Merge remote-tracking branch 'upstream-public/pr/1433' into development
diff --git a/CMakeLists.txt b/CMakeLists.txt
index ca4cba2..2018d35 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -31,7 +31,7 @@
if(PERL_FOUND)
# If NULL Entropy is configured, display an appropriate warning
- execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY
+ execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY
RESULT_VARIABLE result)
if(${result} EQUAL 0)
message(WARNING ${NULL_ENTROPY_WARNING})
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..3c6dc74
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,63 @@
+Contributing
+============
+We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions:
+
+ - As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted.
+ - The contribution should not break API or ABI, unless there is a real justification for that. If there is an API change, the contribution, if accepted, will be merged only when there will be a major release.
+
+Contributor License Agreement (CLA)
+-----------------------------------
+- All contributions, whether large or small, require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright.
+- To accept the Contributor’s License Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given.
+
+Coding Standards
+----------------
+- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions are fully tested before submission, as mentioned in the [Tests](#tests) and [Continuous Integration](#continuous-integration-tests) sections.
+- The code should be written in a clean and readable style.
+- The code should be written in a portable generic way, that will benefit the whole community, and not only your own needs.
+- The code should be secure, and will be reviewed from a security point of view as well.
+
+Making a Contribution
+---------------------
+1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
+1. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis.
+1. Write a test which shows that the bug was fixed or that the feature works as expected.
+1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :)
+1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it.
+1. Mbed TLS is released under the Apache license, and as such, all the added files should include the Apache license header.
+
+Backports
+---------
+Mbed TLS maintains some legacy branches, which are released as LTS versions. Mbed TLS should follow backwards compatibility rules, to fit with existing users. As such, backporting to these branches should be handled according to the following rules:
+
+1. If the contribution is a new feature or enhancement, no backporting is needed.
+1. Bug fixes should be backported to the legacy branches containing these bugs.
+1. Changes in the API do not require backporting. If a bug fix introduced a new API, such as new error codes, the bug fix should be implemented differently in the legacy branch.
+
+It would be highly appreciated if a contribution would be backported to a legacy branch in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development).
+At the moment, the legacy branches are:
+
+1. [mbedtls-1.3](https://github.com/ARMmbed/mbedtls/tree/mbedtls-1.3)
+1. [mbedtls-2.1](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.1)
+
+Tests
+-----
+As mentioned, tests that show the correctness of the feature or bug fix should be added to the pull request, if no such tests exist.
+Mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function.
+
+Sample applications, if needed, should be modified as well.
+
+Continuous Integration Tests
+----------------------------
+Once a PR has been made, the Continuous Integration (CI) tests are triggered and run. You should follow the result of the CI tests, and fix failures.
+It is advised to enable the [githooks scripts](https://github.com/ARMmbed/mbedtls/tree/development/tests/git-scripts) prior to pushing your changes, for catching some of the issues as early as possible.
+
+Documentation
+-------------
+Mbed TLS should be well documented. If documentation is needed, speak out!
+
+1. All interfaces should be documented through Doxygen. New APIs should introduce Doxygen documentation.
+1. Complex parts in the code should include comments.
+1. If needed, a Readme file is advised.
+1. If a [Knowledge Base (KB)](https://tls.mbed.org/kb) article should be added, write this as a comment in the PR description.
+1. A [ChangeLog](https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog) entry should be added for this contribution.
diff --git a/ChangeLog b/ChangeLog
index 68fb6f5..7b50534 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,144 @@
mbed TLS ChangeLog (Sorted per branch, date)
-= mbed TLS 2.7.x branch released 2018-xx-xx
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+API Changes
+ * Extend the platform module with a util component that contains
+ functionality shared by multiple Mbed TLS modules. At this stage
+ platform_util.h (and its associated platform_util.c) only contain
+ mbedtls_platform_zeroize(), which is a critical function from a security
+ point of view. mbedtls_platform_zeroize() needs to be regularly tested
+ against compilers to ensure that calls to it are not removed from the
+ output binary as part of redundant code elimination optimizations.
+ Therefore, mbedtls_platform_zeroize() is moved to the platform module to
+ facilitate testing and maintenance.
+
+= mbed TLS 2.9.0 branch released 2018-04-30
+
+Security
+ * Fix an issue in the X.509 module which could lead to a buffer overread
+ during certificate validation. Additionally, the issue could also lead to
+ unnecessary callback checks being made or to some validation checks to be
+ omitted. The overread could be triggered remotely, while the other issues
+ would require a non DER-compliant certificate to be correctly signed by a
+ trusted CA, or a trusted CA with a non DER-compliant certificate. Found by
+ luocm. Fixes #825.
+ * Fix the buffer length assertion in the ssl_parse_certificate_request()
+ function which led to an arbitrary overread of the message buffer. The
+ overreads could be caused by receiving a malformed message at the point
+ where an optional signature algorithms list is expected when the signature
+ algorithms section is too short. In builds with debug output, the overread
+ data is output with the debug data.
+ * Fix a client-side bug in the validation of the server's ciphersuite choice
+ which could potentially lead to the client accepting a ciphersuite it didn't
+ offer or a ciphersuite that cannot be used with the TLS or DTLS version
+ chosen by the server. This could lead to corruption of internal data
+ structures for some configurations.
+
+Features
+ * Add an option, MBEDTLS_AES_FEWER_TABLES, to dynamically compute smaller AES
+ tables during runtime, thereby reducing the RAM/ROM footprint by ~6KiB.
+ Suggested and contributed by jkivilin in pull request #394.
+ * Add initial support for Curve448 (RFC 7748). Only mbedtls_ecp_mul() and
+ ECDH primitive functions (mbedtls_ecdh_gen_public(),
+ mbedtls_ecdh_compute_shared()) are supported for now. Contributed by
+ Nicholas Wilson in pull request #348.
+
+API Changes
+ * Extend the public API with the function of mbedtls_net_poll() to allow user
+ applications to wait for a network context to become ready before reading
+ or writing.
+ * Add function mbedtls_ssl_check_pending() to the public API to allow
+ a check for whether more more data is pending to be processed in the
+ internal message buffers.
+ This function is necessary to determine when it is safe to idle on the
+ underlying transport in case event-driven IO is used.
+
+Bugfix
+ * Fix a spurious uninitialized variable warning in cmac.c. Fix independently
+ contributed by Brian J Murray and David Brown.
+ * Add missing dependencies in test suites that led to build failures
+ in configurations that omit certain hashes or public-key algorithms.
+ Fixes #1040.
+ * Fix C89 incompatibility in benchmark.c. Contributed by Brendan Shanks.
+ #1353
+ * Add missing dependencies for MBEDTLS_HAVE_TIME_DATE and
+ MBEDTLS_VERSION_FEATURES in some test suites. Contributed by
+ Deomid Ryabkov. Fixes #1299, #1475.
+ * Fix the Makefile build process for building shared libraries on Mac OS X.
+ Fixed by mnacamura.
+ * Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was
+ unable to parse keys which had only the optional parameters field of the
+ ECPrivateKey structure. Found by Jethro Beekman, fixed in #1379.
+ * Return the plaintext data more quickly on unpadded CBC decryption, as
+ stated in the mbedtls_cipher_update() documentation. Contributed by
+ Andy Leiserson.
+ * Fix overriding and ignoring return values when parsing and writing to
+ a file in pk_sign program. Found by kevlut in #1142.
+ * Restrict usage of error code MBEDTLS_ERR_SSL_WANT_READ to situations
+ where data needs to be fetched from the underlying transport in order
+ to make progress. Previously, this error code was also occasionally
+ returned when unexpected messages were being discarded, ignoring that
+ further messages could potentially already be pending to be processed
+ in the internal buffers; these cases led to deadlocks when event-driven
+ I/O was used. Found and reported by Hubert Mis in #772.
+ * Fix buffer length assertions in the ssl_parse_certificate_request()
+ function which leads to a potential one byte overread of the message
+ buffer.
+ * Fix invalid buffer sizes passed to zlib during record compression and
+ decompression.
+ * Fix the soversion of libmbedcrypto to match the soversion of the
+ maintained 2.7 branch. The soversion was increased in Mbed TLS
+ version 2.7.1 to reflect breaking changes in that release, but the
+ increment was missed in 2.8.0 and later releases outside of the 2.7 branch.
+
+Changes
+ * Remove some redundant code in bignum.c. Contributed by Alexey Skalozub.
+ * Support cmake builds where Mbed TLS is a subproject. Fix contributed
+ independently by Matthieu Volat and Arne Schwabe.
+ * Improve testing in configurations that omit certain hashes or
+ public-key algorithms. Includes contributions by Gert van Dijk.
+ * Improve negative testing of X.509 parsing.
+ * Do not define global mutexes around readdir() and gmtime() in
+ configurations where the feature is disabled. Found and fixed by Gergely
+ Budai.
+ * Harden the function mbedtls_ssl_config_free() against misuse, so that it
+ doesn't leak memory if the user doesn't use mbedtls_ssl_conf_psk() and
+ instead incorrectly manipulates the configuration structure directly.
+ Found and fix submitted by junyeonLEE in #1220.
+ * Provide an empty implementation of mbedtls_pkcs5_pbes2() when
+ MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2
+ without PBES2. Fixed by Marcos Del Sol Vives.
+ * Add the order of the base point as N in the mbedtls_ecp_group structure
+ for Curve25519 (other curves had it already). Contributed by Nicholas
+ Wilson #481
+ * Improve the documentation of mbedtls_net_accept(). Contributed by Ivan
+ Krylov.
+ * Improve the documentation of mbedtls_ssl_write(). Suggested by
+ Paul Sokolovsky in #1356.
+ * Add an option in the Makefile to support ar utilities where the operation
+ letter must not be prefixed by '-', such as LLVM. Found and fixed by
+ Alex Hixon.
+ * Allow configuring the shared library extension by setting the DLEXT
+ environment variable when using the project makefiles.
+ * Optimize unnecessary zeroing in mbedtls_mpi_copy. Based on a contribution
+ by Alexey Skalozub in #405.
+ * In the SSL module, when f_send, f_recv or f_recv_timeout report
+ transmitting more than the required length, return an error. Raised by
+ Sam O'Connor in #1245.
+ * Improve robustness of mbedtls_ssl_derive_keys against the use of
+ HMAC functions with non-HMAC ciphersuites. Independently contributed
+ by Jiayuan Chen in #1377. Fixes #1437.
+ * Improve security of RSA key generation by including criteria from
+ FIPS 186-4. Contributed by Jethro Beekman. #1380
+ * Declare functions in header files even when an alternative implementation
+ of the corresponding module is activated by defining the corresponding
+ MBEDTLS_XXX_ALT macro. This means that alternative implementations do
+ not need to copy the declarations, and ensures that they will have the
+ same API.
+ * Add platform setup and teardown calls in test suites.
+
+= mbed TLS 2.8.0 branch released 2018-03-16
Default behavior changes
* The truncated HMAC extension now conforms to RFC 6066. This means
@@ -17,6 +155,14 @@
implementation allowed an offline 2^80 brute force attack on the
HMAC key of a single, uninterrupted connection (with no
resumption of the session).
+ * Verify results of RSA private key operations to defend
+ against Bellcore glitch attack.
+ * Fix a buffer overread in ssl_parse_server_key_exchange() that could cause
+ a crash on invalid input.
+ * Fix a buffer overread in ssl_parse_server_psk_hint() that could cause a
+ crash on invalid input.
+ * Fix CRL parsing to reject CRLs containing unsupported critical
+ extensions. Found by Falko Strenzke and Evangelos Karatsiolis.
Features
* Extend PKCS#8 interface by introducing support for the entire SHA
@@ -26,6 +172,10 @@
OpenVPN Inc. Fixes #1339
* Add support for public keys encoded in PKCS#1 format. #1122
+New deprecations
+ * Deprecate support for record compression (configuration option
+ MBEDTLS_ZLIB_SUPPORT).
+
Bugfix
* Fix the name of a DHE parameter that was accidentally changed in 2.7.0.
Fixes #1358.
@@ -35,6 +185,28 @@
In the context of SSL, this resulted in handshake failure. Reported by
daniel in the Mbed TLS forum. #1351
* Fix Windows x64 builds with the included mbedTLS.sln file. #1347
+ * Fix setting version TLSv1 as minimal version, even if TLS 1
+ is not enabled. Set MBEDTLS_SSL_MIN_MAJOR_VERSION
+ and MBEDTLS_SSL_MIN_MINOR_VERSION instead of
+ MBEDTLS_SSL_MAJOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_1. #664
+ * Fix compilation error on Mingw32 when _TRUNCATE is defined. Use _TRUNCATE
+ only if __MINGW32__ not defined. Fix suggested by Thomas Glanzmann and
+ Nick Wilson on issue #355
+ * In test_suite_pk, pass valid parameters when testing for hash length
+ overflow. #1179
+ * Fix memory allocation corner cases in memory_buffer_alloc.c module. Found
+ by Guido Vranken. #639
+ * Log correct number of ciphersuites used in Client Hello message. #918
+ * Fix X509 CRT parsing that would potentially accept an invalid tag when
+ parsing the subject alternative names.
