"199d754630135b669bf2ec581d3027a569412ab39a78dd9d482e87b778ec65c6473656260c27827e00e566f1e3728fd7bc1853a39d00e43752c6f62c6f9b542a302eea4fd314473674f6926a878ec1e4b475d889126ce6317115aea7660b86ab7f7595695787f6954903f72361c917523615a86d6ce724bd4a20c9257984c0c6":96:"5c5683e587baf2bd32de3df5":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d164ffde5dd684becaf73e9667e3e6acb316682c41aea247899e104a54dd7a7f":"":"1d388e19e9d7a9750e2fc1187d4b075a":"f166a5b6f91261cda56f1a537f42ffb8aed10af5e0248f8910034b92dbc58d25953f1497f571d31fbf5ec30d92234b440161703851f0e43530418147ce6270fbcb5db33ab819ba8973051908704b6bea8aaca0718947e6aa82498a6e26a813981783ed9bf9d02eb1ea60927530c4700ff21f00179002b27903dd4103bbc5c645":96:"52e10495105799ead991547b":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d164ffde5dd684becaf73e9667e3e6acb316682c41aea247899e104a54dd7a7f":"":"1d388e19e9d7a9750e2fc1187d4b075a":"f166a5b6f91261cda56f1a537f42ffb8aed10af5e0248f8910034b92dbc58d25953f1497f571d31fbf5ec30d92234b440161703851f0e43530418147ce6270fbcb5db33ab819ba8973051908704b6bea8aaca0718947e6aa82498a6e26a813981783ed9bf9d02eb1ea60927530c4700ff21f00179002b27903dd4103bbc5c645":96:"52e10495105799ead991547b":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2854188c28b15af4b8e528ab25c0950fc1384976f242716c91bddeec06f2fdea":"":"075af9c31f5252b8920092cbd999e7a0":"e9452f71093843a025bb5f655eb6a4e8316ab5946484b11818f22b62f4df75d5891fa3397537093a261dc9a7648b7477ea1f5fc761716e302763364bcab7992595edd0fc1c7f7ac719c879e6616e2007948eb8530065a6cccf73d0fe4a0598819b471b0856e6d90ea0fc0e5d36a30ee925b6b8e5dbf40e77f01efe782c0bb4f7":64:"6ff8fd87e5a31eb6":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2854188c28b15af4b8e528ab25c0950fc1384976f242716c91bddeec06f2fdea":"":"075af9c31f5252b8920092cbd999e7a0":"e9452f71093843a025bb5f655eb6a4e8316ab5946484b11818f22b62f4df75d5891fa3397537093a261dc9a7648b7477ea1f5fc761716e302763364bcab7992595edd0fc1c7f7ac719c879e6616e2007948eb8530065a6cccf73d0fe4a0598819b471b0856e6d90ea0fc0e5d36a30ee925b6b8e5dbf40e77f01efe782c0bb4f7":64:"6ff8fd87e5a31eb6":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2bfc445ac0365ae6c3c3815fd18bbd0c60ea224f6620d9b6ac442a500221f104":"":"43c5f3367a9955aaee1a0c4d4a330059":"db0bae8ce7c66a8ba2fedec22f236212e9a7ad72b371de285c7dc6d2f6c22df0ce4920e0f03f91eb1653c4490050b9f18a2a047115796f0adc41707d1ffcbf148aed5c82013f557e6c28f49434fc4eb20112f43566f212c48cec9894ac40772fcd9b611ee9444df7b73e35b8a38428ccb064c9c50491d2535e0b539f424db83e":64:"49aaa806cb2eeadd":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2bfc445ac0365ae6c3c3815fd18bbd0c60ea224f6620d9b6ac442a500221f104":"":"43c5f3367a9955aaee1a0c4d4a330059":"db0bae8ce7c66a8ba2fedec22f236212e9a7ad72b371de285c7dc6d2f6c22df0ce4920e0f03f91eb1653c4490050b9f18a2a047115796f0adc41707d1ffcbf148aed5c82013f557e6c28f49434fc4eb20112f43566f212c48cec9894ac40772fcd9b611ee9444df7b73e35b8a38428ccb064c9c50491d2535e0b539f424db83e":64:"49aaa806cb2eeadd":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b828f99aaf751bf22d993ed682e488595617a607ed74aaacbb6b60457453080":"":"d48dac1d8d77e245420feb2598812418":"f50f785f4e7c848a55a616ecf4b6b1e1ca85e16de7100c7e4273d411bd95c1380ee157ba501ba9616980195f34e39f43e335f33253342feb8ed64443483c721b85241a0320b3cac83104de2db47188c61a373fba592ea16feeefdee1f2bb43927396f58151418672ebb74afff5c029503a0d0be81430e81ed443e08b74c03183":64:"a5b71ecf845b25d0":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b828f99aaf751bf22d993ed682e488595617a607ed74aaacbb6b60457453080":"":"d48dac1d8d77e245420feb2598812418":"f50f785f4e7c848a55a616ecf4b6b1e1ca85e16de7100c7e4273d411bd95c1380ee157ba501ba9616980195f34e39f43e335f33253342feb8ed64443483c721b85241a0320b3cac83104de2db47188c61a373fba592ea16feeefdee1f2bb43927396f58151418672ebb74afff5c029503a0d0be81430e81ed443e08b74c03183":64:"a5b71ecf845b25d0":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b6da11d69fca3e4c907628d3eb63d95c7e502fc901372fd097e064e70831432":"":"6fe2148f250ea178d4c8ca8423ead87d":"a8097bb74ded776f578eb7588f5ef8915db9bfa7262af700c8e76ee114e07557b6786dd5a60a66b2703e7c9de5d6b42aca92568aec5d1ecc298dbd0edb150b8cc13c9a78698f7674caa94da6cacd1f3ef4ca4238c59830ea725ab3a6284e28966c8c32d9bccfb0cfd6583a5ca309debe86549a6f317d15c5f928cbc7f473310c":32:"e9cdbc52":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b6da11d69fca3e4c907628d3eb63d95c7e502fc901372fd097e064e70831432":"":"6fe2148f250ea178d4c8ca8423ead87d":"a8097bb74ded776f578eb7588f5ef8915db9bfa7262af700c8e76ee114e07557b6786dd5a60a66b2703e7c9de5d6b42aca92568aec5d1ecc298dbd0edb150b8cc13c9a78698f7674caa94da6cacd1f3ef4ca4238c59830ea725ab3a6284e28966c8c32d9bccfb0cfd6583a5ca309debe86549a6f317d15c5f928cbc7f473310c":32:"e9cdbc52":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c5ae9328be49e761064080fc213e53e373fd86359a09d0355e2d438d9b8e68f1":"":"a7e3f8660ff925d5c88c5aceffbd7026":"2ddddba7a56cc808aec4602f09ae9bd78887827bf0315d8dbe16821606ef9d117746dd138bf1f23565d1ab8f4cee36d53fe3730632c5df9f12109b16edbeae285bb49dfdd155f5dc97b319a85362d53cc86817b7c1c31e5e87c9f37422f133d00dd0776bd92ab05ce6860573cd911645cfe3fbe515e85f744899a447fe443653":32:"e35dbac8":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c5ae9328be49e761064080fc213e53e373fd86359a09d0355e2d438d9b8e68f1":"":"a7e3f8660ff925d5c88c5aceffbd7026":"2ddddba7a56cc808aec4602f09ae9bd78887827bf0315d8dbe16821606ef9d117746dd138bf1f23565d1ab8f4cee36d53fe3730632c5df9f12109b16edbeae285bb49dfdd155f5dc97b319a85362d53cc86817b7c1c31e5e87c9f37422f133d00dd0776bd92ab05ce6860573cd911645cfe3fbe515e85f744899a447fe443653":32:"e35dbac8":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e4f8ca13ba86c658cc7f42d4f029422209efbd101bc10a1df81a42cfb3a0f79f":"":"1a362fa0e4054ba11e4b06d59c8bc9cf":"e7ad5c75aa13659f8ce4b1650c46382645ec67418199b84ea445b8ceef619ef3fbde59ed3d313c459e36fcf87d26ef2b453409b32f1086934c3072c1ef0aac83762d28b1193b9afff2c083ce4300b768b0ae23ff9d3dcf65bc1693f1350da65180620aab205aceacfc683c8be53a332e2d0337a7518d2a5204f9c8d7325a4799":32:"e7a37f15":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e4f8ca13ba86c658cc7f42d4f029422209efbd101bc10a1df81a42cfb3a0f79f":"":"1a362fa0e4054ba11e4b06d59c8bc9cf":"e7ad5c75aa13659f8ce4b1650c46382645ec67418199b84ea445b8ceef619ef3fbde59ed3d313c459e36fcf87d26ef2b453409b32f1086934c3072c1ef0aac83762d28b1193b9afff2c083ce4300b768b0ae23ff9d3dcf65bc1693f1350da65180620aab205aceacfc683c8be53a332e2d0337a7518d2a5204f9c8d7325a4799":32:"e7a37f15":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"00050a21ca1e72cd0924be31b943c60854be6744577de3dd9d1f4fada4a19ea6":"693ffd3d92294857a99c702a0799eeca28ab066dd90917b9ea5ef8f6547f1d90b106cbec8ef2c22af9f8efa6c652f2f97c2baf33af14fe9def230d49524bd65909c3df1490f637f99e788dcc042b40e00bd524c91e2427ef991bf77e7b2f770cda6e90076c5dac4cac7ee3958b53ff8ce846c3a96281f53c2c52f5f3e523536f":"2fc1afc1395d8409919248709f468496":"":128:"e39b6a7fd5ac67a2a1cc24d5eb9d9c74":"cfcd6b9ff7641829cbadeaa2e56f1f150a099eccf3e378fa4da59794dcc4490aa4f9c5db0ab245bec36a7d4557a572008e42f03bc1baff3c946f23f54a4dc9828f106cf4264e4ab40165839d1085e7795b1ae0950f0ee4a08e46ada501b6b51dee0e518129c9426e5bd44c66674a9f99cfe676f002cfd344c5bbd22d3d91e600":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"00050a21ca1e72cd0924be31b943c60854be6744577de3dd9d1f4fada4a19ea6":"693ffd3d92294857a99c702a0799eeca28ab066dd90917b9ea5ef8f6547f1d90b106cbec8ef2c22af9f8efa6c652f2f97c2baf33af14fe9def230d49524bd65909c3df1490f637f99e788dcc042b40e00bd524c91e2427ef991bf77e7b2f770cda6e90076c5dac4cac7ee3958b53ff8ce846c3a96281f53c2c52f5f3e523536f":"2fc1afc1395d8409919248709f468496":"":128:"e39b6a7fd5ac67a2a1cc24d5eb9d9c74":"":"cfcd6b9ff7641829cbadeaa2e56f1f150a099eccf3e378fa4da59794dcc4490aa4f9c5db0ab245bec36a7d4557a572008e42f03bc1baff3c946f23f54a4dc9828f106cf4264e4ab40165839d1085e7795b1ae0950f0ee4a08e46ada501b6b51dee0e518129c9426e5bd44c66674a9f99cfe676f002cfd344c5bbd22d3d91e600":0
AES-GCM NIST Validation (AES-256,128,1024,0,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f10965a66255f0c3515af497ccbb257a09f22ec2d57c5edae322a3e6d2d188ef":"91598690edf2de8b27f9bc7461a84e80811cee544f0542923898328cf157590251f0342cb81d359b5dccc5391a12320d1444c26f24178977dd6705c2b365dc1ece0152c42e2f0ee3162cf886ef5529f4f16a77f3bdd2aeccd405b59addf098521d0d38cc25f1991e11be7ecf24caedb48a2a286d2e560a38fa9001c5a228c4d1":"c571ce0e911de5d883dc4a0787483235":"":128:"6d9d3a5dbc8dce385f092fff14bfffda":"2867996e389e09ec0da94d42e77b1e436b50065b09ca4adf1cd03240444ee699dbb7b3fc081a1869ca607d77d5ff9754fc3c997ff0a4ee17543a2ba77886b88a7128bcc51d3450df58ff3a26671b02c1d213df6adb6f7e853080eb46b504517cbaea162710a9bbc2da8b552eb6b0e0cb98e44fcab0a157312be67974678d143e":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f10965a66255f0c3515af497ccbb257a09f22ec2d57c5edae322a3e6d2d188ef":"91598690edf2de8b27f9bc7461a84e80811cee544f0542923898328cf157590251f0342cb81d359b5dccc5391a12320d1444c26f24178977dd6705c2b365dc1ece0152c42e2f0ee3162cf886ef5529f4f16a77f3bdd2aeccd405b59addf098521d0d38cc25f1991e11be7ecf24caedb48a2a286d2e560a38fa9001c5a228c4d1":"c571ce0e911de5d883dc4a0787483235":"":128:"6d9d3a5dbc8dce385f092fff14bfffda":"":"2867996e389e09ec0da94d42e77b1e436b50065b09ca4adf1cd03240444ee699dbb7b3fc081a1869ca607d77d5ff9754fc3c997ff0a4ee17543a2ba77886b88a7128bcc51d3450df58ff3a26671b02c1d213df6adb6f7e853080eb46b504517cbaea162710a9bbc2da8b552eb6b0e0cb98e44fcab0a157312be67974678d143e":0
AES-GCM NIST Validation (AES-256,128,1024,0,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4437ee7d16d8c3ca1aa01e20b66749efa901614d4bb4bee786ad5a5f1bfde2e6":"ff80727a3485cdbc7fab4ee9fadfdc621c538e2055706629046078f1aa3fb687fc728d3a7ffa52ae457b7b5649613eab7bafa464bb435314c49e5900750f7ad39ca9b75df6b2eaa755439e101f67b7ae4cd80dc4a9dea0027048253f2d0a6014056ca69b8c85605b00cf75fa7634a0ddf464270a8c79ce1a1324c4a4c513b24b":"275393276745bc43bae4af1e5d43a31e":"":128:"a82ff1e87d26e4d6e417b60fb2d3ce23":"88f994d276ed20be3932d16f551c4b7e2ed80411f2e72ce098fa0b70c22157a59edab30649fec447dd63f0c87dceca7238ef0d9561b58489ba7bd86f2892743099f40af63c432f78ac0ad0b5c2be47b9e3045e7237b096ee400f430af63a6f309de785caf190f3f4aabbe79f727a741590de542bd343df68d13db55a5f8bab41":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4437ee7d16d8c3ca1aa01e20b66749efa901614d4bb4bee786ad5a5f1bfde2e6":"ff80727a3485cdbc7fab4ee9fadfdc621c538e2055706629046078f1aa3fb687fc728d3a7ffa52ae457b7b5649613eab7bafa464bb435314c49e5900750f7ad39ca9b75df6b2eaa755439e101f67b7ae4cd80dc4a9dea0027048253f2d0a6014056ca69b8c85605b00cf75fa7634a0ddf464270a8c79ce1a1324c4a4c513b24b":"275393276745bc43bae4af1e5d43a31e":"":128:"a82ff1e87d26e4d6e417b60fb2d3ce23":"":"88f994d276ed20be3932d16f551c4b7e2ed80411f2e72ce098fa0b70c22157a59edab30649fec447dd63f0c87dceca7238ef0d9561b58489ba7bd86f2892743099f40af63c432f78ac0ad0b5c2be47b9e3045e7237b096ee400f430af63a6f309de785caf190f3f4aabbe79f727a741590de542bd343df68d13db55a5f8bab41":0
AES-GCM NIST Validation (AES-256,128,1024,0,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe4ec037ce563dadee435cfcb2bf090f1f7ccc7d1b5b4fab2f1b738348f8ed2f":"64eb8a4bda9804c09b04cfcd89094928c21480908b81ee19d6c29c2a3631b1a5bdc8e7f8ea56f7b8b8e14a5208296026785cac3a6afa54be8af4d5faedcd12b6621bde0f8ec5a2635fe72a89468ca7704c73aa40cd2ba97aef08886b27a694d339b00e7d12a31308672f87c06a7388a1432f869eb4cc1da864140b1b33931925":"47f5264f7a5b65b671892a05fa556f63":"":120:"660462b4088f6628a630f2e4170b21":"4a310e035361f98b8c54fb4cef70b1a9c910552ece056ca8fdab54c52308ec0ad7fe9dd1dae92badab5010577de522088768fa6466fbccce22e14c51ca7986c4063d0f06bf578dab16a91856713198a7138395c49c78b6314b57ab72fd079028c8dc351952d90b04a7cd2b245df0c0522447cdb7d3329fd9425fe5cb40a8e7c9":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe4ec037ce563dadee435cfcb2bf090f1f7ccc7d1b5b4fab2f1b738348f8ed2f":"64eb8a4bda9804c09b04cfcd89094928c21480908b81ee19d6c29c2a3631b1a5bdc8e7f8ea56f7b8b8e14a5208296026785cac3a6afa54be8af4d5faedcd12b6621bde0f8ec5a2635fe72a89468ca7704c73aa40cd2ba97aef08886b27a694d339b00e7d12a31308672f87c06a7388a1432f869eb4cc1da864140b1b33931925":"47f5264f7a5b65b671892a05fa556f63":"":120:"660462b4088f6628a630f2e4170b21":"":"4a310e035361f98b8c54fb4cef70b1a9c910552ece056ca8fdab54c52308ec0ad7fe9dd1dae92badab5010577de522088768fa6466fbccce22e14c51ca7986c4063d0f06bf578dab16a91856713198a7138395c49c78b6314b57ab72fd079028c8dc351952d90b04a7cd2b245df0c0522447cdb7d3329fd9425fe5cb40a8e7c9":0
AES-GCM NIST Validation (AES-256,128,1024,0,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e6e1ada628ca76eb9832cc6b5efc5c9d2686bb587366a6de2d734233fa95279e":"a0ac738e0fb35246b84a6fbe319f827039515df25d0c0fc6de7c048253ae63d3c561e44a12672ffeae1cb925610b482aa422bbee0e1784fc69baac3a97d69f51e6d2a17957b44b318624ea7ec680a559f4d3f2761d09bee66efb3a312ae6b3ecb673e756b2a0f654671e82500e7ace91f2be2a74bc3bc1ec1a4b6877a53c27c8":"5a100b451e3a63a3e6d4b8a9e59c6bce":"":120:"88df9a1ea54e5bd2ef24da6880b79d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e6e1ada628ca76eb9832cc6b5efc5c9d2686bb587366a6de2d734233fa95279e":"a0ac738e0fb35246b84a6fbe319f827039515df25d0c0fc6de7c048253ae63d3c561e44a12672ffeae1cb925610b482aa422bbee0e1784fc69baac3a97d69f51e6d2a17957b44b318624ea7ec680a559f4d3f2761d09bee66efb3a312ae6b3ecb673e756b2a0f654671e82500e7ace91f2be2a74bc3bc1ec1a4b6877a53c27c8":"5a100b451e3a63a3e6d4b8a9e59c6bce":"":120:"88df9a1ea54e5bd2ef24da6880b79d":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cd5c1e90d78213155c51767c52c290b3d657db8414ee0a7604a2ec7b48105667":"8e987693da0fb77b6d1282eebd3a03e05d9955ff81929b1a2c721574862a067ddee392c7ece52ca1451f3e6e321d7208882d97b4149af6d78d65c054e1bfcdfa62bd2202de32dea8363f8d7f041891ce281840f3cd906ab46ca748e5b3b11890b4014bf0271c9427c874097782d1c13dbb40e78fc8276fc134f3c29923a43a01":"4e022d8d86efbd347e8cbab7e979771f":"":120:"e7df79af0aef011299c3b882e3a45b":"3b20473d9b5018d089e7f74d3fef22ec2805948a9e07689831973c704a6d8db4d090af88d696ab8c3aae9740a2bbd7f03e0b18b2b591e59c335c1043a2578a89b1a9f20fd0dd53f12e00e9bfdb27de8caac772bbfc4de9e4a255a5d1b04e59625a87b8279babe613def58d890d5502abf2f709aab625dcc20c58772832c7bbab":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cd5c1e90d78213155c51767c52c290b3d657db8414ee0a7604a2ec7b48105667":"8e987693da0fb77b6d1282eebd3a03e05d9955ff81929b1a2c721574862a067ddee392c7ece52ca1451f3e6e321d7208882d97b4149af6d78d65c054e1bfcdfa62bd2202de32dea8363f8d7f041891ce281840f3cd906ab46ca748e5b3b11890b4014bf0271c9427c874097782d1c13dbb40e78fc8276fc134f3c29923a43a01":"4e022d8d86efbd347e8cbab7e979771f":"":120:"e7df79af0aef011299c3b882e3a45b":"":"3b20473d9b5018d089e7f74d3fef22ec2805948a9e07689831973c704a6d8db4d090af88d696ab8c3aae9740a2bbd7f03e0b18b2b591e59c335c1043a2578a89b1a9f20fd0dd53f12e00e9bfdb27de8caac772bbfc4de9e4a255a5d1b04e59625a87b8279babe613def58d890d5502abf2f709aab625dcc20c58772832c7bbab":0
AES-GCM NIST Validation (AES-256,128,1024,0,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6e3dfc07003bb6a2d82bd5263b2832f47db4e73279266c7a9ea21f4f18eddf83":"a960da222af9d4da5797e6957d59b00f6d3893599c70e95c0984b56eb3329b191703c2532f3288b15ebf655b9b5ee4617484e5ac9c39bb06731d03ebe4fef9495d003b0ed694cf540b4dc759d32629e55512680badd81234bd71ffd55fcb5e6a85031c1dc31ee1ed198939582d8336c905717cc87101dcfcf9d833fac815c8ea":"7c0f49fb54f5e68c84e81add009284e6":"":112:"b2ec0f3da02a9eb3132fb4ebe3b8":"a40b6f70f0572fe0bc70d83368e7c154f7dbd501f52501630a2e523d18e216e07368521f6040d806299397722b99bcf7f85d36b8bed934b49aa1fa76d38783e6a2e392d6d0786d467f7bc894a739ecf94f0fe884a9c391154f8326bf31ea5242a18aa263d04da4b63b11de23b42d3e10a2d5460cb32700cdf50a0d89165ba22a":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6e3dfc07003bb6a2d82bd5263b2832f47db4e73279266c7a9ea21f4f18eddf83":"a960da222af9d4da5797e6957d59b00f6d3893599c70e95c0984b56eb3329b191703c2532f3288b15ebf655b9b5ee4617484e5ac9c39bb06731d03ebe4fef9495d003b0ed694cf540b4dc759d32629e55512680badd81234bd71ffd55fcb5e6a85031c1dc31ee1ed198939582d8336c905717cc87101dcfcf9d833fac815c8ea":"7c0f49fb54f5e68c84e81add009284e6":"":112:"b2ec0f3da02a9eb3132fb4ebe3b8":"":"a40b6f70f0572fe0bc70d83368e7c154f7dbd501f52501630a2e523d18e216e07368521f6040d806299397722b99bcf7f85d36b8bed934b49aa1fa76d38783e6a2e392d6d0786d467f7bc894a739ecf94f0fe884a9c391154f8326bf31ea5242a18aa263d04da4b63b11de23b42d3e10a2d5460cb32700cdf50a0d89165ba22a":0
AES-GCM NIST Validation (AES-256,128,1024,0,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4103b1ddff87a508a219c808a04ad4750668688f4c2ee75b92d28d70b98a2c94":"a00a196193ff07006b7df524824bd0971d63f447a3a7bb1b75c1e2d11789482c115cff677b54948d36dc4de34200bce97be0101d88cee39b177857dd5da3cb0d2f9d6e1150f72a3bd655e0bace1d25a657ba9a7f8dff082b4460432075afb20173da22b49beeb6a030d72ba07869ff4389fc1c28d87018d7c1a9829c21932197":"5cea906737518c2cb901016e30206276":"":112:"3a3a771dd5f31c977e154ef5c73a":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4103b1ddff87a508a219c808a04ad4750668688f4c2ee75b92d28d70b98a2c94":"a00a196193ff07006b7df524824bd0971d63f447a3a7bb1b75c1e2d11789482c115cff677b54948d36dc4de34200bce97be0101d88cee39b177857dd5da3cb0d2f9d6e1150f72a3bd655e0bace1d25a657ba9a7f8dff082b4460432075afb20173da22b49beeb6a030d72ba07869ff4389fc1c28d87018d7c1a9829c21932197":"5cea906737518c2cb901016e30206276":"":112:"3a3a771dd5f31c977e154ef5c73a":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cd8c2f0c330d5db316dae7a16b57d681ca058864f7bd60f3d0de174442283f77":"e2a5ad295d35031535bf13c2993bd0b292e8a9465b9dab738e59ba03670248a1ecc92b38a55bae34729162271cc1572c35fcccb27417b48dfcbff852a7a8845cc829a4461061b558ac8b5930a5c6491ffba04a9d0dff220b3cd5e4fc2e0f3db3b2ddd90328f2cad819573a7856299620b02f5ee0267f3b56981afbf1b7d9e3e1":"387ee8c1e7f047e94d06d0322eec02fc":"":112:"62356850d12b54e39872357cfa03":"17b7f6bdfc1993c56dd9bd674cc276a55a46fdd9fd5fe435b9e4b7ebc7052a9dc76a99e4e43aba7d486603189c90d10a21ad3722c86bf5bc856a0f930ff5bca65be708b76bb8a29105da67f31eebcec81f28aaf526d2f8f0feac393a24959dcd612e2b93b4463f61957d2b3046bcdf855e346601e4c7760c0ca618ee7bf55381":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cd8c2f0c330d5db316dae7a16b57d681ca058864f7bd60f3d0de174442283f77":"e2a5ad295d35031535bf13c2993bd0b292e8a9465b9dab738e59ba03670248a1ecc92b38a55bae34729162271cc1572c35fcccb27417b48dfcbff852a7a8845cc829a4461061b558ac8b5930a5c6491ffba04a9d0dff220b3cd5e4fc2e0f3db3b2ddd90328f2cad819573a7856299620b02f5ee0267f3b56981afbf1b7d9e3e1":"387ee8c1e7f047e94d06d0322eec02fc":"":112:"62356850d12b54e39872357cfa03":"":"17b7f6bdfc1993c56dd9bd674cc276a55a46fdd9fd5fe435b9e4b7ebc7052a9dc76a99e4e43aba7d486603189c90d10a21ad3722c86bf5bc856a0f930ff5bca65be708b76bb8a29105da67f31eebcec81f28aaf526d2f8f0feac393a24959dcd612e2b93b4463f61957d2b3046bcdf855e346601e4c7760c0ca618ee7bf55381":0
AES-GCM NIST Validation (AES-256,128,1024,0,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7e19e400872eed721d560202cd757d3eb99729496b6e3a6d38dd8afe1066045a":"3fb9abc7aba654dfb174e8899c17db222ffbb387b7260fc6f015b54f1cd74284c516e21aae3b72338e5e8dc643cfafca0678f5bda3a7539f1612dddb04366031b5a3eda55f3232c1b176cc9be7cc07e0ebca674a272224929c401a2530efc6d4eed0087b544b12d172a01bc8340d9c2a2ebcb5af8b07d96073a879fda140c196":"d2b277f78e98f1fa16f977ce72ee22a7":"":104:"4c81c044101f458fdfac9ca3b9":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7e19e400872eed721d560202cd757d3eb99729496b6e3a6d38dd8afe1066045a":"3fb9abc7aba654dfb174e8899c17db222ffbb387b7260fc6f015b54f1cd74284c516e21aae3b72338e5e8dc643cfafca0678f5bda3a7539f1612dddb04366031b5a3eda55f3232c1b176cc9be7cc07e0ebca674a272224929c401a2530efc6d4eed0087b544b12d172a01bc8340d9c2a2ebcb5af8b07d96073a879fda140c196":"d2b277f78e98f1fa16f977ce72ee22a7":"":104:"4c81c044101f458fdfac9ca3b9":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d0653934a16fd36c27d54488a1829302b931bed6e26ca26047242b85b50bfb61":"c02347e1add9178d830d8baaad9aeee37e958bedf2cc846e2561fe8c83481d0a8a85911e7f1f6e444b28f30bd96c13c390e80f616feb6844ee6fa486543a2e3f38c138f45b4405e3fb331b64648219aaf1d574be948ccfca6afc18d12488db19c35b05601e47c0af5d49a93a5dd4420f38585c1eb033e173376fa390d3f948df":"94886a1845aebba5ed6b86f580be47f9":"":104:"4be34ff42085ef4443c8b6042d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d0653934a16fd36c27d54488a1829302b931bed6e26ca26047242b85b50bfb61":"c02347e1add9178d830d8baaad9aeee37e958bedf2cc846e2561fe8c83481d0a8a85911e7f1f6e444b28f30bd96c13c390e80f616feb6844ee6fa486543a2e3f38c138f45b4405e3fb331b64648219aaf1d574be948ccfca6afc18d12488db19c35b05601e47c0af5d49a93a5dd4420f38585c1eb033e173376fa390d3f948df":"94886a1845aebba5ed6b86f580be47f9":"":104:"4be34ff42085ef4443c8b6042d":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d0f0ccb88c7cec9496f26a59ddc67dc59ebe49ae3dd89ef3be008598727e214c":"7845e155f4f28021291e7c814a1ace8f42b239990831aa82758fc1e376cace0b6f668f7f2f224dede1ef5b1df7ae74b2c01483701044acbbb72a9216eec6b7ef0190f114b3c73c6985c4653f11601c774d10b7f9df1f1e1f3ff4fafa20d6525edb37d9e5acfafe6d3468ee068d407fdb56dc718c98425926831253978d727854":"e5ca84b907ac761a5e68a9080da0a88a":"":104:"c8f78e4139dd3eaf2baef8aafb":"0cc3ede50b0d3fb9ada11300a3239a383c98f968ad65266d57a195bb18d3e568fe6cabba258da4bee9e923c7c838e06dc887a6c49cc1453ea6a227c6a83e651a8742e0316cad5efc93739393e3603446b5c920a206db1434adbb8ebde4d1a7a8699c7f6c61b2d57c9709b564338423b4f526d6c157647a6c45da9dd521061f05":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d0f0ccb88c7cec9496f26a59ddc67dc59ebe49ae3dd89ef3be008598727e214c":"7845e155f4f28021291e7c814a1ace8f42b239990831aa82758fc1e376cace0b6f668f7f2f224dede1ef5b1df7ae74b2c01483701044acbbb72a9216eec6b7ef0190f114b3c73c6985c4653f11601c774d10b7f9df1f1e1f3ff4fafa20d6525edb37d9e5acfafe6d3468ee068d407fdb56dc718c98425926831253978d727854":"e5ca84b907ac761a5e68a9080da0a88a":"":104:"c8f78e4139dd3eaf2baef8aafb":"":"0cc3ede50b0d3fb9ada11300a3239a383c98f968ad65266d57a195bb18d3e568fe6cabba258da4bee9e923c7c838e06dc887a6c49cc1453ea6a227c6a83e651a8742e0316cad5efc93739393e3603446b5c920a206db1434adbb8ebde4d1a7a8699c7f6c61b2d57c9709b564338423b4f526d6c157647a6c45da9dd521061f05":0
AES-GCM NIST Validation (AES-256,128,1024,0,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e35dcea17cbf391491ae5ba6056d0dd13b348183474dd4b614742751bdebfc32":"5213542beb044910d7fdeec8bb89de93f350760e493286eaef1140485380d429f74a4279c1842a5c64f3ca3381cb5dbb0621de48821bded650cb59703e0ca88f4e9c3d15875f9dc87d85ba7e4bae9986ef8c203fce6f0ce52c28e3a93befb4cc4ba3d963d2283cd30f9bf6ab99d92f2f4f3aff0b022f1751b89d43ea10bbb28a":"fa549b33b5a43d85f012929a4816297a":"":96:"afa61e843cee615c97de42a7":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e35dcea17cbf391491ae5ba6056d0dd13b348183474dd4b614742751bdebfc32":"5213542beb044910d7fdeec8bb89de93f350760e493286eaef1140485380d429f74a4279c1842a5c64f3ca3381cb5dbb0621de48821bded650cb59703e0ca88f4e9c3d15875f9dc87d85ba7e4bae9986ef8c203fce6f0ce52c28e3a93befb4cc4ba3d963d2283cd30f9bf6ab99d92f2f4f3aff0b022f1751b89d43ea10bbb28a":"fa549b33b5a43d85f012929a4816297a":"":96:"afa61e843cee615c97de42a7":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"844c50ddc0ac1d9364b21003287d6ae6360d12bbb17a85351362420ee4ca588e":"3a3bf4ccaf05f7c02f5e158dd2c5cb08c6aed4b1ba404a6d8ef9a0737fe2f350b3e22188fc330ea63e35df82f996e3cf94d331c4246cdb25bb2c409762e05ddc21f337edee51b64f1766ad18f520b3f34735b24278d9d647c533a743e0c1e9c81e9dee975cdc47e8582113fd250ef59353605b64acb7c025a97854c1a5c03237":"2f8512bb7e214db774a217a4615139e1":"":96:"f1da1cebe00d80eb4e025feb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"844c50ddc0ac1d9364b21003287d6ae6360d12bbb17a85351362420ee4ca588e":"3a3bf4ccaf05f7c02f5e158dd2c5cb08c6aed4b1ba404a6d8ef9a0737fe2f350b3e22188fc330ea63e35df82f996e3cf94d331c4246cdb25bb2c409762e05ddc21f337edee51b64f1766ad18f520b3f34735b24278d9d647c533a743e0c1e9c81e9dee975cdc47e8582113fd250ef59353605b64acb7c025a97854c1a5c03237":"2f8512bb7e214db774a217a4615139e1":"":96:"f1da1cebe00d80eb4e025feb":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2aae1aa047a20ed2d6d8336d923864cee9404f924031ae327fbfe2d293e1d93c":"8e5b6b9e4e7d01de9a919dd33c0c1eb94dcfebf28847c754c62c1c00642d9e96f15b5d28ad103ff6969be750aadfd02fc146935562c83ec459a932a2fd5fda32eb851e6cff33335abd5c2434ae4f5524d6bc74a38094ced360f4606a1a17096ff06604952c8ca94a9a6dc4a251e13b0e0c54bd8a6dff5f397a1eb1cf186fa518":"3da9af3567d70553ca3a9636f0b26470":"":96:"e1026b3d15d261b2fb47632e":"58c52ea9f3b162511160eed1a68b6f52b3c4f5834af728de97a3d9e4ba337b29aad12636003cf5be9ffbeae0f383f7cf32f645a8f6fc5cdc1cde91c625c69a92bc434ed671e52a0044a48f3fce55cae49a7d065c2a72603a7efe58b5a7b18ac500d1a51420e820357e7a439b1c02198ebe3d4e62d5573a3aa5f40900a21e3b41":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2aae1aa047a20ed2d6d8336d923864cee9404f924031ae327fbfe2d293e1d93c":"8e5b6b9e4e7d01de9a919dd33c0c1eb94dcfebf28847c754c62c1c00642d9e96f15b5d28ad103ff6969be750aadfd02fc146935562c83ec459a932a2fd5fda32eb851e6cff33335abd5c2434ae4f5524d6bc74a38094ced360f4606a1a17096ff06604952c8ca94a9a6dc4a251e13b0e0c54bd8a6dff5f397a1eb1cf186fa518":"3da9af3567d70553ca3a9636f0b26470":"":96:"e1026b3d15d261b2fb47632e":"":"58c52ea9f3b162511160eed1a68b6f52b3c4f5834af728de97a3d9e4ba337b29aad12636003cf5be9ffbeae0f383f7cf32f645a8f6fc5cdc1cde91c625c69a92bc434ed671e52a0044a48f3fce55cae49a7d065c2a72603a7efe58b5a7b18ac500d1a51420e820357e7a439b1c02198ebe3d4e62d5573a3aa5f40900a21e3b41":0
AES-GCM NIST Validation (AES-256,128,1024,0,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f3d69208cb0d27474e9a231cd46eac7c1574fff950c48bbd1ba03fad16f563df":"0d1f06eef5e8f2c81d1a73bb1dca93c22cfb6e40e9948bc75b0d84830fb9216330424f580b89050c3fb3f620eca8f9fd09fb86d2e8b3a0869c6022d8a705fc280d66fd16d3aba7395d6be4bed44145d51d42d56285f3675726d62d94c081364a6d440511de83a613c598b03078e2ec7648c6302defbbea66aafd33e1a4b1686c":"b957f05921d21f2192f587768dc12b4f":"":64:"322374fbb192abbc":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f3d69208cb0d27474e9a231cd46eac7c1574fff950c48bbd1ba03fad16f563df":"0d1f06eef5e8f2c81d1a73bb1dca93c22cfb6e40e9948bc75b0d84830fb9216330424f580b89050c3fb3f620eca8f9fd09fb86d2e8b3a0869c6022d8a705fc280d66fd16d3aba7395d6be4bed44145d51d42d56285f3675726d62d94c081364a6d440511de83a613c598b03078e2ec7648c6302defbbea66aafd33e1a4b1686c":"b957f05921d21f2192f587768dc12b4f":"":64:"322374fbb192abbc":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cb2cdeb17fa6bcb006c7fc60858a12a411804464458db351957e8caf42f1ee6c":"296504131354b2c1928982f12d408ba2377f2d4bbe87e4c69f92a15bf6003910a43bda6c8929df66b3ab1d202a5258cad199f32f36cc30d2dc06199c2a52f7ccadad1fce50123c5f8434dec57cc60cc780263d7aace8f59cc8a6c54bddbaded3adb12ae2ee0bacf6a8da635ff85b51a4e8a1b3dc404863b90059de4ad0f158dd":"31bd7c971a6d330b566567ab19590545":"":64:"efc5a1acf433aaa3":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cb2cdeb17fa6bcb006c7fc60858a12a411804464458db351957e8caf42f1ee6c":"296504131354b2c1928982f12d408ba2377f2d4bbe87e4c69f92a15bf6003910a43bda6c8929df66b3ab1d202a5258cad199f32f36cc30d2dc06199c2a52f7ccadad1fce50123c5f8434dec57cc60cc780263d7aace8f59cc8a6c54bddbaded3adb12ae2ee0bacf6a8da635ff85b51a4e8a1b3dc404863b90059de4ad0f158dd":"31bd7c971a6d330b566567ab19590545":"":64:"efc5a1acf433aaa3":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f94170790fadab3240df568197f9d6f6855afaed8d07eceeaa2380121872529f":"ed231b78db082f652bc6310c396993b52de804a82464fa3fac602a1286535f59c67fc2b1b420c7321eb42b971edde24cd4cb9e75c843f2ac6fb8ecdad612d2e5049cf39327aa7a8d43ec821161c385f3fdc92284a764a5d1cbae886f07f93017f83a105bb7c3cc4fc51e2781516a2471b65c940ddae6b550ad37b35f53d7cc64":"2f9c0647a4af7f61ced45f28d45c43f1":"":64:"ab74877a0b223e1c":"1cb5ed0c10cee98ff8ecfa5a1b6592391bbd9f9b1dc1ff351e0af23920d546b5e27d62b94daabd32f7f96a2632dc9fd7c19bf55f3b9b7cd492e76f4d6b0f5b437c155c14a75e65bfc4120bef186da05e06a2fd3696f210292ee422ddbce6e63d99ee766b68363139438733c5e567177f72e52ef2df6a7dd33fc0376d12ec3005":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f94170790fadab3240df568197f9d6f6855afaed8d07eceeaa2380121872529f":"ed231b78db082f652bc6310c396993b52de804a82464fa3fac602a1286535f59c67fc2b1b420c7321eb42b971edde24cd4cb9e75c843f2ac6fb8ecdad612d2e5049cf39327aa7a8d43ec821161c385f3fdc92284a764a5d1cbae886f07f93017f83a105bb7c3cc4fc51e2781516a2471b65c940ddae6b550ad37b35f53d7cc64":"2f9c0647a4af7f61ced45f28d45c43f1":"":64:"ab74877a0b223e1c":"":"1cb5ed0c10cee98ff8ecfa5a1b6592391bbd9f9b1dc1ff351e0af23920d546b5e27d62b94daabd32f7f96a2632dc9fd7c19bf55f3b9b7cd492e76f4d6b0f5b437c155c14a75e65bfc4120bef186da05e06a2fd3696f210292ee422ddbce6e63d99ee766b68363139438733c5e567177f72e52ef2df6a7dd33fc0376d12ec3005":0
AES-GCM NIST Validation (AES-256,128,1024,0,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"797c0091ff8787fe7cd0427c02922620e7f6fb71c52ddcc03a9f25c89ba33490":"2d3efc8900315c3691a8e3c9de3319d4deaf538fcf41aa0e295b861d0ac85baf56d149a6437747dd6976f44016e012b88de542fb8e5b9e4ad10c19deec4b7c0b69bc1b2e33d44a981ded66127dea354b072010b8dc24b85ed2ffeea3b9c0e931619dbbf22677691f0d54fc03eaa162e0ab0d760ad41021f67057c0d6ac19ca8f":"69d81c73008a6827a692fa636fbab8bb":"":32:"be2dda5c":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"797c0091ff8787fe7cd0427c02922620e7f6fb71c52ddcc03a9f25c89ba33490":"2d3efc8900315c3691a8e3c9de3319d4deaf538fcf41aa0e295b861d0ac85baf56d149a6437747dd6976f44016e012b88de542fb8e5b9e4ad10c19deec4b7c0b69bc1b2e33d44a981ded66127dea354b072010b8dc24b85ed2ffeea3b9c0e931619dbbf22677691f0d54fc03eaa162e0ab0d760ad41021f67057c0d6ac19ca8f":"69d81c73008a6827a692fa636fbab8bb":"":32:"be2dda5c":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90ce1afb5500489b9edbad987f4009509c847b3e55cdf0c764ef2fb085e3d033":"98482b54edce2bac1cd64d44917dcf117ebfbfe26ad17a9b263447028304f1cf5a69559c05b5d833420f4fddb6e308277d01eb4b3235f1c4b47d33d3899325b55e7be19d43187a5b1b1354ce02a529b3df1c13b4883902ae9fc565079dee825e705f3e580371e4fd86c3b0d31bae98adb529901f346ca07127314152b4370edd":"e119e166471ecf44bc3a070639619931":"":32:"b2f54b3a":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90ce1afb5500489b9edbad987f4009509c847b3e55cdf0c764ef2fb085e3d033":"98482b54edce2bac1cd64d44917dcf117ebfbfe26ad17a9b263447028304f1cf5a69559c05b5d833420f4fddb6e308277d01eb4b3235f1c4b47d33d3899325b55e7be19d43187a5b1b1354ce02a529b3df1c13b4883902ae9fc565079dee825e705f3e580371e4fd86c3b0d31bae98adb529901f346ca07127314152b4370edd":"e119e166471ecf44bc3a070639619931":"":32:"b2f54b3a":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"29264a90f114a800c0fc3247b3bda00981a12a8f85cf3a19ea4c7ffdd005f4bb":"587c8e53ab5ae8c31e16160b4a41d88798e27f4ad61c573c023c62d4dbb3952eef5026ad7b453fa9e0694347ab8fe50a6cf20da566202b81e325cee9c07ab2d4d53ed45b3ec2d2135936515f8a24f2a8116807dce9df3c44edf64c32647145152ff241d9e018e4101e400af070192dc3b498b5a213d265b4cfc8c8d4d7deccb5":"cf296aa43cb7b328e09c8975e067404e":"":32:"56015c1e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"29264a90f114a800c0fc3247b3bda00981a12a8f85cf3a19ea4c7ffdd005f4bb":"587c8e53ab5ae8c31e16160b4a41d88798e27f4ad61c573c023c62d4dbb3952eef5026ad7b453fa9e0694347ab8fe50a6cf20da566202b81e325cee9c07ab2d4d53ed45b3ec2d2135936515f8a24f2a8116807dce9df3c44edf64c32647145152ff241d9e018e4101e400af070192dc3b498b5a213d265b4cfc8c8d4d7deccb5":"cf296aa43cb7b328e09c8975e067404e":"":32:"56015c1e":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"84ff9a8772815b929d55f6052c0354cf3e02bcc8336fcfe5794952b4c45d5d96":"a87de56d49725a1625baf12fd15931fe1a6783dce5d1e744eba108f45e0c105d8141dc027d0e33ad7efb6752b43729715e2f3e2c42ebdab4d5f72f886bd821c4372244699ddded99a63dbe7763a5a3bc21cbfc253cdc2514eba2a4f54e24dca7c207cb3f6ae80153d77fe0641f357d5a073dcd425c38deb77c45f27427345516":"5c044a66e488b853baf479f7dee2aadb":"00304e3d40cbc6d2bee0778462884f4ec047a8c74bb3dd7e100f2b9d0e529fd24730063986117b56ca876b208a3691425ac63afc3d504ccb499c76622eade09717023fcb7d956b01ce24a3e53cb5da472be3fcf5b278b5d9e377de22fab75bc74afa9670f5fe9691aa0ed77e43f6abc67a61ec409ec39fd66ac0307bf195f36f":128:"72ddd9966ede9b684bc981cbb2113313":"aadb8537309940422f67ca393aa6182d67fe7c52092538a15e98a4254f0a9087c7f10903d5e78078c2e55de914dec8b6b35cb720e3e55963c0ac9901e44b83a0e7c5b2d3f002aec0a4a08354febe47b2abb955f2a21107626ef0b8e1e099650812a6fecf36908fce2d078c2735cf7c2b970a309e5c6d6ff29c26a05720c57105":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"84ff9a8772815b929d55f6052c0354cf3e02bcc8336fcfe5794952b4c45d5d96":"a87de56d49725a1625baf12fd15931fe1a6783dce5d1e744eba108f45e0c105d8141dc027d0e33ad7efb6752b43729715e2f3e2c42ebdab4d5f72f886bd821c4372244699ddded99a63dbe7763a5a3bc21cbfc253cdc2514eba2a4f54e24dca7c207cb3f6ae80153d77fe0641f357d5a073dcd425c38deb77c45f27427345516":"5c044a66e488b853baf479f7dee2aadb":"00304e3d40cbc6d2bee0778462884f4ec047a8c74bb3dd7e100f2b9d0e529fd24730063986117b56ca876b208a3691425ac63afc3d504ccb499c76622eade09717023fcb7d956b01ce24a3e53cb5da472be3fcf5b278b5d9e377de22fab75bc74afa9670f5fe9691aa0ed77e43f6abc67a61ec409ec39fd66ac0307bf195f36f":128:"72ddd9966ede9b684bc981cbb2113313":"":"aadb8537309940422f67ca393aa6182d67fe7c52092538a15e98a4254f0a9087c7f10903d5e78078c2e55de914dec8b6b35cb720e3e55963c0ac9901e44b83a0e7c5b2d3f002aec0a4a08354febe47b2abb955f2a21107626ef0b8e1e099650812a6fecf36908fce2d078c2735cf7c2b970a309e5c6d6ff29c26a05720c57105":0
AES-GCM NIST Validation (AES-256,128,1024,1024,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5ca3991d0160b1729ae1a622dcf4b03b1f4ba86150bd66bf35cbbee9258af10":"62aad5854a238f096bdde0711ac6f5763e7fea29db068ea8c911f17ba91e6d7807883e6fc5ba7db17af33da2b00973008a3425e65cc786ce1b97360019ee2cef74563d54752be436b905705b507c3d62689df4edf0356d26b693eb43d8a2a927a9f3866b7e0e19e84a90447bd6f47e31070fa7c2a71e3f78229ee19fa47e848f":"f8402184d1cc36df07b68ecb1ab42047":"d378cfd29758bcbd21e26a324239c42c992941b3ad68d9f2b3d2def3a051fd172ee882562970ef59798ff8d9eb5f724ff17626156f4cf5d93e41ffef6e525919af6194ea9bbb58c67563d3ffd90e5a6e2a3a33bd1fa3d55eff5dba7cd439d571f7e08014c4780e3d10904ef22b660897e78258da20b2600e88d71c35ecb6329a":128:"9e8b59b4971130557aa84ec3ac7e4133":"556dd32edc0af3c64186fe8c000ddad1516cd14721c93c228e379d4f87e32c79e734539cec930322048f34a2b34931c585d44f09966caf187ec4b9244c991a8a5f263e9da1d08d6086e52535afdb36c7662307521cbceb9ecb470a76970243723fbc1613b6ebbcae261ac2f1936e66ce29ec7350b2e6b2f73a910ade645154f7":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5ca3991d0160b1729ae1a622dcf4b03b1f4ba86150bd66bf35cbbee9258af10":"62aad5854a238f096bdde0711ac6f5763e7fea29db068ea8c911f17ba91e6d7807883e6fc5ba7db17af33da2b00973008a3425e65cc786ce1b97360019ee2cef74563d54752be436b905705b507c3d62689df4edf0356d26b693eb43d8a2a927a9f3866b7e0e19e84a90447bd6f47e31070fa7c2a71e3f78229ee19fa47e848f":"f8402184d1cc36df07b68ecb1ab42047":"d378cfd29758bcbd21e26a324239c42c992941b3ad68d9f2b3d2def3a051fd172ee882562970ef59798ff8d9eb5f724ff17626156f4cf5d93e41ffef6e525919af6194ea9bbb58c67563d3ffd90e5a6e2a3a33bd1fa3d55eff5dba7cd439d571f7e08014c4780e3d10904ef22b660897e78258da20b2600e88d71c35ecb6329a":128:"9e8b59b4971130557aa84ec3ac7e4133":"":"556dd32edc0af3c64186fe8c000ddad1516cd14721c93c228e379d4f87e32c79e734539cec930322048f34a2b34931c585d44f09966caf187ec4b9244c991a8a5f263e9da1d08d6086e52535afdb36c7662307521cbceb9ecb470a76970243723fbc1613b6ebbcae261ac2f1936e66ce29ec7350b2e6b2f73a910ade645154f7":0
AES-GCM NIST Validation (AES-256,128,1024,1024,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"df867d1dd8a287821a54479cab6f88636d2aca30e1bf01a5dffc735e17590356":"6517272cac85d7f38902bcb4b96a0c59c4bdc46bfefa6ebacd7f2fb1629b87ca91de2ffefc42ce3cfd34dcbf01b3f7cadcea3f99e6addf35d36c51f2ceb1f85c1f56a04ec9c9fff60cd7fc238674992183ea3de72ef778561b906202b7b83fe6562a0bca9c1e0a18638e8685b998b4192f5120435809ad6e93a0422d00725262":"35019826c51dd1ef07ff915d9ac4ea96":"0375ed93f287eefe414ab2968844bd10148860c528dbf571a77aa74f98cc669a7fc317adc9f7cf2d80dda29b19db635b30a044399f3665b6176ed669146d28f5ada03b3d32d53fe46575a8afcd37f20386d9e36f7e090b4fefadfab7f008e02f1b5022c0eeb81d03443a276eae48c038ed173631687d2450b913b02c97243edb":128:"e49beb083a9b008ae97a17e3825692f0":"723be39bc13adbc48c861b07753f64fac1ae28fc8933acba888b6538721df0a8b91c040a26522fe0dbb7335d8f63d209e89f7cde23afa9ca3c584b336d63a91e07fdd8808b14c3214c96a202e665bbaaa34248ff30348f3d79c9f16e66ad6c5903305acd887a89b6244eb7c2d96e18b13a686de935bf3821444ee20f48678be5":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"df867d1dd8a287821a54479cab6f88636d2aca30e1bf01a5dffc735e17590356":"6517272cac85d7f38902bcb4b96a0c59c4bdc46bfefa6ebacd7f2fb1629b87ca91de2ffefc42ce3cfd34dcbf01b3f7cadcea3f99e6addf35d36c51f2ceb1f85c1f56a04ec9c9fff60cd7fc238674992183ea3de72ef778561b906202b7b83fe6562a0bca9c1e0a18638e8685b998b4192f5120435809ad6e93a0422d00725262":"35019826c51dd1ef07ff915d9ac4ea96":"0375ed93f287eefe414ab2968844bd10148860c528dbf571a77aa74f98cc669a7fc317adc9f7cf2d80dda29b19db635b30a044399f3665b6176ed669146d28f5ada03b3d32d53fe46575a8afcd37f20386d9e36f7e090b4fefadfab7f008e02f1b5022c0eeb81d03443a276eae48c038ed173631687d2450b913b02c97243edb":128:"e49beb083a9b008ae97a17e3825692f0":"":"723be39bc13adbc48c861b07753f64fac1ae28fc8933acba888b6538721df0a8b91c040a26522fe0dbb7335d8f63d209e89f7cde23afa9ca3c584b336d63a91e07fdd8808b14c3214c96a202e665bbaaa34248ff30348f3d79c9f16e66ad6c5903305acd887a89b6244eb7c2d96e18b13a686de935bf3821444ee20f48678be5":0
AES-GCM NIST Validation (AES-256,128,1024,1024,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0e8e9ce6294b7fbc534a96bdd060120976a6e08315d2ea73ac61d085cd462a44":"9855f186b51358f0e2111c06bfaaeaec9bf95c55e246375c614fad9883d86c82a20c86538dc5f42a0ea69677d59a20c5112d15d2a8396f12096242ad5d7b838d16ee0679fc4017af75bc15e8ad2f77b0e802c864031cbfb0bacd95c828d1db4b7bab0713619e9e5e8fe6902aac7a9e6c42eb05f5b156f7e663ee43e6fdb62480":"4edc6be20f904b4789e5bee0a80a3fc8":"db28ce076b360816cd1e04b7729f8ab080e0a07f35204350f3bd056945aab8638c0e8311ab056f3e5debdbfbb03fae700770264faf73e0f3a05a5812aee84ab613c82f4a76da276250675f6a663f85e2c26d4f4a8666a7f4cedaffc1a7218dec11ca4e72b8b5d5b620d1efbd3d3b94a5ae0d118b9860dfd543b04c78d13a94c3":120:"03cfe6c36c3f54b3188a6ef3866b84":"e10142f852a0d680c983aad2b4609ccbd35ff61bb3eb66442aee6e01d4cc1cd70f45210acbd506395d6ca0cfebc195a196c94b94fc2afb9ffa3b1714653e07e048804746955e2070e1e96bff58f9bc56f3862aaa5fe23a6a57b5e764666ddec9e3e5a6af063f2c150889268619d0128b3b5562d27070e58e41aadd471d92d07e":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0e8e9ce6294b7fbc534a96bdd060120976a6e08315d2ea73ac61d085cd462a44":"9855f186b51358f0e2111c06bfaaeaec9bf95c55e246375c614fad9883d86c82a20c86538dc5f42a0ea69677d59a20c5112d15d2a8396f12096242ad5d7b838d16ee0679fc4017af75bc15e8ad2f77b0e802c864031cbfb0bacd95c828d1db4b7bab0713619e9e5e8fe6902aac7a9e6c42eb05f5b156f7e663ee43e6fdb62480":"4edc6be20f904b4789e5bee0a80a3fc8":"db28ce076b360816cd1e04b7729f8ab080e0a07f35204350f3bd056945aab8638c0e8311ab056f3e5debdbfbb03fae700770264faf73e0f3a05a5812aee84ab613c82f4a76da276250675f6a663f85e2c26d4f4a8666a7f4cedaffc1a7218dec11ca4e72b8b5d5b620d1efbd3d3b94a5ae0d118b9860dfd543b04c78d13a94c3":120:"03cfe6c36c3f54b3188a6ef3866b84":"":"e10142f852a0d680c983aad2b4609ccbd35ff61bb3eb66442aee6e01d4cc1cd70f45210acbd506395d6ca0cfebc195a196c94b94fc2afb9ffa3b1714653e07e048804746955e2070e1e96bff58f9bc56f3862aaa5fe23a6a57b5e764666ddec9e3e5a6af063f2c150889268619d0128b3b5562d27070e58e41aadd471d92d07e":0
AES-GCM NIST Validation (AES-256,128,1024,1024,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"886c77b80f5f3a21c01932685a540b23629f6d41d5574fc527227ed0bdf2e21b":"53a17d7b69f607f08676d6f6dd4e8db08e01333a8355d8c87616e84cdf10ef5b041fc6ddc3f6a245c0f534c2b167064af82f45e4702a5e8dede59579fdecf6713353392433950c9b97c38d9ee515ac97d0970ccf03981954540088567a30941bb2cca08cbed680500f8342faa7aebbc6c143e2ea57ba6b4ac1fd975dcc5d0871":"5ec506edb1890a5a63b464490450d419":"05b8d820c9f439d7aeae5c7da0ee25fb0dad47cc3e6f3a47e8b984e856201546975f8214531fc3c2e504d2ac10fa49cb948596b9a8fab01b95c49d6f04d1589f93b77b899e803dd20e1f00a51c0b5953e85be639109b14b100e35ca26d84ea629964b0db8260dfa5a150a66261bf37e79de2ec49e9f1b082a7c58ecd3d39b6c9":120:"ffdf56e1c1a7252b88422787536484":"79ee27adfa9698a97d217c5010ec807806feda37db811e398c3b82abf698aece08561fffc6c601d2691738e279eeb57e5804e1405a9913830e3ba0d7b979213ef40d733a19497d4bb1b8b2c609a8f904e29771fa230c39a48ebb8c3376f07c8013fff6e34f10fe53988a6ec87a9296c0a7cfba769adefe599ec6671012965973":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"886c77b80f5f3a21c01932685a540b23629f6d41d5574fc527227ed0bdf2e21b":"53a17d7b69f607f08676d6f6dd4e8db08e01333a8355d8c87616e84cdf10ef5b041fc6ddc3f6a245c0f534c2b167064af82f45e4702a5e8dede59579fdecf6713353392433950c9b97c38d9ee515ac97d0970ccf03981954540088567a30941bb2cca08cbed680500f8342faa7aebbc6c143e2ea57ba6b4ac1fd975dcc5d0871":"5ec506edb1890a5a63b464490450d419":"05b8d820c9f439d7aeae5c7da0ee25fb0dad47cc3e6f3a47e8b984e856201546975f8214531fc3c2e504d2ac10fa49cb948596b9a8fab01b95c49d6f04d1589f93b77b899e803dd20e1f00a51c0b5953e85be639109b14b100e35ca26d84ea629964b0db8260dfa5a150a66261bf37e79de2ec49e9f1b082a7c58ecd3d39b6c9":120:"ffdf56e1c1a7252b88422787536484":"":"79ee27adfa9698a97d217c5010ec807806feda37db811e398c3b82abf698aece08561fffc6c601d2691738e279eeb57e5804e1405a9913830e3ba0d7b979213ef40d733a19497d4bb1b8b2c609a8f904e29771fa230c39a48ebb8c3376f07c8013fff6e34f10fe53988a6ec87a9296c0a7cfba769adefe599ec6671012965973":0
AES-GCM NIST Validation (AES-256,128,1024,1024,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5231ca6d772edd9ea2d251e22d7d455928c22474b4b44130dad57e6511fed6ee":"2767c808410ee132291585ea74a48ad3102f883f07d060c91c5f10abd37fe0996d2210dc490260238ae15f5d74c7be2a1e15d80db09079c520047f88488a7802857a3fc3b81d85a96949997430a880177880a31d4d0c9c9045247804f057a4f2756d6e40375a4a3187c4376d6bf573ce334cda1ed88d8a50db499e7cdb89d8db":"048698a4a0feabc1f336112e2794795a":"3a81b6b0b722899ff931cb73c39222d555b83ae3f8880b982593cbc1ab8be90d1ee32fd7dfe697cf24c95b7309d82c3fed3aa6b3d5740cc86a28174ac8f17d860ebb251ac0d71751c2ff47b48bfb0b3beb4f51494464cda34feaecddb1dbbe5fa36c681ada0787d6ed728afc4008b95929a1905787917adc95f1034fedcd817a":120:"ba61edeb7b8966188854fc7926aad2":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5231ca6d772edd9ea2d251e22d7d455928c22474b4b44130dad57e6511fed6ee":"2767c808410ee132291585ea74a48ad3102f883f07d060c91c5f10abd37fe0996d2210dc490260238ae15f5d74c7be2a1e15d80db09079c520047f88488a7802857a3fc3b81d85a96949997430a880177880a31d4d0c9c9045247804f057a4f2756d6e40375a4a3187c4376d6bf573ce334cda1ed88d8a50db499e7cdb89d8db":"048698a4a0feabc1f336112e2794795a":"3a81b6b0b722899ff931cb73c39222d555b83ae3f8880b982593cbc1ab8be90d1ee32fd7dfe697cf24c95b7309d82c3fed3aa6b3d5740cc86a28174ac8f17d860ebb251ac0d71751c2ff47b48bfb0b3beb4f51494464cda34feaecddb1dbbe5fa36c681ada0787d6ed728afc4008b95929a1905787917adc95f1034fedcd817a":120:"ba61edeb7b8966188854fc7926aad2":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a3f516a7898e04e5da4efd6c7c5989b77552d195464620c2b35b9a4fda29cce":"5cc28b61ae97557774bdcd7ff653f4aa349df68d53c7e5a65263883ef1fe224ad40e86bffc2d38f28a2ed9ae1fc08563e2a1e46246106546eb8e6064c06baa0046fa137421734b7f0f94656a4f459d9d981717557d843700d116b6e5e2dd3af5f67c34edf31b40b71fd3c6f2475f9310feb70bcb973be52d41e86792c49d54c0":"9310af6974890c0a0364231f9cc8103d":"2103af8356bcb9dfc2a4f1d4ed09cbcd8e1990d23865605e19f87feb50bf8d10d0257740e5557a9297f0499c01e29a1a513ca18e6f43f7406c865cbe3951a7771128f3110c8da3bd696368901944549552842a1f6fd96cc681b45da098f3c1acb3d237d2363285f520d0b6714b698790b7660c52ac84a42c9721ac7e9d38a2ef":112:"993fc8e7176557ee9eb8dd944691":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a3f516a7898e04e5da4efd6c7c5989b77552d195464620c2b35b9a4fda29cce":"5cc28b61ae97557774bdcd7ff653f4aa349df68d53c7e5a65263883ef1fe224ad40e86bffc2d38f28a2ed9ae1fc08563e2a1e46246106546eb8e6064c06baa0046fa137421734b7f0f94656a4f459d9d981717557d843700d116b6e5e2dd3af5f67c34edf31b40b71fd3c6f2475f9310feb70bcb973be52d41e86792c49d54c0":"9310af6974890c0a0364231f9cc8103d":"2103af8356bcb9dfc2a4f1d4ed09cbcd8e1990d23865605e19f87feb50bf8d10d0257740e5557a9297f0499c01e29a1a513ca18e6f43f7406c865cbe3951a7771128f3110c8da3bd696368901944549552842a1f6fd96cc681b45da098f3c1acb3d237d2363285f520d0b6714b698790b7660c52ac84a42c9721ac7e9d38a2ef":112:"993fc8e7176557ee9eb8dd944691":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"59c9258554363d8a885fc0f5d112fee08eadfc7ce52a0e7e73e3d0d41d9a0290":"79c491411402ea7878e480519fd984dde44bce6459303bb76d4eaf97d4e345d1aafaa68ceb0590b41cfed0f411b675d9344c7e888cccfc9eb6fe6b229d198f94ba516ee850ee7f078a4f5f32a23f92f72264e3a76a31ebd042564315ac4f2ec0bb49ba6d08cfd2d3a6308688e39f28e3ecd669c588368cee8210edf5dbefb925":"77e51e89dc47bbcac79cca21e81a61de":"25a6f8800a9b914c0ebf9a45d72355c03ee72a138eb81b2980f332645ce1d7aa4659805821866aee2b276e2c032776b4eaf36f93b5f9a72b791be24e31eff105ca6d0700e3069ee327983dd7fe1c7465d6c6d77837aff69055149988e7199847fad98605c377d997dbd40f3e2ff1a4f978a493684e401249e69540fbde96323c":112:"ee6d85d3f3703b45adb4f9b2f155":"44ca68deed5478074adfddc97f06f44c08bf7bca4dee8707d621fc7396fe2efcdad0a167d1708a9ff59ce4cddb86920bf1dbdf41b2109a1815ffc4e596787319114cad8adab46cf7f080c9ef20bcf67a8441ba55eac449f979280319524c74cf247818a8c5478ea6f6770996026a43781285dd89c36212050afc88faa56135fb":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"59c9258554363d8a885fc0f5d112fee08eadfc7ce52a0e7e73e3d0d41d9a0290":"79c491411402ea7878e480519fd984dde44bce6459303bb76d4eaf97d4e345d1aafaa68ceb0590b41cfed0f411b675d9344c7e888cccfc9eb6fe6b229d198f94ba516ee850ee7f078a4f5f32a23f92f72264e3a76a31ebd042564315ac4f2ec0bb49ba6d08cfd2d3a6308688e39f28e3ecd669c588368cee8210edf5dbefb925":"77e51e89dc47bbcac79cca21e81a61de":"25a6f8800a9b914c0ebf9a45d72355c03ee72a138eb81b2980f332645ce1d7aa4659805821866aee2b276e2c032776b4eaf36f93b5f9a72b791be24e31eff105ca6d0700e3069ee327983dd7fe1c7465d6c6d77837aff69055149988e7199847fad98605c377d997dbd40f3e2ff1a4f978a493684e401249e69540fbde96323c":112:"ee6d85d3f3703b45adb4f9b2f155":"":"44ca68deed5478074adfddc97f06f44c08bf7bca4dee8707d621fc7396fe2efcdad0a167d1708a9ff59ce4cddb86920bf1dbdf41b2109a1815ffc4e596787319114cad8adab46cf7f080c9ef20bcf67a8441ba55eac449f979280319524c74cf247818a8c5478ea6f6770996026a43781285dd89c36212050afc88faa56135fb":0
AES-GCM NIST Validation (AES-256,128,1024,1024,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5e9eae594cb54c8089330e4404ff79abb1c0841b0be5347a14633ad1e1ff44fa":"32abc1eb6077555a85a0a6fd1c78cccca6c8b375842e2eb8eee45ee6c38dc0837443d16c647252e8124639dd01c808ac5e857a25d927c2a75e2fa8955cad5beb5c206fc050cd933fc4621f5718936f01f39dd700ae1aee7537cc595df8789c5d1a6e1e87b1c7a60e3ce5d57c80dd65dee3801798e1481b1963bcc78cc69f8c50":"0917b486da754f48bb43ecc8766a7ce3":"2aa1ef2f91aeba5da10b48a882dbd4574df4e9157a18abf8cecd03e4176712ba171b6ecb0e745841ff84e35063e47b08101afc44cfd9cededb913a82f00b9d4bac922f23a22f200642270399896405d00fa5271718eefb4cd5fe7e5f32097766ebff36ff1898a1c8a1a01cc18e6121e470805c37ff298fc65ef2fb1b336d09fd":112:"92282b022e393924ab9c65b258c2":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5e9eae594cb54c8089330e4404ff79abb1c0841b0be5347a14633ad1e1ff44fa":"32abc1eb6077555a85a0a6fd1c78cccca6c8b375842e2eb8eee45ee6c38dc0837443d16c647252e8124639dd01c808ac5e857a25d927c2a75e2fa8955cad5beb5c206fc050cd933fc4621f5718936f01f39dd700ae1aee7537cc595df8789c5d1a6e1e87b1c7a60e3ce5d57c80dd65dee3801798e1481b1963bcc78cc69f8c50":"0917b486da754f48bb43ecc8766a7ce3":"2aa1ef2f91aeba5da10b48a882dbd4574df4e9157a18abf8cecd03e4176712ba171b6ecb0e745841ff84e35063e47b08101afc44cfd9cededb913a82f00b9d4bac922f23a22f200642270399896405d00fa5271718eefb4cd5fe7e5f32097766ebff36ff1898a1c8a1a01cc18e6121e470805c37ff298fc65ef2fb1b336d09fd":112:"92282b022e393924ab9c65b258c2":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aaf03c3055a35362212b9b059931e7a24fc71e32bc9a533428c9dc31077f2ebc":"c0e12cdd8233878505e025d52427536be7b6bf1887d2dd20eac7092db80b22417a3a4ca83cdf5bc5e36161be1ff9b73f7ceb297c6d07c9cb2a75035a5dc079e48283daea60596f4b356ca28c243e628cbe459f069709fe193394c9b1a31d8ccc5a3a4eba30056c415e68571a2c34bb5c32efff12e9aa483c4a68be5e76aba4cd":"7dfccd077b29e6ed5720244bb76bde9f":"21edd1c6056f51fd5f314e5c26728182edcd9df92877f30498949098dcde8089eed84e76d774ef8874d77125669a302d268b99dcd66b349d0271dde6f8cc94dc4f2df3787887b1173cad94d067e346846befb108005387102854d9387d2c0fbc9636cdf73a10d145f4b612c201b46e1ff4465f6a7654ce3da5792daf9a27fb35":104:"6154c6799ad7cdc2d89801943a":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aaf03c3055a35362212b9b059931e7a24fc71e32bc9a533428c9dc31077f2ebc":"c0e12cdd8233878505e025d52427536be7b6bf1887d2dd20eac7092db80b22417a3a4ca83cdf5bc5e36161be1ff9b73f7ceb297c6d07c9cb2a75035a5dc079e48283daea60596f4b356ca28c243e628cbe459f069709fe193394c9b1a31d8ccc5a3a4eba30056c415e68571a2c34bb5c32efff12e9aa483c4a68be5e76aba4cd":"7dfccd077b29e6ed5720244bb76bde9f":"21edd1c6056f51fd5f314e5c26728182edcd9df92877f30498949098dcde8089eed84e76d774ef8874d77125669a302d268b99dcd66b349d0271dde6f8cc94dc4f2df3787887b1173cad94d067e346846befb108005387102854d9387d2c0fbc9636cdf73a10d145f4b612c201b46e1ff4465f6a7654ce3da5792daf9a27fb35":104:"6154c6799ad7cdc2d89801943a":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"60c775971a9eac7950ed2bdd85bd60fe948ba04c419f6743fb67f37557e46c6e":"8abb2e66a4d08074916056bb8e925551372f737f0e1b597c5d08ee102989743a273b29d7281013f8b3aee2934399cb427370d70370ee86eb41584b653660c633506a53cae747826bb7d93909f069d5aacf058b7f2bbdc58ea08653db857bda83a979fc22a4f126dfef7aac45177f4cdb802fab0c812fb35d12a8176ec21336d7":"9b92ad7079b0de09c94091386577338b":"1f6a84b0df75bd99a2a64849e9686957c6a60932ebe898d033128be9b757e9890225925d856bfdc33ff514c63145f357730bb0435c65342bc5e025267b410af6fd388a5eca01b7efc87fd3b1b791df791bd47dfab736350d7b7f368b4100e04c939d5af957bab95ed502dac904e969876674602a0f0790da2d7351b686e46590":104:"1d6cd4ab3914e109f22668867f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"60c775971a9eac7950ed2bdd85bd60fe948ba04c419f6743fb67f37557e46c6e":"8abb2e66a4d08074916056bb8e925551372f737f0e1b597c5d08ee102989743a273b29d7281013f8b3aee2934399cb427370d70370ee86eb41584b653660c633506a53cae747826bb7d93909f069d5aacf058b7f2bbdc58ea08653db857bda83a979fc22a4f126dfef7aac45177f4cdb802fab0c812fb35d12a8176ec21336d7":"9b92ad7079b0de09c94091386577338b":"1f6a84b0df75bd99a2a64849e9686957c6a60932ebe898d033128be9b757e9890225925d856bfdc33ff514c63145f357730bb0435c65342bc5e025267b410af6fd388a5eca01b7efc87fd3b1b791df791bd47dfab736350d7b7f368b4100e04c939d5af957bab95ed502dac904e969876674602a0f0790da2d7351b686e46590":104:"1d6cd4ab3914e109f22668867f":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3b426e449337a14bc0663246ab61b671b523c9a3130c21ed59c93fa6a5aa5ae3":"291bd5a00d71eb7d547b7c94e7030ba4a947418eaeb378a3bacd304b08c6f92f6958eaba968ac6aa23e0512a2a8ad7c1ca2f8fcf623bfc1281f5b7b598c08d2aebcd447668b23238c5e338b4c2ac7f8fd381714c596ea3e0c17aca4317a08563e58f0f52a8af08e078dc242ae54ee0fe3869f8c9687b004a4ded0aa27d8f4c5d":"e6efc96acd105fe4a48d1ac931eea096":"0902cf7a0685444126369712ac47962bc2f7a3a5837f1b6190d9ab1adb4cd35e7f0892eee628b8e07fcf2b598cebe1ec07d8c4823172ae66a135bb51cc71590707b691a66b56af1ffe38772911d11685da355728eaddd83752d21c119d7b59f4c17c2403629fa55cd70cd331aed7b0de673c85f25c2e9e0267f53f0b7480c8ca":104:"ca4bfeedcd19d301d3f08cb729":"bcef3f2fd101b828d36cb38530cf9a0a7a285ac1c55ee1069cc78466327e85887534c98a8891d579effd832c0f7d6e7e822fb1eea85a39317a547591def4aeed6660872859fc9d1df9725d3c40e9ccaa900e0f1426a55d20ac4f2e8e07bd3bbc687f8e059ab93e7604c97e75ac94be1c8c24f4c4da0080a4d77953fb090cbb62":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3b426e449337a14bc0663246ab61b671b523c9a3130c21ed59c93fa6a5aa5ae3":"291bd5a00d71eb7d547b7c94e7030ba4a947418eaeb378a3bacd304b08c6f92f6958eaba968ac6aa23e0512a2a8ad7c1ca2f8fcf623bfc1281f5b7b598c08d2aebcd447668b23238c5e338b4c2ac7f8fd381714c596ea3e0c17aca4317a08563e58f0f52a8af08e078dc242ae54ee0fe3869f8c9687b004a4ded0aa27d8f4c5d":"e6efc96acd105fe4a48d1ac931eea096":"0902cf7a0685444126369712ac47962bc2f7a3a5837f1b6190d9ab1adb4cd35e7f0892eee628b8e07fcf2b598cebe1ec07d8c4823172ae66a135bb51cc71590707b691a66b56af1ffe38772911d11685da355728eaddd83752d21c119d7b59f4c17c2403629fa55cd70cd331aed7b0de673c85f25c2e9e0267f53f0b7480c8ca":104:"ca4bfeedcd19d301d3f08cb729":"":"bcef3f2fd101b828d36cb38530cf9a0a7a285ac1c55ee1069cc78466327e85887534c98a8891d579effd832c0f7d6e7e822fb1eea85a39317a547591def4aeed6660872859fc9d1df9725d3c40e9ccaa900e0f1426a55d20ac4f2e8e07bd3bbc687f8e059ab93e7604c97e75ac94be1c8c24f4c4da0080a4d77953fb090cbb62":0
AES-GCM NIST Validation (AES-256,128,1024,1024,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ceaf204ff504ea8e7fade1a2097f2b527a44766860447322fa5ad346cd810217":"1c8e4cf6018211518494d46c2e0607fa42e236abc28d58f8175c530f84b1f030572f5f6a74cb5517e1fb999a637d352afcbeadea9121e695675859b66b499a3a351ecba5226e58ebbb59fe12e359e4c89cd51c8703d4643c49921ae495801c73627df404b91e828e1d0e03ae09a39defb5aa5f2c8106953772ba0713d3261329":"cfdb8183251f4b61c64e73243594fdc6":"a60f3969fd1b14793dd1425aa0b1f742a4861e0b50eaffd1525cd209ba6d1252176763bb5bee59aaa55f92341cdc0705899aba44cf0ec05cbf80274ebef65cd9507fd4224b25cac19610968d6a37e2daf9ddf046ef158ef512401f8fd0e4f95662eebdee09dd4a7894cc8c409be086d41280bd78d6bc04c35a4e8cd3a2e83be3":96:"9e45029f4f13a4767ee05cec":"5cdc66b587ed5eebb04f42b83a6ab7017093514881c598cce332d74fa3fab927493ac15bff26835296e080b5b45ef907c0529fc2f4ed2fc09db179ef598e5d193ea60c301d3f8d823404814e3e74de0e1d2417c963e9246c353201c7a42659d447376e7d05c579dd4c3ae51c2436407b8eff16ec31f592f04b8013efcfd0f367":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ceaf204ff504ea8e7fade1a2097f2b527a44766860447322fa5ad346cd810217":"1c8e4cf6018211518494d46c2e0607fa42e236abc28d58f8175c530f84b1f030572f5f6a74cb5517e1fb999a637d352afcbeadea9121e695675859b66b499a3a351ecba5226e58ebbb59fe12e359e4c89cd51c8703d4643c49921ae495801c73627df404b91e828e1d0e03ae09a39defb5aa5f2c8106953772ba0713d3261329":"cfdb8183251f4b61c64e73243594fdc6":"a60f3969fd1b14793dd1425aa0b1f742a4861e0b50eaffd1525cd209ba6d1252176763bb5bee59aaa55f92341cdc0705899aba44cf0ec05cbf80274ebef65cd9507fd4224b25cac19610968d6a37e2daf9ddf046ef158ef512401f8fd0e4f95662eebdee09dd4a7894cc8c409be086d41280bd78d6bc04c35a4e8cd3a2e83be3":96:"9e45029f4f13a4767ee05cec":"":"5cdc66b587ed5eebb04f42b83a6ab7017093514881c598cce332d74fa3fab927493ac15bff26835296e080b5b45ef907c0529fc2f4ed2fc09db179ef598e5d193ea60c301d3f8d823404814e3e74de0e1d2417c963e9246c353201c7a42659d447376e7d05c579dd4c3ae51c2436407b8eff16ec31f592f04b8013efcfd0f367":0
AES-GCM NIST Validation (AES-256,128,1024,1024,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"15652abe38cd09777bba21d0db04637f5737d3cb3922181b9f2d07bfdafd327a":"1d6c153dec3b4738a09c9fbdfe31a093eb7ea79b8fa49f83e5e1f46893590f074fb171fb66e30ef887767014e3a10a3aa05da2bd50dd7b7936e1d7f6f31af9030e31e76bdf147f4396464db0f6a72511c4885c6c2305d339906e3c761a3249d7ebea3bf463e8b79c3706e684575550e964b8047979f7aed6ea05056c4b5840b1":"3a5e0d223ae981efb405566264e3e776":"cd755437cb61b539908e0cfaaa36c0123f8f17d1e6539783cb61d4b56cac3bc1e971c1ea558b12669b025cb6b9ad55991c6e2f8ee8b0b7901790193e226a0fbbfff7ff0bee6a554660b9f32e061b6c04bf048484ff9ebd492f7e50e744edd72d02c8fd32f87f9421bf18a5a20ebb4d9dbe39a13c34b7296232470e8be587ba09":96:"01a573d8e99c884563310954":"162430c23f7adcf98575a2d9249b4b5cec42efae33776360ebfa6a19c8eee4bd6b07cbd274deadc3292b7cdbb7803e99d9f67ccc5077f3ad5808f339a05b3213dbfd11377673d4f9b486a67a72a9ac8ea9ba699861dce0de7e2fd83d3ba2a2ec7fabf18b95a2bbe2184ff7bddd63111b560b3afe7f2c76807614ba36c1b011fb":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"15652abe38cd09777bba21d0db04637f5737d3cb3922181b9f2d07bfdafd327a":"1d6c153dec3b4738a09c9fbdfe31a093eb7ea79b8fa49f83e5e1f46893590f074fb171fb66e30ef887767014e3a10a3aa05da2bd50dd7b7936e1d7f6f31af9030e31e76bdf147f4396464db0f6a72511c4885c6c2305d339906e3c761a3249d7ebea3bf463e8b79c3706e684575550e964b8047979f7aed6ea05056c4b5840b1":"3a5e0d223ae981efb405566264e3e776":"cd755437cb61b539908e0cfaaa36c0123f8f17d1e6539783cb61d4b56cac3bc1e971c1ea558b12669b025cb6b9ad55991c6e2f8ee8b0b7901790193e226a0fbbfff7ff0bee6a554660b9f32e061b6c04bf048484ff9ebd492f7e50e744edd72d02c8fd32f87f9421bf18a5a20ebb4d9dbe39a13c34b7296232470e8be587ba09":96:"01a573d8e99c884563310954":"":"162430c23f7adcf98575a2d9249b4b5cec42efae33776360ebfa6a19c8eee4bd6b07cbd274deadc3292b7cdbb7803e99d9f67ccc5077f3ad5808f339a05b3213dbfd11377673d4f9b486a67a72a9ac8ea9ba699861dce0de7e2fd83d3ba2a2ec7fabf18b95a2bbe2184ff7bddd63111b560b3afe7f2c76807614ba36c1b011fb":0
AES-GCM NIST Validation (AES-256,128,1024,1024,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a43f6d07042a15cd49f6f52a2a3a67c6c2ff420d95bb94b9fe03b287c3abcaf8":"b67e58c8b608724fd20aa097ee483bc4c804490cc79de635170944af75c87ae0ad8261365c1dc80d852553bcba18da9fbc3fbe61d27550a03003ef0c60202054626655509a9e1ab54677e537a4e761df011d6c6dd041c795446b384161ae9eab441afd24d19b58eb4fe5116cd7b11b751ebbd0a2adba7afc380d9d775177099a":"3b6fad21f0034bba8b1f7a344edf7a3c":"2e01c0523c8293fc51388281dccdb8d0a2d215d729289deb327b8142d716c2bb849e9476545b82f3882ba7961b70c5da2a925ba18b6b121e9215d52ac479c9129c9cd28f81584ff84509d5f9dcb7eaae66911b303cc388efa5020ac26a9cd9ea953f61992a306eb4b35bcd8447eea63cef37bb0c95c1e37811115cf26c53e8c5":96:"43470bc3d7c573cb3a5230f5":"e1720d451fa7ab9db4988567187244b15b6fe795dd4fef579fb72e41b21aaa436d2e5d8735a4abd232a3fb9188c75c247f6034cdebb07fd7f260f8e54efefa4f2981cafa510dd5c482a27753a7c015b3cae1c18c7c99a6d6daa4781b80f18bbe6620bfc1518a32531017a1a52aadb96a7794887c11ad6bdd68187ba14f72a4b5":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a43f6d07042a15cd49f6f52a2a3a67c6c2ff420d95bb94b9fe03b287c3abcaf8":"b67e58c8b608724fd20aa097ee483bc4c804490cc79de635170944af75c87ae0ad8261365c1dc80d852553bcba18da9fbc3fbe61d27550a03003ef0c60202054626655509a9e1ab54677e537a4e761df011d6c6dd041c795446b384161ae9eab441afd24d19b58eb4fe5116cd7b11b751ebbd0a2adba7afc380d9d775177099a":"3b6fad21f0034bba8b1f7a344edf7a3c":"2e01c0523c8293fc51388281dccdb8d0a2d215d729289deb327b8142d716c2bb849e9476545b82f3882ba7961b70c5da2a925ba18b6b121e9215d52ac479c9129c9cd28f81584ff84509d5f9dcb7eaae66911b303cc388efa5020ac26a9cd9ea953f61992a306eb4b35bcd8447eea63cef37bb0c95c1e37811115cf26c53e8c5":96:"43470bc3d7c573cb3a5230f5":"":"e1720d451fa7ab9db4988567187244b15b6fe795dd4fef579fb72e41b21aaa436d2e5d8735a4abd232a3fb9188c75c247f6034cdebb07fd7f260f8e54efefa4f2981cafa510dd5c482a27753a7c015b3cae1c18c7c99a6d6daa4781b80f18bbe6620bfc1518a32531017a1a52aadb96a7794887c11ad6bdd68187ba14f72a4b5":0
AES-GCM NIST Validation (AES-256,128,1024,1024,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1f0f0191e18db07c0501dbab4ed952c5603a4cd249d2d8d17e62e10b96ae713f":"aad40e7866c26e486b6f6e8eb14a130d5f88891bf0d09aa8fe32f447ab8dea7bee5d3eda4499c0103a010483f2b64fdf1155499d31decf528c77dd7627884f9995c213cf7402143dbb7561d69c86886734260ac94ffac7eb33598d25714228ef43f744ec1af2a87e789f1e5d6fff0fbd5082dcc49328f194e8f8a14a5bfc962d":"ab8be16b4db809c81be4684b726c05ab":"a5a6e828352a44bd438ad58de80011be0408d410f6e762e3145f8b264a70c593476b41bb87875746c97de7d5fab120bd2f716b37c343608ee48d197a46c7546fafcdbe3e7688b7e9d2f5b6319c91d3881d804546b5f3dbe480996968dd046f406c11f0dc671be0421cbc8b4ea6811dd504281518bb96148dddf9f0dc4e2e2436":64:"d8bd7d8773893519":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1f0f0191e18db07c0501dbab4ed952c5603a4cd249d2d8d17e62e10b96ae713f":"aad40e7866c26e486b6f6e8eb14a130d5f88891bf0d09aa8fe32f447ab8dea7bee5d3eda4499c0103a010483f2b64fdf1155499d31decf528c77dd7627884f9995c213cf7402143dbb7561d69c86886734260ac94ffac7eb33598d25714228ef43f744ec1af2a87e789f1e5d6fff0fbd5082dcc49328f194e8f8a14a5bfc962d":"ab8be16b4db809c81be4684b726c05ab":"a5a6e828352a44bd438ad58de80011be0408d410f6e762e3145f8b264a70c593476b41bb87875746c97de7d5fab120bd2f716b37c343608ee48d197a46c7546fafcdbe3e7688b7e9d2f5b6319c91d3881d804546b5f3dbe480996968dd046f406c11f0dc671be0421cbc8b4ea6811dd504281518bb96148dddf9f0dc4e2e2436":64:"d8bd7d8773893519":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a6cf7d83137f57f2310ee6bf31e8883952bb07ccdc12f516233ed533ea967e5d":"83ab20698fd7573fd121976a72b45a7f03aad84702fc8ac73d6926eabd8a546895aeffe4ba81d117507e2cd37d58eeff71cc3afa8a4449be85f228ea52f6dc6395bb43c1c9f795343720841682d9b2f00602eafa4d4cbe297bfc62467e526b9d823cc8eeecd9e5f8dbc2f65610663c6f37b3d896651b254bd60215629ade3b2a":"f17e37e73a28c682366bfe619cc673bb":"0f4dd201b18e20230b6233e0d7add6f96537dd4e82d3d0704c047fab41af5faf6bd52bd14fa9a072f81d92a2ce04352f0b66f088c67102d2d127a9850b09ff6087f194a6e8ccaba24091feb303eebb65f1203b2d22af44e7be4de71f03e6f6cbadf28e15af58f58eb62e5bddfae06df773cc3f0942520de20078dda752e3270f":64:"74110471ccd75912":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a6cf7d83137f57f2310ee6bf31e8883952bb07ccdc12f516233ed533ea967e5d":"83ab20698fd7573fd121976a72b45a7f03aad84702fc8ac73d6926eabd8a546895aeffe4ba81d117507e2cd37d58eeff71cc3afa8a4449be85f228ea52f6dc6395bb43c1c9f795343720841682d9b2f00602eafa4d4cbe297bfc62467e526b9d823cc8eeecd9e5f8dbc2f65610663c6f37b3d896651b254bd60215629ade3b2a":"f17e37e73a28c682366bfe619cc673bb":"0f4dd201b18e20230b6233e0d7add6f96537dd4e82d3d0704c047fab41af5faf6bd52bd14fa9a072f81d92a2ce04352f0b66f088c67102d2d127a9850b09ff6087f194a6e8ccaba24091feb303eebb65f1203b2d22af44e7be4de71f03e6f6cbadf28e15af58f58eb62e5bddfae06df773cc3f0942520de20078dda752e3270f":64:"74110471ccd75912":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0c85ac6b3887639838ddca94c5c69f38115aa00122322c8114642d12ea1b8fe":"0210fce418e7e2199cb8f899c81b9be74a630d00269755f882fc4db27632e99685cc12c426a7503473646df1288d0ede28408be9add5713628700f8e2b2e27d7522520ed00ac47239084651eb99e7d03e1520aae137b768f3144232c16b72158fd5da4a26a2525b9b27791bf06d1eb2e671c54daf64fddc1420bc2a30a324ba5":"14f68e533ecf02bceb9a504d452e78c7":"796a46236fd0ff6572b1d6257c874038f870aa71cbb06b39046d0fb6489d6ae8622b5154292ae5c4e1d5ff706daedb2e812533ae3a635d339a7fbe53780e3e8204924a5deb4b6856618f4c7465d125a3edffe1ab8f88b31d49537791c0f3171f08dbb5ed1d9ed863dafbae4ecb46824a4922862fe0954ee2caa09ab0e77ed8fc":64:"6fb0b5c83b5212bf":"5e6c362f7587936bcb306673713a6f1fb080783a20e9bbb906456973e529cfa0298206184509c30e1d3793eaaa5d564edd4488f04311821eb652e0a1f4adaf6971505ca014788c8ce085ceb3523d70284ed2bb0aebeba7af83d484df69c87f55a93b3d87baa43bd301c4e55eb8c45dcf3e4612535ea1bd5fdb4c3b9056d0cae9":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0c85ac6b3887639838ddca94c5c69f38115aa00122322c8114642d12ea1b8fe":"0210fce418e7e2199cb8f899c81b9be74a630d00269755f882fc4db27632e99685cc12c426a7503473646df1288d0ede28408be9add5713628700f8e2b2e27d7522520ed00ac47239084651eb99e7d03e1520aae137b768f3144232c16b72158fd5da4a26a2525b9b27791bf06d1eb2e671c54daf64fddc1420bc2a30a324ba5":"14f68e533ecf02bceb9a504d452e78c7":"796a46236fd0ff6572b1d6257c874038f870aa71cbb06b39046d0fb6489d6ae8622b5154292ae5c4e1d5ff706daedb2e812533ae3a635d339a7fbe53780e3e8204924a5deb4b6856618f4c7465d125a3edffe1ab8f88b31d49537791c0f3171f08dbb5ed1d9ed863dafbae4ecb46824a4922862fe0954ee2caa09ab0e77ed8fc":64:"6fb0b5c83b5212bf":"":"5e6c362f7587936bcb306673713a6f1fb080783a20e9bbb906456973e529cfa0298206184509c30e1d3793eaaa5d564edd4488f04311821eb652e0a1f4adaf6971505ca014788c8ce085ceb3523d70284ed2bb0aebeba7af83d484df69c87f55a93b3d87baa43bd301c4e55eb8c45dcf3e4612535ea1bd5fdb4c3b9056d0cae9":0
AES-GCM NIST Validation (AES-256,128,1024,1024,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e61b1a6b40e2ab1245ff65dcfb9948318ac4fe55e9ed600cec301dae32ae0e93":"8d67fa9fcf078e421cb63abeb25dba739ab0e09a091dd06b0c616e1e888f350edb2d73a42f57f115266ea20c7f8fc143ac746649612df06a5e29b4a15934dc049be1ab49d018ab86c4f37d8c3d9c714f038029e74d8ee3dbe61d81adc63712ea413b37f7604da12107aa1695d9b0981e5a92cdfaa5fbda0e31b22c6fd6f3b499":"c356244b3034d288e4d4fe901b8e27c1":"bdcfeb09d5b97bab05a7acd9849e7de2c5beb7a4dc573c7e1c1d0c0409245a6584023114fdcc6413c800ca16847bde750b27c4d590248e2ce457c19b0f614f6aff4d78d4a19b3251531e5e852fbb05d09412cc1ff8988d1955ca6f5fe2d820f20a7642e3ae69e8122b06ba0918e806400b9b615e1abe6fdd4f56a7d02d649083":32:"86acc02f":"7c73182eca97d9617abb478a6ce62e3491a7e9951981c89c3071b161a4c80440614c3f24d0155073e28dcccee96bc8303dab4901ef77318df522d16d9da47770ef022395d6104cd623d93d67090a27507fc8ca04157e7939e639c62cd0e7d8a472314833c0eaa9ba2fd54a25b02854e3bff25cccd638885c082374ae520ed392":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e61b1a6b40e2ab1245ff65dcfb9948318ac4fe55e9ed600cec301dae32ae0e93":"8d67fa9fcf078e421cb63abeb25dba739ab0e09a091dd06b0c616e1e888f350edb2d73a42f57f115266ea20c7f8fc143ac746649612df06a5e29b4a15934dc049be1ab49d018ab86c4f37d8c3d9c714f038029e74d8ee3dbe61d81adc63712ea413b37f7604da12107aa1695d9b0981e5a92cdfaa5fbda0e31b22c6fd6f3b499":"c356244b3034d288e4d4fe901b8e27c1":"bdcfeb09d5b97bab05a7acd9849e7de2c5beb7a4dc573c7e1c1d0c0409245a6584023114fdcc6413c800ca16847bde750b27c4d590248e2ce457c19b0f614f6aff4d78d4a19b3251531e5e852fbb05d09412cc1ff8988d1955ca6f5fe2d820f20a7642e3ae69e8122b06ba0918e806400b9b615e1abe6fdd4f56a7d02d649083":32:"86acc02f":"":"7c73182eca97d9617abb478a6ce62e3491a7e9951981c89c3071b161a4c80440614c3f24d0155073e28dcccee96bc8303dab4901ef77318df522d16d9da47770ef022395d6104cd623d93d67090a27507fc8ca04157e7939e639c62cd0e7d8a472314833c0eaa9ba2fd54a25b02854e3bff25cccd638885c082374ae520ed392":0
AES-GCM NIST Validation (AES-256,128,1024,1024,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4f5a02e9843d28c8c226ed70d44b8fced8fb757ab6ece4d4f06e3c3cec79e44f":"3ec13950d329f24074714c583bdc35686b811f775b76b0a8fcfa66fc56426c9d022f8ab0af38f8d2f71a068548330cdbe891670181ed7491bf40c739ef4dd93689fd35929b225089d2b151f83d9b3cd767300611144586767354c0491112c205409f3168092d27f9b9f433afb79820a2811984d48e70c1fb2a13bbb3ddbc53fb":"099e5d9aae89fb6391a18adf844a758e":"ad93e8662c3196e48cfdb5aa3bc923cd204151aa980cbec78f0d592b701f779c1c49f9e8686d7e2385a4146b21a643a59c18c8b82214f42560bcd686fad7c7c8e8c1944ce6b20ec9537dd14b6cf2592740ca112f4cd582250d69f240d3e957040e1f7e19c60b3c8f2bd00cb666604c38946eb9b2f17336d281b4794f71e538a2":32:"30298885":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4f5a02e9843d28c8c226ed70d44b8fced8fb757ab6ece4d4f06e3c3cec79e44f":"3ec13950d329f24074714c583bdc35686b811f775b76b0a8fcfa66fc56426c9d022f8ab0af38f8d2f71a068548330cdbe891670181ed7491bf40c739ef4dd93689fd35929b225089d2b151f83d9b3cd767300611144586767354c0491112c205409f3168092d27f9b9f433afb79820a2811984d48e70c1fb2a13bbb3ddbc53fb":"099e5d9aae89fb6391a18adf844a758e":"ad93e8662c3196e48cfdb5aa3bc923cd204151aa980cbec78f0d592b701f779c1c49f9e8686d7e2385a4146b21a643a59c18c8b82214f42560bcd686fad7c7c8e8c1944ce6b20ec9537dd14b6cf2592740ca112f4cd582250d69f240d3e957040e1f7e19c60b3c8f2bd00cb666604c38946eb9b2f17336d281b4794f71e538a2":32:"30298885":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cdb218e0bd0e02156e5b48182990f778889793ef6018a8928e61164ac047c8e":"4d039618a0eb640329f90fe97de18bc928fc3fc7a0db42c97774bec2e882e872fc1097c8319f7837a16516bf387b1bae321c565e8fc1cb8480f051158e4685f0adba310d2c6253bc1300403cbd3f7ddcb2796a69f8bf9e73d47aada9a02673c1a3d5ecdac838abf22b385906236529a1b7dd5b8af2611a04cf4f83b15ba41cfc":"d2ffbb176f86bee958e08e5c7c6357c7":"bc580c4223f34e4f867d97febf9b03629d1c00c73df94436852cafd1408c945c5474c554cb0faf2bae35d3160c823d339a64ebd607cf765fa91f416fc6db042bc2bd7445c129b4a0e04b6f92a7b7b669eb70be9f9b2569e774db7cb7ae83943e3a12d29221356e08e5bf1b09e65f193d00d9fe89f82b84b3b8b062e649163dc8":32:"1997daa9":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cdb218e0bd0e02156e5b48182990f778889793ef6018a8928e61164ac047c8e":"4d039618a0eb640329f90fe97de18bc928fc3fc7a0db42c97774bec2e882e872fc1097c8319f7837a16516bf387b1bae321c565e8fc1cb8480f051158e4685f0adba310d2c6253bc1300403cbd3f7ddcb2796a69f8bf9e73d47aada9a02673c1a3d5ecdac838abf22b385906236529a1b7dd5b8af2611a04cf4f83b15ba41cfc":"d2ffbb176f86bee958e08e5c7c6357c7":"bc580c4223f34e4f867d97febf9b03629d1c00c73df94436852cafd1408c945c5474c554cb0faf2bae35d3160c823d339a64ebd607cf765fa91f416fc6db042bc2bd7445c129b4a0e04b6f92a7b7b669eb70be9f9b2569e774db7cb7ae83943e3a12d29221356e08e5bf1b09e65f193d00d9fe89f82b84b3b8b062e649163dc8":32:"1997daa9":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dc1a145c18bdbca760f35eea0d4a5992de04a0615964ec8b419c8288ab1470f0":"":"7f8368254955e1b6d55b5c64458f3e66":"":128:"8ddaa2c3ed09d53731834fa932d9d3af":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dc1a145c18bdbca760f35eea0d4a5992de04a0615964ec8b419c8288ab1470f0":"":"7f8368254955e1b6d55b5c64458f3e66":"":128:"8ddaa2c3ed09d53731834fa932d9d3af":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b4766d3a6615ee58b390daa228ae7a541c46ce80a1efe227cc43cb777df3232":"":"274367f31ec16601fe87a8e35b7a22dd":"":128:"5f3a757b596e06e9b246ed9bac9397f9":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b4766d3a6615ee58b390daa228ae7a541c46ce80a1efe227cc43cb777df3232":"":"274367f31ec16601fe87a8e35b7a22dd":"":128:"5f3a757b596e06e9b246ed9bac9397f9":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d19b04055bf6e7ff82e89daef66c9d8319ab25f9197e559444c5729b92c4f338":"":"796efaff4f172bef78453d36a237cd36":"":128:"3b445f38bf4db94f1a9ec771173a29e8":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d19b04055bf6e7ff82e89daef66c9d8319ab25f9197e559444c5729b92c4f338":"":"796efaff4f172bef78453d36a237cd36":"":128:"3b445f38bf4db94f1a9ec771173a29e8":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7ca68e300534a90a7a87ca9906e4ac614a6aa51f769b6e6129753a4f83d10317":"":"45e6b23f8b3feefd4b0ea06880b2c324":"":120:"6c0a1c9c2cf5a40407bfa1d5958612":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7ca68e300534a90a7a87ca9906e4ac614a6aa51f769b6e6129753a4f83d10317":"":"45e6b23f8b3feefd4b0ea06880b2c324":"":120:"6c0a1c9c2cf5a40407bfa1d5958612":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a2b7cd693239bbc93599d3d12c9876e7303b227b8ae718e2c62e689e1fd62903":"":"548c9c8fcc16416a9d2b35c29f0dacb3":"":120:"3aa21f221266e7773eeba4440d1d01":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a2b7cd693239bbc93599d3d12c9876e7303b227b8ae718e2c62e689e1fd62903":"":"548c9c8fcc16416a9d2b35c29f0dacb3":"":120:"3aa21f221266e7773eeba4440d1d01":"":"":0
AES-GCM NIST Validation (AES-256,128,0,0,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"156b854beb0c276a5e724f5da72f0d1ca4ae7cbd5f93a2257d95c2e5bfd78ad4":"":"a5129e2530f47bcad42fc5774ee09fe7":"":120:"6bb09ed183527c5d5ed46f568af35f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"156b854beb0c276a5e724f5da72f0d1ca4ae7cbd5f93a2257d95c2e5bfd78ad4":"":"a5129e2530f47bcad42fc5774ee09fe7":"":120:"6bb09ed183527c5d5ed46f568af35f":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d824330c60141264e1f709d63227a9a731bcc42b4adec1d8f0161b10b4fdb2ab":"":"c5afaa45312c64ab3c3cf9d6c4e0cc47":"":112:"55952a01eee29d8a1734bbdf3f8f":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d824330c60141264e1f709d63227a9a731bcc42b4adec1d8f0161b10b4fdb2ab":"":"c5afaa45312c64ab3c3cf9d6c4e0cc47":"":112:"55952a01eee29d8a1734bbdf3f8f":"":"":0
AES-GCM NIST Validation (AES-256,128,0,0,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5517589948d8aea778df6fd66c17a170d327f69e504f0a4bd504c4286a9f578":"":"6404b111c6289eefa0d88ed6117bb730":"":112:"637f82e592831531a8e877adfc2c":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5517589948d8aea778df6fd66c17a170d327f69e504f0a4bd504c4286a9f578":"":"6404b111c6289eefa0d88ed6117bb730":"":112:"637f82e592831531a8e877adfc2c":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f6137b2bcbd327fbcc7f313efa10f6ffaed30e4782e222e1225c87103fcae905":"":"3b87b08337a82272b192bd067e3245ec":"":112:"1f2dda372f20ffddd9dd4810e05f":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f6137b2bcbd327fbcc7f313efa10f6ffaed30e4782e222e1225c87103fcae905":"":"3b87b08337a82272b192bd067e3245ec":"":112:"1f2dda372f20ffddd9dd4810e05f":"":"":0
AES-GCM NIST Validation (AES-256,128,0,0,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5e70d1b78e931abf44bba3f937dbc344858516a8a8afe605818dc67d0c3e4c4":"":"58e70095c6f3a0cda2cdc7775e2f383d":"":104:"1763573f7dab8b46bc177e6147":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5e70d1b78e931abf44bba3f937dbc344858516a8a8afe605818dc67d0c3e4c4":"":"58e70095c6f3a0cda2cdc7775e2f383d":"":104:"1763573f7dab8b46bc177e6147":"":"":0
AES-GCM NIST Validation (AES-256,128,0,0,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90de0c047d1dd01d521f2dedec7eb81bc0ace7a5a693a7869eaafbb6e725ad7b":"":"d565c9cdfb5d0a25c4083b51729626bd":"":104:"78738d3e9f5e00b49635ac9a2d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90de0c047d1dd01d521f2dedec7eb81bc0ace7a5a693a7869eaafbb6e725ad7b":"":"d565c9cdfb5d0a25c4083b51729626bd":"":104:"78738d3e9f5e00b49635ac9a2d":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c43e8dbeafb079692483a9fcbab964b76fccca6ca99e1388a1aa9bf78dfd2f02":"":"f2bd4fe0d30c0e8d429cac90c8a7b1c8":"":104:"ea7b52490943380ccc902ca5ae":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c43e8dbeafb079692483a9fcbab964b76fccca6ca99e1388a1aa9bf78dfd2f02":"":"f2bd4fe0d30c0e8d429cac90c8a7b1c8":"":104:"ea7b52490943380ccc902ca5ae":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"13540919fdb95559e37b535a427efeee334309e34c4608459e204d931b8087e7":"":"c993c1802df0f075ce92963eb9bff9bd":"":96:"edfab013213591beb53e6419":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"13540919fdb95559e37b535a427efeee334309e34c4608459e204d931b8087e7":"":"c993c1802df0f075ce92963eb9bff9bd":"":96:"edfab013213591beb53e6419":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2a7b2e07c148ff0f627ae28c241a395876bbed0c20f3fd637330e986db025714":"":"8f7e1621c2227839da4ea60548290ffa":"":96:"f9da62f59c080160ec30b43d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2a7b2e07c148ff0f627ae28c241a395876bbed0c20f3fd637330e986db025714":"":"8f7e1621c2227839da4ea60548290ffa":"":96:"f9da62f59c080160ec30b43d":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b3e7837a75b38ae6d4299a1ae4af3c2460dfca558708de0874d6b1a5689b8360":"":"05d363b2452beff4b47afb052ac3c973":"":96:"6b4a16d1ea1c21b22bdcb235":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b3e7837a75b38ae6d4299a1ae4af3c2460dfca558708de0874d6b1a5689b8360":"":"05d363b2452beff4b47afb052ac3c973":"":96:"6b4a16d1ea1c21b22bdcb235":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9df3ccd95f7570f6ecf5e5329dcb79bcd46cbcf083fe03aa8f5bd0f645c6a607":"":"774f4e70a7577b5101c0c3d019655d3e":"":64:"98ff89a8e28c03fd":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9df3ccd95f7570f6ecf5e5329dcb79bcd46cbcf083fe03aa8f5bd0f645c6a607":"":"774f4e70a7577b5101c0c3d019655d3e":"":64:"98ff89a8e28c03fd":"":"":0
AES-GCM NIST Validation (AES-256,128,0,0,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1c7123e2e8d3774c8f1bdbb2272f19129e04f29b4351ae19c3b9d24e6ea1fe87":"":"99f25cebd6cfa7f41390b42df6a65f48":"":64:"8e14a0a4853a156a":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1c7123e2e8d3774c8f1bdbb2272f19129e04f29b4351ae19c3b9d24e6ea1fe87":"":"99f25cebd6cfa7f41390b42df6a65f48":"":64:"8e14a0a4853a156a":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"490090323e9257517e2453469caa3414045cacb4d05d5cebc6b9c06fa6d19291":"":"c1beff1ff6cdd62339aa21149c4da1e6":"":64:"f998d7c08d609b3a":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"490090323e9257517e2453469caa3414045cacb4d05d5cebc6b9c06fa6d19291":"":"c1beff1ff6cdd62339aa21149c4da1e6":"":64:"f998d7c08d609b3a":"":"":0
AES-GCM NIST Validation (AES-256,128,0,0,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"360e48dd38d9e7f5bf29a2994ab5b3c9c70247102d94049ae791850807a4c845":"":"88126c350dfc079c569210ee44a0e31a":"":32:"f2ebe5e4":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"360e48dd38d9e7f5bf29a2994ab5b3c9c70247102d94049ae791850807a4c845":"":"88126c350dfc079c569210ee44a0e31a":"":32:"f2ebe5e4":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1562b32e4dd843edaf4474b62cadd8f46d50461f5b22c9f1a8eae7367d35d71b":"":"af29fdb96f726c76f76c473c873b9e08":"":32:"13fd6dfd":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1562b32e4dd843edaf4474b62cadd8f46d50461f5b22c9f1a8eae7367d35d71b":"":"af29fdb96f726c76f76c473c873b9e08":"":32:"13fd6dfd":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,0,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d5160d0c98ffcb1c26aad755f67589000e2bb25fa940e6b1d81d780f421353d9":"":"1552604763453b48a57cea1aed8113f4":"":32:"660c5175":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d5160d0c98ffcb1c26aad755f67589000e2bb25fa940e6b1d81d780f421353d9":"":"1552604763453b48a57cea1aed8113f4":"":32:"660c5175":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c3a3ea3a097c0c2b3a4cb78462d87fd5a8f348687c4150e9d3354b388ab13d17":"":"f77945979241fb3a454d8e3da193e169":"a69bac31241a2c07d3f7e331b77f662b1e67ccb81c07f52578b01f5785de9437f02eb7627ca7b9af09c1cb428fe93d6deb31f4d6dd2f0729f87480bdeb92d985de1aaad4bcebc6fbad83bede9a5dd1ca6a15bf5d8a96d4edb5bee1f7d195e9b2e5fb2221a596d69f257c18a143eda870e22d3f2ed20c9b3b0d8c8a229c462fff":128:"6b4b1a84f49befe3897d59ce85598a9f":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c3a3ea3a097c0c2b3a4cb78462d87fd5a8f348687c4150e9d3354b388ab13d17":"":"f77945979241fb3a454d8e3da193e169":"a69bac31241a2c07d3f7e331b77f662b1e67ccb81c07f52578b01f5785de9437f02eb7627ca7b9af09c1cb428fe93d6deb31f4d6dd2f0729f87480bdeb92d985de1aaad4bcebc6fbad83bede9a5dd1ca6a15bf5d8a96d4edb5bee1f7d195e9b2e5fb2221a596d69f257c18a143eda870e22d3f2ed20c9b3b0d8c8a229c462fff":128:"6b4b1a84f49befe3897d59ce85598a9f":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e1626327d987342cba5c8c63b75b4ed65463a2b9c831f4f9f80325fa867d1d73":"":"4e25800deab7ecec2a2311f8fb44eb7d":"ebaffd558f24dae03117c69ac4b2b4aaeaffe7e0e7599eaba678bfce23a9914dc9f80b69f4a1c837a5544cba08064a8f924064cba4d783623600d8b61837a08b4e0d4eb9218c29bc3edb8dd0e78c1534ab52331f949b09b25fbf73bece7054179817bc15b4e869c5df1af569c2b19cb6d060855be9a15f2cf497c168c4e683f2":128:"8faa0ffb91311a1a2827b86fec01788d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e1626327d987342cba5c8c63b75b4ed65463a2b9c831f4f9f80325fa867d1d73":"":"4e25800deab7ecec2a2311f8fb44eb7d":"ebaffd558f24dae03117c69ac4b2b4aaeaffe7e0e7599eaba678bfce23a9914dc9f80b69f4a1c837a5544cba08064a8f924064cba4d783623600d8b61837a08b4e0d4eb9218c29bc3edb8dd0e78c1534ab52331f949b09b25fbf73bece7054179817bc15b4e869c5df1af569c2b19cb6d060855be9a15f2cf497c168c4e683f2":128:"8faa0ffb91311a1a2827b86fec01788d":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"938da64b837275b0c80c442bdf2301aa75e387fe65a775d10a8ec840f62ff429":"":"dec6adeb60216cbb8a6c3afba49fa201":"4ac144bd95f405649444f01ab67ef3e4c0a54fdbd933b6ba00518c79db45c22c90030c45aadcfdb53ec8199be0cbb22dbb9ab938a871f4b3b0c98ed32590a051abb946c42726b3e9701f183b2092985e3457943a6350fbcaece2e6b111b179ea3fd10ac080a577a1481785111d5f294bc28519c470ff94392a51a2c40a42d8b5":128:"2211ca91a809adb8cf55f001745c0563":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"938da64b837275b0c80c442bdf2301aa75e387fe65a775d10a8ec840f62ff429":"":"dec6adeb60216cbb8a6c3afba49fa201":"4ac144bd95f405649444f01ab67ef3e4c0a54fdbd933b6ba00518c79db45c22c90030c45aadcfdb53ec8199be0cbb22dbb9ab938a871f4b3b0c98ed32590a051abb946c42726b3e9701f183b2092985e3457943a6350fbcaece2e6b111b179ea3fd10ac080a577a1481785111d5f294bc28519c470ff94392a51a2c40a42d8b5":128:"2211ca91a809adb8cf55f001745c0563":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e2436484ea1f454d6451ad8dbd1574b208d7a3ab4fa34869299b85c24348b43d":"":"97040d2ec094fe1c64fa35b35b7451a7":"bc198677513ce0e66697dfe52b22315fa5d8f92042f34cc9f373a01f94607df1a599132f60af010ed9b5e52162dd7b162912b68b11700e08f5fdafd84d10f760fc05ec97c05b83e55155194f399594015b90a19c04fb992e228940fe1b54ba59c4bb8318b33cc0df1cb1d71c389473dfb3eefabfe269ca95db59a7bc0201c253":120:"2e080ba16011e22a779da1922345c2":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e2436484ea1f454d6451ad8dbd1574b208d7a3ab4fa34869299b85c24348b43d":"":"97040d2ec094fe1c64fa35b35b7451a7":"bc198677513ce0e66697dfe52b22315fa5d8f92042f34cc9f373a01f94607df1a599132f60af010ed9b5e52162dd7b162912b68b11700e08f5fdafd84d10f760fc05ec97c05b83e55155194f399594015b90a19c04fb992e228940fe1b54ba59c4bb8318b33cc0df1cb1d71c389473dfb3eefabfe269ca95db59a7bc0201c253":120:"2e080ba16011e22a779da1922345c2":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7fb3fc72eb8a3aa5b102f90039f852cc3fd64f46915f5e49f1d9e02fe9cc13b1":"":"f6120fea313362524917c53d90bafb4f":"60c2be7fbd15faf895fd19a9ce775fe2b183b45cffafe4fcbf50d421bea97347e41a9418cfa129b2dda63b889a70063010215dbe38c37feae18bc31b34f31b726f22177f2b4b9d648dd4aa80edfd12dafaee10baa83224354432d1cb62ccabe38bb8448d162cd0d30e988d2e1a2458ffdafaacbdff928756390f66dc60d7ea45":120:"83de3f521fcfdaff902386f359e683":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7fb3fc72eb8a3aa5b102f90039f852cc3fd64f46915f5e49f1d9e02fe9cc13b1":"":"f6120fea313362524917c53d90bafb4f":"60c2be7fbd15faf895fd19a9ce775fe2b183b45cffafe4fcbf50d421bea97347e41a9418cfa129b2dda63b889a70063010215dbe38c37feae18bc31b34f31b726f22177f2b4b9d648dd4aa80edfd12dafaee10baa83224354432d1cb62ccabe38bb8448d162cd0d30e988d2e1a2458ffdafaacbdff928756390f66dc60d7ea45":120:"83de3f521fcfdaff902386f359e683":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"697c96d80d0a3fa9af35b86f31fb71a17aed30ce841c79896bbc8863b3b3ee04":"":"3a5163ec7e007061838d755ac219855e":"de50c12da63232768d5eb9920d49683b5b7114cb77448fa10b9d63552ec5d9c2eac94b375d11f944959f903bb20c696639b6e7f108ec1e873870098c631ddacb2c25268cfc26d2a4cacfb7dda7383374c5456bcf4daa887a887f4293f8caa14419472a8bf7ffd214dfb2743091238b6d1142b116c2b9f4360c6fe0015cd7de81":120:"cd4542b26094a1c8e058648874f06f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"697c96d80d0a3fa9af35b86f31fb71a17aed30ce841c79896bbc8863b3b3ee04":"":"3a5163ec7e007061838d755ac219855e":"de50c12da63232768d5eb9920d49683b5b7114cb77448fa10b9d63552ec5d9c2eac94b375d11f944959f903bb20c696639b6e7f108ec1e873870098c631ddacb2c25268cfc26d2a4cacfb7dda7383374c5456bcf4daa887a887f4293f8caa14419472a8bf7ffd214dfb2743091238b6d1142b116c2b9f4360c6fe0015cd7de81":120:"cd4542b26094a1c8e058648874f06f":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"66c1d9ce3feb0e966c33e3fd542ec11cc32f18c2514b953103d32abcdc72633a":"":"46fdb88fdde9b7d74e893802a0303256":"55d2f263d2e3cf0b390fce1dd1ebd5f666086f26e1ce2f08002bedbb810ada3922c6bfcf6a6adaa556e9e326c9766f02b3eb6e278da2fa3baa7dbdb6373be3c6ecfbe646b1a39e27c5a449db9b559e7ea3496366b8cdbca00ee7a3dea7fdfbea1665bbf58bd69bb961c33a0fd7d37b580b6a82804f394f9d5d4366772cee3115":112:"96ca402b16b0f2cd0cdff77935d3":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"66c1d9ce3feb0e966c33e3fd542ec11cc32f18c2514b953103d32abcdc72633a":"":"46fdb88fdde9b7d74e893802a0303256":"55d2f263d2e3cf0b390fce1dd1ebd5f666086f26e1ce2f08002bedbb810ada3922c6bfcf6a6adaa556e9e326c9766f02b3eb6e278da2fa3baa7dbdb6373be3c6ecfbe646b1a39e27c5a449db9b559e7ea3496366b8cdbca00ee7a3dea7fdfbea1665bbf58bd69bb961c33a0fd7d37b580b6a82804f394f9d5d4366772cee3115":112:"96ca402b16b0f2cd0cdff77935d3":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d7c949420dc9497232cd5810f316d11f9e85d36c430b5943ba79836d88c1eb92":"":"7ef9788ff09cbeedd9569d49083a4097":"ca1de5cc3fcde2638eb72210e551e9c0e0a3f5570d5be83a9a4406b545d854bf17e75b9cd0f4c45722fbd71319a317b72a8798485e9316a1c8102432b83bc95af42f6d50700ba68f6f2e19b6af609b73ad643dfa43da94be32cc09b024e087c120e4d2c20f96f8e9ddfe7eae186a540a22131cedfe556d1ebd9306684e345fd1":112:"8233588fca3ad1698d07b25fa3c4":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d7c949420dc9497232cd5810f316d11f9e85d36c430b5943ba79836d88c1eb92":"":"7ef9788ff09cbeedd9569d49083a4097":"ca1de5cc3fcde2638eb72210e551e9c0e0a3f5570d5be83a9a4406b545d854bf17e75b9cd0f4c45722fbd71319a317b72a8798485e9316a1c8102432b83bc95af42f6d50700ba68f6f2e19b6af609b73ad643dfa43da94be32cc09b024e087c120e4d2c20f96f8e9ddfe7eae186a540a22131cedfe556d1ebd9306684e345fd1":112:"8233588fca3ad1698d07b25fa3c4":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6fe7c70815aa12326cdcbb2d2d3e088bbaaef98b730f87fe8510b33d30e12afe":"":"e0253bd1f19e99a7f8848206fb8ac4a4":"397897eca4856f90d14c3cdfe1ad3cba47e23174ae2dab7d2a6320898584e03bffa3ffd526f416d7b3c579b0f3628744e36eebb5df519240c81d8bbbf5c5966519c5da083ab30a7aa42deae6180e517cdd764b7f77d19cc1a84141817758887a8d7265e7e62279b9d33cd2f1ba10fd54c6c96d4b8a5dbe2318fef629c8e2af0f":112:"477b0a884d788d1905646bd66084":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6fe7c70815aa12326cdcbb2d2d3e088bbaaef98b730f87fe8510b33d30e12afe":"":"e0253bd1f19e99a7f8848206fb8ac4a4":"397897eca4856f90d14c3cdfe1ad3cba47e23174ae2dab7d2a6320898584e03bffa3ffd526f416d7b3c579b0f3628744e36eebb5df519240c81d8bbbf5c5966519c5da083ab30a7aa42deae6180e517cdd764b7f77d19cc1a84141817758887a8d7265e7e62279b9d33cd2f1ba10fd54c6c96d4b8a5dbe2318fef629c8e2af0f":112:"477b0a884d788d1905646bd66084":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cbeefb3817cb02d617f385cf2371d52c8bcbc29e5e7a55cd2da131ca184c6e89":"":"f74156d6400ae46b612531848bffe18f":"1abe2ab05ceccf2391273126fe4a4426b94d2c3b97a7f1cd2ee6bb952bf4a546e972b5a1701d5ddb0e5bb7a248fcb47107a9fc77e4b9806b68a11850119aa239fa8be1370e3a2e1a8b168f7323afdfc4b8917d92570167848a56132d68876abc386c258a9233dc8a9eb73443b052e842c3d63e8b5369acdd038404e4e9a4b038":104:"0cb67cec1820339fa0552702dd":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cbeefb3817cb02d617f385cf2371d52c8bcbc29e5e7a55cd2da131ca184c6e89":"":"f74156d6400ae46b612531848bffe18f":"1abe2ab05ceccf2391273126fe4a4426b94d2c3b97a7f1cd2ee6bb952bf4a546e972b5a1701d5ddb0e5bb7a248fcb47107a9fc77e4b9806b68a11850119aa239fa8be1370e3a2e1a8b168f7323afdfc4b8917d92570167848a56132d68876abc386c258a9233dc8a9eb73443b052e842c3d63e8b5369acdd038404e4e9a4b038":104:"0cb67cec1820339fa0552702dd":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e6f5f65ce2fc8ec3f602f5df90eb7d506dd771337913680ac16bdcd15c56583d":"":"9212a548c597677d1747e98ce6fb18a4":"55ca486c0183d0134925880d2e21dde0af51c4c77c6038a5a9c0497884e0aa4715bdb5b4bb864acc708ac00b511a24fa08496df6a0ca83259110e97a011b876e748a1d0eae2951ce7c22661a3e2ecf50633c50e3d26fa33c2319c139b288825b7aa5efbd133a5ce7483feecb11167099565e3131d5f0cb360f2174f46cb6b37c":104:"08d7cc52d1637db2a43c399310":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e6f5f65ce2fc8ec3f602f5df90eb7d506dd771337913680ac16bdcd15c56583d":"":"9212a548c597677d1747e98ce6fb18a4":"55ca486c0183d0134925880d2e21dde0af51c4c77c6038a5a9c0497884e0aa4715bdb5b4bb864acc708ac00b511a24fa08496df6a0ca83259110e97a011b876e748a1d0eae2951ce7c22661a3e2ecf50633c50e3d26fa33c2319c139b288825b7aa5efbd133a5ce7483feecb11167099565e3131d5f0cb360f2174f46cb6b37c":104:"08d7cc52d1637db2a43c399310":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0e9a0391435acb57eae2e6217e0941c79a3ff938ec6a19b8a7db2ea972e49f54":"":"27cd1d7af7e491e30c8110cc01392529":"79140d32bb32dace0779e2d37a0f744d6d973e99a279962b43a6c0af63772e8a0a21d5d9dd3c33d4b218cb2f6f24dd8d93bb4e1e6a788cb93135321ecfed455e747fa919b85b63b9e98b4980a8ccb3b19d50d735742cb5853720c2ad37fa5b0e655149583585830f8d799c0d2e67c0dc24fc9273d9730f3bb367c487a5f89a25":104:"fbb477dd4b9898a9abc5a45c63":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0e9a0391435acb57eae2e6217e0941c79a3ff938ec6a19b8a7db2ea972e49f54":"":"27cd1d7af7e491e30c8110cc01392529":"79140d32bb32dace0779e2d37a0f744d6d973e99a279962b43a6c0af63772e8a0a21d5d9dd3c33d4b218cb2f6f24dd8d93bb4e1e6a788cb93135321ecfed455e747fa919b85b63b9e98b4980a8ccb3b19d50d735742cb5853720c2ad37fa5b0e655149583585830f8d799c0d2e67c0dc24fc9273d9730f3bb367c487a5f89a25":104:"fbb477dd4b9898a9abc5a45c63":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"55a12eeca637654252e3e40b371667e3f308b00f2fd2af696223e4cd89e3fd4e":"":"8a3793b6441258360f7f4801b03d0b26":"f5810dc5f25e49bd6d94bc63c2494aa7a579a4056a25f1dd9b2734d0b8731ee52523edd54ff475651d45c213e1bf254327fb0e2c41a7d85345b02bcc9d27b08915d332e1659671991a4bb74055967bebbba6ecceb182f57977130623d5a7b2175fa5a84b334868661c1f450b95562928b4791759796a177d59ed18bbf141e2ad":96:"99230019630647aedebbb24b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"55a12eeca637654252e3e40b371667e3f308b00f2fd2af696223e4cd89e3fd4e":"":"8a3793b6441258360f7f4801b03d0b26":"f5810dc5f25e49bd6d94bc63c2494aa7a579a4056a25f1dd9b2734d0b8731ee52523edd54ff475651d45c213e1bf254327fb0e2c41a7d85345b02bcc9d27b08915d332e1659671991a4bb74055967bebbba6ecceb182f57977130623d5a7b2175fa5a84b334868661c1f450b95562928b4791759796a177d59ed18bbf141e2ad":96:"99230019630647aedebbb24b":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d353f870a9c088de5674efd97646b9c5420b2bcdfcffefcadd81682847e5331":"":"f267fa982af5c85359b6447f9b7715ea":"7cf55630867af5dff747c8dd25bcc531d94a7730a20b6c03d46059ea93fcaa00d07ee17dad0e0dff814b02dfef0cbe00b37fd2f5f95ead7c72be60016f2934d7683fc1e47185c7211c49cb03e209b088edb14e533dbcb792ab7033728904f7ff12381a236dba97894ec1fafcf853ab15fff343f9265d0283acef10168ffd1271":96:"9553b583d4f9a1a8946fe053":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d353f870a9c088de5674efd97646b9c5420b2bcdfcffefcadd81682847e5331":"":"f267fa982af5c85359b6447f9b7715ea":"7cf55630867af5dff747c8dd25bcc531d94a7730a20b6c03d46059ea93fcaa00d07ee17dad0e0dff814b02dfef0cbe00b37fd2f5f95ead7c72be60016f2934d7683fc1e47185c7211c49cb03e209b088edb14e533dbcb792ab7033728904f7ff12381a236dba97894ec1fafcf853ab15fff343f9265d0283acef10168ffd1271":96:"9553b583d4f9a1a8946fe053":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d227c9ff5d17a984983056fb96f3991932ae8132377529c29238cf7db94a359d":"":"b8f6536f376a7efe0e684acf350bae70":"1cc25da31f90de7fa47ebce92754d3faa99f88d4e25ccab45645c1acdf850d55d7f02f61a0bfdc3125f29259d7da8abef532fe0966c63d3486753c8a2cb63a39349a0641b2f2b9526a03b97d58ca60fbb054c6c164ff2836688b0cad54df2b165bc082eeae660e768dde5130e30f8edc863446661c74da69b9e56de8ae388da0":96:"44b95a37fab232c2efb11231":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d227c9ff5d17a984983056fb96f3991932ae8132377529c29238cf7db94a359d":"":"b8f6536f376a7efe0e684acf350bae70":"1cc25da31f90de7fa47ebce92754d3faa99f88d4e25ccab45645c1acdf850d55d7f02f61a0bfdc3125f29259d7da8abef532fe0966c63d3486753c8a2cb63a39349a0641b2f2b9526a03b97d58ca60fbb054c6c164ff2836688b0cad54df2b165bc082eeae660e768dde5130e30f8edc863446661c74da69b9e56de8ae388da0":96:"44b95a37fab232c2efb11231":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b2a57ef85ffcf0548c3d087012b336c46f6574cf1d97ca087bfad042ee83eec2":"":"3d580402d2a8dc4d7466e5dcb456be7a":"c2b9e95c16e55028794a63ef82d11fb83a2a75dc34a81f238e472c33264534bdd54cd07d02a0ecf9019ad1a6d6c779f339dd479e37940486950f183bade24fca2f24f06d4037b3555b09fc80279ea311769473eb0630b694a29823324cdf780d7d1a50d89f7a23b05f7a8c3ad04b7949aa9e6a55978ba48d8078b5a2fd3c1bbb":64:"072d4118e70cd5ab":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b2a57ef85ffcf0548c3d087012b336c46f6574cf1d97ca087bfad042ee83eec2":"":"3d580402d2a8dc4d7466e5dcb456be7a":"c2b9e95c16e55028794a63ef82d11fb83a2a75dc34a81f238e472c33264534bdd54cd07d02a0ecf9019ad1a6d6c779f339dd479e37940486950f183bade24fca2f24f06d4037b3555b09fc80279ea311769473eb0630b694a29823324cdf780d7d1a50d89f7a23b05f7a8c3ad04b7949aa9e6a55978ba48d8078b5a2fd3c1bbb":64:"072d4118e70cd5ab":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"63889ed5bf2c27d518a696b71c0f85592e3337aae95b5bf07289e4c5dfdc088d":"":"1ad534280a0fac7dce31f2ae4fb73f5a":"be1b9dabea33bb9443e27f674b27931c0fba699a33dc86fab29e50b76a9441030444b465317bbf2949faf908bc1b501d11a5ea2042e4b460a85f3be5836729e523d99b56ef39231d5c6d8ae2c2ab36ef44e2aa02a1f2c559c6e333216c7f9ed5f9b880a88e920219204c99a3ae8f90afd1396563bc59a691a93e0070b0b5fd90":64:"1bcea0ac2c1a0c73":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"63889ed5bf2c27d518a696b71c0f85592e3337aae95b5bf07289e4c5dfdc088d":"":"1ad534280a0fac7dce31f2ae4fb73f5a":"be1b9dabea33bb9443e27f674b27931c0fba699a33dc86fab29e50b76a9441030444b465317bbf2949faf908bc1b501d11a5ea2042e4b460a85f3be5836729e523d99b56ef39231d5c6d8ae2c2ab36ef44e2aa02a1f2c559c6e333216c7f9ed5f9b880a88e920219204c99a3ae8f90afd1396563bc59a691a93e0070b0b5fd90":64:"1bcea0ac2c1a0c73":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"94e3e2c17cfb6f52d4fdba3ba6d18bba891b6662e85df14d7e61f04adb69e0e5":"":"8a80efb3bfe220526997543409fddb4d":"05da1b0f7ac6eef488d3f087ecae7f35abe3ef36d339709dc3fcb5b471979268ee894c3b6c7f984300d70bc5ea5fba923bfb41d88652bdaecc710964c51f3e2ae2c280b7d6c8e3b9a8a8991d19d92d46c8a158123187f19397ad1ad9080b4ffd04b82b5d68d89dacd3e76439013728c1395263e722b28e45dabf1ef46b8e70b5":64:"faa5c13d899f17ea":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"94e3e2c17cfb6f52d4fdba3ba6d18bba891b6662e85df14d7e61f04adb69e0e5":"":"8a80efb3bfe220526997543409fddb4d":"05da1b0f7ac6eef488d3f087ecae7f35abe3ef36d339709dc3fcb5b471979268ee894c3b6c7f984300d70bc5ea5fba923bfb41d88652bdaecc710964c51f3e2ae2c280b7d6c8e3b9a8a8991d19d92d46c8a158123187f19397ad1ad9080b4ffd04b82b5d68d89dacd3e76439013728c1395263e722b28e45dabf1ef46b8e70b5":64:"faa5c13d899f17ea":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe5e479ad0d79dbf717a1f51f5250d467819e444b79cb3def1e0033c80ddadd8":"":"47ce838083fd070d8544c0ad5337cdc6":"98476bf05a18c4ff1b6024dd779c1ac06d838705a0a83fe42bee5fc6ebf3b2a1a5049b67f4aabc8239cd6ff56504bcbad1e2498c159bbec2a6635933945f6ea49e5bc763dcf94f4b3643d3888f16105abb0965e24f51cb4949406124145e9ae31cc76535b4178492f38b311099df2751f674363ae7a58f6f93019653b7e6a6f0":32:"a3958500":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe5e479ad0d79dbf717a1f51f5250d467819e444b79cb3def1e0033c80ddadd8":"":"47ce838083fd070d8544c0ad5337cdc6":"98476bf05a18c4ff1b6024dd779c1ac06d838705a0a83fe42bee5fc6ebf3b2a1a5049b67f4aabc8239cd6ff56504bcbad1e2498c159bbec2a6635933945f6ea49e5bc763dcf94f4b3643d3888f16105abb0965e24f51cb4949406124145e9ae31cc76535b4178492f38b311099df2751f674363ae7a58f6f93019653b7e6a6f0":32:"a3958500":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"27d4dedb71a8f68ca5ce2b9e56da772bf5a09b7981d41cd29f485bd2d1adb8d4":"":"7e6f0343c54539717a97b6c8b9f7dec4":"d386db78043f719b7e137cbf79a7f53dda2fe3baccbebb57d499f6eb168e5151f10081d76b72ae0f30165efbdda469e826f9246e59dbcad5c0b27691c00d6c192c24073e99c19cf8c142087c0b83c4ce2fc7ba1e696394e5620ab2d117d5dcd2ac2298997407fd5de07d008de8f9941a4a5f8074736a59404118afac0700be6c":32:"50fd1798":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"27d4dedb71a8f68ca5ce2b9e56da772bf5a09b7981d41cd29f485bd2d1adb8d4":"":"7e6f0343c54539717a97b6c8b9f7dec4":"d386db78043f719b7e137cbf79a7f53dda2fe3baccbebb57d499f6eb168e5151f10081d76b72ae0f30165efbdda469e826f9246e59dbcad5c0b27691c00d6c192c24073e99c19cf8c142087c0b83c4ce2fc7ba1e696394e5620ab2d117d5dcd2ac2298997407fd5de07d008de8f9941a4a5f8074736a59404118afac0700be6c":32:"50fd1798":"":"":0
AES-GCM NIST Validation (AES-256,128,0,1024,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a7aa836a469d28542d0d24d3232fad266da8fc889c6b6038b726d3da25f7b20":"":"9faf7cd805803e143ec8f3f13475efd2":"1006c707f608728b2bf64734062b12a5625062bcdcb80a3ce2058352a2922d5e6fbe19681b4f0d79ad3c837f81e72f2fbf8df669894e802a39072b26c286f4b05188c708f7c6edd5f5bb90b87ffa95b86d84d6c1c4591b11d22c772a8ad7f2fe6bd8b46be0e93672df2e8bff8ba80629e1846cfd4603e75f2d98874665c1a089":32:"07764143":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a7aa836a469d28542d0d24d3232fad266da8fc889c6b6038b726d3da25f7b20":"":"9faf7cd805803e143ec8f3f13475efd2":"1006c707f608728b2bf64734062b12a5625062bcdcb80a3ce2058352a2922d5e6fbe19681b4f0d79ad3c837f81e72f2fbf8df669894e802a39072b26c286f4b05188c708f7c6edd5f5bb90b87ffa95b86d84d6c1c4591b11d22c772a8ad7f2fe6bd8b46be0e93672df2e8bff8ba80629e1846cfd4603e75f2d98874665c1a089":32:"07764143":"":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a9444fd176acbe061d0221fde3ddfcc4ff74e995d981a831297c4cbda51c22a1":"c146ff5a988496cad7eced7a2ea471e0117d5d6bd2562c23ce9db4bf36d83ba3fc22e90486ec288a627d208e0b2fd3b65f8301cf7fc41d97959981a95cd1cf37effc46db99b94b21c941c3613c26a10b1a6b7793f467d58ff5134612230f1c49d7e1fcf664fe52fc6eca46273982f6fe729b009d90eb8d8e4a0b0dbe907b76da":"5714732145470da1c42452e10cd274b5":"":128:"db85b830a03357f408587410ebafd10d":"a3cad9a57fa28e6f6aaa37150a803bf8b77e765f0702e492c4e5ebb31ae6b12d791149153e469a92bb625784a699fd7ca517500ee3f2851840ba67063b28b481e24ba441314e8b7128f5aaccaf4c4e2c92258eb27310bf031422b7fc2f220f621d4c64837c9377222aced2411628018a409a744902c9e95c14b77d5bb7f5846b":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a9444fd176acbe061d0221fde3ddfcc4ff74e995d981a831297c4cbda51c22a1":"c146ff5a988496cad7eced7a2ea471e0117d5d6bd2562c23ce9db4bf36d83ba3fc22e90486ec288a627d208e0b2fd3b65f8301cf7fc41d97959981a95cd1cf37effc46db99b94b21c941c3613c26a10b1a6b7793f467d58ff5134612230f1c49d7e1fcf664fe52fc6eca46273982f6fe729b009d90eb8d8e4a0b0dbe907b76da":"5714732145470da1c42452e10cd274b5":"":128:"db85b830a03357f408587410ebafd10d":"":"a3cad9a57fa28e6f6aaa37150a803bf8b77e765f0702e492c4e5ebb31ae6b12d791149153e469a92bb625784a699fd7ca517500ee3f2851840ba67063b28b481e24ba441314e8b7128f5aaccaf4c4e2c92258eb27310bf031422b7fc2f220f621d4c64837c9377222aced2411628018a409a744902c9e95c14b77d5bb7f5846b":0
AES-GCM NIST Validation (AES-256,128,1024,0,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"686d3bd071e3f46f180611bc4ec8d7726fe72b6c617e7d42b3339f53918c9e36":"21983ad66449c557263aef299da6eef8f31d576fc17ed2dac3e836f7c2ceaff3094b2695452680e188df10c174810efd1fbaa6c832baedce0b92e4c7121447f6461ac909b4302cdf658095b1de532b536faa4fb38cfdf4192eb5c3fe090d979a343492f841b1edc6eb24b24bdcb90bbbe36d5f8409ce7d27194a7bb995ecc387":"a714e51e43aecfe2fda8f824ea1dc4b7":"":128:"cd30c3618c10d57e9a4477b4a44c5c36":"9610908a0eb2ee885981c9e512e1a55075a212d311073bbb2fb9248cce07af16ee4c58bdc8dbe806d28480f9065838146f3e1eb3ae97012cfe53863a13d487f061a49a6c78ca22a321fa25157dbe68c47d78f2359540cc9031ee42d78855ed90e6b8ea3d67725bfffcb6db3d438c982b5f88d9b660f7d82cb300c1fa1edebb6b":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"686d3bd071e3f46f180611bc4ec8d7726fe72b6c617e7d42b3339f53918c9e36":"21983ad66449c557263aef299da6eef8f31d576fc17ed2dac3e836f7c2ceaff3094b2695452680e188df10c174810efd1fbaa6c832baedce0b92e4c7121447f6461ac909b4302cdf658095b1de532b536faa4fb38cfdf4192eb5c3fe090d979a343492f841b1edc6eb24b24bdcb90bbbe36d5f8409ce7d27194a7bb995ecc387":"a714e51e43aecfe2fda8f824ea1dc4b7":"":128:"cd30c3618c10d57e9a4477b4a44c5c36":"":"9610908a0eb2ee885981c9e512e1a55075a212d311073bbb2fb9248cce07af16ee4c58bdc8dbe806d28480f9065838146f3e1eb3ae97012cfe53863a13d487f061a49a6c78ca22a321fa25157dbe68c47d78f2359540cc9031ee42d78855ed90e6b8ea3d67725bfffcb6db3d438c982b5f88d9b660f7d82cb300c1fa1edebb6b":0
AES-GCM NIST Validation (AES-256,128,1024,0,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6fe81f15a02e2ecf46e61199c057102d160e6b5d447d4a275972323fff908c3e":"0b4ee0385e6665da8fd2ae47f2d0cf1c5bd395a3bb447047ab5a3ae0b95355bf83d0381119a8d4c01acbe60cd7885da650502f73498a682fdc94f7b14f4c753226064fa15e3a90a6083e053f52f404b0d22394e243b187f913ee2c6bb16c3033f79d794852071970523a67467ce63c35390c163775de2be68b505a63f60245e8":"91d55cfdcdcd7d735d48100ff82227c3":"":128:"cd7da82e890b6d7480c7186b2ea7e6f1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6fe81f15a02e2ecf46e61199c057102d160e6b5d447d4a275972323fff908c3e":"0b4ee0385e6665da8fd2ae47f2d0cf1c5bd395a3bb447047ab5a3ae0b95355bf83d0381119a8d4c01acbe60cd7885da650502f73498a682fdc94f7b14f4c753226064fa15e3a90a6083e053f52f404b0d22394e243b187f913ee2c6bb16c3033f79d794852071970523a67467ce63c35390c163775de2be68b505a63f60245e8":"91d55cfdcdcd7d735d48100ff82227c3":"":128:"cd7da82e890b6d7480c7186b2ea7e6f1":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4c2095e1379389dc3810e8819314f5a2f87d1494213c5b1de1a402f7f4f746c4":"26ec8ebac0560538a948afbc18fb730e9a91f21392bde24b88b200f96114b229a5b57fa9d02cf10e6592d4dfb28bf0f00740c61157ce28784e9066ea3afd44ecf3a494723610cb593c0feffc6897e3435c6f448697ad3e241685c4e133eff53bdd0fe44dd8a033cfb1e1ea37a493934eb5303ae6ef47ce6478f767ef9e3301ab":"19788b2e0bd757947596676436e22df1":"":120:"f26a20bea561004267a0bfbf01674e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4c2095e1379389dc3810e8819314f5a2f87d1494213c5b1de1a402f7f4f746c4":"26ec8ebac0560538a948afbc18fb730e9a91f21392bde24b88b200f96114b229a5b57fa9d02cf10e6592d4dfb28bf0f00740c61157ce28784e9066ea3afd44ecf3a494723610cb593c0feffc6897e3435c6f448697ad3e241685c4e133eff53bdd0fe44dd8a033cfb1e1ea37a493934eb5303ae6ef47ce6478f767ef9e3301ab":"19788b2e0bd757947596676436e22df1":"":120:"f26a20bea561004267a0bfbf01674e":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"be5351efc0277afc9759ec2464a22cb4401f7a17efd1a205e7af023c7ed30ee1":"1eca91406f338fc09c2988b1d7dc8c409d719300c03840a497d7b680cdd5e09b144903477f7116a934e1d931cf368af1fc2a0a0e7caa95475a3cd7bf585a16fda31eb3f8201db0216b37a1635c1c030836b3dd05ca5b0194388fa198e717822131d5d4318690ef82d35ac80b27fff19aec8f020dc6c6ce28f0813bbbf8230ad9":"c6b26117d9dbd80c1c242ad41abe2acc":"":120:"61051d6c0801b4a6b6ca0124c019f3":"95447aded336d6c20d483a6f062d533efed0261ad321d37bf8b7321b98f55c0f0082ce7f3d341b18fea29a72fc909d30cd8c84a1640227227287674a9b2f16a81b191ecf3b6232d656c32d7b38bea82a1b27d5897694a2be56d7e39aa1e725f326b91bad20455f58a94a545170cb43d13d4b91e1cee82abb6a6e0d95d4de0567":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"be5351efc0277afc9759ec2464a22cb4401f7a17efd1a205e7af023c7ed30ee1":"1eca91406f338fc09c2988b1d7dc8c409d719300c03840a497d7b680cdd5e09b144903477f7116a934e1d931cf368af1fc2a0a0e7caa95475a3cd7bf585a16fda31eb3f8201db0216b37a1635c1c030836b3dd05ca5b0194388fa198e717822131d5d4318690ef82d35ac80b27fff19aec8f020dc6c6ce28f0813bbbf8230ad9":"c6b26117d9dbd80c1c242ad41abe2acc":"":120:"61051d6c0801b4a6b6ca0124c019f3":"":"95447aded336d6c20d483a6f062d533efed0261ad321d37bf8b7321b98f55c0f0082ce7f3d341b18fea29a72fc909d30cd8c84a1640227227287674a9b2f16a81b191ecf3b6232d656c32d7b38bea82a1b27d5897694a2be56d7e39aa1e725f326b91bad20455f58a94a545170cb43d13d4b91e1cee82abb6a6e0d95d4de0567":0
AES-GCM NIST Validation (AES-256,128,1024,0,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"814c2cdfdeecf39d43bb141fbfc62dac44f7552c5e5dac2d4913303fc860119b":"0d3013a1d7132f685d001420daa6c7b643bc36b887511acc4588237d3b412c79e4ebba29c08248ad46c7239e8daa232b7483c9c4e3d1c0bbebc696401efe21f7fd6fc0525a4ab81bd9a893d5f7ab23b70ed07c00f33649b8a996a006de6c94f7793f72848793f4d5b31311c68aae1e715b37409fbe506dac038a0950f05fe82b":"0db3ade15cb0dea98a47d1377e034d63":"":120:"e62f910b6046ba4e934d3cfc6e024c":"374d03cfe4dacf668df5e703902cc784f011f418b43887702972dcc3f021bcb9bdd61ed5425f2975b6da7052c4859501eb2f295eb95d10ba6b2d74e7decc1acacebf8568e93a70a7f40be41ac38db6f751518c2f44a69c01c44745c51ad9a333eda9c89d001aa644f1e4063a8eb2a3592e21c6abc515b5aacaec8c32bcf1d3c4":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"814c2cdfdeecf39d43bb141fbfc62dac44f7552c5e5dac2d4913303fc860119b":"0d3013a1d7132f685d001420daa6c7b643bc36b887511acc4588237d3b412c79e4ebba29c08248ad46c7239e8daa232b7483c9c4e3d1c0bbebc696401efe21f7fd6fc0525a4ab81bd9a893d5f7ab23b70ed07c00f33649b8a996a006de6c94f7793f72848793f4d5b31311c68aae1e715b37409fbe506dac038a0950f05fe82b":"0db3ade15cb0dea98a47d1377e034d63":"":120:"e62f910b6046ba4e934d3cfc6e024c":"":"374d03cfe4dacf668df5e703902cc784f011f418b43887702972dcc3f021bcb9bdd61ed5425f2975b6da7052c4859501eb2f295eb95d10ba6b2d74e7decc1acacebf8568e93a70a7f40be41ac38db6f751518c2f44a69c01c44745c51ad9a333eda9c89d001aa644f1e4063a8eb2a3592e21c6abc515b5aacaec8c32bcf1d3c4":0
AES-GCM NIST Validation (AES-256,128,1024,0,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1ae4541110f2bc4f83cd720b5c40c8315413d896e034b75007f172baa13d29ec":"5ea811e7fbfc0e00bf2a6abfac50cad9efd90041c5f7fb8f046a0fecbd193b70a2de8a774d01dd3cd54f848cb3e9f5152ee1b052ba698bebfba1fbbdae44a260447d6e6482640ae4d01c9cac3d37d4ffe9a0de0b6001de504a33ef7620efe3ce48ecd6f5b1b3a89185c86d4d662a843ff730e040e3668d6170be4cced8a18a1c":"83f98eec51ee4cae4cb7fe28b64d1355":"":112:"df47eef69ba2faab887aa8f48e4b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1ae4541110f2bc4f83cd720b5c40c8315413d896e034b75007f172baa13d29ec":"5ea811e7fbfc0e00bf2a6abfac50cad9efd90041c5f7fb8f046a0fecbd193b70a2de8a774d01dd3cd54f848cb3e9f5152ee1b052ba698bebfba1fbbdae44a260447d6e6482640ae4d01c9cac3d37d4ffe9a0de0b6001de504a33ef7620efe3ce48ecd6f5b1b3a89185c86d4d662a843ff730e040e3668d6170be4cced8a18a1c":"83f98eec51ee4cae4cb7fe28b64d1355":"":112:"df47eef69ba2faab887aa8f48e4b":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"20c9b662ec4bd13bf58d64cb0a7159b0e7fee4703af66292bf75c8bd6e42e8dc":"45b64f2ed5ac707890c0c1726adf338770ce6a728fe86bb372c4c49409a32705f881bc4d31a27c455c7c7df9dd2c541743523e7d32f88930d988857847f011be5f5f31a31e8812745147cbff5c1294d0fd4a7285db4833f22bf1975250da99c4d0dd2c9688d7f8001bb6ef2bc898ce4d42c5b78e74645b56ce992338f49d4183":"2bc0847d46f3d1064bbf8fe8567f54a2":"":112:"5a1bf25aa8d5c3fe5cf1be8e54a1":"9079d6275db076625e8474c2914fe483d413d5339202f98f06c3b0ef063d8f3d31029deaf7f9349bfec57e5cf11f46f02d5a6520c7992efc951adbbea6d08e53faeb10dfe8b67ee4685da9ea4fe932551a65821147d06d4c462338e6ddda52017c2bc187fd6d02b7d5193f77da809d4e59a9061efad2f9cadbc4cd9b29728d32":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"20c9b662ec4bd13bf58d64cb0a7159b0e7fee4703af66292bf75c8bd6e42e8dc":"45b64f2ed5ac707890c0c1726adf338770ce6a728fe86bb372c4c49409a32705f881bc4d31a27c455c7c7df9dd2c541743523e7d32f88930d988857847f011be5f5f31a31e8812745147cbff5c1294d0fd4a7285db4833f22bf1975250da99c4d0dd2c9688d7f8001bb6ef2bc898ce4d42c5b78e74645b56ce992338f49d4183":"2bc0847d46f3d1064bbf8fe8567f54a2":"":112:"5a1bf25aa8d5c3fe5cf1be8e54a1":"":"9079d6275db076625e8474c2914fe483d413d5339202f98f06c3b0ef063d8f3d31029deaf7f9349bfec57e5cf11f46f02d5a6520c7992efc951adbbea6d08e53faeb10dfe8b67ee4685da9ea4fe932551a65821147d06d4c462338e6ddda52017c2bc187fd6d02b7d5193f77da809d4e59a9061efad2f9cadbc4cd9b29728d32":0
AES-GCM NIST Validation (AES-256,128,1024,0,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0a1554db37f2e275732a77e521cbd8170729d8677a85db73feacf3c66a89d689":"5421d93b7e6e0091978c673df4f3a406aef5f13eb5e6f95da19b0783308cbe26d4fd6c669cc4a9f069d7e62e4c6fad14b80e918fe91556a9a941a28b3dbf776a68ac7c42df7059b5ed713e78120aec84e7b68e96226c2b5e11a994864ed61b122e7e42ef6cfdae278fadbae1b3ea3362f4e6dc68eef6a70477b8a3ffcfba0df9":"b9194a4d42b139f04c29178467955f1d":"":112:"05949d591793ca52e679bfdf64f3":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0a1554db37f2e275732a77e521cbd8170729d8677a85db73feacf3c66a89d689":"5421d93b7e6e0091978c673df4f3a406aef5f13eb5e6f95da19b0783308cbe26d4fd6c669cc4a9f069d7e62e4c6fad14b80e918fe91556a9a941a28b3dbf776a68ac7c42df7059b5ed713e78120aec84e7b68e96226c2b5e11a994864ed61b122e7e42ef6cfdae278fadbae1b3ea3362f4e6dc68eef6a70477b8a3ffcfba0df9":"b9194a4d42b139f04c29178467955f1d":"":112:"05949d591793ca52e679bfdf64f3":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3ab1d9bb571c4bdc9f3ef340914bddcfe0c8e7718d4a2530334372cec86e5fcb":"80bcea307e009745724d5f15d21f3b61a5d5a8401530346b34a2adfa13e3e8c9c9327d6fad914b081e554fbe6c1c6fe070b566620e559555c702c0ab5becf61ea1d9de64351ce43b2276ef4e20b5af7ce43db6d21286af4e740ef00c6d790705afcf0ee4850fffc12c662f2bd8212feb21db31065ab8f717a7509c213352b869":"6a5335901284dd3b64dc4a7f810bab96":"":104:"04b8e5423aee8c06539f435edd":"36b9602eee20b8f18dce0783cd1e01a799f81ae0a1ce6d293a26c62f47e7dad85c8446697cc09c81d3d9ead6f9e55c4147211660c8aea9536cc5516e9883c7d6854be580af8cd47ba38fa8451f0dad9c904e0e7f9997eff7e29bf880cd7cedd79493a0e299efe644046e4a46bf6645dfb2397b3a482a346b215deb778c9b7636":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3ab1d9bb571c4bdc9f3ef340914bddcfe0c8e7718d4a2530334372cec86e5fcb":"80bcea307e009745724d5f15d21f3b61a5d5a8401530346b34a2adfa13e3e8c9c9327d6fad914b081e554fbe6c1c6fe070b566620e559555c702c0ab5becf61ea1d9de64351ce43b2276ef4e20b5af7ce43db6d21286af4e740ef00c6d790705afcf0ee4850fffc12c662f2bd8212feb21db31065ab8f717a7509c213352b869":"6a5335901284dd3b64dc4a7f810bab96":"":104:"04b8e5423aee8c06539f435edd":"":"36b9602eee20b8f18dce0783cd1e01a799f81ae0a1ce6d293a26c62f47e7dad85c8446697cc09c81d3d9ead6f9e55c4147211660c8aea9536cc5516e9883c7d6854be580af8cd47ba38fa8451f0dad9c904e0e7f9997eff7e29bf880cd7cedd79493a0e299efe644046e4a46bf6645dfb2397b3a482a346b215deb778c9b7636":0
AES-GCM NIST Validation (AES-256,128,1024,0,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7dddbd5657e22750bfe6baa70a1f4ac46c1ef8bee573a57cfcef50b66f85e593":"2bf5aba83a8161b9d21ff29251fb0efa697b1ea9c1b3de8481d5fd4d6b57afda0b098decdc8278cc855f25da4116ed558fc4e665a49a8fff3aef11115757a99c10b5a73b1f794f9502186c13dc79442f9226bbf4df19a6440281f76184933aeae438a25f85dbd0781e020a9f7e29fb8e517f597719e639cbd6061ea3b4b67fb0":"fcb962c39e4850efc8ffd43d9cd960a6":"":104:"1d8cdadcf1872fb2b697e82ef6":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7dddbd5657e22750bfe6baa70a1f4ac46c1ef8bee573a57cfcef50b66f85e593":"2bf5aba83a8161b9d21ff29251fb0efa697b1ea9c1b3de8481d5fd4d6b57afda0b098decdc8278cc855f25da4116ed558fc4e665a49a8fff3aef11115757a99c10b5a73b1f794f9502186c13dc79442f9226bbf4df19a6440281f76184933aeae438a25f85dbd0781e020a9f7e29fb8e517f597719e639cbd6061ea3b4b67fb0":"fcb962c39e4850efc8ffd43d9cd960a6":"":104:"1d8cdadcf1872fb2b697e82ef6":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6916b93b2712421f1f4582de7ec4237c4e42e2b32c7dced2f8bb5bd2e0598312":"3739cca20279a36ddb857ac22beae901a49529b3182463ab81a7c46e437eb0b0571e8c16f7b626ecd9f2ca0cd83debe3f83e5d58ed3738899f4b616755eb57fb965208f261736bdf7648b1f8595c6b6a779768115e3077dfee7a42d44b555a51675fb1ce9961d0e21b2b9b477c0541184350e70decf7c14a4c24b8a6cd5fed8e":"b4d9248bb500e40de99ca2a13e743f1c":"":104:"090d03446d65adcc0a42387e8e":"0255be7ac7ac6feb3a21f572f6a593cc8a97f17af7064c80e478f4a6c469cf94d604bc014b003bf284d216161a9c8a493af43c6a0d8caf813a9e6f83c7ed56dd57543876b11f76aa2be80dcd79d19ac61f00fa423ac2f52fae7a8327cd91494ca4116feb735980ad0a4b1445cb7f38cc712b8aee72179e65b97fca38694e3670":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6916b93b2712421f1f4582de7ec4237c4e42e2b32c7dced2f8bb5bd2e0598312":"3739cca20279a36ddb857ac22beae901a49529b3182463ab81a7c46e437eb0b0571e8c16f7b626ecd9f2ca0cd83debe3f83e5d58ed3738899f4b616755eb57fb965208f261736bdf7648b1f8595c6b6a779768115e3077dfee7a42d44b555a51675fb1ce9961d0e21b2b9b477c0541184350e70decf7c14a4c24b8a6cd5fed8e":"b4d9248bb500e40de99ca2a13e743f1c":"":104:"090d03446d65adcc0a42387e8e":"":"0255be7ac7ac6feb3a21f572f6a593cc8a97f17af7064c80e478f4a6c469cf94d604bc014b003bf284d216161a9c8a493af43c6a0d8caf813a9e6f83c7ed56dd57543876b11f76aa2be80dcd79d19ac61f00fa423ac2f52fae7a8327cd91494ca4116feb735980ad0a4b1445cb7f38cc712b8aee72179e65b97fca38694e3670":0
AES-GCM NIST Validation (AES-256,128,1024,0,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b751c8b724165009a8bd97a9d2a0e22cae5a95c4743c55eeeef0a6fe7d946bec":"e8546a5af1e38114822e60e75563a9399c88796f303c99c69d1f3c50379da81e1cd5b5a4a721e23c59da58ea4361b7ff58408e506a27fea24f9a235c6af7f7a5bd93fa31e90edfc322821c08d6324134830b7fe160b4a3e6d27866a10e6e60762a31618ef92f5c67ccb1deb1f1b188f0e687165e7c366c7418920df4f4fcdcae":"160c50c0621c03fd1572df6ba49f0d1e":"":96:"9fef9becf21901496772996f":"175fa6b7cd781ec057ff78ba410f2897a920739b5fc4f04bc9b998fbc7cc18e327ad44d59b167e4627256aaecd97dc3e4a7c9baaf51d177787a7f4a0a2d207a855753c4754d41348982d9418b6b24b590632d5115dc186b0ba3bec16b41fa47c0077c5d091ec705e554475024814c5167121dd224c544686398df3f33c210e82":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b751c8b724165009a8bd97a9d2a0e22cae5a95c4743c55eeeef0a6fe7d946bec":"e8546a5af1e38114822e60e75563a9399c88796f303c99c69d1f3c50379da81e1cd5b5a4a721e23c59da58ea4361b7ff58408e506a27fea24f9a235c6af7f7a5bd93fa31e90edfc322821c08d6324134830b7fe160b4a3e6d27866a10e6e60762a31618ef92f5c67ccb1deb1f1b188f0e687165e7c366c7418920df4f4fcdcae":"160c50c0621c03fd1572df6ba49f0d1e":"":96:"9fef9becf21901496772996f":"":"175fa6b7cd781ec057ff78ba410f2897a920739b5fc4f04bc9b998fbc7cc18e327ad44d59b167e4627256aaecd97dc3e4a7c9baaf51d177787a7f4a0a2d207a855753c4754d41348982d9418b6b24b590632d5115dc186b0ba3bec16b41fa47c0077c5d091ec705e554475024814c5167121dd224c544686398df3f33c210e82":0
AES-GCM NIST Validation (AES-256,128,1024,0,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0faf32c22c2a4ee38fe4b5ce08f98fdf6f83b5038dcba5ec8332b3eeb5c710c7":"8a556cc30075753c6e94c2f669bca2058ff6abcbffffc82da7cfca0a45af82dfb4cf487ceb4ede72be87ee4c8b72db1e96459de1dc96721464c544c001d785f2188b9fccaec4b1a37970d38b326f30163d2fdfdf8a2ce74aec55abcd823772b54f8081d086a2e7b17b4086d6c4a5ea67828ef0b593ea1387b2c61f5dfe8f2bb0":"04885a5846f5f75a760193de7f07853c":"":96:"0c13506ed9f082dd08434342":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0faf32c22c2a4ee38fe4b5ce08f98fdf6f83b5038dcba5ec8332b3eeb5c710c7":"8a556cc30075753c6e94c2f669bca2058ff6abcbffffc82da7cfca0a45af82dfb4cf487ceb4ede72be87ee4c8b72db1e96459de1dc96721464c544c001d785f2188b9fccaec4b1a37970d38b326f30163d2fdfdf8a2ce74aec55abcd823772b54f8081d086a2e7b17b4086d6c4a5ea67828ef0b593ea1387b2c61f5dfe8f2bb0":"04885a5846f5f75a760193de7f07853c":"":96:"0c13506ed9f082dd08434342":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0dddc3d2f82bdcdbc37648a6b9b416af28753740f8e998cd1a52a0b665369f1c":"07bf84b15b21951fd22049be6991a672503ae243b8d285fb1e515e1d2c36bfd5b0d0bcce85791f2cea8f616aed68a7d9cf4eaf76418e8b1ec27751de67cbfd9d9f7905b2667904f10d598503f04c04ea00a681ff89a9c446d5763898430bd7a9dfebfe544e3ed3e639b362683a651e087626ffa63c0c2b3e0dd088b81b07f75e":"0a93b883cbd42998ae2e39aab342cb28":"":96:"5c37918edb7aa65b246fd5a6":"ff7b7b2f88b8c6f9f9bad7152874e995eea0ff1ce1ecd9b8d563642a37a31499f14d70f0dd835b7adf80928497f845fd8c2786cd53af25f8c9fe1bba24e3c3860162635bbed58f06cf6c9966bb9b570987a48329279bb84afb9e464bb4ad19ae6600175086e28929569027c5285d2ed97615e5a7dada40ba03c440861f524475":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0dddc3d2f82bdcdbc37648a6b9b416af28753740f8e998cd1a52a0b665369f1c":"07bf84b15b21951fd22049be6991a672503ae243b8d285fb1e515e1d2c36bfd5b0d0bcce85791f2cea8f616aed68a7d9cf4eaf76418e8b1ec27751de67cbfd9d9f7905b2667904f10d598503f04c04ea00a681ff89a9c446d5763898430bd7a9dfebfe544e3ed3e639b362683a651e087626ffa63c0c2b3e0dd088b81b07f75e":"0a93b883cbd42998ae2e39aab342cb28":"":96:"5c37918edb7aa65b246fd5a6":"":"ff7b7b2f88b8c6f9f9bad7152874e995eea0ff1ce1ecd9b8d563642a37a31499f14d70f0dd835b7adf80928497f845fd8c2786cd53af25f8c9fe1bba24e3c3860162635bbed58f06cf6c9966bb9b570987a48329279bb84afb9e464bb4ad19ae6600175086e28929569027c5285d2ed97615e5a7dada40ba03c440861f524475":0
AES-GCM NIST Validation (AES-256,128,1024,0,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a0b1a62e46e7712277fc711e19d0c0c865ee77b42ac964b7202dbcaf428086c2":"7dd7c0787fdbea4aacf929341659dcf4b75cbca8f92001e8b62a4d7b40272c5755fa9c445857db05328dc11ce5221f044f4b3dafbf0e2d72a1ad0d3e4c804148db578218690ccc620d8b97b4450ff83400a6caaa959617611446a6627138a4067be9ea410d4b0581022ab621928205b4a4480560fc4c2c3b39a2805684006f35":"e20957a49a27e247d00379850f934d6c":"":64:"c99751516620bf89":"9307620479f076c39f53965c87d20c2aff11c736c040dba74cd690d275591a5defc57a02f6806de82eb7051548589484364f6c9b91f233a87258ede1ee276cb2c93b4fc76f4d7e60cbd29ba2c54cb479c178fa462c1c2fb6eeb3f1df0edfb894c9222b994c4931dedf7c6e8ddecbde385ddf4481807f52322a47bf5ff7272991":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a0b1a62e46e7712277fc711e19d0c0c865ee77b42ac964b7202dbcaf428086c2":"7dd7c0787fdbea4aacf929341659dcf4b75cbca8f92001e8b62a4d7b40272c5755fa9c445857db05328dc11ce5221f044f4b3dafbf0e2d72a1ad0d3e4c804148db578218690ccc620d8b97b4450ff83400a6caaa959617611446a6627138a4067be9ea410d4b0581022ab621928205b4a4480560fc4c2c3b39a2805684006f35":"e20957a49a27e247d00379850f934d6c":"":64:"c99751516620bf89":"":"9307620479f076c39f53965c87d20c2aff11c736c040dba74cd690d275591a5defc57a02f6806de82eb7051548589484364f6c9b91f233a87258ede1ee276cb2c93b4fc76f4d7e60cbd29ba2c54cb479c178fa462c1c2fb6eeb3f1df0edfb894c9222b994c4931dedf7c6e8ddecbde385ddf4481807f52322a47bf5ff7272991":0
AES-GCM NIST Validation (AES-256,128,1024,0,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ffcc1c88fba1723b3ab57b458d9bffb98b878c967fb43b9db2ae0753d32a3bb1":"19b6dec86d93c466307de3a36c0791ed1010b1b9cf8d30347ae46e0f9283c9fda43da8cb491dd17cc4298b1f0b876d6a0f4bcbc9667fe34564bc08f8f7b67045057d19f4bf027bc839e590822fa09a5cef1af18e64a0116aa2a01a3f246c2b5272c18c9aa23efe674ba53d533ae8f0695cb78c1155cdc7a9d7fae2c4567dc07c":"d533c2170c5dc203512c81c34eff4077":"":64:"167ec8675e7f9e12":"0539287ac546fe5342e4c3c0ec07127dcd22899abfe8cdd6e89d08f1374d76e877bec4844d06e0a9f32d181c8d945ba16a54ce3725fae21d8245c070a4da0c646203d6b91325b665ab98c30295851c59265b4ab567b968b6e98536b7850738d92e9627b4c9c6f5d9ae2520944783d8f788a1aa11f3f5245660d41f388e26e0a1":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ffcc1c88fba1723b3ab57b458d9bffb98b878c967fb43b9db2ae0753d32a3bb1":"19b6dec86d93c466307de3a36c0791ed1010b1b9cf8d30347ae46e0f9283c9fda43da8cb491dd17cc4298b1f0b876d6a0f4bcbc9667fe34564bc08f8f7b67045057d19f4bf027bc839e590822fa09a5cef1af18e64a0116aa2a01a3f246c2b5272c18c9aa23efe674ba53d533ae8f0695cb78c1155cdc7a9d7fae2c4567dc07c":"d533c2170c5dc203512c81c34eff4077":"":64:"167ec8675e7f9e12":"":"0539287ac546fe5342e4c3c0ec07127dcd22899abfe8cdd6e89d08f1374d76e877bec4844d06e0a9f32d181c8d945ba16a54ce3725fae21d8245c070a4da0c646203d6b91325b665ab98c30295851c59265b4ab567b968b6e98536b7850738d92e9627b4c9c6f5d9ae2520944783d8f788a1aa11f3f5245660d41f388e26e0a1":0
AES-GCM NIST Validation (AES-256,128,1024,0,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"55e94b339c3bafe068ef9cc30787cc6705850114976843777c92b4b331801650":"147cc7bc4008dadf1956520b5998d961499bdf3d8b168591adbfd99411ad7b34eb4b2a5c1bb0522b810fec12dd7c775784d7ecdc741e6dec8191361e6abf473b219221801951b4d5ffe955ab50eef9cffdfee65ba29ddfa943fb52d722825338c307870a48a35f51db340aa946c71904d03174b1e4a498238b9d631a6982c68d":"2e2b31214d61276a54daf2ccb98baa36":"":64:"5266e9c67c252164":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"55e94b339c3bafe068ef9cc30787cc6705850114976843777c92b4b331801650":"147cc7bc4008dadf1956520b5998d961499bdf3d8b168591adbfd99411ad7b34eb4b2a5c1bb0522b810fec12dd7c775784d7ecdc741e6dec8191361e6abf473b219221801951b4d5ffe955ab50eef9cffdfee65ba29ddfa943fb52d722825338c307870a48a35f51db340aa946c71904d03174b1e4a498238b9d631a6982c68d":"2e2b31214d61276a54daf2ccb98baa36":"":64:"5266e9c67c252164":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,0,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"13c9572bdef62510d84f2d415cc481cd1e71b9c1132b43e63b21ba4e16de9b39":"7c78e634dec811173ff3c4a9a48ae3ae794fbd2aefd4b31701777ff6fcb670744c592a1d298d319717870dca364b2a3562a4ffa422bf7173c4f7ea9b0edf675e948f8370ffd0fd0d5703a9d33e8f9f375b8b641a1b1eecd1692ad1d461a68d97f91f9087f213aff23db1246ee16f403969c238f99eed894658277da23ced11ee":"a8339ba505a14786ad05edfe8cebb8d0":"":32:"df3cab08":"91f9780daefd2c1010c458054ac6e35baa885cdd2c95e28e13f84451064e31e0739f27bf259cb376ab951e1c7048e1252f0849ccb5453fc97b319666ebbfbc7ef3055212a61582d1b69158f3b1629950a41bc756bded20498492ebc49a1535d1bd915e59c49b87ffebea2f4ad4516ecdd63fa5afda9cce9dc730d6ab2757384a":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"13c9572bdef62510d84f2d415cc481cd1e71b9c1132b43e63b21ba4e16de9b39":"7c78e634dec811173ff3c4a9a48ae3ae794fbd2aefd4b31701777ff6fcb670744c592a1d298d319717870dca364b2a3562a4ffa422bf7173c4f7ea9b0edf675e948f8370ffd0fd0d5703a9d33e8f9f375b8b641a1b1eecd1692ad1d461a68d97f91f9087f213aff23db1246ee16f403969c238f99eed894658277da23ced11ee":"a8339ba505a14786ad05edfe8cebb8d0":"":32:"df3cab08":"":"91f9780daefd2c1010c458054ac6e35baa885cdd2c95e28e13f84451064e31e0739f27bf259cb376ab951e1c7048e1252f0849ccb5453fc97b319666ebbfbc7ef3055212a61582d1b69158f3b1629950a41bc756bded20498492ebc49a1535d1bd915e59c49b87ffebea2f4ad4516ecdd63fa5afda9cce9dc730d6ab2757384a":0
AES-GCM NIST Validation (AES-256,128,1024,0,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30a14ca53913acbb215b4e4159083106db3fff83cbedd1e5425f65af1e94f5dd":"8c5f73ee1544553b712ad7a14f31379c8d54a4e432fb6c5112436988d83c4e94954b0249b470538fb977b756fbee70b811d4dc047a869e207bb0b495f1e271d0034e912000e97594033e0dedde0591b297f8a84bafcc93a46268a5bba117b558f1c73513e971c80a7083e1718fc12d0cc0d996a8e09603d564f0b8e81eea28bc":"4f23f04904de76d6decd4bd380ff56b1":"":32:"18e92b96":"bb4b3f8061edd6fa418dd71fe22eb0528547050b3bfbaa1c74e82148470d557499ce856de3e988384c0a73671bf370e560d8fda96dabe4728b5f72a6f9efd5023b07a96a631cafdf2c878b2567104c466f82b89f429915cf3331845febcff008558f836b4c12d53e94d363eae43a50fc6cb36f4ca183be92ca5f299704e2c8cf":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30a14ca53913acbb215b4e4159083106db3fff83cbedd1e5425f65af1e94f5dd":"8c5f73ee1544553b712ad7a14f31379c8d54a4e432fb6c5112436988d83c4e94954b0249b470538fb977b756fbee70b811d4dc047a869e207bb0b495f1e271d0034e912000e97594033e0dedde0591b297f8a84bafcc93a46268a5bba117b558f1c73513e971c80a7083e1718fc12d0cc0d996a8e09603d564f0b8e81eea28bc":"4f23f04904de76d6decd4bd380ff56b1":"":32:"18e92b96":"":"bb4b3f8061edd6fa418dd71fe22eb0528547050b3bfbaa1c74e82148470d557499ce856de3e988384c0a73671bf370e560d8fda96dabe4728b5f72a6f9efd5023b07a96a631cafdf2c878b2567104c466f82b89f429915cf3331845febcff008558f836b4c12d53e94d363eae43a50fc6cb36f4ca183be92ca5f299704e2c8cf":0
AES-GCM NIST Validation (AES-256,128,1024,0,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e69f419140289ac25fb0e2ef9cc4f7e06777ac20f7d631918d1af0c8883b7d6a":"ff8dfa4e70490ea9c84cb894dc5d7e1b935ebcdea80a39c4161d4db42cbb269cc86abd381af15ec9a4a42ed18c1eed540decec19722df46f22aa06883297cb393fb23e4bb31a817e88357aa923c7ecbcf24c28a09f622dd21fa70c0a02193024fdcefeaa96cc1b50f81a65dfa9e1bb5126f0c9766a861eed096ec15fb07b0f81":"531248afdaaf1b86cf34d2394900afd9":"":32:"c6885cdd":"f75299e0ead3834fc7ebd4b2051541b598ad57cc908fdcd4324cf4ccf7dcf7b3f0737ad6c026399a8b1b6d3d50011b3c48ea2c89833b4b44c437677f230b75d36848781d4af14546894eecd873a2b1c3d2fcdd676b10bd55112038c0fdaa7b5598fe4db273a1b6744cba47189b7e2a973651bfc2aaa9e9abea4494047b957a80":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e69f419140289ac25fb0e2ef9cc4f7e06777ac20f7d631918d1af0c8883b7d6a":"ff8dfa4e70490ea9c84cb894dc5d7e1b935ebcdea80a39c4161d4db42cbb269cc86abd381af15ec9a4a42ed18c1eed540decec19722df46f22aa06883297cb393fb23e4bb31a817e88357aa923c7ecbcf24c28a09f622dd21fa70c0a02193024fdcefeaa96cc1b50f81a65dfa9e1bb5126f0c9766a861eed096ec15fb07b0f81":"531248afdaaf1b86cf34d2394900afd9":"":32:"c6885cdd":"":"f75299e0ead3834fc7ebd4b2051541b598ad57cc908fdcd4324cf4ccf7dcf7b3f0737ad6c026399a8b1b6d3d50011b3c48ea2c89833b4b44c437677f230b75d36848781d4af14546894eecd873a2b1c3d2fcdd676b10bd55112038c0fdaa7b5598fe4db273a1b6744cba47189b7e2a973651bfc2aaa9e9abea4494047b957a80":0
AES-GCM NIST Validation (AES-256,128,1024,1024,128) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"404a5d1ac9e32f9caabffbfa485ce9c27edc9e5cde0f2aab4f32ce3121449b88":"b63ec4d28854b7fe2d4d13973f5bcb16f78494ce25cc2820de9d0dc1d8d91db1f19bc9e01cee8418c9e88a69b2f30cdbb0dbdbb50be71e1e666c111c126f2b7197c02f69a1b2ec5e1bf4062b2d0b22fb0fa1585b4e6286b29f6ac98d1b1319dd99851fa6921607077d2947140fdeeea145b56ea7b6af276c9f65393bc43ede33":"b6e6c078e6869df156faa9ac32f057c3":"6ebc75fc9304f2b139abc7d3f68b253228009c503a08b7be77852da9e1afbe72c9ab374740b0dc391fa4d7e17de6a0aa08c69e6f5c5f05411e71e70c69dfbcf693df84c30f7a8e6c7949ea1e734297c0ea3df9b7e905faa6bbdcaf1ff2625a39363308331d74892cf531cb3f6d7db31bbe9a039fca87100367747024f68c5b77":128:"94c1b9b70f9c48e7efd40ecab320c2d3":"56a0ac94f3ec7be2608154f779c434ee96db5ed4f5a6e1acfb32361ce04e16e1337be5978df06d7c4f6012385fb9d45bb397dc00f165883714b4a5b2f72f69c018ffa6d4420ad1b772e94575f035ad203be3d34b5b789a99389f295b43f004de3daaef7fa918712d3a23ca44329595e08da190e3678bc6ad9b500b9f885abe23":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"404a5d1ac9e32f9caabffbfa485ce9c27edc9e5cde0f2aab4f32ce3121449b88":"b63ec4d28854b7fe2d4d13973f5bcb16f78494ce25cc2820de9d0dc1d8d91db1f19bc9e01cee8418c9e88a69b2f30cdbb0dbdbb50be71e1e666c111c126f2b7197c02f69a1b2ec5e1bf4062b2d0b22fb0fa1585b4e6286b29f6ac98d1b1319dd99851fa6921607077d2947140fdeeea145b56ea7b6af276c9f65393bc43ede33":"b6e6c078e6869df156faa9ac32f057c3":"6ebc75fc9304f2b139abc7d3f68b253228009c503a08b7be77852da9e1afbe72c9ab374740b0dc391fa4d7e17de6a0aa08c69e6f5c5f05411e71e70c69dfbcf693df84c30f7a8e6c7949ea1e734297c0ea3df9b7e905faa6bbdcaf1ff2625a39363308331d74892cf531cb3f6d7db31bbe9a039fca87100367747024f68c5b77":128:"94c1b9b70f9c48e7efd40ecab320c2d3":"":"56a0ac94f3ec7be2608154f779c434ee96db5ed4f5a6e1acfb32361ce04e16e1337be5978df06d7c4f6012385fb9d45bb397dc00f165883714b4a5b2f72f69c018ffa6d4420ad1b772e94575f035ad203be3d34b5b789a99389f295b43f004de3daaef7fa918712d3a23ca44329595e08da190e3678bc6ad9b500b9f885abe23":0
AES-GCM NIST Validation (AES-256,128,1024,1024,128) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b56f0c980acf7875cf7f27d53ad4a276adc126d0b93a5774ac4277eecad4309e":"2c94299e36b7c4a825ecbc5a7809061e0a6761764a5a655ffdb0c20e5c3fcb10f4e93c68aa0a38c2acc5d06f2b7c4ff4fcf814b551bfefa248dbe06a09a0f153213538a31fa7cf7d646b5b53908d8978f514c9c4d6d66f2b3738024b5f9c3fd86b6da0c818203183f4205f186ea44a54edb911b1a17c424c95852c8d271b2e93":"b004c049decfb43d6f3ec13c56f839ef":"b2045b97fbb52a5fc6ff03d74e59dd696f3f442c0b555add8e6d111f835df420f45e970c4b32a84f0c45ba3710b5cd574001862b073efa5c9c4bd50127b2ce72d2c736c5e2723956da5a0acb82041a609386d07b50551c1d1fa4678886bac54b0bd080cc5ef607dca2a0d6a1e71f0e3833678bf8560bc059dae370ec94d43af6":128:"fce7234f7f76b5d502fd2b96fc9b1ce7":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b56f0c980acf7875cf7f27d53ad4a276adc126d0b93a5774ac4277eecad4309e":"2c94299e36b7c4a825ecbc5a7809061e0a6761764a5a655ffdb0c20e5c3fcb10f4e93c68aa0a38c2acc5d06f2b7c4ff4fcf814b551bfefa248dbe06a09a0f153213538a31fa7cf7d646b5b53908d8978f514c9c4d6d66f2b3738024b5f9c3fd86b6da0c818203183f4205f186ea44a54edb911b1a17c424c95852c8d271b2e93":"b004c049decfb43d6f3ec13c56f839ef":"b2045b97fbb52a5fc6ff03d74e59dd696f3f442c0b555add8e6d111f835df420f45e970c4b32a84f0c45ba3710b5cd574001862b073efa5c9c4bd50127b2ce72d2c736c5e2723956da5a0acb82041a609386d07b50551c1d1fa4678886bac54b0bd080cc5ef607dca2a0d6a1e71f0e3833678bf8560bc059dae370ec94d43af6":128:"fce7234f7f76b5d502fd2b96fc9b1ce7":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,128) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1c5027c36e6caa1b3e5e45fead32b5e3126ac41f106c491b0b3a7c16502f4fe6":"58f0ceaa31c0025d2e6bb58720cce4b64f5f6c657c847ae42936eb1e343fea397c8a8cf2f5ef02ffaec25f431900dcb0910cf32cea9eca3b78aed1c451c7af51066489f87b2a5f8cf28d6fdb6ce49d898b6167b590a3907be7618be11fb0922a3cfd18e73efef19e5cdc250fa33f61e3940c6482ae35f339e8c0a85a17379a4e":"3ee660f03858669e557e3effdd7df6bd":"93e803c79de6ad652def62cf3cd34f9addc9dd1774967a0f69e1d28361eb2cacc177c63c07657389ce23bbe65d73e0460946d31be495424655c7724eac044cafafe1540fcbd4218921367054e43e3d21e0fa6a0da9f8b20c5cdbd019c944a2d2ee6aa6760ee1131e58fec9da30790f5a873e792098a82ddf18c3813611d9242a":128:"ac33f5ffca9df4efc09271ff7a4f58e2":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1c5027c36e6caa1b3e5e45fead32b5e3126ac41f106c491b0b3a7c16502f4fe6":"58f0ceaa31c0025d2e6bb58720cce4b64f5f6c657c847ae42936eb1e343fea397c8a8cf2f5ef02ffaec25f431900dcb0910cf32cea9eca3b78aed1c451c7af51066489f87b2a5f8cf28d6fdb6ce49d898b6167b590a3907be7618be11fb0922a3cfd18e73efef19e5cdc250fa33f61e3940c6482ae35f339e8c0a85a17379a4e":"3ee660f03858669e557e3effdd7df6bd":"93e803c79de6ad652def62cf3cd34f9addc9dd1774967a0f69e1d28361eb2cacc177c63c07657389ce23bbe65d73e0460946d31be495424655c7724eac044cafafe1540fcbd4218921367054e43e3d21e0fa6a0da9f8b20c5cdbd019c944a2d2ee6aa6760ee1131e58fec9da30790f5a873e792098a82ddf18c3813611d9242a":128:"ac33f5ffca9df4efc09271ff7a4f58e2":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,120) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"34c3019810d72b5e584f0758f2f5888a42729a33610aafa9824badade4136bbd":"22deef66cbb7db240c399b6c83407f090d6999ba25e560b2087fed0467904bb5c40cbaa05b8bf0ff5a77c53fa229478d8e0736414daf9c420417c391c9a523fd85954533f1304d81359bdcc2c4ac90d9f5f8a67a517d7f05ba0409b718159baf11cd9154e815d5745179beb59954a45a8676a375d5af7fae4d0da05c4ea91a13":"f315ea36c17fc57dab3a2737d687cd4f":"f33c5a3a9e546ad5b35e4febf2ae557ca767b55d93bb3c1cf62d862d112dbd26f8fe2a3f54d347c1bc30029e55118bab2662b99b984b8b8e2d76831f94e48587de2709e32f16c26695f07e654b703eba6428f30070e23ed40b61d04dd1430e33c629117d945d9c0e4d36c79a8b8ab555d85083a898e7e7fbeb64a45cc3511d99":120:"0bae9403888efb4d8ec97df604cd5d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"34c3019810d72b5e584f0758f2f5888a42729a33610aafa9824badade4136bbd":"22deef66cbb7db240c399b6c83407f090d6999ba25e560b2087fed0467904bb5c40cbaa05b8bf0ff5a77c53fa229478d8e0736414daf9c420417c391c9a523fd85954533f1304d81359bdcc2c4ac90d9f5f8a67a517d7f05ba0409b718159baf11cd9154e815d5745179beb59954a45a8676a375d5af7fae4d0da05c4ea91a13":"f315ea36c17fc57dab3a2737d687cd4f":"f33c5a3a9e546ad5b35e4febf2ae557ca767b55d93bb3c1cf62d862d112dbd26f8fe2a3f54d347c1bc30029e55118bab2662b99b984b8b8e2d76831f94e48587de2709e32f16c26695f07e654b703eba6428f30070e23ed40b61d04dd1430e33c629117d945d9c0e4d36c79a8b8ab555d85083a898e7e7fbeb64a45cc3511d99":120:"0bae9403888efb4d8ec97df604cd5d":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,120) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"29397d98fc5a7f04b5c8b6aa3a1dd975b6e4678457ae7f0691eee40b5397503a":"0bbf1079cb5569c32257bc7e52371db46f3961b457402b816588243b4523543430d5ca56b52de6632724c51e6c3af310b28822c749a12bdd58dee58bbc3266631562a998ec3acdc8a2567a9f07f7f9759c3f50b1d1dcdd529256b80c0d227fc1fe8b58c62d1c643f1ac2996809fd061afcf4a9af184c14db9e63ec885c49de61":"885543a45fd1163e34ef9276145b0f8c":"d88beaa0664bcef178cbdbfab17ff526b5c0f8ad9543c6a312d93c336707fbf87c0448b07a550580953279f552f368225cc6971f1eecc718d6aad1729c8d8873081357752bd09d77075fa680cb2dc4139171e4a0aaa50b28c262c14fd10b8d799ca1c6641bb7dfdfdf3dea69aa2b9e4e4726dc18b0784afa4228e5ccb1eb2422":120:"7b334d7af54b916821f6136e977a1f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"29397d98fc5a7f04b5c8b6aa3a1dd975b6e4678457ae7f0691eee40b5397503a":"0bbf1079cb5569c32257bc7e52371db46f3961b457402b816588243b4523543430d5ca56b52de6632724c51e6c3af310b28822c749a12bdd58dee58bbc3266631562a998ec3acdc8a2567a9f07f7f9759c3f50b1d1dcdd529256b80c0d227fc1fe8b58c62d1c643f1ac2996809fd061afcf4a9af184c14db9e63ec885c49de61":"885543a45fd1163e34ef9276145b0f8c":"d88beaa0664bcef178cbdbfab17ff526b5c0f8ad9543c6a312d93c336707fbf87c0448b07a550580953279f552f368225cc6971f1eecc718d6aad1729c8d8873081357752bd09d77075fa680cb2dc4139171e4a0aaa50b28c262c14fd10b8d799ca1c6641bb7dfdfdf3dea69aa2b9e4e4726dc18b0784afa4228e5ccb1eb2422":120:"7b334d7af54b916821f6136e977a1f":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,120) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7555dfcf354da07fd70f951d94ec1d86a635edfdb7929460207b2a39cc0cf4a3":"a1351cfffd1b0cbf80c3318cc432d3238cb647e996b7b53c527783594683f535950cd08788687c77226b2d3f095955884adc2e475ca1e1eab04e37d5e901ae8934a9d3a0cb37b80612ca25d989856dfa7607b03039b64d7dcd468204f03e0f2c55cb41c5367c56ca6c561425992b40e2d4f380b3d8419f681e88ebe2d4bdad36":"e1b30b6a47e8c21228e41a21b1a004f0":"bf986d3842378440f8924bb7f117d1a86888a666915a93ba65d486d14c580501e736d3418cebee572439318b21b6e4e504a7b075b8c2300c014e87e04fa842b6a2a3ebd9e6134b9ddd78e0a696223b1dc775f3288a6a9569c64b4d8fc5e04f2047c70115f692d2c2cefe7488de42ff862d7c0f542e58d69f0f8c9bf67ef48aea":120:"d8ef5438b7cf5dc11209a635ce1095":"95e8db7c8ecab8a60ceb49726153a7c5553cf571bc40515944d833485e19bf33cb954e2555943778040165a6cfffecef79eb7d82fef5a2f136f004bb5e7c35ae827fac3da292a185b5b8fc262012c05caeda5453ede3303cfeb0c890db1facadaa2895bdbb33265ada0bb46030607b6cf94f86961178e2e2deeb53c63900f1ec":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7555dfcf354da07fd70f951d94ec1d86a635edfdb7929460207b2a39cc0cf4a3":"a1351cfffd1b0cbf80c3318cc432d3238cb647e996b7b53c527783594683f535950cd08788687c77226b2d3f095955884adc2e475ca1e1eab04e37d5e901ae8934a9d3a0cb37b80612ca25d989856dfa7607b03039b64d7dcd468204f03e0f2c55cb41c5367c56ca6c561425992b40e2d4f380b3d8419f681e88ebe2d4bdad36":"e1b30b6a47e8c21228e41a21b1a004f0":"bf986d3842378440f8924bb7f117d1a86888a666915a93ba65d486d14c580501e736d3418cebee572439318b21b6e4e504a7b075b8c2300c014e87e04fa842b6a2a3ebd9e6134b9ddd78e0a696223b1dc775f3288a6a9569c64b4d8fc5e04f2047c70115f692d2c2cefe7488de42ff862d7c0f542e58d69f0f8c9bf67ef48aea":120:"d8ef5438b7cf5dc11209a635ce1095":"":"95e8db7c8ecab8a60ceb49726153a7c5553cf571bc40515944d833485e19bf33cb954e2555943778040165a6cfffecef79eb7d82fef5a2f136f004bb5e7c35ae827fac3da292a185b5b8fc262012c05caeda5453ede3303cfeb0c890db1facadaa2895bdbb33265ada0bb46030607b6cf94f86961178e2e2deeb53c63900f1ec":0
AES-GCM NIST Validation (AES-256,128,1024,1024,112) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"bbeafe86c72ab0354b733b69b09e4d3462feb1658fe404004d81503f3a6e132f":"a033c2051e425d01d97d563572e42c5113860e5dedcd24c76e3e357559ba3250f1fc5d4a931a9d0900ac025400f0158621f0b1215b2907467bfc874bcabbb28e28de81fe1ee5b79985261c512afec2327c8c5957df90c9eb77950de4a4860b57a9e6e145ea15eb52da63f217f94a5c8e5fcb5d361b86e0e67637a450cdbcb06f":"ee1caba93cb549054ca29715a536393e":"e44b0e0d275ae7c38a7dc2f768e899c1c11a4c4cb5b5bd25cd2132e3ecbaa5a63654312603e1c5b393c0ce6253c55986ee45bb1daac78a26749d88928f9b9908690fc148a656b78e3595319432763efbcf6957c9b2150ccabfd4833d0dcee01758c5efb47321a948b379a2ec0abcd6b6cbf41a8883f0f5d5bf7b240cb35f0777":112:"a4809e072f93deb7b77c52427095":"e62adf9bbd92dd03cc5250251691f724c6ece1cb89d8c4daf31cc732a5420f6bedab71aab0238ba23bd7165ed1f692561ef457fd1d47413949405b6fc8e17922b17026d89d5830b383546ea516a56f3a1c45ec1251583ae880fa8985bd3dcc1d6a57b746971937bf370e76482238cc08c2c3b13258151e0a6475cc017f8a3d0e":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"bbeafe86c72ab0354b733b69b09e4d3462feb1658fe404004d81503f3a6e132f":"a033c2051e425d01d97d563572e42c5113860e5dedcd24c76e3e357559ba3250f1fc5d4a931a9d0900ac025400f0158621f0b1215b2907467bfc874bcabbb28e28de81fe1ee5b79985261c512afec2327c8c5957df90c9eb77950de4a4860b57a9e6e145ea15eb52da63f217f94a5c8e5fcb5d361b86e0e67637a450cdbcb06f":"ee1caba93cb549054ca29715a536393e":"e44b0e0d275ae7c38a7dc2f768e899c1c11a4c4cb5b5bd25cd2132e3ecbaa5a63654312603e1c5b393c0ce6253c55986ee45bb1daac78a26749d88928f9b9908690fc148a656b78e3595319432763efbcf6957c9b2150ccabfd4833d0dcee01758c5efb47321a948b379a2ec0abcd6b6cbf41a8883f0f5d5bf7b240cb35f0777":112:"a4809e072f93deb7b77c52427095":"":"e62adf9bbd92dd03cc5250251691f724c6ece1cb89d8c4daf31cc732a5420f6bedab71aab0238ba23bd7165ed1f692561ef457fd1d47413949405b6fc8e17922b17026d89d5830b383546ea516a56f3a1c45ec1251583ae880fa8985bd3dcc1d6a57b746971937bf370e76482238cc08c2c3b13258151e0a6475cc017f8a3d0e":0
AES-GCM NIST Validation (AES-256,128,1024,1024,112) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6ad06c88dd4f3becf35eed95bb859be2406a1803a66e4332a74c5f75c09b9a01":"2219c11672884b93d0290b6a7140feafe416461f1cdaf0b3aa64693d7db2eb10feae46aac7af549fa1b0abc78c11f8df7ee803ef70310fc3e67769f8b4bc64f81143a6ebf8bee9d386a8ede5d2cc0ed17985a3b7bb95191ef55e684690ccdc5ca504bc6eb28442b353861a034a43532c025f666e80be967a6b05b9dd3a91ff58":"07d8b4a6e77aef9018828b61e0fdf2a4":"cca1fd0278045dda80b847f0975b6cbf31e1910d2c99b4eb78c360d89133a1c52e66c5c3801824afc1f079d2b2b1c827199e83f680e59b9a7de9b15fa7b6848b5bf4e16a12ac1af4cf2b4d7bb45673c5e1241e9996440860a9204fc27cae46a991607bc5e7120d6c115ddcbdd02c022b262602139081e61eee4aba7193f13992":112:"e3ede170386e76321a575c095966":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6ad06c88dd4f3becf35eed95bb859be2406a1803a66e4332a74c5f75c09b9a01":"2219c11672884b93d0290b6a7140feafe416461f1cdaf0b3aa64693d7db2eb10feae46aac7af549fa1b0abc78c11f8df7ee803ef70310fc3e67769f8b4bc64f81143a6ebf8bee9d386a8ede5d2cc0ed17985a3b7bb95191ef55e684690ccdc5ca504bc6eb28442b353861a034a43532c025f666e80be967a6b05b9dd3a91ff58":"07d8b4a6e77aef9018828b61e0fdf2a4":"cca1fd0278045dda80b847f0975b6cbf31e1910d2c99b4eb78c360d89133a1c52e66c5c3801824afc1f079d2b2b1c827199e83f680e59b9a7de9b15fa7b6848b5bf4e16a12ac1af4cf2b4d7bb45673c5e1241e9996440860a9204fc27cae46a991607bc5e7120d6c115ddcbdd02c022b262602139081e61eee4aba7193f13992":112:"e3ede170386e76321a575c095966":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,112) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"87bbf7c15689e8c99a5a32a8ba0dfebcfe1989159807428cdd1f382c3ea95178":"b77d3bf3b30b3e6e5c86cbfb7e5455f6480f423cc76834b4663d28d9f1eb5c40212634e3347668427f7848352ab789886f96682a568260bdaeb7de0aae2af36f5ae04f06c332b158d923706c1c6255c673feeadb6d30bfc901e60b92acd9ddd83ef98686c4d492f4a60e97af2541d470a6a6b21903441020ea7619cf28a06986":"2f19aa1f3a82a7398706953f01739da7":"590dbd230854aa2b5ac19fc3dc9453e5bb9637e47d97b92486a599bdafdfb27c3852e3d06a91429bb820eb12a5318ed8861ffe87d659c462ef167be22604facfa3afb601b2167989b9e3b2e5b59e7d07fda27ffccd450869d528410b0aff468f70cc10ef6723a74af6eebc1572c123a9b5a9aab748a31fa764716d3293ff5de7":112:"5c43fc4dc959fabeebb188dbf3a5":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"87bbf7c15689e8c99a5a32a8ba0dfebcfe1989159807428cdd1f382c3ea95178":"b77d3bf3b30b3e6e5c86cbfb7e5455f6480f423cc76834b4663d28d9f1eb5c40212634e3347668427f7848352ab789886f96682a568260bdaeb7de0aae2af36f5ae04f06c332b158d923706c1c6255c673feeadb6d30bfc901e60b92acd9ddd83ef98686c4d492f4a60e97af2541d470a6a6b21903441020ea7619cf28a06986":"2f19aa1f3a82a7398706953f01739da7":"590dbd230854aa2b5ac19fc3dc9453e5bb9637e47d97b92486a599bdafdfb27c3852e3d06a91429bb820eb12a5318ed8861ffe87d659c462ef167be22604facfa3afb601b2167989b9e3b2e5b59e7d07fda27ffccd450869d528410b0aff468f70cc10ef6723a74af6eebc1572c123a9b5a9aab748a31fa764716d3293ff5de7":112:"5c43fc4dc959fabeebb188dbf3a5":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,104) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"24095a66b6eb0320ca75e2ab78e8496a45f4b000fc43436904c3e386fb852ed2":"4690edc843e23d9d9b9a4dab8fa8193f8bf03897d3d29759e9dc9e0f8a970c0f5d4399b9f60461fe5cf439f9b0d54bbc075695e4d76b76298cc2b75bb3e0b516ee9ada93f77c4c002ba9fd163a1e4b377befb76c1e5ab8b3901f214c0a4c48bd2aa2f33560d46e2721a060d4671dc97633ff9bcd703bb0fbed9a4a2c259b53f3":"0955c1f0e271edca279e016074886f60":"f5160c75c449e6bb971e73b7d04ab9b9a85879f6eb2d67354af94a4f0ca339c0a03a5b9ede87a4ff6823b698113a38ae5327e6878c3ccc0e36d74fe07aa51c027c3b334812862bc660178f5d0f3e764c0b828a5e3f2e7d7a1185b7e79828304a7ad3ddcd724305484177e66f4f81e66afdc5bbee0ec174bff5eb3719482bd2d8":104:"75a31347598f09fceeea6736fe":"0dd2dca260325967267667ff3ccdc6d6b35648821a42090abba46282869bac4bdc20a8bee024bea18a07396c38dbb45d9481fedcc423a3928cfa78a2f0ae8eedb062add810bdbee77ddc26c29e4f9fda1ab336d04ef42947b05fbdb9bc4df79e37af951d19d6bf5e5cb34eef898f23642a9c4a9111ed0b7a08abeeefbbd45c23":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"24095a66b6eb0320ca75e2ab78e8496a45f4b000fc43436904c3e386fb852ed2":"4690edc843e23d9d9b9a4dab8fa8193f8bf03897d3d29759e9dc9e0f8a970c0f5d4399b9f60461fe5cf439f9b0d54bbc075695e4d76b76298cc2b75bb3e0b516ee9ada93f77c4c002ba9fd163a1e4b377befb76c1e5ab8b3901f214c0a4c48bd2aa2f33560d46e2721a060d4671dc97633ff9bcd703bb0fbed9a4a2c259b53f3":"0955c1f0e271edca279e016074886f60":"f5160c75c449e6bb971e73b7d04ab9b9a85879f6eb2d67354af94a4f0ca339c0a03a5b9ede87a4ff6823b698113a38ae5327e6878c3ccc0e36d74fe07aa51c027c3b334812862bc660178f5d0f3e764c0b828a5e3f2e7d7a1185b7e79828304a7ad3ddcd724305484177e66f4f81e66afdc5bbee0ec174bff5eb3719482bd2d8":104:"75a31347598f09fceeea6736fe":"":"0dd2dca260325967267667ff3ccdc6d6b35648821a42090abba46282869bac4bdc20a8bee024bea18a07396c38dbb45d9481fedcc423a3928cfa78a2f0ae8eedb062add810bdbee77ddc26c29e4f9fda1ab336d04ef42947b05fbdb9bc4df79e37af951d19d6bf5e5cb34eef898f23642a9c4a9111ed0b7a08abeeefbbd45c23":0
AES-GCM NIST Validation (AES-256,128,1024,1024,104) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"086b77b5731f971f0bf5b8227361b216746daf8b08c583ad38f114a64aa7877b":"629317212ff8bd8a7676e4c00b81a9577de6397c832f99ac974fa2bbbccb6e3b8aa776db6922eed0b014bf3923799da7d9d0854c8817470e1e2f7fc7a572f9d0316ee60cde7ef025d59b897d29a6fee721aeb2f7bb44f9afb471e8a7b0b43a39b5497a3b4d6beb4b511f0cefa12ce5e6d843609d3e06999acfbee50a22ca1eee":"164058e5e425f9da40d22c9098a16204":"6633eae08a1df85f2d36e162f2d7ddd92b0c56b7477f3c6cdb9919d0e4b1e54ea7635c202dcf52d1c688afbbb15552adda32b4cd30aa462b367f02ded02e0d64eeee2a6b95462b191784143c25607fd08a23a2fbc75cf6bee294daf2042587fdd8fe3d22c3a242c624cf0a51a7c14db4f0f766ec437de4c83b64f23706a24437":104:"2eb6eb6d516ed4cf1778b4e378":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"086b77b5731f971f0bf5b8227361b216746daf8b08c583ad38f114a64aa7877b":"629317212ff8bd8a7676e4c00b81a9577de6397c832f99ac974fa2bbbccb6e3b8aa776db6922eed0b014bf3923799da7d9d0854c8817470e1e2f7fc7a572f9d0316ee60cde7ef025d59b897d29a6fee721aeb2f7bb44f9afb471e8a7b0b43a39b5497a3b4d6beb4b511f0cefa12ce5e6d843609d3e06999acfbee50a22ca1eee":"164058e5e425f9da40d22c9098a16204":"6633eae08a1df85f2d36e162f2d7ddd92b0c56b7477f3c6cdb9919d0e4b1e54ea7635c202dcf52d1c688afbbb15552adda32b4cd30aa462b367f02ded02e0d64eeee2a6b95462b191784143c25607fd08a23a2fbc75cf6bee294daf2042587fdd8fe3d22c3a242c624cf0a51a7c14db4f0f766ec437de4c83b64f23706a24437":104:"2eb6eb6d516ed4cf1778b4e378":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,104) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0f9e806b0d937268561c0eafbbdd14ec715b7e9cef4118d6eb28abbb91266745":"2ae4baef22ace26f464a9b0c75802303f2d7c0f9a1ed1d0180135189765bdd347fea0cc2b73ee7fbbf95ea1fda22597b8aad826f63e744069a9c349488b2cc1cf9372f423cc650302082125724730ae5a4d878e07385ddc99034c6b6b46748f02c80b179fe6406b1d33581950cb9bcd1d1ea1ec7b5becfd6c1f5b279412c433a":"8657996634e74d4689f292645f103a2e":"2ca253355e893e58cb1a900fbb62d61595de5c4186dc8a9129da3657a92b4a631bbdc3d5f86395385a9aa8557b67f886e3bb807620e558c93aea8e65826eadeb21544418ee40f5420c2d2b8270491be6fc2dcbfd12847fa350910dd615e9a1881bc2ced3b0ac3bde445b735e43c0c84f9d120ca5edd655779fc13c6f88b484f7":104:"83155ebb1a42112dd1c474f37b":"87d69fc3cbc757b2b57b180c6ba34db4e20dde19976bfb3d274d32e7cea13f0c7d9e840d59ce857718c985763b7639e448516ddbbda559457cd8cb364fa99addd5ba44ef45c11060d9be82b4ebe1f0711ac95433074649b6c08eeab539fdfc99c77498b420427e4d70e316111845793de1f67fb0d04e3389a8862f46f4582dc8":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0f9e806b0d937268561c0eafbbdd14ec715b7e9cef4118d6eb28abbb91266745":"2ae4baef22ace26f464a9b0c75802303f2d7c0f9a1ed1d0180135189765bdd347fea0cc2b73ee7fbbf95ea1fda22597b8aad826f63e744069a9c349488b2cc1cf9372f423cc650302082125724730ae5a4d878e07385ddc99034c6b6b46748f02c80b179fe6406b1d33581950cb9bcd1d1ea1ec7b5becfd6c1f5b279412c433a":"8657996634e74d4689f292645f103a2e":"2ca253355e893e58cb1a900fbb62d61595de5c4186dc8a9129da3657a92b4a631bbdc3d5f86395385a9aa8557b67f886e3bb807620e558c93aea8e65826eadeb21544418ee40f5420c2d2b8270491be6fc2dcbfd12847fa350910dd615e9a1881bc2ced3b0ac3bde445b735e43c0c84f9d120ca5edd655779fc13c6f88b484f7":104:"83155ebb1a42112dd1c474f37b":"":"87d69fc3cbc757b2b57b180c6ba34db4e20dde19976bfb3d274d32e7cea13f0c7d9e840d59ce857718c985763b7639e448516ddbbda559457cd8cb364fa99addd5ba44ef45c11060d9be82b4ebe1f0711ac95433074649b6c08eeab539fdfc99c77498b420427e4d70e316111845793de1f67fb0d04e3389a8862f46f4582dc8":0