+ * Fix a possible arithmetic overflow in ssl_parse_server_key_exchange()
+ that could cause a key exchange to fail on valid data.
+ * Fix a possible arithmetic overflow in ssl_parse_server_psk_hint() that
+ could cause a key exchange to fail on valid data.
+ * Don't define mbedtls_aes_decrypt and mbedtls_aes_encrypt under
+ MBEDTLS_DEPRECATED_REMOVED. #1388
+ * Fix a 1-byte heap buffer overflow (read-only) during private key parsing.
+ Found through fuzz testing.
Changes
* Fix tag lengths and value ranges in the documentation of CCM encryption.
@@ -43,6 +215,9 @@
* Remove support for the library reference configuration for picocoin.
* MD functions deprecated in 2.7.0 are no longer inline, to provide
a migration path for those depending on the library's ABI.
+ * Clarify the documentation of mbedtls_ssl_setup.
+ * Use (void) when defining functions with no parameters. Contributed by
+ Joris Aerts. #678
= mbed TLS 2.7.0 branch released 2018-02-03
@@ -159,7 +334,7 @@
* Fix ssl_parse_record_header() to silently discard invalid DTLS records
as recommended in RFC 6347 Section 4.1.2.7.
* Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
- Found by projectgus and jethrogb, #836.
+ Found by projectgus and Jethro Beekman, #836.
* Fix usage help in ssl_server2 example. Found and fixed by Bei Lin.
* Parse signature algorithm extension when renegotiating. Previously,
renegotiated handshakes would only accept signatures using SHA-1
@@ -353,8 +528,7 @@
Previous behaviour was to keep processing data even after the alert has
been sent.
* Accept empty trusted CA chain in authentication mode
- MBEDTLS_SSL_VERIFY_OPTIONAL.
- Found by jethrogb. #864
+ MBEDTLS_SSL_VERIFY_OPTIONAL. Found by Jethro Beekman. #864
* Fix implementation of mbedtls_ssl_parse_certificate() to not annihilate
fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to
reflect bad EC curves within verification result.
diff --git a/README.md b/README.md
index 4270e80..a2c3c6f 100644
--- a/README.md
+++ b/README.md
@@ -76,7 +76,9 @@
In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if the target is Windows but the build environment is Unix-like (for instance when cross-compiling, or compiling from an MSYS shell), and `WINDOWS=1` if the build environment is a Windows shell (for instance using mingw32-make) (in that case some targets will not be available).
-Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; if you do so, essential parts such as `-I` will still be preserved. Warning options may be overridden separately using `WARNING_CFLAGS`.
+Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; compiler warning options may be overridden separately using `WARNING_CFLAGS`. Some directory-specific options (for example, `-I` directives) are still preserved.
+
+Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -W`), so it you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overriden from the command line.
Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue.
@@ -84,9 +86,10 @@
### CMake
-In order to build the source using CMake, just enter at the command line:
+In order to build the source using CMake in a separate directory (recommended), just enter at the command line:
- cmake .
+ mkdir /path/to/build_dir && cd /path/to/build_dir
+ cmake /path/to/mbedtls_source
make
In order to run the tests, enter:
@@ -95,7 +98,7 @@
The test suites need Perl to be built. If you don't have Perl installed, you'll want to disable the test suites with:
- cmake -DENABLE_TESTING=Off .
+ cmake -DENABLE_TESTING=Off /path/to/mbedtls_source
If you disabled the test suites, but kept the programs enabled, you can still run a much smaller set of tests with:
@@ -103,31 +106,59 @@
To configure CMake for building shared libraries, use:
- cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
+ cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On /path/to/mbedtls_source
There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific:
-- Release. This generates the default code without any unnecessary information in the binary files.
-- Debug. This generates debug information and disables optimization of the code.
-- Coverage. This generates code coverage information in addition to debug information.
-- ASan. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.)
-- ASanDbg. Same as ASan but slower, with debug information and better stack traces.
-- MemSan. This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86\_64.
-- MemSanDbg. Same as MemSan but slower, with debug information, better stack traces and origin tracking.
-- Check. This activates the compiler warnings that depend on optimization and treats all warnings as errors.
+- `Release`. This generates the default code without any unnecessary information in the binary files.
+- `Debug`. This generates debug information and disables optimization of the code.
+- `Coverage`. This generates code coverage information in addition to debug information.
+- `ASan`. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.)
+- `ASanDbg`. Same as ASan but slower, with debug information and better stack traces.
+- `MemSan`. This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86\_64.
+- `MemSanDbg`. Same as MemSan but slower, with debug information, better stack traces and origin tracking.
+- `Check`. This activates the compiler warnings that depend on optimization and treats all warnings as errors.
Switching build modes in CMake is simple. For debug mode, enter at the command line:
- cmake -D CMAKE_BUILD_TYPE=Debug .
+ cmake -D CMAKE_BUILD_TYPE=Debug /path/to/mbedtls_source
To list other available CMake options, use:
cmake -LH
-Note that, with CMake, if you want to change the compiler or its options after you already ran CMake, you need to clear its cache first, e.g. (using GNU find):
+Note that, with CMake, you can't adjust the compiler or its flags after the
+initial invocation of cmake. This means that `CC=your_cc make` and `make
+CC=your_cc` will *not* work (similarly with `CFLAGS` and other variables).
+These variables need to be adjusted when invoking cmake for the first time,
+for example:
+
+ CC=your_cc cmake /path/to/mbedtls_source
+
+If you already invoked cmake and want to change those settings, you need to
+remove the build directory and create it again.
+
+Note that it is possible to build in-place; this will however overwrite the
+provided Makefiles (see `scripts/tmp_ignore_makefiles.sh` if you want to
+prevent `git status` from showing them as modified). In order to do so, from
+the Mbed TLS source directory, use:
+
+ cmake .
+ make
+
+If you want to change `CC` or `CFLAGS` afterwards, you will need to remove the
+CMake cache. This can be done with the following command using GNU find:
find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
- CC=gcc CFLAGS='-fstack-protector-strong -Wa,--noexecstack' cmake .
+
+You can now make the desired change:
+
+ CC=your_cc cmake .
+ make
+
+Regarding variables, also note that if you set CFLAGS when invoking cmake,
+your value of CFLAGS doesn't override the content provided by cmake (depending
+on the build mode as seen above), it's merely prepended to it.
### Microsoft Visual Studio
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 641d5c4..e27c221 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -24,7 +24,7 @@
*/
/**
- * @mainpage mbed TLS v2.7.0 source code documentation
+ * @mainpage mbed TLS v2.9.0 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index cbe0db4..510fa85 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v2.7.0"
+PROJECT_NAME = "mbed TLS v2.9.0"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
@@ -702,7 +702,7 @@
# directories that are symbolic links (a Unix file system feature) are excluded
# from the input.
-EXCLUDE_SYMLINKS = NO
+EXCLUDE_SYMLINKS = YES
# If the value of the INPUT tag contains directories, you can use the
# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 46016dc..e0fc238 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -1,7 +1,9 @@
/**
* \file aes.h
*
- * \brief The Advanced Encryption Standard (AES) specifies a FIPS-approved
+ * \brief This file contains AES definitions and functions.
+ *
+ * The Advanced Encryption Standard (AES) specifies a FIPS-approved
* cryptographic algorithm that can be used to protect electronic
* data.
*
@@ -12,6 +14,7 @@
* techniques -- Encryption algorithms -- Part 2: Asymmetric
* ciphers</em>.
*/
+
/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0
*
@@ -59,14 +62,14 @@
#define inline __inline
#endif
-#if !defined(MBEDTLS_AES_ALT)
-// Regular implementation
-//
-
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_AES_ALT)
+// Regular implementation
+//
+
/**
* \brief The AES context-type definition.
*/
@@ -85,6 +88,10 @@
}
mbedtls_aes_context;
+#else /* MBEDTLS_AES_ALT */
+#include "aes_alt.h"
+#endif /* MBEDTLS_AES_ALT */
+
/**
* \brief This function initializes the specified AES context.
*
@@ -112,8 +119,8 @@
* <li>192 bits</li>
* <li>256 bits</li></ul>
*
- * \return \c 0 on success or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
- * on failure.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits );
@@ -128,7 +135,8 @@
* <li>192 bits</li>
* <li>256 bits</li></ul>
*
- * \return \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits );
@@ -192,7 +200,8 @@
* \param input The buffer holding the input data.
* \param output The buffer holding the output data.
*
- * \return \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
* on failure.
*/
int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
@@ -313,7 +322,7 @@
* \param input The buffer holding the input data.
* \param output The buffer holding the output data.
*
- * \return \c 0 on success.
+ * \return \c 0 on success.
*/
int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
size_t length,
@@ -391,22 +400,11 @@
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_AES_ALT */
-#include "aes_alt.h"
-#endif /* MBEDTLS_AES_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief Checkup routine.
*
- * \return \c 0 on success, or \c 1 on failure.
+ * \return \c 0 on success.
+ * \return \c 1 on failure.
*/
int mbedtls_aes_self_test( int verbose );
diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h
index f9d93f8..f11fc5b 100644
--- a/include/mbedtls/arc4.h
+++ b/include/mbedtls/arc4.h
@@ -38,14 +38,14 @@
#define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED -0x0019 /**< ARC4 hardware accelerator failed. */
-#if !defined(MBEDTLS_ARC4_ALT)
-// Regular implementation
-//
-
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_ARC4_ALT)
+// Regular implementation
+//
+
/**
* \brief ARC4 context structure
*
@@ -61,6 +61,10 @@
}
mbedtls_arc4_context;
+#else /* MBEDTLS_ARC4_ALT */
+#include "arc4_alt.h"
+#endif /* MBEDTLS_ARC4_ALT */
+
/**
* \brief Initialize ARC4 context
*
@@ -118,18 +122,6 @@
int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
unsigned char *output );
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_ARC4_ALT */
-#include "arc4_alt.h"
-#endif /* MBEDTLS_ARC4_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief Checkup routine
*
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index fde328a..96c1c9a 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -88,6 +88,21 @@
#define MBEDTLS_ASN1_PRIMITIVE 0x00
#define MBEDTLS_ASN1_CONSTRUCTED 0x20
#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
+
+/*
+ * Bit masks for each of the components of an ASN.1 tag as specified in
+ * ITU X.690 (08/2015), section 8.1 "General rules for encoding",
+ * paragraph 8.1.2.2:
+ *
+ * Bit 8 7 6 5 1
+ * +-------+-----+------------+
+ * | Class | P/C | Tag number |
+ * +-------+-----+------------+
+ */
+#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0
+#define MBEDTLS_ASN1_TAG_PC_MASK 0x20
+#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
+
/* \} name */
/* \} addtogroup asn1_module */
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 3bf02a7..31383b1 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -204,6 +204,8 @@
/**
* \brief Enlarge to the specified number of limbs
*
+ * This function does nothing if the MPI is already large enough.
+ *
* \param X MPI to grow
* \param nblimbs The target number of limbs
*
@@ -215,19 +217,23 @@
/**
* \brief Resize down, keeping at least the specified number of limbs
*
+ * If \c X is smaller than \c nblimbs, it is resized up
+ * instead.
+ *
* \param X MPI to shrink
* \param nblimbs The minimum number of limbs to keep
*
* \return 0 if successful,
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * (this can only happen when resizing up).
*/
int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
/**
* \brief Copy the contents of Y into X
*
- * \param X Destination MPI
- * \param Y Source MPI
+ * \param X Destination MPI. It is enlarged if necessary.
+ * \param Y Source MPI.
*
* \return 0 if successful,
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h
index c0ef5a0..22479be 100644
--- a/include/mbedtls/blowfish.h
+++ b/include/mbedtls/blowfish.h
@@ -44,14 +44,14 @@
#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */
#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
-#if !defined(MBEDTLS_BLOWFISH_ALT)
-// Regular implementation
-//
-
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_BLOWFISH_ALT)
+// Regular implementation
+//
+
/**
* \brief Blowfish context structure
*/
@@ -62,6 +62,10 @@
}
mbedtls_blowfish_context;
+#else /* MBEDTLS_BLOWFISH_ALT */
+#include "blowfish_alt.h"
+#endif /* MBEDTLS_BLOWFISH_ALT */
+
/**
* \brief Initialize Blowfish context
*
@@ -198,8 +202,4 @@
}
#endif
-#else /* MBEDTLS_BLOWFISH_ALT */
-#include "blowfish_alt.h"
-#endif /* MBEDTLS_BLOWFISH_ALT */
-
#endif /* blowfish.h */
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index cf07629..f0466bf 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -40,14 +40,14 @@
#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
#define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */
-#if !defined(MBEDTLS_CAMELLIA_ALT)
-// Regular implementation
-//
-
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_CAMELLIA_ALT)
+// Regular implementation
+//
+
/**
* \brief CAMELLIA context structure
*/
@@ -58,6 +58,10 @@
}
mbedtls_camellia_context;
+#else /* MBEDTLS_CAMELLIA_ALT */
+#include "camellia_alt.h"
+#endif /* MBEDTLS_CAMELLIA_ALT */
+
/**
* \brief Initialize CAMELLIA context
*
@@ -211,18 +215,6 @@
unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_CTR */
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_CAMELLIA_ALT */
-#include "camellia_alt.h"
-#endif /* MBEDTLS_CAMELLIA_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief Checkup routine
*
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 630b7fd..8585ce5 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -1,8 +1,11 @@
/**
* \file ccm.h
*
- * \brief CCM combines Counter mode encryption with CBC-MAC authentication
- * for 128-bit block ciphers.
+ * \brief This file provides an API for the CCM authenticated encryption
+ * mode for block ciphers.
+ *
+ * CCM combines Counter mode encryption with CBC-MAC authentication
+ * for 128-bit block ciphers.
*
* Input to CCM includes the following elements:
* <ul><li>Payload - data that is both authenticated and encrypted.</li>
@@ -40,14 +43,15 @@
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */
-#if !defined(MBEDTLS_CCM_ALT)
-// Regular implementation
-//
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_CCM_ALT)
+// Regular implementation
+//
+
/**
* \brief The CCM context-type definition. The CCM context is passed
* to the APIs called.
@@ -57,6 +61,10 @@
}
mbedtls_ccm_context;
+#else /* MBEDTLS_CCM_ALT */
+#include "ccm_alt.h"
+#endif /* MBEDTLS_CCM_ALT */
+
/**
* \brief This function initializes the specified CCM context,
* to make references valid, and prepare the context
@@ -75,7 +83,8 @@
* \param key The encryption key.
* \param keybits The key size in bits. This must be acceptable by the cipher.
*
- * \return \c 0 on success, or a cipher-specific error code.
+ * \return \c 0 on success.
+ * \return A CCM or cipher-specific error code on failure.
*/
int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
mbedtls_cipher_id_t cipher,
@@ -93,6 +102,13 @@
/**
* \brief This function encrypts a buffer using CCM.
*
+ *
+ * \note The tag is written to a separate buffer. To concatenate
+ * the \p tag with the \p output, as done in <em>RFC-3610:
+ * Counter with CBC-MAC (CCM)</em>, use
+ * \p tag = \p output + \p length, and make sure that the
+ * output buffer is at least \p length + \p tag_len wide.
+ *
* \param ctx The CCM context to use for encryption.
* \param length The length of the input data in Bytes.
* \param iv Initialization vector (nonce).
@@ -107,13 +123,8 @@
* \param tag_len The length of the tag to generate in Bytes:
* 4, 6, 8, 10, 12, 14 or 16.
*
- * \note The tag is written to a separate buffer. To concatenate
- * the \p tag with the \p output, as done in <em>RFC-3610:
- * Counter with CBC-MAC (CCM)</em>, use
- * \p tag = \p output + \p length, and make sure that the
- * output buffer is at least \p length + \p tag_len wide.
- *
* \return \c 0 on success.
+ * \return A CCM or cipher-specific error code on failure.
*/
int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
@@ -139,8 +150,9 @@
* \param tag_len The length of the tag in Bytes.
* 4, 6, 8, 10, 12, 14 or 16.
*
- * \return 0 if successful and authenticated, or
- * #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
+ * \return \c 0 on success. This indicates that the message is authentic.
+ * \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
+ * \return A cipher-specific error code on calculation failure.
*/
int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
@@ -148,23 +160,13 @@
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len );
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_CCM_ALT */
-#include "ccm_alt.h"
-#endif /* MBEDTLS_CCM_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
/**
* \brief The CCM checkup routine.
*
- * \return \c 0 on success, or \c 1 on failure.
+ * \return \c 0 on success.
+ * \return \c 1 on failure.
*/
int mbedtls_ccm_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index d1f4efe..3ee2ab7 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -1,7 +1,9 @@
/**
* \file cipher.h
*
- * \brief The generic cipher wrapper.
+ * \brief This file contains an abstraction interface for use with the cipher
+ * primitives provided by the library. It provides a common interface to all of
+ * the available cipher operations.
*
* \author Adriaan de Jong <dejong@fox-it.com>
*/
@@ -69,93 +71,93 @@
#endif
/**
- * \brief An enumeration of supported ciphers.
+ * \brief Supported cipher types.
*
- * \warning ARC4 and DES are considered weak ciphers and their use
- * constitutes a security risk. We recommend considering stronger
+ * \warning RC4 and DES are considered weak ciphers and their use
+ * constitutes a security risk. Arm recommends considering stronger
* ciphers instead.
*/
typedef enum {
- MBEDTLS_CIPHER_ID_NONE = 0,
- MBEDTLS_CIPHER_ID_NULL,
- MBEDTLS_CIPHER_ID_AES,
- MBEDTLS_CIPHER_ID_DES,
- MBEDTLS_CIPHER_ID_3DES,
- MBEDTLS_CIPHER_ID_CAMELLIA,
- MBEDTLS_CIPHER_ID_BLOWFISH,
- MBEDTLS_CIPHER_ID_ARC4,
+ MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */
+ MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */
+ MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */
+ MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */
+ MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */
+ MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
+ MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */
+ MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */
} mbedtls_cipher_id_t;
/**
- * \brief An enumeration of supported (cipher, mode) pairs.
+ * \brief Supported {cipher type, cipher mode} pairs.
*
- * \warning ARC4 and DES are considered weak ciphers and their use
- * constitutes a security risk. We recommend considering stronger
+ * \warning RC4 and DES are considered weak ciphers and their use
+ * constitutes a security risk. Arm recommends considering stronger
* ciphers instead.
*/
typedef enum {
- MBEDTLS_CIPHER_NONE = 0,
- MBEDTLS_CIPHER_NULL,
- MBEDTLS_CIPHER_AES_128_ECB,
- MBEDTLS_CIPHER_AES_192_ECB,
- MBEDTLS_CIPHER_AES_256_ECB,
- MBEDTLS_CIPHER_AES_128_CBC,
- MBEDTLS_CIPHER_AES_192_CBC,
- MBEDTLS_CIPHER_AES_256_CBC,
- MBEDTLS_CIPHER_AES_128_CFB128,
- MBEDTLS_CIPHER_AES_192_CFB128,
- MBEDTLS_CIPHER_AES_256_CFB128,
- MBEDTLS_CIPHER_AES_128_CTR,
- MBEDTLS_CIPHER_AES_192_CTR,
- MBEDTLS_CIPHER_AES_256_CTR,
- MBEDTLS_CIPHER_AES_128_GCM,
- MBEDTLS_CIPHER_AES_192_GCM,
- MBEDTLS_CIPHER_AES_256_GCM,
- MBEDTLS_CIPHER_CAMELLIA_128_ECB,
- MBEDTLS_CIPHER_CAMELLIA_192_ECB,
- MBEDTLS_CIPHER_CAMELLIA_256_ECB,
- MBEDTLS_CIPHER_CAMELLIA_128_CBC,
- MBEDTLS_CIPHER_CAMELLIA_192_CBC,
- MBEDTLS_CIPHER_CAMELLIA_256_CBC,
- MBEDTLS_CIPHER_CAMELLIA_128_CFB128,
- MBEDTLS_CIPHER_CAMELLIA_192_CFB128,
- MBEDTLS_CIPHER_CAMELLIA_256_CFB128,
- MBEDTLS_CIPHER_CAMELLIA_128_CTR,
- MBEDTLS_CIPHER_CAMELLIA_192_CTR,
- MBEDTLS_CIPHER_CAMELLIA_256_CTR,
- MBEDTLS_CIPHER_CAMELLIA_128_GCM,
- MBEDTLS_CIPHER_CAMELLIA_192_GCM,
- MBEDTLS_CIPHER_CAMELLIA_256_GCM,
- MBEDTLS_CIPHER_DES_ECB,
- MBEDTLS_CIPHER_DES_CBC,
- MBEDTLS_CIPHER_DES_EDE_ECB,
- MBEDTLS_CIPHER_DES_EDE_CBC,
- MBEDTLS_CIPHER_DES_EDE3_ECB,
- MBEDTLS_CIPHER_DES_EDE3_CBC,
- MBEDTLS_CIPHER_BLOWFISH_ECB,
- MBEDTLS_CIPHER_BLOWFISH_CBC,
- MBEDTLS_CIPHER_BLOWFISH_CFB64,
- MBEDTLS_CIPHER_BLOWFISH_CTR,
- MBEDTLS_CIPHER_ARC4_128,
- MBEDTLS_CIPHER_AES_128_CCM,
- MBEDTLS_CIPHER_AES_192_CCM,
- MBEDTLS_CIPHER_AES_256_CCM,
- MBEDTLS_CIPHER_CAMELLIA_128_CCM,
- MBEDTLS_CIPHER_CAMELLIA_192_CCM,
- MBEDTLS_CIPHER_CAMELLIA_256_CCM,
+ MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */
+ MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */
+ MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */
+ MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */
+ MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */
+ MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */
+ MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */
+ MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */
+ MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */
+ MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */
+ MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */
+ MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */
+ MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */
+ MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */
+ MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */
+ MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */
+ MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */
+ MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode. */
+ MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode. */
+ MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode. */
+ MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode. */
+ MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode. */
+ MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode. */
+ MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128 mode. */
+ MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128 mode. */
+ MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128 mode. */
+ MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode. */
+ MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode. */
+ MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode. */
+ MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */
+ MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */
+ MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */
+ MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */
+ MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */
+ MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */
+ MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
+ MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
+ MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
+ MBEDTLS_CIPHER_BLOWFISH_ECB, /**< Blowfish cipher with ECB mode. */
+ MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */
+ MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */
+ MBEDTLS_CIPHER_BLOWFISH_CTR, /**< Blowfish cipher with CTR mode. */
+ MBEDTLS_CIPHER_ARC4_128, /**< RC4 cipher with 128-bit mode. */
+ MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
+ MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
+ MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
+ MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */
+ MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */
+ MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */
} mbedtls_cipher_type_t;
/** Supported cipher modes. */
typedef enum {
- MBEDTLS_MODE_NONE = 0,
- MBEDTLS_MODE_ECB,
- MBEDTLS_MODE_CBC,
- MBEDTLS_MODE_CFB,
- MBEDTLS_MODE_OFB, /* Unused! */
- MBEDTLS_MODE_CTR,
- MBEDTLS_MODE_GCM,
- MBEDTLS_MODE_STREAM,
- MBEDTLS_MODE_CCM,
+ MBEDTLS_MODE_NONE = 0, /**< None. */
+ MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */
+ MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */
+ MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */
+ MBEDTLS_MODE_OFB, /**< The OFB cipher mode - unsupported. */
+ MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */
+ MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
+ MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
+ MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
} mbedtls_cipher_mode_t;
/** Supported cipher padding types. */
@@ -163,8 +165,8 @@
MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */
MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */
MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */
- MBEDTLS_PADDING_ZEROS, /**< zero padding (not reversible). */
- MBEDTLS_PADDING_NONE, /**< never pad (full blocks only). */
+ MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */
+ MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */
} mbedtls_cipher_padding_t;
/** Type of operation. */
@@ -228,7 +230,10 @@
*/
unsigned int iv_size;
- /** Flags to set. For example, if the cipher supports variable IV sizes or variable key sizes. */
+ /** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
+ * MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
+ * cipher supports variable IV or variable key sizes, respectively.
+ */
int flags;
/** The block size, in Bytes. */
@@ -299,7 +304,8 @@
* \param cipher_name Name of the cipher to search for.
*
* \return The cipher information structure associated with the
- * given \p cipher_name, or NULL if not found.
+ * given \p cipher_name.
+ * \return NULL if the associated cipher information is not found.
*/
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
@@ -310,7 +316,8 @@
* \param cipher_type Type of the cipher to search for.
*
* \return The cipher information structure associated with the
- * given \p cipher_type, or NULL if not found.
+ * given \p cipher_type.
+ * \return NULL if the associated cipher information is not found.
*/
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
@@ -325,7 +332,8 @@
* \param mode The cipher mode. For example, #MBEDTLS_MODE_CBC.
*
* \return The cipher information structure associated with the
- * given \p cipher_id, or NULL if not found.
+ * given \p cipher_id.
+ * \return NULL if the associated cipher information is not found.
*/
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
int key_bitlen,
@@ -352,10 +360,11 @@
* \param ctx The context to initialize. May not be NULL.
* \param cipher_info The cipher to use.
*
- * \return \c 0 on success,
- * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure,
- * #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
- * cipher-specific context failed.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+ * parameter-verification failure.
+ * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
+ * cipher-specific context fails.
*
* \internal Currently, the function also clears the structure.
* In future versions, the caller will be required to call
@@ -368,8 +377,8 @@
*
* \param ctx The context of the cipher. Must be initialized.
*
- * \return The size of the blocks of the cipher, or zero if \p ctx
- * has not been initialized.
+ * \return The size of the blocks of the cipher.
+ * \return 0 if \p ctx has not been initialized.
*/
static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx )
{
@@ -385,8 +394,8 @@
*
* \param ctx The context of the cipher. Must be initialized.
*
- * \return The mode of operation, or #MBEDTLS_MODE_NONE if
- * \p ctx has not been initialized.
+ * \return The mode of operation.