AES-GCM NIST Validation (AES-256,128,1024,1024,96) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c24c17911f6db4b3e37c46bcc6fa35efc1a55f7754f0bb99f2eea93398116447":"0bd92cb106867e25ad427ff6e5f384d2d0f432fc389852187fcc7b0bf9f6d11a102a872b99ed1ad9a05dab0f79fa634745535efed804ff42b0af8dad20ba44709391fb263f245e5a2c52d9ce904179633282f57a1229b0a9c4557a5c0aeda29bbc5a7a871fa8b62d58100c3722c21e51e3b3e913185235526e7a5a91c559717d":"5098cc52a69ee044197e2c000c2d4ab8":"9ad4dee311d854925fc7f10eca4f5dd4e6990cb2d4325da2ef25a9a23690f5c5590be285d33aaeba76506c59edec64b8c3ff8e62716d1c385fbce2a42bc7bd5d8e8584de1944543ab6f340c20911f8b7b3be1a1db18a4bb94119333339de95815cae09365b016edc184e11f3c5b851f1fa92b1b63cfa3872a127109c1294b677":96:"f7930e3fab74a91cb6543e72":"6124ede608d416baa5e653a898ca76e9f47f08403c1984feec112e670ded2226e0073f8881ab2161cfda541dccae19691285f7391a729f07aba18f340bb452c1da39cbe83cf476cfc105b64187e0d2227dd283dcba8b6a350f9956b18861fa131d3f00c034443e8f60e0fdfcfaabbed93381ae374a8bf66523d33646183e1379":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c24c17911f6db4b3e37c46bcc6fa35efc1a55f7754f0bb99f2eea93398116447":"0bd92cb106867e25ad427ff6e5f384d2d0f432fc389852187fcc7b0bf9f6d11a102a872b99ed1ad9a05dab0f79fa634745535efed804ff42b0af8dad20ba44709391fb263f245e5a2c52d9ce904179633282f57a1229b0a9c4557a5c0aeda29bbc5a7a871fa8b62d58100c3722c21e51e3b3e913185235526e7a5a91c559717d":"5098cc52a69ee044197e2c000c2d4ab8":"9ad4dee311d854925fc7f10eca4f5dd4e6990cb2d4325da2ef25a9a23690f5c5590be285d33aaeba76506c59edec64b8c3ff8e62716d1c385fbce2a42bc7bd5d8e8584de1944543ab6f340c20911f8b7b3be1a1db18a4bb94119333339de95815cae09365b016edc184e11f3c5b851f1fa92b1b63cfa3872a127109c1294b677":96:"f7930e3fab74a91cb6543e72":"":"6124ede608d416baa5e653a898ca76e9f47f08403c1984feec112e670ded2226e0073f8881ab2161cfda541dccae19691285f7391a729f07aba18f340bb452c1da39cbe83cf476cfc105b64187e0d2227dd283dcba8b6a350f9956b18861fa131d3f00c034443e8f60e0fdfcfaabbed93381ae374a8bf66523d33646183e1379":0
AES-GCM NIST Validation (AES-256,128,1024,1024,96) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d267a8379260036ff3d1ec07a7b086ff75706bad12d37d9656f04776f3d8b85c":"80c68a330ef50e3e516681f1e535868b03466e7edbb86cb385d01db487da3dd3edad940fdc98d918b7db9b59f8d61369eee2928c88557306c4a13e366af0708d94cb90a15f1c3bc45544bdb05ff964da5e06c5ae965f20adb504620aed7bce2e82f4e408d00219c15ef85fae1ff13fea53deb78afa5f2a50edbd622446e4a894":"674dc34e8c74c51fa42aacd625a1bd5b":"6a9a8af732ae96d0b5a9730ad792e296150d59770a20a3fdbbc2a3a035a88ac445d64f37d684e22003c214b771c1995719da72f3ed24a96618284dd414f0cac364640b23c680dc80492a435c8ec10add53b0d9e3374f1cf5bfc663e3528fa2f6209846421ea6f481b7ecf57714f7bc2527edc4e0466b13e750dd4d4c0cc0cdfc":96:"bea660e963b08fc657741bc8":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d267a8379260036ff3d1ec07a7b086ff75706bad12d37d9656f04776f3d8b85c":"80c68a330ef50e3e516681f1e535868b03466e7edbb86cb385d01db487da3dd3edad940fdc98d918b7db9b59f8d61369eee2928c88557306c4a13e366af0708d94cb90a15f1c3bc45544bdb05ff964da5e06c5ae965f20adb504620aed7bce2e82f4e408d00219c15ef85fae1ff13fea53deb78afa5f2a50edbd622446e4a894":"674dc34e8c74c51fa42aacd625a1bd5b":"6a9a8af732ae96d0b5a9730ad792e296150d59770a20a3fdbbc2a3a035a88ac445d64f37d684e22003c214b771c1995719da72f3ed24a96618284dd414f0cac364640b23c680dc80492a435c8ec10add53b0d9e3374f1cf5bfc663e3528fa2f6209846421ea6f481b7ecf57714f7bc2527edc4e0466b13e750dd4d4c0cc0cdfc":96:"bea660e963b08fc657741bc8":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,96) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c86cb637753010f639fa3aa3bff7c28b74f012ad6090f2a31b0801d086f183ad":"6b7858557e0fd0f957842fb30e8d54dedbc127eb4bbf9de319f731fa28a606df2c046a0bce8ecda4e75d3596e4e988efd6bc279aa005bc52fad92ba07f5b1dfda4cc417029f9778c88d6fe5341a0fd48893dcb7c68d0df310a060f2a5235aee422d380f7209bc0909b2aa7e876044056f0b915dab0bc13cbea5a3b86d40ca802":"87ff6e0bb313502fedf3d2696bff99b5":"2816f1132724f42e40deabab25e325b282f8c615a79e0c98c00d488ee56237537240234966565e46bfb0c50f2b10366d1589620e6e78bd90ade24d38a272f3fff53c09466aa2d3ef793d7f814a064b713821850a6e6a058f5139a1088347a9fa0f54e38abd51ddfc7ef040bf41d188f3f86c973551ced019812c1fc668649621":96:"7859f047f32b51833333accf":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c86cb637753010f639fa3aa3bff7c28b74f012ad6090f2a31b0801d086f183ad":"6b7858557e0fd0f957842fb30e8d54dedbc127eb4bbf9de319f731fa28a606df2c046a0bce8ecda4e75d3596e4e988efd6bc279aa005bc52fad92ba07f5b1dfda4cc417029f9778c88d6fe5341a0fd48893dcb7c68d0df310a060f2a5235aee422d380f7209bc0909b2aa7e876044056f0b915dab0bc13cbea5a3b86d40ca802":"87ff6e0bb313502fedf3d2696bff99b5":"2816f1132724f42e40deabab25e325b282f8c615a79e0c98c00d488ee56237537240234966565e46bfb0c50f2b10366d1589620e6e78bd90ade24d38a272f3fff53c09466aa2d3ef793d7f814a064b713821850a6e6a058f5139a1088347a9fa0f54e38abd51ddfc7ef040bf41d188f3f86c973551ced019812c1fc668649621":96:"7859f047f32b51833333accf":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,64) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c31ca0cac3efe467168198f06beacf39565a6f57f82e1048a5c06a231315882":"65261d6e29b2369b1828a7cef2df9873d6e6057c499301afedd6cb65b5036ddb95f9e353fbf38e54c4f46f88164325b33620ce183beb2e411fbb89a0e0002e542fc161cad32a61ee6f1e1717e0b4dcd0340b116f795bc1009dbbc65bc31c9b549bf03c40bc204cd0d02ec884be907777ebeed8b527ec3af7cbb508193c0745de":"95cae6e85f33f3043182460589be3639":"67523751a9b1b643d00de4511b55e4268cb2d18e79e01a55fc7b677d529bd6400940fb25ea6ae135c1a816e61b69e90b966981aeda685934b107066e1467db78973492ad791e20aef430db3a047447141def8be6e6a9a15089607c3af9368cdb11b7b5fbf90691505d0c33664766945d387904e7089b915a3c28886ba1763bb5":64:"21309d0351cac45e":"1d5f2cb921f54aeb552b4304142facd49497837deb1f00d26fbeddbab922fd80b00dba782961f8fce84f1f7973e81eed6ee168b1760c575c891f40a1dae0fa1a08738025d13ef6e0b30be4f054d874f1b8a2427a19ebb071d98365c32316a88a68c2b40daf1ea831a64519ac3679acb4e04986ecc614ec673c498c6fee459e40":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c31ca0cac3efe467168198f06beacf39565a6f57f82e1048a5c06a231315882":"65261d6e29b2369b1828a7cef2df9873d6e6057c499301afedd6cb65b5036ddb95f9e353fbf38e54c4f46f88164325b33620ce183beb2e411fbb89a0e0002e542fc161cad32a61ee6f1e1717e0b4dcd0340b116f795bc1009dbbc65bc31c9b549bf03c40bc204cd0d02ec884be907777ebeed8b527ec3af7cbb508193c0745de":"95cae6e85f33f3043182460589be3639":"67523751a9b1b643d00de4511b55e4268cb2d18e79e01a55fc7b677d529bd6400940fb25ea6ae135c1a816e61b69e90b966981aeda685934b107066e1467db78973492ad791e20aef430db3a047447141def8be6e6a9a15089607c3af9368cdb11b7b5fbf90691505d0c33664766945d387904e7089b915a3c28886ba1763bb5":64:"21309d0351cac45e":"":"1d5f2cb921f54aeb552b4304142facd49497837deb1f00d26fbeddbab922fd80b00dba782961f8fce84f1f7973e81eed6ee168b1760c575c891f40a1dae0fa1a08738025d13ef6e0b30be4f054d874f1b8a2427a19ebb071d98365c32316a88a68c2b40daf1ea831a64519ac3679acb4e04986ecc614ec673c498c6fee459e40":0
AES-GCM NIST Validation (AES-256,128,1024,1024,64) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca9fa36ca2159dff9723f6cfdb13280446eb6bc3688043c7e2e2504184791596":"ac04c4293554cd832aa400c811cb202d815d6178aa1343b4628592b7f3ae45dc5f12ea47be4b43e1865f40b06ab67b3a9fb3644248a9b3efe131a8addb7447978bb51ccf749e75574fea60e8781677200af023b2f8c415f4e6d8c575a9e374916d9ec3a612b16e37beb589444b588e0b770d9f8e818ad83f83aa4ecf386d17a7":"d13ca73365e57114fc698ee60ba0ad84":"2aa510b7f1620bfce90080e0e25f5468dbc5314b50914e793b5278369c51ac017eace9fd15127fca5a726ad9e67bdee5af298988d9a57ec4bbc43d4eb849535eb10521ac7cd7ed647479a42876af2ebc9e2108b539febdaa9127c49bda1bda800f6034050b8576e944311dfbca59d64d259571b6d2ed5b2fc07127239b03f4b7":64:"2111d55d96a4d84d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca9fa36ca2159dff9723f6cfdb13280446eb6bc3688043c7e2e2504184791596":"ac04c4293554cd832aa400c811cb202d815d6178aa1343b4628592b7f3ae45dc5f12ea47be4b43e1865f40b06ab67b3a9fb3644248a9b3efe131a8addb7447978bb51ccf749e75574fea60e8781677200af023b2f8c415f4e6d8c575a9e374916d9ec3a612b16e37beb589444b588e0b770d9f8e818ad83f83aa4ecf386d17a7":"d13ca73365e57114fc698ee60ba0ad84":"2aa510b7f1620bfce90080e0e25f5468dbc5314b50914e793b5278369c51ac017eace9fd15127fca5a726ad9e67bdee5af298988d9a57ec4bbc43d4eb849535eb10521ac7cd7ed647479a42876af2ebc9e2108b539febdaa9127c49bda1bda800f6034050b8576e944311dfbca59d64d259571b6d2ed5b2fc07127239b03f4b7":64:"2111d55d96a4d84d":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,64) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2f802e838250064c15fdee28d7bd4872850355870847701ad9742b2d6eb4b0c0":"e2ca8c8d172ff90232879f510d1225af91bc323bdf636363c2903fcd1790692c8bcb03a1cccb18814678852c6b3a441552e541b843ee5e4f86a152fa73d05aea659fe08aa6428bb257eaa2a7b579fdc4022c1dec359a854253c1aefc983c5ede8c97517ea69fc4606e25f13ffb0f5f49160691454fbb74e704326738353525f7":"2dd550cfd97f8e1d8d31ba5537ae4710":"72b9630dda40306e785b961934c56e20948f8eac0e981f49787eb3dbd6e4607f7d08d10ca643746bf1efa7e5066993683d527a90f2d45ec9cf73113f1f17bb67958be669acd4e2927f1dacfde902cd3048056d7f6dfdd8630ff054efce4526db7c9321d6d2be2236f4d60e27b89d8ec94f65a06dc0953c8c4533a51b6a29bd2c":64:"bd6c8823c9005c85":"f6dd0b5f3d1a393a1837112962dba175a13c2d1e525ef95734caf34949d8b2d63b4fe5603226b5f632f2d7f927361ba639dc0e3c63414f45462342695916d5792133b4a24c7c4cbe2b97c712bf27ab62d3d68b3875d58ffe4b7c30a8171bff1a9e2f3995768faacda2ea9213ff35798b9e4513f6a87bd3f5a9d93e847e768359":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2f802e838250064c15fdee28d7bd4872850355870847701ad9742b2d6eb4b0c0":"e2ca8c8d172ff90232879f510d1225af91bc323bdf636363c2903fcd1790692c8bcb03a1cccb18814678852c6b3a441552e541b843ee5e4f86a152fa73d05aea659fe08aa6428bb257eaa2a7b579fdc4022c1dec359a854253c1aefc983c5ede8c97517ea69fc4606e25f13ffb0f5f49160691454fbb74e704326738353525f7":"2dd550cfd97f8e1d8d31ba5537ae4710":"72b9630dda40306e785b961934c56e20948f8eac0e981f49787eb3dbd6e4607f7d08d10ca643746bf1efa7e5066993683d527a90f2d45ec9cf73113f1f17bb67958be669acd4e2927f1dacfde902cd3048056d7f6dfdd8630ff054efce4526db7c9321d6d2be2236f4d60e27b89d8ec94f65a06dc0953c8c4533a51b6a29bd2c":64:"bd6c8823c9005c85":"":"f6dd0b5f3d1a393a1837112962dba175a13c2d1e525ef95734caf34949d8b2d63b4fe5603226b5f632f2d7f927361ba639dc0e3c63414f45462342695916d5792133b4a24c7c4cbe2b97c712bf27ab62d3d68b3875d58ffe4b7c30a8171bff1a9e2f3995768faacda2ea9213ff35798b9e4513f6a87bd3f5a9d93e847e768359":0
AES-GCM NIST Validation (AES-256,128,1024,1024,32) #0
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"84dd53ce0146cb71c32776033bb243098d78a22ac17f52a62a122f5653fb4e33":"68222bffa782dcfe4f328fc20eb520e75a9a5fedbe13ec7fcf0e82fba08bb87a8a8e02902638e32fe0e2294344b380797f8028426ffcc0531c739c884892394c48ff0779c5f5edf0a36a3fb8aa91213347774ec4bf0fe1049bd53746b13beef3c637169826c367056cb1aa0a3868e23f886a9c7b8015c26af9e40794662f6b21":"f0c90a1bca52f30fab3670df0d3beab0":"a3ea8032f36a5ca3d7a1088fd08ac50ae6bdc06ad3a534b773ac3e3d4a3d524499e56274a0062c58c3b0685cc850f4725e5c221af8f51c6df2bbd5fbcff4a93ba4c1054f7f9c67fd9285511a08d328d76a642f067227d378f95a1e67587b90251f9103ed3cacdb6bf69e0794e366d8b92d8de37b4e028de0778841f356ac044d":32:"b1ece9fb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"84dd53ce0146cb71c32776033bb243098d78a22ac17f52a62a122f5653fb4e33":"68222bffa782dcfe4f328fc20eb520e75a9a5fedbe13ec7fcf0e82fba08bb87a8a8e02902638e32fe0e2294344b380797f8028426ffcc0531c739c884892394c48ff0779c5f5edf0a36a3fb8aa91213347774ec4bf0fe1049bd53746b13beef3c637169826c367056cb1aa0a3868e23f886a9c7b8015c26af9e40794662f6b21":"f0c90a1bca52f30fab3670df0d3beab0":"a3ea8032f36a5ca3d7a1088fd08ac50ae6bdc06ad3a534b773ac3e3d4a3d524499e56274a0062c58c3b0685cc850f4725e5c221af8f51c6df2bbd5fbcff4a93ba4c1054f7f9c67fd9285511a08d328d76a642f067227d378f95a1e67587b90251f9103ed3cacdb6bf69e0794e366d8b92d8de37b4e028de0778841f356ac044d":32:"b1ece9fb":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,32) #1
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bb36fe25e966a075ae2c3bb43b5877679ebc379d5123c8eda3fa0e30b95cae0":"fb3a4be643c10343251c6f0745aaa54349463f622ca04a792e9b4780866844b30aeef3269fc60cac0ea031c5f3780b535e15154f7c76eb4a371b8ae368550f3fa2ce693c34511ec96b839cac567f1b0de0e7e3116d729b45d1b16e453703a43db73f5d0c3e430f16b142420b5f0d26d72ac3dba543d7d813603b0bfdca3dd63e":"59869df4ef5754b406478a2fb608ee99":"ecd125682e8a8e26757c888b0c8b95dec5e7ed7ac991768f93e8af5bcf6f21ed4d4d38699ee7984ed13635fff72f938150157c9a27fcda121ffced7b492d2b18dad299cb6495ed5f68441aefc8219d2cf717d15d5cd2dbce4606fcf90fe45f3601127cf6acee210bd7df97309f773974a35bef1d33df984101c2fc9d4b55259e":32:"cb3f5338":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bb36fe25e966a075ae2c3bb43b5877679ebc379d5123c8eda3fa0e30b95cae0":"fb3a4be643c10343251c6f0745aaa54349463f622ca04a792e9b4780866844b30aeef3269fc60cac0ea031c5f3780b535e15154f7c76eb4a371b8ae368550f3fa2ce693c34511ec96b839cac567f1b0de0e7e3116d729b45d1b16e453703a43db73f5d0c3e430f16b142420b5f0d26d72ac3dba543d7d813603b0bfdca3dd63e":"59869df4ef5754b406478a2fb608ee99":"ecd125682e8a8e26757c888b0c8b95dec5e7ed7ac991768f93e8af5bcf6f21ed4d4d38699ee7984ed13635fff72f938150157c9a27fcda121ffced7b492d2b18dad299cb6495ed5f68441aefc8219d2cf717d15d5cd2dbce4606fcf90fe45f3601127cf6acee210bd7df97309f773974a35bef1d33df984101c2fc9d4b55259e":32:"cb3f5338":"FAIL":"":0
AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2
depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":32:"3105dddb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":32:"3105dddb":"FAIL":"":0
AES-GCM Bad IV (AES-256,128,0,0,32) #0
depends_on:MBEDTLS_AES_C
diff --git a/tests/suites/test_suite_gcm.camellia.data b/tests/suites/test_suite_gcm.camellia.data
index 5f739d5..9b71d7c 100644
--- a/tests/suites/test_suite_gcm.camellia.data
+++ b/tests/suites/test_suite_gcm.camellia.data
@@ -72,144 +72,144 @@
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #1 (128-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"":"000000000000000000000000":"":128:"f5574acc3148dfcb9015200631024df9":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"":"000000000000000000000000":"":128:"f5574acc3148dfcb9015200631024df9":"":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #2 (128-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"defe3e0b5c54c94b4f2a0f5a46f6210d":"000000000000000000000000":"":128:"f672b94d192266c7c8c8dbb427cc989a":"00000000000000000000000000000000":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"defe3e0b5c54c94b4f2a0f5a46f6210d":"000000000000000000000000":"":128:"f672b94d192266c7c8c8dbb427cc989a":"":"00000000000000000000000000000000":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #3 (128-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f8260614bab815":"cafebabefacedbaddecaf888":"":128:"86e318012dd8329dc9dae6a170f61b24":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f8260614bab815":"cafebabefacedbaddecaf888":"":128:"86e318012dd8329dc9dae6a170f61b24":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #4 (128-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f82606":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"9f458869431576ea6a095456ec6b8101":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f82606":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"9f458869431576ea6a095456ec6b8101":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #5 (128-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"28fd7434d5cd424a5353818fc21a982460d20cf632eb1e6c4fbfca17d5abcf6a52111086162fe9570e7774c7a912aca3dfa10067ddaad40688645bdd":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"e86f8f2e730c49d536f00fb5225d28b1":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"28fd7434d5cd424a5353818fc21a982460d20cf632eb1e6c4fbfca17d5abcf6a52111086162fe9570e7774c7a912aca3dfa10067ddaad40688645bdd":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"e86f8f2e730c49d536f00fb5225d28b1":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #6 (128-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"2e582b8417c93f2ff4f6f7ee3c361e4496e710ee12433baa964987d02f42953e402e6f4af407fe08cd2f35123696014c34db19128df4056faebcd647":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"ceae5569b2af8641572622731aed3e53":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"2e582b8417c93f2ff4f6f7ee3c361e4496e710ee12433baa964987d02f42953e402e6f4af407fe08cd2f35123696014c34db19128df4056faebcd647":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"ceae5569b2af8641572622731aed3e53":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #7 (192-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"":"000000000000000000000000":"":128:"ba9ae89fddce4b51131e17c4d65ce587":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"":"000000000000000000000000":"":128:"ba9ae89fddce4b51131e17c4d65ce587":"":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #8 (192-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"8f9c0aa2549714c88bb2665e8af86d41":"000000000000000000000000":"":128:"783cff5c5aca7197320658a74279ab37":"00000000000000000000000000000000":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"8f9c0aa2549714c88bb2665e8af86d41":"000000000000000000000000":"":128:"783cff5c5aca7197320658a74279ab37":"":"00000000000000000000000000000000":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #9 (192-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6a60bb2e9":"cafebabefacedbaddecaf888":"":128:"8d645a0b0e48d3c3b60a014157cb49b4":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6a60bb2e9":"cafebabefacedbaddecaf888":"":128:"8d645a0b0e48d3c3b60a014157cb49b4":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #10 (192-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"01b15bb5ab6fac0c422014e91eacbf2b":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"01b15bb5ab6fac0c422014e91eacbf2b":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #11 (192-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"678b3dcb270faa206dc5f6fbb5014996e86d6f3e35cdcdfeb03b37b9b06ff4ff2682248823bd3c84124dc76af7bde3dd440c228b5efbc795dd80dfb6":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"f876143d933214a5035ff0bb96ff650b":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"678b3dcb270faa206dc5f6fbb5014996e86d6f3e35cdcdfeb03b37b9b06ff4ff2682248823bd3c84124dc76af7bde3dd440c228b5efbc795dd80dfb6":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"f876143d933214a5035ff0bb96ff650b":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #12 (192-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"9733ea567c3bad2259ccd63ef7012f5de709e50b1fdc31f1a16db02ede1b66f11dcc4d953f2d4d4671587b65882afbf9545fdb6deab22413d091b703":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4b72e520b2521e63d240ed5c903216fa":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"9733ea567c3bad2259ccd63ef7012f5de709e50b1fdc31f1a16db02ede1b66f11dcc4d953f2d4d4671587b65882afbf9545fdb6deab22413d091b703":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4b72e520b2521e63d240ed5c903216fa":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #13 (256-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000000":"":"000000000000000000000000":"":128:"9cdb269b5d293bc5db9c55b057d9b591":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000000":"":"000000000000000000000000":"":128:"9cdb269b5d293bc5db9c55b057d9b591":"":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #14 (256-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000000":"3d4b2cde666761ba5dfb305178e667fb":"000000000000000000000000":"":128:"284b63bb143c40ce100fb4dea6bb617b":"00000000000000000000000000000000":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000000":"3d4b2cde666761ba5dfb305178e667fb":"000000000000000000000000":"":128:"284b63bb143c40ce100fb4dea6bb617b":"":"00000000000000000000000000000000":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #15 (256-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b776549e092":"cafebabefacedbaddecaf888":"":128:"c912686270a2b9966415fca3be75c468":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b776549e092":"cafebabefacedbaddecaf888":"":128:"c912686270a2b9966415fca3be75c468":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #16 (256-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b77":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4e4b178d8fe26fdc95e2e7246dd94bec":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b77":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4e4b178d8fe26fdc95e2e7246dd94bec":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #17 (256-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"6ca95fbb7d16577a9ef2fded94dc85b5d40c629f6bef2c649888e3cbb0ededc7810c04b12c2983bbbbc482e16e45c9215ae12c15c55f2f4809d06652":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"e6472b8ebd331bfcc7c0fa63ce094461":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"6ca95fbb7d16577a9ef2fded94dc85b5d40c629f6bef2c649888e3cbb0ededc7810c04b12c2983bbbbc482e16e45c9215ae12c15c55f2f4809d06652":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"e6472b8ebd331bfcc7c0fa63ce094461":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #18 (256-de)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"e0cddd7564d09c4dc522dd65949262bbf9dcdb07421cf67f3032becb7253c284a16e5bf0f556a308043f53fab9eebb526be7f7ad33d697ac77c67862":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"5791883f822013f8bd136fc36fb9946b":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"e0cddd7564d09c4dc522dd65949262bbf9dcdb07421cf67f3032becb7253c284a16e5bf0f556a308043f53fab9eebb526be7f7ad33d697ac77c67862":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"5791883f822013f8bd136fc36fb9946b":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #1 (128-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"":"000000000000000000000000":"":128:"f5574acc3148dfcb9015200631024df8":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"":"000000000000000000000000":"":128:"f5574acc3148dfcb9015200631024df8":"FAIL":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #2 (128-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"defe3e0b5c54c94b4f2a0f5a46f7210d":"000000000000000000000000":"":128:"f672b94d192266c7c8c8dbb427cc989a":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"defe3e0b5c54c94b4f2a0f5a46f7210d":"000000000000000000000000":"":128:"f672b94d192266c7c8c8dbb427cc989a":"FAIL":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #3 (128-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f8260614bab815":"cafebabefacedbaddecaf889":"":128:"86e318012dd8329dc9dae6a170f61b24":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f8260614bab815":"cafebabefacedbaddecaf889":"":128:"86e318012dd8329dc9dae6a170f61b24":"FAIL":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #4 (128-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f82606":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"9f458869431576ea6a095456ec6b8100":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f82606":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"9f458869431576ea6a095456ec6b8100":"FAIL":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #5 (128-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"28fd7434d5cd424a5353818fc21a982460d20cf632eb1e6c4fbfca17d5abcf6a52111086162fe9570e7774c7a912aca3dfa10067ddaad40688645bdd":"cafebabefacedbad":"feedfadedeadbeeffeedfacedeadbeefabaddad2":128:"e86f8f2e730c49d536f00fb5225d28b1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"28fd7434d5cd424a5353818fc21a982460d20cf632eb1e6c4fbfca17d5abcf6a52111086162fe9570e7774c7a912aca3dfa10067ddaad40688645bdd":"cafebabefacedbad":"feedfadedeadbeeffeedfacedeadbeefabaddad2":128:"e86f8f2e730c49d536f00fb5225d28b1":"FAIL":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #6 (128-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"2e582b8417c83f2ff4f6f7ee3c361e4496e710ee12433baa964987d02f42953e402e6f4af407fe08cd2f35123696014c34db19128df4056faebcd647":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"ceae5569b2af8641572622731aed3e53":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"2e582b8417c83f2ff4f6f7ee3c361e4496e710ee12433baa964987d02f42953e402e6f4af407fe08cd2f35123696014c34db19128df4056faebcd647":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"ceae5569b2af8641572622731aed3e53":"FAIL":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #7 (192-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"":"000000000000000000000000":"":128:"ba9ae89fddce4b51131e17c4d65ce586":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"":"000000000000000000000000":"":128:"ba9ae89fddce4b51131e17c4d65ce586":"FAIL":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #8 (192-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"8f9c0aa2549714c88bb2665e8af86d42":"000000000000000000000000":"":128:"783cff5c5aca7197320658a74279ab37":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"8f9c0aa2549714c88bb2665e8af86d42":"000000000000000000000000":"":128:"783cff5c5aca7197320658a74279ab37":"FAIL":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #9 (192-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"ffffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6a60bb2e9":"cafebabefacedbaddecaf888":"":128:"8d645a0b0e48d3c3b60a014157cb49b4":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"ffffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6a60bb2e9":"cafebabefacedbaddecaf888":"":128:"8d645a0b0e48d3c3b60a014157cb49b4":"FAIL":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #10 (192-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"11b15bb5ab6fac0c422014e91eacbf2b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"11b15bb5ab6fac0c422014e91eacbf2b":"FAIL":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #11 (192-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"678b3dcb270faa206dc5f6fbb5014996e86d6f3e35cdcdfeb03b37b9b06ff4ff2682248823bd3c84124dc76af7bde3dd440c228b5efbc795dd80dfb6":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad3":128:"f876143d933214a5035ff0bb96ff650b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"678b3dcb270faa206dc5f6fbb5014996e86d6f3e35cdcdfeb03b37b9b06ff4ff2682248823bd3c84124dc76af7bde3dd440c228b5efbc795dd80dfb6":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad3":128:"f876143d933214a5035ff0bb96ff650b":"FAIL":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #12 (192-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"9733ea567c3bad2259ccd63ef7012f5de709e50b1fdc31f1a16db02ede1b66f11dcc4d953f2d4d4671587b65882afbf9545fdb6deab22413d091b703":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a328a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4b72e520b2521e63d240ed5c903216fa":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"9733ea567c3bad2259ccd63ef7012f5de709e50b1fdc31f1a16db02ede1b66f11dcc4d953f2d4d4671587b65882afbf9545fdb6deab22413d091b703":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a328a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4b72e520b2521e63d240ed5c903216fa":"FAIL":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #13 (256-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000001":"":"000000000000000000000000":"":128:"9cdb269b5d293bc5db9c55b057d9b591":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000001":"":"000000000000000000000000":"":128:"9cdb269b5d293bc5db9c55b057d9b591":"FAIL":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #14 (256-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000000":"3d4b2cde666761ba5dfb305178e667fb":"000000000000000000000001":"":128:"284b63bb143c40ce100fb4dea6bb617b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000000":"3d4b2cde666761ba5dfb305178e667fb":"000000000000000000000001":"":128:"284b63bb143c40ce100fb4dea6bb617b":"FAIL":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #15 (256-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4949d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b776549e092":"cafebabefacedbaddecaf888":"":128:"c912686270a2b9966415fca3be75c468":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4949d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b776549e092":"cafebabefacedbaddecaf888":"":128:"c912686270a2b9966415fca3be75c468":"FAIL":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #16 (256-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b77":"cafebabefacedbaddecaf888":"ffedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4e4b178d8fe26fdc95e2e7246dd94bec":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b77":"cafebabefacedbaddecaf888":"ffedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4e4b178d8fe26fdc95e2e7246dd94bec":"FAIL":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #17 (256-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"6ca95fbb7d16577a9ef2fded94dc85b5d40c629f6bef2c649888e3cbb0ededc7810c04b12c2983bbbbc482e16e45c9215ae12c15c55f2f4809d06652":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"e6472b8ebd331bfcc7c0fa63ce094462":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"6ca95fbb7d16577a9ef2fded94dc85b5d40c629f6bef2c649888e3cbb0ededc7810c04b12c2983bbbbc482e16e45c9215ae12c15c55f2f4809d06652":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"e6472b8ebd331bfcc7c0fa63ce094462":"FAIL":"":0
Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #18 (256-bad)
depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a9f9467308308feffe9928665731c6d6a8f9467308308":"e0cddd7564d09c4dc522dd65949262bbf9dcdb07421cf67f3032becb7253c284a16e5bf0f556a308043f53fab9eebb526be7f7ad33d697ac77c67862":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"5791883f822013f8bd136fc36fb9946b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a9f9467308308feffe9928665731c6d6a8f9467308308":"e0cddd7564d09c4dc522dd65949262bbf9dcdb07421cf67f3032becb7253c284a16e5bf0f556a308043f53fab9eebb526be7f7ad33d697ac77c67862":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"5791883f822013f8bd136fc36fb9946b":"FAIL":"":0
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 3d0830e..1fcb681 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -9,41 +9,23 @@
/* BEGIN_CASE */
void gcm_bad_parameters( int cipher_id, int direction,
- char *hex_key_string, char *hex_src_string,
- char *hex_iv_string, char *hex_add_string,
+ data_t *key_str, data_t *src_str,
+ data_t *iv_str, data_t *add_str,
int tag_len_bits, int gcm_result )
{
- unsigned char key_str[128];
- unsigned char src_str[128];
- unsigned char dst_str[257];
- unsigned char iv_str[128];
- unsigned char add_str[128];
- unsigned char tag_str[128];
unsigned char output[128];
unsigned char tag_output[16];
mbedtls_gcm_context ctx;
- unsigned int key_len;
- size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8;
+ size_t tag_len = tag_len_bits / 8;
mbedtls_gcm_init( &ctx );
- memset( key_str, 0x00, sizeof( key_str ) );
- memset( src_str, 0x00, sizeof( src_str ) );
- memset( dst_str, 0x00, sizeof( dst_str ) );
- memset( iv_str, 0x00, sizeof( iv_str ) );
- memset( add_str, 0x00, sizeof( add_str ) );
- memset( tag_str, 0x00, sizeof( tag_str ) );
memset( output, 0x00, sizeof( output ) );
memset( tag_output, 0x00, sizeof( tag_output ) );
- key_len = unhexify( key_str, hex_key_string );
- pt_len = unhexify( src_str, hex_src_string );
- iv_len = unhexify( iv_str, hex_iv_string );
- add_len = unhexify( add_str, hex_add_string );
-
- TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == 0 );
- TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, direction, pt_len, iv_str, iv_len,
- add_str, add_len, src_str, output, tag_len, tag_output ) == gcm_result );
+ TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 );
+ TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, direction, src_str->len, iv_str->x, iv_str->len,
+ add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == gcm_result );
exit:
mbedtls_gcm_free( &ctx );
@@ -51,49 +33,30 @@
/* END_CASE */
/* BEGIN_CASE */
-void gcm_encrypt_and_tag( int cipher_id,
- char *hex_key_string, char *hex_src_string,
- char *hex_iv_string, char *hex_add_string,
- char *hex_dst_string, int tag_len_bits,
- char *hex_tag_string, int init_result )
+void gcm_encrypt_and_tag( int cipher_id, data_t * key_str,
+ data_t * src_str, data_t * iv_str,
+ data_t * add_str, data_t * hex_dst_string,
+ int tag_len_bits, data_t * hex_tag_string,
+ int init_result )
{
- unsigned char key_str[128];
- unsigned char src_str[128];
- unsigned char dst_str[257];
- unsigned char iv_str[128];
- unsigned char add_str[128];
- unsigned char tag_str[128];
unsigned char output[128];
unsigned char tag_output[16];
mbedtls_gcm_context ctx;
- unsigned int key_len;
- size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8;
+ size_t tag_len = tag_len_bits / 8;
mbedtls_gcm_init( &ctx );
- memset(key_str, 0x00, 128);
- memset(src_str, 0x00, 128);
- memset(dst_str, 0x00, 257);
- memset(iv_str, 0x00, 128);
- memset(add_str, 0x00, 128);
- memset(tag_str, 0x00, 128);
memset(output, 0x00, 128);
memset(tag_output, 0x00, 16);
- key_len = unhexify( key_str, hex_key_string );
- pt_len = unhexify( src_str, hex_src_string );
- iv_len = unhexify( iv_str, hex_iv_string );
- add_len = unhexify( add_str, hex_add_string );
- TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == init_result );
+ TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == init_result );
if( init_result == 0 )
{
- TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, pt_len, iv_str, iv_len, add_str, add_len, src_str, output, tag_len, tag_output ) == 0 );
- hexify( dst_str, output, pt_len );
- hexify( tag_str, tag_output, tag_len );
+ TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == 0 );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
- TEST_ASSERT( strcmp( (char *) tag_str, hex_tag_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( hexcmp( tag_output, hex_tag_string->x, tag_len, hex_tag_string->len ) == 0 );
}
exit:
@@ -102,55 +65,36 @@
/* END_CASE */
/* BEGIN_CASE */
-void gcm_decrypt_and_verify( int cipher_id,
- char *hex_key_string, char *hex_src_string,
- char *hex_iv_string, char *hex_add_string,
- int tag_len_bits, char *hex_tag_string,
- char *pt_result, int init_result )
+void gcm_decrypt_and_verify( int cipher_id, data_t * key_str,
+ data_t * src_str, data_t * iv_str,
+ data_t * add_str, int tag_len_bits,
+ data_t * tag_str, char * result,
+ data_t * pt_result, int init_result )
{
- unsigned char key_str[128];
- unsigned char src_str[128];
- unsigned char dst_str[257];
- unsigned char iv_str[128];
- unsigned char add_str[128];
- unsigned char tag_str[128];
unsigned char output[128];
mbedtls_gcm_context ctx;
- unsigned int key_len;
- size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8;
int ret;
+ size_t tag_len = tag_len_bits / 8;
mbedtls_gcm_init( &ctx );
- memset(key_str, 0x00, 128);
- memset(src_str, 0x00, 128);
- memset(dst_str, 0x00, 257);
- memset(iv_str, 0x00, 128);
- memset(add_str, 0x00, 128);
- memset(tag_str, 0x00, 128);
memset(output, 0x00, 128);
- key_len = unhexify( key_str, hex_key_string );
- pt_len = unhexify( src_str, hex_src_string );
- iv_len = unhexify( iv_str, hex_iv_string );
- add_len = unhexify( add_str, hex_add_string );
- unhexify( tag_str, hex_tag_string );
- TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == init_result );
+ TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == init_result );
if( init_result == 0 )
{
- ret = mbedtls_gcm_auth_decrypt( &ctx, pt_len, iv_str, iv_len, add_str, add_len, tag_str, tag_len, src_str, output );
+ ret = mbedtls_gcm_auth_decrypt( &ctx, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, tag_str->x, tag_len, src_str->x, output );
- if( strcmp( "FAIL", pt_result ) == 0 )
+ if( strcmp( "FAIL", result ) == 0 )
{
TEST_ASSERT( ret == MBEDTLS_ERR_GCM_AUTH_FAILED );
}
else
{
TEST_ASSERT( ret == 0 );
- hexify( dst_str, output, pt_len );
- TEST_ASSERT( strcmp( (char *) dst_str, pt_result ) == 0 );
+ TEST_ASSERT( hexcmp( output, pt_result->x, src_str->len, pt_result->len ) == 0 );
}
}
@@ -159,8 +103,177 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void gcm_invalid_param( )
+{
+ mbedtls_gcm_context ctx;
+ unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
+ mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES;
+ int valid_mode = MBEDTLS_GCM_ENCRYPT;
+ int valid_len = sizeof(valid_buffer);
+ int valid_bitlen = 128, invalid_bitlen = 1;
+
+ mbedtls_gcm_init( &ctx );
+
+ /* mbedtls_gcm_init() */
+ TEST_INVALID_PARAM( mbedtls_gcm_init( NULL ) );
+
+ /* mbedtls_gcm_setkey */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_setkey( &ctx, valid_cipher, valid_buffer, invalid_bitlen ) );
+
+ /* mbedtls_gcm_crypt_and_tag() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_crypt_and_tag( NULL, valid_mode, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_len, valid_buffer ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_len, valid_buffer ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_buffer,
+ valid_len, valid_buffer ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_buffer,
+ valid_len, valid_buffer ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, NULL,
+ valid_len, valid_buffer ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer,
+ valid_len, NULL ) );
+
+ /* mbedtls_gcm_auth_decrypt() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_auth_decrypt( NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_auth_decrypt( &ctx, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_auth_decrypt( &ctx, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_buffer) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_auth_decrypt( &ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_len,
+ valid_buffer, valid_buffer) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_auth_decrypt( &ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ NULL, valid_buffer) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_auth_decrypt( &ctx, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len,
+ valid_buffer, NULL) );
+
+ /* mbedtls_gcm_starts() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_starts( NULL, valid_mode,
+ valid_buffer, valid_len,
+ valid_buffer, valid_len ) );
+
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_starts( &ctx, valid_mode,
+ NULL, valid_len,
+ valid_buffer, valid_len ) );
+
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_starts( &ctx, valid_mode,
+ valid_buffer, valid_len,
+ NULL, valid_len ) );
+
+ /* mbedtls_gcm_update() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_update( NULL, valid_len,
+ valid_buffer, valid_buffer ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_update( &ctx, valid_len,
+ NULL, valid_buffer ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_update( &ctx, valid_len,
+ valid_buffer, NULL ) );
+
+ /* mbedtls_gcm_finish() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_finish( NULL, valid_buffer, valid_len ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_GCM_BAD_INPUT,
+ mbedtls_gcm_finish( &ctx, NULL, valid_len ) );
+
+exit:
+ mbedtls_gcm_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void gcm_valid_param( )
+{
+ TEST_VALID_PARAM( mbedtls_gcm_free( NULL ) );
+exit:
+ return;
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void gcm_selftest()
+void gcm_selftest( )
{
TEST_ASSERT( mbedtls_gcm_self_test( 1 ) == 0 );
}
diff --git a/tests/suites/test_suite_gcm.misc.data b/tests/suites/test_suite_gcm.misc.data
new file mode 100644
index 0000000..cf01526
--- /dev/null
+++ b/tests/suites/test_suite_gcm.misc.data
@@ -0,0 +1,5 @@
+GCM - Invalid parameters
+gcm_invalid_param:
+
+GCM - Valid parameters
+gcm_valid_param:
diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function
index c85a51a..3e87207 100644
--- a/tests/suites/test_suite_hkdf.function
+++ b/tests/suites/test_suite_hkdf.function
@@ -14,12 +14,16 @@
{
int ret;
size_t ikm_len, salt_len, info_len, okm_len;
- unsigned char ikm[1024] = { '\0' };
- unsigned char salt[1024] = { '\0' };
- unsigned char info[1024] = { '\0' };
- unsigned char expected_okm[1024] = { '\0' };
- unsigned char okm[1024] = { '\0' };
- unsigned char okm_string[1000] = { '\0' };
+ unsigned char ikm[128] = { '\0' };
+ unsigned char salt[128] = { '\0' };
+ unsigned char info[128] = { '\0' };
+ unsigned char expected_okm[128] = { '\0' };
+ unsigned char okm[128] = { '\0' };
+ /*
+ * okm_hex is the string representation of okm,
+ * so its size is twice the size of okm, and an extra null-termination.
+ */
+ unsigned char okm_hex[257] = { '\0' };
const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md != NULL );
@@ -34,8 +38,8 @@
TEST_ASSERT( ret == 0 );
// Run hexify on it so that it looks nicer if the assertion fails
- hexify( okm_string, okm, okm_len );
- TEST_ASSERT( !strcmp( (char *)okm_string, hex_okm_string ) );
+ hexify( okm_hex, okm, okm_len );
+ TEST_ASSERT( !strcmp( (char *)okm_hex, hex_okm_string ) );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function
index a413f5e..13bc400 100644
--- a/tests/suites/test_suite_hmac_drbg.function
+++ b/tests/suites/test_suite_hmac_drbg.function
@@ -1,5 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/hmac_drbg.h"
+#include "string.h"
typedef struct
{
@@ -109,7 +110,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void hmac_drbg_seed_file( int md_alg, char *path, int ret )
+void hmac_drbg_seed_file( int md_alg, char * path, int ret )
{
const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx;
@@ -160,59 +161,47 @@
/* END_CASE */
/* BEGIN_CASE */
-void hmac_drbg_no_reseed( int md_alg,
- char *entropy_hex, char *custom_hex,
- char *add1_hex, char *add2_hex,
- char *output_hex )
+void hmac_drbg_no_reseed( int md_alg, data_t * entropy,
+ data_t * custom, data_t * add1,
+ data_t * add2, data_t * output )
{
unsigned char data[1024];
- unsigned char entropy[512];
- unsigned char custom[512];
- unsigned char add1[512];
- unsigned char add2[512];
- unsigned char output[512];
unsigned char my_output[512];
- size_t custom_len, add1_len, add2_len, out_len;
entropy_ctx p_entropy;
const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx;
mbedtls_hmac_drbg_init( &ctx );
- memset( my_output, 0, sizeof my_output );
- custom_len = unhexify( custom, custom_hex );
- add1_len = unhexify( add1, add1_hex );
- add2_len = unhexify( add2, add2_hex );
- out_len = unhexify( output, output_hex );
- p_entropy.len = unhexify( entropy, entropy_hex );
- p_entropy.p = entropy;
+ p_entropy.p = entropy->x;
+ p_entropy.len = entropy->len;
md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL );
/* Test the simplified buffer-based variant */
- memcpy( data, entropy, p_entropy.len );
- memcpy( data + p_entropy.len, custom, custom_len );
+ memcpy( data, entropy->x, p_entropy.len );
+ memcpy( data + p_entropy.len, custom->x, custom->len );
TEST_ASSERT( mbedtls_hmac_drbg_seed_buf( &ctx, md_info,
- data, p_entropy.len + custom_len ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
- add1, add1_len ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
- add2, add2_len ) == 0 );
+ data, p_entropy.len + custom->len ) == 0 );
+ TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
+ add1->x, add1->len ) == 0 );
+ TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
+ add2->x, add2->len ) == 0 );
/* clear for second run */
mbedtls_hmac_drbg_free( &ctx );
- TEST_ASSERT( memcmp( my_output, output, out_len ) == 0 );
+ TEST_ASSERT( memcmp( my_output, output->x, output->len ) == 0 );
/* And now the normal entropy-based variant */
TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &p_entropy,
- custom, custom_len ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
- add1, add1_len ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
- add2, add2_len ) == 0 );
- TEST_ASSERT( memcmp( my_output, output, out_len ) == 0 );
+ custom->x, custom->len ) == 0 );
+ TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
+ add1->x, add1->len ) == 0 );
+ TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
+ add2->x, add2->len ) == 0 );
+ TEST_ASSERT( memcmp( my_output, output->x, output->len ) == 0 );
exit:
mbedtls_hmac_drbg_free( &ctx );
@@ -220,46 +209,32 @@
/* END_CASE */
/* BEGIN_CASE */
-void hmac_drbg_nopr( int md_alg,
- char *entropy_hex, char *custom_hex,
- char *add1_hex, char *add2_hex, char *add3_hex,
- char *output_hex )
+void hmac_drbg_nopr( int md_alg, data_t * entropy, data_t * custom,
+ data_t * add1, data_t * add2, data_t * add3,
+ data_t * output )
{
- unsigned char entropy[512];
- unsigned char custom[512];
- unsigned char add1[512];
- unsigned char add2[512];
- unsigned char add3[512];
- unsigned char output[512];
unsigned char my_output[512];
- size_t custom_len, add1_len, add2_len, add3_len, out_len;
entropy_ctx p_entropy;
const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx;
mbedtls_hmac_drbg_init( &ctx );
- memset( my_output, 0, sizeof my_output );
- custom_len = unhexify( custom, custom_hex );
- add1_len = unhexify( add1, add1_hex );
- add2_len = unhexify( add2, add2_hex );
- add3_len = unhexify( add3, add3_hex );
- out_len = unhexify( output, output_hex );
- p_entropy.len = unhexify( entropy, entropy_hex );
- p_entropy.p = entropy;
+ p_entropy.p = entropy->x;
+ p_entropy.len = entropy->len;
md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL );
TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &p_entropy,
- custom, custom_len ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_reseed( &ctx, add1, add1_len ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
- add2, add2_len ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
- add3, add3_len ) == 0 );
+ custom->x, custom->len ) == 0 );
+ TEST_ASSERT( mbedtls_hmac_drbg_reseed( &ctx, add1->x, add1->len ) == 0 );
+ TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
+ add2->x, add2->len ) == 0 );
+ TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
+ add3->x, add3->len ) == 0 );
- TEST_ASSERT( memcmp( my_output, output, out_len ) == 0 );
+ TEST_ASSERT( memcmp( my_output, output->x, output->len ) == 0 );
exit:
mbedtls_hmac_drbg_free( &ctx );
@@ -267,44 +242,31 @@
/* END_CASE */
/* BEGIN_CASE */
-void hmac_drbg_pr( int md_alg,
- char *entropy_hex, char *custom_hex,
- char *add1_hex, char *add2_hex,
- char *output_hex )
+void hmac_drbg_pr( int md_alg, data_t * entropy, data_t * custom,
+ data_t * add1, data_t * add2, data_t * output )
{
- unsigned char entropy[512];
- unsigned char custom[512];
- unsigned char add1[512];
- unsigned char add2[512];
- unsigned char output[512];
unsigned char my_output[512];
- size_t custom_len, add1_len, add2_len, out_len;
entropy_ctx p_entropy;
const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx;
mbedtls_hmac_drbg_init( &ctx );
- memset( my_output, 0, sizeof my_output );
- custom_len = unhexify( custom, custom_hex );
- add1_len = unhexify( add1, add1_hex );
- add2_len = unhexify( add2, add2_hex );
- out_len = unhexify( output, output_hex );
- p_entropy.len = unhexify( entropy, entropy_hex );
- p_entropy.p = entropy;
+ p_entropy.p = entropy->x;
+ p_entropy.len = entropy->len;
md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL );
TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &p_entropy,
- custom, custom_len ) == 0 );
+ custom->x, custom->len ) == 0 );
mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
- add1, add1_len ) == 0 );
- TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
- add2, add2_len ) == 0 );
+ TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
+ add1->x, add1->len ) == 0 );
+ TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
+ add2->x, add2->len ) == 0 );
- TEST_ASSERT( memcmp( my_output, output, out_len ) == 0 );
+ TEST_ASSERT( memcmp( my_output, output->x, output->len ) == 0 );
exit:
mbedtls_hmac_drbg_free( &ctx );
@@ -312,7 +274,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void hmac_drbg_selftest( )
+void hmac_drbg_selftest( )
{
TEST_ASSERT( mbedtls_hmac_drbg_self_test( 1 ) == 0 );
}
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index 6ac834e..11cf88a 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -8,7 +8,7 @@
*/
/* BEGIN_CASE */
-void mbedtls_md_process( )
+void mbedtls_md_process( )
{
const int *md_type_ptr;
const mbedtls_md_info_t *info;
@@ -40,7 +40,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void md_null_args( )
+void md_null_args( )
{
mbedtls_md_context_t ctx;
const mbedtls_md_info_t *info = mbedtls_md_info_from_type( *( mbedtls_md_list() ) );
@@ -103,7 +103,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void md_info( int md_type, char *md_name, int md_size )
+void md_info( int md_type, char * md_name, int md_size )
{
const mbedtls_md_info_t *md_info;
const int *md_type_ptr;
@@ -126,17 +126,16 @@
/* END_CASE */
/* BEGIN_CASE */
-void md_text( char *text_md_name, char *text_src_string, char *hex_hash_string )
+void md_text( char * text_md_name, char * text_src_string,
+ data_t * hex_hash_string )
{
char md_name[100];
unsigned char src_str[1000];
- unsigned char hash_str[1000];
unsigned char output[100];
const mbedtls_md_info_t *md_info = NULL;
memset( md_name, 0x00, 100 );
memset( src_str, 0x00, 1000 );
- memset( hash_str, 0x00, 1000 );
memset( output, 0x00, 100 );
strncpy( (char *) src_str, text_src_string, sizeof( src_str ) - 1 );
@@ -145,47 +144,40 @@
TEST_ASSERT( md_info != NULL );
TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, strlen( (char *) src_str ), output ) );
- hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
- TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE */
-void md_hex( char *text_md_name, char *hex_src_string, char *hex_hash_string )
+void md_hex( char * text_md_name, data_t * src_str,
+ data_t * hex_hash_string )
{
char md_name[100];
- unsigned char src_str[10000];
- unsigned char hash_str[10000];
unsigned char output[100];
- int src_len;
const mbedtls_md_info_t *md_info = NULL;
memset( md_name, 0x00, 100 );
- memset( src_str, 0x00, 10000 );
- memset( hash_str, 0x00, 10000 );
memset( output, 0x00, 100 );
strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 );
md_info = mbedtls_md_info_from_string( md_name );
TEST_ASSERT( md_info != NULL );
- src_len = unhexify( src_str, hex_src_string );
- TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, src_len, output ) );
+ TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str->x, src_str->len, output ) );
- hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
- TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x,
+ mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE */
-void md_text_multi( char *text_md_name, char *text_src_string,
- char *hex_hash_string )
+void md_text_multi( char * text_md_name, char * text_src_string,
+ data_t * hex_hash_string )
{
char md_name[100];
unsigned char src_str[1000];
- unsigned char hash_str[1000];
unsigned char output[100];
int halfway, len;
@@ -197,7 +189,6 @@
memset( md_name, 0x00, 100 );
memset( src_str, 0x00, 1000 );
- memset( hash_str, 0x00, 1000 );
memset( output, 0x00, 100 );
strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
@@ -217,17 +208,15 @@
TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) );
- hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
- TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x,
+ mbedtls_md_get_size( md_info ), hex_hash_string->len) == 0 );
/* Test clone */
- memset( hash_str, 0x00, 1000 );
memset( output, 0x00, 100 );
TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) );
- hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
- TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
exit:
mbedtls_md_free( &ctx );
@@ -236,23 +225,19 @@
/* END_CASE */
/* BEGIN_CASE */
-void md_hex_multi( char *text_md_name, char *hex_src_string,
- char *hex_hash_string )
+void md_hex_multi( char * text_md_name, data_t * src_str,
+ data_t * hex_hash_string )
{
char md_name[100];
- unsigned char src_str[10000];
- unsigned char hash_str[10000];
unsigned char output[100];
- int src_len, halfway;
const mbedtls_md_info_t *md_info = NULL;
mbedtls_md_context_t ctx, ctx_copy;
+ int halfway;
mbedtls_md_init( &ctx );
mbedtls_md_init( &ctx_copy );
memset( md_name, 0x00, 100 );
- memset( src_str, 0x00, 10000 );
- memset( hash_str, 0x00, 10000 );
memset( output, 0x00, 100 );
strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 );
@@ -261,27 +246,23 @@
TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 0 ) );
TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx_copy, md_info, 0 ) );
- src_len = unhexify( src_str, hex_src_string );
- halfway = src_len / 2;
+ halfway = src_str->len / 2;
TEST_ASSERT ( 0 == mbedtls_md_starts( &ctx ) );
TEST_ASSERT ( ctx.md_ctx != NULL );
- TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str, halfway ) );
+ TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str->x, halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_clone( &ctx_copy, &ctx ) );
- TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, src_len - halfway) );
+ TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str->x + halfway, src_str->len - halfway) );
TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) );
- hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
- TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
/* Test clone */
- memset( hash_str, 0x00, 10000 );
memset( output, 0x00, 100 );
- TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, src_len - halfway ) );
+ TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str->x + halfway, src_str->len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) );
- hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
- TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
exit:
mbedtls_md_free( &ctx );
@@ -290,56 +271,41 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_md_hmac( char *text_md_name, int trunc_size, char *hex_key_string,
- char *hex_src_string, char *hex_hash_string )
+void mbedtls_md_hmac( char * text_md_name, int trunc_size,
+ data_t * key_str, data_t * src_str,
+ data_t * hex_hash_string )
{
char md_name[100];
- unsigned char src_str[10000];
- unsigned char key_str[10000];
- unsigned char hash_str[10000];
unsigned char output[100];
- int key_len, src_len;
const mbedtls_md_info_t *md_info = NULL;
memset( md_name, 0x00, 100 );
- memset( src_str, 0x00, 10000 );
- memset( key_str, 0x00, 10000 );
- memset( hash_str, 0x00, 10000 );
memset( output, 0x00, 100 );
strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 );
md_info = mbedtls_md_info_from_string( md_name );
TEST_ASSERT( md_info != NULL );
- key_len = unhexify( key_str, hex_key_string );
- src_len = unhexify( src_str, hex_src_string );
- TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str, key_len, src_str, src_len, output ) == 0 );
- hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
+ TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str->x, key_str->len, src_str->x, src_str->len, output ) == 0 );
- TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE */
-void md_hmac_multi( char *text_md_name, int trunc_size, char *hex_key_string,
- char *hex_src_string, char *hex_hash_string )
+void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str,
+ data_t * src_str, data_t * hex_hash_string )
{
char md_name[100];
- unsigned char src_str[10000];
- unsigned char key_str[10000];
- unsigned char hash_str[10000];
unsigned char output[100];
- int key_len, src_len, halfway;
const mbedtls_md_info_t *md_info = NULL;
mbedtls_md_context_t ctx;
+ int halfway;
mbedtls_md_init( &ctx );
memset( md_name, 0x00, 100 );
- memset( src_str, 0x00, 10000 );
- memset( key_str, 0x00, 10000 );
- memset( hash_str, 0x00, 10000 );
memset( output, 0x00, 100 );
strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 );
@@ -347,30 +313,25 @@
TEST_ASSERT( md_info != NULL );
TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 1 ) );
- key_len = unhexify( key_str, hex_key_string );
- src_len = unhexify( src_str, hex_src_string );
- halfway = src_len / 2;
+ halfway = src_str->len / 2;
- TEST_ASSERT ( 0 == mbedtls_md_hmac_starts( &ctx, key_str, key_len ) );
+ TEST_ASSERT ( 0 == mbedtls_md_hmac_starts( &ctx, key_str->x, key_str->len ) );
TEST_ASSERT ( ctx.md_ctx != NULL );
- TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str, halfway ) );
- TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str + halfway, src_len - halfway ) );
+ TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x, halfway ) );
+ TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) );
- hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
- TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 );
/* Test again, for reset() */
- memset( hash_str, 0x00, 10000 );
memset( output, 0x00, 100 );
TEST_ASSERT ( 0 == mbedtls_md_hmac_reset( &ctx ) );
- TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str, halfway ) );
- TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str + halfway, src_len - halfway ) );
+ TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x, halfway ) );
+ TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) );
- hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
- TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 );
exit:
mbedtls_md_free( &ctx );
@@ -378,15 +339,14 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void mbedtls_md_file( char *text_md_name, char *filename, char *hex_hash_string )
+void mbedtls_md_file( char * text_md_name, char * filename,
+ data_t * hex_hash_string )
{
char md_name[100];
- unsigned char hash_str[1000];
unsigned char output[100];
const mbedtls_md_info_t *md_info = NULL;
memset( md_name, 0x00, 100 );
- memset( hash_str, 0x00, 1000 );
memset( output, 0x00, 100 );
strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 );
@@ -394,8 +354,7 @@
TEST_ASSERT( md_info != NULL );
TEST_ASSERT( mbedtls_md_file( md_info, filename, output ) == 0 );
- hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
- TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function
index 648a9cc..02004ef 100644
--- a/tests/suites/test_suite_mdx.function
+++ b/tests/suites/test_suite_mdx.function
@@ -6,116 +6,104 @@
/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_MD2_C */
-void md2_text( char *text_src_string, char *hex_hash_string )
+void md2_text( char * text_src_string, data_t * hex_hash_string )
{
int ret;
unsigned char src_str[100];
- unsigned char hash_str[33];
unsigned char output[16];
memset( src_str, 0x00, sizeof src_str );
- memset( hash_str, 0x00, sizeof hash_str );
memset( output, 0x00, sizeof output );
strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 ) ;
- hexify( hash_str, output, sizeof output );
- TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MD4_C */
-void md4_text( char *text_src_string, char *hex_hash_string )
+void md4_text( char * text_src_string, data_t * hex_hash_string )
{
int ret;
unsigned char src_str[100];
- unsigned char hash_str[33];
unsigned char output[16];
memset( src_str, 0x00, sizeof src_str );
- memset( hash_str, 0x00, sizeof hash_str );
memset( output, 0x00, sizeof output );
strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 );
- hexify( hash_str, output, sizeof output );
- TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MD5_C */
-void md5_text( char *text_src_string, char *hex_hash_string )
+void md5_text( char * text_src_string, data_t * hex_hash_string )
{
int ret;
unsigned char src_str[100];
- unsigned char hash_str[33];
unsigned char output[16];
memset( src_str, 0x00, sizeof src_str );
- memset( hash_str, 0x00, sizeof hash_str );
memset( output, 0x00, sizeof output );
strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 );
- hexify( hash_str, output, sizeof output );
- TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RIPEMD160_C */
-void ripemd160_text( char *text_src_string, char *hex_hash_string )
+void ripemd160_text( char * text_src_string, data_t * hex_hash_string )
{
int ret;
unsigned char src_str[100];
- unsigned char hash_str[41];
unsigned char output[20];
memset(src_str, 0x00, sizeof src_str);
- memset(hash_str, 0x00, sizeof hash_str);
memset(output, 0x00, sizeof output);
strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 );
- hexify( hash_str, output, sizeof output );
- TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MD2_C:MBEDTLS_SELF_TEST */
-void md2_selftest()
+void md2_selftest( )
{
TEST_ASSERT( mbedtls_md2_self_test( 1 ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MD4_C:MBEDTLS_SELF_TEST */
-void md4_selftest()
+void md4_selftest( )
{
TEST_ASSERT( mbedtls_md4_self_test( 1 ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MD5_C:MBEDTLS_SELF_TEST */
-void md5_selftest()
+void md5_selftest( )
{
TEST_ASSERT( mbedtls_md5_self_test( 1 ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RIPEMD160_C:MBEDTLS_SELF_TEST */
-void ripemd160_selftest()
+void ripemd160_selftest( )
{
TEST_ASSERT( mbedtls_ripemd160_self_test( 1 ) == 0 );
}
diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function
index 09684c1..bc03436 100644
--- a/tests/suites/test_suite_memory_buffer_alloc.function
+++ b/tests/suites/test_suite_memory_buffer_alloc.function
@@ -23,7 +23,7 @@
/* END_SUITE_HELPERS */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void mbedtls_memory_buffer_alloc_self_test( )
+void mbedtls_memory_buffer_alloc_self_test( )
{
TEST_ASSERT( mbedtls_memory_buffer_alloc_self_test( 1 ) == 0 );
}
@@ -31,10 +31,9 @@
/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
void memory_buffer_alloc_free_alloc( int a_bytes, int b_bytes, int c_bytes,
- int d_bytes,
- int free_a, int free_b, int free_c,
- int free_d,
- int e_bytes, int f_bytes )
+ int d_bytes, int free_a, int free_b,
+ int free_c, int free_d, int e_bytes,
+ int f_bytes )
{
unsigned char buf[1024];
unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL, *ptr_d = NULL,
@@ -190,7 +189,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
-void memory_buffer_alloc_oom_test()
+void memory_buffer_alloc_oom_test( )
{
unsigned char buf[1024];
unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL;
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index c450088..3eebcff 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -1,3 +1,9 @@
+MPI - Valid parameters
+mpi_valid_param:
+
+MPI - Invalid parameters
+mpi_invalid_param:
+
Arguments with no value
mpi_null:
@@ -19,6 +25,9 @@
Base test mpi_read_write_string #3 (Negative decimal)
mpi_read_write_string:16:"-23":16:"-23":100:0:0
+Base test mpi_read_write_string #4 (Buffer just fits)
+mpi_read_write_string:16:"-4":4:"-10":4:0:0
+
Test mpi_read_write_string #1 (Invalid character)
mpi_read_write_string:10:"a28":0:"":100:MBEDTLS_ERR_MPI_INVALID_CHARACTER:0
@@ -52,6 +61,9 @@
Base test mbedtls_mpi_read_binary #1
mbedtls_mpi_read_binary:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924"
+Base test mbedtls_mpi_read_binary_le #1
+mbedtls_mpi_read_binary_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":10:"219946662473865722255717126709915431768051735954189829340600976826409773245337023925691629251672268961177825243440202069039100741562168093042339401187848509859789949044607421190014088260008793380554914226244485299326152319899746569"
+
Base test mbedtls_mpi_write_binary #1
mbedtls_mpi_write_binary:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":200:0
@@ -59,7 +71,16 @@
mbedtls_mpi_write_binary:16:"123123123123123123123123123":"0123123123123123123123123123":14:0
Test mbedtls_mpi_write_binary #2 (Buffer too small)
-mbedtls_mpi_write_binary:16:"123123123123123123123123123":"123123123123123123123123123":13:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+mbedtls_mpi_write_binary:16:"123123123123123123123123123":"23123123123123123123123123":13:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+
+Base test mbedtls_mpi_write_binary_le #1
+mbedtls_mpi_write_binary_le:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":"24448b952fbbef93f89286ba330e62528b151eac265cc8ce3038519d09e148af89288e91f48b41acad55d9dc5e2b18097c106be4ce132721bf6359eaf403e7ff90623e8866ee5c192320418daa682f144adedf84f25de11f49d1fe009d374109":200:0
+
+Test mbedtls_mpi_write_binary_le #1 (Buffer just fits)
+mbedtls_mpi_write_binary_le:16:"123123123123123123123123123":"2331122331122331122331122301":14:0
+
+Test mbedtls_mpi_write_binary_le #2 (Buffer too small)
+mbedtls_mpi_write_binary_le:16:"123123123123123123123123123":"23311223311223311223311223":13:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
Base test mbedtls_mpi_read_file #1
mbedtls_mpi_read_file:10:"data_files/mpi_10":"01f55332c3a48b910f9942f6c914e58bef37a47ee45cb164a5b6b8d1006bf59a059c21449939ebebfdf517d2e1dbac88010d7b1f141e997bd6801ddaec9d05910f4f2de2b2c4d714e2c14a72fc7f17aa428d59c531627f09":0
@@ -680,6 +701,14 @@
depends_on:MBEDTLS_GENPRIME
mbedtls_mpi_is_prime:10:"49979687":0
+Test mbedtls_mpi_is_prime_det (4 non-witnesses)
+depends_on:MBEDTLS_GENPRIME
+mbedtls_mpi_is_prime_det:"043BD64BA10B11DA83FBD296B04BCA9E0552FAF6E09CAC74E2D7E735ED0DB09FC47ED76145644203EE0C826013BC602F560BCDAAED557D04683859A65D659FF828A245A2C5B1AC41E01E4669A525A45E23AF":"040EA852F7935ACCECC0E87B845281F047D10DC9AAFEF990AF9D3D66770DA30B0C5B5E03EEA8C0CB79B936FE0BB8EE5389EC1D34EB16C58AA3F2E11AF084160CDF6400BE1CC179867AB074866952D9F34EE7042D27F960E715A97FCB93F3182247D0A6AE51BD21CC2F6B0651F9E572C5FB86F3137053FA85FD7A51816D69B3A53A5A438C17754836D04E98CA240B901F828332F2D72D88C497DA45F533F99A6E53EDEA6B0424EC8951B048FA9A80134B37D0A67014597934E3CFC52C5A4DD4751ADF8D66FC79E84E2A3148C4B15C17E12CB659390FD275F39A331FFC80EC699BC3F6FAB868E30E9B14575FCDAB6FAED01E00112DD28704177E09C335AD43A696FEA761E8DF3B0663277A5C3637F9060CB5E5654F72E9A6B0F369E660AD4CF7ABF4195493545B367BD55271CD4BB7D9C15D3F508FE8F7409C2126FC8E73B43A67CD4EFB21E9F15DBF040A2A8D5F5ED75CEAC12B595C0051F3EC9D5A58ACE82A9506E64F780E9836728260FFE1BFD73E8A9869E3D46A35A856D3028F7FEAB9F4F1A04449AEDC80017EE1014080D87F0B50C8EF255324CD89F7D039":82:5
+
+Test mbedtls_mpi_is_prime_det (39 non-witnesses)
+depends_on:MBEDTLS_GENPRIME
+mbedtls_mpi_is_prime_det:"155102B67930FBE8858DF6C0642D77D419A7B7968E622CC7500F3E3F2C5168368C50E0083187":"119B3E2C721834D83416239B04447AA18AE0163E61DCAE97054563D79E094A6FA4485BD6A0501445BF57FE9C058926CDB862E04CC1A95D79D61D9AB3466857A53E04F8D7470C9C86649B226A13DDC534E18DFD5C22FAEA317CA4D4960F18457FD6D2FFB5F3273F74C89980DC774590D8D30D1159CA81999ED94A042D67DA68C82616AD46C2C88288A8EBD0B37AC7C152D9522CA4544642AD1210F6B642FEBF43563FA872B0DEFAFC69D0B6570E8FEA9570D0AADCFA9B06CC8BFD62CEDC221541210EEEF9762448C6D49F26AA767A4D66CB168589E0201923015314E6CD4A480E5936E7CF145F73A564C5B782635B3AFC3028E2632C5D3458224A7C9E8BA1876E8F690463C878292D3DC011E9640331E7F7621F2B5E0F6713DD8C9D6767521C4BA880DA8D11C67753C8493D2C4C4F1443147550D0B25B7FAD04EAFA9F8AA60974C1365C8A794CFEECEB4279B1150909A97E5A7A10B5D91186CA5B25A612036631FE73529C8CFAE51E76FB704A772DE5320EFC1212E7A399B1FEBF57D014AF9129DFF5D2C5DFBBEEAC55F360CF6D22FA90B8E2E9AD0C71AB6495A9452A58D653B8CC26128C66B43EFBA6E39AEC5717A1A3C2AE1449FCABAFE1180B159DA55190CD81A3D9E8D798647E11B827F0A057D6DA5AAD78AB5112EE65E10E8B8B369BA24E1B8AD2CD8548C497016C07A143DE1232F8059BE303572456FA92E76A0F23D1340629228B7D27C02D3833A72745B91A3DBEB5E081117A9F19597F00E4277B414FAEA8C8CEB895C37F956A5A22F8D7A10ADA50B22BAB312504904511AA0EFDD4D3BF20ECB17E8A684564FFB5BBD5E22C429F9A75A4FB4AE468FE7612ED53C7A11212E7EF3435CC9CA6E7DB167B8CCE2BECF35F89013F8F876223C77FA81570970858663C6E32B91080AA47F9C90177F51E6FD7747B910C9489C7B6ACB070996198AD9A40A69711274159210A9A12DBAAA4FB4632446066AB70D735DC95F7C2BCE517E88C064D728DE82B1B043DF4AEE0EFF5131120A4E5B9B4180EB6F6B8A0D1491ABDA069058A9966B1A517D8E7B4997DC52A1E698FD79E271153DF1913FE6787A5D99DE69F39C3F22D26DC731CFBB33FF5C267D85D7A3DAE8E1C87E1DB2F1236212EF1942EA756967FB3D07D629E59EA4034D9A9B5E270DD4A31C8A3DFDA99C1094B5537132C196DA2AEAF5253A019B9AF25B5DCB0D4DD75C7C9C353DA9DAABFB23959A5455312E7E1C21268C1BC14E83DCFDF50C27FD3E8B4EDC04C5F3CB5FCFFF2B57151E1B1EE1A6456DC006BC43E1158674AA4CF7D146DE4A57103BE43ED130C8007294ED2418C7A2B769A7D20EBB5A8367A77B313F81BB119B9954305FF160FF83EED7F808EE6D340A5CCC000CF81AA497D315D350CCE4E86A31456B8AA85B677491FC662933DFA55EB5BFF64B8D85430D676A85D1CAFAFF383E68C4E6C22A51063739EC03FC58C36C07C44E54828BE2152B2E9AFB0F179B157D09B64C147B524BB5424BB1914419424D9100D06EDCFC718F4DF3D562E9E16C446663F35273CA7BC5426B868A80C8D415C9A12A1619CDB7CDB5BEBC70313150BDF8C3AB26B809FE62D28E798EF1EF98C410A2DA0A9071F82154AC569078B0E647E2C085D1D907E634453442803D0492D3D0C78CACB762020C0E589C8B0981321EA2771305FD0413F3B2963FCE9A232F6641DB7E12ADC009A032063C41756E5E19E5711DE12711F07AFE7545B4D83F3EFD7BFD0435297C89DF3D4AF96EBE2CE8D64B93E36EA5D7E5A0492151D0CAEE7449A7D35E1A3C83E22C3B35162C073CC3B1CF76FBDEE84270721FC042EAAEB7325110181415E2031CFB7462F15111291CDAC0560FF9F4C7341F2FA261B97CEF348D074AA2EB4DB153FE6B1410519DA4213B611999868F3B867A2B6D758D333C4989DE80782683CA26ECDE373C71524F01B76349CE8A07A5EBECBB42259CF970DDA756EC996B189FEA045FEE45F23D476960913106ECA2510B8517AA75D56FA4152B2BDDC212014E5D07FD964D6EE532F0616DF74E104659955132331FABF2D2AD265E71C93C648A956FA0A3DB21FF103D516527F2DA0E870340B61EE8A8ED913B60605EB5A67B834D0FC90564386012585609870FEF6530B3E3C037B55506F0B5694F6B0FC":38:40
+
Test mbedtls_mpi_gen_prime (Too small)
depends_on:MBEDTLS_GENPRIME
mbedtls_mpi_gen_prime:2:0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
@@ -706,7 +735,19 @@
Test mbedtls_mpi_gen_prime (Safe)
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_gen_prime:128:1:0
+mbedtls_mpi_gen_prime:128:MBEDTLS_MPI_GEN_PRIME_FLAG_DH:0
+
+Test mbedtls_mpi_gen_prime (Safe with lower error rate)
+depends_on:MBEDTLS_GENPRIME
+mbedtls_mpi_gen_prime:128:MBEDTLS_MPI_GEN_PRIME_FLAG_DH | MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR:0
+
+Test mbedtls_mpi_gen_prime standard RSA #1 (lower error rate)
+depends_on:MBEDTLS_GENPRIME
+mbedtls_mpi_gen_prime:1024:MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR:0
+
+Test mbedtls_mpi_gen_prime standard RSA #2 (lower error rate)
+depends_on:MBEDTLS_GENPRIME
+mbedtls_mpi_gen_prime:1536:MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR:0
Test bit getting (Value bit 25)
mbedtls_mpi_get_bit:10:"49979687":25:1
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index 6ae27af..eaae196 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -1,5 +1,48 @@
/* BEGIN_HEADER */
#include "mbedtls/bignum.h"
+
+typedef struct mbedtls_test_mpi_random
+{
+ data_t *data;
+ size_t pos;
+ size_t chunk_len;
+} mbedtls_test_mpi_random;
+
+/*
+ * This function is called by the Miller-Rabin primality test each time it
+ * chooses a random witness. The witnesses (or non-witnesses as provided by the
+ * test) are stored in the data member of the state structure. Each number is in
+ * the format that mbedtls_mpi_read_string understands and is chunk_len long.
+ */
+int mbedtls_test_mpi_miller_rabin_determinizer( void* state,
+ unsigned char* buf,
+ size_t len )
+{
+ mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random*) state;
+
+ if( random == NULL || random->data->x == NULL || buf == NULL )
+ return( -1 );
+
+ if( random->pos + random->chunk_len > random->data->len
+ || random->chunk_len > len )
+ {
+ return( -1 );
+ }
+
+ memset( buf, 0, len );
+
+ /* The witness is written to the end of the buffer, since the buffer is
+ * used as big endian, unsigned binary data in mbedtls_mpi_read_binary.
+ * Writing the witness to the start of the buffer would result in the
+ * buffer being 'witness 000...000', which would be treated as
+ * witness * 2^n for some n. */
+ memcpy( buf + len - random->chunk_len, &random->data->x[random->pos],
+ random->chunk_len );
+
+ random->pos += random->chunk_len;
+
+ return( 0 );
+}
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -8,7 +51,221 @@
*/
/* BEGIN_CASE */
-void mpi_null( )
+void mpi_valid_param( )
+{
+ TEST_VALID_PARAM( mbedtls_mpi_free( NULL ) );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void mpi_invalid_param( )
+{
+ mbedtls_mpi X;
+ const char *s_in = "00101000101010";
+ char s_out[16] = { 0 };
+ unsigned char u_out[16] = { 0 };
+ unsigned char u_in[16] = { 0 };
+ size_t olen;
+ mbedtls_mpi_uint mpi_uint;
+
+ TEST_INVALID_PARAM( mbedtls_mpi_init( NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_grow( NULL, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_copy( NULL, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_copy( &X, NULL ) );
+
+ TEST_INVALID_PARAM( mbedtls_mpi_swap( NULL, &X ) );
+ TEST_INVALID_PARAM( mbedtls_mpi_swap( &X, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_safe_cond_assign( NULL, &X, 0 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_safe_cond_assign( &X, NULL, 0 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_safe_cond_swap( NULL, &X, 0 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_safe_cond_swap( &X, NULL, 0 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_lset( NULL, 42 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_get_bit( NULL, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_set_bit( NULL, 42, 0 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_read_string( NULL, 2, s_in ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_read_string( &X, 2, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_write_string( NULL, 2,
+ s_out, sizeof( s_out ),
+ &olen ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_write_string( &X, 2,
+ NULL, sizeof( s_out ),
+ &olen ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_write_string( &X, 2,
+ s_out, sizeof( s_out ),
+ NULL ) );
+
+#if defined(MBEDTLS_FS_IO)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_read_file( NULL, 2, stdin ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_read_file( &X, 2, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_write_file( "", NULL, 2, NULL ) );
+#endif /* MBEDTLS_FS_IO */
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_read_binary( NULL, u_in,
+ sizeof( u_in ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_read_binary( &X, NULL,
+ sizeof( u_in ) ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_write_binary( NULL, u_out,
+ sizeof( u_out ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_write_binary( &X, NULL,
+ sizeof( u_out ) ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_shift_l( NULL, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_shift_r( NULL, 42 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_cmp_abs( NULL, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_cmp_abs( &X, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_cmp_mpi( NULL, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_cmp_mpi( &X, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_cmp_int( NULL, 42 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_add_abs( NULL, &X, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_add_abs( &X, NULL, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_add_abs( &X, &X, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_sub_abs( NULL, &X, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_sub_abs( &X, NULL, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_sub_abs( &X, &X, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_add_mpi( NULL, &X, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_add_mpi( &X, NULL, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_add_mpi( &X, &X, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_sub_mpi( NULL, &X, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_sub_mpi( &X, NULL, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_sub_mpi( &X, &X, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_add_int( NULL, &X, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_add_int( &X, NULL, 42 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_sub_int( NULL, &X, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_sub_int( &X, NULL, 42 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mul_mpi( NULL, &X, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mul_mpi( &X, NULL, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mul_mpi( &X, &X, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mul_int( NULL, &X, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mul_int( &X, NULL, 42 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_div_mpi( &X, &X, NULL, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_div_mpi( &X, &X, &X, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_div_int( &X, &X, NULL, 42 ) );
+
+ TEST_INVALID_PARAM_RET( 0, mbedtls_mpi_lsb( NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mod_mpi( NULL, &X, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mod_mpi( &X, NULL, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mod_mpi( &X, &X, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mod_int( NULL, &X, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_mod_int( &mpi_uint, NULL, 42 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_exp_mod( NULL, &X, &X, &X, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_exp_mod( &X, NULL, &X, &X, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_exp_mod( &X, &X, NULL, &X, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_exp_mod( &X, &X, &X, NULL, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_fill_random( NULL, 42, rnd_std_rand,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_fill_random( &X, 42, NULL, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_gcd( NULL, &X, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_gcd( &X, NULL, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_gcd( &X, &X, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_inv_mod( NULL, &X, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_inv_mod( &X, NULL, &X ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
+ mbedtls_mpi_inv_mod( &X, &X, NULL ) );
+
+exit:
+ return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mpi_null( )
{
mbedtls_mpi X, Y, Z;
@@ -27,8 +284,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mpi_read_write_string( int radix_X, char *input_X, int radix_A,
- char *input_A, int output_size, int result_read,
+void mpi_read_write_string( int radix_X, char * input_X, int radix_A,
+ char * input_A, int output_size, int result_read,
int result_write )
{
mbedtls_mpi X;
@@ -37,6 +294,8 @@
mbedtls_mpi_init( &X );
+ memset( str, '!', sizeof( str ) );
+
TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read );
if( result_read == 0 )
{
@@ -44,6 +303,7 @@
if( result_write == 0 )
{
TEST_ASSERT( strcasecmp( str, input_A ) == 0 );
+ TEST_ASSERT( str[len] == '!' );
}
}
@@ -53,20 +313,17 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_read_binary( char *input_X, int radix_A, char *input_A )
+void mbedtls_mpi_read_binary( data_t * buf, int radix_A, char * input_A )
{
mbedtls_mpi X;
- unsigned char str[1000];
- unsigned char buf[1000];
+ char str[1000];
size_t len;
- size_t input_len;
mbedtls_mpi_init( &X );
- input_len = unhexify( buf, input_X );
- TEST_ASSERT( mbedtls_mpi_read_binary( &X, buf, input_len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, (char *) str, sizeof( str ), &len ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_binary( &X, buf->x, buf->len ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, sizeof( str ), &len ) == 0 );
TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );
exit:
@@ -75,16 +332,34 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_write_binary( int radix_X, char *input_X, char *input_A,
- int output_size, int result )
+void mbedtls_mpi_read_binary_le( data_t * buf, int radix_A, char * input_A )
{
mbedtls_mpi X;
- unsigned char str[1000];
+ char str[1000];
+ size_t len;
+
+ mbedtls_mpi_init( &X );
+
+
+ TEST_ASSERT( mbedtls_mpi_read_binary_le( &X, buf->x, buf->len ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, sizeof( str ), &len ) == 0 );
+ TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );
+
+exit:
+ mbedtls_mpi_free( &X );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_mpi_write_binary( int radix_X, char * input_X,
+ data_t * input_A, int output_size,
+ int result )
+{
+ mbedtls_mpi X;
unsigned char buf[1000];
size_t buflen;
memset( buf, 0x00, 1000 );
- memset( str, 0x00, 1000 );
mbedtls_mpi_init( &X );
@@ -97,9 +372,39 @@
TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == result );
if( result == 0)
{
- hexify( str, buf, buflen );
- TEST_ASSERT( strcasecmp( (char *) str, input_A ) == 0 );
+ TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 );
+ }
+
+exit:
+ mbedtls_mpi_free( &X );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_mpi_write_binary_le( int radix_X, char * input_X,
+ data_t * input_A, int output_size,
+ int result )
+{
+ mbedtls_mpi X;
+ unsigned char buf[1000];
+ size_t buflen;
+
+ memset( buf, 0x00, 1000 );
+
+ mbedtls_mpi_init( &X );
+
+ TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+
+ buflen = mbedtls_mpi_size( &X );
+ if( buflen > (size_t) output_size )
+ buflen = (size_t) output_size;
+
+ TEST_ASSERT( mbedtls_mpi_write_binary_le( &X, buf, buflen ) == result );
+ if( result == 0)
+ {
+
+ TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 );
}
exit:
@@ -108,18 +413,16 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void mbedtls_mpi_read_file( int radix_X, char *input_file, char *input_A,
- int result )
+void mbedtls_mpi_read_file( int radix_X, char * input_file,
+ data_t * input_A, int result )
{
mbedtls_mpi X;
- unsigned char str[1000];
unsigned char buf[1000];
size_t buflen;
FILE *file;
int ret;
memset( buf, 0x00, 1000 );
- memset( str, 0x00, 1000 );
mbedtls_mpi_init( &X );
@@ -134,9 +437,8 @@
buflen = mbedtls_mpi_size( &X );
TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 );
- hexify( str, buf, buflen );
- TEST_ASSERT( strcasecmp( (char *) str, input_A ) == 0 );
+ TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 );
}
exit:
@@ -145,8 +447,8 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void mbedtls_mpi_write_file( int radix_X, char *input_X, int output_radix,
- char *output_file )
+void mbedtls_mpi_write_file( int radix_X, char * input_X, int output_radix,
+ char * output_file )
{
mbedtls_mpi X, Y;
FILE *file_out, *file_in;
@@ -176,7 +478,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_get_bit( int radix_X, char *input_X, int pos, int val )
+void mbedtls_mpi_get_bit( int radix_X, char * input_X, int pos, int val )
{
mbedtls_mpi X;
mbedtls_mpi_init( &X );
@@ -189,8 +491,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_set_bit( int radix_X, char *input_X, int pos, int val,
- int radix_Y, char *output_Y, int result )
+void mbedtls_mpi_set_bit( int radix_X, char * input_X, int pos, int val,
+ int radix_Y, char * output_Y, int result )
{
mbedtls_mpi X, Y;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
@@ -210,7 +512,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_lsb( int radix_X, char *input_X, int nr_bits )
+void mbedtls_mpi_lsb( int radix_X, char * input_X, int nr_bits )
{
mbedtls_mpi X;
mbedtls_mpi_init( &X );
@@ -224,7 +526,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_bitlen( int radix_X, char *input_X, int nr_bits )
+void mbedtls_mpi_bitlen( int radix_X, char * input_X, int nr_bits )
{
mbedtls_mpi X;
mbedtls_mpi_init( &X );
@@ -238,8 +540,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_gcd( int radix_X, char *input_X, int radix_Y, char *input_Y,
- int radix_A, char *input_A )
+void mbedtls_mpi_gcd( int radix_X, char * input_X, int radix_Y,
+ char * input_Y, int radix_A, char * input_A )
{
mbedtls_mpi A, X, Y, Z;
mbedtls_mpi_init( &A ); mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
@@ -270,8 +572,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_cmp_mpi( int radix_X, char *input_X, int radix_Y, char *input_Y,
- int input_A )
+void mbedtls_mpi_cmp_mpi( int radix_X, char * input_X, int radix_Y,
+ char * input_Y, int input_A )
{
mbedtls_mpi X, Y;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
@@ -286,8 +588,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_cmp_abs( int radix_X, char *input_X, int radix_Y, char *input_Y,
- int input_A )
+void mbedtls_mpi_cmp_abs( int radix_X, char * input_X, int radix_Y,
+ char * input_Y, int input_A )
{
mbedtls_mpi X, Y;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
@@ -354,8 +656,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_safe_cond_assign( int x_sign, char *x_str,
- int y_sign, char *y_str )
+void mbedtls_mpi_safe_cond_assign( int x_sign, char * x_str, int y_sign,
+ char * y_str )
{
mbedtls_mpi X, Y, XX;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &XX );
@@ -378,8 +680,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_safe_cond_swap( int x_sign, char *x_str,
- int y_sign, char *y_str )
+void mbedtls_mpi_safe_cond_swap( int x_sign, char * x_str, int y_sign,
+ char * y_str )
{
mbedtls_mpi X, Y, XX, YY;
@@ -409,7 +711,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_swap( int input_X, int input_Y )
+void mbedtls_mpi_swap( int input_X, int input_Y )
{
mbedtls_mpi X, Y, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &A );
@@ -429,8 +731,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_add_mpi( int radix_X, char *input_X, int radix_Y, char *input_Y,
- int radix_A, char *input_A )
+void mbedtls_mpi_add_mpi( int radix_X, char * input_X, int radix_Y,
+ char * input_Y, int radix_A, char * input_A )
{
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
@@ -447,7 +749,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_add_mpi_inplace( int radix_X, char *input_X, int radix_A, char *input_A )
+void mbedtls_mpi_add_mpi_inplace( int radix_X, char * input_X, int radix_A,
+ char * input_A )
{
mbedtls_mpi X, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
@@ -473,8 +776,8 @@
/* BEGIN_CASE */
-void mbedtls_mpi_add_abs( int radix_X, char *input_X, int radix_Y, char *input_Y,
- int radix_A, char *input_A )
+void mbedtls_mpi_add_abs( int radix_X, char * input_X, int radix_Y,
+ char * input_Y, int radix_A, char * input_A )
{
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
@@ -491,8 +794,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mpi_add_abs_add_first( int radix_X, char *input_X, int radix_Y,
- char *input_Y, int radix_A, char *input_A )
+void mpi_add_abs_add_first( int radix_X, char * input_X, int radix_Y,
+ char * input_Y, int radix_A, char * input_A )
{
mbedtls_mpi X, Y, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &A );
@@ -509,8 +812,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mpi_add_abs_add_second( int radix_X, char *input_X, int radix_Y,
- char *input_Y, int radix_A, char *input_A )
+void mpi_add_abs_add_second( int radix_X, char * input_X, int radix_Y,
+ char * input_Y, int radix_A, char * input_A )
{
mbedtls_mpi X, Y, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &A );
@@ -527,8 +830,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_add_int( int radix_X, char *input_X, int input_Y, int radix_A,
- char *input_A )
+void mbedtls_mpi_add_int( int radix_X, char * input_X, int input_Y,
+ int radix_A, char * input_A )
{
mbedtls_mpi X, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
@@ -544,8 +847,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_sub_mpi( int radix_X, char *input_X, int radix_Y, char *input_Y,
- int radix_A, char *input_A )
+void mbedtls_mpi_sub_mpi( int radix_X, char * input_X, int radix_Y,
+ char * input_Y, int radix_A, char * input_A )
{
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
@@ -562,8 +865,9 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_sub_abs( int radix_X, char *input_X, int radix_Y, char *input_Y,
- int radix_A, char *input_A, int sub_result )
+void mbedtls_mpi_sub_abs( int radix_X, char * input_X, int radix_Y,
+ char * input_Y, int radix_A, char * input_A,
+ int sub_result )
{
mbedtls_mpi X, Y, Z, A;
int res;
@@ -584,8 +888,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_sub_int( int radix_X, char *input_X, int input_Y, int radix_A,
- char *input_A )
+void mbedtls_mpi_sub_int( int radix_X, char * input_X, int input_Y,
+ int radix_A, char * input_A )
{
mbedtls_mpi X, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
@@ -601,8 +905,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_mul_mpi( int radix_X, char *input_X, int radix_Y, char *input_Y,
- int radix_A, char *input_A )
+void mbedtls_mpi_mul_mpi( int radix_X, char * input_X, int radix_Y,
+ char * input_Y, int radix_A, char * input_A )
{
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
@@ -619,8 +923,9 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_mul_int( int radix_X, char *input_X, int input_Y, int radix_A,
- char *input_A, char *result_comparison )
+void mbedtls_mpi_mul_int( int radix_X, char * input_X, int input_Y,
+ int radix_A, char * input_A,
+ char * result_comparison )
{
mbedtls_mpi X, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
@@ -641,9 +946,9 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_div_mpi( int radix_X, char *input_X, int radix_Y, char *input_Y,
- int radix_A, char *input_A, int radix_B, char *input_B,
- int div_result )
+void mbedtls_mpi_div_mpi( int radix_X, char * input_X, int radix_Y,
+ char * input_Y, int radix_A, char * input_A,
+ int radix_B, char * input_B, int div_result )
{
mbedtls_mpi X, Y, Q, R, A, B;
int res;
@@ -669,8 +974,9 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_div_int( int radix_X, char *input_X, int input_Y, int radix_A,
- char *input_A, int radix_B, char *input_B, int div_result )
+void mbedtls_mpi_div_int( int radix_X, char * input_X, int input_Y,
+ int radix_A, char * input_A, int radix_B,
+ char * input_B, int div_result )
{
mbedtls_mpi X, Q, R, A, B;
int res;
@@ -695,8 +1001,9 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_mod_mpi( int radix_X, char *input_X, int radix_Y, char *input_Y,
- int radix_A, char *input_A, int div_result )
+void mbedtls_mpi_mod_mpi( int radix_X, char * input_X, int radix_Y,
+ char * input_Y, int radix_A, char * input_A,
+ int div_result )
{
mbedtls_mpi X, Y, A;
int res;
@@ -718,8 +1025,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_mod_int( int radix_X, char *input_X, int input_Y, int input_A,
- int div_result )
+void mbedtls_mpi_mod_int( int radix_X, char * input_X, int input_Y,
+ int input_A, int div_result )
{
mbedtls_mpi X;
int res;
@@ -740,9 +1047,10 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_exp_mod( int radix_A, char *input_A, int radix_E, char *input_E,
- int radix_N, char *input_N, int radix_RR, char *input_RR,
- int radix_X, char *input_X, int div_result )
+void mbedtls_mpi_exp_mod( int radix_A, char * input_A, int radix_E,
+ char * input_E, int radix_N, char * input_N,
+ int radix_RR, char * input_RR, int radix_X,
+ char * input_X, int div_result )
{
mbedtls_mpi A, E, N, RR, Z, X;
int res;
@@ -771,8 +1079,9 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_inv_mod( int radix_X, char *input_X, int radix_Y, char *input_Y,
- int radix_A, char *input_A, int div_result )
+void mbedtls_mpi_inv_mod( int radix_X, char * input_X, int radix_Y,
+ char * input_Y, int radix_A, char * input_A,
+ int div_result )
{
mbedtls_mpi X, Y, Z, A;
int res;
@@ -794,14 +1103,14 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
-void mbedtls_mpi_is_prime( int radix_X, char *input_X, int div_result )
+void mbedtls_mpi_is_prime( int radix_X, char * input_X, int div_result )
{
mbedtls_mpi X;
int res;
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- res = mbedtls_mpi_is_prime( &X, rnd_std_rand, NULL );
+ res = mbedtls_mpi_is_prime_ext( &X, 40, rnd_std_rand, NULL );
TEST_ASSERT( res == div_result );
exit:
@@ -810,14 +1119,47 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
-void mbedtls_mpi_gen_prime( int bits, int safe, int ref_ret )
+void mbedtls_mpi_is_prime_det( data_t * input_X, data_t * witnesses,
+ int chunk_len, int rounds )
+{
+ mbedtls_mpi X;
+ int res;
+ mbedtls_test_mpi_random rand;
+
+ mbedtls_mpi_init( &X );
+ rand.data = witnesses;
+ rand.pos = 0;
+ rand.chunk_len = chunk_len;
+
+ TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 );
+ res = mbedtls_mpi_is_prime_ext( &X, rounds - 1,
+ mbedtls_test_mpi_miller_rabin_determinizer,
+ &rand );
+ TEST_ASSERT( res == 0 );
+
+ rand.data = witnesses;
+ rand.pos = 0;
+ rand.chunk_len = chunk_len;
+
+ res = mbedtls_mpi_is_prime_ext( &X, rounds,
+ mbedtls_test_mpi_miller_rabin_determinizer,
+ &rand );
+ TEST_ASSERT( res == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
+
+exit:
+ mbedtls_mpi_free( &X );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
+void mbedtls_mpi_gen_prime( int bits, int flags, int ref_ret )
{
mbedtls_mpi X;
int my_ret;
mbedtls_mpi_init( &X );
- my_ret = mbedtls_mpi_gen_prime( &X, bits, safe, rnd_std_rand, NULL );
+ my_ret = mbedtls_mpi_gen_prime( &X, bits, flags, rnd_std_rand, NULL );
TEST_ASSERT( my_ret == ref_ret );
if( ref_ret == 0 )
@@ -827,12 +1169,14 @@
TEST_ASSERT( actual_bits >= (size_t) bits );
TEST_ASSERT( actual_bits <= (size_t) bits + 1 );
- TEST_ASSERT( mbedtls_mpi_is_prime( &X, rnd_std_rand, NULL ) == 0 );
- if( safe )
+ TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, rnd_std_rand, NULL )
+ == 0 );
+ if( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH )
{
/* X = ( X - 1 ) / 2 */
TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_is_prime( &X, rnd_std_rand, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, rnd_std_rand, NULL )
+ == 0 );
}
}
@@ -842,8 +1186,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_shift_l( int radix_X, char *input_X, int shift_X, int radix_A,
- char *input_A)
+void mbedtls_mpi_shift_l( int radix_X, char * input_X, int shift_X,
+ int radix_A, char * input_A )
{
mbedtls_mpi X, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
@@ -859,8 +1203,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_shift_r( int radix_X, char *input_X, int shift_X, int radix_A,
- char *input_A )
+void mbedtls_mpi_shift_r( int radix_X, char * input_X, int shift_X,
+ int radix_A, char * input_A )
{
mbedtls_mpi X, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
@@ -876,7 +1220,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void mpi_selftest()
+void mpi_selftest( )
{
TEST_ASSERT( mbedtls_mpi_self_test( 1 ) == 0 );
}
diff --git a/tests/suites/test_suite_nist_kw.data b/tests/suites/test_suite_nist_kw.data
index eee4574..4462558 100644
--- a/tests/suites/test_suite_nist_kw.data
+++ b/tests/suites/test_suite_nist_kw.data
@@ -69,6 +69,27 @@
NIST KW lengths #16 KWP unwrapping output buffer too short
nist_kw_ciphertext_lengths:24:12:MBEDTLS_KW_MODE_KWP:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+NIST KW lengths #17 KW plaintext NULL (2 to 2^54 - 1 semiblocks)
+nist_kw_plaintext_lengths:0:8:MBEDTLS_KW_MODE_KW:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #18 KW wrapping output NULL
+nist_kw_plaintext_lengths:8:0:MBEDTLS_KW_MODE_KW:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #19 KWP wrapping output NULL
+nist_kw_plaintext_lengths:8:0:MBEDTLS_KW_MODE_KWP:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #20 KW ciphertext NULL
+nist_kw_ciphertext_lengths:0:8:MBEDTLS_KW_MODE_KW:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #21 KWP ciphertext NULL
+nist_kw_ciphertext_lengths:0:8:MBEDTLS_KW_MODE_KWP:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #15 KW unwrapping output NULL
+nist_kw_ciphertext_lengths:32:0:MBEDTLS_KW_MODE_KW:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #16 KWP unwrapping output NULL
+nist_kw_ciphertext_lengths:24:0:MBEDTLS_KW_MODE_KWP:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
NIST KW wrap AES-128 CAVS 17.4 PLAINTEXT LENGTH = 128 count 7
depends_on:MBEDTLS_AES_C
mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"095e293f31e317ba6861114b95c90792":"64349d506ae85ecd84459c7a5c423f55":"97de4425572274bd7fb2d6688d5afd4454d992348d42a643"
diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function
index eb67c03..f1acde9 100644
--- a/tests/suites/test_suite_nist_kw.function
+++ b/tests/suites/test_suite_nist_kw.function
@@ -30,7 +30,7 @@
memset( key, 0, sizeof( key ) );
/*
- * 1. Check wrap and unwrap with two seperate contexts
+ * 1. Check wrap and unwrap with two separate contexts
*/
mbedtls_nist_kw_init( &ctx1 );
mbedtls_nist_kw_init( &ctx2 );
@@ -158,19 +158,17 @@
memset( key, 0, sizeof( key ) );
- if (in_len == 0)
- {
- /* mbedtls_calloc can return NULL for zero-length buffers. Make sure we
- * always have a plaintext buffer, even if the length is 0. */
- plaintext = mbedtls_calloc( 1, 1 );
- }
- else
+ if( in_len != 0 )
{
plaintext = mbedtls_calloc( 1, in_len );
+ TEST_ASSERT( plaintext != NULL );
}
- TEST_ASSERT( plaintext != NULL );
- ciphertext = mbedtls_calloc( 1, output_len );
- TEST_ASSERT( ciphertext != NULL );
+
+ if( out_len != 0 )
+ {
+ ciphertext = mbedtls_calloc( 1, output_len );
+ TEST_ASSERT( ciphertext != NULL );
+ }
memset( plaintext, 0, in_len );
memset( ciphertext, 0, output_len );
@@ -216,10 +214,16 @@
memset( key, 0, sizeof( key ) );
- plaintext = mbedtls_calloc( 1, output_len );
- TEST_ASSERT( plaintext != NULL );
- ciphertext = mbedtls_calloc( 1, in_len );
- TEST_ASSERT( ciphertext != NULL );
+ if( out_len != 0 )
+ {
+ plaintext = mbedtls_calloc( 1, output_len );
+ TEST_ASSERT( plaintext != NULL );
+ }
+ if( in_len != 0 )
+ {
+ ciphertext = mbedtls_calloc( 1, in_len );
+ TEST_ASSERT( ciphertext != NULL );
+ }
memset( plaintext, 0, output_len );
memset( ciphertext, 0, in_len );
diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data
new file mode 100644
index 0000000..3261935
--- /dev/null
+++ b/tests/suites/test_suite_oid.data
@@ -0,0 +1,91 @@
+OID get Any Policy certificate policy
+oid_get_certificate_policies:"551D2000":"Any Policy"
+
+OID get certificate policy invalid oid
+oid_get_certificate_policies:"5533445566":""
+
+OID get certificate policy wrong oid - id-ce-authorityKeyIdentifier
+oid_get_certificate_policies:"551D23":""
+
+OID get Ext Key Usage - id-kp-serverAuth
+oid_get_extended_key_usage:"2B06010505070301":"TLS Web Server Authentication"
+
+OID get Ext Key Usage - id-kp-clientAuth
+oid_get_extended_key_usage:"2B06010505070302":"TLS Web Client Authentication"
+
+OID get Ext Key Usage - id-kp-codeSigning
+oid_get_extended_key_usage:"2B06010505070303":"Code Signing"
+
+OID get Ext Key Usage - id-kp-emailProtection
+oid_get_extended_key_usage:"2B06010505070304":"E-mail Protection"
+
+OID get Ext Key Usage - id-kp-timeStamping
+oid_get_extended_key_usage:"2B06010505070308":"Time Stamping"
+
+OID get Ext Key Usage - id-kp-OCSPSigning
+oid_get_extended_key_usage:"2B06010505070309":"OCSP Signing"
+
+OID get Ext Key Usage - id-kp-wisun-fan-device
+oid_get_extended_key_usage:"2B0601040182E42501":"Wi-SUN Alliance Field Area Network (FAN)"
+
+OID get Ext Key Usage invalid oid
+oid_get_extended_key_usage:"5533445566":""
+
+OID get Ext Key Usage wrong oid - id-ce-authorityKeyIdentifier
+oid_get_extended_key_usage:"551D23":""
+
+OID get x509 extension - id-ce-basicConstraints
+oid_get_x509_extension:"551D13":MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS
+
+OID get x509 extension - id-ce-keyUsage
+oid_get_x509_extension:"551D0F":MBEDTLS_OID_X509_EXT_KEY_USAGE
+
+OID get x509 extension - id-ce-extKeyUsage
+oid_get_x509_extension:"551D25":MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
+
+OID get x509 extension - id-ce-subjectAltName
+oid_get_x509_extension:"551D11":MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME
+
+OID get x509 extension - id-netscape-certtype
+oid_get_x509_extension:"6086480186F8420101":MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
+
+OID get x509 extension - id-ce-certificatePolicies
+oid_get_x509_extension:"551D20":MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
+
+OID get x509 extension - invalid oid
+oid_get_x509_extension:"5533445566":0
+
+OID get x509 extension - wrong oid - id-ce
+oid_get_x509_extension:"551D":0
+
+OID hash id - id-md5
+depends_on:MBEDTLS_MD5_C
+oid_get_md_alg_id:"2A864886f70d0205":MBEDTLS_MD_MD5
+
+OID hash id - id-sha1
+depends_on:MBEDTLS_SHA1_C
+oid_get_md_alg_id:"2b0e03021a":MBEDTLS_MD_SHA1
+
+OID hash id - id-sha224
+depends_on:MBEDTLS_SHA256_C
+oid_get_md_alg_id:"608648016503040204":MBEDTLS_MD_SHA224
+
+OID hash id - id-sha256
+depends_on:MBEDTLS_SHA256_C
+oid_get_md_alg_id:"608648016503040201":MBEDTLS_MD_SHA256
+
+OID hash id - id-sha384
+depends_on:MBEDTLS_SHA512_C
+oid_get_md_alg_id:"608648016503040202":MBEDTLS_MD_SHA384
+
+OID hash id - id-sha512
+depends_on:MBEDTLS_SHA512_C
+oid_get_md_alg_id:"608648016503040203":MBEDTLS_MD_SHA512
+
+OID hash id - id-ripemd160
+depends_on:MBEDTLS_RIPEMD160_C
+oid_get_md_alg_id:"2b24030201":MBEDTLS_MD_RIPEMD160
+
+OID hash id - invalid oid
+oid_get_md_alg_id:"2B864886f70d0204":-1
+
diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function
new file mode 100644
index 0000000..9e8d437
--- /dev/null
+++ b/tests/suites/test_suite_oid.function
@@ -0,0 +1,109 @@
+/* BEGIN_HEADER */
+#include "mbedtls/oid.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/asn1write.h"
+#include "string.h"
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_OID_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void oid_get_certificate_policies( data_t *oid, char *result_str )
+{
+ mbedtls_asn1_buf asn1_buf = { 0, 0, NULL };
+ int ret;
+ const char *desc;
+
+ asn1_buf.tag = MBEDTLS_ASN1_OID;
+ asn1_buf.p = oid->x;
+ asn1_buf.len = oid->len;
+
+ ret = mbedtls_oid_get_certificate_policies( &asn1_buf, &desc );
+ if( strlen( result_str ) == 0 )
+ {
+ TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND );
+ }
+ else
+ {
+ TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( strcmp( ( char* )desc, result_str ) == 0 );
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void oid_get_extended_key_usage( data_t *oid, char *result_str )
+{
+ mbedtls_asn1_buf asn1_buf = { 0, 0, NULL };
+ int ret;
+ const char *desc;
+
+ asn1_buf.tag = MBEDTLS_ASN1_OID;
+ asn1_buf.p = oid->x;
+ asn1_buf.len = oid->len;
+
+ ret = mbedtls_oid_get_extended_key_usage( &asn1_buf, &desc );
+ if( strlen( result_str ) == 0 )
+ {
+ TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND );
+ }
+ else
+ {
+ TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( strcmp( ( char * )desc, result_str ) == 0 );
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void oid_get_x509_extension( data_t *oid, int exp_type )
+{
+ mbedtls_asn1_buf ext_oid = { 0, 0, NULL };
+ int ret;
+ int ext_type;
+
+ ext_oid.tag = MBEDTLS_ASN1_OID;
+ ext_oid.p = oid->x;
+ ext_oid.len = oid->len;
+
+ ret = mbedtls_oid_get_x509_ext_type( &ext_oid, &ext_type );
+ if( exp_type == 0 )
+ {
+ TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND );
+ }
+ else
+ {
+ TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( ext_type == exp_type );
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void oid_get_md_alg_id( data_t *oid, int exp_md_id )
+{
+ mbedtls_asn1_buf md_oid = { 0, 0, NULL };
+ int ret;
+ mbedtls_md_type_t md_id = 0;
+
+ md_oid.tag = MBEDTLS_ASN1_OID;
+ md_oid.p = oid->x;
+ md_oid.len = oid->len;
+
+ ret = mbedtls_oid_get_md_alg( &md_oid, &md_id );
+
+ if( exp_md_id < 0 )
+ {
+ TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND );
+ TEST_ASSERT( md_id == 0);
+ }
+ else
+ {
+ TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( (mbedtls_md_type_t)exp_md_id == md_id );
+ }
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function
index c24595d..947f1fb 100644
--- a/tests/suites/test_suite_pem.function
+++ b/tests/suites/test_suite_pem.function
@@ -6,25 +6,21 @@
/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
-void mbedtls_pem_write_buffer( char *start, char *end, char *buf_str, char *result_str )
+void mbedtls_pem_write_buffer( char * start, char * end, data_t * buf,
+ char * result_str )
{
- unsigned char buf[5000];
unsigned char *check_buf = NULL;
int ret;
- size_t buf_len, olen = 0, olen2 = 0;
+ size_t olen = 0, olen2 = 0;
- memset( buf, 0, sizeof( buf ) );
- buf_len = unhexify( buf, buf_str );
-
- ret = mbedtls_pem_write_buffer( start, end, buf, buf_len, NULL, 0, &olen );
+ ret = mbedtls_pem_write_buffer( start, end, buf->x, buf->len, NULL, 0, &olen );
TEST_ASSERT( ret == MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
check_buf = (unsigned char *) mbedtls_calloc( 1, olen );
TEST_ASSERT( check_buf != NULL );
- memset( check_buf, 0, olen );
- ret = mbedtls_pem_write_buffer( start, end, buf, buf_len, check_buf, olen, &olen2 );
+ ret = mbedtls_pem_write_buffer( start, end, buf->x, buf->len, check_buf, olen, &olen2 );
TEST_ASSERT( olen2 <= olen );
TEST_ASSERT( olen > strlen( (char*) result_str ) );
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index a066bd9..ea5fc4f 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -1,3 +1,13 @@
+PK invalid parameters
+invalid_parameters:
+
+PK valid parameters
+valid_parameters:
+
+PK write valid parameters
+depends_on:MBEDTLS_RSA_C
+valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee82652e15615e89bfb8e84590dbee881652d3f143504796125964876bfd2be046f973beddcf92e1915bed66a06f8929794580d0836ad54143775f397c09044782b0573970eda3ec15191ea8330847c10542a9fd4cc3b4dfdd061f4d1051406773130f40f86d81255f0ab153c6307e1539acf95aee7f929ea6055be7139785b52392d9d42406d50925897507dda61a8f3f0919bead652c64eb959bdcfe415e17a6da6c5b69cc02ba142c16249c4adccdd0f7526773f12da023fd7ef431ca2d70ca890b04db2ea64f706e9ecebd5889e253599e6e5a9265e2883f0c9419a3dde5e89d9513ed29dbab7012dc5aca6b17ab528254b10203010001028201001689f5e89142ae18a6ffb0513715a4b0b4a13b9e5b3729a2bd62d738c6e15cea7bf3a4d85ab2193a0628c9452bb1f0c1af8b132789df1c95e72778bf5330f5b0d915d242d5e0818e85001ed5fa93d1ce13455deb0a15438562e8e3c8d60ec1e4c9ebff9f2b36b9cde9332cc79f0d17a7ae79cc1353cd75409ad9b4b6d7ee3d82af6f3207656cf2ac98947c15c398db0cebf8dc3eef5398269480cdd09411b960273ae3f364da09af849f24aa87346c58618ea91d9d6cd1d3932c80dbfc1f0a4166a9036911999ca27761079f0ce02db02c1c909ff9b4278578d7bb1b54b2b7082fc9e864b6b394e331c0d11a9a68255565b6dd477f4119c5809839520700711102818100d7db987ad86de6a9b0749fb5da80bacde3bebd72dcc83f60a27db74f927ac3661386577bfce5b4a00ad024682401d6aad29713c8e223b53415305ca07559821099b187fdd1bad3dc4dec9da96f5fa6128331e8f7d89f1e1a788698d1a27256dc7cd392f04e531a9e38e7265bf4fd7eec01e7835e9b1a0dd8923e440381be1c2702818100c87025fff7a493c623404966fbc8b32ed164ca620ad1a0ad11ef42fd12118456017856a8b42e5d4ad36104e9dc9f8a2f3003c3957ffddb20e2f4e3fc3cf2cdddae01f57a56de4fd24b91ab6d3e5cc0e8af0473659594a6bbfdaacf958f19c8d508eac12d8977616af6877106288093d37904a139220c1bc278ea56edc086976702818043e708685c7cf5fa9b4f948e1856366d5e1f3a694f9a8e954f884c89f3823ac5798ee12657bfcaba2dac9c47464c6dc2fecc17a531be19da706fee336bb6e47b645dbc71d3eff9856bddeb1ac9b644ffbdd58d7ba9e1240f1faaf797ba8a4d58becbaf85789e1bd979fcfccc209d3db7f0416bc9eef09b3a6d86b8ce8199d4310281804f4b86ccffe49d0d8ace98fb63ea9f708b284ba483d130b6a75cb76cb4e4372d6b41774f20912319420ca4cbfc1b25a8cb5f01d6381f6ebc50ed3ef08010327f5ba2acc1ac7220b3fa6f7399314db2879b0db0b5647abd87abb01295815a5b086491b2c0d81c616ed67ef8a8ce0727f446711d7323d4147b5828a52143c43b4b028180540756beba83c20a0bda11d6dec706a71744ff28090cec079dffb507d82828038fe657f61496a20317f779cb683ce8196c29a6fe28839a282eef4de57773be56808b0c3e2ac7747e2b200b2fbf20b55258cd24622a1ce0099de098ab0855106ae087f08b0c8c346d81619400c1b4838e33ed9ff90f05db8fccf8fb7ab881ca12"
+
PK utils: RSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_utils:MBEDTLS_PK_RSA:512:64:"RSA"
@@ -14,6 +24,9 @@
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_utils:MBEDTLS_PK_ECDSA:192:24:"ECDSA"
+PK PSA utilities: setup/free, info functions, unsupported operations
+pk_psa_utils:
+
RSA verify test vector #1 (good)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15
pk_rsa_verify_test_vec:"206ef4bf396c6087f8229ef196fd35f37ccb8de5efcdb238f20d556668f114257a11fbe038464a67830378e62ae9791453953dac1dbd7921837ba98e84e856eb80ed9487e656d0b20c28c8ba5e35db1abbed83ed1c7720a97701f709e3547a4bfcabca9c89c57ad15c3996577a0ae36d7c7b699035242f37954646c1cd5c08ac":MBEDTLS_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0
@@ -38,6 +51,38 @@
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:"046FDD3028FA94A863CD4F78DBFF8B3AA561FC6D9CCBBCA88E0AE6FA437F5415F957542D0717FF8B84562DAE99872EF841":"546869732073686F756C64206265207468652068617368206F662061206D6573736167652E00":"30350218185B2A7FB5CD9C9A8488B119B68B47D6EC833509CE9FA1FF021900FB7D259A744A2348BD45D241A39DC915B81CC2084100FA25":MBEDTLS_ERR_ECP_VERIFY_FAILED
+EC(DSA) verify test vector: good, bitlen(r) = 256
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"3046022100faecc085c6c5362b91ff1fd6dd77da80bc071bee9ff1ac0ef9509c017f13267c022100a7d0b908c938d3dd6c6a9cdc5b0a4a4ee455c519c1ff6cda959806b7e7461ba0":0
+
+EC(DSA) verify test vector: good, bitlen(r) = 255
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"30450220639f36215b2ff09bb2beb871e122de74c8d5e29ce8a105aa2b95661f42803e72022100becd8f81b2c186f9d5d2c92378d7b9452ce6de231b0c8d17bac2d8537d2331fd":0
+
+EC(DSA) verify test vector: good, bitlen(r) = 248
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"30450220009109f967f9082abc9c46e5ea07936529b82023a1a49b872c046f430983db2602210085f0b1960d61f8d75109b5b7ff991d3171320d2ab547104f864048455a965090":0
+
+EC(DSA) verify test vector: good, bitlen(r) = 247
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"3044021f461786833b50247b07194da6cedbd3caefbcd19c73b6283ccff5097cd0d73b022100d85d20b0b8c3b596eb1cdb0381e681fa0a8bccde4e89c139020af3b0f88e099c":0
+
+EC(DSA) verify test vector: good, bitlen(s) = 256
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"30450220639f36215b2ff09bb2beb871e122de74c8d5e29ce8a105aa2b95661f42803e72022100becd8f81b2c186f9d5d2c92378d7b9452ce6de231b0c8d17bac2d8537d2331fd":0
+
+EC(DSA) verify test vector: good, bitlen(s) = 255
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"304402206ae26950c606d08fe5e1682efdccfb3a7213ca46bd523ffd20c4213fe1400d3402207612106ada7055926167650b257da7f4c42c190b8aa9e3b680f8751fe90c63a5":0
+
+EC(DSA) verify test vector: good, bitlen(s) = 248
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"3045022100fd4d718ab483827492e10b89745fad100d2dd257102b99aff179ee596a569f1f022000a1b777e32a8b4909763b615b805e59194e6196eb05719287a36eb5f17aa485":0
+
+EC(DSA) verify test vector: good, bitlen(s) = 247
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"30430220685a6994daa6a14e4411b5267edc2a00beee907f2dddd956b2a5a1df791c15f8021f675db4538c000c734489ac737fddd5a739c5a23cd6c6eceea70c286ca4fac9":0
+
ECDSA sign-verify
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_sign_verify:MBEDTLS_PK_ECDSA:0:0
@@ -153,3 +198,38 @@
RSA hash_len overflow (size_t vs unsigned int)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAVE_INT64
pk_rsa_overflow:
+
+ECDSA restartable sign/verify: ECDSA, max_ops=0 (disabled)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":0:0:0
+
+ECDSA restartable sign/verify: ECKEY, max_ops=0 (disabled)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":0:0:0
+
+ECDSA restartable sign/verify: ECDSA, max_ops=1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":1:1:10000
+
+ECDSA restartable sign/verify: ECKEY, max_ops=1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":1:1:10000
+
+ECDSA restartable sign/verify: ECDSA, max_ops=10000
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":10000:0:0
+
+ECDSA restartable sign/verify: ECKEY, max_ops=10000
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":10000:0:0
+
+ECDSA restartable sign/verify: ECDSA, max_ops=250
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64
+
+ECDSA restartable sign/verify: ECKEY, max_ops=250
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64
+
+PSA wrapped sign
+pk_psa_sign:
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index c0c987d..d85d9ed 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -2,6 +2,8 @@
#include "mbedtls/pk.h"
/* For error codes */
+#include "mbedtls/asn1.h"
+#include "mbedtls/base64.h"
#include "mbedtls/ecp.h"
#include "mbedtls/rsa.h"
@@ -62,6 +64,45 @@
return( ((const mbedtls_rsa_context *) ctx)->len );
}
#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+#include "mbedtls/psa_util.h"
+
+#define PK_PSA_INVALID_SLOT 0 /* guaranteed invalid */
+
+/*
+ * Generate a key in a free key slot and return this key slot,
+ * or PK_PSA_INVALID_SLOT if no slot was available.
+ * The key uses NIST P-256 and is usable for signing with SHA-256.
+ */
+psa_key_handle_t pk_psa_genkey( void )
+{
+ psa_key_handle_t key;
+
+ const int curve = PSA_ECC_CURVE_SECP256R1;
+ const psa_key_type_t type = PSA_KEY_TYPE_ECC_KEYPAIR(curve);
+ const size_t bits = 256;
+ psa_key_policy_t policy;
+
+ /* Allocate a key slot */
+ if( PSA_SUCCESS != psa_allocate_key( &key ) )
+ return( PK_PSA_INVALID_SLOT );
+
+ /* set up policy on key slot */
+ policy = psa_key_policy_init();
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN,
+ PSA_ALG_ECDSA(PSA_ALG_SHA_256) );
+ if( PSA_SUCCESS != psa_set_key_policy( key, &policy ) )
+ return( PK_PSA_INVALID_SLOT );
+
+ /* generate key */
+ if( PSA_SUCCESS != psa_generate_key( key, type, bits, NULL, 0 ) )
+ return( PK_PSA_INVALID_SLOT );
+
+ return( key );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -69,8 +110,501 @@
* END_DEPENDENCIES
*/
+/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+void pk_psa_utils( )
+{
+ mbedtls_pk_context pk, pk2;
+ psa_key_handle_t key;
+
+ const char * const name = "Opaque";
+ const size_t bitlen = 256; /* harcoded in genkey() */
+
+ mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
+ unsigned char b1[1], b2[1];
+ size_t len;
+ mbedtls_pk_debug_item dbg;
+
+ TEST_ASSERT( psa_crypto_init() == 0 );
+
+ mbedtls_pk_init( &pk );
+ mbedtls_pk_init( &pk2 );
+
+ TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, 0 ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ mbedtls_pk_free( &pk );
+ mbedtls_pk_init( &pk );
+
+ key = pk_psa_genkey();
+ TEST_ASSERT( key != 0 );
+
+ TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 );
+
+ TEST_ASSERT( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_OPAQUE );
+ TEST_ASSERT( strcmp( mbedtls_pk_get_name( &pk), name ) == 0 );
+
+ TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == bitlen );
+ TEST_ASSERT( mbedtls_pk_get_len( &pk ) == bitlen / 8 );
+
+ TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 );
+ TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 );
+ TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 );
+
+ /* unsupported operations: verify, decrypt, encrypt */
+ TEST_ASSERT( mbedtls_pk_verify( &pk, md_alg,
+ b1, sizeof( b1), b2, sizeof( b2 ) )
+ == MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ TEST_ASSERT( mbedtls_pk_decrypt( &pk, b1, sizeof( b1 ),
+ b2, &len, sizeof( b2 ),
+ NULL, NULL )
+ == MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ TEST_ASSERT( mbedtls_pk_encrypt( &pk, b1, sizeof( b1 ),
+ b2, &len, sizeof( b2 ),
+ NULL, NULL )
+ == MBEDTLS_ERR_PK_TYPE_MISMATCH );
+
+ /* unsupported functions: check_pair, debug */
+ TEST_ASSERT( mbedtls_pk_setup( &pk2,
+ mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
+ TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2 )
+ == MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ TEST_ASSERT( mbedtls_pk_debug( &pk, &dbg )
+ == MBEDTLS_ERR_PK_TYPE_MISMATCH );
+
+ /* test that freeing the context does not destroy the key */
+ mbedtls_pk_free( &pk );
+ TEST_ASSERT( PSA_SUCCESS == psa_get_key_information( key, NULL, NULL ) );
+ TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key ) );
+
+exit:
+ mbedtls_pk_free( &pk ); /* redundant except upon error */
+ mbedtls_pk_free( &pk2 );
+}
+/* END_CASE */
+
+
/* BEGIN_CASE */
-void pk_utils( int type, int size, int len, char *name )
+void valid_parameters( )
+{
+ mbedtls_pk_context pk;
+ unsigned char buf[1];
+ size_t len;
+ void *options = NULL;
+
+ mbedtls_pk_init( &pk );
+
+ TEST_VALID_PARAM( mbedtls_pk_free( NULL ) );
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ TEST_VALID_PARAM( mbedtls_pk_restart_free( NULL ) );
+#endif
+
+ TEST_ASSERT( mbedtls_pk_setup( &pk, NULL ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ /* In informational functions, we accept NULL where a context pointer
+ * is expected because that's what the library has done forever.
+ * We do not document that NULL is accepted, so we may wish to change
+ * the behavior in a future version. */
+ TEST_ASSERT( mbedtls_pk_get_bitlen( NULL ) == 0 );
+ TEST_ASSERT( mbedtls_pk_get_len( NULL ) == 0 );
+ TEST_ASSERT( mbedtls_pk_can_do( NULL, MBEDTLS_PK_NONE ) == 0 );
+
+ TEST_ASSERT( mbedtls_pk_sign_restartable( &pk,
+ MBEDTLS_MD_NONE,
+ NULL, 0,
+ buf, &len,
+ rnd_std_rand, NULL,
+ NULL ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ TEST_ASSERT( mbedtls_pk_sign_restartable( &pk,
+ MBEDTLS_MD_NONE,
+ NULL, 0,
+ buf, &len,
+ rnd_std_rand, NULL,
+ NULL ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ TEST_ASSERT( mbedtls_pk_sign( &pk,
+ MBEDTLS_MD_NONE,
+ NULL, 0,
+ buf, &len,
+ rnd_std_rand, NULL ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ TEST_ASSERT( mbedtls_pk_verify_restartable( &pk,
+ MBEDTLS_MD_NONE,
+ NULL, 0,
+ buf, sizeof( buf ),
+ NULL ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ TEST_ASSERT( mbedtls_pk_verify( &pk,
+ MBEDTLS_MD_NONE,
+ NULL, 0,
+ buf, sizeof( buf ) ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
+ &pk,
+ MBEDTLS_MD_NONE,
+ NULL, 0,
+ buf, sizeof( buf ) ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ TEST_ASSERT( mbedtls_pk_encrypt( &pk,
+ NULL, 0,
+ NULL, &len, 0,
+ rnd_std_rand, NULL ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ TEST_ASSERT( mbedtls_pk_decrypt( &pk,
+ NULL, 0,
+ NULL, &len, 0,
+ rnd_std_rand, NULL ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+#if defined(MBEDTLS_PK_PARSE_C)
+ TEST_ASSERT( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1 ) ==
+ MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+
+ TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, NULL, 0 ) ==
+ MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+#endif /* MBEDTLS_PK_PARSE_C */
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C */
+void valid_parameters_pkwrite( data_t *key_data )
+{
+ mbedtls_pk_context pk;
+
+ /* For the write tests to be effective, we need a valid key pair. */
+ mbedtls_pk_init( &pk );
+ TEST_ASSERT( mbedtls_pk_parse_key( &pk,
+ key_data->x, key_data->len,
+ NULL, 0 ) == 0 );
+
+ TEST_ASSERT( mbedtls_pk_write_key_der( &pk, NULL, 0 ) ==
+ MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+ TEST_ASSERT( mbedtls_pk_write_pubkey_der( &pk, NULL, 0 ) ==
+ MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+ TEST_ASSERT( mbedtls_pk_write_key_pem( &pk, NULL, 0 ) ==
+ MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+
+ TEST_ASSERT( mbedtls_pk_write_pubkey_pem( &pk, NULL, 0 ) ==
+ MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+#endif /* MBEDTLS_PEM_WRITE_C */
+
+exit:
+ mbedtls_pk_free( &pk );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void invalid_parameters( )
+{
+ size_t len;
+ unsigned char *null_buf = NULL;
+ unsigned char buf[1];
+ unsigned char *p = buf;
+ char str[1] = {0};
+ mbedtls_pk_context pk;
+ mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
+ void *options = buf;
+
+ (void) null_buf;
+ (void) p;
+ (void) str;
+
+ mbedtls_pk_init( &pk );
+
+ TEST_INVALID_PARAM( mbedtls_pk_init( NULL ) );
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ TEST_INVALID_PARAM( mbedtls_pk_restart_init( NULL ) );
+#endif
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_setup( NULL, NULL ) );
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_setup_rsa_alt( NULL, buf,
+ NULL, NULL, NULL ) );
+#endif
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_restartable( NULL,
+ MBEDTLS_MD_NONE,
+ buf, sizeof( buf ),
+ buf, sizeof( buf ),
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_restartable( &pk,
+ MBEDTLS_MD_NONE,
+ NULL, sizeof( buf ),
+ buf, sizeof( buf ),
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_restartable( &pk,
+ valid_md,
+ NULL, 0,
+ buf, sizeof( buf ),
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_restartable( &pk,
+ MBEDTLS_MD_NONE,
+ buf, sizeof( buf ),
+ NULL, sizeof( buf ),
+ NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify( NULL,
+ MBEDTLS_MD_NONE,
+ buf, sizeof( buf ),
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify( &pk,
+ MBEDTLS_MD_NONE,
+ NULL, sizeof( buf ),
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify( &pk,
+ valid_md,
+ NULL, 0,
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify( &pk,
+ MBEDTLS_MD_NONE,
+ buf, sizeof( buf ),
+ NULL, sizeof( buf ) ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
+ NULL,
+ MBEDTLS_MD_NONE,
+ buf, sizeof( buf ),
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
+ &pk,
+ MBEDTLS_MD_NONE,
+ NULL, sizeof( buf ),
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
+ &pk,
+ valid_md,
+ NULL, 0,
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
+ &pk,
+ MBEDTLS_MD_NONE,
+ buf, sizeof( buf ),
+ NULL, sizeof( buf ) ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign_restartable( NULL,
+ MBEDTLS_MD_NONE,
+ buf, sizeof( buf ),
+ buf, &len,
+ rnd_std_rand, NULL,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign_restartable( &pk,
+ MBEDTLS_MD_NONE,
+ NULL, sizeof( buf ),
+ buf, &len,
+ rnd_std_rand, NULL,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign_restartable( &pk,
+ valid_md,
+ NULL, 0,
+ buf, &len,
+ rnd_std_rand, NULL,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign_restartable( &pk,
+ MBEDTLS_MD_NONE,
+ buf, sizeof( buf ),
+ NULL, &len,
+ rnd_std_rand, NULL,
+ NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign( NULL,
+ MBEDTLS_MD_NONE,
+ buf, sizeof( buf ),
+ buf, &len,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign( &pk,
+ MBEDTLS_MD_NONE,
+ NULL, sizeof( buf ),
+ buf, &len,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign( &pk,
+ valid_md,
+ NULL, 0,
+ buf, &len,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign( &pk,
+ MBEDTLS_MD_NONE,
+ buf, sizeof( buf ),
+ NULL, &len,
+ rnd_std_rand, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_decrypt( NULL,
+ buf, sizeof( buf ),
+ buf, &len, sizeof( buf ),
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_decrypt( &pk,
+ NULL, sizeof( buf ),
+ buf, &len, sizeof( buf ),
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_decrypt( &pk,
+ buf, sizeof( buf ),
+ NULL, &len, sizeof( buf ),
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_decrypt( &pk,
+ buf, sizeof( buf ),
+ buf, NULL, sizeof( buf ),
+ rnd_std_rand, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_encrypt( NULL,
+ buf, sizeof( buf ),
+ buf, &len, sizeof( buf ),
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_encrypt( &pk,
+ NULL, sizeof( buf ),
+ buf, &len, sizeof( buf ),
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_encrypt( &pk,
+ buf, sizeof( buf ),
+ NULL, &len, sizeof( buf ),
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_encrypt( &pk,
+ buf, sizeof( buf ),
+ buf, NULL, sizeof( buf ),
+ rnd_std_rand, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_check_pair( NULL, &pk ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_check_pair( &pk, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_debug( NULL, NULL ) );
+
+#if defined(MBEDTLS_PK_PARSE_C)
+#if defined(MBEDTLS_FS_IO)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_load_file( NULL, &p, &len ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_load_file( str, NULL, &len ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_load_file( str, &p, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_keyfile( NULL, str, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_keyfile( &pk, NULL, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_public_keyfile( NULL, str ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_public_keyfile( &pk, NULL ) );
+#endif
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_subpubkey( NULL, buf, &pk ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_subpubkey( &null_buf, buf, &pk ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_subpubkey( &p, NULL, &pk ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_subpubkey( &p, buf, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_key( NULL,
+ buf, sizeof( buf ),
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_key( &pk,
+ NULL, sizeof( buf ),
+ buf, sizeof( buf ) ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_public_key( NULL,
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_parse_public_key( &pk,
+ NULL, sizeof( buf ) ) );
+#endif /* MBEDTLS_PK_PARSE_C */
+
+#if defined(MBEDTLS_PK_WRITE_C)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_pubkey( NULL, p, &pk ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_pubkey( &null_buf, p, &pk ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_pubkey( &p, NULL, &pk ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_pubkey( &p, p, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_pubkey_der( NULL,
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_pubkey_der( &pk,
+ NULL, sizeof( buf ) ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_key_der( NULL,
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_key_der( &pk,
+ NULL, sizeof( buf ) ) );
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_pubkey_pem( NULL,
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_pubkey_pem( &pk,
+ NULL, sizeof( buf ) ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_key_pem( NULL,
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_write_key_pem( &pk,
+ NULL, sizeof( buf ) ) );
+#endif /* MBEDTLS_PEM_WRITE_C */
+
+#endif /* MBEDTLS_PK_WRITE_C */
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void pk_utils( int type, int size, int len, char * name )
{
mbedtls_pk_context pk;
@@ -91,7 +625,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO */
-void mbedtls_pk_check_pair( char *pub_file, char *prv_file, int ret )
+void mbedtls_pk_check_pair( char * pub_file, char * prv_file, int ret )
{
mbedtls_pk_context pub, prv, alt;
@@ -121,22 +655,27 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_verify_test_vec( char *message_hex_string, int digest,
- int mod, int radix_N, char *input_N, int radix_E,
- char *input_E, char *result_hex_str, int result )
+void pk_rsa_verify_test_vec( data_t * message_str, int digest, int mod,
+ int radix_N, char * input_N, int radix_E,
+ char * input_E, data_t * result_str,
+ int result )
{
- unsigned char message_str[1000];
unsigned char hash_result[1000];
- unsigned char result_str[1000];
mbedtls_rsa_context *rsa;
mbedtls_pk_context pk;
- int msg_len;
+ mbedtls_pk_restart_ctx *rs_ctx = NULL;
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ mbedtls_pk_restart_ctx ctx;
+
+ rs_ctx = &ctx;
+ mbedtls_pk_restart_init( rs_ctx );
+ // this setting would ensure restart would happen if ECC was used
+ mbedtls_ecp_set_max_ops( 1 );
+#endif
mbedtls_pk_init( &pk );
- memset( message_str, 0x00, 1000 );
memset( hash_result, 0x00, 1000 );
- memset( result_str, 0x00, 1000 );
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
rsa = mbedtls_pk_rsa( pk );
@@ -145,42 +684,41 @@
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
- msg_len = unhexify( message_str, message_hex_string );
- unhexify( result_str, result_hex_str );
if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
+ TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
TEST_ASSERT( mbedtls_pk_verify( &pk, digest, hash_result, 0,
- result_str, mbedtls_pk_get_len( &pk ) ) == result );
+ result_str->x, mbedtls_pk_get_len( &pk ) ) == result );
+
+ TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, digest, hash_result, 0,
+ result_str->x, mbedtls_pk_get_len( &pk ), rs_ctx ) == result );
exit:
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ mbedtls_pk_restart_free( rs_ctx );
+#endif
mbedtls_pk_free( &pk );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_verify_ext_test_vec( char *message_hex_string, int digest,
- int mod, int radix_N, char *input_N, int radix_E,
- char *input_E, char *result_hex_str,
- int pk_type, int mgf1_hash_id, int salt_len,
- int result )
+void pk_rsa_verify_ext_test_vec( data_t * message_str, int digest,
+ int mod, int radix_N, char * input_N,
+ int radix_E, char * input_E,
+ data_t * result_str, int pk_type,
+ int mgf1_hash_id, int salt_len, int result )
{
- unsigned char message_str[1000];
unsigned char hash_result[1000];
- unsigned char result_str[1000];
mbedtls_rsa_context *rsa;
mbedtls_pk_context pk;
mbedtls_pk_rsassa_pss_options pss_opts;
void *options;
- int msg_len;
size_t hash_len;
mbedtls_pk_init( &pk );
- memset( message_str, 0x00, 1000 );
memset( hash_result, 0x00, 1000 );
- memset( result_str, 0x00, 1000 );
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
rsa = mbedtls_pk_rsa( pk );
@@ -189,19 +727,17 @@
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
- msg_len = unhexify( message_str, message_hex_string );
- unhexify( result_str, result_hex_str );
if( digest != MBEDTLS_MD_NONE )
{
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
- message_str, msg_len, hash_result ) == 0 );
+ message_str->x, message_str->len, hash_result ) == 0 );
hash_len = 0;
}
else
{
- memcpy( hash_result, message_str, msg_len );
- hash_len = msg_len;
+ memcpy( hash_result, message_str->x, message_str->len );
+ hash_len = message_str->len;
}
if( mgf1_hash_id < 0 )
@@ -218,7 +754,7 @@
TEST_ASSERT( mbedtls_pk_verify_ext( pk_type, options, &pk,
digest, hash_result, hash_len,
- result_str, mbedtls_pk_get_len( &pk ) ) == result );
+ result_str->x, mbedtls_pk_get_len( &pk ) ) == result );
exit:
mbedtls_pk_free( &pk );
@@ -226,19 +762,14 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C */
-void pk_ec_test_vec( int type, int id, char *key_str,
- char *hash_str, char * sig_str, int ret )
+void pk_ec_test_vec( int type, int id, data_t * key, data_t * hash,
+ data_t * sig, int ret )
{
mbedtls_pk_context pk;
mbedtls_ecp_keypair *eckey;
- unsigned char hash[100], sig[500], key[500];
- size_t hash_len, sig_len, key_len;
mbedtls_pk_init( &pk );
- memset( hash, 0, sizeof( hash ) ); hash_len = unhexify(hash, hash_str);
- memset( sig, 0, sizeof( sig ) ); sig_len = unhexify(sig, sig_str);
- memset( key, 0, sizeof( key ) ); key_len = unhexify(key, key_str);
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
@@ -247,22 +778,136 @@
TEST_ASSERT( mbedtls_ecp_group_load( &eckey->grp, id ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_binary( &eckey->grp, &eckey->Q,
- key, key_len ) == 0 );
+ key->x, key->len ) == 0 );
- TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE,
- hash, hash_len, sig, sig_len ) == ret );
+ // MBEDTLS_MD_SHA1 is a dummy - it is ignored, but has to be other than MBEDTLS_MD_NONE.
+ TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA1,
+ hash->x, hash->len, sig->x, sig->len ) == ret );
exit:
mbedtls_pk_free( &pk );
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC */
+void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str,
+ char *QX_str, char *QY_str,
+ int md_alg, char *msg, char *sig_str,
+ int max_ops, int min_restart, int max_restart )
+{
+ int ret, cnt_restart;
+ mbedtls_pk_restart_ctx rs_ctx;
+ mbedtls_pk_context prv, pub;
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+ unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
+ unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN];
+ size_t hlen, slen, slen_check;
+ const mbedtls_md_info_t *md_info;
+
+ mbedtls_pk_restart_init( &rs_ctx );
+ mbedtls_pk_init( &prv );
+ mbedtls_pk_init( &pub );
+ memset( hash, 0, sizeof( hash ) );
+ memset( sig, 0, sizeof( sig ) );
+ memset( sig_check, 0, sizeof( sig_check ) );
+
+ TEST_ASSERT( mbedtls_pk_setup( &prv, mbedtls_pk_info_from_type( pk_type ) ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( prv )->grp, grp_id ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_string( &mbedtls_pk_ec( prv )->d, 16, d_str ) == 0 );
+
+ TEST_ASSERT( mbedtls_pk_setup( &pub, mbedtls_pk_info_from_type( pk_type ) ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_point_read_string( &mbedtls_pk_ec( pub )->Q, 16, QX_str, QY_str ) == 0 );
+
+ slen_check = unhexify( sig_check, sig_str );
+
+ md_info = mbedtls_md_info_from_type( md_alg );
+ TEST_ASSERT( md_info != NULL );
+
+ hlen = mbedtls_md_get_size( md_info );
+ mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash );
+
+ mbedtls_ecp_set_max_ops( max_ops );
+
+ slen = sizeof( sig );
+ cnt_restart = 0;
+ do {
+ ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
+ sig, &slen, NULL, NULL, &rs_ctx );
+ } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+
+ TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( slen == slen_check );
+ TEST_ASSERT( memcmp( sig, sig_check, slen ) == 0 );
+
+ TEST_ASSERT( cnt_restart >= min_restart );
+ TEST_ASSERT( cnt_restart <= max_restart );
+
+ cnt_restart = 0;
+ do {
+ ret = mbedtls_pk_verify_restartable( &pub, md_alg,
+ hash, hlen, sig, slen, &rs_ctx );
+ } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+
+ TEST_ASSERT( ret == 0 );
+ TEST_ASSERT( cnt_restart >= min_restart );
+ TEST_ASSERT( cnt_restart <= max_restart );
+
+ hash[0]++;
+ do {
+ ret = mbedtls_pk_verify_restartable( &pub, md_alg,
+ hash, hlen, sig, slen, &rs_ctx );
+ } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+ TEST_ASSERT( ret != 0 );
+ hash[0]--;
+
+ sig[0]++;
+ do {
+ ret = mbedtls_pk_verify_restartable( &pub, md_alg,
+ hash, hlen, sig, slen, &rs_ctx );
+ } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+ TEST_ASSERT( ret != 0 );
+ sig[0]--;
+
+ /* Do we leak memory when aborting? try verify then sign
+ * This test only makes sense when we actually restart */
+ if( min_restart > 0 )
+ {
+ ret = mbedtls_pk_verify_restartable( &pub, md_alg,
+ hash, hlen, sig, slen, &rs_ctx );
+ TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+ mbedtls_pk_restart_free( &rs_ctx );
+
+ slen = sizeof( sig );
+ ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
+ sig, &slen, NULL, NULL, &rs_ctx );
+ TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+ }
+
+exit:
+ mbedtls_pk_restart_free( &rs_ctx );
+ mbedtls_pk_free( &prv );
+ mbedtls_pk_free( &pub );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
void pk_sign_verify( int type, int sign_ret, int verify_ret )
{
mbedtls_pk_context pk;
unsigned char hash[50], sig[5000];
size_t sig_len;
+ void *rs_ctx = NULL;
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ mbedtls_pk_restart_ctx ctx;
+
+ rs_ctx = &ctx;
+ mbedtls_pk_restart_init( rs_ctx );
+ /* This value is large enough that the operation will complete in one run.
+ * See comments at the top of ecp_test_vect_restart in
+ * test_suite_ecp.function for estimates of operation counts. */
+ mbedtls_ecp_set_max_ops( 42000 );
+#endif
mbedtls_pk_init( &pk );
@@ -272,38 +917,67 @@
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
TEST_ASSERT( pk_genkey( &pk ) == 0 );
- TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash,
- sig, &sig_len, rnd_std_rand, NULL ) == sign_ret );
+ TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_SHA256,
+ hash, sizeof hash, sig, &sig_len,
+ rnd_std_rand, NULL, rs_ctx ) == sign_ret );
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
hash, sizeof hash, sig, sig_len ) == verify_ret );
+ if( verify_ret == 0 )
+ {
+ hash[0]++;
+ TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
+ hash, sizeof hash, sig, sig_len ) != 0 );
+ hash[0]--;
+
+ sig[0]++;
+ TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
+ hash, sizeof hash, sig, sig_len ) != 0 );
+ sig[0]--;
+ }
+
+ TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash,
+ sig, &sig_len, rnd_std_rand, NULL ) == sign_ret );
+
+ TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
+ hash, sizeof hash, sig, sig_len, rs_ctx ) == verify_ret );
+
+ if( verify_ret == 0 )
+ {
+ hash[0]++;
+ TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
+ hash, sizeof hash, sig, sig_len, rs_ctx ) != 0 );
+ hash[0]--;
+
+ sig[0]++;
+ TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
+ hash, sizeof hash, sig, sig_len, rs_ctx ) != 0 );
+ sig[0]--;
+ }
+
exit:
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+ mbedtls_pk_restart_free( rs_ctx );
+#endif
mbedtls_pk_free( &pk );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_encrypt_test_vec( char *message_hex, int mod,
- int radix_N, char *input_N,
- int radix_E, char *input_E,
- char *result_hex, int ret )
+void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N,
+ char * input_N, int radix_E, char * input_E,
+ data_t * result, int ret )
{
- unsigned char message[1000];
unsigned char output[1000];
- unsigned char result[1000];
- size_t msg_len, olen, res_len;
rnd_pseudo_info rnd_info;
mbedtls_rsa_context *rsa;
mbedtls_pk_context pk;
+ size_t olen;
memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
- memset( message, 0, sizeof( message ) );
memset( output, 0, sizeof( output ) );
- memset( result, 0, sizeof( result ) );
- msg_len = unhexify( message, message_hex );
- res_len = unhexify( result, result_hex );
mbedtls_pk_init( &pk );
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
@@ -313,11 +987,11 @@
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
- TEST_ASSERT( mbedtls_pk_encrypt( &pk, message, msg_len,
+ TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len,
output, &olen, sizeof( output ),
rnd_pseudo_rand, &rnd_info ) == ret );
- TEST_ASSERT( olen == res_len );
- TEST_ASSERT( memcmp( output, result, olen ) == 0 );
+ TEST_ASSERT( olen == result->len );
+ TEST_ASSERT( memcmp( output, result->x, olen ) == 0 );
exit:
mbedtls_pk_free( &pk );
@@ -325,32 +999,24 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_decrypt_test_vec( char *cipher_hex, int mod,
- int radix_P, char *input_P,
- int radix_Q, char *input_Q,
- int radix_N, char *input_N,
- int radix_E, char *input_E,
- char *clear_hex, int ret )
+void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P,
+ char * input_P, int radix_Q, char * input_Q,
+ int radix_N, char * input_N, int radix_E,
+ char * input_E, data_t * clear, int ret )
{
- unsigned char clear[1000];
unsigned char output[1000];
- unsigned char cipher[1000];
- size_t clear_len, olen, cipher_len;
rnd_pseudo_info rnd_info;
mbedtls_mpi N, P, Q, E;
mbedtls_rsa_context *rsa;
mbedtls_pk_context pk;
+ size_t olen;
mbedtls_pk_init( &pk );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
- memset( clear, 0, sizeof( clear ) );
- memset( cipher, 0, sizeof( cipher ) );
- clear_len = unhexify( clear, clear_hex );
- cipher_len = unhexify( cipher, cipher_hex );
/* init pk-rsa context */
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
@@ -370,13 +1036,13 @@
/* decryption test */
memset( output, 0, sizeof( output ) );
olen = 0;
- TEST_ASSERT( mbedtls_pk_decrypt( &pk, cipher, cipher_len,
+ TEST_ASSERT( mbedtls_pk_decrypt( &pk, cipher->x, cipher->len,
output, &olen, sizeof( output ),
rnd_pseudo_rand, &rnd_info ) == ret );
if( ret == 0 )
{
- TEST_ASSERT( olen == clear_len );
- TEST_ASSERT( memcmp( output, clear, olen ) == 0 );
+ TEST_ASSERT( olen == clear->len );
+ TEST_ASSERT( memcmp( output, clear->x, olen ) == 0 );
}
exit:
@@ -453,7 +1119,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */
-void pk_rsa_alt( )
+void pk_rsa_alt( )
{
/*
* An rsa_alt context can only do private operations (decrypt, sign).