+ * \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
*/
static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx )
{
@@ -402,9 +411,9 @@
*
* \param ctx The context of the cipher. Must be initialized.
*
- * \return <ul><li>If no IV has been set: the recommended IV size.
- * 0 for ciphers not using IV or nonce.</li>
- * <li>If IV has already been set: the actual size.</li></ul>
+ * \return The recommended IV size if no IV has been set.
+ * \return \c 0 for ciphers not using an IV or a nonce.
+ * \return The actual size if an IV has been set.
*/
static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx )
{
@@ -422,8 +431,8 @@
*
* \param ctx The context of the cipher. Must be initialized.
*
- * \return The type of the cipher, or #MBEDTLS_CIPHER_NONE if
- * \p ctx has not been initialized.
+ * \return The type of the cipher.
+ * \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
*/
static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx )
{
@@ -439,8 +448,8 @@
*
* \param ctx The context of the cipher. Must be initialized.
*
- * \return The name of the cipher, or NULL if \p ctx has not
- * been not initialized.
+ * \return The name of the cipher.
+ * \return NULL if \p ctx has not been not initialized.
*/
static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx )
{
@@ -455,8 +464,8 @@
*
* \param ctx The context of the cipher. Must be initialized.
*
- * \return The key length of the cipher in bits, or
- * #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
+ * \return The key length of the cipher in bits.
+ * \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
* initialized.
*/
static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx )
@@ -472,9 +481,8 @@
*
* \param ctx The context of the cipher. Must be initialized.
*
- * \return The type of operation: #MBEDTLS_ENCRYPT or
- * #MBEDTLS_DECRYPT, or #MBEDTLS_OPERATION_NONE if \p ctx
- * has not been initialized.
+ * \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
+ * \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
*/
static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx )
{
@@ -495,9 +503,10 @@
* \param operation The operation that the key will be used for:
* #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
*
- * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
- * parameter verification fails, or a cipher-specific
- * error code.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+ * parameter-verification failure.
+ * \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
int key_bitlen, const mbedtls_operation_t operation );
@@ -512,9 +521,10 @@
* \param ctx The generic cipher context.
* \param mode The padding mode.
*
- * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
- * if the selected padding mode is not supported, or
- * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+ * if the selected padding mode is not supported.
+ * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
* does not support padding.
*/
int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode );
@@ -524,15 +534,17 @@
* \brief This function sets the initialization vector (IV)
* or nonce.
*
+ * \note Some ciphers do not use IVs nor nonce. For these
+ * ciphers, this function has no effect.
+ *
* \param ctx The generic cipher context.
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
* \param iv_len The IV length for ciphers with variable-size IV.
* This parameter is discarded by ciphers with fixed-size IV.
*
- * \returns \c 0 on success, or #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
- *
- * \note Some ciphers do not use IVs nor nonce. For these
- * ciphers, this function has no effect.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+ * parameter-verification failure.
*/
int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len );
@@ -542,8 +554,9 @@
*
* \param ctx The generic cipher context.
*
- * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
- * if parameter verification fails.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+ * parameter-verification failure.
*/
int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
@@ -557,7 +570,8 @@
* \param ad The additional data to use.
* \param ad_len the Length of \p ad.
*
- * \return \c 0 on success, or a specific error code on failure.
+ * \return \c 0 on success.
+ * \return A specific error code on failure.
*/
int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len );
@@ -573,6 +587,11 @@
* Exception: For MBEDTLS_MODE_ECB, expects a single block
* in size. For example, 16 Bytes for AES.
*
+ * \note If the underlying cipher is used in GCM mode, all calls
+ * to this function, except for the last one before
+ * mbedtls_cipher_finish(), must have \p ilen as a
+ * multiple of the block size of the cipher.
+ *
* \param ctx The generic cipher context.
* \param input The buffer holding the input data.
* \param ilen The length of the input data.
@@ -582,16 +601,12 @@
* \param olen The length of the output data, to be updated with the
* actual number of Bytes written.
*
- * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
- * parameter verification fails,
- * #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
- * unsupported mode for a cipher, or a cipher-specific
- * error code.
- *
- * \note If the underlying cipher is GCM, all calls to this
- * function, except the last one before
- * mbedtls_cipher_finish(). Must have \p ilen as a
- * multiple of the block_size.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+ * parameter-verification failure.
+ * \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
+ * unsupported mode for a cipher.
+ * \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
size_t ilen, unsigned char *output, size_t *olen );
@@ -606,13 +621,14 @@
* \param output The buffer to write data to. Needs block_size available.
* \param olen The length of the data written to the \p output buffer.
*
- * \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
- * parameter verification fails,
- * #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
- * expected a full block but was not provided one,
- * #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
- * while decrypting, or a cipher-specific error code
- * on failure for any other reason.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+ * parameter-verification failure.
+ * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
+ * expecting a full block but not receiving one.
+ * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+ * while decrypting.
+ * \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
unsigned char *output, size_t *olen );
@@ -627,7 +643,8 @@
* \param tag The buffer to write the tag to.
* \param tag_len The length of the tag to write.
*
- * \return \c 0 on success, or a specific error code on failure.
+ * \return \c 0 on success.
+ * \return A specific error code on failure.
*/
int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
unsigned char *tag, size_t tag_len );
@@ -641,7 +658,8 @@
* \param tag The buffer holding the tag.
* \param tag_len The length of the tag to check.
*
- * \return \c 0 on success, or a specific error code on failure.
+ * \return \c 0 on success.
+ * \return A specific error code on failure.
*/
int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
const unsigned char *tag, size_t tag_len );
@@ -667,13 +685,14 @@
* \note Some ciphers do not use IVs nor nonce. For these
* ciphers, use \p iv = NULL and \p iv_len = 0.
*
- * \returns \c 0 on success, or
- * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
- * #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
- * expected a full block but was not provided one, or
- * #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
- * while decrypting, or a cipher-specific error code on
- * failure for any other reason.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+ * parameter-verification failure.
+ * \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
+ * expecting a full block but not receiving one.
+ * \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+ * while decrypting.
+ * \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
@@ -699,9 +718,10 @@
* \param tag The buffer for the authentication tag.
* \param tag_len The desired length of the authentication tag.
*
- * \returns \c 0 on success, or
- * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
- * a cipher-specific error code.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+ * parameter-verification failure.
+ * \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
@@ -713,6 +733,10 @@
/**
* \brief The generic autenticated decryption (AEAD) function.
*
+ * \note If the data is not authentic, then the output buffer
+ * is zeroed out to prevent the unauthentic plaintext being
+ * used, making this interface safer.
+ *
* \param ctx The generic cipher context.
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
* \param iv_len The IV length for ciphers with variable-size IV.
@@ -728,14 +752,11 @@
* \param tag The buffer holding the authentication tag.
* \param tag_len The length of the authentication tag.
*
- * \returns \c 0 on success, or
- * #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
- * #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic,
- * or a cipher-specific error code on failure for any other reason.
- *
- * \note If the data is not authentic, then the output buffer
- * is zeroed out to prevent the unauthentic plaintext being
- * used, making this interface safer.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+ * parameter-verification failure.
+ * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
+ * \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 628c9da..913c05f 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -1,8 +1,10 @@
/**
* \file cmac.h
*
- * \brief The Cipher-based Message Authentication Code (CMAC) Mode for
- * Authentication.
+ * \brief This file contains CMAC definitions and functions.
+ *
+ * The Cipher-based Message Authentication Code (CMAC) Mode for
+ * Authentication is defined in <em>RFC-4493: The AES-CMAC Algorithm</em>.
*/
/*
* Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved
@@ -38,9 +40,9 @@
#define MBEDTLS_DES3_BLOCK_SIZE 8
#if defined(MBEDTLS_AES_C)
-#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /* The longest block used by CMAC is that of AES. */
+#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */
#else
-#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /* The longest block used by CMAC is that of 3DES. */
+#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */
#endif
#if !defined(MBEDTLS_CMAC_ALT)
@@ -61,22 +63,25 @@
size_t unprocessed_len;
};
+#else /* !MBEDTLS_CMAC_ALT */
+#include "cmac_alt.h"
+#endif /* !MBEDTLS_CMAC_ALT */
+
/**
* \brief This function sets the CMAC key, and prepares to authenticate
* the input data.
* Must be called with an initialized cipher context.
*
* \param ctx The cipher context used for the CMAC operation, initialized
- * as one of the following types:<ul>
- * <li>MBEDTLS_CIPHER_AES_128_ECB</li>
- * <li>MBEDTLS_CIPHER_AES_192_ECB</li>
- * <li>MBEDTLS_CIPHER_AES_256_ECB</li>
- * <li>MBEDTLS_CIPHER_DES_EDE3_ECB</li></ul>
+ * as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
+ * MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
+ * or MBEDTLS_CIPHER_DES_EDE3_ECB.
* \param key The CMAC key.
* \param keybits The length of the CMAC key in bits.
* Must be supported by the cipher.
*
- * \return \c 0 on success, or a cipher-specific error code.
+ * \return \c 0 on success.
+ * \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
const unsigned char *key, size_t keybits );
@@ -93,8 +98,9 @@
* \param input The buffer holding the input data.
* \param ilen The length of the input data.
*
- * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA
- * if parameter verification fails.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+ * if parameter verification fails.
*/
int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
const unsigned char *input, size_t ilen );
@@ -110,7 +116,8 @@
* \param ctx The cipher context used for the CMAC operation.
* \param output The output buffer for the CMAC checksum result.
*
- * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
@@ -126,7 +133,8 @@
*
* \param ctx The cipher context used for the CMAC operation.
*
- * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
@@ -149,7 +157,8 @@
* \param ilen The length of the input data.
* \param output The buffer for the generic CMAC result.
*
- * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA
* if parameter verification fails.
*/
int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
@@ -180,23 +189,12 @@
unsigned char output[16] );
#endif /* MBEDTLS_AES_C */
-#ifdef __cplusplus
-}
-#endif
-
-#else /* !MBEDTLS_CMAC_ALT */
-#include "cmac_alt.h"
-#endif /* !MBEDTLS_CMAC_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
/**
* \brief The CMAC checkup routine.
*
- * \return \c 0 on success, or \c 1 on failure.
+ * \return \c 0 on success.
+ * \return \c 1 on failure.
*/
int mbedtls_cmac_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 1c98558..7c9acb2 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -440,13 +440,46 @@
/**
* \def MBEDTLS_AES_ROM_TABLES
*
- * Store the AES tables in ROM.
+ * Use precomputed AES tables stored in ROM.
*
- * Uncomment this macro to store the AES tables in ROM.
+ * Uncomment this macro to use precomputed AES tables stored in ROM.
+ * Comment this macro to generate AES tables in RAM at runtime.
+ *
+ * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
+ * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
+ * initialization time before the first AES operation can be performed.
+ * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
+ * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
+ * performance if ROM access is slower than RAM access.
+ *
+ * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
+ *
*/
//#define MBEDTLS_AES_ROM_TABLES
/**
+ * \def MBEDTLS_AES_FEWER_TABLES
+ *
+ * Use less ROM/RAM for AES tables.
+ *
+ * Uncommenting this macro omits 75% of the AES tables from
+ * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
+ * by computing their values on the fly during operations
+ * (the tables are entry-wise rotations of one another).
+ *
+ * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
+ * by ~6kb but at the cost of more arithmetic operations during
+ * runtime. Specifically, one has to compare 4 accesses within
+ * different tables to 4 accesses with additional arithmetic
+ * operations within the same table. The performance gain/loss
+ * depends on the system and memory details.
+ *
+ * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
+ *
+ */
+//#define MBEDTLS_AES_FEWER_TABLES
+
+/**
* \def MBEDTLS_CAMELLIA_SMALL_MEMORY
*
* Use less ROM for the Camellia implementation (saves about 768 bytes).
@@ -576,6 +609,7 @@
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#define MBEDTLS_ECP_DP_CURVE448_ENABLED
/**
* \def MBEDTLS_ECP_NIST_OPTIM
@@ -1049,7 +1083,8 @@
/**
* \def MBEDTLS_RSA_NO_CRT
*
- * Do not use the Chinese Remainder Theorem for the RSA private operation.
+ * Do not use the Chinese Remainder Theorem
+ * for the RSA private operation.
*
* Uncomment this macro to disable the use of CRT in RSA.
*
@@ -1541,6 +1576,9 @@
*
* \note Currently compression can't be used with DTLS.
*
+ * \deprecated This feature is deprecated and will be removed
+ * in the next major revision of the library.
+ *
* Used in: library/ssl_tls.c
* library/ssl_cli.c
* library/ssl_srv.c
@@ -2814,6 +2852,26 @@
*/
#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
+/**
+ * Uncomment the macro to let mbed TLS use your alternate implementation of
+ * mbedtls_platform_zeroize(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * mbedtls_platform_zeroize() is a widely used function across the library to
+ * zero a block of memory. The implementation is expected to be secure in the
+ * sense that it has been written to prevent the compiler from removing calls
+ * to mbedtls_platform_zeroize() as part of redundant code elimination
+ * optimizations. However, it is difficult to guarantee that calls to
+ * mbedtls_platform_zeroize() will not be optimized by the compiler as older
+ * versions of the C language standards do not provide a secure implementation
+ * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
+ * configure their own implementation of mbedtls_platform_zeroize(), for
+ * example by using directives specific to their compiler, features from newer
+ * C standards (e.g using memset_s() in C11) or calling a secure memset() from
+ * their system (e.g explicit_bzero() in BSD).
+ */
+//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
+
/* \} name SECTION: Customisation configuration options */
/* Target and application specific configurations */
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index 121575a..dcbc047 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -1,10 +1,15 @@
/**
* \file ctr_drbg.h
*
- * \brief CTR_DRBG is based on AES-256, as defined in <em>NIST SP 800-90A:
- * Recommendation for Random Number Generation Using Deterministic
- * Random Bit Generators</em>.
+ * \brief This file contains CTR_DRBG definitions and functions.
*
+ * CTR_DRBG is a standardized way of building a PRNG from a block-cipher
+ * in counter mode operation, as defined in <em>NIST SP 800-90A:
+ * Recommendation for Random Number Generation Using Deterministic Random
+ * Bit Generators</em>.
+ *
+ * The Mbed TLS implementation of CTR_DRBG uses AES-256 as the underlying
+ * block cipher.
*/
/*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
@@ -156,8 +161,8 @@
identifiers. Can be NULL.
* \param len The length of the personalization data.
*
- * \return \c 0 on success, or
- * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
*/
int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
int (*f_entropy)(void *, unsigned char *, size_t),
@@ -216,22 +221,24 @@
* \param additional Additional data to add to the state. Can be NULL.
* \param len The length of the additional data.
*
- * \return \c 0 on success, or
- * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
*/
int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional, size_t len );
/**
- * \brief This function updates the state of the CTR_DRBG context.
+ * \brief This function updates the state of the CTR_DRBG context.
*
- * \param ctx The CTR_DRBG context.
- * \param additional The data to update the state with.
- * \param add_len Length of \p additional data.
+ * \note If \p add_len is greater than
+ * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first
+ * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
+ * The remaining Bytes are silently discarded.
*
- * \note If \p add_len is greater than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT,
- * only the first #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
- * The remaining Bytes are silently discarded.
+ * \param ctx The CTR_DRBG context.
+ * \param additional The data to update the state with.
+ * \param add_len Length of \p additional data.
+ *
*/
void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional, size_t add_len );
@@ -249,8 +256,8 @@
* \param additional Additional data to update. Can be NULL.
* \param add_len The length of the additional data.
*
- * \return \c 0 on success, or
- * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
*/
int mbedtls_ctr_drbg_random_with_add( void *p_rng,
@@ -267,8 +274,8 @@
* \param output The buffer to fill.
* \param output_len The length of the buffer.
*
- * \return \c 0 on success, or
- * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
* #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
*/
int mbedtls_ctr_drbg_random( void *p_rng,
@@ -281,9 +288,9 @@
* \param ctx The CTR_DRBG context.
* \param path The name of the file.
*
- * \return \c 0 on success,
- * #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or
- * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
+ * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
* failure.
*/
int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
@@ -295,9 +302,9 @@
* \param ctx The CTR_DRBG context.
* \param path The name of the file.
*
- * \return \c 0 on success,
- * #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error,
- * #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
+ * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
* #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG on failure.
*/
int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
@@ -306,7 +313,8 @@
/**
* \brief The CTR_DRBG checkup routine.
*
- * \return \c 0 on success, or \c 1 on failure.
+ * \return \c 0 on success.
+ * \return \c 1 on failure.
*/
int mbedtls_ctr_drbg_self_test( int verbose );
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 5a1a636..6eb7d03 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -46,14 +46,14 @@
#define MBEDTLS_DES_KEY_SIZE 8
-#if !defined(MBEDTLS_DES_ALT)
-// Regular implementation
-//
-
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_DES_ALT)
+// Regular implementation
+//
+
/**
* \brief DES context structure
*
@@ -76,6 +76,10 @@
}
mbedtls_des3_context;
+#else /* MBEDTLS_DES_ALT */
+#include "des_alt.h"
+#endif /* MBEDTLS_DES_ALT */
+
/**
* \brief Initialize DES context
*
@@ -331,17 +335,6 @@
*/
void mbedtls_des_setkey( uint32_t SK[32],
const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_DES_ALT */
-#include "des_alt.h"
-#endif /* MBEDTLS_DES_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
/**
* \brief Checkup routine
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index 00fafd8..f848e22 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -1,7 +1,13 @@
/**
* \file dhm.h
*
- * \brief Diffie-Hellman-Merkle key exchange.
+ * \brief This file contains Diffie-Hellman-Merkle (DHM) key exchange
+ * definitions and functions.
+ *
+ * Diffie-Hellman-Merkle (DHM) key exchange is defined in
+ * <em>RFC-2631: Diffie-Hellman Key Agreement Method</em> and
+ * <em>Public-Key Cryptography Standards (PKCS) #3: Diffie
+ * Hellman Key Agreement Standard</em>.
*
* <em>RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for
* Internet Key Exchange (IKE)</em> defines a number of standardized
@@ -65,7 +71,6 @@
#include MBEDTLS_CONFIG_FILE
#endif
#include "bignum.h"
-#if !defined(MBEDTLS_DHM_ALT)
/*
* DHM Error codes
@@ -86,6 +91,8 @@
extern "C" {
#endif
+#if !defined(MBEDTLS_DHM_ALT)
+
/**
* \brief The DHM context structure.
*/
@@ -105,6 +112,10 @@
}
mbedtls_dhm_context;
+#else /* MBEDTLS_DHM_ALT */
+#include "dhm_alt.h"
+#endif /* MBEDTLS_DHM_ALT */
+
/**
* \brief This function initializes the DHM context.
*
@@ -125,8 +136,8 @@
* failures.
* \param end The end of the input buffer.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
- * on failure.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
unsigned char **p,
@@ -136,13 +147,6 @@
* \brief This function sets up and writes the ServerKeyExchange
* parameters.
*
- * \param ctx The DHM context.
- * \param x_size The private value size in Bytes.
- * \param olen The number of characters written.
- * \param output The destination buffer.
- * \param f_rng The RNG function.
- * \param p_rng The RNG parameter.
- *
* \note The destination buffer must be large enough to hold
* the reduced binary presentation of the modulus, the generator
* and the public key, each wrapped with a 2-byte length field.
@@ -155,8 +159,15 @@
* mbedtls_dhm_set_group() below in conjunction with
* mbedtls_mpi_read_binary() and mbedtls_mpi_read_string().
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
- * on failure.
+ * \param ctx The DHM context.
+ * \param x_size The private key size in Bytes.
+ * \param olen The number of characters written.
+ * \param output The destination buffer.
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
unsigned char *output, size_t *olen,
@@ -164,54 +175,54 @@
void *p_rng );
/**
- * \brief Set prime modulus and generator
+ * \brief This function sets the prime modulus and generator.
+ *
+ * \note This function can be used to set \p P, \p G
+ * in preparation for mbedtls_dhm_make_params().
*
* \param ctx The DHM context.
- * \param P The MPI holding DHM prime modulus.
- * \param G The MPI holding DHM generator.
+ * \param P The MPI holding the DHM prime modulus.
+ * \param G The MPI holding the DHM generator.
*
- * \note This function can be used to set P, G
- * in preparation for \c mbedtls_dhm_make_params.
- *
- * \return \c 0 if successful, or an \c MBEDTLS_ERR_DHM_XXX error code
- * on failure.
+ * \return \c 0 if successful.
+ * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
const mbedtls_mpi *P,
const mbedtls_mpi *G );
/**
- * \brief This function imports the public value G^Y of the peer.
+ * \brief This function imports the public value of the peer, G^Y.
*
* \param ctx The DHM context.
- * \param input The input buffer.
+ * \param input The input buffer containing the G^Y value of the peer.
* \param ilen The size of the input buffer.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
- * on failure.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
const unsigned char *input, size_t ilen );
/**
- * \brief This function creates its own private value \c X and
+ * \brief This function creates its own private key, \c X, and
* exports \c G^X.
*
+ * \note The destination buffer is always fully written
+ * so as to contain a big-endian representation of G^X mod P.
+ * If it is larger than ctx->len, it is padded accordingly
+ * with zero-bytes at the beginning.
+ *
* \param ctx The DHM context.
- * \param x_size The private value size in Bytes.
+ * \param x_size The private key size in Bytes.
* \param output The destination buffer.
* \param olen The length of the destination buffer. Must be at least
- equal to ctx->len (the size of \c P).
+ * equal to ctx->len (the size of \c P).
* \param f_rng The RNG function.
- * \param p_rng The RNG parameter.
+ * \param p_rng The RNG context.
*
- * \note The destination buffer will always be fully written
- * so as to contain a big-endian presentation of G^X mod P.
- * If it is larger than ctx->len, it will accordingly be
- * padded with zero-bytes in the beginning.
- *
- * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
- * on failure.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
unsigned char *output, size_t olen,
@@ -222,22 +233,22 @@
* \brief This function derives and exports the shared secret
* \c (G^Y)^X mod \c P.
*
+ * \note If \p f_rng is not NULL, it is used to blind the input as
+ * a countermeasure against timing attacks. Blinding is used
+ * only if our private key \c X is re-used, and not used
+ * otherwise. We recommend always passing a non-NULL
+ * \p f_rng argument.
+ *
* \param ctx The DHM context.
* \param output The destination buffer.
* \param output_size The size of the destination buffer. Must be at least
- * the size of ctx->len.
+ * the size of ctx->len (the size of \c P).
* \param olen On exit, holds the actual number of Bytes written.
* \param f_rng The RNG function, for blinding purposes.
- * \param p_rng The RNG parameter.
+ * \param p_rng The RNG context.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
- * on failure.
- *
- * \note If non-NULL, \p f_rng is used to blind the input as
- * a countermeasure against timing attacks. Blinding is used
- * only if our secret value \p X is re-used and omitted
- * otherwise. Therefore, we recommend always passing a
- * non-NULL \p f_rng argument.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
*/
int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
unsigned char *output, size_t output_size, size_t *olen,
@@ -245,7 +256,7 @@
void *p_rng );
/**
- * \brief This function frees and clears the components of a DHM key.
+ * \brief This function frees and clears the components of a DHM context.
*
* \param ctx The DHM context to free and clear.
*/
@@ -261,8 +272,9 @@
* \param dhminlen The size of the buffer, including the terminating null
* Byte for PEM data.
*
- * \return \c 0 on success, or a specific DHM or PEM error code
- * on failure.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code
+ * error code on failure.
*/
int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
size_t dhminlen );
@@ -275,29 +287,19 @@
* \param dhm The DHM context to load the parameters to.
* \param path The filename to read the DHM parameters from.
*
- * \return \c 0 on success, or a specific DHM or PEM error code
- * on failure.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code
+ * error code on failure.
*/
int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
#endif /* MBEDTLS_FS_IO */
#endif /* MBEDTLS_ASN1_PARSE_C */
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_DHM_ALT */
-#include "dhm_alt.h"
-#endif /* MBEDTLS_DHM_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief The DMH checkup routine.
*
- * \return \c 0 on success, or \c 1 on failure.
+ * \return \c 0 on success.
+ * \return \c 1 on failure.
*/
int mbedtls_dhm_self_test( int verbose );
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index 99cfde0..922f029 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -1,10 +1,11 @@
/**
* \file ecdh.h
*
- * \brief The Elliptic Curve Diffie-Hellman (ECDH) protocol APIs.
- *
- * ECDH is an anonymous key agreement protocol allowing two parties to
- * establish a shared secret over an insecure channel. Each party must have an
+ * \brief This file contains ECDH definitions and functions.
+ *
+ * The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous
+ * key agreement protocol allowing two parties to establish a shared
+ * secret over an insecure channel. Each party must have an
* elliptic-curve public–private key pair.
*
* For more information, see <em>NIST SP 800-56A Rev. 2: Recommendation for
@@ -40,14 +41,12 @@
#endif
/**
- * Defines the source of the imported EC key:
- * <ul><li>Our key.</li>
- * <li>The key of the peer.</li></ul>
+ * Defines the source of the imported EC key.
*/
typedef enum
{
- MBEDTLS_ECDH_OURS,
- MBEDTLS_ECDH_THEIRS,
+ MBEDTLS_ECDH_OURS, /**< Our key. */
+ MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
} mbedtls_ecdh_side;
/**
@@ -75,16 +74,18 @@
* implemented during the ECDH key exchange. The second core
* computation is performed by mbedtls_ecdh_compute_shared().
*
+ * \see ecp.h
+ *
* \param grp The ECP group.
* \param d The destination MPI (private key).
* \param Q The destination point (public key).
* \param f_rng The RNG function.
- * \param p_rng The RNG parameter.
+ * \param p_rng The RNG context.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX or
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX or
* \c MBEDTLS_MPI_XXX error code on failure.
*
- * \see ecp.h
*/
int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -97,21 +98,22 @@
* implemented during the ECDH key exchange. The first core
* computation is performed by mbedtls_ecdh_gen_public().