@@ -531,3 +1197,74 @@
mbedtls_pk_free( &rsa ); mbedtls_pk_free( &alt );
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+void pk_psa_sign( )
+{
+ mbedtls_pk_context pk;
+ unsigned char hash[50], sig[100], pkey_legacy[100], pkey_psa[100];
+ unsigned char *pkey_legacy_start, *pkey_psa_start;
+ size_t sig_len, klen_legacy, klen_psa;
+ int ret;
+ psa_key_handle_t handle;
+
+ /*
+ * This tests making signatures with a wrapped PSA key:
+ * - generate a fresh ECP legacy PK context
+ * - wrap it in a PK context and make a signature this way
+ * - extract the public key
+ * - parse it to a PK context and verify the signature this way
+ */
+
+ /* Create legacy EC public/private key in PK context. */
+ mbedtls_pk_init( &pk );
+ TEST_ASSERT( mbedtls_pk_setup( &pk,
+ mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_gen_key( MBEDTLS_ECP_DP_SECP256R1,
+ (mbedtls_ecp_keypair*) pk.pk_ctx,
+ rnd_std_rand, NULL ) == 0 );
+
+ /* Export underlying public key for re-importing in a legacy context. */
+ ret = mbedtls_pk_write_pubkey_der( &pk, pkey_legacy,
+ sizeof( pkey_legacy ) );
+ TEST_ASSERT( ret >= 0 );
+ klen_legacy = (size_t) ret;
+ /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */
+ pkey_legacy_start = pkey_legacy + sizeof( pkey_legacy ) - klen_legacy;
+
+ /* Turn PK context into an opaque one. */
+ TEST_ASSERT( psa_allocate_key( &handle ) == PSA_SUCCESS );
+ TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &handle,
+ PSA_ALG_SHA_256 ) == 0 );
+
+ memset( hash, 0x2a, sizeof hash );
+ memset( sig, 0, sizeof sig );
+
+ TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256,
+ hash, sizeof hash, sig, &sig_len,
+ NULL, NULL ) == 0 );
+
+ /* Export underlying public key for re-importing in a psa context. */
+ ret = mbedtls_pk_write_pubkey_der( &pk, pkey_psa,
+ sizeof( pkey_psa ) );
+ TEST_ASSERT( ret >= 0 );
+ klen_psa = (size_t) ret;
+ /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */
+ pkey_psa_start = pkey_psa + sizeof( pkey_psa ) - klen_psa;
+
+ TEST_ASSERT( klen_psa == klen_legacy );
+ TEST_ASSERT( memcmp( pkey_psa_start, pkey_legacy_start, klen_psa ) == 0 );
+
+ mbedtls_pk_free( &pk );
+ TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( handle ) );
+
+ mbedtls_pk_init( &pk );
+ TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey_legacy_start,
+ klen_legacy ) == 0 );
+ TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
+ hash, sizeof hash, sig, sig_len ) == 0 );
+
+exit:
+ mbedtls_pk_free( &pk );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data
index 0309400..b4cf09a 100644
--- a/tests/suites/test_suite_pkcs1_v15.data
+++ b/tests/suites/test_suite_pkcs1_v15.data
@@ -1,3 +1,9 @@
+RSAES-V15 Encryption input=NULL with length=0
+pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_NONE:"":"aafd12f659cae63489b479e5076ddec2f06cb58f67c6697351ff4aec29cdbaabf2fbe3467cc254f81be8e78d765a2e63339fc99a66320db73158a35a255d051758e95ed4abb2cdc69bb454110e827441213ddc8770e93ea141e1fc673e017e97eadc6b968f385c2aecb03bfb3267c6697351ff4aec29cdbaabf2fbe34676cac0":"42c6fce63a3b858ba89fe83004cac3651d1497c15090bf0086b9a4b9ff3bd451502838a413095aefe231832ba10bb467ae3f95c889cd8e9a6e32b4df633b2170d07a2168c086745f0017cf1d9facff2eee55af2fcb03730209173b2a0bbfb2d4c34d7ea93b3b0cb84a8a7b6371670e14482e6dcedbdd9efe66d906e0238586fe":0
+
+RSAES-V15 Decryption empty output with NULL buffer
+pkcs1_rsaes_v15_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_NONE:"":"aafd12f659cae63489b479e5076ddec2f06cb58f":"42c6fce63a3b858ba89fe83004cac3651d1497c15090bf0086b9a4b9ff3bd451502838a413095aefe231832ba10bb467ae3f95c889cd8e9a6e32b4df633b2170d07a2168c086745f0017cf1d9facff2eee55af2fcb03730209173b2a0bbfb2d4c34d7ea93b3b0cb84a8a7b6371670e14482e6dcedbdd9efe66d906e0238586fe":0
+
RSAES-V15 Encryption Test Vector Int
pkcs1_rsaes_v15_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f67c6697351ff4aec29cdbaabf2fbe3467cc254f81be8e78d765a2e63339fc99a66320db73158a35a255d051758e95ed4abb2cdc69bb454110e827441213ddc8770e93ea141e1fc673e017e97eadc6b968f385c2aecb03bfb32":"6c5ebca6116b1e91316613fbb5e93197270a849122d549122d05815e2626f80d20f7f3f038c98295203c0f7f6bb8c3568455c67dec82bca86be86eff43b56b7ba2d15375f9a42454c2a2c709953a6e4a977462e35fd21a9c2fb3c0ad2a370f7655267bf6f04814784982988e663b869fc8588475af860d499e5a6ffdfc2c6bfd":0
@@ -33,3 +39,93 @@
RSASSA-V15 Verification Test Vector Int
pkcs1_rsassa_v15_verify:1024:16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"2154f928615e5101fcdeb57bc08fc2f35c3d5996403861ae3efb1d0712f8bb05cc21f7f5f11f62e5b6ea9f0f2b62180e5cbe7ba535032d6ac8068fff7f362f73d2c3bf5eca6062a1723d7cfd5abb6dcf7e405f2dc560ffe6fc37d38bee4dc9e24fe2bece3e3b4a3f032701d3f0947b42930083dd4ad241b3309b514595482d42":0
+
+RSAES-V15 decoding: good, payload=max, tight output buffer
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505152535455565700":117:117:0
+
+RSAES-V15 decoding: good, payload=max, larger output buffer
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505152535455565700":117:128:0
+
+RSAES-V15 decoding: good, payload=max-1, tight output buffer
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000250515253545556575800":116:116:0
+
+RSAES-V15 decoding: good, payload=max-1, larger output buffer
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000250515253545556575800":116:117:0
+
+RSAES-V15 decoding: good, payload=1
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"00025050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505000":1:1:0
+
+RSAES-V15 decoding: good, empty payload
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505000":0:0:0
+
+RSAES-V15 decoding: payload=max, output too large
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505152535455565700":117:116:MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
+
+RSAES-V15 decoding: payload=max-1, output too large
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000250515253545556575800":116:115:MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
+
+RSAES-V15 decoding: bad first byte
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0102505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+RSAES-V15 decoding: bad second byte (0 instead of 2)
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0000505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+RSAES-V15 decoding: bad second byte (1 instead of 2)
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0001505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+RSAES-V15 decoding: padding too short (0)
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000200":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+RSAES-V15 decoding: padding too short (7)
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505050505050500000ffffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+RSAES-V15 decoding: unfinished padding
+pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: good, payload=max, tight output buffer
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffff00":117:117:0
+
+EMSA-V15 decoding: good, payload=max, larger output buffer
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffff00":117:128:0
+
+EMSA-V15 decoding: good, payload=max-1, tight output buffer
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffff00":116:116:0
+
+EMSA-V15 decoding: good, payload=max-1, larger output buffer
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffff00":116:117:0
+
+EMSA-V15 decoding: good, payload=1
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00":1:1:0
+
+EMSA-V15 decoding: good, empty payload
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00":0:0:0
+
+EMSA-V15 decoding: bad first byte
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0101ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: bad second byte (0 instead of 1)
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0000ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: bad second byte (2 instead of 1)
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0002ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: padding too short (0)
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"000100":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: padding too short (7)
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffff0000ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: invalid padding at first byte
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001fffffffffffffffe00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: invalid padding at last byte
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001feffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: unfinished padding
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: unfinished padding with invalid first byte
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001feffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
+
+EMSA-V15 decoding: unfinished padding with invalid last byte
+pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 7f8b1c8..3ef4e2c 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -9,28 +9,22 @@
*/
/* BEGIN_CASE */
-void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char *input_N, int radix_E,
- char *input_E, int hash,
- char *message_hex_string, char *seed,
- char *result_hex_str, int result )
+void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N,
+ int radix_E, char * input_E, int hash,
+ data_t * message_str, data_t * rnd_buf,
+ data_t * result_hex_str, int result )
{
- unsigned char message_str[1000];
unsigned char output[1000];
- unsigned char output_str[1000];
- unsigned char rnd_buf[1000];
mbedtls_rsa_context ctx;
- size_t msg_len;
rnd_buf_info info;
mbedtls_mpi N, E;
- info.length = unhexify( rnd_buf, seed );
- info.buf = rnd_buf;
+ info.buf = rnd_buf->x;
+ info.length = rnd_buf->len;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
- memset( message_str, 0x00, 1000 );
memset( output, 0x00, 1000 );
- memset( output_str, 0x00, 1000 );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -38,14 +32,12 @@
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- msg_len = unhexify( message_str, message_hex_string );
-
- TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result );
+ if( message_str->len == 0 )
+ message_str->x = NULL;
+ TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result );
if( result == 0 )
{
- hexify( output_str, output, ctx.len );
-
- TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+ TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
}
exit:
@@ -55,15 +47,14 @@
/* END_CASE */
/* BEGIN_CASE */
-void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P,
- int radix_Q, char *input_Q, int radix_N,
- char *input_N, int radix_E, char *input_E,
- int hash, char *result_hex_str, char *seed,
- char *message_hex_string, int result )
+void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P,
+ int radix_Q, char * input_Q, int radix_N,
+ char * input_N, int radix_E, char * input_E,
+ int hash, data_t * result_hex_str,
+ char * seed, data_t * message_str,
+ int result )
{
- unsigned char message_str[1000];
unsigned char output[1000];
- unsigned char output_str[1000];
mbedtls_rsa_context ctx;
size_t output_len;
rnd_pseudo_info rnd_info;
@@ -74,9 +65,7 @@
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
- memset( message_str, 0x00, 1000 );
memset( output, 0x00, 1000 );
- memset( output_str, 0x00, 1000 );
memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
@@ -89,14 +78,17 @@
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
- unhexify( message_str, message_hex_string );
-
- TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, 1000 ) == result );
- if( result == 0 )
+ if( result_hex_str->len == 0 )
{
- hexify( output_str, output, ctx.len );
-
- TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, NULL, 0 ) == result );
+ }
+ else
+ {
+ TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result );
+ if( result == 0 )
+ {
+ TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len) == 0 );
+ }
}
exit:
@@ -107,33 +99,175 @@
/* END_CASE */
/* BEGIN_CASE */
-void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q,
- char *input_Q, int radix_N, char *input_N,
- int radix_E, char *input_E, int digest, int hash,
- char *message_hex_string, char *salt,
- char *result_hex_str, int result )
+void pkcs1_v15_decode( int mode,
+ data_t *input,
+ int expected_plaintext_length_arg,
+ int output_size_arg,
+ int expected_result )
{
- unsigned char message_str[1000];
+ size_t expected_plaintext_length = expected_plaintext_length_arg;
+ size_t output_size = output_size_arg;
+ rnd_pseudo_info rnd_info;
+ mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi;
+ mbedtls_rsa_context ctx;
+ static unsigned char N[128] = {
+ 0xc4, 0x79, 0x4c, 0x6d, 0xb2, 0xe9, 0xdf, 0xc5,
+ 0xe5, 0xd7, 0x55, 0x4b, 0xfb, 0x6c, 0x2e, 0xec,
+ 0x84, 0xd0, 0x88, 0x12, 0xaf, 0xbf, 0xb4, 0xf5,
+ 0x47, 0x3c, 0x7e, 0x92, 0x4c, 0x58, 0xc8, 0x73,
+ 0xfe, 0x8f, 0x2b, 0x8f, 0x8e, 0xc8, 0x5c, 0xf5,
+ 0x05, 0xeb, 0xfb, 0x0d, 0x7b, 0x2a, 0x93, 0xde,
+ 0x15, 0x0d, 0xc8, 0x13, 0xcf, 0xd2, 0x6f, 0x0d,
+ 0x9d, 0xad, 0x30, 0xe5, 0x70, 0x20, 0x92, 0x9e,
+ 0xb3, 0x6b, 0xba, 0x5c, 0x50, 0x0f, 0xc3, 0xb2,
+ 0x7e, 0x64, 0x07, 0x94, 0x7e, 0xc9, 0x4e, 0xc1,
+ 0x65, 0x04, 0xaf, 0xb3, 0x9f, 0xde, 0xa8, 0x46,
+ 0xfa, 0x6c, 0xf3, 0x03, 0xaf, 0x1c, 0x1b, 0xec,
+ 0x75, 0x44, 0x66, 0x77, 0xc9, 0xde, 0x51, 0x33,
+ 0x64, 0x27, 0xb0, 0xd4, 0x8d, 0x31, 0x6a, 0x11,
+ 0x27, 0x3c, 0x99, 0xd4, 0x22, 0xc0, 0x9d, 0x12,
+ 0x01, 0xc7, 0x4a, 0x73, 0xac, 0xbf, 0xc2, 0xbb
+ };
+ static unsigned char E[1] = { 0x03 };
+ static unsigned char P[64] = {
+ 0xe5, 0x53, 0x1f, 0x88, 0x51, 0xee, 0x59, 0xf8,
+ 0xc1, 0xe4, 0xcc, 0x5b, 0xb3, 0x75, 0x8d, 0xc8,
+ 0xe8, 0x95, 0x2f, 0xd0, 0xef, 0x37, 0xb4, 0xcd,
+ 0xd3, 0x9e, 0x48, 0x8b, 0x81, 0x58, 0x60, 0xb9,
+ 0x27, 0x1d, 0xb6, 0x28, 0x92, 0x64, 0xa3, 0xa5,
+ 0x64, 0xbd, 0xcc, 0x53, 0x68, 0xdd, 0x3e, 0x55,
+ 0xea, 0x9d, 0x5e, 0xcd, 0x1f, 0x96, 0x87, 0xf1,
+ 0x29, 0x75, 0x92, 0x70, 0x8f, 0x28, 0xfb, 0x2b
+ };
+ static unsigned char Q[64] = {
+ 0xdb, 0x53, 0xef, 0x74, 0x61, 0xb4, 0x20, 0x3b,
+ 0x3b, 0x87, 0x76, 0x75, 0x81, 0x56, 0x11, 0x03,
+ 0x59, 0x31, 0xe3, 0x38, 0x4b, 0x8c, 0x7a, 0x9c,
+ 0x05, 0xd6, 0x7f, 0x1e, 0x5e, 0x60, 0xf0, 0x4e,
+ 0x0b, 0xdc, 0x34, 0x54, 0x1c, 0x2e, 0x90, 0x83,
+ 0x14, 0xef, 0xc0, 0x96, 0x5c, 0x30, 0x10, 0xcc,
+ 0xc1, 0xba, 0xa0, 0x54, 0x3f, 0x96, 0x24, 0xca,
+ 0xa3, 0xfb, 0x55, 0xbc, 0x71, 0x29, 0x4e, 0xb1
+ };
+ unsigned char original[128];
+ unsigned char intermediate[128];
+ static unsigned char default_content[128] = {
+ /* A randomly generated pattern. */
+ 0x4c, 0x27, 0x54, 0xa0, 0xce, 0x0d, 0x09, 0x4a,
+ 0x1c, 0x38, 0x8e, 0x2d, 0xa3, 0xc4, 0xe0, 0x19,
+ 0x4c, 0x99, 0xb2, 0xbf, 0xe6, 0x65, 0x7e, 0x58,
+ 0xd7, 0xb6, 0x8a, 0x05, 0x2f, 0xa5, 0xec, 0xa4,
+ 0x35, 0xad, 0x10, 0x36, 0xff, 0x0d, 0x08, 0x50,
+ 0x74, 0x47, 0xc9, 0x9c, 0x4a, 0xe7, 0xfd, 0xfa,
+ 0x83, 0x5f, 0x14, 0x5a, 0x1e, 0xe7, 0x35, 0x08,
+ 0xad, 0xf7, 0x0d, 0x86, 0xdf, 0xb8, 0xd4, 0xcf,
+ 0x32, 0xb9, 0x5c, 0xbe, 0xa3, 0xd2, 0x89, 0x70,
+ 0x7b, 0xc6, 0x48, 0x7e, 0x58, 0x4d, 0xf3, 0xef,
+ 0x34, 0xb7, 0x57, 0x54, 0x79, 0xc5, 0x8e, 0x0a,
+ 0xa3, 0xbf, 0x6d, 0x42, 0x83, 0x25, 0x13, 0xa2,
+ 0x95, 0xc0, 0x0d, 0x32, 0xec, 0x77, 0x91, 0x2b,
+ 0x68, 0xb6, 0x8c, 0x79, 0x15, 0xfb, 0x94, 0xde,
+ 0xb9, 0x2b, 0x94, 0xb3, 0x28, 0x23, 0x86, 0x3d,
+ 0x37, 0x00, 0xe6, 0xf1, 0x1f, 0x4e, 0xd4, 0x42
+ };
+ unsigned char final[128];
+ size_t output_length = 0x7EA0;
+
+ memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
+ mbedtls_mpi_init( &Nmpi ); mbedtls_mpi_init( &Empi );
+ mbedtls_mpi_init( &Pmpi ); mbedtls_mpi_init( &Qmpi );
+ mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
+
+ TEST_ASSERT( mbedtls_mpi_read_binary( &Nmpi, N, sizeof( N ) ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_binary( &Empi, E, sizeof( E ) ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_binary( &Pmpi, P, sizeof( P ) ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_read_binary( &Qmpi, Q, sizeof( Q ) ) == 0 );
+
+ TEST_ASSERT( mbedtls_rsa_import( &ctx, &Nmpi, &Pmpi, &Qmpi,
+ NULL, &Empi ) == 0 );
+ TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
+
+ TEST_ASSERT( input->len <= sizeof( N ) );
+ memcpy( original, input->x, input->len );
+ memset( original + input->len, 'd', sizeof( original ) - input->len );
+ if( mode == MBEDTLS_RSA_PRIVATE )
+ TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 );
+ else
+ TEST_ASSERT( mbedtls_rsa_private( &ctx, &rnd_pseudo_rand, &rnd_info,
+ original, intermediate ) == 0 );
+
+ memcpy( final, default_content, sizeof( final ) );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
+ &rnd_pseudo_rand, &rnd_info,
+ mode,
+ &output_length,
+ intermediate,
+ final,
+ output_size ) == expected_result );
+ if( expected_result == 0 )
+ {
+ TEST_ASSERT( output_length == expected_plaintext_length );
+ TEST_ASSERT( memcmp( original + sizeof( N ) - output_length,
+ final,
+ output_length ) == 0 );
+ }
+ else if( expected_result == MBEDTLS_ERR_RSA_INVALID_PADDING ||
+ expected_result == MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE )
+ {
+ size_t max_payload_length =
+ output_size > sizeof( N ) - 11 ? sizeof( N ) - 11 : output_size;
+ size_t i;
+ size_t count = 0;
+
+#if !defined(MBEDTLS_RSA_ALT)
+ /* Check that the output in invalid cases is what the default
+ * implementation currently does. Alternative implementations
+ * may produce different output, so we only perform these precise
+ * checks when using the default implementation. */
+ TEST_ASSERT( output_length == max_payload_length );
+ for( i = 0; i < max_payload_length; i++ )
+ TEST_ASSERT( final[i] == 0 );
+#endif
+ /* Even in alternative implementations, the outputs must have
+ * changed, otherwise it indicates at least a timing vulnerability
+ * because no write to the outputs is performed in the bad case. */
+ TEST_ASSERT( output_length != 0x7EA0 );
+ for( i = 0; i < max_payload_length; i++ )
+ count += ( final[i] == default_content[i] );
+ /* If more than 16 bytes are unchanged in final, that's evidence
+ * that final wasn't overwritten. */
+ TEST_ASSERT( count < 16 );
+ }
+
+exit:
+ mbedtls_mpi_free( &Nmpi ); mbedtls_mpi_free( &Empi );
+ mbedtls_mpi_free( &Pmpi ); mbedtls_mpi_free( &Qmpi );
+ mbedtls_rsa_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q,
+ char * input_Q, int radix_N, char * input_N,
+ int radix_E, char * input_E, int digest, int hash,
+ data_t * message_str, data_t * rnd_buf,
+ data_t * result_hex_str, int result )
+{
unsigned char hash_result[1000];
unsigned char output[1000];
- unsigned char output_str[1000];
- unsigned char rnd_buf[1000];
mbedtls_rsa_context ctx;
mbedtls_mpi N, P, Q, E;
- size_t msg_len;
rnd_buf_info info;
- info.length = unhexify( rnd_buf, salt );
- info.buf = rnd_buf;
+ info.buf = rnd_buf->x;
+ info.length = rnd_buf->len;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
- memset( message_str, 0x00, 1000 );
memset( hash_result, 0x00, 1000 );
memset( output, 0x00, 1000 );
- memset( output_str, 0x00, 1000 );
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
@@ -145,17 +279,15 @@
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
- msg_len = unhexify( message_str, message_hex_string );
if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
+ TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result );
if( result == 0 )
{
- hexify( output_str, output, ctx.len);
- TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+ TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
}
exit:
@@ -166,24 +298,19 @@
/* END_CASE */
/* BEGIN_CASE */
-void pkcs1_rsassa_v15_verify( int mod, int radix_N, char *input_N, int radix_E,
- char *input_E, int digest, int hash,
- char *message_hex_string, char *salt,
- char *result_hex_str, int result )
+void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N,
+ int radix_E, char * input_E, int digest,
+ int hash, data_t * message_str, char * salt,
+ data_t * result_str, int result )
{
- unsigned char message_str[1000];
unsigned char hash_result[1000];
- unsigned char result_str[1000];
mbedtls_rsa_context ctx;
- size_t msg_len;
mbedtls_mpi N, E;
((void) salt);
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
- memset( message_str, 0x00, 1000 );
memset( hash_result, 0x00, 1000 );
- memset( result_str, 0x00, 1000 );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -191,16 +318,11 @@
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- msg_len = unhexify( message_str, message_hex_string );
- unhexify( result_str, result_hex_str );
if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
- message_str, msg_len, hash_result ) == 0 );
+ TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
- digest, 0, hash_result,
- result_str ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data
index 6258c62..012867c 100644
--- a/tests/suites/test_suite_pkcs1_v21.data
+++ b/tests/suites/test_suite_pkcs1_v21.data
@@ -187,6 +187,10 @@
RSAES-OAEP Encryption Example 10_6
pkcs1_rsaes_oaep_encrypt:2048:16:"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":16:"010001":MBEDTLS_MD_SHA1:"eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac":"9f47ddf42e97eea856a9bdbc714eb3ac22f6eb32":"2d207a73432a8fb4c03051b3f73b28a61764098dfa34c47a20995f8115aa6816679b557e82dbee584908c6e69782d7deb34dbd65af063d57fca76a5fd069492fd6068d9984d209350565a62e5c77f23038c12cb10c6634709b547c46f6b4a709bd85ca122d74465ef97762c29763e06dbc7a9e738c78bfca0102dc5e79d65b973f28240caab2e161a78b57d262457ed8195d53e3c7ae9da021883c6db7c24afdd2322eac972ad3c354c5fcef1e146c3a0290fb67adf007066e00428d2cec18ce58f9328698defef4b2eb5ec76918fde1c198cbb38b7afc67626a9aefec4322bfd90d2563481c9a221f78c8272c82d1b62ab914e1c69f6af6ef30ca5260db4a46":0
+RSAES-OAEP Encryption input=NULL with length=0
+depends_on:MBEDTLS_SHA1_C
+pkcs1_rsaes_oaep_encrypt:2048:16:"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":16:"010001":MBEDTLS_MD_SHA1:"":"9f47ddf42e97eea856a9bdbc714eb3ac22f6eb32":"32b75304e631e94d4b02819642c7ffa66116af504cb3c4687420cc4b7f069fc6cc3b1a254611995ce2914a9e88152d38bbf87ccedcad9b9890341284e56e802a1b1f8f6bd3d5c991bd92eb8a8ea0a1d8bae141088ff8dceaebdb73515cf06ce33baa37c53093f1d1edc3502818cc70edcfddb41646374beb5b4f67f7f773e43778d4d31012e5a207c474e762ac3251ea6ede9018ad6e8e9ea65a3528a62b694eb9d8becff220a7c6c70d33eaafa52cf67a8090f67b6f9c43c6fe0b0f2375cbb9e611c0fcfef5312feb5e53d4a89d3d7e06c966e0c92ab9e5838239f390bcfd918d94c224df8e8ccb57ee364389908b6a0e550133f7565016804fbd6cb338314a":0
+
RSAES-OAEP Decryption Test Vector Int
pkcs1_rsaes_oaep_decrypt:1024:16:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":16:"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":MBEDTLS_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955":0
@@ -370,14 +374,27 @@
RSAES-OAEP Decryption Example 10_6
pkcs1_rsaes_oaep_decrypt:2048:16:"ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769":16:"bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183":16:"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":16:"010001":MBEDTLS_MD_SHA1:"eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac":"9f47ddf42e97eea856a9bdbc714eb3ac22f6eb32":"2d207a73432a8fb4c03051b3f73b28a61764098dfa34c47a20995f8115aa6816679b557e82dbee584908c6e69782d7deb34dbd65af063d57fca76a5fd069492fd6068d9984d209350565a62e5c77f23038c12cb10c6634709b547c46f6b4a709bd85ca122d74465ef97762c29763e06dbc7a9e738c78bfca0102dc5e79d65b973f28240caab2e161a78b57d262457ed8195d53e3c7ae9da021883c6db7c24afdd2322eac972ad3c354c5fcef1e146c3a0290fb67adf007066e00428d2cec18ce58f9328698defef4b2eb5ec76918fde1c198cbb38b7afc67626a9aefec4322bfd90d2563481c9a221f78c8272c82d1b62ab914e1c69f6af6ef30ca5260db4a46":0
+RSAES-OAEP Decryption empty output with NULL buffer
+depends_on:MBEDTLS_SHA1_C
+pkcs1_rsaes_oaep_decrypt:2048:16:"ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769":16:"bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183":16:"ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb":16:"010001":MBEDTLS_MD_SHA1:"":"9f47ddf42e97eea856a9bdbc714eb3ac22f6eb32":"32b75304e631e94d4b02819642c7ffa66116af504cb3c4687420cc4b7f069fc6cc3b1a254611995ce2914a9e88152d38bbf87ccedcad9b9890341284e56e802a1b1f8f6bd3d5c991bd92eb8a8ea0a1d8bae141088ff8dceaebdb73515cf06ce33baa37c53093f1d1edc3502818cc70edcfddb41646374beb5b4f67f7f773e43778d4d31012e5a207c474e762ac3251ea6ede9018ad6e8e9ea65a3528a62b694eb9d8becff220a7c6c70d33eaafa52cf67a8090f67b6f9c43c6fe0b0f2375cbb9e611c0fcfef5312feb5e53d4a89d3d7e06c966e0c92ab9e5838239f390bcfd918d94c224df8e8ccb57ee364389908b6a0e550133f7565016804fbd6cb338314a":0
+
RSASSA-PSS Signing Test Vector Int
pkcs1_rsassa_pss_sign:1024:16:"d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b":16:"c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f":16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":0
RSASSA-PSS Verification Test Vector Int
pkcs1_rsassa_pss_verify:1024:16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":0
-RSASSA-PSS Signing Test Vector Hash too large
-pkcs1_rsassa_pss_sign:1024:16:"d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b":16:"c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f":16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA512:"d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+RSASSA-PSS Signature RSA-1016, SHA-512: minimum salt size not met
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_sign:1016:16:"0e3cb6845e528229e19cfb24611e6859ac1cea7d35992b6e2e796823c52affa03400e42830f90697f084499c3e3587defc19e749e72433dd7b70c28b0c8280b7":16:"0c48f9e45ae38fdb4a5143be37d79a10cd4f1f9782ef26a4848a4449c72cfd712c68350818736385cb4a9ab6db5aef8e96c551039cfcc8915821aee069ed660d":16:"00aee7874a4db2f1510044405db29f14df0f37bbcf61fcbcc994a3d31caaf858a74cc8f2a40ac9a9ce7aa9a0680f62cf9d8d4b827114533fdbf86f16fc9dfe5cbf857d86135519a4611ffc59cb7473861619a78e3ec314715e804cff82d6f32e9f57ddf390563629883bd34f40e8db413209b151cee97d817a5d65c7da54734b":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+
+RSASSA-PSS Signature RSA-520, SHA-512: no possible salt size
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_sign:520:16:"0feea5f6220fac291b9508ec2ba8ed281eb39aee4d5dc693254106816ebc700ecf":16:"0d68918785c3aafe31eaaa2d8d8156dce645940ff7734a457337a51bd00bc88811":16:"00d5a06f86e5b9d87428540165ca966fa8893a62e2a59d0bfd7617780bb039f9165a373a8e119d0766f8de556710f33f67019153bad8223775e797d451d48206f3bf":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+
+RSASSA-PSS Signature RSA-528, SHA-512: zero salt size
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_sign:528:16:"00d272aa28ed2085ac6df3c05c6719eed5deb618afa2e4ca4a6f7330b430ad48672d":16:"00c578836bab27145db9dd66f17470b62d4a6100f8ca0dedf457ee3639c3b9596325":16:"00a2554eba715bf66e5ecdf3d6d718e3e5d907e8666e7bf5a76b415106e04eb827ec4cb2199cff66491d45419082059aa5b54b0cf5eef4443402f3047c0b0e6f025081":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSASSA-PSS Signature Example 1_1
pkcs1_rsassa_pss_sign:1024:16:"e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443":16:"b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd":16:"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0":"dee959c7e06411361420ff80185ed57f3e6776af":"9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c":0
@@ -831,3 +848,38 @@
depends_on:MBEDTLS_SHA256_C
pkcs1_rsassa_pss_verify_ext:512:16:"00b076d23250816f9aab02307e452b97f0cae7598369b41624e8afc7971a59a13892f64b07eaa6ec928c160b2d6ec8f9d0dd5b63c8b3ac0767b4f65c892f56c10f":16:"010001":MBEDTLS_MD_NONE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:"":"63a35294577c7e593170378175b7df27c293dae583ec2a971426eb2d66f2af483e897bfae5dc20300a9d61a3644e08c3aee61a463690a3498901563c46041056":MBEDTLS_ERR_RSA_INVALID_PADDING:MBEDTLS_ERR_RSA_INVALID_PADDING
+RSASSA-PSS Signature RSA-1024, SHA-512
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_sign:1024:16:"00e8f95a716c127d5147dcc241a7c1fe8d5487b3e8b6e95e48a83334d21d00c79ad0a90e29941c0c53065b20059de95e9e406061416f7ac12edca1983b9ee28cc3":16:"00d72348b297e7e5dc4329f6ab874b17982584e0ab43174070a9be983c0f040320d6f893c40d2717cb3044380cb3230b7133621eb1c55a3ea56d0e7cee694b5df3":16:"00c3c9873548543591c1f947e412c33da56b9d1b94a58c2f410a8a620e9b4f1d9197643ebf527f5f62b202b9d67a32654d05f326a9b61e0106efdf4829673c4f3d23655996e2424059916ab47aa67e406c129679e5979ca46708866608ffa21f619843b959b4442e422598a2faab54a8cef1f131992677d2cf5bcaf2b5564f7419":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"655d1cf86a7af5113d1791ab7b6627845ea2aa7efbae82705a3563e5ba0337a1d033cb9283b38c042056e0a1d0529891173e3df6621dd8b184930caec8b3cbe4d1068524dab0ec6854f6638d86b77434cd792ddec0d02327a9eebffcd6911ffd32ad9bcb569d3237398c8169d9c62e7eea81c1b456fd36019aad1e4b268c604d":0
+
+RSASSA-PSS Verification RSA-1024, SHA-512
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_verify:1022:16:"00c3c9873548543591c1f947e412c33da56b9d1b94a58c2f410a8a620e9b4f1d9197643ebf527f5f62b202b9d67a32654d05f326a9b61e0106efdf4829673c4f3d23655996e2424059916ab47aa67e406c129679e5979ca46708866608ffa21f619843b959b4442e422598a2faab54a8cef1f131992677d2cf5bcaf2b5564f7419":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"655d1cf86a7af5113d1791ab7b6627845ea2aa7efbae82705a3563e5ba0337a1d033cb9283b38c042056e0a1d0529891173e3df6621dd8b184930caec8b3cbe4d1068524dab0ec6854f6638d86b77434cd792ddec0d02327a9eebffcd6911ffd32ad9bcb569d3237398c8169d9c62e7eea81c1b456fd36019aad1e4b268c604d":0
+
+RSASSA-PSS Signature RSA-1032, SHA-512
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_sign:1032:16:"0dfaedb709ada2105223e5e7764a5f31d07ae7a37bdc7b4a56c2499e1173147bcdcb165b8fb01a2528190cb6874656a936491898fca330db8af5a9ed5417268ed7":16:"0c339c56797a90c641292560d0ef675f71ac2c99fcaba6260c38e4f167dfd179eb7a9e255f9bdbc549e4181f9a2a19b1f30a80b292d5ef1ad75b9e658eaa6fb0bb":16:"00aa94ab91b4c26be257e469528228c4b0b6b4c99e73a84a272b3101892c07406911372b83ec4a7b8191f0ba4b4cb4cb3b732074e96c668297e1323b8ad0822a7e151182def03871a66a47b704b92845c6194142d4eeda19903e04043581f7a835dc288117863d21944c3aeded518458f1a30a41c7638aa4e098a88fdf2c2097270d":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"13ad40169494129b907f061d885fbe50ab654fc7b4be657ff8629d7ca291838159e9a7b7adc93560dda2bb9127966eb8d57377fb19d5b043dca67a07ba3c23069b391ddd921b507a8cca2d5eb7ccc84b90089092ca88530e074e629c3cb6902b2d0475000269a28c4cd89cec0dca66571fa7fbe4976373abe905cbe4c66c8d5fbb":0
+
+RSASSA-PSS Verification RSA-1032, SHA-512
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_verify:1032:16:"00aa94ab91b4c26be257e469528228c4b0b6b4c99e73a84a272b3101892c07406911372b83ec4a7b8191f0ba4b4cb4cb3b732074e96c668297e1323b8ad0822a7e151182def03871a66a47b704b92845c6194142d4eeda19903e04043581f7a835dc288117863d21944c3aeded518458f1a30a41c7638aa4e098a88fdf2c2097270d":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"13ad40169494129b907f061d885fbe50ab654fc7b4be657ff8629d7ca291838159e9a7b7adc93560dda2bb9127966eb8d57377fb19d5b043dca67a07ba3c23069b391ddd921b507a8cca2d5eb7ccc84b90089092ca88530e074e629c3cb6902b2d0475000269a28c4cd89cec0dca66571fa7fbe4976373abe905cbe4c66c8d5fbb":0
+
+RSASSA-PSS Verification of OpenSSL-generated signature RSA-1032, SHA-512
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_verify:1032:16:"00aa94ab91b4c26be257e469528228c4b0b6b4c99e73a84a272b3101892c07406911372b83ec4a7b8191f0ba4b4cb4cb3b732074e96c668297e1323b8ad0822a7e151182def03871a66a47b704b92845c6194142d4eeda19903e04043581f7a835dc288117863d21944c3aeded518458f1a30a41c7638aa4e098a88fdf2c2097270d":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"1de40b1c452691dfd8ceb42ecf5f0cbda944d871141b4407c1e30a6657c58c2e496b2a3ad10e025d45ca9606d25602ac1de04af8e0d24aa06e57ec3fea5c961ecf1e0a4e442fda0cdaba42469288cde5d7d0c223facceaf4c7caabe93505acd5664c9b4fae64272af4d5b74326a01724a25fabdb10b177821d2273650a84426dbd":0
+
+RSASSA-PSS Signature RSA-1040, SHA-512
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_sign:1040:16:"00fc7f4b490b4d3ef729db23fb5afbb5f2fc620a472342d8b8ff310cfdc124be76dc22ab6f4be35a38ddd31f24d7f64d310f67ab3a375e83f4e0559e4cb5dc43e875":16:"00d51e8680ab71dc01e1a8a68a298636bb1658cfab8d73ce528a62697722d485ab90cdafc5e27768b761839ff93420458ae55f15a69465dbc0c7b524dc9a385ff925":16:"00d2340538231dcd5a61edf83ab94b2e4b3a784394c4ed35a424c050c294157b7625f9aca8258c21e2d0a7aa9b7c9db576404e63090dba50d998f9a3ec72b1a5cf28d83251ab93341c7d2c1a90403d70f67bc1a9e413bc62facccb52441e24c3f2bc9fdeca1a783012e70b9528176260580c4e1026c58209e8dcc4de3bf3f5be5565e9":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"13e695948d59ded5a975cd9fb14bffc48e4ff9725576a96a6693da1a3c4c90d17d6811a97a633180d76dba5b957d2244e3b97e7bf3463a77d0b6c39b28a88e0b6739113726cd74937ad5f693ae5a8fd77febc270a115df05c344ddffebc2438ae67a5eea6572f434881bdf350aed4ec8f3a530d279d3fff07bb78e510807114e6ee7":0
+
+RSASSA-PSS Verification RSA-1040, SHA-512
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_verify:1040:16:"00d2340538231dcd5a61edf83ab94b2e4b3a784394c4ed35a424c050c294157b7625f9aca8258c21e2d0a7aa9b7c9db576404e63090dba50d998f9a3ec72b1a5cf28d83251ab93341c7d2c1a90403d70f67bc1a9e413bc62facccb52441e24c3f2bc9fdeca1a783012e70b9528176260580c4e1026c58209e8dcc4de3bf3f5be5565e9":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"13e695948d59ded5a975cd9fb14bffc48e4ff9725576a96a6693da1a3c4c90d17d6811a97a633180d76dba5b957d2244e3b97e7bf3463a77d0b6c39b28a88e0b6739113726cd74937ad5f693ae5a8fd77febc270a115df05c344ddffebc2438ae67a5eea6572f434881bdf350aed4ec8f3a530d279d3fff07bb78e510807114e6ee7":0
+
+RSASSA-PSS Signature RSA-1048, SHA-512
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_sign:1048:16:"0f39b79809516becc2e3481b6b47584aa2299bd2027ab8a303b9de5b0adcb4a5d38e38edb8c1fac3ea1dbd7e1d50b84323e362cff4df3f5a5182dafa9bb9217a73d7":16:"0d18164f8bd0d58d019998c8cb17c4c0354e62b8a9462acca30816894f982c2ae114e73993e30698930437b4eec44adec24d32ccbcbae7cc4c9f8911b1eb2100685b":16:"00c75d0f9fa17d1d24b939537a434017f390c6604444c35a13360d6b1fc986baf40159b84275d37b883278df5064dd9eb0f29b0d325acc790c4b59672737dbbf3acb88f5e2f2d54c919cafd072272c494591d52e158993315e71e2ca60b1c74feff8f3d77842b415d4e71734a498206a5cd9315c87b23e583e25eb4ca97056b45c96856d":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"9442a8ec48f87ebc81cc1273b03e528e7643c9e2fcc60ed85827d9341c5a36e5c76059baa8e9891df437e44c4047a266b46bcaaad3de1f1d4d3576defff080b791b013491636187fc45a930b70a533ed92abfd168f050df91b4c35d68d160a243ce589807a7d32661fc18b9547cdc0fd86d33acd349c98b34fb016ddd1bff23c58170e":0
+
+RSASSA-PSS Verification RSA-1048, SHA-512
+depends_on:MBEDTLS_SHA512_C
+pkcs1_rsassa_pss_verify:1048:16:"00c75d0f9fa17d1d24b939537a434017f390c6604444c35a13360d6b1fc986baf40159b84275d37b883278df5064dd9eb0f29b0d325acc790c4b59672737dbbf3acb88f5e2f2d54c919cafd072272c494591d52e158993315e71e2ca60b1c74feff8f3d77842b415d4e71734a498206a5cd9315c87b23e583e25eb4ca97056b45c96856d":16:"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"9442a8ec48f87ebc81cc1273b03e528e7643c9e2fcc60ed85827d9341c5a36e5c76059baa8e9891df437e44c4047a266b46bcaaad3de1f1d4d3576defff080b791b013491636187fc45a930b70a533ed92abfd168f050df91b4c35d68d160a243ce589807a7d32661fc18b9547cdc0fd86d33acd349c98b34fb016ddd1bff23c58170e":0
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index 50da2ff..180bc4a 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -9,28 +9,22 @@
*/
/* BEGIN_CASE */
-void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char *input_N, int radix_E,
- char *input_E, int hash,
- char *message_hex_string, char *seed,
- char *result_hex_str, int result )
+void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N,
+ int radix_E, char * input_E, int hash,
+ data_t * message_str, data_t * rnd_buf,
+ data_t * result_hex_str, int result )
{
- unsigned char message_str[1000];
unsigned char output[1000];
- unsigned char output_str[1000];
- unsigned char rnd_buf[1000];
mbedtls_rsa_context ctx;
- size_t msg_len;
rnd_buf_info info;
mbedtls_mpi N, E;
- info.length = unhexify( rnd_buf, seed );
- info.buf = rnd_buf;
+ info.buf = rnd_buf->x;
+ info.length = rnd_buf->len;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
- memset( message_str, 0x00, 1000 );
memset( output, 0x00, 1000 );
- memset( output_str, 0x00, 1000 );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -38,14 +32,12 @@
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- msg_len = unhexify( message_str, message_hex_string );
-
- TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result );
+ if( message_str->len == 0 )
+ message_str->x = NULL;
+ TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result );
if( result == 0 )
{
- hexify( output_str, output, ctx.len );
-
- TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+ TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
}
exit:
@@ -55,15 +47,14 @@
/* END_CASE */
/* BEGIN_CASE */
-void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char *input_P,
- int radix_Q, char *input_Q, int radix_N,
- char *input_N, int radix_E, char *input_E,
- int hash, char *result_hex_str, char *seed,
- char *message_hex_string, int result )
+void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P,
+ int radix_Q, char * input_Q, int radix_N,
+ char * input_N, int radix_E, char * input_E,
+ int hash, data_t * result_hex_str,
+ char * seed, data_t * message_str,
+ int result )
{
- unsigned char message_str[1000];
unsigned char output[1000];
- unsigned char output_str[1000];
mbedtls_rsa_context ctx;
size_t output_len;
rnd_pseudo_info rnd_info;
@@ -75,9 +66,7 @@
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
- memset( message_str, 0x00, 1000 );
memset( output, 0x00, 1000 );
- memset( output_str, 0x00, 1000 );
memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
@@ -90,14 +79,17 @@
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
- unhexify( message_str, message_hex_string );
-
- TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, 1000 ) == result );
- if( result == 0 )
+ if( result_hex_str->len == 0 )
{
- hexify( output_str, output, ctx.len );
-
- TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, NULL, 0 ) == result );
+ }
+ else
+ {
+ TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result );
+ if( result == 0 )
+ {
+ TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 );
+ }
}
exit:
@@ -108,33 +100,27 @@
/* END_CASE */
/* BEGIN_CASE */
-void pkcs1_rsassa_pss_sign( int mod, int radix_P, char *input_P, int radix_Q,
- char *input_Q, int radix_N, char *input_N,
- int radix_E, char *input_E, int digest, int hash,
- char *message_hex_string, char *salt,
- char *result_hex_str, int result )
+void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q,
+ char * input_Q, int radix_N, char * input_N,
+ int radix_E, char * input_E, int digest, int hash,
+ data_t * message_str, data_t * rnd_buf,
+ data_t * result_hex_str, int result )
{
- unsigned char message_str[1000];
unsigned char hash_result[1000];
unsigned char output[1000];
- unsigned char output_str[1000];
- unsigned char rnd_buf[1000];
mbedtls_rsa_context ctx;
- size_t msg_len;
rnd_buf_info info;
mbedtls_mpi N, P, Q, E;
- info.length = unhexify( rnd_buf, salt );
- info.buf = rnd_buf;
+ info.buf = rnd_buf->x;
+ info.length = rnd_buf->len;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
- memset( message_str, 0x00, 1000 );
memset( hash_result, 0x00, 1000 );
memset( output, 0x00, 1000 );
- memset( output_str, 0x00, 1000 );
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
@@ -146,19 +132,16 @@
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
- msg_len = unhexify( message_str, message_hex_string );
if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str,
- msg_len, hash_result ) == 0 );
+ TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE,
digest, 0, hash_result, output ) == result );
if( result == 0 )
{
- hexify( output_str, output, ctx.len);
- TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+ TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
}
exit:
@@ -169,24 +152,19 @@
/* END_CASE */
/* BEGIN_CASE */
-void pkcs1_rsassa_pss_verify( int mod, int radix_N, char *input_N, int radix_E,
- char *input_E, int digest, int hash,
- char *message_hex_string, char *salt,
- char *result_hex_str, int result )
+void pkcs1_rsassa_pss_verify( int mod, int radix_N, char * input_N,
+ int radix_E, char * input_E, int digest,
+ int hash, data_t * message_str, char * salt,
+ data_t * result_str, int result )
{
- unsigned char message_str[1000];
unsigned char hash_result[1000];
- unsigned char result_str[1000];
mbedtls_rsa_context ctx;
- size_t msg_len;
mbedtls_mpi N, E;
((void) salt);
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
- memset( message_str, 0x00, 1000 );
memset( hash_result, 0x00, 1000 );
- memset( result_str, 0x00, 1000 );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -195,15 +173,11 @@
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- msg_len = unhexify( message_str, message_hex_string );
- unhexify( result_str, result_hex_str );
if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str,
- msg_len, hash_result ) == 0 );
+ TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
- digest, 0, hash_result, result_str ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
@@ -212,28 +186,22 @@
/* END_CASE */
/* BEGIN_CASE */
-void pkcs1_rsassa_pss_verify_ext( int mod,
- int radix_N, char *input_N,
- int radix_E, char *input_E,
+void pkcs1_rsassa_pss_verify_ext( int mod, int radix_N, char * input_N,
+ int radix_E, char * input_E,
int msg_digest_id, int ctx_hash,
int mgf_hash, int salt_len,
- char *message_hex_string,
- char *result_hex_str,
- int result_simple,
+ data_t * message_str,
+ data_t * result_str, int result_simple,
int result_full )
{
- unsigned char message_str[1000];
unsigned char hash_result[1000];
- unsigned char result_str[1000];
mbedtls_rsa_context ctx;
- size_t msg_len, hash_len;
+ size_t hash_len;
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, ctx_hash );
- memset( message_str, 0x00, 1000 );
memset( hash_result, 0x00, 1000 );
- memset( result_str, 0x00, 1000 );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -242,29 +210,27 @@
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- msg_len = unhexify( message_str, message_hex_string );
- unhexify( result_str, result_hex_str );
if( msg_digest_id != MBEDTLS_MD_NONE )
{
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( msg_digest_id ),
- message_str, msg_len, hash_result ) == 0 );
+ message_str->x, message_str->len, hash_result ) == 0 );
hash_len = 0;
}
else
{
- memcpy( hash_result, message_str, msg_len );
- hash_len = msg_len;
+ memcpy( hash_result, message_str->x, message_str->len );
+ hash_len = message_str->len;
}
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
msg_digest_id, hash_len, hash_result,
- result_str ) == result_simple );
+ result_str->x ) == result_simple );
TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
msg_digest_id, hash_len, hash_result,
mgf_hash, salt_len,
- result_str ) == result_full );
+ result_str->x ) == result_full );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index 98546cb..26f1d33 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -8,38 +8,23 @@
*/
/* BEGIN_CASE */
-void pbkdf2_hmac( int hash, char *hex_password_string,
- char *hex_salt_string, int it_cnt, int key_len,
- char *result_key_string )
+void pbkdf2_hmac( int hash, data_t * pw_str, data_t * salt_str,
+ int it_cnt, int key_len, data_t * result_key_string )
{
- unsigned char pw_str[100];
- unsigned char salt_str[100];
- unsigned char dst_str[200];
-
mbedtls_md_context_t ctx;
const mbedtls_md_info_t *info;
- int pw_len, salt_len;
unsigned char key[100];
mbedtls_md_init( &ctx );
- memset(pw_str, 0x00, sizeof(pw_str));
- memset(salt_str, 0x00, sizeof(salt_str));
- memset(dst_str, 0x00, sizeof(dst_str));
-
- pw_len = unhexify( pw_str, hex_password_string );
- salt_len = unhexify( salt_str, hex_salt_string );
-
-
info = mbedtls_md_info_from_type( hash );
TEST_ASSERT( info != NULL );
TEST_ASSERT( mbedtls_md_setup( &ctx, info, 1 ) == 0 );
- TEST_ASSERT( mbedtls_pkcs5_pbkdf2_hmac( &ctx, pw_str, pw_len, salt_str, salt_len,
+ TEST_ASSERT( mbedtls_pkcs5_pbkdf2_hmac( &ctx, pw_str->x, pw_str->len, salt_str->x, salt_str->len,
it_cnt, key_len, key ) == 0 );
- hexify( dst_str, key, key_len );
- TEST_ASSERT( strcmp( (char *) dst_str, result_key_string ) == 0 );
+ TEST_ASSERT( hexcmp( key, result_key_string->x, key_len, result_key_string->len ) == 0 );
exit:
mbedtls_md_free( &ctx );
@@ -47,40 +32,33 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
-void mbedtls_pkcs5_pbes2( int params_tag, char *params_hex, char *pw_hex,
- char *data_hex, int ref_ret, char *ref_out_hex )
+void mbedtls_pkcs5_pbes2( int params_tag, data_t *params_hex, data_t *pw,
+ data_t *data, int ref_ret, data_t *ref_out )
{
int my_ret;
mbedtls_asn1_buf params;
- unsigned char *my_out = NULL, *ref_out = NULL, *data = NULL, *pw = NULL;
- size_t ref_out_len, data_len, pw_len;
+ unsigned char *my_out = NULL;
params.tag = params_tag;
- params.p = unhexify_alloc( params_hex, ¶ms.len );
+ params.p = params_hex->x;
+ params.len = params_hex->len;
- data = unhexify_alloc( data_hex, &data_len );
- pw = unhexify_alloc( pw_hex, &pw_len );
- ref_out = unhexify_alloc( ref_out_hex, &ref_out_len );
- my_out = zero_alloc( ref_out_len );
+ my_out = zero_alloc( ref_out->len );
my_ret = mbedtls_pkcs5_pbes2( ¶ms, MBEDTLS_PKCS5_DECRYPT,
- pw, pw_len, data, data_len, my_out );
+ pw->x, pw->len, data->x, data->len, my_out );
TEST_ASSERT( my_ret == ref_ret );
if( ref_ret == 0 )
- TEST_ASSERT( memcmp( my_out, ref_out, ref_out_len ) == 0 );
+ TEST_ASSERT( memcmp( my_out, ref_out->x, ref_out->len ) == 0 );
exit:
- mbedtls_free( params.p );
- mbedtls_free( data );
- mbedtls_free( pw );
- mbedtls_free( ref_out );
mbedtls_free( my_out );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void pkcs5_selftest( )
+void pkcs5_selftest( )
{
TEST_ASSERT( mbedtls_pkcs5_self_test( 1 ) == 0 );
}
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index cbbbd5b7..4add252 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -207,15 +207,15 @@
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #35 (PKCS#8 encrypted SHA1-RC4-128 DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der":"PolarSSLTest":0
Parse RSA Key #36 (PKCS#8 encrypted SHA1-RC4-128 DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der":"PolarSSLTest":0
Parse RSA Key #37 (PKCS#8 encrypted SHA1-RC4-128 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der":"PolarSSLTest":0
Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES)
@@ -1033,11 +1033,11 @@
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0
Parse EC Key #6 (PKCS8 encrypted DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.der":"polar":0
Parse EC Key #7 (PKCS8 encrypted PEM)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.pem":"polar":0
Parse EC Key #8 (SEC1 PEM, secp224r1)
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 94d25e7..3eb0397 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -10,7 +10,7 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */
-void pk_parse_keyfile_rsa( char *key_file, char *password, int result )
+void pk_parse_keyfile_rsa( char * key_file, char * password, int result )
{
mbedtls_pk_context ctx;
int res;
@@ -39,7 +39,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */
-void pk_parse_public_keyfile_rsa( char *key_file, int result )
+void pk_parse_public_keyfile_rsa( char * key_file, int result )
{
mbedtls_pk_context ctx;
int res;
@@ -64,7 +64,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_C */
-void pk_parse_public_keyfile_ec( char *key_file, int result )
+void pk_parse_public_keyfile_ec( char * key_file, int result )
{
mbedtls_pk_context ctx;
int res;
@@ -89,7 +89,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_C */
-void pk_parse_keyfile_ec( char *key_file, char *password, int result )
+void pk_parse_keyfile_ec( char * key_file, char * password, int result )
{
mbedtls_pk_context ctx;
int res;
@@ -113,23 +113,19 @@
}
/* END_CASE */
-/* BEGIN_CASE */
-void pk_parse_key( char *key_data, char *result_str, int result )
+/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
+void pk_parse_key( data_t * buf, char * result_str, int result )
{
mbedtls_pk_context pk;
- unsigned char buf[2000];
unsigned char output[2000];
- int data_len;
((void) result_str);
mbedtls_pk_init( &pk );
- memset( buf, 0, 2000 );
memset( output, 0, 2000 );
- data_len = unhexify( buf, key_data );
- TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf, data_len, NULL, 0 ) == ( result ) );
+ TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf->x, buf->len, NULL, 0 ) == ( result ) );
if( ( result ) == 0 )
{
TEST_ASSERT( 1 );
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index 8b20640..43c275e 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -5,12 +5,12 @@
/* END_HEADER */
/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_PK_WRITE_C:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO
+ * depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
-void pk_write_pubkey_check( char *key_file )
+void pk_write_pubkey_check( char * key_file )
{
mbedtls_pk_context key;
unsigned char buf[5000];
@@ -42,7 +42,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
-void pk_write_key_check( char *key_file )
+void pk_write_key_check( char * key_file )
{
mbedtls_pk_context key;
unsigned char buf[5000];
diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function
index 62d2ad9..066bb39 100644
--- a/tests/suites/test_suite_poly1305.function
+++ b/tests/suites/test_suite_poly1305.function
@@ -88,7 +88,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
void poly1305_bad_params()
{
unsigned char src[1];
@@ -97,38 +97,33 @@
size_t src_len = sizeof( src );
mbedtls_poly1305_context ctx;
- mbedtls_poly1305_init( NULL );
- mbedtls_poly1305_free( NULL );
+ TEST_INVALID_PARAM( mbedtls_poly1305_init( NULL ) );
+ TEST_VALID_PARAM( mbedtls_poly1305_free( NULL ) );
- mbedtls_poly1305_init( &ctx );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_starts( NULL, key ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_starts( &ctx, NULL ) );
- TEST_ASSERT( mbedtls_poly1305_starts( NULL, key )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_poly1305_starts( &ctx, NULL )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_update( NULL, src, 0 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_update( &ctx, NULL, src_len ) );
- TEST_ASSERT( mbedtls_poly1305_update( NULL, src, 0 )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_poly1305_update( &ctx, NULL, src_len )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_poly1305_update( &ctx, NULL, 0 )
- == 0 );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_finish( NULL, mac ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_finish( &ctx, NULL ) );
- TEST_ASSERT( mbedtls_poly1305_finish( NULL, mac )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_poly1305_finish( &ctx, NULL )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_mac( NULL, src, 0, mac ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_mac( key, NULL, src_len, mac ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
+ mbedtls_poly1305_mac( key, src, 0, NULL ) );
- TEST_ASSERT( mbedtls_poly1305_mac( NULL, src, 0, mac )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_poly1305_mac( key, NULL, src_len, mac )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_poly1305_mac( key, src, 0, NULL )
- == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_poly1305_mac( key, NULL, 0, mac )
- == 0 );
-
- mbedtls_poly1305_free( &ctx );
+exit:
+ return;
}
/* END_CASE */
diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data
index 4114906..20789e6 100644
--- a/tests/suites/test_suite_rsa.data
+++ b/tests/suites/test_suite_rsa.data
@@ -1,3 +1,6 @@
+RSA parameter validation
+rsa_invalid_param:
+
RSA PKCS1 Verify v1.5 CAVS #1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15
# Good padding but wrong hash
@@ -237,15 +240,15 @@
RSA PKCS1 Sign #8 (RAW, 2048 bits RSA)
depends_on:MBEDTLS_PKCS1_V15
-rsa_pkcs1_sign_raw:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":"1234567890deadbeef":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8"
+rsa_pkcs1_sign_raw:"1234567890deadbeef":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8"
RSA PKCS1 Sign #8 Verify
depends_on:MBEDTLS_PKCS1_V15
-rsa_pkcs1_verify_raw:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":"1234567890deadbeef":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":0
+rsa_pkcs1_verify_raw:"1234567890deadbeef":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":0
RSA PKCS1 Sign #8 Verify (Wrong raw hash)
depends_on:MBEDTLS_PKCS1_V15
-rsa_pkcs1_verify_raw:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":"1234567890deadcafe":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_VERIFY_FAILED
+rsa_pkcs1_verify_raw:"1234567890deadcafe":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_VERIFY_FAILED
RSA PKCS1 Sign #9 (Invalid Digest type)
depends_on:MBEDTLS_PKCS1_V15
@@ -255,11 +258,13 @@
depends_on:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:255:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
-RSA PKCS1 Sign #8 (Invalid padding type)
-mbedtls_rsa_pkcs1_sign:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":2:MBEDTLS_MD_MD5:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_INVALID_PADDING
+RSA PKCS1 Sign #10 (RIPEMD160, 2048 bits RSA)
+depends_on:MBEDTLS_RIPEMD160_C:MBEDTLS_PKCS1_V15
+mbedtls_rsa_pkcs1_sign:"616263":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_RIPEMD160:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"aa2d9f88334d61bed74317ba549b1463600a9219801240cca5c11b9cdda29373172a28151313fb2cf73bb68af167e4ec645b6f065028802afbcfbc10e6c2c824e3c4d50c7181193b93734832170f0c5d3dd9ba5808f0e2a5c16b3d0df90defefef8e8fde5906962d42a2f0d62d7f81977f367f436f10c8b1183ccf6676953f7219445938f725d0cb62efbabf092de531642863b381e2694f2bf544ff6a4fefa7b37cdbf6292dbedcacf6e57d6f206ce5df0fd2771f9f64818f59a0ab7a5f003b368dc3eb51ab9409a0ec4e43f45281ee9a560664de88965ab207e256303d9dcb8233ed6ad0a5ad7f81e2f8c7a196dc81e2c8b6dde8a77fb6cfd1e5477ece9df8":0
-RSA PKCS1 Sign #8 Verify (Invalid padding type)
-mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":1:MBEDTLS_MD_MD5:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_INVALID_PADDING
+RSA PKCS1 Verify #10 (RIPEMD160, 2048 bits RSA)
+depends_on:MBEDTLS_RIPEMD160_C:MBEDTLS_PKCS1_V15
+mbedtls_rsa_pkcs1_verify:"616263":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_RIPEMD160:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"aa2d9f88334d61bed74317ba549b1463600a9219801240cca5c11b9cdda29373172a28151313fb2cf73bb68af167e4ec645b6f065028802afbcfbc10e6c2c824e3c4d50c7181193b93734832170f0c5d3dd9ba5808f0e2a5c16b3d0df90defefef8e8fde5906962d42a2f0d62d7f81977f367f436f10c8b1183ccf6676953f7219445938f725d0cb62efbabf092de531642863b381e2694f2bf544ff6a4fefa7b37cdbf6292dbedcacf6e57d6f206ce5df0fd2771f9f64818f59a0ab7a5f003b368dc3eb51ab9409a0ec4e43f45281ee9a560664de88965ab207e256303d9dcb8233ed6ad0a5ad7f81e2f8c7a196dc81e2c8b6dde8a77fb6cfd1e5477ece9df8":0
RSA PKCS1 Encrypt #1
depends_on:MBEDTLS_PKCS1_V15
@@ -277,12 +282,6 @@
depends_on:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_decrypt:"deadbeafcafedeadbeeffedcba9876":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":1000:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_PRIVATE_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
-RSA PKCS1 Encrypt #3 (Invalid padding mode)
-mbedtls_rsa_pkcs1_encrypt:"4E636AF98E40F3ADCFCCB698F4E80B9F":2:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_INVALID_PADDING
-
-RSA PKCS1 Decrypt #3 (Invalid padding mode)
-mbedtls_rsa_pkcs1_decrypt:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":1000:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING
-
RSA PKCS1 Decrypt #4 (Output buffer too small)
depends_on:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_decrypt:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":15:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
@@ -339,6 +338,7 @@
mbedtls_rsa_check_pubkey:16:"7edcba9876543210deadbeefcafe4321":16:"3":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
RSA Check Public key #6 (N exactly 8192 bits)
+depends_on:MBEDTLS_MPI_MAX_SIZE>=1024
mbedtls_rsa_check_pubkey:16:"88F48075BF29E95C1C6AE8716678B74E957B69CC2E49708C160C6343AAD2F076D25397ACE74220311ED18AEEB681F463611B3340C3945CAAEAD3ACC616E08A25A55683A32979BD55EA5DAB7630AF393886896F11DDC5F07E15EDF949324CF0F0B2A5C0E85DFA23167193182D1A43079DC8645F6C2C029629F475575802F7D326DE5BD891A9C5F84A433D45154181EC05685A4B368A5B6434775A00ABC6B0A04647D4598CEEE566B552230F691C98CA30B402A76C686A94B373CCD2F60EFA3878A867BB5F585D088E27C507937262D098A477B9218BE7C03B2E4C102D244CA701645F1827CD947E5E796446378B848862E689F0D1773F752056841A1F0EECE7CAB74921A42DBF2EF264ADCF4ABE05A1242E5F629A657A2D67958A2DAC9A2245074A37099B45064723ABE21241058252632C2BA6FE85AB1C75FF310891B84C9C40AB646FE1D90BC716FB3A4B56DA3EA25CA397C04B994F7C6AD1DD0CB9E994CA6B835F7830F4F4E0F976BBEA5AE8556BC7C90B3E50E21C19AD1F6BC4A8FF15F2909D9CC5F3DA533BADFF50F487869D631C3E34D69636B4C25A55127EF5B715F2FC0565734B38DF996D1970E56F7F64EBECB9D00A587AAEC608F2D3AAA51E66BF53E92C3096BF78D1DCBCE1A645FA4F0542E6F68E5A94AAA6E839F75620FABED5D2BCF40AB8EAF95F838BFA962429F281578882DF0F2721C27C8905C9E776B1D3251FC066A8BC64C0CE7FBA2B8E21F65EF6739AB6F19EC2AB07817DFF03DAB7C846AB5CC86C103642D7664A85DC2D846A8004CD6A144C72CCCAC86DB5901A047324927B80E281F5F7315FA2F9083BDE0DB7AA46DC055E36BB73FB6DBD3A14759D06CBBE8D57CBC213C4D55DE4478679E0A5902C8655BE1391C0E88D2B1FBD57E9232A2CEBC67569ECD94E4BF0FCC6C003F9AA51A2A5E6EE084A46DAE65E52400A727F9713D29E92CD6CA37FD599598B3F677624A2A484A8B36B98EFEAD662C0A23BC1D9280EF2A31F887065EB20A93B41F7A264ECFA65B3555F3E400927018186EAA2D4F00C6B7AB1BCED5F893D64478177592C7F2B945307AB474D7EC7FF2E7E55834CC763BEF81DA9BD70FB3D423AE5ADB86B336734C8A3BEC90CEB05438B5BA030D0D30DEC1442D2EB08450480FBAE090FFA1A5ADD748A415BDCDE45094E792420F0AF94BCA0A80A2096D1A478D3428A214A7E68C0F07F58C6FB232ECC3D8B821AE29AE76E13EB751193F6ECA670016D54F3D796937DDBB8900062EF116CCA3F5B3AECA618272875336C9C050FBC0FC7EDD5B88D85DA0061D21E176E1419CF573629BE7B0496E761EAD45FE32B59EB00D47CDD178AC8F8EC8D6F26DED34F7576CD938422E18E936F16A704B483A48EE3BEA59D95F688136119894930EC8E9282E5974740CF031DF8DBB07EB08F2DA0ACCADECE15A6A57502890F4A03740E60BD":16:"010001":0
RSA Check Public key #7 (N larger than 8192 bits)
@@ -378,13 +378,13 @@
rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"17":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
RSA Private (Correct)
-mbedtls_rsa_private:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"48ce62658d82be10737bd5d3579aed15bc82617e6758ba862eeb12d049d7bacaf2f62fce8bf6e980763d1951f7f0eae3a493df9890d249314b39d00d6ef791de0daebf2c50f46e54aeb63a89113defe85de6dbe77642aae9f2eceb420f3a47a56355396e728917f17876bb829fabcaeef8bf7ef6de2ff9e84e6108ea2e52bbb62b7b288efa0a3835175b8b08fac56f7396eceb1c692d419ecb79d80aef5bc08a75d89de9f2b2d411d881c0e3ffad24c311a19029d210d3d3534f1b626f982ea322b4d1cfba476860ef20d4f672f38c371084b5301b429b747ea051a619e4430e0dac33c12f9ee41ca4d81a4f6da3e495aa8524574bdc60d290dd1f7a62e90a67":0
+mbedtls_rsa_private:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f8700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"48ce62658d82be10737bd5d3579aed15bc82617e6758ba862eeb12d049d7bacaf2f62fce8bf6e980763d1951f7f0eae3a493df9890d249314b39d00d6ef791de0daebf2c50f46e54aeb63a89113defe85de6dbe77642aae9f2eceb420f3a47a56355396e728917f17876bb829fabcaeef8bf7ef6de2ff9e84e6108ea2e52bbb62b7b288efa0a3835175b8b08fac56f7396eceb1c692d419ecb79d80aef5bc08a75d89de9f2b2d411d881c0e3ffad24c311a19029d210d3d3534f1b626f982ea322b4d1cfba476860ef20d4f672f38c371084b5301b429b747ea051a619e4430e0dac33c12f9ee41ca4d81a4f6da3e495aa8524574bdc60d290dd1f7a62e90a67":0
RSA Private (Data larger than N)
mbedtls_rsa_private:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_PRIVATE_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
RSA Public (Correct)
-mbedtls_rsa_public:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"1f5e927c13ff231090b0f18c8c3526428ed0f4a7561457ee5afe4d22d5d9220c34ef5b9a34d0c07f7248a1f3d57f95d10f7936b3063e40660b3a7ca3e73608b013f85a6e778ac7c60d576e9d9c0c5a79ad84ceea74e4722eb3553bdb0c2d7783dac050520cb27ca73478b509873cb0dcbd1d51dd8fccb96c29ad314f36d67cc57835d92d94defa0399feb095fd41b9f0b2be10f6041079ed4290040449f8a79aba50b0a1f8cf83c9fb8772b0686ec1b29cb1814bb06f9c024857db54d395a8da9a2c6f9f53b94bec612a0cb306a3eaa9fc80992e85d9d232e37a50cabe48c9343f039601ff7d95d60025e582aec475d031888310e8ec3833b394a5cf0599101e":0
+mbedtls_rsa_public:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f8700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"1f5e927c13ff231090b0f18c8c3526428ed0f4a7561457ee5afe4d22d5d9220c34ef5b9a34d0c07f7248a1f3d57f95d10f7936b3063e40660b3a7ca3e73608b013f85a6e778ac7c60d576e9d9c0c5a79ad84ceea74e4722eb3553bdb0c2d7783dac050520cb27ca73478b509873cb0dcbd1d51dd8fccb96c29ad314f36d67cc57835d92d94defa0399feb095fd41b9f0b2be10f6041079ed4290040449f8a79aba50b0a1f8cf83c9fb8772b0686ec1b29cb1814bb06f9c024857db54d395a8da9a2c6f9f53b94bec612a0cb306a3eaa9fc80992e85d9d232e37a50cabe48c9343f039601ff7d95d60025e582aec475d031888310e8ec3833b394a5cf0599101e":0
RSA Public (Data larger than N)
mbedtls_rsa_public:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_PUBLIC_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
@@ -486,7 +486,7 @@
RSA Import (N,-,-,D,E)
mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0:0
-RSA Import (N,-,-,D,E), succesive
+RSA Import (N,-,-,D,E), successive
mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0:0
RSA Import (N,P,Q,-,E)
@@ -573,7 +573,7 @@
RSA Export (N,-,-,D,E)
mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0
-RSA Export (N,-,-,D,E), succesive
+RSA Export (N,-,-,D,E), successive
mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1
RSA Export (N,P,Q,-,E)
@@ -594,7 +594,7 @@
RSA Export Raw (N,-,-,D,E)
mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0
-RSA Export Raw (N,-,-,D,E), succesive
+RSA Export Raw (N,-,-,D,E), successive
mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1
RSA Export Raw (N,P,Q,-,E)
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index fd632da..89c84e8 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -17,29 +17,473 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int digest,
- int mod, int radix_P, char *input_P, int radix_Q,
- char *input_Q, int radix_N, char *input_N, int radix_E,
- char *input_E, char *result_hex_str, int result )
+/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void rsa_invalid_param( )
{
- unsigned char message_str[1000];
+ mbedtls_rsa_context ctx;
+ const int valid_padding = MBEDTLS_RSA_PKCS_V21;
+ const int invalid_padding = 42;
+ const int valid_mode = MBEDTLS_RSA_PRIVATE;
+ const int invalid_mode = 42;
+ unsigned char buf[42] = { 0 };
+ size_t olen;
+
+ TEST_INVALID_PARAM( mbedtls_rsa_init( NULL, valid_padding, 0 ) );
+ TEST_INVALID_PARAM( mbedtls_rsa_init( &ctx, invalid_padding, 0 ) );
+ TEST_VALID_PARAM( mbedtls_rsa_free( NULL ) );
+
+ /* No more variants because only the first argument must be non-NULL. */
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_import( NULL, NULL, NULL,
+ NULL, NULL, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_import_raw( NULL,
+ NULL, 0,
+ NULL, 0,
+ NULL, 0,
+ NULL, 0,
+ NULL, 0 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_complete( NULL ) );
+
+ /* No more variants because only the first argument must be non-NULL. */
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_export( NULL, NULL, NULL,
+ NULL, NULL, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_export_raw( NULL,
+ NULL, 0,
+ NULL, 0,
+ NULL, 0,
+ NULL, 0,
+ NULL, 0 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_export_crt( NULL, NULL, NULL, NULL ) );
+
+ TEST_INVALID_PARAM( mbedtls_rsa_set_padding( NULL,
+ valid_padding, 0 ) );
+ TEST_INVALID_PARAM( mbedtls_rsa_set_padding( &ctx,
+ invalid_padding, 0 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_gen_key( NULL, rnd_std_rand,
+ NULL, 0, 0 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_gen_key( &ctx, NULL,
+ NULL, 0, 0 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_check_pubkey( NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_check_privkey( NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_check_pub_priv( NULL, &ctx ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_check_pub_priv( &ctx, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_public( NULL, buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_public( &ctx, NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_public( &ctx, buf, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_private( NULL, NULL, NULL,
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_private( &ctx, NULL, NULL,
+ NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_private( &ctx, NULL, NULL,
+ buf, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL,
+ valid_mode,
+ sizeof( buf ), buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
+ invalid_mode,
+ sizeof( buf ), buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
+ valid_mode,
+ sizeof( buf ), NULL,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
+ valid_mode,
+ sizeof( buf ), buf,
+ NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL,
+ NULL,
+ valid_mode,
+ sizeof( buf ), buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
+ NULL,
+ invalid_mode,
+ sizeof( buf ), buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
+ NULL,
+ valid_mode,
+ sizeof( buf ), NULL,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
+ NULL,
+ valid_mode,
+ sizeof( buf ), buf,
+ NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL,
+ valid_mode,
+ buf, sizeof( buf ),
+ sizeof( buf ), buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
+ invalid_mode,
+ buf, sizeof( buf ),
+ sizeof( buf ), buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
+ valid_mode,
+ NULL, sizeof( buf ),
+ sizeof( buf ), buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
+ valid_mode,
+ buf, sizeof( buf ),
+ sizeof( buf ), NULL,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
+ valid_mode,
+ buf, sizeof( buf ),
+ sizeof( buf ), buf,
+ NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_decrypt( NULL, NULL, NULL,
+ valid_mode, &olen,
+ buf, buf, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
+ invalid_mode, &olen,
+ buf, buf, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
+ valid_mode, NULL,
+ buf, buf, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
+ valid_mode, &olen,
+ NULL, buf, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
+ valid_mode, &olen,
+ buf, NULL, 42 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_decrypt( NULL, NULL,
+ NULL,
+ valid_mode, &olen,
+ buf, buf, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
+ NULL,
+ invalid_mode, &olen,
+ buf, buf, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
+ NULL,
+ valid_mode, NULL,
+ buf, buf, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
+ NULL,
+ valid_mode, &olen,
+ NULL, buf, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
+ NULL,
+ valid_mode, &olen,
+ buf, NULL, 42 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_decrypt( NULL, NULL, NULL,
+ valid_mode,
+ buf, sizeof( buf ),
+ &olen,
+ buf, buf, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
+ invalid_mode,
+ buf, sizeof( buf ),
+ &olen,
+ buf, buf, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
+ valid_mode,
+ NULL, sizeof( buf ),
+ NULL,
+ buf, buf, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
+ valid_mode,
+ buf, sizeof( buf ),
+ &olen,
+ NULL, buf, 42 ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
+ valid_mode,
+ buf, sizeof( buf ),
+ &olen,
+ buf, NULL, 42 ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ), buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
+ invalid_mode,
+ 0, sizeof( buf ), buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ), NULL,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ), buf,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
+ valid_mode,
+ MBEDTLS_MD_SHA1,
+ 0, NULL,
+ buf ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ), buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
+ invalid_mode,
+ 0, sizeof( buf ), buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ), NULL,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ), buf,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
+ valid_mode,
+ MBEDTLS_MD_SHA1,
+ 0, NULL,
+ buf ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ), buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
+ invalid_mode,
+ 0, sizeof( buf ), buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ), NULL,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ), buf,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
+ valid_mode,
+ MBEDTLS_MD_SHA1,
+ 0, NULL,
+ buf ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ), buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
+ invalid_mode,
+ 0, sizeof( buf ), buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ), NULL,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ), buf,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
+ valid_mode,
+ MBEDTLS_MD_SHA1, 0, NULL,
+ buf ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL,
+ NULL,
+ valid_mode,
+ 0, sizeof( buf ), buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
+ NULL,
+ invalid_mode,
+ 0, sizeof( buf ), buf,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
+ NULL,
+ valid_mode,
+ 0, sizeof( buf ),
+ NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
+ NULL,
+ valid_mode,
+ 0, sizeof( buf ), buf,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
+ NULL,
+ valid_mode,
+ MBEDTLS_MD_SHA1,
+ 0, NULL,
+ buf ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ),
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
+ invalid_mode,
+ 0, sizeof( buf ),
+ buf, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ),
+ NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ),
+ buf, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
+ valid_mode,
+ MBEDTLS_MD_SHA1,
+ 0, NULL,
+ buf ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ),
+ buf,
+ 0, 0,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
+ invalid_mode,
+ 0, sizeof( buf ),
+ buf,
+ 0, 0,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ),
+ NULL, 0, 0,
+ buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
+ valid_mode,
+ 0, sizeof( buf ),
+ buf, 0, 0,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
+ valid_mode,
+ MBEDTLS_MD_SHA1,
+ 0, NULL,
+ 0, 0,
+ buf ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_copy( NULL, &ctx ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+ mbedtls_rsa_copy( &ctx, NULL ) );
+
+exit:
+ return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode,
+ int digest, int mod, int radix_P, char * input_P,
+ int radix_Q, char * input_Q, int radix_N,
+ char * input_N, int radix_E, char * input_E,
+ data_t * result_hex_str, int result )
+{
unsigned char hash_result[1000];
unsigned char output[1000];
- unsigned char output_str[1000];
mbedtls_rsa_context ctx;
mbedtls_mpi N, P, Q, E;
- int msg_len;
rnd_pseudo_info rnd_info;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
mbedtls_rsa_init( &ctx, padding_mode, 0 );
- memset( message_str, 0x00, 1000 );
memset( hash_result, 0x00, 1000 );
memset( output, 0x00, 1000 );
- memset( output_str, 0x00, 1000 );
memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
@@ -52,20 +496,17 @@
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
- msg_len = unhexify( message_str, message_hex_string );
if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
- message_str, msg_len, hash_result ) == 0 );
+ TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
MBEDTLS_RSA_PRIVATE, digest, 0,
hash_result, output ) == result );
if( result == 0 )
{
- hexify( output_str, output, ctx.len );
- TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+ TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
}
exit:
@@ -76,23 +517,19 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_verify( char *message_hex_string, int padding_mode, int digest,
- int mod, int radix_N, char *input_N, int radix_E,
- char *input_E, char *result_hex_str, int result )
+void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode,
+ int digest, int mod, int radix_N,
+ char * input_N, int radix_E, char * input_E,
+ data_t * result_str, int result )
{
- unsigned char message_str[1000];
unsigned char hash_result[1000];
- unsigned char result_str[1000];
mbedtls_rsa_context ctx;
- int msg_len;
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
mbedtls_rsa_init( &ctx, padding_mode, 0 );
- memset( message_str, 0x00, 1000 );
memset( hash_result, 0x00, 1000 );
- memset( result_str, 0x00, 1000 );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -100,13 +537,11 @@
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- msg_len = unhexify( message_str, message_hex_string );
- unhexify( result_str, result_hex_str );
if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
+ TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
@@ -116,29 +551,22 @@
/* BEGIN_CASE */
-void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
- int padding_mode, int mod, int radix_P, char *input_P,
- int radix_Q, char *input_Q, int radix_N,
- char *input_N, int radix_E, char *input_E,
- char *result_hex_str )
+void rsa_pkcs1_sign_raw( data_t * hash_result,
+ int padding_mode, int mod, int radix_P,
+ char * input_P, int radix_Q, char * input_Q,
+ int radix_N, char * input_N, int radix_E,
+ char * input_E, data_t * result_hex_str )
{
- unsigned char message_str[1000];
- unsigned char hash_result[1000];
unsigned char output[1000];
- unsigned char output_str[1000];
mbedtls_rsa_context ctx;
mbedtls_mpi N, P, Q, E;
- int hash_len;
rnd_pseudo_info rnd_info;
mbedtls_rsa_init( &ctx, padding_mode, 0 );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- memset( message_str, 0x00, 1000 );
- memset( hash_result, 0x00, 1000 );
memset( output, 0x00, 1000 );
- memset( output_str, 0x00, 1000 );
memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
@@ -151,16 +579,14 @@
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
- unhexify( message_str, message_hex_string );
- hash_len = unhexify( hash_result, hash_result_string );
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE,
- hash_len, hash_result, output ) == 0 );
+ hash_result->len, hash_result->x,
+ output ) == 0 );
- hexify( output_str, output, ctx.len );
- TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+ TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
#if defined(MBEDTLS_PKCS1_V15)
/* For PKCS#1 v1.5, there is an alternative way to generate signatures */
@@ -168,11 +594,10 @@
{
int res;
memset( output, 0x00, 1000 );
- memset( output_str, 0x00, 1000 );
res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
&rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE,
- hash_len, hash_result, output );
+ hash_result->len, hash_result->x, output );
#if !defined(MBEDTLS_RSA_ALT)
TEST_ASSERT( res == 0 );
@@ -183,8 +608,7 @@
if( res == 0 )
{
- hexify( output_str, output, ctx.len );
- TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+ TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
}
}
#endif /* MBEDTLS_PKCS1_V15 */
@@ -198,25 +622,18 @@
/* END_CASE */
/* BEGIN_CASE */
-void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string,
+void rsa_pkcs1_verify_raw( data_t * hash_result,
int padding_mode, int mod, int radix_N,
- char *input_N, int radix_E, char *input_E,
- char *result_hex_str, int correct )
+ char * input_N, int radix_E, char * input_E,
+ data_t * result_str, int correct )
{
- unsigned char message_str[1000];
- unsigned char hash_result[1000];
- unsigned char result_str[1000];
unsigned char output[1000];
mbedtls_rsa_context ctx;
- size_t hash_len;
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
mbedtls_rsa_init( &ctx, padding_mode, 0 );
- memset( message_str, 0x00, 1000 );
- memset( hash_result, 0x00, 1000 );
- memset( result_str, 0x00, 1000 );
memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
@@ -226,14 +643,8 @@
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- unhexify( message_str, message_hex_string );
- hash_len = unhexify( hash_result, hash_result_string );
- unhexify( result_str, result_hex_str );
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
- MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE,
- hash_len, hash_result,
- result_str ) == correct );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
#if defined(MBEDTLS_PKCS1_V15)
/* For PKCS#1 v1.5, there is an alternative way to verify signatures */
@@ -245,7 +656,7 @@
res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx,
NULL, NULL, MBEDTLS_RSA_PUBLIC,
- &olen, result_str, output, sizeof( output ) );
+ &olen, result_str->x, output, sizeof( output ) );
#if !defined(MBEDTLS_RSA_ALT)
TEST_ASSERT( res == 0 );
@@ -256,7 +667,7 @@
if( res == 0 )
{
- ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0;
+ ok = olen == hash_result->len && memcmp( output, hash_result->x, olen ) == 0;
if( correct == 0 )
TEST_ASSERT( ok == 1 );
else
@@ -272,15 +683,13 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int mod,
- int radix_N, char *input_N, int radix_E, char *input_E,
- char *result_hex_str, int result )
+void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode,
+ int mod, int radix_N, char * input_N,
+ int radix_E, char * input_E,
+ data_t * result_hex_str, int result )
{
- unsigned char message_str[1000];
unsigned char output[1000];
- unsigned char output_str[1000];
mbedtls_rsa_context ctx;
- size_t msg_len;
rnd_pseudo_info rnd_info;
mbedtls_mpi N, E;
@@ -289,9 +698,7 @@
memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
mbedtls_rsa_init( &ctx, padding_mode, 0 );
- memset( message_str, 0x00, 1000 );
memset( output, 0x00, 1000 );
- memset( output_str, 0x00, 1000 );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -300,16 +707,14 @@
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- msg_len = unhexify( message_str, message_hex_string );
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info,
- MBEDTLS_RSA_PUBLIC, msg_len,
- message_str, output ) == result );
+ MBEDTLS_RSA_PUBLIC, message_str->len,
+ message_str->x, output ) == result );
if( result == 0 )
{
- hexify( output_str, output, ctx.len );
- TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+ TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
}
exit:
@@ -319,24 +724,19 @@
/* END_CASE */
/* BEGIN_CASE */
-void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode,
- int mod, int radix_N, char *input_N,
- int radix_E, char *input_E,
- char *result_hex_str, int result )
+void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode,
+ int mod, int radix_N, char * input_N,
+ int radix_E, char * input_E,
+ data_t * result_hex_str, int result )
{
- unsigned char message_str[1000];
unsigned char output[1000];
- unsigned char output_str[1000];
mbedtls_rsa_context ctx;
- size_t msg_len;
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
mbedtls_rsa_init( &ctx, padding_mode, 0 );
- memset( message_str, 0x00, 1000 );
memset( output, 0x00, 1000 );
- memset( output_str, 0x00, 1000 );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -345,16 +745,14 @@
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- msg_len = unhexify( message_str, message_hex_string );
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL,
- MBEDTLS_RSA_PUBLIC, msg_len,
- message_str, output ) == result );
+ MBEDTLS_RSA_PUBLIC, message_str->len,
+ message_str->x, output ) == result );
if( result == 0 )
{
- hexify( output_str, output, ctx.len );
- TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+ TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
}
exit:
@@ -364,14 +762,14 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int mod,
- int radix_P, char *input_P, int radix_Q, char *input_Q,
- int radix_N, char *input_N, int radix_E, char *input_E,
- int max_output, char *result_hex_str, int result )
+void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode,
+ int mod, int radix_P, char * input_P,
+ int radix_Q, char * input_Q, int radix_N,
+ char * input_N, int radix_E, char * input_E,
+ int max_output, data_t * result_hex_str,
+ int result )
{
- unsigned char message_str[1000];
unsigned char output[1000];
- unsigned char output_str[1000];
mbedtls_rsa_context ctx;
size_t output_len;
rnd_pseudo_info rnd_info;
@@ -382,9 +780,7 @@
mbedtls_rsa_init( &ctx, padding_mode, 0 );
- memset( message_str, 0x00, 1000 );
memset( output, 0x00, 1000 );
- memset( output_str, 0x00, 1000 );
memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
@@ -398,15 +794,13 @@
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
- unhexify( message_str, message_hex_string );
output_len = 0;
- TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, max_output ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, max_output ) == result );
if( result == 0 )
{
- hexify( output_str, output, ctx.len );
- TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 );
+ TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 );
}
exit:
@@ -417,12 +811,11 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_rsa_public( char *message_hex_string, int mod, int radix_N, char *input_N,
- int radix_E, char *input_E, char *result_hex_str, int result )
+void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N,
+ char * input_N, int radix_E, char * input_E,
+ data_t * result_hex_str, int result )
{
- unsigned char message_str[1000];
unsigned char output[1000];
- unsigned char output_str[1000];
mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
mbedtls_mpi N, E;
@@ -430,9 +823,7 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
- memset( message_str, 0x00, 1000 );
memset( output, 0x00, 1000 );
- memset( output_str, 0x00, 1000 );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -441,14 +832,12 @@
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- unhexify( message_str, message_hex_string );
- TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str, output ) == result );
+ TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str->x, output ) == result );
if( result == 0 )
{
- hexify( output_str, output, ctx.len );
- TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+ TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
}
/* And now with the copy */
@@ -459,13 +848,11 @@
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
memset( output, 0x00, 1000 );
- memset( output_str, 0x00, 1000 );
- TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str, output ) == result );
+ TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str->x, output ) == result );
if( result == 0 )
{
- hexify( output_str, output, ctx2.len );
- TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+ TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
}
exit:
@@ -476,13 +863,13 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char *input_P,
- int radix_Q, char *input_Q, int radix_N, char *input_N,
- int radix_E, char *input_E, char *result_hex_str, int result )
+void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P,
+ char * input_P, int radix_Q, char * input_Q,
+ int radix_N, char * input_N, int radix_E,
+ char * input_E, data_t * result_hex_str,
+ int result )
{
- unsigned char message_str[1000];
unsigned char output[1000];
- unsigned char output_str[1000];
mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
mbedtls_mpi N, P, Q, E;
rnd_pseudo_info rnd_info;
@@ -493,7 +880,6 @@
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
- memset( message_str, 0x00, 1000 );
memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
@@ -506,21 +892,17 @@
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
- unhexify( message_str, message_hex_string );
/* repeat three times to test updating of blinding values */
for( i = 0; i < 3; i++ )
{
memset( output, 0x00, 1000 );
- memset( output_str, 0x00, 1000 );
TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info,
- message_str, output ) == result );
+ message_str->x, output ) == result );
if( result == 0 )
{
- hexify( output_str, output, ctx.len );
- TEST_ASSERT( strcasecmp( (char *) output_str,
- result_hex_str ) == 0 );
+ TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
}
}
@@ -532,15 +914,12 @@
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
memset( output, 0x00, 1000 );
- memset( output_str, 0x00, 1000 );
TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info,
- message_str, output ) == result );
+ message_str->x, output ) == result );
if( result == 0 )
{
- hexify( output_str, output, ctx2.len );
- TEST_ASSERT( strcasecmp( (char *) output_str,
- result_hex_str ) == 0 );
+ TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx2.len, result_hex_str->len ) == 0 );
}
exit:
@@ -552,7 +931,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void rsa_check_privkey_null()
+void rsa_check_privkey_null( )
{
mbedtls_rsa_context ctx;
memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) );
@@ -562,8 +941,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_rsa_check_pubkey( int radix_N, char *input_N, int radix_E, char *input_E,
- int result )
+void mbedtls_rsa_check_pubkey( int radix_N, char * input_N, int radix_E,
+ char * input_E, int result )
{
mbedtls_rsa_context ctx;
mbedtls_mpi N, E;
@@ -590,12 +969,13 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_rsa_check_privkey( int mod, int radix_P, char *input_P, int radix_Q,
- char *input_Q, int radix_N, char *input_N,
- int radix_E, char *input_E, int radix_D, char *input_D,
- int radix_DP, char *input_DP, int radix_DQ,
- char *input_DQ, int radix_QP, char *input_QP,
- int result )
+void mbedtls_rsa_check_privkey( int mod, int radix_P, char * input_P,
+ int radix_Q, char * input_Q, int radix_N,
+ char * input_N, int radix_E, char * input_E,
+ int radix_D, char * input_D, int radix_DP,
+ char * input_DP, int radix_DQ,
+ char * input_DQ, int radix_QP,
+ char * input_QP, int result )
{
mbedtls_rsa_context ctx;
@@ -649,13 +1029,13 @@
/* END_CASE */
/* BEGIN_CASE */
-void rsa_check_pubpriv( int mod, int radix_Npub, char *input_Npub,
- int radix_Epub, char *input_Epub,
- int radix_P, char *input_P, int radix_Q,
- char *input_Q, int radix_N, char *input_N,
- int radix_E, char *input_E, int radix_D, char *input_D,
- int radix_DP, char *input_DP, int radix_DQ,
- char *input_DQ, int radix_QP, char *input_QP,
+void rsa_check_pubpriv( int mod, int radix_Npub, char * input_Npub,
+ int radix_Epub, char * input_Epub, int radix_P,
+ char * input_P, int radix_Q, char * input_Q,
+ int radix_N, char * input_N, int radix_E,
+ char * input_E, int radix_D, char * input_D,
+ int radix_DP, char * input_DP, int radix_DQ,
+ char * input_DQ, int radix_QP, char * input_QP,
int result )
{
mbedtls_rsa_context pub, prv;
@@ -1191,64 +1571,29 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
-void mbedtls_rsa_export_raw( char *input_N, char *input_P,
- char *input_Q, char *input_D,
- char *input_E, int is_priv,
+void mbedtls_rsa_export_raw( data_t *input_N, data_t *input_P,
+ data_t *input_Q, data_t *input_D,
+ data_t *input_E, int is_priv,
int successive )
{
- /* Original raw buffers with which we set up the RSA context */
- unsigned char bufN[1000];
- unsigned char bufP[1000];
- unsigned char bufQ[1000];
- unsigned char bufD[1000];
- unsigned char bufE[1000];
-
- size_t lenN = 0;
- size_t lenP = 0;
- size_t lenQ = 0;
- size_t lenD = 0;
- size_t lenE = 0;
-
/* Exported buffers */
- unsigned char bufNe[ sizeof( bufN ) ];
- unsigned char bufPe[ sizeof( bufP ) ];
- unsigned char bufQe[ sizeof( bufQ ) ];
- unsigned char bufDe[ sizeof( bufD ) ];
- unsigned char bufEe[ sizeof( bufE ) ];
-
- const int have_N = ( strlen( input_N ) > 0 );
- const int have_P = ( strlen( input_P ) > 0 );
- const int have_Q = ( strlen( input_Q ) > 0 );
- const int have_D = ( strlen( input_D ) > 0 );
- const int have_E = ( strlen( input_E ) > 0 );
+ unsigned char bufNe[1000];
+ unsigned char bufPe[1000];
+ unsigned char bufQe[1000];
+ unsigned char bufDe[1000];
+ unsigned char bufEe[1000];
mbedtls_rsa_context ctx;
mbedtls_rsa_init( &ctx, 0, 0 );
/* Setup RSA context */
-
- if( have_N )
- lenN = unhexify( bufN, input_N );
-
- if( have_P )
- lenP = unhexify( bufP, input_P );
-
- if( have_Q )
- lenQ = unhexify( bufQ, input_Q );
-
- if( have_D )
- lenD = unhexify( bufD, input_D );
-
- if( have_E )
- lenE = unhexify( bufE, input_E );
-
TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
- have_N ? bufN : NULL, lenN,
- have_P ? bufP : NULL, lenP,
- have_Q ? bufQ : NULL, lenQ,
- have_D ? bufD : NULL, lenD,
- have_E ? bufE : NULL, lenE ) == 0 );
+ input_N->len ? input_N->x : NULL, input_N->len,
+ input_P->len ? input_P->x : NULL, input_P->len,
+ input_Q->len ? input_Q->x : NULL, input_Q->len,
+ input_D->len ? input_D->x : NULL, input_D->len,
+ input_E->len ? input_E->x : NULL, input_E->len ) == 0 );
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
@@ -1259,21 +1604,21 @@
/* N and E must always be present. */
if( !successive )
{
- TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN,
+ TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
NULL, 0, NULL, 0, NULL, 0,
- bufEe, lenE ) == 0 );
+ bufEe, input_E->len ) == 0 );
}
else
{
- TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN,
+ TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
NULL, 0, NULL, 0, NULL, 0,
NULL, 0 ) == 0 );
TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
NULL, 0, NULL, 0, NULL, 0,
- bufEe, lenE ) == 0 );
+ bufEe, input_E->len ) == 0 );
}
- TEST_ASSERT( memcmp( bufN, bufNe, lenN ) == 0 );
- TEST_ASSERT( memcmp( bufE, bufEe, lenE ) == 0 );
+ TEST_ASSERT( memcmp( input_N->x, bufNe, input_N->len ) == 0 );
+ TEST_ASSERT( memcmp( input_E->x, bufEe, input_E->len ) == 0 );
/* If we were providing enough information to setup a complete private context,
* we expect to be able to export all core parameters. */
@@ -1283,35 +1628,35 @@
if( !successive )
{
TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
- bufPe, lenP ? lenP : sizeof( bufPe ),
- bufQe, lenQ ? lenQ : sizeof( bufQe ),
- bufDe, lenD ? lenD : sizeof( bufDe ),
+ bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
+ bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
+ bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
NULL, 0 ) == 0 );
}
else
{
TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
- bufPe, lenP ? lenP : sizeof( bufPe ),
+ bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
NULL, 0, NULL, 0,
NULL, 0 ) == 0 );
TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
- bufQe, lenQ ? lenQ : sizeof( bufQe ),
+ bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
NULL, 0, NULL, 0 ) == 0 );
- TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
- NULL, 0, bufDe, lenD ? lenD : sizeof( bufDe ),
+ TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, NULL, 0,
+ bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
NULL, 0 ) == 0 );
}
- if( have_P )
- TEST_ASSERT( memcmp( bufP, bufPe, lenP ) == 0 );
+ if( input_P->len )
+ TEST_ASSERT( memcmp( input_P->x, bufPe, input_P->len ) == 0 );
- if( have_Q )
- TEST_ASSERT( memcmp( bufQ, bufQe, lenQ ) == 0 );
+ if( input_Q->len )
+ TEST_ASSERT( memcmp( input_Q->x, bufQe, input_Q->len ) == 0 );
- if( have_D )
- TEST_ASSERT( memcmp( bufD, bufDe, lenD ) == 0 );
+ if( input_D->len )
+ TEST_ASSERT( memcmp( input_D->x, bufDe, input_D->len ) == 0 );
}
@@ -1321,31 +1666,19 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
-void mbedtls_rsa_import_raw( char *input_N,
- char *input_P, char *input_Q,
- char *input_D, char *input_E,
+void mbedtls_rsa_import_raw( data_t *input_N,
+ data_t *input_P, data_t *input_Q,
+ data_t *input_D, data_t *input_E,
int successive,
int is_priv,
int res_check,
int res_complete )
{
- unsigned char bufN[1000];
- unsigned char bufP[1000];
- unsigned char bufQ[1000];
- unsigned char bufD[1000];
- unsigned char bufE[1000];
-
/* Buffers used for encryption-decryption test */
unsigned char *buf_orig = NULL;
unsigned char *buf_enc = NULL;
unsigned char *buf_dec = NULL;
- size_t lenN = 0;
- size_t lenP = 0;
- size_t lenQ = 0;
- size_t lenD = 0;
- size_t lenE = 0;
-
mbedtls_rsa_context ctx;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
@@ -1360,29 +1693,14 @@
&entropy, (const unsigned char *) pers,
strlen( pers ) ) == 0 );
- if( strlen( input_N ) )
- lenN = unhexify( bufN, input_N );
-
- if( strlen( input_P ) )
- lenP = unhexify( bufP, input_P );
-
- if( strlen( input_Q ) )
- lenQ = unhexify( bufQ, input_Q );
-
- if( strlen( input_D ) )
- lenD = unhexify( bufD, input_D );
-
- if( strlen( input_E ) )
- lenE = unhexify( bufE, input_E );
-
if( !successive )
{
TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
- ( lenN > 0 ) ? bufN : NULL, lenN,
- ( lenP > 0 ) ? bufP : NULL, lenP,
- ( lenQ > 0 ) ? bufQ : NULL, lenQ,
- ( lenD > 0 ) ? bufD : NULL, lenD,
- ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 );
+ ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
+ ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
+ ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
+ ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
+ ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
}
else
{
@@ -1390,27 +1708,27 @@
* This should make no functional difference. */
TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
- ( lenN > 0 ) ? bufN : NULL, lenN,
+ ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 );
TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
NULL, 0,
- ( lenP > 0 ) ? bufP : NULL, lenP,
+ ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
NULL, 0, NULL, 0, NULL, 0 ) == 0 );
TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
NULL, 0, NULL, 0,
- ( lenQ > 0 ) ? bufQ : NULL, lenQ,
+ ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
NULL, 0, NULL, 0 ) == 0 );
TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
NULL, 0, NULL, 0, NULL, 0,
- ( lenD > 0 ) ? bufD : NULL, lenD,
+ ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
NULL, 0 ) == 0 );
TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
NULL, 0, NULL, 0, NULL, 0, NULL, 0,
- ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 );
+ ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
}
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
@@ -1467,7 +1785,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void rsa_selftest()
+void rsa_selftest( )
{
TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 );
}
diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data
index ee8074d..2f65c23 100644
--- a/tests/suites/test_suite_shax.data
+++ b/tests/suites/test_suite_shax.data
@@ -1,3 +1,9 @@
+SHA-1 - Valid parameters
+sha1_valid_param:
+
+SHA-1 - Invalid parameters
+sha1_invalid_param:
+
# Test the operation of SHA-1 and SHA-2
SHA-1 Test Vector NIST CAVS #1
depends_on:MBEDTLS_SHA1_C
@@ -39,6 +45,12 @@
depends_on:MBEDTLS_SHA1_C
mbedtls_sha1:"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af"
+SHA-256 Valid parameters
+sha256_valid_param:
+
+SHA-256 Invalid parameters
+sha256_invalid_param:
+
SHA-224 Test Vector NIST CAVS #1
depends_on:MBEDTLS_SHA256_C
sha224:"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f"
@@ -95,6 +107,12 @@
depends_on:MBEDTLS_SHA256_C
mbedtls_sha256:"8390cf0be07661cc7669aac54ce09a37733a629d45f5d983ef201f9b2d13800e555d9b1097fec3b783d7a50dcb5e2b644b96a1e9463f177cf34906bf388f366db5c2deee04a30e283f764a97c3b377a034fefc22c259214faa99babaff160ab0aaa7e2ccb0ce09c6b32fe08cbc474694375aba703fadbfa31cf685b30a11c57f3cf4edd321e57d3ae6ebb1133c8260e75b9224fa47a2bb205249add2e2e62f817491482ae152322be0900355cdcc8d42a98f82e961a0dc6f537b7b410eff105f59673bfb787bf042aa071f7af68d944d27371c64160fe9382772372516c230c1f45c0d6b6cca7f274b394da9402d3eafdf733994ec58ab22d71829a98399574d4b5908a447a5a681cb0dd50a31145311d92c22a16de1ead66a5499f2dceb4cae694772ce90762ef8336afec653aa9b1a1c4820b221136dfce80dce2ba920d88a530c9410d0a4e0358a3a11052e58dd73b0b179ef8f56fe3b5a2d117a73a0c38a1392b6938e9782e0d86456ee4884e3c39d4d75813f13633bc79baa07c0d2d555afbf207f52b7dca126d015aa2b9873b3eb065e90b9b065a5373fe1fb1b20d594327d19fba56cb81e7b6696605ffa56eba3c27a438697cc21b201fd7e09f18deea1b3ea2f0d1edc02df0e20396a145412cd6b13c32d2e605641c948b714aec30c0649dc44143511f35ab0fd5dd64c34d06fe86f3836dfe9edeb7f08cfc3bd40956826356242191f99f53473f32b0cc0cf9321d6c92a112e8db90b86ee9e87cc32d0343db01e32ce9eb782cb24efbbbeb440fe929e8f2bf8dfb1550a3a2e742e8b455a3e5730e9e6a7a9824d17acc0f72a7f67eae0f0970f8bde46dcdefaed3047cf807e7f00a42e5fd11d40f5e98533d7574425b7d2bc3b3845c443008b58980e768e464e17cc6f6b3939eee52f713963d07d8c4abf02448ef0b889c9671e2f8a436ddeeffcca7176e9bf9d1005ecd377f2fa67c23ed1f137e60bf46018a8bd613d038e883704fc26e798969df35ec7bbc6a4fe46d8910bd82fa3cded265d0a3b6d399e4251e4d8233daa21b5812fded6536198ff13aa5a1cd46a5b9a17a4ddc1d9f85544d1d1cc16f3df858038c8e071a11a7e157a85a6a8dc47e88d75e7009a8b26fdb73f33a2a70f1e0c259f8f9533b9b8f9af9288b7274f21baeec78d396f8bacdcc22471207d9b4efccd3fedc5c5a2214ff5e51c553f35e21ae696fe51e8df733a8e06f50f419e599e9f9e4b37ce643fc810faaa47989771509d69a110ac916261427026369a21263ac4460fb4f708f8ae28599856db7cb6a43ac8e03d64a9609807e76c5f312b9d1863bfa304e8953647648b4f4ab0ed995e":"4109cdbec3240ad74cc6c37f39300f70fede16e21efc77f7865998714aad0b5e"
+SHA-512 Invalid parameters
+sha512_invalid_param:
+
+SHA-512 Valid parameters
+sha512_valid_param:
+
SHA-384 Test Vector NIST CAVS #1
depends_on:MBEDTLS_SHA512_C
sha384:"":"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b"
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index d704b38..e621f49 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -5,126 +5,250 @@
/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */
-void mbedtls_sha1( char *hex_src_string, char *hex_hash_string )
+void sha1_valid_param( )
{
- unsigned char src_str[10000];
- unsigned char hash_str[10000];
- unsigned char output[41];
- int src_len;
+ TEST_VALID_PARAM( mbedtls_sha1_free( NULL ) );
+}
+/* END_CASE */
- memset(src_str, 0x00, 10000);
- memset(hash_str, 0x00, 10000);
+/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void sha1_invalid_param( )
+{
+ mbedtls_sha1_context ctx;
+ unsigned char buf[64] = { 0 };
+ size_t const buflen = sizeof( buf );
+
+ TEST_INVALID_PARAM( mbedtls_sha1_init( NULL ) );
+
+ TEST_INVALID_PARAM( mbedtls_sha1_clone( NULL, &ctx ) );
+ TEST_INVALID_PARAM( mbedtls_sha1_clone( &ctx, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_sha1_starts_ret( NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_sha1_update_ret( NULL, buf, buflen ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_sha1_update_ret( &ctx, NULL, buflen ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_sha1_finish_ret( NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_sha1_finish_ret( &ctx, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_internal_sha1_process( NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_internal_sha1_process( &ctx, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_sha1_ret( NULL, buflen, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
+ mbedtls_sha1_ret( buf, buflen, NULL ) );
+
+exit:
+ return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */
+void mbedtls_sha1( data_t * src_str, data_t * hex_hash_string )
+{
+ unsigned char output[41];
+
memset(output, 0x00, 41);
- src_len = unhexify( src_str, hex_src_string );
- TEST_ASSERT( mbedtls_sha1_ret( src_str, src_len, output ) == 0 );
- hexify( hash_str, output, 20 );
+ TEST_ASSERT( mbedtls_sha1_ret( src_str->x, src_str->len, output ) == 0 );
- TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x, 20, hex_hash_string->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void sha224(char *hex_src_string, char *hex_hash_string )
+void sha256_valid_param( )
{
- unsigned char src_str[10000];
- unsigned char hash_str[10000];
- unsigned char output[57];
- int src_len;
+ TEST_VALID_PARAM( mbedtls_sha256_free( NULL ) );
+}
+/* END_CASE */
- memset(src_str, 0x00, 10000);
- memset(hash_str, 0x00, 10000);
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void sha256_invalid_param( )
+{
+ mbedtls_sha256_context ctx;
+ unsigned char buf[64] = { 0 };
+ size_t const buflen = sizeof( buf );
+ int valid_type = 0;
+ int invalid_type = 42;
+
+ TEST_INVALID_PARAM( mbedtls_sha256_init( NULL ) );
+
+ TEST_INVALID_PARAM( mbedtls_sha256_clone( NULL, &ctx ) );
+ TEST_INVALID_PARAM( mbedtls_sha256_clone( &ctx, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_starts_ret( NULL, valid_type ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_starts_ret( &ctx, invalid_type ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_update_ret( NULL, buf, buflen ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_update_ret( &ctx, NULL, buflen ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_finish_ret( NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_finish_ret( &ctx, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_internal_sha256_process( NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_internal_sha256_process( &ctx, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_ret( NULL, buflen,
+ buf, valid_type ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_ret( buf, buflen,
+ NULL, valid_type ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_ret( buf, buflen,
+ buf, invalid_type ) );
+
+exit:
+ return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
+void sha224( data_t * src_str, data_t * hex_hash_string )
+{
+ unsigned char output[57];
+
memset(output, 0x00, 57);
- src_len = unhexify( src_str, hex_src_string );
- TEST_ASSERT( mbedtls_sha256_ret( src_str, src_len, output, 1 ) == 0 );
- hexify( hash_str, output, 28 );
+ TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 1 ) == 0 );
- TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x, 28, hex_hash_string->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void mbedtls_sha256(char *hex_src_string, char *hex_hash_string )
+void mbedtls_sha256( data_t * src_str, data_t * hex_hash_string )
{
- unsigned char src_str[10000];
- unsigned char hash_str[10000];
unsigned char output[65];
- int src_len;
- memset(src_str, 0x00, 10000);
- memset(hash_str, 0x00, 10000);
memset(output, 0x00, 65);
- src_len = unhexify( src_str, hex_src_string );
- TEST_ASSERT( mbedtls_sha256_ret( src_str, src_len, output, 0 ) == 0 );
- hexify( hash_str, output, 32 );
+ TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 0 ) == 0 );
- TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x, 32, hex_hash_string->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
-void sha384(char *hex_src_string, char *hex_hash_string )
+void sha512_valid_param( )
{
- unsigned char src_str[10000];
- unsigned char hash_str[10000];
- unsigned char output[97];
- int src_len;
+ TEST_VALID_PARAM( mbedtls_sha512_free( NULL ) );
+}
+/* END_CASE */
- memset(src_str, 0x00, 10000);
- memset(hash_str, 0x00, 10000);
+/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+void sha512_invalid_param( )
+{
+ mbedtls_sha512_context ctx;
+ unsigned char buf[64] = { 0 };
+ size_t const buflen = sizeof( buf );
+ int valid_type = 0;
+ int invalid_type = 42;
+
+ TEST_INVALID_PARAM( mbedtls_sha512_init( NULL ) );
+
+ TEST_INVALID_PARAM( mbedtls_sha512_clone( NULL, &ctx ) );
+ TEST_INVALID_PARAM( mbedtls_sha512_clone( &ctx, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_starts_ret( NULL, valid_type ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_starts_ret( &ctx, invalid_type ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_update_ret( NULL, buf, buflen ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_update_ret( &ctx, NULL, buflen ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_finish_ret( NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_finish_ret( &ctx, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_internal_sha512_process( NULL, buf ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_internal_sha512_process( &ctx, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_ret( NULL, buflen,
+ buf, valid_type ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_ret( buf, buflen,
+ NULL, valid_type ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_ret( buf, buflen,
+ buf, invalid_type ) );
+
+exit:
+ return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
+void sha384( data_t * src_str, data_t * hex_hash_string )
+{
+ unsigned char output[97];
+
memset(output, 0x00, 97);
- src_len = unhexify( src_str, hex_src_string );
- TEST_ASSERT( mbedtls_sha512_ret( src_str, src_len, output, 1 ) == 0 );
- hexify( hash_str, output, 48 );
+ TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 1 ) == 0 );
- TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x, 48, hex_hash_string->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
-void mbedtls_sha512(char *hex_src_string, char *hex_hash_string )
+void mbedtls_sha512( data_t * src_str, data_t * hex_hash_string )
{
- unsigned char src_str[10000];
- unsigned char hash_str[10000];
unsigned char output[129];
- int src_len;
- memset(src_str, 0x00, 10000);
- memset(hash_str, 0x00, 10000);
memset(output, 0x00, 129);
- src_len = unhexify( src_str, hex_src_string );
- TEST_ASSERT( mbedtls_sha512_ret( src_str, src_len, output, 0 ) == 0 );
- hexify( hash_str, output, 64 );
+ TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 0 ) == 0 );
- TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_hash_string->x, 64, hex_hash_string->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C:MBEDTLS_SELF_TEST */
-void sha1_selftest()
+void sha1_selftest( )
{
TEST_ASSERT( mbedtls_sha1_self_test( 1 ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_SELF_TEST */
-void sha256_selftest()
+void sha256_selftest( )
{
TEST_ASSERT( mbedtls_sha256_self_test( 1 ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:MBEDTLS_SELF_TEST */
-void sha512_selftest()
+void sha512_selftest( )
{
TEST_ASSERT( mbedtls_sha512_self_test( 1 ) == 0 );
}
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index b92c1fe..72092cd 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -8,52 +8,8747 @@
ssl_dtls_replay:"000000000000":"000000000000":-1
SSL DTLS replay: 0-1 seen, 2 arriving
-ssl_dtls_replay:"000000000000,000000000001":"000000000002":0
+ssl_dtls_replay:"000000000000000000000001":"000000000002":0
SSL DTLS replay: 0-1 seen, 1 replayed
-ssl_dtls_replay:"000000000000,000000000001":"000000000001":-1
+ssl_dtls_replay:"000000000000000000000001":"000000000001":-1
SSL DTLS replay: 0-1 seen, 0 replayed
-ssl_dtls_replay:"000000000000,000000000001":"000000000000":-1
+ssl_dtls_replay:"000000000000000000000001":"000000000000":-1
SSL DTLS replay: new
-ssl_dtls_replay:"abcd12340000,abcd12340001,abcd12340003":"abcd12340004":0
+ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340004":0
SSL DTLS replay: way new
-ssl_dtls_replay:"abcd12340000,abcd12340001,abcd12340003":"abcd12350000":0
+ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12350000":0
SSL DTLS replay: delayed
-ssl_dtls_replay:"abcd12340000,abcd12340001,abcd12340003":"abcd12340002":0
+ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340002":0
SSL DTLS replay: lastest replayed
-ssl_dtls_replay:"abcd12340000,abcd12340001,abcd12340003":"abcd12340003":-1
+ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340003":-1
SSL DTLS replay: older replayed
-ssl_dtls_replay:"abcd12340000,abcd12340001,abcd12340003":"abcd12340001":-1
+ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340001":-1
SSL DTLS replay: most recent in window, replayed
-ssl_dtls_replay:"abcd12340000,abcd12340002,abcd12340003":"abcd12340002":-1
+ssl_dtls_replay:"abcd12340000abcd12340002abcd12340003":"abcd12340002":-1
SSL DTLS replay: oldest in window, replayed
-ssl_dtls_replay:"abcd12340000,abcd12340001,abcd1234003f":"abcd12340000":-1
+ssl_dtls_replay:"abcd12340000abcd12340001abcd1234003f":"abcd12340000":-1
SSL DTLS replay: oldest in window, not replayed
-ssl_dtls_replay:"abcd12340001,abcd12340002,abcd1234003f":"abcd12340000":0
+ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd12340000":0
SSL DTLS replay: just out of the window
-ssl_dtls_replay:"abcd12340001,abcd12340002,abcd1234003f":"abcd1233ffff":-1
+ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd1233ffff":-1
SSL DTLS replay: way out of the window
-ssl_dtls_replay:"abcd12340001,abcd12340002,abcd1234003f":"abcd12330000":-1
+ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd12330000":-1
SSL DTLS replay: big jump then replay
-ssl_dtls_replay:"abcd12340000,abcd12340100":"abcd12340100":-1
+ssl_dtls_replay:"abcd12340000abcd12340100":"abcd12340100":-1
SSL DTLS replay: big jump then new
-ssl_dtls_replay:"abcd12340000,abcd12340100":"abcd12340101":0
+ssl_dtls_replay:"abcd12340000abcd12340100":"abcd12340101":0
SSL DTLS replay: big jump then just delayed
-ssl_dtls_replay:"abcd12340000,abcd12340100":"abcd123400ff":0
+ssl_dtls_replay:"abcd12340000abcd12340100":"abcd123400ff":0
SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice
ssl_set_hostname_twice:"server0":"server1"
+
+Record crypt, AES-128-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-128-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-128-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-128-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-128-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-128-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-128-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-128-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-192-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-192-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-192-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-192-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-192-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-192-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-192-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-256-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-256-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-256-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-256-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-256-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-256-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-256-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-128-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-128-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-128-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-128-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-128-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-128-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-128-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-192-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-192-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-192-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-192-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-192-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-192-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-192-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-256-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-256-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-256-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-256-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-256-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-256-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-256-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-128-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-128-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-128-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-128-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-128-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-128-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-128-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-192-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-192-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-192-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-192-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-192-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-192-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-192-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-256-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-256-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-256-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-256-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-256-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-256-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-256-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, BLOWFISH-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, BLOWFISH-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, BLOWFISH-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, BLOWFISH-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, BLOWFISH-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, BLOWFISH-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, BLOWFISH-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-128-GCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-GCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-GCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-GCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-GCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-GCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-GCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-GCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-GCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-GCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-GCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-GCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-384
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-256
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-1
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, MD5
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, MD5, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, MD5, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.1, SHA-384
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-256
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-1
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, MD5
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, MD5, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, MD5, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-384
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-256
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-1
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, MD5
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, MD5, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, MD5, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, SSL3, SHA-1
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARC4-128, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARC4-128, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARC4-128, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARC4-128, SSL3, MD5
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARC4-128, SSL3, MD5, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARC4-128, SSL3, MD5, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARC4-128, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, NULL cipher, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, NULL cipher, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, NULL cipher, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, NULL cipher, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, NULL cipher, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, NULL cipher, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, NULL cipher, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ChachaPoly
+depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
+ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ChachaPoly
+depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
+ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ChachaPoly, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
+ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ChachaPoly, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
+ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-128-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-128-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-128-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-128-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-128-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-128-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-128-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-192-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-192-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-192-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-192-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-192-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-192-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-192-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-256-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-256-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-256-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-256-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-256-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-256-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-256-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-128-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-128-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-128-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-128-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-128-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-128-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-128-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-192-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-192-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-192-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-192-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-192-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-192-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-192-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-256-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-256-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-256-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-256-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-256-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-256-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-256-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, BLOWFISH-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-128-GCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-GCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-GCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-GCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-GCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-GCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-GCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-GCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-GCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-GCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-GCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-GCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-384
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-256
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-1
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, MD5
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, MD5, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, MD5, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-384
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-256
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-1
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, MD5
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, MD5, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, MD5, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-384
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-256
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-1
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, MD5
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, MD5, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, MD5, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, SSL3, SHA-1
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARC4-128, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARC4-128, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARC4-128, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARC4-128, SSL3, MD5
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARC4-128, SSL3, MD5, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARC4-128, SSL3, MD5, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARC4-128, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, NULL cipher, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, NULL cipher, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, NULL cipher, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, NULL cipher, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, NULL cipher, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, NULL cipher, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, NULL cipher, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SSL3
+depends_on:MBEDTLS_SSL_PROTO_SSL3
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SSL3:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"3ff3d192aa599255339def5a9723444a":0
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.0 enabled
+depends_on:MBEDTLS_SSL_PROTO_TLS1
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":0
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.1 enabled
+depends_on:MBEDTLS_SSL_PROTO_TLS1_1
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":0
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384
+depends_on:MBEDTLS_SHA512_C:MBEDTLS_SSL_PROTO_TLS1_2
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":0
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_SSL_PROTO_TLS1_2
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":0
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SSL3 not enabled
+depends_on:!MBEDTLS_SSL_PROTO_SSL3
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SSL3:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"3ff3d192aa599255339def5a9723444a":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.X not enabled
+depends_on:!MBEDTLS_SSL_PROTO_TLS1:!MBEDTLS_SSL_PROTO_TLS1_1
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 SHA-512 not enabled
+depends_on:!MBEDTLS_SHA512_C
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+
+SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256 SHA-256 not enabled
+depends_on:!MBEDTLS_SHA256_C
+ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 5cc32ab..104a52f 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -1,6 +1,272 @@
/* BEGIN_HEADER */
#include <mbedtls/ssl.h>
#include <mbedtls/ssl_internal.h>
+
+/*
+ * Helper function setting up inverse record transformations
+ * using given cipher, hash, EtM mode, authentication tag length,
+ * and version.