*
+ * \see ecp.h
+ *
+ * \note If \p f_rng is not NULL, it is used to implement
+ * countermeasures against side-channel attacks.
+ * For more information, see mbedtls_ecp_mul().
+ *
* \param grp The ECP group.
* \param z The destination MPI (shared secret).
* \param Q The public key from another party.
* \param d Our secret exponent (private key).
* \param f_rng The RNG function.
- * \param p_rng The RNG parameter.
+ * \param p_rng The RNG context.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX or
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX or
* \c MBEDTLS_MPI_XXX error code on failure.
- *
- * \see ecp.h
- *
- * \note If \p f_rng is not NULL, it is used to implement
- * countermeasures against potential elaborate timing
- * attacks. For more information, see mbedtls_ecp_mul().
*/
int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
@@ -139,21 +141,21 @@
* This is the first function used by a TLS server for ECDHE
* ciphersuites.
*
+ * \note This function assumes that the ECP group (grp) of the
+ * \p ctx context has already been properly set,
+ * for example, using mbedtls_ecp_group_load().
+ *
+ * \see ecp.h
+ *
* \param ctx The ECDH context.
* \param olen The number of characters written.
* \param buf The destination buffer.
* \param blen The length of the destination buffer.
* \param f_rng The RNG function.
- * \param p_rng The RNG parameter.
+ * \param p_rng The RNG context.
*
- * \note This function assumes that the ECP group (grp) of the
- * \p ctx context has already been properly set,
- * for example, using mbedtls_ecp_group_load().
- *
- * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
- * on failure.
- *
- * \see ecp.h
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
@@ -167,14 +169,15 @@
* This is the first function used by a TLS client for ECDHE
* ciphersuites.
*
+ * \see ecp.h
+ *
* \param ctx The ECDH context.
* \param buf The pointer to the start of the input buffer.
* \param end The address for one Byte past the end of the buffer.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
- * on failure.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
- * \see ecp.h
*/
int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
const unsigned char **buf, const unsigned char *end );
@@ -186,16 +189,16 @@
* ServerKeyEchange for static ECDH, and imports ECDH
* parameters from the EC key information of a certificate.
*
+ * \see ecp.h
+ *
* \param ctx The ECDH context to set up.
* \param key The EC key to use.
- * \param side Defines the source of the key:
- * <ul><li>1: Our key.</li>
- <li>0: The key of the peer.</li></ul>
+ * \param side Defines the source of the key: 1: Our key, or
+ * 0: The key of the peer.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
- * on failure.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*
- * \see ecp.h
*/
int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
mbedtls_ecdh_side side );
@@ -207,17 +210,17 @@
* This is the second function used by a TLS client for ECDH(E)
* ciphersuites.
*
+ * \see ecp.h
+ *
* \param ctx The ECDH context.
* \param olen The number of Bytes written.
* \param buf The destination buffer.
* \param blen The size of the destination buffer.
* \param f_rng The RNG function.
- * \param p_rng The RNG parameter.
+ * \param p_rng The RNG context.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
- * on failure.
- *
- * \see ecp.h
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
@@ -231,14 +234,14 @@
* This is the second function used by a TLS server for ECDH(E)
* ciphersuites.
*
+ * \see ecp.h
+ *
* \param ctx The ECDH context.
* \param buf The start of the input buffer.
* \param blen The length of the input buffer.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
- * on failure.
- *
- * \see ecp.h
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
const unsigned char *buf, size_t blen );
@@ -249,21 +252,21 @@
* This is the last function used by both TLS client
* and servers.
*
+ * \note If \p f_rng is not NULL, it is used to implement
+ * countermeasures against side-channel attacks.
+ * For more information, see mbedtls_ecp_mul().
+ *
+ * \see ecp.h
+ *
* \param ctx The ECDH context.
* \param olen The number of Bytes written.
* \param buf The destination buffer.
* \param blen The length of the destination buffer.
* \param f_rng The RNG function.
- * \param p_rng The RNG parameter.
+ * \param p_rng The RNG context.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
- * on failure.
- *
- * \see ecp.h
- *
- * \note If \p f_rng is not NULL, it is used to implement
- * countermeasures against potential elaborate timing
- * attacks. For more information, see mbedtls_ecp_mul().
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
unsigned char *buf, size_t blen,
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index aa23d67..ce1a03d 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -1,9 +1,10 @@
/**
* \file ecdsa.h
*
- * \brief The Elliptic Curve Digital Signature Algorithm (ECDSA).
+ * \brief This file contains ECDSA definitions and functions.
*
- * ECDSA is defined in <em>Standards for Efficient Cryptography Group (SECG):
+ * The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in
+ * <em>Standards for Efficient Cryptography Group (SECG):
* SEC1 Elliptic Curve Cryptography</em>.
* The use of ECDSA for TLS is defined in <em>RFC-4492: Elliptic Curve
* Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
@@ -69,6 +70,14 @@
*
* \note The deterministic version is usually preferred.
*
+ * \note If the bitlength of the message hash is larger than the
+ * bitlength of the group order, then the hash is truncated
+ * as defined in <em>Standards for Efficient Cryptography Group
+ * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+ * 4.1.3, step 5.
+ *
+ * \see ecp.h
+ *
* \param grp The ECP group.
* \param r The first output integer.
* \param s The second output integer.
@@ -76,18 +85,11 @@
* \param buf The message hash.
* \param blen The length of \p buf.
* \param f_rng The RNG function.
- * \param p_rng The RNG parameter.
+ * \param p_rng The RNG context.
*
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated
- * as defined in <em>Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- * 4.1.3, step 5.
- *
- * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX
* or \c MBEDTLS_MPI_XXX error code on failure.
- *
- * \see ecp.h
*/
int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
@@ -97,10 +99,19 @@
/**
* \brief This function computes the ECDSA signature of a
* previously-hashed message, deterministic version.
+ *
* For more information, see <em>RFC-6979: Deterministic
* Usage of the Digital Signature Algorithm (DSA) and Elliptic
* Curve Digital Signature Algorithm (ECDSA)</em>.
*
+ * \note If the bitlength of the message hash is larger than the
+ * bitlength of the group order, then the hash is truncated as
+ * defined in <em>Standards for Efficient Cryptography Group
+ * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+ * 4.1.3, step 5.
+ *
+ * \see ecp.h
+ *
* \param grp The ECP group.
* \param r The first output integer.
* \param s The second output integer.
@@ -109,17 +120,9 @@
* \param blen The length of \p buf.
* \param md_alg The MD algorithm used to hash the message.
*
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated as
- * defined in <em>Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- * 4.1.3, step 5.
- *
- * \return \c 0 on success,
- * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
* error code on failure.
- *
- * \see ecp.h
*/
int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
@@ -130,6 +133,14 @@
* \brief This function verifies the ECDSA signature of a
* previously-hashed message.
*
+ * \note If the bitlength of the message hash is larger than the
+ * bitlength of the group order, then the hash is truncated as
+ * defined in <em>Standards for Efficient Cryptography Group
+ * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+ * 4.1.4, step 3.
+ *
+ * \see ecp.h
+ *
* \param grp The ECP group.
* \param buf The message hash.
* \param blen The length of \p buf.
@@ -137,18 +148,11 @@
* \param r The first integer of the signature.
* \param s The second integer of the signature.
*
- * \note If the bitlength of the message hash is larger than the
- * bitlength of the group order, then the hash is truncated as
- * defined in <em>Standards for Efficient Cryptography Group
- * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- * 4.1.4, step 3.
- *
- * \return \c 0 on success,
- * #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
- * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature
+ * is invalid.
+ * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
* error code on failure for any other reason.
- *
- * \see ecp.h
*/
int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
const unsigned char *buf, size_t blen,
@@ -169,15 +173,6 @@
* of the Digital Signature Algorithm (DSA) and Elliptic
* Curve Digital Signature Algorithm (ECDSA)</em>.
*
- * \param ctx The ECDSA context.
- * \param md_alg The message digest that was used to hash the message.
- * \param hash The message hash.
- * \param hlen The length of the hash.
- * \param sig The buffer that holds the signature.
- * \param slen The length of the signature written.
- * \param f_rng The RNG function.
- * \param p_rng The RNG parameter.
- *
* \note The \p sig buffer must be at least twice as large as the
* size of the curve used, plus 9. For example, 73 Bytes if
* a 256-bit curve is used. A buffer length of
@@ -189,11 +184,20 @@
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
* 4.1.3, step 5.
*
- * \return \c 0 on success,
- * or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
- * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- *
* \see ecp.h
+ *
+ * \param ctx The ECDSA context.
+ * \param md_alg The message digest that was used to hash the message.
+ * \param hash The message hash.
+ * \param hlen The length of the hash.
+ * \param sig The buffer that holds the signature.
+ * \param slen The length of the signature written.
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
+ * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hlen,
@@ -209,26 +213,17 @@
#define MBEDTLS_DEPRECATED
#endif
/**
- * \brief This function computes an ECDSA signature and writes it to a buffer,
- * serialized as defined in <em>RFC-4492: Elliptic Curve Cryptography
- * (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
+ * \brief This function computes an ECDSA signature and writes
+ * it to a buffer, serialized as defined in <em>RFC-4492:
+ * Elliptic Curve Cryptography (ECC) Cipher Suites for
+ * Transport Layer Security (TLS)</em>.
*
- * The deterministic version is defined in <em>RFC-6979:
- * Deterministic Usage of the Digital Signature Algorithm (DSA) and
- * Elliptic Curve Digital Signature Algorithm (ECDSA)</em>.
+ * The deterministic version is defined in <em>RFC-6979:
+ * Deterministic Usage of the Digital Signature Algorithm (DSA)
+ * and Elliptic Curve Digital Signature Algorithm (ECDSA)</em>.
*
* \warning It is not thread-safe to use the same context in
* multiple threads.
-
- *
- * \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0
- *
- * \param ctx The ECDSA context.
- * \param hash The Message hash.
- * \param hlen The length of the hash.
- * \param sig The buffer that holds the signature.
- * \param slen The length of the signature written.
- * \param md_alg The MD algorithm used to hash the message.
*
* \note The \p sig buffer must be at least twice as large as the
* size of the curve used, plus 9. For example, 73 Bytes if a
@@ -241,11 +236,21 @@
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
* 4.1.3, step 5.
*
- * \return \c 0 on success,
- * or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
- * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- *
* \see ecp.h
+ *
+ * \deprecated Superseded by mbedtls_ecdsa_write_signature() in
+ * Mbed TLS version 2.0 and later.
+ *
+ * \param ctx The ECDSA context.
+ * \param hash The message hash.
+ * \param hlen The length of the hash.
+ * \param sig The buffer that holds the signature.
+ * \param slen The length of the signature written.
+ * \param md_alg The MD algorithm used to hash the message.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
+ * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*/
int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
const unsigned char *hash, size_t hlen,
@@ -258,26 +263,26 @@
/**
* \brief This function reads and verifies an ECDSA signature.
*
- * \param ctx The ECDSA context.
- * \param hash The message hash.
- * \param hlen The size of the hash.
- * \param sig The signature to read and verify.
- * \param slen The size of \p sig.
- *
* \note If the bitlength of the message hash is larger than the
* bitlength of the group order, then the hash is truncated as
* defined in <em>Standards for Efficient Cryptography Group
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
* 4.1.4, step 3.
*
- * \return \c 0 on success,
- * #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
- * #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is
- * valid but its actual length is less than \p siglen,
- * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
- * error code on failure for any other reason.
- *
* \see ecp.h
+ *
+ * \param ctx The ECDSA context.
+ * \param hash The message hash.
+ * \param hlen The size of the hash.
+ * \param sig The signature to read and verify.
+ * \param slen The size of \p sig.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
+ * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
+ * signature in \p sig, but its length is less than \p siglen.
+ * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
+ * error code on failure for any other reason.
*/
int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
const unsigned char *hash, size_t hlen,
@@ -286,16 +291,16 @@
/**
* \brief This function generates an ECDSA keypair on the given curve.
*
+ * \see ecp.h
+ *
* \param ctx The ECDSA context to store the keypair in.
* \param gid The elliptic curve to use. One of the various
* \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
* \param f_rng The RNG function.
- * \param p_rng The RNG parameter.
+ * \param p_rng The RNG context.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on
- * failure.
- *
- * \see ecp.h
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
*/
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
@@ -303,13 +308,13 @@
/**
* \brief This function sets an ECDSA context from an EC key pair.
*
+ * \see ecp.h
+ *
* \param ctx The ECDSA context to set.
* \param key The EC key to use.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on
- * failure.
- *
- * \see ecp.h
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
*/
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key );
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index d86e820..cc2b316 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -44,8 +44,6 @@
#include "ecp.h"
#include "md.h"
-#if !defined(MBEDTLS_ECJPAKE_ALT)
-
#ifdef __cplusplus
extern "C" {
#endif
@@ -58,6 +56,7 @@
MBEDTLS_ECJPAKE_SERVER, /**< Server */
} mbedtls_ecjpake_role;
+#if !defined(MBEDTLS_ECJPAKE_ALT)
/**
* EC J-PAKE context structure.
*
@@ -88,6 +87,10 @@
mbedtls_mpi s; /**< Pre-shared secret (passphrase) */
} mbedtls_ecjpake_context;
+#else /* MBEDTLS_ECJPAKE_ALT */
+#include "ecjpake_alt.h"
+#endif /* MBEDTLS_ECJPAKE_ALT */
+
/**
* \brief Initialize a context
* (just makes it ready for setup() or free()).
@@ -225,20 +228,10 @@
*/
void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
-#ifdef __cplusplus
-}
-#endif
-#else /* MBEDTLS_ECJPAKE_ALT */
-#include "ecjpake_alt.h"
-#endif /* MBEDTLS_ECJPAKE_ALT */
#if defined(MBEDTLS_SELF_TEST)
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief Checkup routine
*
@@ -246,10 +239,11 @@
*/
int mbedtls_ecjpake_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
#ifdef __cplusplus
}
#endif
-#endif /* MBEDTLS_SELF_TEST */
#endif /* ecjpake.h */
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index b00ba4d..3a40798 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -1,10 +1,21 @@
/**
* \file ecp.h
*
- * \brief Elliptic curves over GF(p)
+ * \brief This file provides an API for Elliptic Curves over GF(P) (ECP).
+ *
+ * The use of ECP in cryptography and TLS is defined in
+ * <em>Standards for Efficient Cryptography Group (SECG): SEC1
+ * Elliptic Curve Cryptography</em> and
+ * <em>RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites
+ * for Transport Layer Security (TLS)</em>.
+ *
+ * <em>RFC-2409: The Internet Key Exchange (IKE)</em> defines ECP
+ * group types.
+ *
*/
+
/*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -19,8 +30,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
+
#ifndef MBEDTLS_ECP_H
#define MBEDTLS_ECP_H
@@ -31,13 +43,81 @@
*/
#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */
#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< The buffer is too small to write to. */
-#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< Requested curve not available. */
+#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< The requested feature is not available, for example, the requested curve is not supported. */
#define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 /**< The signature is not valid. */
#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 /**< Memory allocation failed. */
-#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */
+#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as ephemeral key, failed. */
#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */
-#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */
-#define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< ECP hardware accelerator failed. */
+#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< The buffer contains a valid signature followed by more data. */
+#define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< The ECP hardware accelerator failed. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Domain-parameter identifiers: curve, subgroup, and generator.
+ *
+ * \note Only curves over prime fields are supported.
+ *
+ * \warning This library does not support validation of arbitrary domain
+ * parameters. Therefore, only standardized domain parameters from trusted
+ * sources should be used. See mbedtls_ecp_group_load().
+ */
+typedef enum
+{
+ MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */
+ MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */
+ MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */
+ MBEDTLS_ECP_DP_SECP256R1, /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */
+ MBEDTLS_ECP_DP_SECP384R1, /*!< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1. */
+ MBEDTLS_ECP_DP_SECP521R1, /*!< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1. */
+ MBEDTLS_ECP_DP_BP256R1, /*!< Domain parameters for 256-bit Brainpool curve. */
+ MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve. */
+ MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve. */
+ MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for Curve25519. */
+ MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz" curve. */
+ MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz" curve. */
+ MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz" curve. */
+ MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for Curve448. */
+} mbedtls_ecp_group_id;
+
+/**
+ * The number of supported curves, plus one for #MBEDTLS_ECP_DP_NONE.
+ *
+ * \note Montgomery curves are currently excluded.
+ */
+#define MBEDTLS_ECP_DP_MAX 12
+
+/**
+ * Curve information, for use by other modules.
+ */
+typedef struct
+{
+ mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */
+ uint16_t tls_id; /*!< The TLS NamedCurve identifier. */
+ uint16_t bit_size; /*!< The curve size in bits. */
+ const char *name; /*!< A human-friendly name. */
+} mbedtls_ecp_curve_info;
+
+/**
+ * \brief The ECP point structure, in Jacobian coordinates.
+ *
+ * \note All functions expect and return points satisfying
+ * the following condition: <code>Z == 0</code> or
+ * <code>Z == 1</code>. Other values of \p Z are
+ * used only by internal functions.
+ * The point is zero, or "at infinity", if <code>Z == 0</code>.
+ * Otherwise, \p X and \p Y are its standard (affine)
+ * coordinates.
+ */
+typedef struct
+{
+ mbedtls_mpi X; /*!< The X coordinate of the ECP point. */
+ mbedtls_mpi Y; /*!< The Y coordinate of the ECP point. */
+ mbedtls_mpi Z; /*!< The Z coordinate of the ECP point. */
+}
+mbedtls_ecp_point;
#if !defined(MBEDTLS_ECP_ALT)
/*
@@ -48,143 +128,72 @@
* one.)
*/
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
- * Domain parameters (curve, subgroup and generator) identifiers.
+ * \brief The ECP group structure.
*
- * Only curves over prime fields are supported.
+ * We consider two types of curve equations:
+ * <ul><li>Short Weierstrass: <code>y^2 = x^3 + A x + B mod P</code>
+ * (SEC1 + RFC-4492)</li>
+ * <li>Montgomery: <code>y^2 = x^3 + A x^2 + x mod P</code> (Curve25519,
+ * Curve448)</li></ul>
+ * In both cases, the generator (\p G) for a prime-order subgroup is fixed.
*
- * \warning This library does not support validation of arbitrary domain
- * parameters. Therefore, only well-known domain parameters from trusted
- * sources should be used. See mbedtls_ecp_group_load().
- */
-typedef enum
-{
- MBEDTLS_ECP_DP_NONE = 0,
- MBEDTLS_ECP_DP_SECP192R1, /*!< 192-bits NIST curve */
- MBEDTLS_ECP_DP_SECP224R1, /*!< 224-bits NIST curve */
- MBEDTLS_ECP_DP_SECP256R1, /*!< 256-bits NIST curve */
- MBEDTLS_ECP_DP_SECP384R1, /*!< 384-bits NIST curve */
- MBEDTLS_ECP_DP_SECP521R1, /*!< 521-bits NIST curve */
- MBEDTLS_ECP_DP_BP256R1, /*!< 256-bits Brainpool curve */
- MBEDTLS_ECP_DP_BP384R1, /*!< 384-bits Brainpool curve */
- MBEDTLS_ECP_DP_BP512R1, /*!< 512-bits Brainpool curve */
- MBEDTLS_ECP_DP_CURVE25519, /*!< Curve25519 */
- MBEDTLS_ECP_DP_SECP192K1, /*!< 192-bits "Koblitz" curve */
- MBEDTLS_ECP_DP_SECP224K1, /*!< 224-bits "Koblitz" curve */
- MBEDTLS_ECP_DP_SECP256K1, /*!< 256-bits "Koblitz" curve */
-} mbedtls_ecp_group_id;
-
-/**
- * Number of supported curves (plus one for NONE).
+ * For Short Weierstrass, this subgroup is the whole curve, and its
+ * cardinality is denoted by \p N. Our code requires that \p N is an
+ * odd prime as mbedtls_ecp_mul() requires an odd number, and
+ * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
*
- * (Montgomery curves excluded for now.)
- */
-#define MBEDTLS_ECP_DP_MAX 12
-
-/**
- * Curve information for use by other modules
+ * For Montgomery curves, we do not store \p A, but <code>(A + 2) / 4</code>,
+ * which is the quantity used in the formulas. Additionally, \p nbits is
+ * not the size of \p N but the required size for private keys.
+ *
+ * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm.
+ * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the
+ * range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer
+ * which is congruent mod \p P to the given MPI, and is close enough to \p pbits
+ * in size, so that it may be efficiently brought in the 0..P-1 range by a few
+ * additions or subtractions. Therefore, it is only an approximative modular
+ * reduction. It must return 0 on success and non-zero on failure.
+ *
*/
typedef struct
{
- mbedtls_ecp_group_id grp_id; /*!< Internal identifier */
- uint16_t tls_id; /*!< TLS NamedCurve identifier */
- uint16_t bit_size; /*!< Curve size in bits */
- const char *name; /*!< Human-friendly name */
-} mbedtls_ecp_curve_info;
-
-/**
- * \brief ECP point structure (jacobian coordinates)
- *
- * \note All functions expect and return points satisfying
- * the following condition: Z == 0 or Z == 1. (Other
- * values of Z are used by internal functions only.)
- * The point is zero, or "at infinity", if Z == 0.
- * Otherwise, X and Y are its standard (affine) coordinates.
- */
-typedef struct
-{
- mbedtls_mpi X; /*!< the point's X coordinate */
- mbedtls_mpi Y; /*!< the point's Y coordinate */
- mbedtls_mpi Z; /*!< the point's Z coordinate */
-}
-mbedtls_ecp_point;
-
-/**
- * \brief ECP group structure
- *
- * We consider two types of curves equations:
- * 1. Short Weierstrass y^2 = x^3 + A x + B mod P (SEC1 + RFC 4492)
- * 2. Montgomery, y^2 = x^3 + A x^2 + x mod P (Curve25519 + draft)
- * In both cases, a generator G for a prime-order subgroup is fixed. In the
- * short weierstrass, this subgroup is actually the whole curve, and its
- * cardinal is denoted by N.
- *
- * In the case of Short Weierstrass curves, our code requires that N is an odd
- * prime. (Use odd in mbedtls_ecp_mul() and prime in mbedtls_ecdsa_sign() for blinding.)
- *
- * In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is
- * the quantity actually used in the formulas. Also, nbits is not the size of N
- * but the required size for private keys.
- *
- * If modp is NULL, reduction modulo P is done using a generic algorithm.
- * Otherwise, it must point to a function that takes an mbedtls_mpi in the range
- * 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more
- * than pbits, so that the integer may be efficiently brought in the 0..P-1
- * range by a few additions or substractions. It must return 0 on success and
- * non-zero on failure.
- */
-typedef struct
-{
- mbedtls_ecp_group_id id; /*!< internal group identifier */
- mbedtls_mpi P; /*!< prime modulus of the base field */
- mbedtls_mpi A; /*!< 1. A in the equation, or 2. (A + 2) / 4 */
- mbedtls_mpi B; /*!< 1. B in the equation, or 2. unused */
- mbedtls_ecp_point G; /*!< generator of the (sub)group used */
- mbedtls_mpi N; /*!< 1. the order of G, or 2. unused */
- size_t pbits; /*!< number of bits in P */
- size_t nbits; /*!< number of bits in 1. P, or 2. private keys */
- unsigned int h; /*!< internal: 1 if the constants are static */
- int (*modp)(mbedtls_mpi *); /*!< function for fast reduction mod P */
- int (*t_pre)(mbedtls_ecp_point *, void *); /*!< unused */
- int (*t_post)(mbedtls_ecp_point *, void *); /*!< unused */
- void *t_data; /*!< unused */
- mbedtls_ecp_point *T; /*!< pre-computed points for ecp_mul_comb() */
- size_t T_size; /*!< number for pre-computed points */
+ mbedtls_ecp_group_id id; /*!< An internal group identifier. */
+ mbedtls_mpi P; /*!< The prime modulus of the base field. */
+ mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
+ Montgomery curves: <code>(A + 2) / 4</code>. */
+ mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
+ For Montgomery curves: unused. */
+ mbedtls_ecp_point G; /*!< The generator of the subgroup used. */
+ mbedtls_mpi N; /*!< The order of \p G. */
+ size_t pbits; /*!< The number of bits in \p P.*/
+ size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P.
+ For Montgomery curves: the number of bits in the
+ private keys. */
+ unsigned int h; /*!< \internal 1 if the constants are static. */
+ int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
+ mod \p P (see above).*/
+ int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */
+ int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */
+ void *t_data; /*!< Unused. */
+ mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */
+ size_t T_size; /*!< The number of pre-computed points. */
}
mbedtls_ecp_group;
/**
- * \brief ECP key pair structure
- *
- * A generic key pair that could be used for ECDSA, fixed ECDH, etc.
- *
- * \note Members purposefully in the same order as struc mbedtls_ecdsa_context.
- */
-typedef struct
-{
- mbedtls_ecp_group grp; /*!< Elliptic curve and base point */
- mbedtls_mpi d; /*!< our secret value */
- mbedtls_ecp_point Q; /*!< our public value */
-}
-mbedtls_ecp_keypair;
-
-/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
+ * Either change them in config.h, or define them using the compiler command line.
* \{
*/
#if !defined(MBEDTLS_ECP_MAX_BITS)
/**
- * Maximum size of the groups (that is, of N and P)
+ * The maximum size of the groups, that is, of \c N and \c P.
*/
-#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
+#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */
#endif
#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
@@ -207,11 +216,10 @@
* 521 145 141 135 120 97
* 384 214 209 198 177 146
* 256 320 320 303 262 226
-
* 224 475 475 453 398 342
* 192 640 640 633 587 476
*/
-#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
+#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< The maximum window size used. */
#endif /* MBEDTLS_ECP_WINDOW_SIZE */
#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
@@ -226,33 +234,55 @@
*
* Change this value to 0 to reduce peak memory usage.
*/
-#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
+#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */
#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
/* \} name SECTION: Module settings */
+#else /* MBEDTLS_ECP_ALT */
+#include "ecp_alt.h"
+#endif /* MBEDTLS_ECP_ALT */
+
+/**
+ * \brief The ECP key-pair structure.