+ */
+
+#define CHK( x ) \
+ do \
+ { \
+ if( !( x ) ) \
+ { \
+ ret = -1; \
+ goto cleanup; \
+ } \
+ } while( 0 )
+
+#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
+#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
+#else
+#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
+#endif
+
+static int build_transforms( mbedtls_ssl_transform *t_in,
+ mbedtls_ssl_transform *t_out,
+ int cipher_type, int hash_id,
+ int etm, int tag_mode, int ver,
+ size_t cid0_len,
+ size_t cid1_len )
+{
+ mbedtls_cipher_info_t const *cipher_info;
+ int ret = 0;
+
+ size_t keylen, maclen, ivlen;
+ unsigned char *key0 = NULL, *key1 = NULL;
+ unsigned char iv_enc[16], iv_dec[16];
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ unsigned char cid0[ SSL_CID_LEN_MIN ];
+ unsigned char cid1[ SSL_CID_LEN_MIN ];
+
+ rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
+ rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
+#else
+ ((void) cid0_len);
+ ((void) cid1_len);
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ maclen = 0;
+
+ /* Pick cipher */
+ cipher_info = mbedtls_cipher_info_from_type( cipher_type );
+ CHK( cipher_info != NULL );
+ CHK( cipher_info->iv_size <= 16 );
+ CHK( cipher_info->key_bitlen % 8 == 0 );
+
+ /* Pick keys */
+ keylen = cipher_info->key_bitlen / 8;
+ /* Allocate `keylen + 1` bytes to ensure that we get
+ * a non-NULL pointers from `mbedtls_calloc` even if
+ * `keylen == 0` in the case of the NULL cipher. */
+ CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
+ CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
+ memset( key0, 0x1, keylen );
+ memset( key1, 0x2, keylen );
+
+ /* Setup cipher contexts */
+ CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
+ CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
+ CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
+ CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+ if( cipher_info->mode == MBEDTLS_MODE_CBC )
+ {
+ CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
+ MBEDTLS_PADDING_NONE ) == 0 );
+ CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
+ MBEDTLS_PADDING_NONE ) == 0 );
+ CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc,
+ MBEDTLS_PADDING_NONE ) == 0 );
+ CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
+ MBEDTLS_PADDING_NONE ) == 0 );
+ }
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+ CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
+ keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
+ CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
+ keylen << 3, MBEDTLS_DECRYPT ) == 0 );
+ CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1,
+ keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
+ CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
+ keylen << 3, MBEDTLS_DECRYPT ) == 0 );
+
+ /* Setup MAC contexts */
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
+ if( cipher_info->mode == MBEDTLS_MODE_CBC ||
+ cipher_info->mode == MBEDTLS_MODE_STREAM )
+ {
+ mbedtls_md_info_t const *md_info;
+ unsigned char *md0, *md1;
+
+ /* Pick hash */
+ md_info = mbedtls_md_info_from_type( hash_id );
+ CHK( md_info != NULL );
+
+ /* Pick hash keys */
+ maclen = mbedtls_md_get_size( md_info );
+ CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL );
+ CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL );
+ memset( md0, 0x5, maclen );
+ memset( md1, 0x6, maclen );
+
+ CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
+ CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
+ CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
+ CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
+
+ if( ver > MBEDTLS_SSL_MINOR_VERSION_0 )
+ {
+ CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
+ md0, maclen ) == 0 );
+ CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
+ md1, maclen ) == 0 );
+ CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc,
+ md1, maclen ) == 0 );
+ CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
+ md0, maclen ) == 0 );
+ }
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+ else
+ {
+ memcpy( &t_in->mac_enc, md0, maclen );
+ memcpy( &t_in->mac_dec, md1, maclen );
+ memcpy( &t_out->mac_enc, md1, maclen );
+ memcpy( &t_out->mac_dec, md0, maclen );
+ }
+#endif
+
+ mbedtls_free( md0 );
+ mbedtls_free( md1 );
+ }
+#else
+ ((void) hash_id);
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
+
+
+ /* Pick IV's (regardless of whether they
+ * are being used by the transform). */
+ ivlen = cipher_info->iv_size;
+ memset( iv_enc, 0x3, sizeof( iv_enc ) );
+ memset( iv_dec, 0x4, sizeof( iv_dec ) );
+
+ /*
+ * Setup transforms
+ */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+ defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
+ t_out->encrypt_then_mac = etm;
+ t_in->encrypt_then_mac = etm;
+#else
+ ((void) etm);
+#endif
+
+ t_out->minor_ver = ver;
+ t_in->minor_ver = ver;
+ t_out->ivlen = ivlen;
+ t_in->ivlen = ivlen;
+
+ switch( cipher_info->mode )
+ {
+ case MBEDTLS_MODE_GCM:
+ case MBEDTLS_MODE_CCM:
+ t_out->fixed_ivlen = 4;
+ t_in->fixed_ivlen = 4;
+ t_out->maclen = 0;
+ t_in->maclen = 0;
+ switch( tag_mode )
+ {
+ case 0: /* Full tag */
+ t_out->taglen = 16;
+ t_in->taglen = 16;
+ break;
+ case 1: /* Partial tag */
+ t_out->taglen = 8;
+ t_in->taglen = 8;
+ break;
+ default:
+ return( 1 );
+ }
+ break;
+
+ case MBEDTLS_MODE_CHACHAPOLY:
+ t_out->fixed_ivlen = 12;
+ t_in->fixed_ivlen = 12;
+ t_out->maclen = 0;
+ t_in->maclen = 0;
+ switch( tag_mode )
+ {
+ case 0: /* Full tag */
+ t_out->taglen = 16;
+ t_in->taglen = 16;
+ break;
+ case 1: /* Partial tag */
+ t_out->taglen = 8;
+ t_in->taglen = 8;
+ break;
+ default:
+ return( 1 );
+ }
+ break;
+
+ case MBEDTLS_MODE_STREAM:
+ case MBEDTLS_MODE_CBC:
+ t_out->fixed_ivlen = 0; /* redundant, must be 0 */
+ t_in->fixed_ivlen = 0; /* redundant, must be 0 */
+ t_out->taglen = 0;
+ t_in->taglen = 0;
+ switch( tag_mode )
+ {
+ case 0: /* Full tag */
+ t_out->maclen = maclen;
+ t_in->maclen = maclen;
+ break;
+ case 1: /* Partial tag */
+ t_out->maclen = 10;
+ t_in->maclen = 10;
+ break;
+ default:
+ return( 1 );
+ }
+ break;
+ default:
+ return( 1 );
+ break;
+ }
+
+ /* Setup IV's */
+
+ memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) );
+ memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) );
+ memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
+ memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* Add CID */
+ memcpy( &t_in->in_cid, cid0, cid0_len );
+ memcpy( &t_in->out_cid, cid1, cid1_len );
+ t_in->in_cid_len = cid0_len;
+ t_in->out_cid_len = cid1_len;
+ memcpy( &t_out->in_cid, cid1, cid1_len );
+ memcpy( &t_out->out_cid, cid0, cid0_len );
+ t_out->in_cid_len = cid1_len;
+ t_out->out_cid_len = cid0_len;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+cleanup:
+
+ mbedtls_free( key0 );
+ mbedtls_free( key1 );
+
+ return( ret );
+}
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -9,11 +275,11 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-void ssl_dtls_replay( char *prevs, char *new, int ret )
+void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
{
+ uint32_t len = 0;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
- char *end_prevs = prevs + strlen( prevs ) + 1;
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
@@ -25,15 +291,14 @@
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
/* Read previous record numbers */
- for( ; end_prevs - prevs >= 13; prevs += 13 )
+ for( len = 0; len < prevs->len; len += 6 )
{
- prevs[12] = '\0';
- unhexify( ssl.in_ctr + 2, prevs );
+ memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
mbedtls_ssl_dtls_replay_update( &ssl );
}
/* Check new number */
- unhexify( ssl.in_ctr + 2, new );
+ memcpy( ssl.in_ctr + 2, new->x, 6 );
TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
mbedtls_ssl_free( &ssl );
@@ -53,3 +318,290 @@
mbedtls_ssl_free( &ssl );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void ssl_crypt_record( int cipher_type, int hash_id,
+ int etm, int tag_mode, int ver,
+ int cid0_len, int cid1_len )
+{
+ /*
+ * Test several record encryptions and decryptions
+ * with plenty of space before and after the data
+ * within the record buffer.
+ */
+
+ int ret;
+ int num_records = 16;
+ mbedtls_ssl_context ssl; /* ONLY for debugging */
+
+ mbedtls_ssl_transform t0, t1;
+ unsigned char *buf = NULL;
+ size_t const buflen = 512;
+ mbedtls_record rec, rec_backup;
+
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_transform_init( &t0 );
+ mbedtls_ssl_transform_init( &t1 );
+ TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
+ etm, tag_mode, ver,
+ (size_t) cid0_len,
+ (size_t) cid1_len ) == 0 );
+
+ TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
+
+ while( num_records-- > 0 )
+ {
+ mbedtls_ssl_transform *t_dec, *t_enc;
+ /* Take turns in who's sending and who's receiving. */
+ if( num_records % 3 == 0 )
+ {
+ t_dec = &t0;
+ t_enc = &t1;
+ }
+ else
+ {
+ t_dec = &t1;
+ t_enc = &t0;
+ }
+
+ /*
+ * The record header affects the transformation in two ways:
+ * 1) It determines the AEAD additional data
+ * 2) The record counter sometimes determines the IV.
+ *
+ * Apart from that, the fields don't have influence.
+ * In particular, it is currently not the responsibility
+ * of ssl_encrypt/decrypt_buf to check if the transform
+ * version matches the record version, or that the
+ * type is sensible.
+ */
+
+ memset( rec.ctr, num_records, sizeof( rec.ctr ) );
+ rec.type = 42;
+ rec.ver[0] = num_records;
+ rec.ver[1] = num_records;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ rec.cid_len = 0;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ rec.buf = buf;
+ rec.buf_len = buflen;
+ rec.data_offset = 16;
+ /* Make sure to vary the length to exercise different
+ * paddings. */
+ rec.data_len = 1 + num_records;
+
+ memset( rec.buf + rec.data_offset, 42, rec.data_len );
+
+ /* Make a copy for later comparison */
+ rec_backup = rec;
+
+ /* Encrypt record */
+ ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
+ rnd_std_rand, NULL );
+ TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ if( ret != 0 )
+ {
+ continue;
+ }
+
+ /* Decrypt record with t_dec */
+ ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
+ TEST_ASSERT( ret == 0 );
+
+ /* Compare results */
+ TEST_ASSERT( rec.type == rec_backup.type );
+ TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
+ TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
+ TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
+ TEST_ASSERT( rec.data_len == rec_backup.data_len );
+ TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
+ TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
+ rec_backup.buf + rec_backup.data_offset,
+ rec.data_len ) == 0 );
+ }
+
+exit:
+
+ /* Cleanup */
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_transform_free( &t0 );
+ mbedtls_ssl_transform_free( &t1 );
+
+ mbedtls_free( buf );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ssl_crypt_record_small( int cipher_type, int hash_id,
+ int etm, int tag_mode, int ver,
+ int cid0_len, int cid1_len )
+{
+ /*
+ * Test pairs of encryption and decryption with an increasing
+ * amount of space in the record buffer - in more detail:
+ * 1) Try to encrypt with 0, 1, 2, ... bytes available
+ * in front of the plaintext, and expect the encryption
+ * to succeed starting from some offset. Always keep
+ * enough space in the end of the buffer.
+ * 2) Try to encrypt with 0, 1, 2, ... bytes available
+ * at the end of the plaintext, and expect the encryption
+ * to succeed starting from some offset. Always keep
+ * enough space at the beginning of the buffer.
+ * 3) Try to encrypt with 0, 1, 2, ... bytes available
+ * both at the front and end of the plaintext,
+ * and expect the encryption to succeed starting from
+ * some offset.
+ *
+ * If encryption succeeds, check that decryption succeeds
+ * and yields the original record.
+ */
+
+ mbedtls_ssl_context ssl; /* ONLY for debugging */
+
+ mbedtls_ssl_transform t0, t1;
+ unsigned char *buf = NULL;
+ size_t const buflen = 256;
+ mbedtls_record rec, rec_backup;
+
+ int ret;
+ int mode; /* Mode 1, 2 or 3 as explained above */
+ size_t offset; /* Available space at beginning/end/both */
+ size_t threshold = 96; /* Maximum offset to test against */
+
+ size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
+ size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
+
+ int seen_success; /* Indicates if in the current mode we've
+ * already seen a successful test. */
+
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_transform_init( &t0 );
+ mbedtls_ssl_transform_init( &t1 );
+ TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
+ etm, tag_mode, ver,
+ (size_t) cid0_len,
+ (size_t) cid1_len ) == 0 );
+
+ TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
+
+ for( mode=1; mode <= 3; mode++ )
+ {
+ seen_success = 0;
+ for( offset=0; offset <= threshold; offset++ )
+ {
+ mbedtls_ssl_transform *t_dec, *t_enc;
+ t_dec = &t0;
+ t_enc = &t1;
+
+ memset( rec.ctr, offset, sizeof( rec.ctr ) );
+ rec.type = 42;
+ rec.ver[0] = offset;
+ rec.ver[1] = offset;
+ rec.buf = buf;
+ rec.buf_len = buflen;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ rec.cid_len = 0;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ switch( mode )
+ {
+ case 1: /* Space in the beginning */
+ rec.data_offset = offset;
+ rec.data_len = buflen - offset - default_post_padding;
+ break;
+
+ case 2: /* Space in the end */
+ rec.data_offset = default_pre_padding;
+ rec.data_len = buflen - default_pre_padding - offset;
+ break;
+
+ case 3: /* Space in the beginning and end */
+ rec.data_offset = offset;
+ rec.data_len = buflen - 2 * offset;
+ break;
+
+ default:
+ TEST_ASSERT( 0 );
+ break;
+ }
+
+ memset( rec.buf + rec.data_offset, 42, rec.data_len );
+
+ /* Make a copy for later comparison */
+ rec_backup = rec;
+
+ /* Encrypt record */
+ ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, rnd_std_rand, NULL );
+
+ if( ( mode == 1 || mode == 2 ) && seen_success )
+ {
+ TEST_ASSERT( ret == 0 );
+ }
+ else
+ {
+ TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ if( ret == 0 )
+ seen_success = 1;
+ }
+
+ if( ret != 0 )
+ continue;
+
+ /* Decrypt record with t_dec */
+ TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
+
+ /* Compare results */
+ TEST_ASSERT( rec.type == rec_backup.type );
+ TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
+ TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
+ TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
+ TEST_ASSERT( rec.data_len == rec_backup.data_len );
+ TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
+ TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
+ rec_backup.buf + rec_backup.data_offset,
+ rec.data_len ) == 0 );
+ }
+
+ TEST_ASSERT( seen_success == 1 );
+ }
+
+exit:
+
+ /* Cleanup */
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_transform_free( &t0 );
+ mbedtls_ssl_transform_free( &t1 );
+
+ mbedtls_free( buf );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ssl_tls_prf( int type, data_t * secret, data_t * random,
+ char *label, data_t *result_hex_str, int exp_ret )
+{
+ unsigned char *output;
+
+ output = mbedtls_calloc( 1, result_hex_str->len );
+ if( output == NULL )
+ goto exit;
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ TEST_ASSERT( psa_crypto_init() == 0 );
+#endif
+
+ TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len,
+ label, random->x, random->len,
+ output, result_hex_str->len ) == exp_ret );
+
+ if( exp_ret == 0 )
+ {
+ TEST_ASSERT( hexcmp( output, result_hex_str->x,
+ result_hex_str->len, result_hex_str->len ) == 0 );
+ }
+exit:
+
+ mbedtls_free( output );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_timing.data b/tests/suites/test_suite_timing.data
index 4dddcf7..2522da1 100644
--- a/tests/suites/test_suite_timing.data
+++ b/tests/suites/test_suite_timing.data
@@ -1,41 +1,17 @@
-Timing: basic timer operation
-timing_timer_simple:
-
-Timing: timer reset
-timing_timer_reset:
-
-Timing: two parallel timers, delay 0
-timing_two_timers:0:
-
-Timing: two parallel timers, delay 100
-timing_two_timers:100:
-
-Timing: two parallel timers, delay 1000
-timing_two_timers:1000:
-
-Timing: two parallel timers, delay 10000
-timing_two_timers:10000:
-
-Timing: delay 0ms, 0ms
-timing_delay:0:0:
-
-Timing: delay 0ms, 50ms
-timing_delay:0:50:
-
-Timing: delay 50ms, 50ms
-timing_delay:50:50:
-
-Timing: delay 50ms, 100ms
-timing_delay:50:100:
-
-Timing: delay 50ms, 200ms
-timing_delay:50:200:
-
-Timing: alarm in 0 second
-timing_alarm:0:
-
-Timing: alarm in 1 second
-timing_alarm:1:
-
Timing: hardclock
timing_hardclock:
+
+Timing: get timer
+timing_get_timer:
+
+Timing: set alarm with no delay
+timing_set_alarm:0:
+
+Timing: set alarm with 1s delay
+timing_set_alarm:1:
+
+Timing: delay 0ms
+timing_delay:0:
+
+Timing: delay 100ms
+timing_delay:100:
diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function
index 1610155..74dc823 100644
--- a/tests/suites/test_suite_timing.function
+++ b/tests/suites/test_suite_timing.function
@@ -1,51 +1,14 @@
/* BEGIN_HEADER */
-/* This test module exercises the timing module. One of the expected failure
- modes is for timers to never expire, which could lead to an infinite loop.
- The function timing_timer_simple is protected against this failure mode and
- checks that timers do expire. Other functions will terminate if their
- timers do expire. Therefore it is recommended to run timing_timer_simple
- first and run other test functions only if that timing_timer_simple
- succeeded. */
+/* This test module exercises the timing module. Since, depending on the
+ * underlying operating system, the timing routines are not always reliable,
+ * this suite only performs very basic sanity checks of the timing API.
+ */
#include <limits.h>
#include "mbedtls/timing.h"
-/* Wait this many milliseconds for a short timing test. This duration
- should be large enough that, in practice, if you read the timer
- value twice in a row, it won't have jumped by that much. */
-#define TIMING_SHORT_TEST_MS 100
-
-/* A loop that waits TIMING_SHORT_TEST_MS must not take more than this many
- iterations. This value needs to be large enough to accommodate fast
- platforms (e.g. at 4GHz and 10 cycles/iteration a CPU can run through 20
- million iterations in 50ms). The only motivation to keep this value low is
- to avoid having an infinite loop if the timer functions are not implemented
- correctly. Ideally this value should be based on the processor speed but we
- don't have this information! */
-#define TIMING_SHORT_TEST_ITERATIONS_MAX 1e8
-
-/* alarm(0) must fire in no longer than this amount of time. */
-#define TIMING_ALARM_0_DELAY_MS TIMING_SHORT_TEST_MS
-
-static int expected_delay_status( uint32_t int_ms, uint32_t fin_ms,
- unsigned long actual_ms )
-{
- return( fin_ms == 0 ? -1 :
- actual_ms >= fin_ms ? 2 :
- actual_ms >= int_ms ? 1 :
- 0 );
-}
-
-/* Some conditions in timing_timer_simple suggest that timers are unreliable.
- Most other test cases rely on timers to terminate, and could loop
- indefinitely if timers are too broken. So if timing_timer_simple detected a
- timer that risks not terminating (going backwards, or not reaching the
- desired count in the alloted clock cycles), set this flag to immediately
- fail those other tests without running any timers. */
-static int timers_are_badly_broken = 0;
-
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -54,350 +17,58 @@
*/
/* BEGIN_CASE */
-void timing_timer_simple( )
+void timing_hardclock( )
{
- struct mbedtls_timing_hr_time timer;
- unsigned long millis = 0;
- unsigned long new_millis = 0;
- unsigned long iterations = 0;
- /* Start the timer. */
- (void) mbedtls_timing_get_timer( &timer, 1 );
- /* Busy-wait loop for a few milliseconds. */
- do
- {
- new_millis = mbedtls_timing_get_timer( &timer, 0 );
- ++iterations;
- /* Check that the timer didn't go backwards */
- TEST_ASSERT( new_millis >= millis );
- millis = new_millis;
- }
- while( millis < TIMING_SHORT_TEST_MS &&
- iterations <= TIMING_SHORT_TEST_ITERATIONS_MAX );
- /* The wait duration should have been large enough for at least a
- few runs through the loop, even on the slowest realistic platform. */
- TEST_ASSERT( iterations >= 2 );
- /* The wait duration shouldn't have overflowed the iteration count. */
- TEST_ASSERT( iterations < TIMING_SHORT_TEST_ITERATIONS_MAX );
- return;
-
-exit:
- if( iterations >= TIMING_SHORT_TEST_ITERATIONS_MAX ||
- new_millis < millis )
- {
- /* The timer was very unreliable: it didn't increment and the loop ran
- out, or it went backwards. Other tests that use timers might go
- into an infinite loop, so we'll skip them. */
- timers_are_badly_broken = 1;
- }
-
- /* No cleanup needed, but show some diagnostic iterations, because timing
- problems can be hard to reproduce. */
- mbedtls_fprintf( stdout, " Finished with millis=%lu new_millis=%lu get(timer)<=%lu iterations=%lu\n",
- millis, new_millis, mbedtls_timing_get_timer( &timer, 0 ),
- iterations );
+ (void) mbedtls_timing_hardclock();
+ /* This goto is added to avoid warnings from the generated code. */
+ goto exit;
}
/* END_CASE */
/* BEGIN_CASE */
-void timing_timer_reset( )
+void timing_get_timer( )
{
- struct mbedtls_timing_hr_time timer;
- unsigned long millis = 0;
- unsigned long iterations = 0;
-
- /* Skip this test if it looks like timers don't work at all, to avoid an
- infinite loop below. */
- TEST_ASSERT( !timers_are_badly_broken );
-
- /* Start the timer. Timers are always reset to 0. */
- TEST_ASSERT( mbedtls_timing_get_timer( &timer, 1 ) == 0 );
- /* Busy-wait loop for a few milliseconds */
- do
- {
- ++iterations;
- millis = mbedtls_timing_get_timer( &timer, 0 );
- }
- while( millis < TIMING_SHORT_TEST_MS );
-
- /* Reset the timer and check that it has restarted. */
- TEST_ASSERT( mbedtls_timing_get_timer( &timer, 1 ) == 0 );
- /* Read the timer immediately after reset. It should be 0 or close
- to it. */
- TEST_ASSERT( mbedtls_timing_get_timer( &timer, 0 ) < TIMING_SHORT_TEST_MS );
- return;
-
-exit:
- /* No cleanup needed, but show some diagnostic information, because timing
- problems can be hard to reproduce. */
- if( !timers_are_badly_broken )
- mbedtls_fprintf( stdout, " Finished with millis=%lu get(timer)<=%lu iterations=%lu\n",
- millis, mbedtls_timing_get_timer( &timer, 0 ),
- iterations );
+ struct mbedtls_timing_hr_time time;
+ (void) mbedtls_timing_get_timer( &time, 1 );
+ (void) mbedtls_timing_get_timer( &time, 0 );
+ /* This goto is added to avoid warnings from the generated code. */
+ goto exit;
}
/* END_CASE */
/* BEGIN_CASE */
-void timing_two_timers( int delta )
+void timing_set_alarm( int seconds )
{
- struct mbedtls_timing_hr_time timer1, timer2;
- unsigned long millis1 = 0, millis2 = 0;
-
- /* Skip this test if it looks like timers don't work at all, to avoid an
- infinite loop below. */
- TEST_ASSERT( !timers_are_badly_broken );
-
- /* Start the first timer and wait for a short time. */
- (void) mbedtls_timing_get_timer( &timer1, 1 );
- do
+ if( seconds == 0 )
{
- millis1 = mbedtls_timing_get_timer( &timer1, 0 );
- }
- while( millis1 < TIMING_SHORT_TEST_MS );
-
- /* Do a short busy-wait, so that the difference between timer1 and timer2
- doesn't practically always end up being very close to a whole number of
- milliseconds. */
- while( delta > 0 )
- --delta;
-
- /* Start the second timer and compare it with the first. */
- mbedtls_timing_get_timer( &timer2, 1 );
- do
- {
- millis1 = mbedtls_timing_get_timer( &timer1, 0 );
- millis2 = mbedtls_timing_get_timer( &timer2, 0 );
- /* The first timer should always be ahead of the first. */
- TEST_ASSERT( millis1 > millis2 );
- /* The timers shouldn't drift apart, i.e. millis2-millis1 should stay
- roughly constant, but this is hard to test reliably, especially in
- a busy environment such as an overloaded continuous integration
- system, so we don't test it it. */
- }
- while( millis2 < TIMING_SHORT_TEST_MS );
-
- return;
-
-exit:
- /* No cleanup needed, but show some diagnostic iterations, because timing
- problems can be hard to reproduce. */
- if( !timers_are_badly_broken )
- mbedtls_fprintf( stdout, " Finished with millis1=%lu get(timer1)<=%lu millis2=%lu get(timer2)<=%lu\n",
- millis1, mbedtls_timing_get_timer( &timer1, 0 ),
- millis2, mbedtls_timing_get_timer( &timer2, 0 ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void timing_alarm( int seconds )
-{
- struct mbedtls_timing_hr_time timer;
- unsigned long millis = 0;
- /* We check that about the desired number of seconds has elapsed. Be
- slightly liberal with the lower bound, so as to allow platforms where
- the alarm (with second resolution) and the timer (with millisecond
- resolution) are based on different clocks. Be very liberal with the
- upper bound, because the platform might be busy. */
- unsigned long millis_min = ( seconds > 0 ?
- seconds * 900 :
- 0 );
- unsigned long millis_max = ( seconds > 0 ?
- seconds * 1100 + 400 :
- TIMING_ALARM_0_DELAY_MS );
- unsigned long iterations = 0;
-
- /* Skip this test if it looks like timers don't work at all, to avoid an
- infinite loop below. */
- TEST_ASSERT( !timers_are_badly_broken );
-
- /* Set an alarm and count how long it takes with a timer. */
- (void) mbedtls_timing_get_timer( &timer, 1 );
- mbedtls_set_alarm( seconds );
-
- if( seconds > 0 )
- {
- /* We set the alarm for at least 1 second. It should not have fired
- immediately, even on a slow and busy platform. */
- TEST_ASSERT( !mbedtls_timing_alarmed );
- }
- /* A 0-second alarm should fire quickly, but we don't guarantee that it
- fires immediately, so mbedtls_timing_alarmed may or may not be set at
- this point. */
-
- /* Busy-wait until the alarm rings */
- do
- {
- ++iterations;
- millis = mbedtls_timing_get_timer( &timer, 0 );
- }
- while( !mbedtls_timing_alarmed && millis <= millis_max );
-
- TEST_ASSERT( mbedtls_timing_alarmed );
- TEST_ASSERT( millis >= millis_min );
- TEST_ASSERT( millis <= millis_max );
-
- mbedtls_timing_alarmed = 0;
- return;
-
-exit:
- /* Show some diagnostic iterations, because timing
- problems can be hard to reproduce. */
- if( !timers_are_badly_broken )
- mbedtls_fprintf( stdout, " Finished with alarmed=%d millis=%lu get(timer)<=%lu iterations=%lu\n",
- mbedtls_timing_alarmed,
- millis, mbedtls_timing_get_timer( &timer, 0 ),
- iterations );
- /* Cleanup */
- mbedtls_timing_alarmed = 0;
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void timing_delay( int int_ms, int fin_ms )
-{
- /* This function assumes that if int_ms is nonzero then it is large
- enough that we have time to read all timers at least once in an
- interval of time lasting int_ms milliseconds, and likewise for (fin_ms
- - int_ms). So don't call it with arguments that are too small. */
-
- mbedtls_timing_delay_context delay;
- struct mbedtls_timing_hr_time timer;
- unsigned long delta = 0; /* delay started between timer=0 and timer=delta */
- unsigned long before = 0, after = 0;
- unsigned long iterations = 0;
- int status = -2;
- int saw_status_1 = 0;
- int warn_inconclusive = 0;
-
- assert( int_ms >= 0 );
- assert( fin_ms >= 0 );
-
- /* Skip this test if it looks like timers don't work at all, to avoid an
- infinite loop below. */
- TEST_ASSERT( !timers_are_badly_broken );
-
- /* Start a reference timer. Program a delay, and verify that the status of
- the delay is consistent with the time given by the reference timer. */
- (void) mbedtls_timing_get_timer( &timer, 1 );
- mbedtls_timing_set_delay( &delay, int_ms, fin_ms );
- /* Set delta to an upper bound for the interval between the start of timer
- and the start of delay. Reading timer after starting delay gives us an
- upper bound for the interval, rounded to a 1ms precision. Since this
- might have been rounded down, but we need an upper bound, we add 1. */
- delta = mbedtls_timing_get_timer( &timer, 0 ) + 1;
-
- status = mbedtls_timing_get_delay( &delay );
- if( fin_ms == 0 )
- {
- /* Cancelled timer. Just check the correct status for this case. */
- TEST_ASSERT( status == -1 );
- return;
- }
-
- /* Initially, none of the delays must be passed yet if they're nonzero.
- This could fail for very small values of int_ms and fin_ms, where "very
- small" depends how fast and how busy the platform is. */
- if( int_ms > 0 )
- {
- TEST_ASSERT( status == 0 );
+ mbedtls_set_alarm( seconds );
+ TEST_ASSERT( mbedtls_timing_alarmed == 1 );
}
else
{
- TEST_ASSERT( status == 1 );
+ mbedtls_set_alarm( seconds );
+ TEST_ASSERT( mbedtls_timing_alarmed == 0 ||
+ mbedtls_timing_alarmed == 1 );
}
-
- do
- {
- unsigned long delay_min, delay_max;
- int status_min, status_max;
- ++iterations;
- before = mbedtls_timing_get_timer( &timer, 0 );
- status = mbedtls_timing_get_delay( &delay );
- after = mbedtls_timing_get_timer( &timer, 0 );
- /* At a time between before and after, the delay's status was status.
- Check that this is consistent given that the delay was started
- between times 0 and delta. */
- delay_min = ( before > delta ? before - delta : 0 );
- status_min = expected_delay_status( int_ms, fin_ms, delay_min );
- delay_max = after;
- status_max = expected_delay_status( int_ms, fin_ms, delay_max );
- TEST_ASSERT( status >= status_min );
- TEST_ASSERT( status <= status_max );
- if( status == 1 )
- saw_status_1 = 1;
- }
- while ( before <= fin_ms + delta && status != 2 );
-
- /* Since we've waited at least fin_ms, the delay must have fully
- expired. */
- TEST_ASSERT( status == 2 );
-
- /* If the second delay is more than the first, then there must have been a
- point in time when the first delay was passed but not the second delay.
- This could fail for very small values of (fin_ms - int_ms), where "very
- small" depends how fast and how busy the platform is. In practice, this
- is the test that's most likely to fail on a heavily loaded machine. */
- if( fin_ms > int_ms )
- {
- warn_inconclusive = 1;
- TEST_ASSERT( saw_status_1 );
- }
-
- return;
-
-exit:
- /* No cleanup needed, but show some diagnostic iterations, because timing
- problems can be hard to reproduce. */
- if( !timers_are_badly_broken )
- mbedtls_fprintf( stdout, " Finished with delta=%lu before=%lu after=%lu status=%d iterations=%lu\n",
- delta, before, after, status, iterations );
- if( warn_inconclusive )
- mbedtls_fprintf( stdout, " Inconclusive test, try running it on a less heavily loaded machine.\n" );
- }
+}
/* END_CASE */
/* BEGIN_CASE */
-void timing_hardclock( )
+void timing_delay( int fin_ms )
{
- /* We make very few guarantees about mbedtls_timing_hardclock: its rate is
- platform-dependent, it can wrap around. So there isn't much we can
- test. But we do at least test that it doesn't crash, stall or return
- completely nonsensical values. */
-
- struct mbedtls_timing_hr_time timer;
- unsigned long hardclock0 = -1, hardclock1 = -1, delta1 = -1;
-
- /* Skip this test if it looks like timers don't work at all, to avoid an
- infinite loop below. */
- TEST_ASSERT( !timers_are_badly_broken );
-
- hardclock0 = mbedtls_timing_hardclock( );
- /* Wait 2ms to ensure a nonzero delay. Since the timer interface has 1ms
- resolution and unspecified precision, waiting 1ms might be a very small
- delay that's rounded up. */
- (void) mbedtls_timing_get_timer( &timer, 1 );
- while( mbedtls_timing_get_timer( &timer, 0 ) < 2 )
- /*busy-wait loop*/;
- hardclock1 = mbedtls_timing_hardclock( );
-
- /* Although the hardclock counter can wrap around, the difference
- (hardclock1 - hardclock0) is taken modulo the type size, so it is
- correct as long as the counter only wrapped around at most once. We
- further require the difference to be nonzero (after a wait of more than
- 1ms, the counter must have changed), and not to be overly large (after
- a wait of less than 3ms, plus time lost because other processes were
- scheduled on the CPU). If the hardclock counter runs at 4GHz, then
- 1000000000 (which is 1/4 of the counter wraparound on a 32-bit machine)
- allows 250ms. */
- delta1 = hardclock1 - hardclock0;
- TEST_ASSERT( delta1 > 0 );
- TEST_ASSERT( delta1 < 1000000000 );
- return;
-
-exit:
- /* No cleanup needed, but show some diagnostic iterations, because timing
- problems can be hard to reproduce. */
- if( !timers_are_badly_broken )
- mbedtls_fprintf( stdout, " Finished with hardclock=%lu,%lu\n",
- hardclock0, hardclock1 );
+ mbedtls_timing_delay_context ctx;
+ int result;
+ if( fin_ms == 0 )
+ {
+ mbedtls_timing_set_delay( &ctx, 0, 0 );
+ result = mbedtls_timing_get_delay( &ctx );
+ TEST_ASSERT( result == -1 );
+ }
+ else
+ {
+ mbedtls_timing_set_delay( &ctx, fin_ms / 2, fin_ms );
+ result = mbedtls_timing_get_delay( &ctx );
+ TEST_ASSERT( result >= 0 && result <= 2 );
+ }
}
/* END_CASE */
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 402c8b8..a4575ab 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"2.12.0"
+check_compiletime_version:"2.17.0"
Check runtime library version
-check_runtime_version:"2.12.0"
+check_runtime_version:"2.17.0"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0
diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function
index a4847f9..10f9e11 100644
--- a/tests/suites/test_suite_version.function
+++ b/tests/suites/test_suite_version.function
@@ -8,7 +8,7 @@
*/
/* BEGIN_CASE */
-void check_compiletime_version( char *version_str )
+void check_compiletime_version( char * version_str )
{
char build_str[100];
char build_str_full[100];
@@ -35,7 +35,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void check_runtime_version( char *version_str )
+void check_runtime_version( char * version_str )
{
char build_str[100];
char get_str[100];
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 406cf59..ce49ff0 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1,126 +1,202 @@
-X509 Certificate information #1
+X509 CRT information #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information #2
+X509 CRT information #1 (DER)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+x509_cert_info:"data_files/server1.crt.der":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+
+X509 CRT information #2
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information #3
+X509 CRT information #2 (DER)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+x509_cert_info:"data_files/server2.crt.der":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+
+X509 CRT information #3
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2011-02-12 14\:44\:00\nexpires on \: 2021-02-12 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
+x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
-X509 Certificate information MD2 Digest
+X509 CRT information #3 (DER)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+x509_cert_info:"data_files/test-ca.crt.der":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
+
+X509 CRT information MD2 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA with MD2\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD2\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information MD4 Digest
+X509 CRT information MD4 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD4_C
-x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 05\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 05\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information MD5 Digest
+X509 CRT information MD5 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD5_C
-x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information SHA1 Digest
+X509 CRT information SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information SHA224 Digest
+X509 CRT information SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information SHA256 Digest
+X509 CRT information SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/cert_sha256.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/cert_sha256.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information SHA384 Digest
+X509 CRT information SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA512_C
-x509_cert_info:"data_files/cert_sha384.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/cert_sha384.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information SHA512 Digest
+X509 CRT information SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA512_C
-x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information RSA-PSS, SHA1 Digest
+X509 CRT information RSA-PSS, SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
x509_cert_info:"data_files/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information RSA-PSS, SHA224 Digest
+X509 CRT information RSA-PSS, SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
x509_cert_info:"data_files/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information RSA-PSS, SHA256 Digest
+X509 CRT information RSA-PSS, SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
x509_cert_info:"data_files/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information RSA-PSS, SHA384 Digest
+X509 CRT information RSA-PSS, SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
x509_cert_info:"data_files/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information RSA-PSS, SHA512 Digest
+X509 CRT information RSA-PSS, SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
x509_cert_info:"data_files/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information EC, SHA1 Digest
+X509 CRT information EC, SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
x509_cert_info:"data_files/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information EC, SHA224 Digest
+X509 CRT information EC, SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
x509_cert_info:"data_files/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information EC, SHA256 Digest
+X509 CRT information EC, SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
x509_cert_info:"data_files/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information EC, SHA384 Digest
+X509 CRT information EC, SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
x509_cert_info:"data_files/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information EC, SHA512 Digest
+X509 CRT information EC, SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information, NS Cert Type
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n"
+X509 CRT information EC, SHA256 Digest, hardware module name SAN
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n"
-X509 Certificate information, Key Usage
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server1.key_usage.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+X509 CRT information EC, SHA256 Digest, Wisun Fan device
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+x509_cert_info:"data_files/server5-fan.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nissued on \: 2019-03-25 09\:03\:46\nexpires on \: 2029-03-22 09\:03\:46\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\next key usage \: Wi-SUN Alliance Field Area Network (FAN)\n"
-X509 Certificate information, Key Usage with decipherOnly
+X509 CRT information, NS Cert Type
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+x509_cert_info:"data_files/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n"
+
+X509 CRT information, Key Usage
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+x509_cert_info:"data_files/server1.key_usage.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+
+X509 CRT information, Key Usage with decipherOnly
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_cert_info:"data_files/keyUsage.decipherOnly.crt":"cert. version \: 3\nserial number \: 9B\:13\:CE\:4C\:A5\:6F\:DE\:52\nissuer name \: C=GB, L=Cambridge, O=Default Company Ltd\nsubject name \: C=GB, L=Cambridge, O=Default Company Ltd\nissued on \: 2015-05-12 10\:36\:55\nexpires on \: 2018-05-11 10\:36\:55\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment, Decipher Only\n"
-X509 Certificate information, Subject Alt Name
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2012-05-10 13\:23\:41\nexpires on \: 2022-05-11 13\:23\:41\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: example.com, example.net, *.example.org\n"
+X509 CRT information, Subject Alt Name
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2019-07-10 11\:27\:52\nexpires on \: 2029-07-10 11\:27\:52\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n"
-X509 Certificate information, Subject Alt Name + Key Usage
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \: www.shotokan-braunschweig.de, www.massimo-abate.eu\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+X509 CRT information, Multiple different Subject Alt Name
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n dNSName \: example.net\n dNSName \: *.example.org\n"
-X509 Certificate information, Key Usage + Extended Key Usage
+X509 CRT information, Subject Alt Name + Key Usage
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\n <unsupported>\n <unsupported>\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+
+X509 CRT information, RSA Certificate Policy any
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509_cert_info:"data_files/test-ca-any_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
+
+X509 CRT information, ECDSA Certificate Policy any
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+x509_cert_info:"data_files/test-ca-any_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
+
+X509 CRT information, RSA Certificate Policy any with qualifier
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509_cert_info:"data_files/test-ca-any_policy_with_qualifier.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
+
+X509 CRT information, ECDSA Certificate Policy any with qualifier
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+x509_cert_info:"data_files/test-ca-any_policy_with_qualifier_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
+
+X509 CRT information, RSA Certificate multiple Policies
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509_cert_info:"data_files/test-ca-multi_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n"
+
+X509 CRT information, ECDSA Certificate multiple Policies
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+x509_cert_info:"data_files/test-ca-multi_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n"
+
+X509 CRT information, RSA Certificate unsupported policy
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509_cert_info:"data_files/test-ca-unsupported_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n"
+
+X509 CRT information, ECDSA Certificate unsupported policy
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+x509_cert_info:"data_files/test-ca-unsupported_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n"
+
+X509 CRT information, Key Usage + Extended Key Usage
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509_cert_info:"data_files/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\next key usage \: TLS Web Server Authentication\n"
-X509 Certificate information RSA signed by EC
+X509 CRT information RSA signed by EC
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information EC signed by RSA
+X509 CRT information EC signed by RSA
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n"
-X509 Certificate information Bitstring in subject name
+X509 CRT information Bitstring in subject name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: \next key usage \: TLS Web Client Authentication\n"
+x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n <unsupported>\next key usage \: TLS Web Client Authentication\n"
X509 certificate v1 with extension
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \: identity-check.org, www.identity-check.org\n"
+x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \:\n dNSName \: identity-check.org\n dNSName \: www.identity-check.org\n"
+
+X509 SAN parsing otherName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\n"
+
+X509 SAN parsing dNSName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509_parse_san:"data_files/cert_example_multi.crt":"type \: 2\ndNSName \: example.com\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
+
+X509 SAN parsing Multiple different types
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
+
+X509 SAN parsing, no subject alt name
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
+x509_parse_san:"data_files/server4.crt":""
+
+X509 SAN parsing, unsupported otherName name
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+x509_parse_san:"data_files/server5-unsupported_othername.crt":""
X509 CRL information #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
@@ -226,7 +302,7 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
mbedtls_x509_csr_info:"data_files/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n"
-X509 CSR Information RSA with SHA256
+X509 CSR Information RSA with SHA-256
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
mbedtls_x509_csr_info:"data_files/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
@@ -278,6 +354,10 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
mbedtls_x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n"
+X509 CSR Information RSA with SHA-256 - Microsoft header
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+mbedtls_x509_csr_info:"data_files/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
+
X509 Verify Information: empty
x509_verify_info:0:"":""
@@ -363,523 +443,555 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_to":1
-X509 Certificate verification #1 (Revoked Cert, Expired CRL, no CN)
+X509 CRT verification #1 (Revoked Cert, Expired CRL, no CN)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
-X509 Certificate verification #1a (Revoked Cert, Future CRL, no CN)
+X509 CRT verification #1a (Revoked Cert, Future CRL, no CN)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
-X509 Certificate verification #2 (Revoked Cert, Expired CRL)
+X509 CRT verification #2 (Revoked Cert, Expired CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
-X509 Certificate verification #2a (Revoked Cert, Future CRL)
+X509 CRT verification #2a (Revoked Cert, Future CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
-X509 Certificate verification #3 (Revoked Cert, Future CRL, CN Mismatch)
+X509 CRT verification #3 (Revoked Cert, Future CRL, CN Mismatch)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-X509 Certificate verification #3a (Revoked Cert, Expired CRL, CN Mismatch)
+X509 CRT verification #3a (Revoked Cert, Expired CRL, CN Mismatch)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-X509 Certificate verification #4 (Valid Cert, Expired CRL)
+X509 CRT verification #4 (Valid Cert, Expired CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
-X509 Certificate verification #4a (Revoked Cert, Future CRL)
+X509 CRT verification #4a (Revoked Cert, Future CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
-X509 Certificate verification #5 (Revoked Cert)
+X509 CRT verification #5 (Revoked Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-X509 Certificate verification #6 (Revoked Cert)
+X509 CRT verification #5' (Revoked Cert, differing DN string formats #1)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
+x509_verify:"data_files/server1.crt":"data_files/test-ca_utf8.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
+
+X509 CRT verification #5'' (Revoked Cert, differing DN string formats #2)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
+x509_verify:"data_files/server1.crt":"data_files/test-ca_printable.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
+
+X509 CRT verification #5''' (Revoked Cert, differing upper and lower case)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
+x509_verify:"data_files/server1.crt":"data_files/test-ca_uppercase.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
+
+X509 CRT verification #6 (Revoked Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-X509 Certificate verification #7 (Revoked Cert, CN Mismatch)
+X509 CRT verification #7 (Revoked Cert, CN Mismatch)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-X509 Certificate verification #8 (Valid Cert)
+X509 CRT verification #8 (Valid Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #8a (Expired Cert)
+X509 CRT verification #8a (Expired Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
-X509 Certificate verification #8b (Future Cert)
+X509 CRT verification #8b (Future Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server5-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
-X509 Certificate verification #8c (Expired Cert, longer chain)
+X509 CRT verification #8c (Expired Cert, longer chain)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
-X509 Certificate verification #8d (Future Cert, longer chain)
+X509 CRT verification #8d (Future Cert, longer chain)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server7-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
-X509 Certificate verification #9 (Not trusted Cert)
+X509 CRT verification #9 (Not trusted Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #10 (Not trusted Cert, Expired CRL)
+X509 CRT verification #10 (Not trusted Cert, Expired CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #12 (Valid Cert MD4 Digest)
+X509 CRT verification #12 (Valid Cert MD2 Digest, MD2 forbidden)
+depends_on:MBEDTLS_MD2_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+x509_verify:"data_files/cert_md2.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL"
+
+X509 CRT verification #12 (Valid Cert MD4 Digest, MD4 forbidden)
depends_on:MBEDTLS_MD4_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL"
-X509 Certificate verification #13 (Valid Cert MD5 Digest)
+X509 CRT verification #13 (Valid Cert MD5 Digest, MD5 forbidden)
depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL"
-X509 Certificate verification #14 (Valid Cert SHA1 Digest explicitly allowed in profile)
+X509 CRT verification #12 (Valid Cert MD2 Digest, MD2 allowed)
+depends_on:MBEDTLS_MD2_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+x509_verify:"data_files/cert_md2.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL"
+
+X509 CRT verification #12 (Valid Cert MD4 Digest, MD4 allowed)
+depends_on:MBEDTLS_MD4_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL"
+
+X509 CRT verification #13 (Valid Cert MD5 Digest, MD5 allowed)
+depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL"
+
+X509 CRT verification #14 (Valid Cert SHA1 Digest explicitly allowed in profile)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #14 (Valid Cert SHA1 Digest allowed in compile-time default profile)
+X509 CRT verification #14 (Valid Cert SHA1 Digest allowed in compile-time default profile)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"":"NULL"
-X509 Certificate verification #14 (Valid Cert SHA1 Digest forbidden in default profile)
+X509 CRT verification #14 (Valid Cert SHA1 Digest forbidden in default profile)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"":"NULL"
-X509 Certificate verification #15 (Valid Cert SHA224 Digest)
+X509 CRT verification #15 (Valid Cert SHA224 Digest)
depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #16 (Valid Cert SHA256 Digest)
+X509 CRT verification #16 (Valid Cert SHA256 Digest)
depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #17 (Valid Cert SHA384 Digest)
+X509 CRT verification #17 (Valid Cert SHA384 Digest)
depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #18 (Valid Cert SHA512 Digest)
+X509 CRT verification #18 (Valid Cert SHA512 Digest)
depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #19 (Valid Cert, denying callback)
+X509 CRT verification #19 (Valid Cert, denying callback)
depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"compat":"verify_none"
-X509 Certificate verification #19 (Not trusted Cert, allowing callback)
+X509 CRT verification #19 (Not trusted Cert, allowing callback)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":0:0:"compat":"verify_all"
-X509 Certificate verification #21 (domain matching wildcard certificate, case insensitive)
+X509 CRT verification #21 (domain matching wildcard certificate, case insensitive)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.ExAmPlE.com":0:0:"compat":"NULL"
-X509 Certificate verification #22 (domain not matching wildcard certificate)
+X509 CRT verification #22 (domain not matching wildcard certificate)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-X509 Certificate verification #23 (domain not matching wildcard certificate)
+X509 CRT verification #23 (domain not matching wildcard certificate)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-X509 Certificate verification #24 (domain matching CN of multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+X509 CRT verification #24 (domain matching CN of multi certificate)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-X509 Certificate verification #25 (domain matching multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+X509 CRT verification #25 (domain matching multi certificate)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.net":0:0:"compat":"NULL"
-X509 Certificate verification #26 (domain not matching multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+X509 CRT verification #26 (domain not matching multi certificate)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-X509 Certificate verification #27 (domain not matching multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+X509 CRT verification #27 (domain not matching multi certificate)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"xample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-X509 Certificate verification #27 (domain not matching multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+X509 CRT verification #27 (domain not matching multi certificate)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"bexample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-X509 Certificate verification #28 (domain not matching wildcard in multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+X509 CRT verification #28 (domain not matching wildcard in multi certificate)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.org":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
-X509 Certificate verification #29 (domain matching wildcard in multi certificate)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+X509 CRT verification #29 (domain matching wildcard in multi certificate)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.org":0:0:"compat":"NULL"
-X509 Certificate verification #30 (domain matching multi certificate without CN)
+X509 CRT verification #30 (domain matching multi certificate without CN)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.shotokan-braunschweig.de":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #31 (domain not matching multi certificate without CN)
+X509 CRT verification #31 (domain not matching multi certificate without CN)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #32 (Valid, EC cert, RSA CA)
+X509 CRT verification #32 (Valid, EC cert, RSA CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #33 (Valid, RSA cert, EC CA)
+X509 CRT verification #33 (Valid, RSA cert, EC CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #34 (Valid, EC cert, EC CA)
+X509 CRT verification #34 (Valid, EC cert, EC CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #35 (Revoked, EC CA)
+X509 CRT verification #35 (Revoked, EC CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-X509 Certificate verification #36 (Valid, EC CA, SHA1 Digest)
+X509 CRT verification #36 (Valid, EC CA, SHA1 Digest)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #37 (Valid, EC CA, SHA224 Digest)
+X509 CRT verification #37 (Valid, EC CA, SHA224 Digest)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #38 (Valid, EC CA, SHA384 Digest)
+X509 CRT verification #38 (Valid, EC CA, SHA384 Digest)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #39 (Valid, EC CA, SHA512 Digest)
+X509 CRT verification #39 (Valid, EC CA, SHA512 Digest)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #40 (Valid, depth 0, RSA, CA)
+X509 CRT verification #40 (Valid, depth 0, RSA, CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
x509_verify:"data_files/test-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #41 (Valid, depth 0, EC, CA)
+X509 CRT verification #41 (Valid, depth 0, EC, CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #42 (Depth 0, not CA, RSA)
+X509 CRT verification #42 (Depth 0, not CA, RSA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
x509_verify:"data_files/server2.crt":"data_files/server2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #43 (Depth 0, not CA, EC)
+X509 CRT verification #43 (Depth 0, not CA, EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #44 (Corrupted signature, EC)
+X509 CRT verification #44 (Corrupted signature, EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #45 (Corrupted signature, RSA)
+X509 CRT verification #45 (Corrupted signature, RSA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #45b (Corrupted signature, intermediate CA)
+X509 CRT verification #45b (Corrupted signature, intermediate CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
x509_verify:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #46 (Valid, depth 2, EC-RSA-EC)
+X509 CRT verification #46 (Valid, depth 2, EC-RSA-EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #47 (Untrusted, depth 2, EC-RSA-EC)
+X509 CRT verification #47 (Untrusted, depth 2, EC-RSA-EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #48 (Missing intermediate CA, EC-RSA-EC)
+X509 CRT verification #48 (Missing intermediate CA, EC-RSA-EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #49 (Valid, depth 2, RSA-EC-RSA)
+X509 CRT verification #49 (Valid, depth 2, RSA-EC-RSA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #50 (Valid, multiple CAs)
+X509 CRT verification #50 (Valid, multiple CAs)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
x509_verify:"data_files/server2.crt":"data_files/test-ca_cat12.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #51 (Valid, multiple CAs, reverse order)
+X509 CRT verification #51 (Valid, multiple CAs, reverse order)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #52 (CA keyUsage valid)
+X509 CRT verification #52 (CA keyUsage valid)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt_crl.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #53 (CA keyUsage missing cRLSign)
+X509 CRT verification #53 (CA keyUsage missing cRLSign)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #54 (CA keyUsage missing cRLSign, no CRL)
+X509 CRT verification #54 (CA keyUsage missing cRLSign, no CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #55 (CA keyUsage missing keyCertSign)
+X509 CRT verification #55 (CA keyUsage missing keyCertSign)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crl.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #56 (CA keyUsage plain wrong)
+X509 CRT verification #56 (CA keyUsage plain wrong)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #57 (Valid, RSASSA-PSS, SHA-1)
+X509 CRT verification #57 (Valid, RSASSA-PSS, SHA-1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #58 (Valid, RSASSA-PSS, SHA-224)
+X509 CRT verification #58 (Valid, RSASSA-PSS, SHA-224)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #59 (Valid, RSASSA-PSS, SHA-256)
+X509 CRT verification #59 (Valid, RSASSA-PSS, SHA-256)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
x509_verify:"data_files/server9-sha256.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha256.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #60 (Valid, RSASSA-PSS, SHA-384)
+X509 CRT verification #60 (Valid, RSASSA-PSS, SHA-384)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C
x509_verify:"data_files/server9-sha384.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha384.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #61 (Valid, RSASSA-PSS, SHA-512)
+X509 CRT verification #61 (Valid, RSASSA-PSS, SHA-512)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C
x509_verify:"data_files/server9-sha512.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha512.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #62 (Revoked, RSASSA-PSS, SHA-1)
+X509 CRT verification #62 (Revoked, RSASSA-PSS, SHA-1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-X509 Certificate verification #63 (Revoked, RSASSA-PSS, SHA-1, CRL badsign)
+X509 CRT verification #63 (Revoked, RSASSA-PSS, SHA-1, CRL badsign)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1-badsign.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #64 (Valid, RSASSA-PSS, SHA-1, not top)
+X509 CRT verification #64 (Valid, RSASSA-PSS, SHA-1, not top)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/server9-with-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #65 (RSASSA-PSS, SHA1, bad cert signature)
+X509 CRT verification #65 (RSASSA-PSS, SHA1, bad cert signature)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #66 (RSASSA-PSS, SHA1, no RSA CA)
+X509 CRT verification #66 (RSASSA-PSS, SHA1, no RSA CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #67 (Valid, RSASSA-PSS, all defaults)
+X509 CRT verification #67 (Valid, RSASSA-PSS, all defaults)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
x509_verify:"data_files/server9-defaults.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #68 (RSASSA-PSS, wrong salt_len)
+X509 CRT verification #68 (RSASSA-PSS, wrong salt_len)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
x509_verify:"data_files/server9-bad-saltlen.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #69 (RSASSA-PSS, wrong mgf_hash)
+X509 CRT verification #69 (RSASSA-PSS, wrong mgf_hash)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
x509_verify:"data_files/server9-bad-mgfhash.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #70 (v1 trusted CA)
+X509 CRT verification #70 (v1 trusted CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
x509_verify:"data_files/server1-v1.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #71 (v1 trusted CA, other)
+X509 CRT verification #71 (v1 trusted CA, other)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
x509_verify:"data_files/server2-v1.crt":"data_files/server1-v1.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #72 (v1 chain)
+X509 CRT verification #72 (v1 chain)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #73 (selfsigned trusted without CA bit)
+X509 CRT verification #73 (selfsigned trusted without CA bit)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #74 (signed by selfsigned trusted without CA bit)
+X509 CRT verification #74 (signed by selfsigned trusted without CA bit)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-X509 Certificate verification #75 (encoding mismatch)
+X509 CRT verification #75 (encoding mismatch)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #76 (multiple CRLs, not revoked)
+X509 CRT verification #76 (multiple CRLs, not revoked)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #77 (multiple CRLs, revoked)
+X509 CRT verification #77 (multiple CRLs, revoked)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-X509 Certificate verification #78 (multiple CRLs, revoked by second)
+X509 CRT verification #78 (multiple CRLs, revoked by second)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-X509 Certificate verification #79 (multiple CRLs, revoked by future)
+X509 CRT verification #79 (multiple CRLs, revoked by future)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
-X509 Certificate verification #80 (multiple CRLs, first future, revoked by second)
+X509 CRT verification #80 (multiple CRLs, first future, revoked by second)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
-X509 Certificate verification #81 (multiple CRLs, none relevant)
+X509 CRT verification #81 (multiple CRLs, none relevant)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #82 (Not yet valid CA and valid CA)
+X509 CRT verification #82 (Not yet valid CA and valid CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #83 (valid CA and Not yet valid CA)
+X509 CRT verification #83 (valid CA and Not yet valid CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #84 (valid CA and Not yet valid CA)
+X509 CRT verification #84 (valid CA and Not yet valid CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #85 (Not yet valid CA and valid CA)
+X509 CRT verification #85 (Not yet valid CA and valid CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #86 (Not yet valid CA and invalid CA)
+X509 CRT verification #86 (Not yet valid CA and invalid CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
-X509 Certificate verification #87 (Expired CA and invalid CA)
+X509 CRT verification #87 (Expired CA and invalid CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
-X509 Certificate verification #88 (Spurious cert in the chain)
+X509 CRT verification #88 (Spurious cert in the chain)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/server7_spurious_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #89 (Spurious cert later in the chain)
+X509 CRT verification #89 (Spurious cert later in the chain)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/server10_int3_spurious_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #90 (EE with same name as trusted root)
+X509 CRT verification #90 (EE with same name as trusted root)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
x509_verify:"data_files/server5-ss-forgeca.crt":"data_files/test-int-ca3.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"":"NULL"
-X509 Certificate verification #91 (same CA with good then bad key)
+X509 CRT verification #91 (same CA with good then bad key)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
x509_verify:"data_files/server1.crt":"data_files/test-ca-good-alt.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #91 (same CA with bad then good key)
+X509 CRT verification #91 (same CA with bad then good key)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
x509_verify:"data_files/server1.crt":"data_files/test-ca-alt-good.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
-X509 Certificate verification #92 (bad name, allowing callback)
+X509 CRT verification #92 (bad name, allowing callback)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all"
-X509 Certificate verification #93 (Suite B invalid, EC cert, RSA CA)
+X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL"
-X509 Certificate verification #94 (Suite B invalid, RSA cert, EC CA)
+X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL"
-X509 Certificate verification #95 (Suite B Valid, EC cert, EC CA)
+X509 CRT verification #95 (Suite B Valid, EC cert, EC CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL"
-X509 Certificate verification #96 (next profile Invalid Cert SHA224 Digest)
+X509 CRT verification #96 (next profile Invalid Cert SHA224 Digest)
depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL"
-X509 Certificate verification #97 (next profile Valid Cert SHA256 Digest)
+X509 CRT verification #97 (next profile Valid Cert SHA256 Digest)
depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_SHA1_C
x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL"
-X509 Certificate verification callback: bad name
+X509 CRT verification with ca callback: failure
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+x509_verify_ca_cb_failure:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":MBEDTLS_ERR_X509_FATAL_ERROR
+
+X509 CRT verification callback: bad name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000004\n"
-X509 Certificate verification callback: trusted EE cert
+X509 CRT verification callback: trusted EE cert
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x00000000\n"
-X509 Certificate verification callback: trusted EE cert, expired
+X509 CRT verification callback: trusted EE cert, expired
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE
x509_verify_callback:"data_files/server5-ss-expired.crt":"data_files/server5-ss-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial D8\:64\:61\:05\:E3\:A3\:CD\:78 - subject C=UK, O=mbed TLS, OU=testsuite, CN=localhost - flags 0x00000001\n"
-X509 Certificate verification callback: simple
+X509 CRT verification callback: simple
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
+x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
-X509 Certificate verification callback: simple, EE expired
+X509 CRT verification callback: simple, EE expired
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify_callback:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n"
-X509 Certificate verification callback: simple, root expired
+X509 CRT verification callback: simple, root expired
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-X509 Certificate verification callback: two trusted roots
+X509 CRT verification callback: two trusted roots
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
+x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
-X509 Certificate verification callback: two trusted roots, reversed order
+X509 CRT verification callback: two trusted roots, reversed order
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
+x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
-X509 Certificate verification callback: root included
+X509 CRT verification callback: root included
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
+x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
-X509 Certificate verification callback: intermediate ca
+X509 CRT verification callback: intermediate ca
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-X509 Certificate verification callback: intermediate ca, root included
+X509 CRT verification callback: intermediate ca, root included
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-X509 Certificate verification callback: intermediate ca trusted
+X509 CRT verification callback: intermediate ca trusted
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-X509 Certificate verification callback: intermediate ca, EE expired
+X509 CRT verification callback: intermediate ca, EE expired
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify_callback:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n"
-X509 Certificate verification callback: intermediate ca, int expired
+X509 CRT verification callback: intermediate ca, int expired
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify_callback:"data_files/server7_int-ca-exp.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-X509 Certificate verification callback: intermediate ca, root expired
+X509 CRT verification callback: intermediate ca, root expired
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
-X509 Certificate verification callback: two intermediates
+X509 CRT verification callback: two intermediates
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
+x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
-X509 Certificate verification callback: two intermediates, root included
+X509 CRT verification callback: two intermediates, root included
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
+x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
-X509 Certificate verification callback: two intermediates, top int trusted
+X509 CRT verification callback: two intermediates, top int trusted
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":"NULL":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
-X509 Certificate verification callback: two intermediates, low int trusted
+X509 CRT verification callback: two intermediates, low int trusted
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":"NULL":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
-X509 Certificate verification callback: no intermediate, bad signature
+X509 CRT verification callback: no intermediate, bad signature
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify_callback:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n"
-X509 Certificate verification callback: one intermediate, bad signature
+X509 CRT verification callback: one intermediate, bad signature
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
x509_verify_callback:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n"
@@ -887,346 +999,907 @@
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_selftest:
-X509 Certificate ASN1 (Incorrect first tag)
+X509 CRT ASN1 (Empty Certificate)
x509parse_crt:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT
-X509 Certificate ASN1 (Correct first tag, data length does not match)
-x509parse_crt:"300000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (inv Certificate, bad tag)
+x509parse_crt:"0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT
-X509 Certificate ASN1 (Correct first tag, no more data)
-x509parse_crt:"3000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (inv Certificate, no length)
+x509parse_crt:"30":"":MBEDTLS_ERR_X509_INVALID_FORMAT
-X509 Certificate ASN1 (Correct first tag, length data incorrect)
+X509 CRT ASN1 (inv Certificate, bad length encoding)
+x509parse_crt:"3085":"":MBEDTLS_ERR_X509_INVALID_FORMAT
+
+X509 CRT ASN1 (inv Certificate, length data incomplete)
+x509parse_crt:"308200":"":MBEDTLS_ERR_X509_INVALID_FORMAT
+
+X509 CRT ASN1 (inv Certificate, length out of bounds)
+x509parse_crt:"3001":"":MBEDTLS_ERR_X509_INVALID_FORMAT
+
+X509 CRT ASN1 (inv TBS, invalid tag)
+x509parse_crt:"30020500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (inv TBS, length missing)
+x509parse_crt:"300130":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (inv TBS, invalid length encoding)
x509parse_crt:"30023085":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-X509 Certificate ASN1 (Correct first tag, length data incomplete)
-x509parse_crt:"30023083":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (inv TBS, length data incomplete)
+x509parse_crt:"300430839999":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (inv TBS, length out of bounds)
+x509parse_crt:"30023003":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS empty)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"30153000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, invalid version tag, serial missing)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"301730020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, valid outer version tag, no outer length)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"30163001a0300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv inner version tag)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"30193004a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, valid inner version tag, no inner length)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"30183003a00102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, valid inner version tag, inv inner length encoding)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"30193004a0020285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, valid inner version tag, inner length too large for int)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"30293014a012021000000000000000000000000000000000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, valid inner version tag, inner vs. outer length mismatch)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"301b3006a00402010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
+X509 CRT ASN1 (TBS, valid version tag, length exceeds TBS)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"30293014a012021100000000000000000000000000000000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, valid version tag + length, unknown version number 3)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"308196308180a0030201038204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
+
+X509 CRT ASN1 (TBS, valid version tag + length, unknown version number 4)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"308196308180a0030201048204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
+
+X509 CRT ASN1 (TBS, valid version tag + length, version number overflow)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"308199308183a00602047FFFFFFF8204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
+
+X509 CRT ASN1 (TBS, serial missing)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"301a3005a003020102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv serial, tag wrong)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"301c3007a0030201020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv serial, length missing)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"301b3006a00302010282300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv serial, inv length encoding)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"301c3007a0030201028285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv serial, length out of bounds)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"301c3007a0030201028201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, AlgID missing)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"3020300ba0030201028204deadbeef300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv AlgID, tag wrong)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"3022300da0030201028204deadbeef0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv AlgID, OID missing)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"307b3073a0030201008204deadbeef3000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff3000030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv AlgID, OID tag wrong)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"307f3075a0030201008204deadbeef30020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020500030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv AlgID, OID inv length encoding)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"307f3075a0030201008204deadbeef30020685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020685030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv AlgID, OID length out of bounds)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"307f3075a0030201008204deadbeef30020601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020601030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv AlgID, OID empty)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020600030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND
+
+X509 CRT ASN1 (TBS, inv AlgID, OID unknown)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30060604deadbeef030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND
+
+X509 CRT ASN1 (TBS, inv AlgID, param inv length encoding)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0685030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv AlgID, param length out of bounds)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0601030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv AlgID, param length mismatch)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"30819a308182a0030201008204deadbeef300f06092a864886f70d01010b06010000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300f06092a864886f70d01010b06010000030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
+X509 CRT ASN1 (TBS, inv AlgID, params present but empty)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0600030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG
+
+X509 CRT ASN1 (TBS, inv AlgID, bad RSASSA-PSS params)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010a3100300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010a3100030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, Issuer missing)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"302f301aa0030201008204deadbeef300d06092a864886f70d01010b0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Issuer, RDNSequence inv tag)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv Issuer, RDNSequence length missing)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"3030301ba0030201008204deadbeef300d06092a864886f70d01010b050030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Issuer, RDNSequence inv length encoding)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv Issuer, RDNSequence length out of bounds)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Issuer, RDNSequence empty)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081893074a0030201028204deadbeef300d06092a864886f70d01010b05003000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Issuer, RDN inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv Issuer, RDN inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023185301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv Issuer, RDN length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023101301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Issuer, RDN empty)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023100301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023085301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023001301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue empty)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv no length data)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b050030053103300106301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020685301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020601301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020600301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG;
+
+X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b050030073105300306000c301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000C85301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000c01301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length mismatch)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300a3108300606000c010000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
+X509 CRT ASN1 (TBS, inv Issuer, 2nd AttributeTypeValue empty)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300e310c300806000c04546573743000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, Validity missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"303d3028a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Validity, inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573740500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv Validity, length field missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"303e3029a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Validity, inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv Validity, length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Validity, notBefore missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30793064a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743000300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Validity, notBefore inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430020500300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv Validity, notBefore no length)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"307a3065a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300117300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Validity, notBefore inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743002178f300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv Validity, notBefore length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430021701300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Validity, notBefore length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430021701300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Validity, notBefore empty)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a3008060013045465737430101700170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE
+
+X509 CRT ASN1 (TBS, inv Validity, notBefore invalid)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE
+
+X509 CRT ASN1 (TBS, inv Validity, notAfter missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300e170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Validity, notAfter inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935390500300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv Validity, notAfter length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300f170c30393132333132333539353917300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Validity, notAfter inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391785300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv Validity, notAfter length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391701300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Validity, notAfter empty)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE
+
+X509 CRT ASN1 (TBS, inv Validity, notAfter invalid)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303931323331323335393539170c303930313031303000000000300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE
+
+X509 CRT ASN1 (TBS, inv Validity, data remaining after 'notAfter')
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303930313031303030303030170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
+X509 CRT ASN1 (TBS, Subject missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"305b3046a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Subject, RDNSequence inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"305c3047a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353900300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv Subject, RDNSequence length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"305c3047a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Subject, RDNSequence inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"305d3048a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv Subject, RDNSequence length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"305d3048a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Subject, RDN inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv Subject, RDN inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023185302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv Subject, RDN length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023101302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Subject, RDN empty)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023100302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023085302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023001302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue empty)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv no length data)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930053103300106302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020685302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type length out of bounds )
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020601302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020600302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG;
+
+X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930073105300306000c302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000C85302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000c01302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length mismatch)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300a3108300606000c010000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
+X509 CRT ASN1 (TBS, inv Subject, 2nd AttributeTypeValue empty)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300e310c300806000c04546573743000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, SubPubKeyInfo missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30693054a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573740500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"306a3055a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, empty)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv algorithm tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"306c3057a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm empty)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm unknown)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010100050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_UNKNOWN_PK_ALG
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"307a3065a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"307b3066a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743010300d06092A864886F70D010101050003300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, no bitstring data)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_DATA
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv bitstring start)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"307d3068a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_DATA
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring length)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv RSA modulus)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, total length mismatch)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301e300d06092A864886F70D0101010500030b0030080202ffff0202ffff0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, check failed)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY
+
+X509 CRT ASN1 (TBS, inv SubPubKeyInfo, check failed, expanded length notation)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY
+
+# We expect an extension parsing error here because the IssuerID is optional.
+# Hence, if we find an ASN.1 tag doesn't match the IssuerID, we assume the
+# IssuerID is skipped and that the tag should hence belong to the next field,
+# namely the v3 extensions. However, the tag the test exercises is a NULL tag,
+# and hence we obtain an INVALID_TAG error during extension parsing.
+X509 CRT ASN1 (TBS, inv IssuerID, inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT ASN1 (TBS, inv IssuerID, length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, inv IssuerID, inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, inv IssuerID, length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (Correct first tag, length data incomplete)
-x509parse_crt:"30023081":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-X509 Certificate ASN1 (Correct first tag, length data incomplete)
-x509parse_crt:"3003308200":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBSCertificate v3, ext CertificatePolicies tag, bool len missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300730050603551d2001010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-X509 Certificate ASN1 (Correct first tag, second tag no TBSCertificate)
-x509parse_crt:"300100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+X509 CRT ASN1 (TBSCertificate v3, ext CertificatePolicies tag, data missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30b300930070603551d20040001010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, no version tag, serial missing)
-x509parse_crt:"3003300100":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+X509 CRT ASN1 (TBSCertificate v3, ext CertificatePolicies tag, data not oid)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081bc3081b9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba32e302c30290603551d2004223020301ea01c06082b06010505070804a010300e06082b060104010901030402022201010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-X509 Certificate ASN1 (TBSCertificate, invalid version tag)
-x509parse_crt:"30053003a00101":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+X509 CRT ASN1 (TBSCertificate v3, ext CertificatePolicies tag, qualifier not complete)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a301f0603551d2004183020301f0603551d200418301630140604551d2000300c300a06082b0601050507020101010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, valid version tag, no length)
-x509parse_crt:"30053003a00102":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBSCertificate v3, ext SubjectAlternativeName malformed)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+x509parse_crt:"30820220308201ffa0030201020209202020202020202020300d06092a864886f70d01010505003045310b30090603202020130220203113301106032020200c0a202020202020202020203121301f06032020200c18202020202020202020202020202020202020202020202020301e170d3134303432333230353034305a170d3137303432323230353034305a3045310b30090603202020130220203113301106032020200c0a202020202020202020203121301f06032020200c1820202020202020202020202020202020202020202020202030819f300d06092a864886f70d010101050003818d003081890281812020202020202020ff20202020202020202020202020202020202020ff202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020ff020320ffffa350304e301d0603202020041620202020202020202020202020202020202020202020301f0603551d11041830169104202020208000be002020202020202020202020202020202020202020202020202020202020202020ff20202020202020202020202020202020202020ff2020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020ff2020ff202020202020202020202020202020ff2020202020202020202020202020202020202020202020202020":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, valid version tag, invalid length)
-x509parse_crt:"30163014a012021000000000000000000000000000000000":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308199308183a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, valid version tag, no serial)
-x509parse_crt:"30073005a003020104":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-X509 Certificate ASN1 (TBSCertificate, invalid length version tag)
-x509parse_crt:"30083006a00402010400":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, incorrect serial tag)
-x509parse_crt:"30083006a00302010400":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+X509 CRT ASN1 (TBS, IssuerID unsupported in v1 CRT)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-X509 Certificate ASN1 (TBSCertificate, incorrect serial length)
-x509parse_crt:"30083006a00302010482":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, SubjectID unsupported in v1 CRT)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-X509 Certificate ASN1 (TBSCertificate, correct serial, no alg)
-x509parse_crt:"300d300ba0030201048204deadbeef":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-X509 Certificate ASN1 (TBSCertificate, correct serial, no alg oid)
-x509parse_crt:"300e300ca0030201048204deadbeef00":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+X509 CRT ASN1 (TBS, inv v3Ext, outer length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819b308185a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, alg oid no data in sequence)
-x509parse_crt:"300f300da0030201048204deadbeef3000":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, outer length inv encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-X509 Certificate ASN1 (TBSCertificate, alg with params)
-x509parse_crt:"30163014a0030201048204deadbeef30070604cafed00d01":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, outer length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, correct alg data, no params unknown version)
-x509parse_crt:"30153013a0030201048204deadbeef30060604cafed00d":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
+X509 CRT ASN1 (TBS, inv v3Ext, outer length 0)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, correct alg data, unknown version)
-x509parse_crt:"30173015a0030201048204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
+X509 CRT ASN1 (TBS, inv v3Ext, inner tag invalid)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-X509 Certificate ASN1 (TBSCertificate, correct alg data, length mismatch)
-x509parse_crt:"30183016a0030201048204deadbeef30090604cafed00d050000":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+X509 CRT ASN1 (TBS, inv v3Ext, inner length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819d308187a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, correct alg, unknown alg_id)
-x509parse_crt:"30173015a0030201028204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND
+X509 CRT ASN1 (TBS, inv v3Ext, inner length inv encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-X509 Certificate ASN1 (TBSCertificate, correct alg, specific alg_id)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101020500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, inner length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, correct alg, unknown specific alg_id)
-x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101010500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND
+X509 CRT ASN1 (TBS, inv v3Ext, inner/outer length mismatch)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a303300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-X509 Certificate ASN1 (TBSCertificate, correct alg, bad RSASSA-PSS params)
-depends_on:MBEDTLS_X509_RSASSA_PSS_SUPPORT
-x509parse_crt:"30193017A003020102020118300D06092A864886F70D01010A3100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+X509 CRT ASN1 (TBS, inv v3Ext, first ext inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-X509 Certificate ASN1 (TBSCertificate, issuer no set data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"301e301ca0030201028204deadbeef300d06092a864886f70d01010205003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, first ext length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a303300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, issuer no inner seq data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"3020301ea0030201028204deadbeef300d06092a864886f70d010102050030023100":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, inv first ext length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-X509 Certificate ASN1 (TBSCertificate, issuer no inner set data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30223020a0030201028204deadbeef300d06092a864886f70d0101020500300431023000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, first ext length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, issuer two inner set datas)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+X509 CRT ASN1 (TBS, inv v3Ext, first ext empty)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, issuer no oid data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430020600":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-X509 Certificate ASN1 (TBSCertificate, issuer invalid tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600060454657374":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a130818ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, issuer, no string data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30253023a0030201028204deadbeef300d06092a864886f70d0101020500300731053003060013":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-X509 Certificate ASN1 (TBSCertificate, issuer, no full following string)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"302b3029a0030201028204deadbeef300d06092a864886f70d0101020500300d310b3009060013045465737400":"":MBEDTLS_ERR_X509_INVALID_NAME+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, valid issuer, no validity)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, no extnValue)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, too much date data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301d170c303930313031303030303030170c30393132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+X509 CRT ASN1 (TBS, inv v3Ext, inv critical tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-X509 Certificate ASN1 (TBSCertificate, invalid from date)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30483046a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323300000000":"":MBEDTLS_ERR_X509_INVALID_DATE
+X509 CRT ASN1 (TBS, inv v3Ext, critical length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a330818da0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30730053003060001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, invalid to date)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30483046a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323300000000":"":MBEDTLS_ERR_X509_INVALID_DATE
+X509 CRT ASN1 (TBS, inv v3Ext, critical inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-X509 Certificate ASN1 (TBSCertificate, valid validity, no subject)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, critical length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, valid subject, no pubkeyinfo)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, critical length 0)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-X509 Certificate ASN1 (TBSCertificate, pubkey, no alg)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30583056a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, critical length 2)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30a30083006060001020000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-X509 Certificate ASN1 (TBSCertificate, valid subject, unknown pk alg)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500":"":MBEDTLS_ERR_PK_UNKNOWN_PK_ALG
+X509 CRT ASN1 (TBS, inv v3Ext, extnValue inv tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, extnValue length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30a30083006060001010004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, extnValue length inv encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-X509 Certificate ASN1 (TBSCertificate, pubkey, invalid bitstring start)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, extnValue length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring length)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+X509 CRT ASN1 (TBS, inv v3Ext, data remaining after extnValue)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b3009060001010004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+X509 CRT ASN1 (TBS, inv extBasicConstraint, no pathlen length)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d130101010406300402010102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, pubkey, invalid mbedtls_mpi)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-X509 Certificate ASN1 (TBSCertificate, pubkey, total length mismatch)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30753073a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300d06092A864886F70D0101010500030b0030080202ffff0202ffff00":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate, pubkey, check failed)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY
+X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen empty)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-X509 Certificate ASN1 (TBSCertificate, pubkey, check failed, expanded length notation)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY
+X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen length mismatch)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081b430819ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a318301630140603551d13010101040a30080201010201010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-X509 Certificate ASN1 (TBSCertificate v3, Optional UIDs, Extensions not present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, ExtKeyUsage bad second tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d250416301406082b0601050507030107082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-X509 Certificate ASN1 (TBSCertificate v3, issuerID wrong tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308184308181a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff00":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a340303e301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS
-X509 Certificate ASN1 (TBSCertificate v3, UIDs, no ext)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bb":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, inv v3Ext, ExtKeyUsage repeated)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS
-X509 Certificate ASN1 (TBSCertificate v3, UIDs, invalid length)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa185aaa201bb":"":MBEDTLS_ERR_ASN1_INVALID_LENGTH
+X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated outside Extensions)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-X509 Certificate ASN1 (TBSCertificate v3, ext empty)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30818b308188a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba300":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, valid v3Ext in v1 CRT)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-X509 Certificate ASN1 (TBSCertificate v3, ext length mismatch)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30818e30818ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba303300000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+X509 CRT ASN1 (TBS, valid v3Ext in v2 CRT)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-X509 Certificate ASN1 (TBSCertificate v3, first ext invalid)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30818f30818ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30330023000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (TBS, valid SubjectID, valid IssuerID, inv v3Ext, SubjectAltName repeated outside Extensions, inv SubjectAltNames tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+x509parse_crt:"308203723082025aa003020102020111300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3132303531303133323334315a170d3232303531313133323334315a303a310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c311830160603550403130f7777772e6578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b93c4ac5c8a38e9017a49e52aa7175266180e7c7b56d8cffaab64126b7be11ad5c73160c64114804ffd6e13b05db89bbb39709d51c14dd688739b03d71cbe276d01ad8182d801b54f6e5449af1cbaf612edf490d9d09b7edb1fd3cfd3cfa24cf5dbf7ce453e725b5ea4422e926d3ea20949ee66167ba2e07670b032fa209edf0338f0bce10ef67a4c608dac1edc23fd74add153df95e1c8160463eb5b33d2fa6de471cbc92aeebdf276b1656b7dcecd15557a56eec7525f5b77bdfabd23a5a91987d97170b130aa76b4a8bc14730fb3af84104d5c1dfb81dbf7b01a565a2e01e36b7a65ccc305af8cd6fcdf1196225ca01e3357ffa20f5dcfd69b26a007d17f70203010001a38181307f30090603551d1304023000301d0603551d0e041604147de49c6be6f9717d46d2123dad6b1dfdc2aa784c301f0603551d23041830168014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30320603551d11042b3029c20b6578616d706c652e636f6d820b6578616d706c652e6e6574820d2a2e6578616d706c652e6f7267300d06092a864886f70d010105050003820101004f09cb7ad5eef5ef620ddc7ba285d68cca95b46bda115b92007513b9ca0bceeafbc31fe23f7f217479e2e6bcda06e52f6ff655c67339cf48bc0d2f0cd27a06c34a4cd9485da0d07389e4d4851d969a0e5799c66f1d21271f8d0529e840ae823968c39707cf3c934c1adf2fa6a455487f7c8c1ac922da24cd9239c68aecb08df5698267cb04eede534196c127dc2ffe33fad30eb8d432a9842853a5f0d189d5a298e71691bb9cc0418e8c58acffe3dd2e7aabb0b97176ad0f2733f7a929d3c076c0bf06407c0ed5a47c8ae2326e16aeda641fb0557cdbddf1a4ba447cb39958d2346e00ea976c143af2101e0aa249107601f4f2c818fdcc6346128b091bf194e6":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-X509 Certificate ASN1 (TBSCertificate v3, first ext invalid tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30819030818da0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba3043002310000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+X509 CRT ASN1 (SignatureAlgorithm missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081aa3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, bool len missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (inv SignatureAlgorithm, bad tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573740500":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, data missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30080603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (inv SignatureAlgorithm, length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081ab3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e7465737430":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no octet present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30d300b30090603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+X509 CRT ASN1 (inv SignatureAlgorithm, inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743085":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet data missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30819c308199a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba311300f300d0603551d130101010403300100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+X509 CRT ASN1 (inv SignatureAlgorithm, length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743001":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no pathlen)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30819f30819ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba314301230100603551d130101010406300402010102":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (inv SignatureAlgorithm, not the same as SignatureAlgorithm in TBS)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010a0500030200ff":"":MBEDTLS_ERR_X509_SIG_MISMATCH
-X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet len mismatch)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+X509 CRT ASN1 (Signature missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081b93081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (ExtKeyUsage, bad second tag)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-x509parse_crt:"3081de3081dba003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d250416301406082b0601050507030107082b06010505070302":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+X509 CRT ASN1 (inv Signature, bad tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000500":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-X509 Certificate ASN1 (SubjectAltName repeated)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-x509parse_crt:"3081fd3081faa003020102020900a8b31ff37d09a37f300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313231333731365a170d3234313130383231333731365a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+X509 CRT ASN1 (inv Signature, length missing)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081ba3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b050003":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (ExtKeyUsage repeated)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-x509parse_crt:"3081fd3081faa003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+X509 CRT ASN1 (inv Signature, inv length encoding)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000385":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_INVALID_LENGTH
-X509 Certificate ASN1 (correct pubkey, no sig_alg)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (inv Signature, length out of bounds)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000301":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
-X509 Certificate ASN1 (sig_alg mismatch)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0102020500":"":MBEDTLS_ERR_X509_SIG_MISMATCH
+X509 CRT ASN1 (inv Signature, empty)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000300":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_INVALID_DATA
-X509 Certificate ASN1 (sig_alg, no sig)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (inv Signature, inv data)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030100":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_INVALID_DATA
-X509 Certificate ASN1 (signature, invalid sig data)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308195308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030100":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_INVALID_DATA
+X509 CRT ASN1 (inv Signature, length mismatch)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081be3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff00":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-X509 Certificate ASN1 (signature, data left)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff00":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+X509 CRT ASN1 (well-formed)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0
-X509 Certificate ASN1 (correct)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
+X509 CRT ASN1 (GeneralizedTime in notBefore, UTCTime in notAfter)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2010-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0
-X509 Certificate ASN1 (GeneralizedTime instead of UTCTime)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2010-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
+X509 CRT ASN1 (UTCTime in notBefore, GeneralizedTime in notAfter)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303931323331323335393539180e3230313030313031303030303030300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-12-31 23\:59\:59\nexpires on \: 2010-01-01 00\:00\:00\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0
-X509 Certificate ASN1 (Name with X520 CN)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: CN=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
+X509 CRT ASN1 (Name with X520 CN)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: CN=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0
-X509 Certificate ASN1 (Name with X520 C)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: C=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
+X509 CRT ASN1 (Name with X520 C)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: C=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0
-X509 Certificate ASN1 (Name with X520 L)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: L=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
+X509 CRT ASN1 (Name with X520 L)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: L=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0
-X509 Certificate ASN1 (Name with X520 ST)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ST=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
+X509 CRT ASN1 (Name with X520 ST)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ST=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0
-X509 Certificate ASN1 (Name with X520 O)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: O=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
+X509 CRT ASN1 (Name with X520 O)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: O=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0
-X509 Certificate ASN1 (Name with X520 OU)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: OU=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
+X509 CRT ASN1 (Name with X520 OU)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: OU=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0
-X509 Certificate ASN1 (Name with unknown X520 part)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
+X509 CRT ASN1 (Name with unknown X520 part)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0
-X509 Certificate ASN1 (Name with composite RDN)
+X509 CRT ASN1 (Name with composite RDN)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d01010505003056310b3009060355040613025553310b300906035504080c0243413121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643117301506035504030c0e4672616e6b656e63657274204341301e170d3133303830323135313433375a170d3135303831373035353433315a3081d1310b3009060355040613025553311330110603550408130a57617368696e67746f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311a3018060355040a1311417574686f72697a652e4e6574204c4c43311d301b060355040f131450726976617465204f7267616e697a6174696f6e312a300e06035504051307343336393139313018060355040313117777772e617574686f72697a652e6e6574311630140603550407130d53616e204672616e636973636f30819f300d06092a864886f70d010101050003818d0030818902818100d885c62e209b6ac005c64f0bcfdaac1f2b67a18802f75b08851ff933deed888b7b68a62fcabdb21d4a8914becfeaaa1b7e08a09ffaf9916563586dc95e2877262b0b5f5ec27eb4d754aa6facd1d39d25b38a2372891bacdd3e919f791ed25704e8920e380e5623a38e6a23935978a3aec7a8e761e211d42effa2713e44e7de0b0203010001300d06092a864886f70d010105050003818100092f7424d3f6da4b8553829d958ed1980b9270b42c0d3d5833509a28c66bb207df9f3c51d122065e00b87c08c2730d2745fe1c279d16fae4d53b4bf5bdfa3631fceeb2e772b6b08a3eca5a2e2c687aefd23b4b73bf77ac6099711342cf070b35c6f61333a7cbf613d8dd4bd73e9df34bcd4284b0b4df57c36c450613f11e5dac":"cert. version \: 3\nserial number \: 4C\:20\:E3\:BD\nissuer name \: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=Frankencert CA\nsubject name \: C=US, ST=Washington, ??=US, ??=Delaware, O=Authorize.Net LLC, ??=Private Organization, serialNumber=4369191 + CN=www.authorize.net, L=San Francisco\nissued on \: 2013-08-02 15\:14\:37\nexpires on \: 2015-08-17 05\:54\:31\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\n":0
-X509 Certificate ASN1 (Name with PKCS9 email)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
+X509 CRT ASN1 (Name with PKCS9 email)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0
-X509 Certificate ASN1 (Name with unknown PKCS9 part)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
+X509 CRT ASN1 (Name with unknown PKCS9 part)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0
-X509 Certificate ASN1 (ECDSA signature, RSA key)
+X509 CRT ASN1 (ECDSA signature, RSA key)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C
-x509parse_crt:"3081E630819E020103300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343631385A170D3233303730383039343631385A300F310D300B0603550403130454657374304C300D06092A864886F70D0101010500033B003038023100E8F546061D3B49BC2F6B7524B7EA4D73A8D5293EE8C64D9407B70B5D16BAEBC32B8205591EAB4E1EB57E9241883701250203010001300906072A8648CE3D0401033800303502186E18209AFBED14A0D9A796EFCAD68891E3CCD5F75815C833021900E92B4FD460B1994693243B9FFAD54729DE865381BDA41D25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0
+x509parse_crt:"3081e630819e020103300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343631385a170d3233303730383039343631385a300f310d300b0603550403130454657374304c300d06092a864886f70d0101010500033b003038023100e8f546061d3b49bc2f6b7524b7ea4d73a8d5293ee8c64d9407b70b5d16baebc32b8205591eab4e1eb57e9241883701250203010001300906072a8648ce3d0401033800303502186e18209afbed14a0d9a796efcad68891e3ccd5f75815c833021900e92b4fd460b1994693243b9ffad54729de865381bda41d25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0
-X509 Certificate ASN1 (ECDSA signature, EC key)
+X509 CRT ASN1 (ECDSA signature, EC key)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C
-x509parse_crt:"3081EB3081A3020900F41534662EC7E912300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343031395A170D3233303730383039343031395A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D030101033200042137969FABD4E370624A0E1A33E379CAB950CCE00EF8C3C3E2ADAEB7271C8F07659D65D3D777DCF21614363AE4B6E617300906072A8648CE3D04010338003035021858CC0F957946FE6A303D92885A456AA74C743C7B708CBD37021900FE293CAC21AF352D16B82EB8EA54E9410B3ABAADD9F05DD6":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:40\:19\nexpires on \: 2023-07-08 09\:40\:19\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n":0
+x509parse_crt:"3081eb3081a3020900f41534662ec7e912300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343031395a170d3233303730383039343031395a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d030101033200042137969fabd4e370624a0e1a33e379cab950cce00ef8c3c3e2adaeb7271c8f07659d65d3d777dcf21614363ae4b6e617300906072a8648ce3d04010338003035021858cc0f957946fe6a303d92885a456aa74c743c7b708cbd37021900fe293cac21af352d16b82eb8ea54e9410b3abaadd9f05dd6":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:40\:19\nexpires on \: 2023-07-08 09\:40\:19\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n":0
-X509 Certificate ASN1 (RSA signature, EC key)
+X509 CRT ASN1 (RSA signature, EC key)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0
-
-X509 Certificate ASN1 (invalid version 3)
-x509parse_crt:"30173015a0030201038204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 Certificate ASN1 (invalid version overflow)
-x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
-
-X509 Certificate ASN1 (invalid SubjectAltNames tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509parse_crt:"308203723082025AA003020102020111300D06092A864886F70D0101050500303B310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C3119301706035504031310506F6C617253534C2054657374204341301E170D3132303531303133323334315A170D3232303531313133323334315A303A310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C311830160603550403130F7777772E6578616D706C652E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100B93C4AC5C8A38E9017A49E52AA7175266180E7C7B56D8CFFAAB64126B7BE11AD5C73160C64114804FFD6E13B05DB89BBB39709D51C14DD688739B03D71CBE276D01AD8182D801B54F6E5449AF1CBAF612EDF490D9D09B7EDB1FD3CFD3CFA24CF5DBF7CE453E725B5EA4422E926D3EA20949EE66167BA2E07670B032FA209EDF0338F0BCE10EF67A4C608DAC1EDC23FD74ADD153DF95E1C8160463EB5B33D2FA6DE471CBC92AEEBDF276B1656B7DCECD15557A56EEC7525F5B77BDFABD23A5A91987D97170B130AA76B4A8BC14730FB3AF84104D5C1DFB81DBF7B01A565A2E01E36B7A65CCC305AF8CD6FCDF1196225CA01E3357FFA20F5DCFD69B26A007D17F70203010001A38181307F30090603551D1304023000301D0603551D0E041604147DE49C6BE6F9717D46D2123DAD6B1DFDC2AA784C301F0603551D23041830168014B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF30320603551D11042B3029C20B6578616D706C652E636F6D820B6578616D706C652E6E6574820D2A2E6578616D706C652E6F7267300D06092A864886F70D010105050003820101004F09CB7AD5EEF5EF620DDC7BA285D68CCA95B46BDA115B92007513B9CA0BCEEAFBC31FE23F7F217479E2E6BCDA06E52F6FF655C67339CF48BC0D2F0CD27A06C34A4CD9485DA0D07389E4D4851D969A0E5799C66F1D21271F8D0529E840AE823968C39707CF3C934C1ADF2FA6A455487F7C8C1AC922DA24CD9239C68AECB08DF5698267CB04EEDE534196C127DC2FFE33FAD30EB8D432A9842853A5F0D189D5A298E71691BB9CC0418E8C58ACFFE3DD2E7AABB0B97176AD0F2733F7A929D3C076C0BF06407C0ED5A47C8AE2326E16AEDA641FB0557CDBDDF1A4BA447CB39958D2346E00EA976C143AF2101E0AA249107601F4F2C818FDCC6346128B091BF194E6":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"3081e430819f020104300d06092a864886f70d0101050500300f310d300b0603550403130454657374301e170d3133303731303135303233375a170d3233303730383135303233375a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d03010103320004e962551a325b21b50cf6b990e33d4318fd16677130726357a196e3efe7107bcb6bdc6d9db2a4df7c964acfe81798433d300d06092a864886f70d01010505000331001a6c18cd1e457474b2d3912743f44b571341a7859a0122774a8e19a671680878936949f904c9255bdd6fffdb33a7e6d8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0
X509 CRL ASN1 (Incorrect first tag)
x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT
@@ -1296,7 +1969,7 @@
x509parse_crl:"30463031020102300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
X509 CRL ASN1 (invalid version overflow)
-x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
+x509parse_crl:"3049303102047fffffff300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
X509 CRL ASN1 (extension seq too long, crl-idp.pem byte 121)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
@@ -1451,100 +2124,100 @@
mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca2.crt":-1:-4:"":8
X509 OID description #1
-x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication"
+x509_oid_desc:"2b06010505070301":"TLS Web Server Authentication"
X509 OID description #2
-x509_oid_desc:"2B0601050507030f":"notfound"
+x509_oid_desc:"2b0601050507030f":"notfound"
X509 OID description #3
-x509_oid_desc:"2B0601050507030100":"notfound"
+x509_oid_desc:"2b0601050507030100":"notfound"
X509 OID numstring #1 (wide buffer)
-x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":20:17
+x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":20:17
X509 OID numstring #2 (buffer just fits)
-x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":18:17
+x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":18:17
X509 OID numstring #3 (buffer too small)
-x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":17:MBEDTLS_ERR_OID_BUF_TOO_SMALL
+x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":17:MBEDTLS_ERR_OID_BUF_TOO_SMALL
X509 OID numstring #4 (larger number)
-x509_oid_numstr:"2A864886F70D":"1.2.840.113549":15:14
+x509_oid_numstr:"2a864886f70d":"1.2.840.113549":15:14
X509 OID numstring #5 (arithmetic overflow)
-x509_oid_numstr:"2A8648F9F8F7F6F5F4F3F2F1F001":"":100:MBEDTLS_ERR_OID_BUF_TOO_SMALL
+x509_oid_numstr:"2a8648f9f8f7f6f5f4f3f2f1f001":"":100:MBEDTLS_ERR_OID_BUF_TOO_SMALL
-X509 crt keyUsage #1 (no extension, expected KU)
+X509 CRT keyUsage #1 (no extension, expected KU)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
-X509 crt keyUsage #2 (no extension, surprising KU)
+X509 CRT keyUsage #2 (no extension, surprising KU)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:0
-X509 crt keyUsage #3 (extension present, no KU)
+X509 CRT keyUsage #3 (extension present, no KU)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_check_key_usage:"data_files/server1.key_usage.crt":0:0
-X509 crt keyUsage #4 (extension present, single KU present)
+X509 CRT keyUsage #4 (extension present, single KU present)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE:0
-X509 crt keyUsage #5 (extension present, single KU absent)
+X509 CRT keyUsage #5 (extension present, single KU absent)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA
-X509 crt keyUsage #6 (extension present, combined KU present)
+X509 CRT keyUsage #6 (extension present, combined KU present)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
-X509 crt keyUsage #7 (extension present, combined KU both absent)
+X509 CRT keyUsage #7 (extension present, combined KU both absent)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN|MBEDTLS_X509_KU_CRL_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA
-X509 crt keyUsage #8 (extension present, combined KU one absent)
+X509 CRT keyUsage #8 (extension present, combined KU one absent)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_KEY_AGREEMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA
-X509 crt keyUsage #9 (extension present, decOnly allowed absent)
+X509 CRT keyUsage #9 (extension present, decOnly allowed absent)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0
-X509 crt keyUsage #10 (extension present, decOnly non-allowed present)
+X509 CRT keyUsage #10 (extension present, decOnly non-allowed present)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_check_key_usage:"data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA
-X509 crt keyUsage #11 (extension present, decOnly allowed present)
+X509 CRT keyUsage #11 (extension present, decOnly allowed present)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_check_key_usage:"data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0
-X509 crt extendedKeyUsage #1 (no extension, serverAuth)
+X509 CRT extendedKeyUsage #1 (no extension, serverAuth)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.crt":"2B06010505070301":0
+x509_check_extended_key_usage:"data_files/server5.crt":"2b06010505070301":0
-X509 crt extendedKeyUsage #2 (single value, present)
+X509 CRT extendedKeyUsage #2 (single value, present)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-srv.crt":"2B06010505070301":0
+x509_check_extended_key_usage:"data_files/server5.eku-srv.crt":"2b06010505070301":0
-X509 crt extendedKeyUsage #3 (single value, absent)
+X509 CRT extendedKeyUsage #3 (single value, absent)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-cli.crt":"2B06010505070301":MBEDTLS_ERR_X509_BAD_INPUT_DATA
+x509_check_extended_key_usage:"data_files/server5.eku-cli.crt":"2b06010505070301":MBEDTLS_ERR_X509_BAD_INPUT_DATA
-X509 crt extendedKeyUsage #4 (two values, first)
+X509 CRT extendedKeyUsage #4 (two values, first)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070301":0
+x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2b06010505070301":0
-X509 crt extendedKeyUsage #5 (two values, second)
+X509 CRT extendedKeyUsage #5 (two values, second)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070302":0
+x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2b06010505070302":0
-X509 crt extendedKeyUsage #6 (two values, other)
+X509 CRT extendedKeyUsage #6 (two values, other)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070303":MBEDTLS_ERR_X509_BAD_INPUT_DATA
+x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2b06010505070303":MBEDTLS_ERR_X509_BAD_INPUT_DATA
-X509 crt extendedKeyUsage #7 (any, random)
+X509 CRT extendedKeyUsage #7 (any, random)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_check_extended_key_usage:"data_files/server5.eku-cs_any.crt":"2B060105050703FF":0
+x509_check_extended_key_usage:"data_files/server5.eku-cs_any.crt":"2b060105050703ff":0
X509 RSASSA-PSS parameters ASN1 (good, all defaults)
x509_parse_rsassa_pss_params:"":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
@@ -1553,113 +2226,113 @@
x509_parse_rsassa_pss_params:"":MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 RSASSA-PSS parameters ASN1 (unknown tag in top-level sequence)
-x509_parse_rsassa_pss_params:"A400":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509_parse_rsassa_pss_params:"a400":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 RSASSA-PSS parameters ASN1 (good, HashAlg SHA256)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A00D300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:0
+x509_parse_rsassa_pss_params:"a00d300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:0
X509 RSASSA-PSS parameters ASN1 (good, explicit HashAlg = default)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_parse_rsassa_pss_params:"A009300706052B0E03021A":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
+x509_parse_rsassa_pss_params:"a009300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #1)
-x509_parse_rsassa_pss_params:"A00A300706052B0E03021A":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_rsassa_pss_params:"a00a300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #2)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_parse_rsassa_pss_params:"A00A300706052B0E03021A00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509_parse_rsassa_pss_params:"a00a300706052b0e03021a00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 RSASSA-PSS parameters ASN1 (HashAlg with parameters)
-x509_parse_rsassa_pss_params:"A00F300D06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_INVALID_DATA
+x509_parse_rsassa_pss_params:"a00f300d06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_INVALID_DATA
X509 RSASSA-PSS parameters ASN1 (HashAlg unknown OID)
-x509_parse_rsassa_pss_params:"A00D300B06096086480165030402FF":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_OID_NOT_FOUND
+x509_parse_rsassa_pss_params:"a00d300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_OID_NOT_FOUND
X509 RSASSA-PSS parameters ASN1 (good, MGAlg = MGF1-SHA256)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0
+x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0
X509 RSASSA-PSS parameters ASN1 (good, explicit MGAlg = default)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_parse_rsassa_pss_params:"A116301406092A864886F70D010108300706052B0E03021A":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
+x509_parse_rsassa_pss_params:"a116301406092a864886f70d010108300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #1)
-x509_parse_rsassa_pss_params:"A11B301806092A864886F70D010108300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_rsassa_pss_params:"a11b301806092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #2)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A11B301806092A864886F70D010108300B060960864801650304020100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509_parse_rsassa_pss_params:"a11b301806092a864886f70d010108300b060960864801650304020100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 RSASSA-PSS parameters ASN1 (MGAlg AlgId wrong len #1)
-x509_parse_rsassa_pss_params:"A11A301906092A864886F70D010108300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_rsassa_pss_params:"a11a301906092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 RSASSA-PSS parameters ASN1 (MGAlg OID != MGF1)
-x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010109300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE + MBEDTLS_ERR_OID_NOT_FOUND
+x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010109300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE + MBEDTLS_ERR_OID_NOT_FOUND
X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong tag)
-x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108310B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108310b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1a)
-x509_parse_rsassa_pss_params:"A10F300D06092A864886F70D0101083000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_rsassa_pss_params:"a10f300d06092a864886f70d0101083000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1b)
-x509_parse_rsassa_pss_params:"A11B301906092A864886F70D010108300C0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_rsassa_pss_params:"a11b301906092a864886f70d010108300c0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg not an OID)
-x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108300B0709608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b0709608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg unknown OID)
-x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108300B06096086480165030402FF":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_OID_NOT_FOUND
+x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_OID_NOT_FOUND
X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params NULL)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A11C301A06092A864886F70D010108300D06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0
+x509_parse_rsassa_pss_params:"a11c301a06092a864886f70d010108300d06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0
X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params wrong tag)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A11C301A06092A864886F70D010108300D06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_parse_rsassa_pss_params:"a11c301a06092a864886f70d010108300d06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1c)
-x509_parse_rsassa_pss_params:"A11D301B06092A864886F70D010108300E06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_rsassa_pss_params:"a11d301b06092a864886f70d010108300e06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #2)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_rsassa_pss_params:"A11D301B06092A864886F70D010108300E0609608648016503040201050000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509_parse_rsassa_pss_params:"a11d301b06092a864886f70d010108300e0609608648016503040201050000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 RSASSA-PSS parameters ASN1 (good, saltLen = 94)
-x509_parse_rsassa_pss_params:"A20302015E":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:0
+x509_parse_rsassa_pss_params:"a20302015e":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:0
X509 RSASSA-PSS parameters ASN1 (good, explicit saltLen = default)
-x509_parse_rsassa_pss_params:"A203020114":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
+x509_parse_rsassa_pss_params:"a203020114":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
X509 RSASSA-PSS parameters ASN1 (saltLen wrong len #1)
-x509_parse_rsassa_pss_params:"A20402015E":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_rsassa_pss_params:"a20402015e":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 RSASSA-PSS parameters ASN1 (saltLen wrong len #2)
-x509_parse_rsassa_pss_params:"A20402015E00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509_parse_rsassa_pss_params:"a20402015e00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 RSASSA-PSS parameters ASN1 (saltLen not an int)
-x509_parse_rsassa_pss_params:"A2023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_parse_rsassa_pss_params:"a2023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 RSASSA-PSS parameters ASN1 (good, explicit trailerField = default)
-x509_parse_rsassa_pss_params:"A303020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
+x509_parse_rsassa_pss_params:"a303020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0
X509 RSASSA-PSS parameters ASN1 (trailerField wrong len #1)
-x509_parse_rsassa_pss_params:"A304020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_rsassa_pss_params:"a304020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 RSASSA-PSS parameters ASN1 (trailerField wrong len #2)
-x509_parse_rsassa_pss_params:"A30402010100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509_parse_rsassa_pss_params:"a30402010100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 RSASSA-PSS parameters ASN1 (trailerField not an int)
-x509_parse_rsassa_pss_params:"A3023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_parse_rsassa_pss_params:"a3023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 RSASSA-PSS parameters ASN1 (trailerField not 1)
-x509_parse_rsassa_pss_params:"A303020102":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG
+x509_parse_rsassa_pss_params:"a303020102":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG
X509 CSR ASN.1 (OK)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_parse:"308201183081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0
+mbedtls_x509_csr_parse:"308201183081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0
X509 CSR ASN.1 (bad first tag)
mbedtls_x509_csr_parse:"3100":"":MBEDTLS_ERR_X509_INVALID_FORMAT
@@ -1692,63 +2365,63 @@
mbedtls_x509_csr_parse:"3009300702010030023000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (bad CRI.Name payload: overlong)
-mbedtls_x509_csr_parse:"300A30080201003002310100":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"300a30080201003002310100":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad SubjectPublicKeyInfo: missing)
-mbedtls_x509_csr_parse:"30143012020100300D310B3009060355040613024E4C":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"30143012020100300d310b3009060355040613024e4c":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad SubjectPublicKeyInfo: not a sequence)
-mbedtls_x509_csr_parse:"30163014020100300D310B3009060355040613024E4C3100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse:"30163014020100300d310b3009060355040613024e4c3100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (bad SubjectPublicKeyInfo: overlong)
-mbedtls_x509_csr_parse:"30173014020100300D310B3009060355040613024E4C300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"30173014020100300d310b3009060355040613024e4c300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad attributes: missing)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081973081940201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"3081973081940201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad attributes: bad tag)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081993081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse:"3081993081960201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (bad attributes: overlong)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"30819A3081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA00100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"30819a3081960201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa00100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad sigAlg: missing)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081C23081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"3081c23081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad sigAlg: not a sequence)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse:"3081c43081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e03100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (bad sigAlg: overlong)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03001":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"3081c43081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e03001":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad sigAlg: unknown)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04FF":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
+mbedtls_x509_csr_parse:"3081cd3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04ff":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
X509 CSR ASN.1 (bad sig: missing)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D0401":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"3081cd3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d0401":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad sig: not a bit string)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010400":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse:"3081cf3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010400":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (bad sig: overlong)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010301":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse:"3081cf3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010301":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (extra data after signature)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+mbedtls_x509_csr_parse:"308201193081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 CSR ASN.1 (invalid version overflow)
-mbedtls_x509_csr_parse:"3008300602047FFFFFFF":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
+mbedtls_x509_csr_parse:"3008300602047fffffff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
X509 File parse (no issues)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
@@ -1877,3 +2550,91 @@
X509 Get time (Generalized Time invalid leap year not multiple of 4, 100 or 400)
depends_on:MBEDTLS_X509_USE_C
x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19910229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
+
+X509 CRT verify restart: trusted EE, max_ops=0 (disabled)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:0:0:0
+
+X509 CRT verify restart: trusted EE, max_ops=1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:1:0:0
+
+X509 CRT verify restart: no intermediate, max_ops=0 (disabled)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:0:0:0
+
+X509 CRT verify restart: no intermediate, max_ops=1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:1:100:10000
+
+X509 CRT verify restart: no intermediate, max_ops=40000
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:40000:0:0
+
+X509 CRT verify restart: no intermediate, max_ops=500
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:500:20:80
+
+X509 CRT verify restart: no intermediate, badsign, max_ops=0 (disabled)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0
+
+X509 CRT verify restart: no intermediate, badsign, max_ops=1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000
+
+X509 CRT verify restart: no intermediate, badsign, max_ops=40000
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:40000:0:0
+
+X509 CRT verify restart: no intermediate, badsign, max_ops=500
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:20:80
+
+X509 CRT verify restart: one int, max_ops=0 (disabled)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:0:0:0
+
+X509 CRT verify restart: one int, max_ops=1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:1:100:10000
+
+X509 CRT verify restart: one int, max_ops=30000
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:30000:0:0
+
+X509 CRT verify restart: one int, max_ops=500
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:500:25:100
+
+X509 CRT verify restart: one int, EE badsign, max_ops=0 (disabled)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0
+
+X509 CRT verify restart: one int, EE badsign, max_ops=1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000
+
+X509 CRT verify restart: one int, EE badsign, max_ops=30000
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0
+
+X509 CRT verify restart: one int, EE badsign, max_ops=500
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100
+
+X509 CRT verify restart: one int, int badsign, max_ops=0 (disabled)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0
+
+X509 CRT verify restart: one int, int badsign, max_ops=1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000
+
+X509 CRT verify restart: one int, int badsign, max_ops=30000
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0
+
+X509 CRT verify restart: one int, int badsign, max_ops=500
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
+x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 06f0108..85ff41d 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -1,4 +1,5 @@
/* BEGIN_HEADER */
+#include "mbedtls/bignum.h"
#include "mbedtls/x509.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_crl.h"
@@ -6,6 +7,7 @@
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
#include "mbedtls/base64.h"
+#include "string.h"
#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
@@ -13,6 +15,15 @@
adapt the script tests/data_files/dir-max/long.sh."
#endif
+/* Test-only profile allowing all digests, PK algorithms, and curves. */
+const mbedtls_x509_crt_profile profile_all =
+{
+ 0xFFFFFFFF, /* Any MD */
+ 0xFFFFFFFF, /* Any PK alg */
+ 0xFFFFFFFF, /* Any curve */
+ 1024,
+};
+
/* Profile for backward compatibility. Allows SHA-1, unlike the default
profile. */
const mbedtls_x509_crt_profile compat_profile =
@@ -66,6 +77,71 @@
return 0;
}
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+int ca_callback_fail( void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates )
+{
+ ((void) data);
+ ((void) child);
+ ((void) candidates);
+
+ return -1;
+}
+
+int ca_callback( void *data, mbedtls_x509_crt const *child,
+ mbedtls_x509_crt **candidates )
+{
+ int ret = 0;
+ mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
+ mbedtls_x509_crt *first;
+
+ /* This is a test-only implementation of the CA callback
+ * which always returns the entire list of trusted certificates.
+ * Production implementations managing a large number of CAs
+ * should use an efficient presentation and lookup for the
+ * set of trusted certificates (such as a hashtable) and only
+ * return those trusted certificates which satisfy basic
+ * parental checks, such as the matching of child `Issuer`
+ * and parent `Subject` field. */
+ ((void) child);
+
+ first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
+ if( first == NULL )
+ {
+ ret = -1;
+ goto exit;
+ }
+ mbedtls_x509_crt_init( first );
+
+ if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
+ {
+ ret = -1;
+ goto exit;
+ }
+
+ while( ca->next != NULL )
+ {
+ ca = ca->next;
+ if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
+ {
+ ret = -1;
+ goto exit;
+ }
+ }
+
+exit:
+
+ if( ret != 0 )
+ {
+ mbedtls_x509_crt_free( first );
+ mbedtls_free( first );
+ first = NULL;
+ }
+
+ *candidates = first;
+ return( ret );
+}
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
int verify_fatal( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
{
int *levels = (int *) data;
@@ -152,6 +228,79 @@
return( 0 );
}
+
+int verify_parse_san( mbedtls_x509_subject_alternative_name *san,
+ char **buf, size_t *size )
+{
+ int ret;
+ size_t i;
+ char *p = *buf;
+ size_t n = *size;
+
+ ret = mbedtls_snprintf( p, n, "type : %u", san->type );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ switch( san->type )
+ {
+ case( MBEDTLS_X509_SAN_OTHER_NAME ):
+ ret = mbedtls_snprintf( p, n, "\notherName :");
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
+ &san->san.other_name.value.hardware_module_name.oid ) != 0 )
+ {
+ ret = mbedtls_snprintf( p, n, " hardware module name :" );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ ret = mbedtls_snprintf( p, n, " hardware type : " );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ ret = mbedtls_oid_get_numeric_string( p, n,
+ &san->san.other_name.value.hardware_module_name.oid );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ if( san->san.other_name.value.hardware_module_name.val.len >= n )
+ {
+ *p = '\0';
+ return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+ }
+
+ for( i=0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
+ {
+ *p++ = san->san.other_name.value.hardware_module_name.val.p[i];
+ }
+ n -= san->san.other_name.value.hardware_module_name.val.len;
+ }
+ break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */
+ case( MBEDTLS_X509_SAN_DNS_NAME ):
+ ret = mbedtls_snprintf( p, n, "\ndNSName : " );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ if( san->san.unstructured_name.len >= n )
+ {
+ *p = '\0';
+ return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+ }
+ n -= san->san.unstructured_name.len;
+ for( i = 0; i < san->san.unstructured_name.len; i++ )
+ *p++ = san->san.unstructured_name.p[i];
+ break;/* MBEDTLS_X509_SAN_DNS_NAME */
+
+ default:
+ /*
+ * Should not happen.
+ */
+ return( -1 );
+ }
+ ret = mbedtls_snprintf( p, n, "\n" );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+
+ *size = n;
+ *buf = p;
+
+ return( 0 );
+}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/* END_HEADER */
@@ -161,7 +310,47 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void x509_cert_info( char *crt_file, char *result_str )
+void x509_parse_san( char * crt_file, char * result_str )
+{
+ int ret;
+ mbedtls_x509_crt crt;
+ mbedtls_x509_subject_alternative_name san;
+ mbedtls_x509_sequence *cur = NULL;
+ char buf[2000];
+ char *p = buf;
+ size_t n = sizeof( buf );
+
+ mbedtls_x509_crt_init( &crt );
+ memset( buf, 0, 2000 );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+
+ if( crt.ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
+ {
+ cur = &crt.subject_alt_names;
+ while( cur != NULL )
+ {
+ ret = mbedtls_x509_parse_subject_alt_name( &cur->buf, &san );
+ TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
+ /*
+ * If san type not supported, ignore.
+ */
+ if( ret == 0)
+ TEST_ASSERT( verify_parse_san( &san, &p, &n ) == 0 );
+ cur = cur->next;
+ }
+ }
+
+ TEST_ASSERT( strcmp( buf, result_str ) == 0 );
+
+exit:
+
+ mbedtls_x509_crt_free( &crt );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
+void x509_cert_info( char * crt_file, char * result_str )
{
mbedtls_x509_crt crt;
char buf[2000];
@@ -184,7 +373,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
-void mbedtls_x509_crl_info( char *crl_file, char *result_str )
+void mbedtls_x509_crl_info( char * crl_file, char * result_str )
{
mbedtls_x509_crl crl;
char buf[2000];
@@ -207,7 +396,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
-void mbedtls_x509_crl_parse( char *crl_file, int result )
+void mbedtls_x509_crl_parse( char * crl_file, int result )
{
mbedtls_x509_crl crl;
char buf[2000];
@@ -223,7 +412,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */
-void mbedtls_x509_csr_info( char *csr_file, char *result_str )
+void mbedtls_x509_csr_info( char * csr_file, char * result_str )
{
mbedtls_x509_csr csr;
char buf[2000];
@@ -246,7 +435,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
-void x509_verify_info( int flags, char *prefix, char *result_str )
+void x509_verify_info( int flags, char * prefix, char * result_str )
{
char buf[2000];
int res;
@@ -261,6 +450,62 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */
+void x509_verify_restart( char *crt_file, char *ca_file,
+ int result, int flags_result,
+ int max_ops, int min_restart, int max_restart )
+{
+ int ret, cnt_restart;
+ mbedtls_x509_crt_restart_ctx rs_ctx;
+ mbedtls_x509_crt crt;
+ mbedtls_x509_crt ca;
+ uint32_t flags = 0;
+
+ /*
+ * See comments on ecp_test_vect_restart() for op count precision.
+ *
+ * For reference, with mbed TLS 2.6 and default settings:
+ * - ecdsa_verify() for P-256: ~ 6700
+ * - ecdsa_verify() for P-384: ~ 18800
+ * - x509_verify() for server5 -> test-ca2: ~ 18800
+ * - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500
+ */
+
+ mbedtls_x509_crt_restart_init( &rs_ctx );
+ mbedtls_x509_crt_init( &crt );
+ mbedtls_x509_crt_init( &ca );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
+
+ mbedtls_ecp_set_max_ops( max_ops );
+
+ cnt_restart = 0;
+ do {
+ ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL,
+ &mbedtls_x509_crt_profile_default, NULL, &flags,
+ NULL, NULL, &rs_ctx );
+ } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
+
+ TEST_ASSERT( ret == result );
+ TEST_ASSERT( flags == (uint32_t) flags_result );
+
+ TEST_ASSERT( cnt_restart >= min_restart );
+ TEST_ASSERT( cnt_restart <= max_restart );
+
+ /* Do we leak memory when aborting? */
+ ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL,
+ &mbedtls_x509_crt_profile_default, NULL, &flags,
+ NULL, NULL, &rs_ctx );
+ TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
+
+exit:
+ mbedtls_x509_crt_restart_free( &rs_ctx );
+ mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free( &ca );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
void x509_verify( char *crt_file, char *ca_file, char *crl_file,
char *cn_name_str, int result, int flags_result,
@@ -276,6 +521,10 @@
char * cn_name = NULL;
const mbedtls_x509_crt_profile *profile;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ TEST_ASSERT( psa_crypto_init() == 0 );
+#endif
+
mbedtls_x509_crt_init( &crt );
mbedtls_x509_crt_init( &ca );
mbedtls_x509_crl_init( &crl );
@@ -291,6 +540,8 @@
profile = &mbedtls_x509_crt_profile_suiteb;
else if( strcmp( profile_str, "compat" ) == 0 )
profile = &compat_profile;
+ else if( strcmp( profile_str, "all" ) == 0 )
+ profile = &profile_all;
else
TEST_ASSERT( "Unknown algorithm profile" == 0 );
@@ -312,6 +563,19 @@
TEST_ASSERT( res == ( result ) );
TEST_ASSERT( flags == (uint32_t)( flags_result ) );
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ /* CRLs aren't supported with CA callbacks, so skip the CA callback
+ * version of the test if CRLs are in use. */
+ if( crl_file == NULL || strcmp( crl_file, "" ) == 0 )
+ {
+ flags = 0;
+
+ res = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback, &ca, profile, cn_name, &flags, f_vrfy, NULL );
+
+ TEST_ASSERT( res == ( result ) );
+ TEST_ASSERT( flags == (uint32_t)( flags_result ) );
+ }
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
exit:
mbedtls_x509_crt_free( &crt );
mbedtls_x509_crt_free( &ca );
@@ -319,6 +583,36 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+void x509_verify_ca_cb_failure( char *crt_file, char *ca_file, char *name,
+ int exp_ret )
+{
+ int ret;
+ mbedtls_x509_crt crt;
+ mbedtls_x509_crt ca;
+ uint32_t flags = 0;
+
+ mbedtls_x509_crt_init( &crt );
+ mbedtls_x509_crt_init( &ca );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
+ TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
+
+ if( strcmp( name, "NULL" ) == 0 )
+ name = NULL;
+
+ ret = mbedtls_x509_crt_verify_with_ca_cb( &crt, ca_callback_fail, &ca,
+ &compat_profile, name, &flags,
+ NULL, NULL );
+
+ TEST_ASSERT( ret == exp_ret );
+ TEST_ASSERT( flags == (uint32_t)( -1 ) );
+exit:
+ mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_free( &ca );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void x509_verify_callback( char *crt_file, char *ca_file, char *name,
int exp_ret, char *exp_vrfy_out )
@@ -329,6 +623,10 @@
uint32_t flags = 0;
verify_print_context vrfy_ctx;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ TEST_ASSERT( psa_crypto_init() == 0 );
+#endif
+
mbedtls_x509_crt_init( &crt );
mbedtls_x509_crt_init( &ca );
verify_print_init( &vrfy_ctx );
@@ -354,7 +652,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_dn_gets( char *crt_file, char *entity, char *result_str )
+void mbedtls_x509_dn_gets( char * crt_file, char * entity, char * result_str )
{
mbedtls_x509_crt crt;
char buf[2000];
@@ -382,7 +680,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_time_is_past( char *crt_file, char *entity, int result )
+void mbedtls_x509_time_is_past( char * crt_file, char * entity, int result )
{
mbedtls_x509_crt crt;
@@ -403,7 +701,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_time_is_future( char *crt_file, char *entity, int result )
+void mbedtls_x509_time_is_future( char * crt_file, char * entity, int result )
{
mbedtls_x509_crt crt;
@@ -424,7 +722,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
-void x509parse_crt_file( char *crt_file, int result )
+void x509parse_crt_file( char * crt_file, int result )
{
mbedtls_x509_crt crt;
@@ -438,20 +736,31 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
-void x509parse_crt( char *crt_data, char *result_str, int result )
+void x509parse_crt( data_t * buf, char * result_str, int result )
{
mbedtls_x509_crt crt;
- unsigned char buf[2000];
unsigned char output[2000];
- int data_len, res;
+ int res;
mbedtls_x509_crt_init( &crt );
- memset( buf, 0, 2000 );
memset( output, 0, 2000 );
- data_len = unhexify( buf, crt_data );
+ TEST_ASSERT( mbedtls_x509_crt_parse_der( &crt, buf->x, buf->len ) == ( result ) );
+ if( ( result ) == 0 )
+ {
+ res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
- TEST_ASSERT( mbedtls_x509_crt_parse( &crt, buf, data_len ) == ( result ) );
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+
+ TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
+ }
+
+ mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_init( &crt );
+ memset( output, 0, 2000 );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_der_nocopy( &crt, buf->x, buf->len ) == ( result ) );
if( ( result ) == 0 )
{
res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
@@ -468,20 +777,17 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C */
-void x509parse_crl( char *crl_data, char *result_str, int result )
+void x509parse_crl( data_t * buf, char * result_str, int result )
{
mbedtls_x509_crl crl;
- unsigned char buf[2000];
unsigned char output[2000];
- int data_len, res;
+ int res;
mbedtls_x509_crl_init( &crl );
- memset( buf, 0, 2000 );
memset( output, 0, 2000 );
- data_len = unhexify( buf, crl_data );
- TEST_ASSERT( mbedtls_x509_crl_parse( &crl, buf, data_len ) == ( result ) );
+ TEST_ASSERT( mbedtls_x509_crl_parse( &crl, buf->x, buf->len ) == ( result ) );
if( ( result ) == 0 )
{
res = mbedtls_x509_crl_info( (char *) output, 2000, "", &crl );
@@ -498,19 +804,16 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C */
-void mbedtls_x509_csr_parse( char *csr_der_hex, char *ref_out, int ref_ret )
+void mbedtls_x509_csr_parse( data_t * csr_der, char * ref_out, int ref_ret )
{
mbedtls_x509_csr csr;
- unsigned char *csr_der = NULL;
char my_out[1000];
- size_t csr_der_len;
int my_ret;
mbedtls_x509_csr_init( &csr );
memset( my_out, 0, sizeof( my_out ) );
- csr_der = unhexify_alloc( csr_der_hex, &csr_der_len );
- my_ret = mbedtls_x509_csr_parse_der( &csr, csr_der, csr_der_len );
+ my_ret = mbedtls_x509_csr_parse_der( &csr, csr_der->x, csr_der->len );
TEST_ASSERT( my_ret == ref_ret );
if( ref_ret == 0 )
@@ -522,12 +825,11 @@
exit:
mbedtls_x509_csr_free( &csr );
- mbedtls_free( csr_der );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_crt_parse_path( char *crt_path, int ret, int nb_crt )
+void mbedtls_x509_crt_parse_path( char * crt_path, int ret, int nb_crt )
{
mbedtls_x509_crt chain, *cur;
int i;
@@ -557,6 +859,10 @@
uint32_t flags;
mbedtls_x509_crt trusted, chain;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ TEST_ASSERT( psa_crypto_init() == 0 );
+#endif
+
/*
* We expect chain_dir to contain certificates 00.crt, 01.crt, etc.
* with NN.crt signed by NN-1.crt
@@ -598,6 +904,10 @@
mbedtls_x509_crt trusted, chain;
const mbedtls_x509_crt_profile *profile = NULL;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ TEST_ASSERT( psa_crypto_init() == 0 );
+#endif
+
mbedtls_x509_crt_init( &chain );
mbedtls_x509_crt_init( &trusted );
@@ -629,18 +939,16 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_oid_desc( char *oid_str, char *ref_desc )
+void x509_oid_desc( data_t * buf, char * ref_desc )
{
mbedtls_x509_buf oid;
const char *desc = NULL;
- unsigned char buf[20];
int ret;
- memset( buf, 0, sizeof buf );
oid.tag = MBEDTLS_ASN1_OID;
- oid.len = unhexify( buf, oid_str );
- oid.p = buf;
+ oid.p = buf->x;
+ oid.len = buf->len;
ret = mbedtls_oid_get_extended_key_usage( &oid, &desc );
@@ -659,18 +967,16 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_oid_numstr( char *oid_str, char *numstr, int blen, int ret )
+void x509_oid_numstr( data_t * oid_buf, char * numstr, int blen, int ret )
{
mbedtls_x509_buf oid;
- unsigned char oid_buf[20];
char num_buf[100];
- memset( oid_buf, 0x00, sizeof oid_buf );
memset( num_buf, 0x2a, sizeof num_buf );
oid.tag = MBEDTLS_ASN1_OID;
- oid.len = unhexify( oid_buf, oid_str );
- oid.p = oid_buf;
+ oid.p = oid_buf->x;
+ oid.len = oid_buf->len;
TEST_ASSERT( (size_t) blen <= sizeof num_buf );
@@ -685,7 +991,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_KEY_USAGE */
-void x509_check_key_usage( char *crt_file, int usage, int ret )
+void x509_check_key_usage( char * crt_file, int usage, int ret )
{
mbedtls_x509_crt crt;
@@ -701,19 +1007,17 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
-void x509_check_extended_key_usage( char *crt_file, char *usage_hex, int ret )
+void x509_check_extended_key_usage( char * crt_file, data_t * oid, int ret
+ )
{
mbedtls_x509_crt crt;
- char oid[50];
- size_t len;
mbedtls_x509_crt_init( &crt );
- len = unhexify( (unsigned char *) oid, usage_hex );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
- TEST_ASSERT( mbedtls_x509_crt_check_extended_key_usage( &crt, oid, len ) == ret );
+ TEST_ASSERT( mbedtls_x509_crt_check_extended_key_usage( &crt, (const char *)oid->x, oid->len ) == ret );
exit:
mbedtls_x509_crt_free( &crt );
@@ -721,9 +1025,8 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_get_time( int tag, char *time_str, int ret,
- int year, int mon, int day,
- int hour, int min, int sec )
+void x509_get_time( int tag, char * time_str, int ret, int year, int mon,
+ int day, int hour, int min, int sec )
{
mbedtls_x509_time time;
unsigned char buf[21];
@@ -752,7 +1055,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-void x509_parse_rsassa_pss_params( char *hex_params, int params_tag,
+void x509_parse_rsassa_pss_params( data_t * hex_params, int params_tag,
int ref_msg_md, int ref_mgf_md,
int ref_salt_len, int ref_ret )
{
@@ -761,7 +1064,8 @@
mbedtls_md_type_t my_msg_md, my_mgf_md;
int my_salt_len;
- params.p = unhexify_alloc( hex_params, ¶ms.len );
+ params.p = hex_params->x;
+ params.len = hex_params->len;
params.tag = params_tag;
my_ret = mbedtls_x509_get_rsassa_pss_params( ¶ms, &my_msg_md, &my_mgf_md,
@@ -777,12 +1081,12 @@
}
exit:
- mbedtls_free( params.p );
+ ;;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */
-void x509_selftest()
+void x509_selftest( )
{
TEST_ASSERT( mbedtls_x509_self_test( 1 ) == 0 );
}
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index 5b54d85..32745d5 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -1,78 +1,91 @@
Certificate Request check Server1 SHA1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0
Certificate Request check Server1 SHA224
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0
Certificate Request check Server1 SHA256
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0:0:0
Certificate Request check Server1 SHA384
depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0:0:0
Certificate Request check Server1 SHA512
depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0:0:0
Certificate Request check Server1 MD4
depends_on:MBEDTLS_MD4_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0:0:0
Certificate Request check Server1 MD5
depends_on:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0:0:0
Certificate Request check Server1 key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0
+
+Certificate Request check Server1 key_usage empty
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage_empty":MBEDTLS_MD_SHA1:0:1:0:0
Certificate Request check Server1 ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1
+
+Certificate Request check Server1 ns_cert_type empty
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type_empty":MBEDTLS_MD_SHA1:0:0:0:1
Certificate Request check Server1 key_usage + ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
+x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1
Certificate Request check Server5 ECDSA, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0
+x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0
+
+Certificate Request check opaque Server5 ECDSA, key_usage
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+x509_csr_check_opaque:"data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0
Certificate write check Server1 SHA1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:-1:"data_files/server1.crt":0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":0
Certificate write check Server1 SHA1, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:1:-1:"data_files/server1.key_usage.crt":0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":0
Certificate write check Server1 SHA1, ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:-1:"data_files/server1.cert_type.crt":0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0
Certificate write check Server1 SHA1, version 1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
Certificate write check Server1 SHA1, RSA_ALT
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:-1:"data_files/server1.noauthid.crt":1
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.noauthid.crt":1
Certificate write check Server1 SHA1, RSA_ALT, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1
Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:0:-1:"data_files/server1.cert_type_noauthid.crt":1
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1
Certificate write check Server1 SHA1, RSA_ALT, version 1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1
+
X509 String to Names #1
mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 62f82e8..e15802f 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -1,9 +1,15 @@
/* BEGIN_HEADER */
+#include "mbedtls/bignum.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_csr.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
#include "mbedtls/rsa.h"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#include "mbedtls/psa_util.h"
+#endif
+
#if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
@@ -27,6 +33,34 @@
}
#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static int x509_crt_verifycsr( const unsigned char *buf, size_t buflen )
+{
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+ const mbedtls_md_info_t *md_info;
+ mbedtls_x509_csr csr;
+
+ if( mbedtls_x509_csr_parse( &csr, buf, buflen ) != 0 )
+ return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+
+ md_info = mbedtls_md_info_from_type( csr.sig_md );
+ if( mbedtls_md( md_info, csr.cri.p, csr.cri.len, hash ) != 0 )
+ {
+ /* Note: this can't happen except after an internal error */
+ return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+ }
+
+ if( mbedtls_pk_verify_ext( csr.sig_pk, csr.sig_opts, &csr.pk,
+ csr.sig_md, hash, mbedtls_md_get_size( md_info ),
+ csr.sig.p, csr.sig.len ) != 0 )
+ {
+ return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
+ }
+
+ return( 0 );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -35,8 +69,9 @@
*/
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */
-void x509_csr_check( char *key_file, char *cert_req_check_file,
- int md_type, int key_usage, int cert_type )
+void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
+ int key_usage, int set_key_usage, int cert_type,
+ int set_cert_type )
{
mbedtls_pk_context key;
mbedtls_x509write_csr req;
@@ -58,9 +93,9 @@
mbedtls_x509write_csr_set_md_alg( &req, md_type );
mbedtls_x509write_csr_set_key( &req, &key );
TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );
- if( key_usage != 0 )
+ if( set_key_usage != 0 )
TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 );
- if( cert_type != 0 )
+ if( set_cert_type != 0 )
TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ),
@@ -94,12 +129,60 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C:MBEDTLS_USE_PSA_CRYPTO */
+void x509_csr_check_opaque( char *key_file, int md_type, int key_usage,
+ int cert_type )
+{
+ mbedtls_pk_context key;
+ psa_key_handle_t slot;
+ psa_algorithm_t md_alg_psa;
+ mbedtls_x509write_csr req;
+ unsigned char buf[4096];
+ int ret;
+ size_t pem_len = 0;
+ const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
+ rnd_pseudo_info rnd_info;
+
+ psa_crypto_init();
+ memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
+
+ md_alg_psa = mbedtls_psa_translate_md( (mbedtls_md_type_t) md_type );
+ TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );
+
+ mbedtls_pk_init( &key );
+ TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &slot, md_alg_psa ) == 0 );
+
+ mbedtls_x509write_csr_init( &req );
+ mbedtls_x509write_csr_set_md_alg( &req, md_type );
+ mbedtls_x509write_csr_set_key( &req, &key );
+ TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );
+ if( key_usage != 0 )
+ TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 );
+ if( cert_type != 0 )
+ TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
+
+ ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ) - 1,
+ rnd_pseudo_rand, &rnd_info );
+ TEST_ASSERT( ret == 0 );
+
+ pem_len = strlen( (char *) buf );
+ buf[pem_len] = '\0';
+ TEST_ASSERT( x509_crt_verifycsr( buf, pem_len + 1 ) == 0 );
+
+exit:
+ mbedtls_x509write_csr_free( &req );
+ mbedtls_pk_free( &key );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CRT_WRITE_C:MBEDTLS_SHA1_C */
void x509_crt_check( char *subject_key_file, char *subject_pwd,
char *subject_name, char *issuer_key_file,
char *issuer_pwd, char *issuer_name,
char *serial_str, char *not_before, char *not_after,
- int md_type, int key_usage, int cert_type, int auth_ident,
+ int md_type, int key_usage, int set_key_usage,
+ int cert_type, int set_cert_type, int auth_ident,
int ver, char *cert_check_file, int rsa_alt )
{
mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
@@ -167,9 +250,9 @@
TEST_ASSERT( mbedtls_x509write_crt_set_subject_key_identifier( &crt ) == 0 );
if( auth_ident )
TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 );
- if( key_usage != 0 )
+ if( set_key_usage != 0 )
TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 );
- if( cert_type != 0 )
+ if( set_cert_type != 0 )
TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 );
}
@@ -209,7 +292,8 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */
-void mbedtls_x509_string_to_names( char *name, char *parsed_name, int result )
+void mbedtls_x509_string_to_names( char * name, char * parsed_name, int result
+ )
{
int ret;
size_t len = 0;
diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function
index cbc714a..a24a420 100644
--- a/tests/suites/test_suite_xtea.function
+++ b/tests/suites/test_suite_xtea.function
@@ -8,121 +8,77 @@
*/
/* BEGIN_CASE */
-void xtea_encrypt_ecb( char *hex_key_string, char *hex_src_string,
- char *hex_dst_string )
+void xtea_encrypt_ecb( data_t * key_str, data_t * src_str,
+ data_t * hex_dst_string )
{
- unsigned char key_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_xtea_context ctx;
- memset(key_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
- unhexify( key_str, hex_key_string );
- unhexify( src_str, hex_src_string );
- mbedtls_xtea_setup( &ctx, key_str );
- TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str, output ) == 0 );
- hexify( dst_str, output, 8 );
+ mbedtls_xtea_setup( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE */
-void xtea_decrypt_ecb( char *hex_key_string, char *hex_src_string,
- char *hex_dst_string )
+void xtea_decrypt_ecb( data_t * key_str, data_t * src_str,
+ data_t * hex_dst_string )
{
- unsigned char key_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
unsigned char output[100];
mbedtls_xtea_context ctx;
- memset(key_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
memset(output, 0x00, 100);
- unhexify( key_str, hex_key_string );
- unhexify( src_str, hex_src_string );
- mbedtls_xtea_setup( &ctx, key_str );
- TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_DECRYPT, src_str, output ) == 0 );
- hexify( dst_str, output, 8 );
+ mbedtls_xtea_setup( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void xtea_encrypt_cbc( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string )
+void xtea_encrypt_cbc( data_t * key_str, data_t * iv_str,
+ data_t * src_str, data_t * hex_dst_string )
{
- unsigned char key_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
- unsigned char iv_str[100];
unsigned char output[100];
- size_t len;
mbedtls_xtea_context ctx;
- memset(key_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
memset(output, 0x00, 100);
- unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- len = unhexify( src_str, hex_src_string );
- mbedtls_xtea_setup( &ctx, key_str );
- TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_ENCRYPT, len, iv_str,
- src_str, output ) == 0 );
- hexify( dst_str, output, len );
+ mbedtls_xtea_setup( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->len, iv_str->x,
+ src_str->x, output ) == 0 );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void xtea_decrypt_cbc( char *hex_key_string, char *hex_iv_string,
- char *hex_src_string, char *hex_dst_string )
+void xtea_decrypt_cbc( data_t * key_str, data_t * iv_str,
+ data_t * src_str, data_t * hex_dst_string )
{
- unsigned char key_str[100];
- unsigned char src_str[100];
- unsigned char dst_str[100];
- unsigned char iv_str[100];
unsigned char output[100];
- size_t len;
mbedtls_xtea_context ctx;
- memset(key_str, 0x00, 100);
- memset(src_str, 0x00, 100);
- memset(dst_str, 0x00, 100);
- memset(iv_str, 0x00, 100);
memset(output, 0x00, 100);
- unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- len = unhexify( src_str, hex_src_string );
- mbedtls_xtea_setup( &ctx, key_str );
- TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_DECRYPT, len, iv_str,
- src_str, output ) == 0 );
- hexify( dst_str, output, len );
+ mbedtls_xtea_setup( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->len, iv_str->x,
+ src_str->x, output ) == 0 );
- TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+ TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void xtea_selftest()
+void xtea_selftest( )
{
TEST_ASSERT( mbedtls_xtea_self_test( 1 ) == 0 );
}
diff --git a/visualc/VS2010/aescrypt2.vcxproj b/visualc/VS2010/aescrypt2.vcxproj
index db387f9..1d9d6cf 100644
--- a/visualc/VS2010/aescrypt2.vcxproj
+++ b/visualc/VS2010/aescrypt2.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/benchmark.vcxproj b/visualc/VS2010/benchmark.vcxproj
index 934c844..789c4d2 100644
--- a/visualc/VS2010/benchmark.vcxproj
+++ b/visualc/VS2010/benchmark.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/cert_app.vcxproj b/visualc/VS2010/cert_app.vcxproj
index fef0efe..f373517 100644
--- a/visualc/VS2010/cert_app.vcxproj
+++ b/visualc/VS2010/cert_app.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/cert_req.vcxproj b/visualc/VS2010/cert_req.vcxproj
index 7d8694b..244dd44 100644
--- a/visualc/VS2010/cert_req.vcxproj
+++ b/visualc/VS2010/cert_req.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/cert_write.vcxproj b/visualc/VS2010/cert_write.vcxproj
index 8891d8a..8fa7648 100644
--- a/visualc/VS2010/cert_write.vcxproj
+++ b/visualc/VS2010/cert_write.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/crl_app.vcxproj b/visualc/VS2010/crl_app.vcxproj
index c51caef..cf33759 100644
--- a/visualc/VS2010/crl_app.vcxproj
+++ b/visualc/VS2010/crl_app.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/crypt_and_hash.vcxproj b/visualc/VS2010/crypt_and_hash.vcxproj
index 99199d9..521877e 100644
--- a/visualc/VS2010/crypt_and_hash.vcxproj
+++ b/visualc/VS2010/crypt_and_hash.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/dh_client.vcxproj b/visualc/VS2010/dh_client.vcxproj
index b2fae80..1e360e4 100644
--- a/visualc/VS2010/dh_client.vcxproj
+++ b/visualc/VS2010/dh_client.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/dh_genprime.vcxproj b/visualc/VS2010/dh_genprime.vcxproj
index d9c1900..d893ff3 100644
--- a/visualc/VS2010/dh_genprime.vcxproj
+++ b/visualc/VS2010/dh_genprime.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/dh_server.vcxproj
index 6f87cb8..ee24e05 100644
--- a/visualc/VS2010/dh_server.vcxproj
+++ b/visualc/VS2010/dh_server.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/dtls_client.vcxproj b/visualc/VS2010/dtls_client.vcxproj
index 60715fe..2e33bf6 100644
--- a/visualc/VS2010/dtls_client.vcxproj
+++ b/visualc/VS2010/dtls_client.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/dtls_server.vcxproj b/visualc/VS2010/dtls_server.vcxproj
index 8789d7f..4c1e9ee 100644
--- a/visualc/VS2010/dtls_server.vcxproj
+++ b/visualc/VS2010/dtls_server.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/ecdh_curve25519.vcxproj b/visualc/VS2010/ecdh_curve25519.vcxproj
index 1120111..d082610 100644
--- a/visualc/VS2010/ecdh_curve25519.vcxproj
+++ b/visualc/VS2010/ecdh_curve25519.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/ecdsa.vcxproj b/visualc/VS2010/ecdsa.vcxproj
index 3718c9f..b9e8ca8 100644
--- a/visualc/VS2010/ecdsa.vcxproj
+++ b/visualc/VS2010/ecdsa.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/gen_entropy.vcxproj b/visualc/VS2010/gen_entropy.vcxproj
index 4c57655..5d50ce0 100644
--- a/visualc/VS2010/gen_entropy.vcxproj
+++ b/visualc/VS2010/gen_entropy.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/gen_key.vcxproj b/visualc/VS2010/gen_key.vcxproj
index a07e1aa..d9b1bcc 100644
--- a/visualc/VS2010/gen_key.vcxproj
+++ b/visualc/VS2010/gen_key.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/gen_random_ctr_drbg.vcxproj b/visualc/VS2010/gen_random_ctr_drbg.vcxproj
index 11740c4..123f57f 100644
--- a/visualc/VS2010/gen_random_ctr_drbg.vcxproj
+++ b/visualc/VS2010/gen_random_ctr_drbg.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/gen_random_havege.vcxproj b/visualc/VS2010/gen_random_havege.vcxproj
index 01253ce..26b4f53 100644
--- a/visualc/VS2010/gen_random_havege.vcxproj
+++ b/visualc/VS2010/gen_random_havege.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/generic_sum.vcxproj b/visualc/VS2010/generic_sum.vcxproj
index 0f2ecb4..5915201 100644
--- a/visualc/VS2010/generic_sum.vcxproj
+++ b/visualc/VS2010/generic_sum.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/hello.vcxproj b/visualc/VS2010/hello.vcxproj
index c986b07..9959b54 100644
--- a/visualc/VS2010/hello.vcxproj
+++ b/visualc/VS2010/hello.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/key_app.vcxproj b/visualc/VS2010/key_app.vcxproj
index f96a0b0..6bd10ec 100644
--- a/visualc/VS2010/key_app.vcxproj
+++ b/visualc/VS2010/key_app.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/key_app_writer.vcxproj b/visualc/VS2010/key_app_writer.vcxproj
index 0e4af3a..f53be18 100644
--- a/visualc/VS2010/key_app_writer.vcxproj
+++ b/visualc/VS2010/key_app_writer.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln
index 66b96c3..5d2c99c 100644
--- a/visualc/VS2010/mbedTLS.sln
+++ b/visualc/VS2010/mbedTLS.sln
@@ -183,11 +183,6 @@
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_cert_test", "ssl_cert_test.vcxproj", "{3FE0C0E1-D9BA-6A26-380C-F293E543B914}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "benchmark", "benchmark.vcxproj", "{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@@ -208,6 +203,11 @@
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "query_compile_time_config", "query_compile_time_config.vcxproj", "{D6F58AF2-9D80-562A-E2B0-F743281522B9}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pem2der", "pem2der.vcxproj", "{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@@ -547,14 +547,6 @@
{5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|Win32.Build.0 = Release|Win32
{5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.ActiveCfg = Release|x64
{5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.Build.0 = Release|x64
- {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|Win32.ActiveCfg = Debug|Win32
- {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|Win32.Build.0 = Debug|Win32
- {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|x64.ActiveCfg = Debug|x64
- {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Debug|x64.Build.0 = Debug|x64
- {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|Win32.ActiveCfg = Release|Win32
- {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|Win32.Build.0 = Release|Win32
- {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|x64.ActiveCfg = Release|x64
- {3FE0C0E1-D9BA-6A26-380C-F293E543B914}.Release|x64.Build.0 = Release|x64
{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.ActiveCfg = Debug|Win32
{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.Build.0 = Debug|Win32
{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|x64.ActiveCfg = Debug|x64
@@ -587,6 +579,14 @@
{10C01E94-4926-063E-9F56-C84ED190D349}.Release|Win32.Build.0 = Release|Win32
{10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.ActiveCfg = Release|x64
{10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.Build.0 = Release|x64
+ {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|Win32.ActiveCfg = Debug|Win32
+ {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|Win32.Build.0 = Debug|Win32
+ {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|x64.ActiveCfg = Debug|x64
+ {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|x64.Build.0 = Debug|x64
+ {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|Win32.ActiveCfg = Release|Win32
+ {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|Win32.Build.0 = Release|Win32
+ {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|x64.ActiveCfg = Release|x64
+ {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|x64.Build.0 = Release|x64
{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.ActiveCfg = Debug|Win32
{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.Build.0 = Debug|Win32
{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|x64.ActiveCfg = Debug|x64
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index 73c92bd..404a5c1 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -86,7 +86,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
<Link>
@@ -101,7 +103,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
<Link>
@@ -118,7 +122,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@@ -136,7 +142,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@@ -204,6 +212,7 @@
<ClInclude Include="..\..\include\mbedtls\platform_time.h" />
<ClInclude Include="..\..\include\mbedtls\platform_util.h" />
<ClInclude Include="..\..\include\mbedtls\poly1305.h" />
+ <ClInclude Include="..\..\include\mbedtls\psa_util.h" />
<ClInclude Include="..\..\include\mbedtls\ripemd160.h" />
<ClInclude Include="..\..\include\mbedtls\rsa.h" />
<ClInclude Include="..\..\include\mbedtls\rsa_internal.h" />
@@ -224,68 +233,88 @@
<ClInclude Include="..\..\include\mbedtls\x509_crt.h" />
<ClInclude Include="..\..\include\mbedtls\x509_csr.h" />
<ClInclude Include="..\..\include\mbedtls\xtea.h" />
+ <ClInclude Include="..\..\crypto\include\psa\crypto.h" />
+ <ClInclude Include="..\..\crypto\include\psa\crypto_accel_driver.h" />
+ <ClInclude Include="..\..\crypto\include\psa\crypto_driver_common.h" />
+ <ClInclude Include="..\..\crypto\include\psa\crypto_entropy_driver.h" />
+ <ClInclude Include="..\..\crypto\include\psa\crypto_extra.h" />
+ <ClInclude Include="..\..\crypto\include\psa\crypto_platform.h" />
+ <ClInclude Include="..\..\crypto\include\psa\crypto_se_driver.h" />
+ <ClInclude Include="..\..\crypto\include\psa\crypto_sizes.h" />
+ <ClInclude Include="..\..\crypto\include\psa\crypto_struct.h" />
+ <ClInclude Include="..\..\crypto\include\psa\crypto_types.h" />
+ <ClInclude Include="..\..\crypto\include\psa\crypto_values.h" />
</ItemGroup>
<ItemGroup>
- <ClCompile Include="..\..\library\aes.c" />
- <ClCompile Include="..\..\library\aesni.c" />
- <ClCompile Include="..\..\library\arc4.c" />
- <ClCompile Include="..\..\library\aria.c" />
- <ClCompile Include="..\..\library\asn1parse.c" />
- <ClCompile Include="..\..\library\asn1write.c" />
- <ClCompile Include="..\..\library\base64.c" />
- <ClCompile Include="..\..\library\bignum.c" />
- <ClCompile Include="..\..\library\blowfish.c" />
- <ClCompile Include="..\..\library\camellia.c" />
- <ClCompile Include="..\..\library\ccm.c" />
+ <ClCompile Include="..\..\crypto\library\aes.c" />
+ <ClCompile Include="..\..\crypto\library\aesni.c" />
+ <ClCompile Include="..\..\crypto\library\arc4.c" />
+ <ClCompile Include="..\..\crypto\library\aria.c" />
+ <ClCompile Include="..\..\crypto\library\asn1parse.c" />
+ <ClCompile Include="..\..\crypto\library\asn1write.c" />
+ <ClCompile Include="..\..\crypto\library\base64.c" />
+ <ClCompile Include="..\..\crypto\library\bignum.c" />
+ <ClCompile Include="..\..\crypto\library\blowfish.c" />
+ <ClCompile Include="..\..\crypto\library\camellia.c" />
+ <ClCompile Include="..\..\crypto\library\ccm.c" />
+ <ClCompile Include="..\..\crypto\library\chacha20.c" />
+ <ClCompile Include="..\..\crypto\library\chachapoly.c" />
+ <ClCompile Include="..\..\crypto\library\cipher.c" />
+ <ClCompile Include="..\..\crypto\library\cipher_wrap.c" />
+ <ClCompile Include="..\..\crypto\library\cmac.c" />
+ <ClCompile Include="..\..\crypto\library\ctr_drbg.c" />
+ <ClCompile Include="..\..\crypto\library\des.c" />
+ <ClCompile Include="..\..\crypto\library\dhm.c" />
+ <ClCompile Include="..\..\crypto\library\ecdh.c" />
+ <ClCompile Include="..\..\crypto\library\ecdsa.c" />
+ <ClCompile Include="..\..\crypto\library\ecjpake.c" />
+ <ClCompile Include="..\..\crypto\library\ecp.c" />
+ <ClCompile Include="..\..\crypto\library\ecp_curves.c" />
+ <ClCompile Include="..\..\crypto\library\entropy.c" />
+ <ClCompile Include="..\..\crypto\library\entropy_poll.c" />
+ <ClCompile Include="..\..\crypto\library\error.c" />
+ <ClCompile Include="..\..\crypto\library\gcm.c" />
+ <ClCompile Include="..\..\crypto\library\havege.c" />
+ <ClCompile Include="..\..\crypto\library\hkdf.c" />
+ <ClCompile Include="..\..\crypto\library\hmac_drbg.c" />
+ <ClCompile Include="..\..\crypto\library\md.c" />
+ <ClCompile Include="..\..\crypto\library\md2.c" />
+ <ClCompile Include="..\..\crypto\library\md4.c" />
+ <ClCompile Include="..\..\crypto\library\md5.c" />
+ <ClCompile Include="..\..\crypto\library\md_wrap.c" />
+ <ClCompile Include="..\..\crypto\library\memory_buffer_alloc.c" />
+ <ClCompile Include="..\..\crypto\library\nist_kw.c" />
+ <ClCompile Include="..\..\crypto\library\oid.c" />
+ <ClCompile Include="..\..\crypto\library\padlock.c" />
+ <ClCompile Include="..\..\crypto\library\pem.c" />
+ <ClCompile Include="..\..\crypto\library\pk.c" />
+ <ClCompile Include="..\..\crypto\library\pk_wrap.c" />
+ <ClCompile Include="..\..\crypto\library\pkcs12.c" />
+ <ClCompile Include="..\..\crypto\library\pkcs5.c" />
+ <ClCompile Include="..\..\crypto\library\pkparse.c" />
+ <ClCompile Include="..\..\crypto\library\pkwrite.c" />
+ <ClCompile Include="..\..\crypto\library\platform.c" />
+ <ClCompile Include="..\..\crypto\library\platform_util.c" />
+ <ClCompile Include="..\..\crypto\library\poly1305.c" />
+ <ClCompile Include="..\..\crypto\library\psa_crypto.c" />
+ <ClCompile Include="..\..\crypto\library\psa_crypto_slot_management.c" />
+ <ClCompile Include="..\..\crypto\library\psa_crypto_storage.c" />
+ <ClCompile Include="..\..\crypto\library\psa_its_file.c" />
+ <ClCompile Include="..\..\crypto\library\ripemd160.c" />
+ <ClCompile Include="..\..\crypto\library\rsa.c" />
+ <ClCompile Include="..\..\crypto\library\rsa_internal.c" />
+ <ClCompile Include="..\..\crypto\library\sha1.c" />
+ <ClCompile Include="..\..\crypto\library\sha256.c" />
+ <ClCompile Include="..\..\crypto\library\sha512.c" />
+ <ClCompile Include="..\..\crypto\library\threading.c" />
+ <ClCompile Include="..\..\crypto\library\timing.c" />
+ <ClCompile Include="..\..\crypto\library\version.c" />
+ <ClCompile Include="..\..\crypto\library\version_features.c" />
+ <ClCompile Include="..\..\crypto\library\xtea.c" />
<ClCompile Include="..\..\library\certs.c" />
- <ClCompile Include="..\..\library\chacha20.c" />
- <ClCompile Include="..\..\library\chachapoly.c" />
- <ClCompile Include="..\..\library\cipher.c" />
- <ClCompile Include="..\..\library\cipher_wrap.c" />
- <ClCompile Include="..\..\library\cmac.c" />
- <ClCompile Include="..\..\library\ctr_drbg.c" />
<ClCompile Include="..\..\library\debug.c" />
- <ClCompile Include="..\..\library\des.c" />
- <ClCompile Include="..\..\library\dhm.c" />
- <ClCompile Include="..\..\library\ecdh.c" />
- <ClCompile Include="..\..\library\ecdsa.c" />
- <ClCompile Include="..\..\library\ecjpake.c" />
- <ClCompile Include="..\..\library\ecp.c" />
- <ClCompile Include="..\..\library\ecp_curves.c" />
- <ClCompile Include="..\..\library\entropy.c" />
- <ClCompile Include="..\..\library\entropy_poll.c" />
- <ClCompile Include="..\..\library\error.c" />
- <ClCompile Include="..\..\library\gcm.c" />
- <ClCompile Include="..\..\library\havege.c" />
- <ClCompile Include="..\..\library\hkdf.c" />
- <ClCompile Include="..\..\library\hmac_drbg.c" />
- <ClCompile Include="..\..\library\md.c" />
- <ClCompile Include="..\..\library\md2.c" />
- <ClCompile Include="..\..\library\md4.c" />
- <ClCompile Include="..\..\library\md5.c" />
- <ClCompile Include="..\..\library\md_wrap.c" />
- <ClCompile Include="..\..\library\memory_buffer_alloc.c" />
<ClCompile Include="..\..\library\net_sockets.c" />
- <ClCompile Include="..\..\library\nist_kw.c" />
- <ClCompile Include="..\..\library\oid.c" />
- <ClCompile Include="..\..\library\padlock.c" />
- <ClCompile Include="..\..\library\pem.c" />
- <ClCompile Include="..\..\library\pk.c" />
- <ClCompile Include="..\..\library\pk_wrap.c" />
<ClCompile Include="..\..\library\pkcs11.c" />
- <ClCompile Include="..\..\library\pkcs12.c" />
- <ClCompile Include="..\..\library\pkcs5.c" />
- <ClCompile Include="..\..\library\pkparse.c" />
- <ClCompile Include="..\..\library\pkwrite.c" />
- <ClCompile Include="..\..\library\platform.c" />
- <ClCompile Include="..\..\library\platform_util.c" />
- <ClCompile Include="..\..\library\poly1305.c" />
- <ClCompile Include="..\..\library\ripemd160.c" />
- <ClCompile Include="..\..\library\rsa.c" />
- <ClCompile Include="..\..\library\rsa_internal.c" />
- <ClCompile Include="..\..\library\sha1.c" />
- <ClCompile Include="..\..\library\sha256.c" />
- <ClCompile Include="..\..\library\sha512.c" />
<ClCompile Include="..\..\library\ssl_cache.c" />
<ClCompile Include="..\..\library\ssl_ciphersuites.c" />
<ClCompile Include="..\..\library\ssl_cli.c" />
@@ -293,10 +322,6 @@
<ClCompile Include="..\..\library\ssl_srv.c" />
<ClCompile Include="..\..\library\ssl_ticket.c" />
<ClCompile Include="..\..\library\ssl_tls.c" />
- <ClCompile Include="..\..\library\threading.c" />
- <ClCompile Include="..\..\library\timing.c" />
- <ClCompile Include="..\..\library\version.c" />
- <ClCompile Include="..\..\library\version_features.c" />
<ClCompile Include="..\..\library\x509.c" />
<ClCompile Include="..\..\library\x509_create.c" />
<ClCompile Include="..\..\library\x509_crl.c" />
@@ -304,7 +329,6 @@
<ClCompile Include="..\..\library\x509_csr.c" />
<ClCompile Include="..\..\library\x509write_crt.c" />
<ClCompile Include="..\..\library\x509write_csr.c" />
- <ClCompile Include="..\..\library\xtea.c" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
diff --git a/visualc/VS2010/mini_client.vcxproj b/visualc/VS2010/mini_client.vcxproj
index b5567bd..46faa54 100644
--- a/visualc/VS2010/mini_client.vcxproj
+++ b/visualc/VS2010/mini_client.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/mpi_demo.vcxproj b/visualc/VS2010/mpi_demo.vcxproj
index d68bc75..5264cb4 100644
--- a/visualc/VS2010/mpi_demo.vcxproj
+++ b/visualc/VS2010/mpi_demo.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/pem2der.vcxproj b/visualc/VS2010/pem2der.vcxproj
index 507c79a..1903b1e 100644
--- a/visualc/VS2010/pem2der.vcxproj
+++ b/visualc/VS2010/pem2der.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/pk_decrypt.vcxproj b/visualc/VS2010/pk_decrypt.vcxproj
index 5ccaf4f..c4512f9 100644
--- a/visualc/VS2010/pk_decrypt.vcxproj
+++ b/visualc/VS2010/pk_decrypt.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/pk_encrypt.vcxproj b/visualc/VS2010/pk_encrypt.vcxproj
index d5ef208..2c2b06a 100644
--- a/visualc/VS2010/pk_encrypt.vcxproj
+++ b/visualc/VS2010/pk_encrypt.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/pk_sign.vcxproj b/visualc/VS2010/pk_sign.vcxproj
index d21f17a..a200c44 100644
--- a/visualc/VS2010/pk_sign.vcxproj
+++ b/visualc/VS2010/pk_sign.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/pk_verify.vcxproj b/visualc/VS2010/pk_verify.vcxproj
index 637ddd6..832fcd0 100644
--- a/visualc/VS2010/pk_verify.vcxproj
+++ b/visualc/VS2010/pk_verify.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/ssl_cert_test.vcxproj b/visualc/VS2010/query_compile_time_config.vcxproj
similarity index 92%
rename from visualc/VS2010/ssl_cert_test.vcxproj
rename to visualc/VS2010/query_compile_time_config.vcxproj
index b8f014e..fbc1278 100644
--- a/visualc/VS2010/ssl_cert_test.vcxproj
+++ b/visualc/VS2010/query_compile_time_config.vcxproj
@@ -19,7 +19,8 @@
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
- <ClCompile Include="..\..\programs\test\ssl_cert_test.c" />
+ <ClCompile Include="..\..\programs\test\query_compile_time_config.c" />
+ <ClCompile Include="..\..\programs\ssl\query_config.c" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj">
@@ -28,9 +29,9 @@
</ProjectReference>
</ItemGroup>
<PropertyGroup Label="Globals">
- <ProjectGuid>{3FE0C0E1-D9BA-6A26-380C-F293E543B914}</ProjectGuid>
+ <ProjectGuid>{D6F58AF2-9D80-562A-E2B0-F743281522B9}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
- <RootNamespace>ssl_cert_test</RootNamespace>
+ <RootNamespace>query_compile_time_config</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
@@ -54,7 +55,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +95,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +117,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +141,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +163,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/req_app.vcxproj b/visualc/VS2010/req_app.vcxproj
index 3ffcea5..647bc51 100644
--- a/visualc/VS2010/req_app.vcxproj
+++ b/visualc/VS2010/req_app.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/rsa_decrypt.vcxproj b/visualc/VS2010/rsa_decrypt.vcxproj
index 9e1d0a2..81cbc96 100644
--- a/visualc/VS2010/rsa_decrypt.vcxproj
+++ b/visualc/VS2010/rsa_decrypt.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/rsa_encrypt.vcxproj b/visualc/VS2010/rsa_encrypt.vcxproj
index c3b0371..b404cd1 100644
--- a/visualc/VS2010/rsa_encrypt.vcxproj
+++ b/visualc/VS2010/rsa_encrypt.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/rsa_genkey.vcxproj b/visualc/VS2010/rsa_genkey.vcxproj
index e6b5060..c37a3b8 100644
--- a/visualc/VS2010/rsa_genkey.vcxproj
+++ b/visualc/VS2010/rsa_genkey.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/rsa_sign.vcxproj b/visualc/VS2010/rsa_sign.vcxproj
index c1147c3..c4c7b39 100644
--- a/visualc/VS2010/rsa_sign.vcxproj
+++ b/visualc/VS2010/rsa_sign.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/rsa_sign_pss.vcxproj b/visualc/VS2010/rsa_sign_pss.vcxproj
index adfee6d..7538d4d 100644
--- a/visualc/VS2010/rsa_sign_pss.vcxproj
+++ b/visualc/VS2010/rsa_sign_pss.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/rsa_verify.vcxproj b/visualc/VS2010/rsa_verify.vcxproj
index bb44b4f..807df85 100644
--- a/visualc/VS2010/rsa_verify.vcxproj
+++ b/visualc/VS2010/rsa_verify.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/rsa_verify_pss.vcxproj b/visualc/VS2010/rsa_verify_pss.vcxproj
index 7781aa5..a50c2b4 100644
--- a/visualc/VS2010/rsa_verify_pss.vcxproj
+++ b/visualc/VS2010/rsa_verify_pss.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/selftest.vcxproj b/visualc/VS2010/selftest.vcxproj
index 12ff76d..10ac8fc 100644
--- a/visualc/VS2010/selftest.vcxproj
+++ b/visualc/VS2010/selftest.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/ssl_client1.vcxproj b/visualc/VS2010/ssl_client1.vcxproj
index 4ac15822..5fecb55 100644
--- a/visualc/VS2010/ssl_client1.vcxproj
+++ b/visualc/VS2010/ssl_client1.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/ssl_client2.vcxproj b/visualc/VS2010/ssl_client2.vcxproj
index 1d44fa7..b181fec 100644
--- a/visualc/VS2010/ssl_client2.vcxproj
+++ b/visualc/VS2010/ssl_client2.vcxproj
@@ -20,6 +20,7 @@
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\programs\ssl\ssl_client2.c" />
+ <ClCompile Include="..\..\programs\ssl\query_config.c" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj">
@@ -54,7 +55,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +95,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +117,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +141,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +163,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/ssl_fork_server.vcxproj b/visualc/VS2010/ssl_fork_server.vcxproj
index 922a995..608e989 100644
--- a/visualc/VS2010/ssl_fork_server.vcxproj
+++ b/visualc/VS2010/ssl_fork_server.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/ssl_mail_client.vcxproj b/visualc/VS2010/ssl_mail_client.vcxproj
index a9b01d0..1738d25 100644
--- a/visualc/VS2010/ssl_mail_client.vcxproj
+++ b/visualc/VS2010/ssl_mail_client.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/ssl_server.vcxproj b/visualc/VS2010/ssl_server.vcxproj
index ae28e18..136199f 100644
--- a/visualc/VS2010/ssl_server.vcxproj
+++ b/visualc/VS2010/ssl_server.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/ssl_server2.vcxproj b/visualc/VS2010/ssl_server2.vcxproj
index d06e062..04e55d8 100644
--- a/visualc/VS2010/ssl_server2.vcxproj
+++ b/visualc/VS2010/ssl_server2.vcxproj
@@ -20,6 +20,7 @@
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\programs\ssl\ssl_server2.c" />
+ <ClCompile Include="..\..\programs\ssl\query_config.c" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj">
@@ -54,7 +55,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +95,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +117,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +141,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +163,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/strerror.vcxproj b/visualc/VS2010/strerror.vcxproj
index d7ec570..5560361 100644
--- a/visualc/VS2010/strerror.vcxproj
+++ b/visualc/VS2010/strerror.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/udp_proxy.vcxproj b/visualc/VS2010/udp_proxy.vcxproj
index 30ae55e..47d31b2 100644
--- a/visualc/VS2010/udp_proxy.vcxproj
+++ b/visualc/VS2010/udp_proxy.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/visualc/VS2010/zeroize.vcxproj b/visualc/VS2010/zeroize.vcxproj
index 9d311c7..730fcb0 100644
--- a/visualc/VS2010/zeroize.vcxproj
+++ b/visualc/VS2010/zeroize.vcxproj
@@ -54,7 +54,6 @@
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -95,7 +94,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -115,7 +116,9 @@
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -137,7 +140,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -157,7 +162,9 @@
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>
+../../include;../../crypto/include
+ </AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
diff --git a/yotta/.gitignore b/yotta/.gitignore
deleted file mode 100644
index 0cca093..0000000
--- a/yotta/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-module
diff --git a/yotta/create-module.sh b/yotta/create-module.sh
deleted file mode 100755
index 4c79ebe..0000000
--- a/yotta/create-module.sh
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-# relative to the script's directory
-TREE=..
-DEST=module
-
-# make sure we're running in our own directory
-if [ -f create-module.sh ]; then :; else
- cd $( dirname $0 )
- if [ -f create-module.sh ]; then :; else
- echo "Please run the script from is directory." >&2
- exit 1
- fi
-fi
-
-# use a temporary directory to build the module, then rsync to DEST
-# this allows touching only new files, for more efficient re-builds
-TMP=$DEST-tmp
-rm -rf $TMP
-
-mkdir -p $TMP/mbedtls $TMP/source
-cp $TREE/include/mbedtls/*.h $TMP/mbedtls
-cp $TREE/library/*.c $TMP/source
-
-# temporary, should depend on external module later
-cp data/entropy_hardware_poll.c $TMP/source
-cp data/target_config.h $TMP/mbedtls
-
-data/adjust-config.sh $TREE/scripts/config.pl $TMP/mbedtls/config.h
-
-mkdir -p $TMP/test
-cp -r data/example-* $TMP/test
-# later we should have the generated test suites here too
-
-cp data/module.json $TMP
-cp data/README.md $TMP
-
-cp ../LICENSE $TMP
-if [ -f ../apache-2.0.txt ]; then cp ../apache-2.0.txt $TMP; fi
-
-mkdir -p $DEST
-rsync -cr --delete --exclude build --exclude yotta_\* $TMP/ $DEST/
-rm -rf $TMP
-
-echo "mbed TLS yotta module created in '$PWD/$DEST'."
diff --git a/yotta/data/README.md b/yotta/data/README.md
deleted file mode 100644
index b748aac..0000000
--- a/yotta/data/README.md
+++ /dev/null
@@ -1,103 +0,0 @@
-# mbed TLS
-
-mbed TLS makes it trivially easy for developers to include cryptographic and SSL/TLS capabilities in their embedded products, with a minimal code footprint. It offers an SSL library with an intuitive API and readable source code.
-
-**Note:** The current release is beta, and implements no secure source of random numbers, weakening its security.
-
-Currently the only supported yotta targets are:
-- `frdm-k64f-gcc`
-- `frdm-k64f-armcc`
-- `x86-linux-native`
-- `x86-osx-native`
-
-## Sample programs
-
-This release includes the following examples:
-
-1. [**Self test:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-selftest) Tests different basic functions in the mbed TLS library.
-
-2. [**Benchmark:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-benchmark) Measures the time taken to perform basic cryptographic functions used in the library.
-
-3. [**Hashing:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-hashing) Demonstrates the various APIs for computing hashes of data (also known as message digests) with SHA-256.
-
-4. [**Authenticated encryption:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-authcrypt) Demonstrates usage of the Cipher API for encrypting and authenticating data with AES-CCM.
-
-These examples are integrated as yotta tests, so that they are built automatically when you build mbed TLS. Each of them comes with complete usage instructions as a Readme file in the repository.
-
-## Performing TLS and DTLS connections
-
-A high-level API for performing TLS and DTLS connections with mbed TLS in mbed OS is provided in a separate yotta module: [mbed-tls-sockets](https://github.com/ARMmbed/mbed-tls-sockets). We recommend this API for TLS and DTLS connections. It is very similar to the API provided by the [sockets](https://github.com/ARMmbed/sockets) module for unencrypted TCP and UDP connections.
-
-The `mbed-tls-sockets` module includes a complete [example TLS client](https://github.com/ARMmbed/mbed-tls-sockets/blob/master/test/tls-client/main.cpp) with [usage instructions](https://github.com/ARMmbed/mbed-tls-sockets/blob/master/test/tls-client/README.md).
-
-## Configuring mbed TLS features
-
-mbed TLS makes it easy to disable any feature during compilation, if that feature isn't required for a particular project. The default configuration enables all modern and widely-used features, which should meet the needs of new projects, and disables all features that are older or less common, to minimize the code footprint.
-
-The list of available compilation flags is available in the fully documented [config.h file](https://github.com/ARMmbed/mbedtls/blob/development/include/mbedtls/config.h).
-
-If you need to adjust those flags, you can provide your own configuration-adjustment file with suitable `#define` and `#undef` statements. These will be included between the default definitions and the sanity checks. Your configuration file should be in your application's include directory, and can be named freely; you just need to let mbed TLS know the file's name. To do that, use yotta's [configuration system](http://docs.yottabuild.org/reference/config.html). The file's name should be in your `config.json` file, under mbedtls, as the key `user-config-file`.
-
-For example, in an application called `myapp`, if you want to enable the EC J-PAKE key exchange and disable the CBC cipher mode, you can create a file named `mbedtls-config-changes.h` in the `myapp` directory containing the following lines:
-
- #define MBEDTLS_ECJPAKE_C
- #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
-
- #undef MBEDTLS_CIPHER_MODE_CBC
-
-And then create a file named `config.json` at the root of your application with the following contents:
-
- {
- "mbedtls": {
- "user-config-file": "\"myapp/mbedtls-config-changes.h\""
- }
- }
-
-Please note: you need to provide the exact name that will be used in the `#include` directive, including the `<>` or quotes around the name.
-
-## Getting mbed TLS from GitHub
-
-Like most components of mbed OS, mbed TLS is developed in the open and its source can be found on GitHub: [ARMmbed/mbedtls](https://github.com/ARMmbed/mbedtls). Unlike most other mbed OS components, however, you cannot just clone the repository and run `yotta build` from its root. This is because mbed TLS also exists as an independent component, so its repository includes things that are not relevant for mbed OS, as well as other build systems.
-
-The way to use mbed TLS from a clone of the GitHub repository is to run the following commands from the root of a checkout:
-
- yotta/create-module.sh
- cd yotta/module
-
-You can then run any yotta command you would normally run, such as `yotta build` or `yotta link`.
-
-## Differences between the standalone and mbed OS editions
-
-While the two editions share the same code base, there are still a number of differences, mainly in configuration and integration. You should keep in mind those differences when reading some articles in our [knowledge base](https://tls.mbed.org/kb), as currently all the articles are about the standalone edition.
-
-* The mbed OS edition has a smaller set of features enabled by default in `config.h`, in order to reduce footprint. While the default configuration of the standalone edition puts more emphasize on maintaining interoperability with old peers, the mbed OS edition only enables the most modern ciphers and the latest version of (D)TLS.
-
-* The following components of mbed TLS are disabled in the mbed OS edition: `net_sockets.c` and `timing.c`. This is because mbed OS include their equivalents.
-
-* The mbed OS edition comes with a fully integrated API for (D)TLS connections in a companion module: [mbed-tls-sockets](https://github.com/ARMmbed/mbed-tls-sockets). See "Performing TLS and DTLS connections" above.
-
-## Other resources
-
-The [mbed TLS website](https://tls.mbed.org) contains many other useful
-resources for the developer, such as [developer
-documentation](https://tls.mbed.org/dev-corner), [knowledgebase
-articles](https://tls.mbed.org/kb), and a [support forum](https://tls.mbed.org/discussions).
-
-## Contributing
-
-We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions:
-
-* Simple bug fixes to existing code do not contain copyright themselves and we can integrate without issue. The same is true of trivial contributions.
-
-* For larger contributions, such as a new feature, the code can possibly fall under copyright law. We then need your consent to share in the ownership of the copyright. We have a form for this, which we will send to you in case you submit a contribution or pull request that we deem this necessary for.
-
-To contribute, please:
-
-* [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
-
-* Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
-
-* Write a test that shows that the bug was fixed or that the feature works as expected.
-
-* Send a pull request and bug us until it gets merged and published. We will include your name in the ChangeLog.
-
diff --git a/yotta/data/adjust-config.sh b/yotta/data/adjust-config.sh
deleted file mode 100755
index 3fa8490..0000000
--- a/yotta/data/adjust-config.sh
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-if [ $# -ne 2 ]; then
- echo "Usage: $0 path/to/config.pl path/to/config.h" >&2
- exit 1
-fi
-
-SCRIPT=$1
-FILE=$2
-
-conf() {
- $SCRIPT -f $FILE $@
-}
-
-
-# Set the target specific header
-conf set YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE \"mbedtls/target_config.h\"
-
-# not supported on mbed OS, nor used by mbed Client
-conf unset MBEDTLS_NET_C
-conf unset MBEDTLS_TIMING_C
-
-# not supported on all targets with mbed OS, nor used by mbed Client
-conf unset MBEDTLS_FS_IO
-
-conf unset MBEDTLS_CIPHER_MODE_CFB
-conf unset MBEDTLS_CIPHER_MODE_CTR
-conf unset MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
-conf unset MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
-conf unset MBEDTLS_CIPHER_PADDING_ZEROS
-conf unset MBEDTLS_ECP_DP_SECP192R1_ENABLED
-conf unset MBEDTLS_ECP_DP_SECP224R1_ENABLED
-conf unset MBEDTLS_ECP_DP_SECP521R1_ENABLED
-conf unset MBEDTLS_ECP_DP_SECP192K1_ENABLED
-conf unset MBEDTLS_ECP_DP_SECP224K1_ENABLED
-conf unset MBEDTLS_ECP_DP_SECP256K1_ENABLED
-conf unset MBEDTLS_ECP_DP_BP256R1_ENABLED
-conf unset MBEDTLS_ECP_DP_BP384R1_ENABLED
-conf unset MBEDTLS_ECP_DP_BP512R1_ENABLED
-conf unset MBEDTLS_PK_PARSE_EC_EXTENDED
-
-conf unset MBEDTLS_AESNI_C
-conf unset MBEDTLS_ARC4_C
-conf unset MBEDTLS_BLOWFISH_C
-conf unset MBEDTLS_CAMELLIA_C
-conf unset MBEDTLS_DES_C
-conf unset MBEDTLS_DHM_C
-conf unset MBEDTLS_GENPRIME
-conf unset MBEDTLS_MD5_C
-conf unset MBEDTLS_PADLOCK_C
-conf unset MBEDTLS_PEM_WRITE_C
-conf unset MBEDTLS_PKCS5_C
-conf unset MBEDTLS_PKCS12_C
-conf unset MBEDTLS_RIPEMD160_C
-conf unset MBEDTLS_SHA1_C
-conf unset MBEDTLS_XTEA_C
-
-conf unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
-
-conf unset MBEDTLS_X509_CSR_PARSE_C
-conf unset MBEDTLS_X509_CREATE_C
-conf unset MBEDTLS_X509_CRT_WRITE_C
-conf unset MBEDTLS_X509_CSR_WRITE_C
-
-conf unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
-conf unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-conf unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-conf unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-conf unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-conf unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-conf unset MBEDTLS_SSL_FALLBACK_SCSV
-conf unset MBEDTLS_SSL_CBC_RECORD_SPLITTING
-conf unset MBEDTLS_SSL_PROTO_TLS1
-conf unset MBEDTLS_SSL_PROTO_TLS1_1
-conf unset MBEDTLS_SSL_TRUNCATED_HMAC
diff --git a/yotta/data/entropy_hardware_poll.c b/yotta/data/entropy_hardware_poll.c
deleted file mode 100644
index 3a61e22..0000000
--- a/yotta/data/entropy_hardware_poll.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Hardware entropy collector for the K64F, using Freescale's RNGA
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- * WARNING: this is temporary!
- * This should be in a separate yotta module which would be a target
- * dependency of mbedtls (see IOTSSL-313)
- */
-
-#if defined(TARGET_LIKE_K64F)
-
-/*
- * Reference: "K64 Sub-Family Reference Manual, Rev. 2", chapter 34
- */
-
-#include "fsl_clock_manager.h"
-
-/*
- * Get one byte of entropy from the RNG, assuming it is up and running.
- * As recommended (34.1.1), get only one bit of each output.
- */
-static void rng_get_byte( unsigned char *byte )
-{
- size_t bit;
-
- /* 34.5 Steps 3-4-5: poll SR and read from OR when ready */
- for( bit = 0; bit < 8; bit++ )
- {
- while( ( RNG->SR & RNG_SR_OREG_LVL_MASK ) == 0 );
- *byte |= ( RNG->OR & 1 ) << bit;
- }
-}
-
-/*
- * Get len bytes of entropy from the hardware RNG.
- */
-int mbedtls_hardware_poll( void *data,
- unsigned char *output, size_t len, size_t *olen )
-{
- size_t i;
- int ret;
- ((void) data);
-
- CLOCK_SYS_EnableRngaClock( 0 );
-
- /* Set "Interrupt Mask", "High Assurance" and "Go",
- * unset "Clear interrupt" and "Sleep" */
- RNG->CR = RNG_CR_INTM_MASK | RNG_CR_HA_MASK | RNG_CR_GO_MASK;
-
- for( i = 0; i < len; i++ )
- rng_get_byte( output + i );
-
- /* Just be extra sure that we didn't do it wrong */
- if( ( RNG->SR & RNG_SR_SECV_MASK ) != 0 )
- {
- ret = -1;
- goto cleanup;
- }
-
- *olen = len;
- ret = 0;
-
-cleanup:
- /* Disable clock to save power - assume we're the only users of RNG */
- CLOCK_SYS_DisableRngaClock( 0 );
-
- return( ret );
-}
-
-#endif
diff --git a/yotta/data/example-authcrypt/README.md b/yotta/data/example-authcrypt/README.md
deleted file mode 100644
index 4498b9d..0000000
--- a/yotta/data/example-authcrypt/README.md
+++ /dev/null
@@ -1,68 +0,0 @@
-# Authenticated Encryption Example
-
-This application performs authenticated encryption and authenticated decryption of a buffer. It serves as a tutorial for the basic authenticated encryption functions of mbed TLS.
-
-## Pre-requisites
-
-To build and run this example you must have:
-
-* A computer with the following software installed:
- * [CMake](http://www.cmake.org/download/).
- * [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows).
- * [Python](https://www.python.org/downloads/).
- * [The ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
- * A serial terminal emulator (Like screen, pySerial and cu).
-* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below).
-* A micro-USB cable.
-* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration).
-
-## Getting started
-
-1. Connect the FRDM-K64F to the computer with the micro-USB cable, being careful to use the "OpenSDA" connector on the target board.
-
-2. Navigate to the mbedtls directory supplied with your release and open a terminal.
-
-3. Set the yotta target:
-
- ```
- yotta target frdm-k64f-gcc
- ```
-
-4. Build mbedtls and the examples. This may take a long time if this is your first compilation:
-
- ```
- $ yotta build
- ```
-
-5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-authcrypt.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
-
-6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
-
- Use the following settings:
-
- * 115200 baud (not 9600).
- * 8N1.
- * No flow control.
-
-7. Press the Reset button on the board.
-
-8. The output in the terminal window should look like:
-
- ```
- {{timeout;10}}
- {{host_test_name;default}}
- {{description;mbed TLS example authcrypt}}
- {{test_id;MBEDTLS_EX_AUTHCRYPT}}
- {{start}}
-
-
- plaintext message: 536f6d65207468696e67732061726520626574746572206c65667420756e7265616400
- ciphertext: c57f7afb94f14c7977d785d08682a2596bd62ee9dcf216b8cccd997afee9b402f5de1739e8e6467aa363749ef39392e5c66622b01c7203ec0a3d14
- decrypted: 536f6d65207468696e67732061726520626574746572206c65667420756e7265616400
-
- DONE
- {{success}}
- {{end}}
- ```
-
-The actual output for the ciphertext line will vary on each run because of the use of a random nonce in the encryption process.
diff --git a/yotta/data/example-authcrypt/main.cpp b/yotta/data/example-authcrypt/main.cpp
deleted file mode 100644
index 23fad27..0000000
--- a/yotta/data/example-authcrypt/main.cpp
+++ /dev/null
@@ -1,197 +0,0 @@
-/*
- * Hello world example of using the authenticated encryption with mbed TLS
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#include "mbedtls/cipher.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <stdio.h>
-#include <string.h>
-
-static void print_hex(const char *title, const unsigned char buf[], size_t len)
-{
- printf("%s: ", title);
-
- for (size_t i = 0; i < len; i++)
- printf("%02x", buf[i]);
-
- printf("\r\n");
-}
-
-/*
- * The pre-shared key. Should be generated randomly and be unique to the
- * device/channel/etc. Just used a fixed on here for simplicity.
- */
-static const unsigned char secret_key[16] = {
- 0xf4, 0x82, 0xc6, 0x70, 0x3c, 0xc7, 0x61, 0x0a,
- 0xb9, 0xa0, 0xb8, 0xe9, 0x87, 0xb8, 0xc1, 0x72,
-};
-
-static int example(void)
-{
- /* message that should be protected */
- const char message[] = "Some things are better left unread";
- /* metadata transmitted in the clear but authenticated */
- const char metadata[] = "eg sequence number, routing info";
- /* ciphertext buffer large enough to hold message + nonce + tag */
- unsigned char ciphertext[128] = { 0 };
- int ret;
-
- printf("\r\n\r\n");
- print_hex("plaintext message", (unsigned char *) message, sizeof message);
-
- /*
- * Setup random number generator
- * (Note: later this might be done automatically.)
- */
- mbedtls_entropy_context entropy; /* entropy pool for seeding PRNG */
- mbedtls_ctr_drbg_context drbg; /* pseudo-random generator */
-
- mbedtls_entropy_init(&entropy);
- mbedtls_ctr_drbg_init(&drbg);
-
- /* Seed the PRNG using the entropy pool, and throw in our secret key as an
- * additional source of randomness. */
- ret = mbedtls_ctr_drbg_seed(&drbg, mbedtls_entropy_func, &entropy,
- secret_key, sizeof (secret_key));
- if (ret != 0) {
- printf("mbedtls_ctr_drbg_init() returned -0x%04X\r\n", -ret);
- return 1;
- }
-
- /*
- * Setup AES-CCM contex
- */
- mbedtls_cipher_context_t ctx;
-
- mbedtls_cipher_init(&ctx);
-
- ret = mbedtls_cipher_setup(&ctx, mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CCM));
- if (ret != 0) {
- printf("mbedtls_cipher_setup() returned -0x%04X\r\n", -ret);
- return 1;
- }
-
- ret = mbedtls_cipher_setkey(&ctx, secret_key, 8 * sizeof secret_key, MBEDTLS_ENCRYPT);
- if (ret != 0) {
- printf("mbedtls_cipher_setkey() returned -0x%04X\r\n", -ret);
- return 1;
- }
-
- /*
- * Encrypt-authenticate the message and authenticate additional data
- *
- * First generate a random 8-byte nonce.
- * Put it directly in the output buffer as the recipient will need it.
- *
- * Warning: you must never re-use the same (key, nonce) pair. One of the
- * best ways to ensure this to use a counter for the nonce. However this
- * means you should save the counter accross rebots, if the key is a
- * long-term one. The alternative we choose here is to generate the nonce
- * randomly. However it only works if you have a good source of
- * randomness.
- */
- const size_t nonce_len = 8;
- mbedtls_ctr_drbg_random(&drbg, ciphertext, nonce_len);
-
- size_t ciphertext_len = 0;
- /* Go for a conservative 16-byte (128-bit) tag
- * and append it to the ciphertext */
- const size_t tag_len = 16;
- ret = mbedtls_cipher_auth_encrypt(&ctx, ciphertext, nonce_len,
- (const unsigned char *) metadata, sizeof metadata,
- (const unsigned char *) message, sizeof message,
- ciphertext + nonce_len, &ciphertext_len,
- ciphertext + nonce_len + sizeof message, tag_len );
- if (ret != 0) {
- printf("mbedtls_cipher_auth_encrypt() returned -0x%04X\r\n", -ret);
- return 1;
- }
- ciphertext_len += nonce_len + tag_len;
-
- /*
- * The following information should now be transmitted:
- * - first ciphertext_len bytes of ciphertext buffer
- * - metadata if not already transmitted elsewhere
- */
- print_hex("ciphertext", ciphertext, ciphertext_len);
-
- /*
- * Decrypt-authenticate
- */
- unsigned char decrypted[128] = { 0 };
- size_t decrypted_len = 0;
-
- ret = mbedtls_cipher_setkey(&ctx, secret_key, 8 * sizeof secret_key, MBEDTLS_DECRYPT);
- if (ret != 0) {
- printf("mbedtls_cipher_setkey() returned -0x%04X\r\n", -ret);
- return 1;
- }
-
- ret = mbedtls_cipher_auth_decrypt(&ctx,
- ciphertext, nonce_len,
- (const unsigned char *) metadata, sizeof metadata,
- ciphertext + nonce_len, ciphertext_len - nonce_len - tag_len,
- decrypted, &decrypted_len,
- ciphertext + ciphertext_len - tag_len, tag_len );
- /* Checking the return code is CRITICAL for security here */
- if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) {
- printf("Something bad is happening! Data is not authentic!\r\n");
- return 1;
- }
- if (ret != 0) {
- printf("mbedtls_cipher_authdecrypt() returned -0x%04X\r\n", -ret);
- return 1;
- }
-
- print_hex("decrypted", decrypted, decrypted_len);
-
- printf("\r\nDONE\r\n");
-
- return 0;
-}
-
-#if defined(TARGET_LIKE_MBED)
-
-#include "mbed-drivers/test_env.h"
-#include "minar/minar.h"
-
-static void run() {
- MBED_HOSTTEST_TIMEOUT(10);
- MBED_HOSTTEST_SELECT(default);
- MBED_HOSTTEST_DESCRIPTION(mbed TLS example authcrypt);
- MBED_HOSTTEST_START("MBEDTLS_EX_AUTHCRYPT");
- MBED_HOSTTEST_RESULT(example() == 0);
-}
-
-void app_start(int, char*[]) {
- /* Use 115200 bps for consistency with other examples */
- get_stdio_serial().baud(115200);
- minar::Scheduler::postCallback(mbed::util::FunctionPointer0<void>(run).bind());
-}
-
-#else
-
-int main() {
- return example();
-}
-
-#endif
diff --git a/yotta/data/example-benchmark/README.md b/yotta/data/example-benchmark/README.md
deleted file mode 100644
index 715abee..0000000
--- a/yotta/data/example-benchmark/README.md
+++ /dev/null
@@ -1,100 +0,0 @@
-# mbed TLS Benchmark Example
-
-This application benchmarks the various cryptographic primitives offered by mbed TLS.
-
-## Pre-requisites
-
-To build and run this example you must have:
-
-* A computer with the following software installed:
- * [CMake](http://www.cmake.org/download/).
- * [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows).
- * [Python](https://www.python.org/downloads/).
- * [The ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
- * A serial terminal emulator (Like screen, pySerial and cu).
-* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below).
-* A micro-USB cable.
-* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration).
-
-## Getting started
-
-1. Connect the FRDM-K64F to the computer with the micro-USB cable, being careful to use the "OpenSDA" connector on the target board.
-
-2. Navigate to the mbedtls directory supplied with your release and open a terminal.
-
-3. Set the yotta target:
-
- ```
- yotta target frdm-k64f-gcc
- ```
-
-4. Build mbedtls and the examples. This may take a long time if this is your first compilation:
-
- ```
- $ yotta build
- ```
-
-5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-benchmark.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
-
-6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
-
- Use the following settings:
-
- * 115200 baud (not 9600).
- * 8N1.
- * No flow control.
-
-7. Press the Reset button on the board.
-
-8. The output in the terminal window should look like:
-
- ```
- {{timeout;150}}
- {{host_test_name;default}}
- {{description;mbed TLS benchmark program}}
- {{test_id;MBEDTLS_BENCHMARK}}
- {{start}}
-
-
- SHA-1 : 3644 KiB/s, 32 cycles/byte
- SHA-256 : 1957 KiB/s, 59 cycles/byte
- SHA-512 : 587 KiB/s, 200 cycles/byte
- AES-CBC-128 : 1359 KiB/s, 86 cycles/byte
- AES-CBC-192 : 1183 KiB/s, 99 cycles/byte
- AES-CBC-256 : 1048 KiB/s, 111 cycles/byte
- AES-GCM-128 : 421 KiB/s, 279 cycles/byte
- AES-GCM-192 : 403 KiB/s, 292 cycles/byte
- AES-GCM-256 : 385 KiB/s, 305 cycles/byte
- AES-CCM-128 : 542 KiB/s, 216 cycles/byte
- AES-CCM-192 : 484 KiB/s, 242 cycles/byte
- AES-CCM-256 : 437 KiB/s, 268 cycles/byte
- CTR_DRBG (NOPR) : 1002 KiB/s, 117 cycles/byte
- CTR_DRBG (PR) : 705 KiB/s, 166 cycles/byte
- HMAC_DRBG SHA-1 (NOPR) : 228 KiB/s, 517 cycles/byte
- HMAC_DRBG SHA-1 (PR) : 210 KiB/s, 561 cycles/byte
- HMAC_DRBG SHA-256 (NOPR) : 212 KiB/s, 557 cycles/byte
- HMAC_DRBG SHA-256 (PR) : 185 KiB/s, 637 cycles/byte
- RSA-2048 : 41 ms/ public
- RSA-2048 : 1349 ms/private
- RSA-4096 : 134 ms/ public
- RSA-4096 : 7149 ms/private
- ECDSA-secp384r1 : 640 ms/sign
- ECDSA-secp256r1 : 387 ms/sign
- ECDSA-secp384r1 : 1233 ms/verify
- ECDSA-secp256r1 : 751 ms/verify
- ECDHE-secp384r1 : 1191 ms/handshake
- ECDHE-secp256r1 : 730 ms/handshake
- ECDHE-Curve25519 : 611 ms/handshake
- ECDH-secp384r1 : 584 ms/handshake
- ECDH-secp256r1 : 365 ms/handshake
- ECDH-Curve25519 : 303 ms/handshake
-
- {{success}}
- {{end}}
- ```
-
-Any performance data generated by this example application are indicative only of the performance of the mbed TLS module on the platform it's executed on.
-
-Differences in the integration of mbed TLS into the platform, such as whether all available hardware accelerators have been used or not, can lead to significant differences in performance, and so results from the program are not intended to be used to meaningfully compare platforms.
-
-The figures may also slightly change from execution to execution due to variations in the timing functions.
diff --git a/yotta/data/example-benchmark/main.cpp b/yotta/data/example-benchmark/main.cpp
deleted file mode 100644
index d13cde5..0000000
--- a/yotta/data/example-benchmark/main.cpp
+++ /dev/null
@@ -1,951 +0,0 @@
-/*
- * Benchmark demonstration program
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(TARGET_LIKE_MBED)
-
-#include <stdio.h>
-
-int main() {
- printf("this version of this program only works on mbed OS\n");
- return 0;
-}
-
-#else
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_exit exit
-#define mbedtls_printf printf
-#define mbedtls_snprintf snprintf
-#define mbedtls_free free
-#endif
-
-#include <string.h>
-
-#include "mbedtls/md4.h"
-#include "mbedtls/md5.h"
-#include "mbedtls/ripemd160.h"
-#include "mbedtls/sha1.h"
-#include "mbedtls/sha256.h"
-#include "mbedtls/sha512.h"
-#include "mbedtls/arc4.h"
-#include "mbedtls/des.h"
-#include "mbedtls/aes.h"
-#include "mbedtls/blowfish.h"
-#include "mbedtls/camellia.h"
-#include "mbedtls/gcm.h"
-#include "mbedtls/ccm.h"
-#include "mbedtls/havege.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/hmac_drbg.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/pk.h"
-#include "mbedtls/dhm.h"
-#include "mbedtls/ecdsa.h"
-#include "mbedtls/ecdh.h"
-#include "mbedtls/error.h"
-
-#include "mbed-drivers/mbed.h"
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#include "mbedtls/memory_buffer_alloc.h"
-#endif
-
-#define RSA_PRIVATE_KEY_2048 \
-"-----BEGIN RSA PRIVATE KEY-----\r\n" \
-"MIIEogIBAAKCAQEA2dwVr+IMGEtA2/MCP6fA5eb/6B18Bq6e7gw8brNPkm3E6LyR\r\n" \
-"4DnMJVxZmw3bPDKBDoKzfntkMESi/Yw5UopLtVfjGfWeQWPClqffLZBsZ60BRAsg\r\n" \
-"/g+ID5tgzxSuxzftypK59uexOVCAm7hCKZHGO3DbI7bLY27j7VAgEP7d/yuaz5Fx\r\n" \
-"Kl/vu7shqrBoz6ABJVJD3KC8nUiMRUCXRINmxbyUUjA4DnicZv6+xrGKr36r6M8h\r\n" \
-"VYLa5msKc8WzbnBWzpUsrpb4/r7ML+qp92gdSfVJ8/bLiU7h2C7faDA59uaqrFK9\r\n" \
-"xmDdx7FaWhGQs3LWW6w1UNgkPS0FDYUslpsnsQIDAQABAoIBAC7IJNwM5V3+IuJY\r\n" \
-"T35Nzo1PyloUosJokvY5KGz5Ejg2XBdCDu0gXCcVqqQyGIbXrYDpLhQV+RCoXHun\r\n" \
-"tdN0oQdC5SB47s/J1Uo2qCUHo0+sBd6PqTkFKsl3KxWssk9TQjvCwC412IefMs69\r\n" \
-"hW+ZvwCanmQP56LleApIr2oW4KLfW8Ry/QfZlua+dizctdN7+H1mWwgZQTY9T27J\r\n" \
-"6RtGRA5NVkKVPzIHVJfdpKoO7xGg1g06aEbPB/VmGvZaaFWWnaf7uRvFjLZecBLu\r\n" \
-"QSx2DA/GDjirlDYj99PJb7DtB4xRtKzsyw0o+xapC8w6OtIl/3xFt9moCu2jGrsx\r\n" \
-"vpjHdfECgYEA7fSACRseIs9gAIVX8wq6gayTpA47DHYWAD6IQfIj35SJ+AgsvbFF\r\n" \
-"4AmrwDhcJVPmDy1N4nLBfyGAMt/2CfiYkdkW6QFX/ULRMMBL/G7kWV8hYQDICB2g\r\n" \
-"xaMRN1lPCmFq6BkSWjwIYTnYDFBDWVm1GVT8TMtJoM8Erej9qC0PeFUCgYEA6mF3\r\n" \
-"bigO3t8f5sig+XepaftEUbkJMzo72TVRnIR2ycdR2ihelPQ+25g9dwV0ZA5XXhBS\r\n" \
-"DKOABWjMM739Mwmy9v26Dlmu9R01zHQktMvtEAyfz7lk2NF0aMuj8285OJUBf9bz\r\n" \
-"Cq3MjtMCD+4CZ6iaEqCdUKOuxfpx5cWVJV+qve0CgYBhD1YaYMFOGaBjFgDl1f51\r\n" \
-"Xltqk5NqZdBbkSYrIAWZ8RDF5y+4wFJsLAWuhk6vuyUgE66tK3nZzWRpXAkT0B8L\r\n" \
-"fq1lpXKqj1KcvBNCiEkEW1VWJ+dvyAYIF5eyJ++hoFLnETL3M32HivyhKSwPihPg\r\n" \
-"nVW8TT9fJJIYDe1JZ/fjcQKBgHJfv7UsrR0LSvkG3K8AOtbx+8PZhOjPuRbk0v+L\r\n" \
-"EKCkuIe5/XW4vtfQMeZb7hFJgk7vrepm+vkoy8VQKDf4urGW3W1VTHBmobM01hi4\r\n" \
-"DuYvEul+Mf0wMRtWjJolo4m+BO5KiW2jpFfqFm6JmfjVqOIAKOSKC6am8V/MDF0h\r\n" \
-"kyN9AoGAT9oOiEXMolbkDZw/QCaBiRoAGlGlNYUkJ+58U6OjIZLISw6aFv+Y2uE0\r\n" \
-"mEImItjuYZtSYKblWikp6ldPoKlt9bwEFe3c6IZ8kJ3+xyEyAGrvjXjEY7PzP6dp\r\n" \
-"Ajbjp9X9uocEBv9W/KsBLdQ7yizcL/toHwdBO4vQqmqTvAc5IIw=\r\n" \
-"-----END RSA PRIVATE KEY-----\r\n"
-
-#define RSA_PRIVATE_KEY_4096 \
-"-----BEGIN RSA PRIVATE KEY-----\r\n" \
-"MIIJKgIBAAKCAgEAmkdGjoIshJuOt2NO47qB3Z3yyvmLg2j351isItSNuFQU3qr+\r\n" \
-"jXHIeANf03yw/K0Zvos8RPd+CqLjoxAQL3QDH4bZAl88bIo29i+SANbNSrKQmc0k\r\n" \
-"pH+yzw3alDzO0GZaOPZjsbo6AwBrno5msi0vRuC2aY8vGLPsZWSyLai7tneS1j/o\r\n" \
-"vYW6XIo8Cj61j2Ypy9HhVUW/4Wc+zAT25D/x7jTpkqJLWWT+YzibNbOY48M5eJcB\r\n" \
-"6/sMyUIeI3/u/wXyMrooNyLiCpedkuHRA0m7u5cWPTUISTunSRlVFij/NHJjuU8e\r\n" \
-"wA3B29yfZFsUqDEnyc+OxniIueAixTomVszxAaVn8zFEbYhFMPqziiFp99u3jfeG\r\n" \
-"k1q9mmUi/uCfUC4e2IC5rqq1ZbKSduH7Ug/Vn2bGQahww0sZFRHDXFrnBcotcW+M\r\n" \
-"bnC290VBDnYgzmdYrIOxuPb2aUwJo4ZlbKh5uBB1PigMuyhLKibQ1a+V5ZJGdpP6\r\n" \
-"SE9PGIdgYWSmh2QEMuLE6v+wTO2LQ5JgqsvFfi3GIZvkn0s8jTS72Jq2uMkFkMer\r\n" \
-"UBjPDYaSPy5kpo103KerWs+cMPOJ/3FtZzI++7MoSUTkWVr1ySQFt5i1EIZ/0Thi\r\n" \
-"jut2jNe8a4AoA3TtC8Rkk/3AIIbg8MVNT4EnT+KHROTMu6gET1oJ3YfBRpUCAwEA\r\n" \
-"AQKCAgEAhuNSmT7PVZH8kfLOAuYKrY1vvm+4v0iDl048Eqfs0QESziyLK3gUYnnw\r\n" \
-"yqP2yrU+EQ8Dvvj0xq/sf6GHxTWVlXb9PcmutueRbmXhLcKg83J0Y0StiPXtjIL8\r\n" \
-"XSddW3Bh6fPi7n14Qy+W6KZwu9AtybanRlvePabyRSRpdOpWVQ7u30w5XZsSed6S\r\n" \
-"6BI0BBC68m2qqje1sInoqdCdXKtcB31TytUDNEHM+UuAyM8iGeGS2hCNqZlycHTS\r\n" \
-"jQ9KEsdMH3YLu0lQgRpWtxmg+VL6ROWwmAtKF12EwbDYZ+uoVl69OkQnCpv8pxKa\r\n" \
-"ec/4m6V+uEA1AOpaAMorHG3fH31IKWC/fTZstovgO/eG2XCtlbcCoWCQ7amFq16l\r\n" \
-"Gh1UKeBHxMXpDj4oDmIUGUvgzSNnEeSN/v76losWvWYQDjXR/LMDa/CNYsD8BmJR\r\n" \
-"PZidIjIXdVRlYOhA7ljtySQvp6RBujBfw3tsVMyZw2XzXFwM9O89b1xXC6+M5jf9\r\n" \
-"DXs/U7Fw+J9qq/YpByABcPCwWdttwdQFRbOxwxaSOKarIqS87TW1JuFcNJ59Ut6G\r\n" \
-"kMvAg6gC34U+0ktkG/AmI1hgjC+P7ErHCXBR2xARoGzcO/CMZF59S+Z2HFchpTSP\r\n" \
-"5T2o4mGy3VfHSBidQQrcZRukg8ZP8M1NF3bXjpY6QZpeLHc4oHECggEBAMjdgzzk\r\n" \
-"xp4mIYFxAEiXYt7tzuUXJk+0UpEJj5uboWLirUZqZmNUPyh6WDnzlREBH++Ms0LO\r\n" \
-"+AWSfaGPDoMb0NE2j3c4FRWAhe7Vn6lj7nLVpF2RdwRo88yGerZ4uwGMY8NUQCtn\r\n" \
-"zum3J7eCJ5DojiceRb6uMxTJ8xZmUC4W2f3J/lrR7wlYjyVnnHqH5HcemYUipWSw\r\n" \
-"sM0/cHp3lrz2VWrbAEu8HVpklvDQpdAgl7cjXt/JHYawY+p426IF/PzQSRROnzgy\r\n" \
-"4WI8FVYNV2tgu0TOFURbkkEvuj/duDKeooUIF0G0XHzha5oAX/j0iWiHbrOF6wHj\r\n" \
-"0xeajL9msKBnmD8CggEBAMSgLWmv7G31x4tndJCcXnX4AyVL7KpygAx/ZwCcyTR8\r\n" \
-"rY1rO07f/ta2noEra/xmEW/BW98qJFCHSU2nSLAQ5FpFSWyuQqrnffrMJnfWyvpr\r\n" \
-"ceQ0yQ/MiA6/JIOvGAjabcspzZijxzGp+Qk3eTT0yOXLSVOCH9B9XVHLodcy4PQM\r\n" \
-"KSCxy0vVHhVNl2SdPEwTXRmxk99Q/rw6IHVpQxBq1OhQt05nTKT+rZMD/grSK22e\r\n" \
-"my2F0DodAJwLo063Zv3RXQZhDYodMmjcp9Hqrtvj9P3HD7J3z6ACiV3SCi8cZumL\r\n" \
-"bSmnKCcd0bb45+aOWm31ieECJuIcJ9rOREEa/KDYTCsCggEBAMG5WkSVhLWsou37\r\n" \
-"dUGNuA63nq42SH3gtS0q4nU6gUkkw+dA4ST1cMByVrr1oRQ4WHup4I4TnQOKyF3T\r\n" \
-"4jQy1I+ipnVeAn+tZ/7zyzwMpEHeqNqRXA9FxbTBEoMAJ6QTqXgOvqDeSqIAQm7r\r\n" \
-"OYu5rrgtqyh/S8bGCwvUe4ooAfCSKx2ekYMbBVwW9MT8YS09tuS/iHJ3Mt2RTMLg\r\n" \
-"qeHvVmxrcXqZoFm44Ba7tN/pP0mi9HKyviZT4tmV3IYEbn3JyGGsfkUuVU9wEUfg\r\n" \
-"MCrgrVxrwfketAzooiHMjkVL2ASjzAJTmEvdAPETYXxzJD9LN0ovY3t8JfAC37IN\r\n" \
-"sVXS8/MCggEBALByOS59Y4Ktq1rLBQx8djwQyuneP0wZohUVAx7Gk7xZIfklQDyg\r\n" \
-"v/R4PrcVezstcPpDnykdjScCsGJR+uWc0v667I/ttP/e6utz5hVmmBGu965dPAzE\r\n" \
-"c1ggaSkOqFfRg/Nr2Qbf+fH0YPnHYSqHe/zSt0OMIvaaeXLcdKhEDSCUBRhE1HWB\r\n" \
-"kxR046WzgBeYzNQwycz9xwqsctJKGpeR9ute+5ANHPd3X9XtID0fqz8ctI5eZaSw\r\n" \
-"wApIW01ZQcAF8B+4WkkVuFXnpWW33yCOaRyPVOPHpnclr5WU1fS+3Q85QkW9rkej\r\n" \
-"97zlkl0QY9AHJqrXnoML1ywAK7ns+MVyNK8CggEAf62xcKZhOb1djeF72Ms+i/i/\r\n" \
-"WIAq4Q4YpsElgvJTHpNH2v9g4ngSTKe3ws3bGc502sWRlhcoTFMOW2rJNe/iqKkb\r\n" \
-"3cdeTkseDbpqozmJWz9dJWSVtXas2bZjzBEa//gQ7nHGVeQdqZJQ9rxPsoOAkfpi\r\n" \
-"qCFrmfUVUqC53e3XMt8+W+aSvKl+JZiB9ozkO9A6Q0vfQLKtjUMdQE3XaCFQT8DI\r\n" \
-"smaLBlBmeRaBpc02ENeC4ADlWosm1SwgxqMhuh2Alba/GrHOoPlVl4hDs9Fb5a6R\r\n" \
-"rmpXSt07GAxnG6j9jssA95E4rc1zO0CVKG5bvjVTxwi/sT0/VVX7VsJM4uTAQg==\r\n" \
-"-----END RSA PRIVATE KEY-----\r\n"
-
-#if defined _MSC_VER && !defined snprintf
-#define snprintf _snprintf
-#endif
-
-/*
- * For heap usage estimates, we need an estimate of the overhead per allocated
- * block. ptmalloc2/3 (used in gnu libc for instance) uses 2 size_t per block,
- * so use that as our baseline.
- */
-#define MEM_BLOCK_OVERHEAD ( 2 * sizeof( size_t ) )
-
-/*
- * Size to use for the malloc buffer if MEMORY_BUFFER_ALLOC_C is defined.
- */
-#define HEAP_SIZE (1u << 16) // 64k
-
-#define BUFSIZE 1024
-#define HEADER_FORMAT " %-24s : "
-#define TITLE_LEN 25
-
-#define OPTIONS \
- "md4, md5, ripemd160, sha1, sha256, sha512,\r\n" \
- "arc4, des3, des, aes_cbc, aes_gcm, aes_ccm, camellia, blowfish,\r\n" \
- "havege, ctr_drbg, hmac_drbg\r\n" \
- "rsa, dhm, ecdsa, ecdh.\r\n"
-
-#if defined(MBEDTLS_ERROR_C)
-#define PRINT_ERROR \
- mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \
- mbedtls_printf( "FAILED: %s\r\n", tmp );
-#else
-#define PRINT_ERROR \
- mbedtls_printf( "FAILED: -0x%04x\r\n", -ret );
-#endif
-
-static unsigned long mbedtls_timing_hardclock( void )
-{
- static int dwt_started = 0;
-
- if( dwt_started == 0 )
- {
- CoreDebug->DEMCR |= CoreDebug_DEMCR_TRCENA_Msk;
- DWT->CTRL |= DWT_CTRL_CYCCNTENA_Msk;
- }
-
- return( DWT->CYCCNT );
-}
-
-static volatile int alarmed;
-static void alarm() { alarmed = 1; }
-
-#define TIME_AND_TSC( TITLE, CODE ) \
-do { \
- unsigned long i, j, tsc; \
- Timeout t; \
- \
- mbedtls_printf( HEADER_FORMAT, TITLE ); \
- fflush( stdout ); \
- \
- for( i = 1, alarmed = 0, t.attach( alarm, 1.0 ); !alarmed; i++ ) \
- { \
- CODE; \
- } \
- \
- tsc = mbedtls_timing_hardclock(); \
- for( j = 0; j < 1024; j++ ) \
- { \
- CODE; \
- } \
- \
- mbedtls_printf( "%9lu KiB/s, %9lu cycles/byte\r\n", \
- i * BUFSIZE / 1024, \
- ( mbedtls_timing_hardclock() - tsc ) / ( j * BUFSIZE ) ); \
-} while( 0 )
-
-#if defined(MBEDTLS_ERROR_C)
-#define PRINT_ERROR \
- mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \
- mbedtls_printf( "FAILED: %s\r\n", tmp );
-#else
-#define PRINT_ERROR \
- mbedtls_printf( "FAILED: -0x%04x\r\n", -ret );
-#endif
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
-
-#define MEMORY_MEASURE_INIT \
- size_t max_used, max_blocks, max_bytes; \
- size_t prv_used, prv_blocks; \
- mbedtls_memory_buffer_alloc_cur_get( &prv_used, &prv_blocks ); \
- mbedtls_memory_buffer_alloc_max_reset( );
-
-#define MEMORY_MEASURE_PRINT( title_len ) \
- mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
- for( i = 12 - title_len; i != 0; i-- ) mbedtls_printf( " " ); \
- max_used -= prv_used; \
- max_blocks -= prv_blocks; \
- max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \
- mbedtls_printf( "%6u heap bytes", (unsigned) max_bytes );
-
-#else
-#define MEMORY_MEASURE_INIT
-#define MEMORY_MEASURE_PRINT( title_len )
-#endif
-
-#define TIME_PUBLIC( TITLE, TYPE, CODE ) \
-do { \
- unsigned long ms; \
- int ret = 0; \
- Timer t; \
- MEMORY_MEASURE_INIT; \
- \
- mbedtls_printf( HEADER_FORMAT, TITLE ); \
- fflush( stdout ); \
- \
- t.start(); \
- CODE; \
- t.stop(); \
- ms = t.read_ms(); \
- \
- if( ret != 0 ) \
- { \
- PRINT_ERROR; \
- } \
- else \
- { \
- mbedtls_printf( "%6lu ms/" TYPE, ms ); \
- MEMORY_MEASURE_PRINT( sizeof( TYPE ) + 1 ); \
- mbedtls_printf( "\r\n" ); \
- } \
-} while( 0 )
-
-static int myrand( void *rng_state, unsigned char *output, size_t len )
-{
- size_t use_len;
- int rnd;
-
- if( rng_state != NULL )
- rng_state = NULL;
-
- while( len > 0 )
- {
- use_len = len;
- if( use_len > sizeof(int) )
- use_len = sizeof(int);
-
- rnd = rand();
- memcpy( output, &rnd, use_len );
- output += use_len;
- len -= use_len;
- }
-
- return( 0 );
-}
-
-/*
- * Clear some memory that was used to prepare the context
- */
-#if defined(MBEDTLS_ECP_C)
-void ecp_clear_precomputed( mbedtls_ecp_group *grp )
-{
- if( grp->T != NULL )
- {
- size_t i;
- for( i = 0; i < grp->T_size; i++ )
- mbedtls_ecp_point_free( &grp->T[i] );
- mbedtls_free( grp->T );
- }
- grp->T = NULL;
- grp->T_size = 0;
-}
-#else
-#define ecp_clear_precomputed( g )
-#endif
-
-unsigned char buf[BUFSIZE];
-
-typedef struct {
- char md4, md5, ripemd160, sha1, sha256, sha512,
- arc4, des3, des, aes_cbc, aes_gcm, aes_ccm, camellia, blowfish,
- havege, ctr_drbg, hmac_drbg,
- rsa, dhm, ecdsa, ecdh;
-} todo_list;
-
-int benchmark( int argc, char *argv[] )
-{
- int i;
- unsigned char tmp[200];
- char title[TITLE_LEN];
- todo_list todo;
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
- unsigned char malloc_buf[HEAP_SIZE] = { 0 };
-#endif
-
- if( argc <= 1 )
- {
- memset( &todo, 1, sizeof( todo ) );
- }
- else
- {
- memset( &todo, 0, sizeof( todo ) );
-
- for( i = 1; i < argc; i++ )
- {
- if( strcmp( argv[i], "md4" ) == 0 )
- todo.md4 = 1;
- else if( strcmp( argv[i], "md5" ) == 0 )
- todo.md5 = 1;
- else if( strcmp( argv[i], "ripemd160" ) == 0 )
- todo.ripemd160 = 1;
- else if( strcmp( argv[i], "sha1" ) == 0 )
- todo.sha1 = 1;
- else if( strcmp( argv[i], "sha256" ) == 0 )
- todo.sha256 = 1;
- else if( strcmp( argv[i], "sha512" ) == 0 )
- todo.sha512 = 1;
- else if( strcmp( argv[i], "arc4" ) == 0 )
- todo.arc4 = 1;
- else if( strcmp( argv[i], "des3" ) == 0 )
- todo.des3 = 1;
- else if( strcmp( argv[i], "des" ) == 0 )
- todo.des = 1;
- else if( strcmp( argv[i], "aes_cbc" ) == 0 )
- todo.aes_cbc = 1;
- else if( strcmp( argv[i], "aes_gcm" ) == 0 )
- todo.aes_gcm = 1;
- else if( strcmp( argv[i], "aes_ccm" ) == 0 )
- todo.aes_ccm = 1;
- else if( strcmp( argv[i], "camellia" ) == 0 )
- todo.camellia = 1;
- else if( strcmp( argv[i], "blowfish" ) == 0 )
- todo.blowfish = 1;
- else if( strcmp( argv[i], "havege" ) == 0 )
- todo.havege = 1;
- else if( strcmp( argv[i], "ctr_drbg" ) == 0 )
- todo.ctr_drbg = 1;
- else if( strcmp( argv[i], "hmac_drbg" ) == 0 )
- todo.hmac_drbg = 1;
- else if( strcmp( argv[i], "rsa" ) == 0 )
- todo.rsa = 1;
- else if( strcmp( argv[i], "dhm" ) == 0 )
- todo.dhm = 1;
- else if( strcmp( argv[i], "ecdsa" ) == 0 )
- todo.ecdsa = 1;
- else if( strcmp( argv[i], "ecdh" ) == 0 )
- todo.ecdh = 1;
- else
- {
- mbedtls_printf( "Unrecognized option: %s\r\n", argv[i] );
- mbedtls_printf( "Available options: " OPTIONS );
- }
- }
- }
-
- mbedtls_printf( "\r\n\r\n" );
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
- mbedtls_memory_buffer_alloc_init( malloc_buf, sizeof( malloc_buf ) );
-#endif
- memset( buf, 0xAA, sizeof( buf ) );
- memset( tmp, 0xBB, sizeof( tmp ) );
-
-#if defined(MBEDTLS_MD4_C)
- if( todo.md4 )
- TIME_AND_TSC( "MD4", mbedtls_md4( buf, BUFSIZE, tmp ) );
-#endif
-
-#if defined(MBEDTLS_MD5_C)
- if( todo.md5 )
- TIME_AND_TSC( "MD5", mbedtls_md5( buf, BUFSIZE, tmp ) );
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
- if( todo.ripemd160 )
- TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160( buf, BUFSIZE, tmp ) );
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
- if( todo.sha1 )
- TIME_AND_TSC( "SHA-1", mbedtls_sha1( buf, BUFSIZE, tmp ) );
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
- if( todo.sha256 )
- TIME_AND_TSC( "SHA-256", mbedtls_sha256( buf, BUFSIZE, tmp, 0 ) );
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
- if( todo.sha512 )
- TIME_AND_TSC( "SHA-512", mbedtls_sha512( buf, BUFSIZE, tmp, 0 ) );
-#endif
-
-#if defined(MBEDTLS_ARC4_C)
- if( todo.arc4 )
- {
- mbedtls_arc4_context arc4;
- mbedtls_arc4_init( &arc4 );
- mbedtls_arc4_setup( &arc4, tmp, 32 );
- TIME_AND_TSC( "ARC4", mbedtls_arc4_crypt( &arc4, BUFSIZE, buf, buf ) );
- mbedtls_arc4_free( &arc4 );
- }
-#endif
-
-#if defined(MBEDTLS_DES_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
- if( todo.des3 )
- {
- mbedtls_des3_context des3;
- mbedtls_des3_init( &des3 );
- mbedtls_des3_set3key_enc( &des3, tmp );
- TIME_AND_TSC( "3DES",
- mbedtls_des3_crypt_cbc( &des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
- mbedtls_des3_free( &des3 );
- }
-
- if( todo.des )
- {
- mbedtls_des_context des;
- mbedtls_des_init( &des );
- mbedtls_des_setkey_enc( &des, tmp );
- TIME_AND_TSC( "DES",
- mbedtls_des_crypt_cbc( &des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
- mbedtls_des_free( &des );
- }
-#endif
-
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
- if( todo.aes_cbc )
- {
- int keysize;
- mbedtls_aes_context aes;
- mbedtls_aes_init( &aes );
- for( keysize = 128; keysize <= 256; keysize += 64 )
- {
- mbedtls_snprintf( title, sizeof( title ), "AES-CBC-%d", keysize );
-
- memset( buf, 0, sizeof( buf ) );
- memset( tmp, 0, sizeof( tmp ) );
- mbedtls_aes_setkey_enc( &aes, tmp, keysize );
-
- TIME_AND_TSC( title,
- mbedtls_aes_crypt_cbc( &aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
- }
- mbedtls_aes_free( &aes );
- }
-#endif
-#if defined(MBEDTLS_GCM_C)
- if( todo.aes_gcm )
- {
- int keysize;
- mbedtls_gcm_context gcm;
-
- mbedtls_gcm_init( &gcm );
- for( keysize = 128; keysize <= 256; keysize += 64 )
- {
- mbedtls_snprintf( title, sizeof( title ), "AES-GCM-%d", keysize );
-
- memset( buf, 0, sizeof( buf ) );
- memset( tmp, 0, sizeof( tmp ) );
- mbedtls_gcm_setkey( &gcm, MBEDTLS_CIPHER_ID_AES, tmp, keysize );
-
- TIME_AND_TSC( title,
- mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_ENCRYPT, BUFSIZE, tmp,
- 12, NULL, 0, buf, buf, 16, tmp ) );
-
- mbedtls_gcm_free( &gcm );
- }
- }
-#endif
-#if defined(MBEDTLS_CCM_C)
- if( todo.aes_ccm )
- {
- int keysize;
- mbedtls_ccm_context ccm;
-
- mbedtls_ccm_init( &ccm );
- for( keysize = 128; keysize <= 256; keysize += 64 )
- {
- mbedtls_snprintf( title, sizeof( title ), "AES-CCM-%d", keysize );
-
- memset( buf, 0, sizeof( buf ) );
- memset( tmp, 0, sizeof( tmp ) );
- mbedtls_ccm_setkey( &ccm, MBEDTLS_CIPHER_ID_AES, tmp, keysize );
-
- TIME_AND_TSC( title,
- mbedtls_ccm_encrypt_and_tag( &ccm, BUFSIZE, tmp,
- 12, NULL, 0, buf, buf, tmp, 16 ) );
-
- mbedtls_ccm_free( &ccm );
- }
- }
-#endif
-#endif
-
-#if defined(MBEDTLS_CAMELLIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
- if( todo.camellia )
- {
- int keysize;
- mbedtls_camellia_context camellia;
- mbedtls_camellia_init( &camellia );
- for( keysize = 128; keysize <= 256; keysize += 64 )
- {
- mbedtls_snprintf( title, sizeof( title ), "CAMELLIA-CBC-%d", keysize );
-
- memset( buf, 0, sizeof( buf ) );
- memset( tmp, 0, sizeof( tmp ) );
- mbedtls_camellia_setkey_enc( &camellia, tmp, keysize );
-
- TIME_AND_TSC( title,
- mbedtls_camellia_crypt_cbc( &camellia, MBEDTLS_CAMELLIA_ENCRYPT,
- BUFSIZE, tmp, buf, buf ) );
- }
- mbedtls_camellia_free( &camellia );
- }
-#endif
-
-#if defined(MBEDTLS_BLOWFISH_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
- if( todo.blowfish )
- {
- int keysize;
- mbedtls_blowfish_context blowfish;
- mbedtls_blowfish_init( &blowfish );
-
- for( keysize = 128; keysize <= 256; keysize += 64 )
- {
- mbedtls_snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize );
-
- memset( buf, 0, sizeof( buf ) );
- memset( tmp, 0, sizeof( tmp ) );
- mbedtls_blowfish_setkey( &blowfish, tmp, keysize );
-
- TIME_AND_TSC( title,
- mbedtls_blowfish_crypt_cbc( &blowfish, MBEDTLS_BLOWFISH_ENCRYPT, BUFSIZE,
- tmp, buf, buf ) );
- }
-
- mbedtls_blowfish_free( &blowfish );
- }
-#endif
-
-#if defined(MBEDTLS_HAVEGE_C)
- if( todo.havege )
- {
- mbedtls_havege_state hs;
- mbedtls_havege_init( &hs );
- TIME_AND_TSC( "HAVEGE", mbedtls_havege_random( &hs, buf, BUFSIZE ) );
- mbedtls_havege_free( &hs );
- }
-#endif
-
-#if defined(MBEDTLS_CTR_DRBG_C)
- if( todo.ctr_drbg )
- {
- mbedtls_ctr_drbg_context ctr_drbg;
-
- mbedtls_ctr_drbg_init( &ctr_drbg );
-
- if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
- mbedtls_exit(1);
- TIME_AND_TSC( "CTR_DRBG (NOPR)",
- if( mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
- mbedtls_exit(1) );
-
- if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
- mbedtls_exit(1);
- mbedtls_ctr_drbg_set_prediction_resistance( &ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON );
- TIME_AND_TSC( "CTR_DRBG (PR)",
- if( mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
- mbedtls_exit(1) );
- mbedtls_ctr_drbg_free( &ctr_drbg );
- }
-#endif
-
-#if defined(MBEDTLS_HMAC_DRBG_C)
- if( todo.hmac_drbg )
- {
- mbedtls_hmac_drbg_context hmac_drbg;
- const mbedtls_md_info_t *md_info;
-
- mbedtls_hmac_drbg_init( &hmac_drbg );
-
-#if defined(MBEDTLS_SHA1_C)
- if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL )
- mbedtls_exit(1);
-
- if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
- mbedtls_exit(1);
- TIME_AND_TSC( "HMAC_DRBG SHA-1 (NOPR)",
- if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
- mbedtls_exit(1) );
- mbedtls_hmac_drbg_free( &hmac_drbg );
-
- if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
- mbedtls_exit(1);
- mbedtls_hmac_drbg_set_prediction_resistance( &hmac_drbg,
- MBEDTLS_HMAC_DRBG_PR_ON );
- TIME_AND_TSC( "HMAC_DRBG SHA-1 (PR)",
- if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
- mbedtls_exit(1) );
- mbedtls_hmac_drbg_free( &hmac_drbg );
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
- if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ) ) == NULL )
- mbedtls_exit(1);
-
- if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
- mbedtls_exit(1);
- TIME_AND_TSC( "HMAC_DRBG SHA-256 (NOPR)",
- if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
- mbedtls_exit(1) );
- mbedtls_hmac_drbg_free( &hmac_drbg );
-
- if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
- mbedtls_exit(1);
- mbedtls_hmac_drbg_set_prediction_resistance( &hmac_drbg,
- MBEDTLS_HMAC_DRBG_PR_ON );
- TIME_AND_TSC( "HMAC_DRBG SHA-256 (PR)",
- if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
- mbedtls_exit(1) );
- mbedtls_hmac_drbg_free( &hmac_drbg );
-#endif
- }
-#endif
-
-#if defined(MBEDTLS_RSA_C) && \
- defined(MBEDTLS_PEM_PARSE_C) && defined(MBEDTLS_PK_PARSE_C)
- if( todo.rsa )
- {
- mbedtls_pk_context pk;
- mbedtls_rsa_context *rsa;
- const char *rsa_keys[] = { RSA_PRIVATE_KEY_2048, RSA_PRIVATE_KEY_4096 };
- size_t i;
-
- for( i = 0; i < sizeof( rsa_keys ) / sizeof( rsa_keys[0] ); i++ )
- {
- mbedtls_pk_init( &pk );
- mbedtls_pk_parse_key( &pk, (const unsigned char *) rsa_keys[i],
- strlen( rsa_keys[i] ) + 1, NULL, 0 );
- rsa = mbedtls_pk_rsa( pk );
-
- mbedtls_snprintf( title, sizeof( title ), "RSA-%d", mbedtls_pk_get_bitlen( &pk ) );
-
- TIME_PUBLIC( title, " public",
- buf[0] = 0;
- ret = mbedtls_rsa_public( rsa, buf, buf ) );
-
- TIME_PUBLIC( title, "private",
- buf[0] = 0;
- ret = mbedtls_rsa_private( rsa, myrand, NULL, buf, buf ) );
-
- mbedtls_pk_free( &pk );
- }
- }
-#endif
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_BIGNUM_C)
- if( todo.dhm )
- {
- int dhm_sizes[] = { 2048, 3072 };
- const char *dhm_P[] = {
- MBEDTLS_DHM_RFC3526_MODP_2048_P,
- MBEDTLS_DHM_RFC3526_MODP_3072_P,
- };
- const char *dhm_G[] = {
- MBEDTLS_DHM_RFC3526_MODP_2048_G,
- MBEDTLS_DHM_RFC3526_MODP_3072_G,
- };
-
- mbedtls_dhm_context dhm;
- size_t olen;
- for( i = 0; (size_t) i < sizeof( dhm_sizes ) / sizeof( dhm_sizes[0] ); i++ )
- {
- mbedtls_dhm_init( &dhm );
-
- if( mbedtls_mpi_read_string( &dhm.P, 16, dhm_P[i] ) != 0 ||
- mbedtls_mpi_read_string( &dhm.G, 16, dhm_G[i] ) != 0 )
- {
- mbedtls_exit( 1 );
- }
-
- dhm.len = mbedtls_mpi_size( &dhm.P );
- mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len, myrand, NULL );
- if( mbedtls_mpi_copy( &dhm.GY, &dhm.GX ) != 0 )
- mbedtls_exit( 1 );
-
- mbedtls_snprintf( title, sizeof( title ), "DHE-%d", dhm_sizes[i] );
- TIME_PUBLIC( title, "handshake",
- ret |= mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len,
- myrand, NULL );
- ret |= mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &olen, myrand, NULL ) );
-
- mbedtls_snprintf( title, sizeof( title ), "DH-%d", dhm_sizes[i] );
- TIME_PUBLIC( title, "handshake",
- ret |= mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &olen, myrand, NULL ) );
-
- mbedtls_dhm_free( &dhm );
- }
- }
-#endif
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C)
- if( todo.ecdsa )
- {
- mbedtls_ecdsa_context ecdsa;
- const mbedtls_ecp_curve_info *curve_info;
- size_t sig_len;
-
- memset( buf, 0x2A, sizeof( buf ) );
-
- for( curve_info = mbedtls_ecp_curve_list();
- curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++ )
- {
- mbedtls_ecdsa_init( &ecdsa );
-
- if( mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL ) != 0 )
- mbedtls_exit( 1 );
- ecp_clear_precomputed( &ecdsa.grp );
-
- mbedtls_snprintf( title, sizeof( title ), "ECDSA-%s",
- curve_info->name );
- TIME_PUBLIC( title, "sign",
- ret = mbedtls_ecdsa_write_signature( &ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size,
- tmp, &sig_len, myrand, NULL ) );
-
- mbedtls_ecdsa_free( &ecdsa );
- }
-
- for( curve_info = mbedtls_ecp_curve_list();
- curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++ )
- {
- mbedtls_ecdsa_init( &ecdsa );
-
- if( mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL ) != 0 ||
- mbedtls_ecdsa_write_signature( &ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size,
- tmp, &sig_len, myrand, NULL ) != 0 )
- {
- mbedtls_exit( 1 );
- }
- ecp_clear_precomputed( &ecdsa.grp );
-
- mbedtls_snprintf( title, sizeof( title ), "ECDSA-%s",
- curve_info->name );
- TIME_PUBLIC( title, "verify",
- ret = mbedtls_ecdsa_read_signature( &ecdsa, buf, curve_info->bit_size,
- tmp, sig_len ) );
-
- mbedtls_ecdsa_free( &ecdsa );
- }
- }
-#endif
-
-#if defined(MBEDTLS_ECDH_C)
- if( todo.ecdh )
- {
- mbedtls_ecdh_context ecdh;
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
- mbedtls_mpi z;
-#endif
- const mbedtls_ecp_curve_info *curve_info;
- size_t olen;
-
- for( curve_info = mbedtls_ecp_curve_list();
- curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++ )
- {
- mbedtls_ecdh_init( &ecdh );
-
- if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 ||
- mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
- myrand, NULL ) != 0 ||
- mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) != 0 )
- {
- mbedtls_exit( 1 );
- }
- ecp_clear_precomputed( &ecdh.grp );
-
- mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s",
- curve_info->name );
- TIME_PUBLIC( title, "handshake",
- ret |= mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
- myrand, NULL );
- ret |= mbedtls_ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ),
- myrand, NULL ) );
- mbedtls_ecdh_free( &ecdh );
- }
-
- /* Curve25519 needs to be handled separately */
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
- mbedtls_ecdh_init( &ecdh );
- mbedtls_mpi_init( &z );
-
- if( mbedtls_ecp_group_load( &ecdh.grp, MBEDTLS_ECP_DP_CURVE25519 ) != 0 ||
- mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL ) != 0 )
- {
- mbedtls_exit( 1 );
- }
-
- TIME_PUBLIC( "ECDHE-Curve25519", "handshake",
- ret |= mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q,
- myrand, NULL );
- ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
- myrand, NULL ) );
-
- mbedtls_ecdh_free( &ecdh );
- mbedtls_mpi_free( &z );
-#endif
-
- for( curve_info = mbedtls_ecp_curve_list();
- curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
- curve_info++ )
- {
- mbedtls_ecdh_init( &ecdh );
-
- if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 ||
- mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
- myrand, NULL ) != 0 ||
- mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) != 0 ||
- mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf),
- myrand, NULL ) != 0 )
- {
- mbedtls_exit( 1 );
- }
- ecp_clear_precomputed( &ecdh.grp );
-
- mbedtls_snprintf( title, sizeof( title ), "ECDH-%s",
- curve_info->name );
- TIME_PUBLIC( title, "handshake",
- ret |= mbedtls_ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ),
- myrand, NULL ) );
- mbedtls_ecdh_free( &ecdh );
- }
-
- /* Curve25519 needs to be handled separately */
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
- mbedtls_ecdh_init( &ecdh );
- mbedtls_mpi_init( &z );
-
- if( mbedtls_ecp_group_load( &ecdh.grp, MBEDTLS_ECP_DP_CURVE25519 ) != 0 ||
- mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp,
- myrand, NULL ) != 0 ||
- mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL ) != 0 )
- {
- mbedtls_exit( 1 );
- }
-
- TIME_PUBLIC( "ECDH-Curve25519", "handshake",
- ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
- myrand, NULL ) );
-
- mbedtls_ecdh_free( &ecdh );
- mbedtls_mpi_free( &z );
-#endif
- }
-#endif
-
- mbedtls_printf( "\r\n" );
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
- mbedtls_memory_buffer_alloc_free();
-#endif
-
-#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\r\n" );
- fflush( stdout ); getchar();
-#endif
-
- return( 0 );
-}
-
-#include "mbed-drivers/test_env.h"
-#include "minar/minar.h"
-
-static void run() {
- MBED_HOSTTEST_TIMEOUT(150);
- MBED_HOSTTEST_SELECT(default);
- MBED_HOSTTEST_DESCRIPTION(mbed TLS benchmark program);
- MBED_HOSTTEST_START("MBEDTLS_BENCHMARK");
- MBED_HOSTTEST_RESULT(benchmark(0, NULL) == 0);
-}
-
-void app_start(int, char*[]) {
- /* Use 115200 bps for consistency with other examples */
- get_stdio_serial().baud(115200);
- minar::Scheduler::postCallback(mbed::util::FunctionPointer0<void>(run).bind());
-}
-
-#endif /* TARGET_LIKE_MBED */
diff --git a/yotta/data/example-hashing/README.md b/yotta/data/example-hashing/README.md
deleted file mode 100644
index 6f0f969..0000000
--- a/yotta/data/example-hashing/README.md
+++ /dev/null
@@ -1,67 +0,0 @@
-# SHA-256 Hash Example
-
-This application performs hashing of a buffer with SHA-256 using various APIs. It serves as a tutorial for the basic hashing APIs of mbed TLS.
-
-## Pre-requisites
-
-To build and run this example you must have:
-
-* A computer with the following software installed:
- * [CMake](http://www.cmake.org/download/).
- * [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows).
- * [Python](https://www.python.org/downloads/).
- * [The ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
- * A serial terminal emulator (Like screen, pySerial and cu).
-* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below).
-* A micro-USB cable.
-* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration).
-
-## Getting started
-
-1. Connect the FRDM-K64F to the computer with the micro-USB cable, being careful to use the "OpenSDA" connector on the target board.
-
-2. Navigate to the mbedtls directory supplied with your release and open a terminal.
-
-3. Set the yotta target:
-
- ```
- yotta target frdm-k64f-gcc
- ```
-
-4. Build mbedtls and the examples. This may take a long time if this is your first compilation:
-
- ```
- $ yotta build
- ```
-
-5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-hashing.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
-
-6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
-
- Use the following settings:
-
- * 115200 baud (not 9600).
- * 8N1.
- * No flow control.
-
-7. Press the Reset button on the board.
-
-8. The output in the terminal window should look like:
-
- ```
- {{timeout;10}}
- {{host_test_name;default}}
- {{description;mbed TLS example on hashing}}
- {{test_id;MBEDTLS_EX_HASHING}}
- {{start}}
-
-
- Method 1: 315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3
- Method 2: 315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3
- Method 3: 315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3
- Method 4: 315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3
-
- DONE
- {{success}}
- {{end}}
- ```
diff --git a/yotta/data/example-hashing/main.cpp b/yotta/data/example-hashing/main.cpp
deleted file mode 100644
index 574152a..0000000
--- a/yotta/data/example-hashing/main.cpp
+++ /dev/null
@@ -1,177 +0,0 @@
-/*
- * Hello world example of using the hashing functions of mbed TLS
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- * This program illustrates various ways of hashing a buffer.
- * You normally need only one of these two includes.
- */
-#include "mbedtls/sha256.h" /* SHA-256 only */
-#include "mbedtls/md.h" /* generic interface */
-
-#if defined(TARGET_LIKE_MBED)
-#include "mbed-drivers/mbed.h"
-#endif
-#include <cstdio>
-
-static void print_hex(const char *title, const unsigned char buf[], size_t len)
-{
- printf("%s: ", title);
-
- for (size_t i = 0; i < len; i++)
- printf("%02x", buf[i]);
-
- printf("\r\n");
-}
-
-static const char hello_str[] = "Hello, world!";
-static const unsigned char *hello_buffer = (const unsigned char *) hello_str;
-static const size_t hello_len = sizeof hello_str - 1;
-
-int example(void)
-{
- printf( "\r\n\r\n" );
-
- /*
- * Method 1: use all-in-one function of a specific SHA-xxx module
- */
- unsigned char output1[32]; /* SHA-256 outputs 32 bytes */
-
- /* 0 here means use the full SHA-256, not the SHA-224 variant */
- mbedtls_sha256(hello_buffer, hello_len, output1, 0);
-
- print_hex("Method 1", output1, sizeof output1);
-
-
- /*
- * Method 2: use the streaming interface of a specific SHA-xxx module
- * This is useful if we get our input piecewise.
- */
- unsigned char output2[32];
- mbedtls_sha256_context ctx2;
-
- mbedtls_sha256_init(&ctx2);
- mbedtls_sha256_starts(&ctx2, 0); /* SHA-256, not 224 */
-
- /* Simulating multiple fragments */
- mbedtls_sha256_update(&ctx2, hello_buffer, 1);
- mbedtls_sha256_update(&ctx2, hello_buffer + 1, 1);
- mbedtls_sha256_update(&ctx2, hello_buffer + 2, hello_len - 2);
-
- mbedtls_sha256_finish(&ctx2, output2);
- print_hex("Method 2", output2, sizeof output2);
-
- /* Or you could re-use the context by doing mbedtls_sha256_starts() again */
- mbedtls_sha256_free(&ctx2);
-
- /*
- * Method 3: use all-in-one function of the generice interface
- */
- unsigned char output3[MBEDTLS_MD_MAX_SIZE]; /* Enough for any hash */
-
- /* Can easily pick any hash you want, by identifier */
- const mbedtls_md_info_t *md_info3 = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
-
- if (md_info3 == NULL)
- {
- printf("SHA256 not available\r\n");
- return 1;
- }
-
- int ret3 = mbedtls_md(md_info3, hello_buffer, hello_len, output3);
-
- if (ret3 != 0)
- {
- printf("md() returned -0x%04X\r\n", -ret3);
- return 1;
- }
-
- print_hex("Method 3", output3, mbedtls_md_get_size(md_info3));
-
-
- /*
- * Method 4: streaming & generic interface
- */
- unsigned char output4[MBEDTLS_MD_MAX_SIZE]; /* Enough for any hash */
-
- const mbedtls_md_info_t *md_info4 = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
-
- if (md_info4 == NULL)
- {
- printf("SHA256 not available\r\n");
- return 1;
- }
-
- mbedtls_md_context_t ctx4;
-
- mbedtls_md_init(&ctx4);
-
- int ret4 = mbedtls_md_init_ctx(&ctx4, md_info4);
- if (ret4 != 0)
- {
- printf("md_init_ctx() returned -0x%04X\r\n", -ret4);
- return 1;
- }
-
- mbedtls_md_starts(&ctx4);
-
- /* Simulating multiple fragments */
- mbedtls_md_update(&ctx4, hello_buffer, 1);
- mbedtls_md_update(&ctx4, hello_buffer + 1, 1);
- mbedtls_md_update(&ctx4, hello_buffer + 2, hello_len - 2);
-
- mbedtls_md_finish(&ctx4, output4);
- print_hex("Method 4", output4, mbedtls_md_get_size(md_info4));
-
- /* Or you could re-use the context by doing mbedtls_md_starts() again */
- mbedtls_md_free(&ctx4);
-
-
- printf("\r\nDONE\r\n");
-
- return 0;
-}
-
-#if defined(TARGET_LIKE_MBED)
-
-#include "mbed-drivers/test_env.h"
-#include "minar/minar.h"
-
-static void run() {
- MBED_HOSTTEST_TIMEOUT(10);
- MBED_HOSTTEST_SELECT(default);
- MBED_HOSTTEST_DESCRIPTION(mbed TLS example on hashing);
- MBED_HOSTTEST_START("MBEDTLS_EX_HASHING");
- MBED_HOSTTEST_RESULT(example() == 0);
-}
-
-void app_start(int, char*[]) {
- /* Use 115200 bps for consistency with other examples */
- get_stdio_serial().baud(115200);
- minar::Scheduler::postCallback(mbed::util::FunctionPointer0<void>(run).bind());
-}
-
-#else
-
-int main() {
- return example();
-}
-
-#endif
diff --git a/yotta/data/example-selftest/README.md b/yotta/data/example-selftest/README.md
deleted file mode 100644
index b8e9cd4..0000000
--- a/yotta/data/example-selftest/README.md
+++ /dev/null
@@ -1,82 +0,0 @@
-# mbed TLS Selftest Example
-
-This application runs the various selftest functions of individual mbed TLS components. It serves as a basic sanity check to verify operation of mbed TLS on your platform. In the future, a wider portion of the mbed TLS test suite will become part of this example application.
-
-## Pre-requisites
-
-To build and run this example you must have:
-
-* A computer with the following software installed:
- * [CMake](http://www.cmake.org/download/).
- * [yotta](https://github.com/ARMmbed/yotta). Please note that **yotta has its own set of dependencies**, listed in the [installation instructions](http://armmbed.github.io/yotta/#installing-on-windows).
- * [Python](https://www.python.org/downloads/).
- * [The ARM GCC toolchain](https://launchpad.net/gcc-arm-embedded).
- * A serial terminal emulator (Like screen, pySerial and cu).
-* An [FRDM-K64F](http://developer.mbed.org/platforms/FRDM-K64F/) development board, or another board supported by mbed OS (in which case you'll have to substitute frdm-k64f-gcc with the appropriate target in the instructions below).
-* A micro-USB cable.
-* If your OS is Windows, please follow the installation instructions [for the serial port driver](https://developer.mbed.org/handbook/Windows-serial-configuration).
-
-## Getting started
-
-1. Connect the FRDM-K64F to the computer with the micro-USB cable, being careful to use the "OpenSDA" connector on the target board.
-
-2. Navigate to the mbedtls directory supplied with your release and open a terminal.
-
-3. Set the yotta target:
-
- ```
- yotta target frdm-k64f-gcc
- ```
-
-4. Build mbedtls and the examples. This may take a long time if this is your first compilation:
-
- ```
- $ yotta build
- ```
-
-5. Copy `build/frdm-k64f-gcc/test/mbedtls-test-example-selftest.bin` to your mbed board and wait until the LED next to the USB port stops blinking.
-
-6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F.
-
- Use the following settings:
-
- * 115200 baud (not 9600).
- * 8N1.
- * No flow control.
-
-7. Press the Reset button on the board.
-
-8. The output in the terminal window should look like:
-
- ```
- {{timeout;40}}
- {{host_test_name;default}}
- {{description;mbed TLS selftest program}}
- {{test_id;MBEDTLS_SELFTEST}}
- {{start}}
-
- SHA-224 test #1: passed
- SHA-224 test #2: passed
- SHA-224 test #3: passed
- SHA-256 test #1: passed
- SHA-256 test #2: passed
- SHA-256 test #3: passed
-
- [ ... several lines omitted ... ]
-
- CTR_DRBG (PR = TRUE) : passed
- CTR_DRBG (PR = FALSE): passed
-
- HMAC_DRBG (PR = True) : passed
- HMAC_DRBG (PR = False) : passed
-
- ECP test #1 (constant op_count, base point G): passed
- ECP test #2 (constant op_count, other point): passed
-
- ENTROPY test: passed
-
- [ All tests passed ]
-
- {{success}}
- {{end}}
- ```
diff --git a/yotta/data/example-selftest/main.cpp b/yotta/data/example-selftest/main.cpp
deleted file mode 100644
index 0ff5b04..0000000
--- a/yotta/data/example-selftest/main.cpp
+++ /dev/null
@@ -1,268 +0,0 @@
-/*
- * Self-test demonstration program
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(POLARSSL_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/entropy.h"
-#include "mbedtls/hmac_drbg.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/dhm.h"
-#include "mbedtls/gcm.h"
-#include "mbedtls/ccm.h"
-#include "mbedtls/md2.h"
-#include "mbedtls/md4.h"
-#include "mbedtls/md5.h"
-#include "mbedtls/ripemd160.h"
-#include "mbedtls/sha1.h"
-#include "mbedtls/sha256.h"
-#include "mbedtls/sha512.h"
-#include "mbedtls/arc4.h"
-#include "mbedtls/des.h"
-#include "mbedtls/aes.h"
-#include "mbedtls/camellia.h"
-#include "mbedtls/base64.h"
-#include "mbedtls/bignum.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/x509.h"
-#include "mbedtls/xtea.h"
-#include "mbedtls/pkcs5.h"
-#include "mbedtls/ecp.h"
-
-#include <stdio.h>
-#include <string.h>
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#include "mbedtls/memory_buffer_alloc.h"
-#endif
-
-int selftest( int argc, char *argv[] )
-{
- int ret = 0, v;
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
- unsigned char buf[1000000];
-#endif
-
- if( argc == 2 && strcmp( argv[1], "-quiet" ) == 0 )
- v = 0;
- else
- {
- v = 1;
- mbedtls_printf( "\n" );
- }
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
- mbedtls_memory_buffer_alloc_init( buf, sizeof(buf) );
-#endif
-
-#if defined(MBEDTLS_MD2_C)
- if( ( ret = mbedtls_md2_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_MD4_C)
- if( ( ret = mbedtls_md4_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_MD5_C)
- if( ( ret = mbedtls_md5_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
- if( ( ret = mbedtls_ripemd160_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
- if( ( ret = mbedtls_sha1_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
- if( ( ret = mbedtls_sha256_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
- if( ( ret = mbedtls_sha512_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_ARC4_C)
- if( ( ret = mbedtls_arc4_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_DES_C)
- if( ( ret = mbedtls_des_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_AES_C)
- if( ( ret = mbedtls_aes_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)
- if( ( ret = mbedtls_gcm_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)
- if( ( ret = mbedtls_ccm_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_BASE64_C)
- if( ( ret = mbedtls_base64_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_BIGNUM_C)
- if( ( ret = mbedtls_mpi_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_RSA_C)
- if( ( ret = mbedtls_rsa_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_X509_USE_C)
- if( ( ret = mbedtls_x509_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_XTEA_C)
- if( ( ret = mbedtls_xtea_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_CAMELLIA_C)
- if( ( ret = mbedtls_camellia_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_CTR_DRBG_C)
- if( ( ret = mbedtls_ctr_drbg_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_HMAC_DRBG_C)
- if( ( ret = mbedtls_hmac_drbg_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_ECP_C)
- if( ( ret = mbedtls_ecp_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_DHM_C)
- if( ( ret = mbedtls_dhm_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_ENTROPY_C)
- if( ( ret = mbedtls_entropy_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_PKCS5_C)
- if( ( ret = mbedtls_pkcs5_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#if defined(MBEDTLS_TIMING_C)
- if( ( ret = mbedtls_timing_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
-#else
- mbedtls_printf( " POLARSSL_SELF_TEST not defined.\n" );
-#endif
-
- if( v != 0 )
- {
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
- mbedtls_memory_buffer_alloc_status();
-#endif
- }
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
- mbedtls_memory_buffer_alloc_free();
-
- if( ( ret = mbedtls_memory_buffer_alloc_self_test( v ) ) != 0 )
- return( ret );
-#endif
-
- if( v != 0 )
- {
- mbedtls_printf( " [ All tests passed ]\n\n" );
-#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
- }
-
- return( ret );
-}
-
-#if defined(TARGET_LIKE_MBED)
-
-#include "mbed-drivers/test_env.h"
-#include "minar/minar.h"
-
-static void run() {
- MBED_HOSTTEST_TIMEOUT(40);
- MBED_HOSTTEST_SELECT(default);
- MBED_HOSTTEST_DESCRIPTION(mbed TLS selftest program);
- MBED_HOSTTEST_START("MBEDTLS_SELFTEST");
- MBED_HOSTTEST_RESULT(selftest(0, NULL) == 0);
-}
-
-void app_start(int, char*[]) {
- /* Use 115200 bps for consistency with other examples */
- get_stdio_serial().baud(115200);
- minar::Scheduler::postCallback(mbed::util::FunctionPointer0<void>(run).bind());
-}
-
-#else
-
-int main() {
- return selftest(0, NULL);
-}
-
-#endif
diff --git a/yotta/data/module.json b/yotta/data/module.json
deleted file mode 100644
index 0b8b822..0000000
--- a/yotta/data/module.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
- "name": "mbedtls",
- "version": "2.3.1",
- "description": "The mbed TLS crypto/SSL/TLS library",
- "licenses": [
- {
- "url": "https://spdx.org/licenses/Apache-2.0",
- "type": "Apache-2.0"
- }
- ],
- "dependencies": {},
- "targetDependencies": {
- "mbed": { "cmsis-core": "^1.0.0" }
- },
- "testTargetDependencies": {
- "mbed": { "mbed-drivers": "^1.0.0" }
- }
-}
diff --git a/yotta/data/target_config.h b/yotta/data/target_config.h
deleted file mode 100644
index f350ce3..0000000
--- a/yotta/data/target_config.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Temporary target-specific config.h for entropy collection
- *
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if defined(TARGET_LIKE_MBED)
-#define MBEDTLS_NO_PLATFORM_ENTROPY
-#undef MBEDTLS_HAVE_TIME_DATE
-#undef MBEDTLS_FS_IO
-#endif
-
-/*
- * WARNING: this is temporary!
- * This should be in a separate yotta module which would be a target
- * dependency of mbedtls (see IOTSSL-313)
- */
-#if defined(TARGET_LIKE_K64F)
-#define MBEDTLS_ENTROPY_HARDWARE_ALT
-#endif