+ *
+ * A generic key-pair that may be used for ECDSA and fixed ECDH, for example.
+ *
+ * \note Members are deliberately in the same order as in the
+ * ::mbedtls_ecdsa_context structure.
+ */
+typedef struct
+{
+ mbedtls_ecp_group grp; /*!< Elliptic curve and base point */
+ mbedtls_mpi d; /*!< our secret value */
+ mbedtls_ecp_point Q; /*!< our public value */
+}
+mbedtls_ecp_keypair;
+
/*
* Point formats, from RFC 4492's enum ECPointFormat
*/
-#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format */
-#define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format */
+#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format. */
+#define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format. */
/*
* Some other constants from RFC 4492
*/
-#define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */
+#define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< The named_curve of ECCurveType. */
/**
- * \brief Get the list of supported curves in order of preferrence
- * (full information)
+ * \brief This function retrieves the information defined in
+ * mbedtls_ecp_curve_info() for all supported curves in order
+ * of preference.
*
- * \return A statically allocated array, the last entry is 0.
+ * \return A statically allocated array. The last entry is 0.
*/
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
/**
- * \brief Get the list of supported curves in order of preferrence
- * (grp_id only)
+ * \brief This function retrieves the list of internal group
+ * identifiers of all supported curves in the order of
+ * preference.
*
* \return A statically allocated array,
* terminated with MBEDTLS_ECP_DP_NONE.
@@ -260,357 +290,400 @@
const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
/**
- * \brief Get curve information from an internal group identifier
+ * \brief This function retrieves curve information from an internal
+ * group identifier.
*
- * \param grp_id A MBEDTLS_ECP_DP_XXX value
+ * \param grp_id An \c MBEDTLS_ECP_DP_XXX value.
*
- * \return The associated curve information or NULL
+ * \return The associated curve information on success.
+ * \return NULL on failure.
*/
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
/**
- * \brief Get curve information from a TLS NamedCurve value
+ * \brief This function retrieves curve information from a TLS
+ * NamedCurve value.
*
- * \param tls_id A MBEDTLS_ECP_DP_XXX value
+ * \param tls_id An \c MBEDTLS_ECP_DP_XXX value.
*
- * \return The associated curve information or NULL
+ * \return The associated curve information on success.
+ * \return NULL on failure.
*/
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );
/**
- * \brief Get curve information from a human-readable name
+ * \brief This function retrieves curve information from a
+ * human-readable name.
*
- * \param name The name
+ * \param name The human-readable name.
*
- * \return The associated curve information or NULL
+ * \return The associated curve information on success.
+ * \return NULL on failure.
*/
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );
/**
- * \brief Initialize a point (as zero)
+ * \brief This function initializes a point as zero.
+ *
+ * \param pt The point to initialize.
*/
void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
/**
- * \brief Initialize a group (to something meaningless)
+ * \brief This function initializes an ECP group context
+ * without loading any domain parameters.
+ *
+ * \note After this function is called, domain parameters
+ * for various ECP groups can be loaded through the
+ * mbedtls_ecp_load() or mbedtls_ecp_tls_read_group()
+ * functions.
*/
void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
/**
- * \brief Initialize a key pair (as an invalid one)
+ * \brief This function initializes a key pair as an invalid one.
+ *
+ * \param key The key pair to initialize.
*/
void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );
/**
- * \brief Free the components of a point
+ * \brief This function frees the components of a point.
+ *
+ * \param pt The point to free.
*/
void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
/**
- * \brief Free the components of an ECP group
+ * \brief This function frees the components of an ECP group.
+ * \param grp The group to free.
*/
void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
/**
- * \brief Free the components of a key pair
+ * \brief This function frees the components of a key pair.
+ * \param key The key pair to free.
*/
void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
/**
- * \brief Copy the contents of point Q into P
+ * \brief This function copies the contents of point \p Q into
+ * point \p P.
*
- * \param P Destination point
- * \param Q Source point
+ * \param P The destination point.
+ * \param Q The source point.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
*/
int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
/**
- * \brief Copy the contents of a group object
+ * \brief This function copies the contents of group \p src into
+ * group \p dst.
*
- * \param dst Destination group
- * \param src Source group
+ * \param dst The destination group.
+ * \param src The source group.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
*/
int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src );
/**
- * \brief Set a point to zero
+ * \brief This function sets a point to zero.
*
- * \param pt Destination point
+ * \param pt The point to set.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
*/
int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
/**
- * \brief Tell if a point is zero
+ * \brief This function checks if a point is zero.
*
- * \param pt Point to test
+ * \param pt The point to test.
*
- * \return 1 if point is zero, 0 otherwise
+ * \return \c 1 if the point is zero.
+ * \return \c 0 if the point is non-zero.
*/
int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
/**
- * \brief Compare two points
+ * \brief This function compares two points.
*
- * \note This assumes the points are normalized. Otherwise,
+ * \note This assumes that the points are normalized. Otherwise,
* they may compare as "not equal" even if they are.
*
- * \param P First point to compare
- * \param Q Second point to compare
+ * \param P The first point to compare.
+ * \param Q The second point to compare.
*
- * \return 0 if the points are equal,
- * MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise
+ * \return \c 0 if the points are equal.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.
*/
int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
const mbedtls_ecp_point *Q );
/**
- * \brief Import a non-zero point from two ASCII strings
+ * \brief This function imports a non-zero point from two ASCII
+ * strings.
*
- * \param P Destination point
- * \param radix Input numeric base
- * \param x First affine coordinate as a null-terminated string
- * \param y Second affine coordinate as a null-terminated string
+ * \param P The destination point.
+ * \param radix The numeric base of the input.
+ * \param x The first affine coordinate, as a null-terminated string.
+ * \param y The second affine coordinate, as a null-terminated string.
*
- * \return 0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_MPI_XXX error code on failure.
*/
int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
const char *x, const char *y );
/**
- * \brief Export a point into unsigned binary data
+ * \brief This function exports a point into unsigned binary data.
*
- * \param grp Group to which the point should belong
- * \param P Point to export
- * \param format Point format, should be a MBEDTLS_ECP_PF_XXX macro
- * \param olen Length of the actual output
- * \param buf Output buffer
- * \param buflen Length of the output buffer
+ * \param grp The group to which the point should belong.
+ * \param P The point to export.
+ * \param format The point format. Should be an \c MBEDTLS_ECP_PF_XXX macro.
+ * \param olen The length of the output.
+ * \param buf The output buffer.
+ * \param buflen The length of the output buffer.
*
- * \return 0 if successful,
- * or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
- * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+ * or #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.
*/
int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
int format, size_t *olen,
unsigned char *buf, size_t buflen );
/**
- * \brief Import a point from unsigned binary data
+ * \brief This function imports a point from unsigned binary data.
*
- * \param grp Group to which the point should belong
- * \param P Point to import
- * \param buf Input buffer
- * \param ilen Actual length of input
+ * \note This function does not check that the point actually
+ * belongs to the given group, see mbedtls_ecp_check_pubkey()
+ * for that.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- * MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
+ * \param grp The group to which the point should belong.
+ * \param P The point to import.
+ * \param buf The input buffer.
+ * \param ilen The length of the input.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
* is not implemented.
*
- * \note This function does NOT check that the point actually
- * belongs to the given group, see mbedtls_ecp_check_pubkey() for
- * that.
*/
int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
const unsigned char *buf, size_t ilen );
/**
- * \brief Import a point from a TLS ECPoint record
+ * \brief This function imports a point from a TLS ECPoint record.
*
- * \param grp ECP group used
- * \param pt Destination point
- * \param buf $(Start of input buffer)
- * \param len Buffer length
+ * \note On function return, \p buf is updated to point to immediately
+ * after the ECPoint record.
*
- * \note buf is updated to point right after the ECPoint on exit
+ * \param grp The ECP group used.
+ * \param pt The destination point.
+ * \param buf The address of the pointer to the start of the input buffer.
+ * \param len The length of the buffer.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_XXX if initialization failed
- * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
*/
int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
const unsigned char **buf, size_t len );
/**
- * \brief Export a point as a TLS ECPoint record
+ * \brief This function exports a point as a TLS ECPoint record.
*
- * \param grp ECP group used
- * \param pt Point to export
- * \param format Export format
- * \param olen length of data written
- * \param buf Buffer to write to
- * \param blen Buffer length
+ * \param grp The ECP group used.
+ * \param pt The point format to export to. The point format is an
+ * \c MBEDTLS_ECP_PF_XXX constant.
+ * \param format The export format.
+ * \param olen The length of the data written.
+ * \param buf The buffer to write to.
+ * \param blen The length of the buffer.
*
- * \return 0 if successful,
- * or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
- * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA or
+ * #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.
*/
int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
int format, size_t *olen,
unsigned char *buf, size_t blen );
/**
- * \brief Set a group using well-known domain parameters
+ * \brief This function sets a group using standardized domain parameters.
*
- * \param grp Destination group
- * \param id Index in the list of well-known domain parameters
+ * \note The index should be a value of the NamedCurve enum,
+ * as defined in <em>RFC-4492: Elliptic Curve Cryptography
+ * (ECC) Cipher Suites for Transport Layer Security (TLS)</em>,
+ * usually in the form of an \c MBEDTLS_ECP_DP_XXX macro.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_XXX if initialization failed
- * MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups
+ * \param grp The destination group.
+ * \param id The identifier of the domain parameter set to load.
*
- * \note Index should be a value of RFC 4492's enum NamedCurve,
- * usually in the form of a MBEDTLS_ECP_DP_XXX macro.
+ * \return \c 0 on success,
+ * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure.
+ * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups.
+
*/
int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
/**
- * \brief Set a group from a TLS ECParameters record
+ * \brief This function sets a group from a TLS ECParameters record.
*
- * \param grp Destination group
- * \param buf &(Start of input buffer)
- * \param len Buffer length
+ * \note \p buf is updated to point right after the ECParameters record
+ * on exit.
*
- * \note buf is updated to point right after ECParameters on exit
+ * \param grp The destination group.
+ * \param buf The address of the pointer to the start of the input buffer.
+ * \param len The length of the buffer.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_MPI_XXX if initialization failed
- * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
*/
int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len );
/**
- * \brief Write the TLS ECParameters record for a group
+ * \brief This function writes the TLS ECParameters record for a group.
*
- * \param grp ECP group used
- * \param olen Number of bytes actually written
- * \param buf Buffer to write to
- * \param blen Buffer length
+ * \param grp The ECP group used.
+ * \param olen The number of Bytes written.
+ * \param buf The buffer to write to.
+ * \param blen The length of the buffer.
*
- * \return 0 if successful,
- * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.
*/
int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
unsigned char *buf, size_t blen );
/**
- * \brief Multiplication by an integer: R = m * P
- * (Not thread-safe to use same group in multiple threads)
+ * \brief This function performs multiplication of a point by
+ * an integer: \p R = \p m * \p P.
*
- * \note In order to prevent timing attacks, this function
- * executes the exact same sequence of (base field)
- * operations for any valid m. It avoids any if-branch or
- * array index depending on the value of m.
+ * It is not thread-safe to use same group in multiple threads.
*
- * \note If f_rng is not NULL, it is used to randomize intermediate
- * results in order to prevent potential timing attacks
- * targeting these results. It is recommended to always
- * provide a non-NULL f_rng (the overhead is negligible).
+ * \note To prevent timing attacks, this function
+ * executes the exact same sequence of base-field
+ * operations for any valid \p m. It avoids any if-branch or
+ * array index depending on the value of \p m.
*
- * \param grp ECP group
- * \param R Destination point
- * \param m Integer by which to multiply
- * \param P Point to multiply
- * \param f_rng RNG function (see notes)
- * \param p_rng RNG parameter
+ * \note If \p f_rng is not NULL, it is used to randomize
+ * intermediate results to prevent potential timing attacks
+ * targeting these results. We recommend always providing
+ * a non-NULL \p f_rng. The overhead is negligible.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_ECP_INVALID_KEY if m is not a valid privkey
- * or P is not a valid pubkey,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \param grp The ECP group.
+ * \param R The destination point.
+ * \param m The integer by which to multiply.
+ * \param P The point to multiply.
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
+ * key, or \p P is not a valid public key.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
*/
int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/**
- * \brief Multiplication and addition of two points by integers:
- * R = m * P + n * Q
- * (Not thread-safe to use same group in multiple threads)
+ * \brief This function performs multiplication and addition of two
+ * points by integers: \p R = \p m * \p P + \p n * \p Q
*
- * \note In contrast to mbedtls_ecp_mul(), this function does not guarantee
- * a constant execution flow and timing.
+ * It is not thread-safe to use same group in multiple threads.
*
- * \param grp ECP group
- * \param R Destination point
- * \param m Integer by which to multiply P
- * \param P Point to multiply by m
- * \param n Integer by which to multiply Q
- * \param Q Point to be multiplied by n
+ * \note In contrast to mbedtls_ecp_mul(), this function does not
+ * guarantee a constant execution flow and timing.
*
- * \return 0 if successful,
- * MBEDTLS_ERR_ECP_INVALID_KEY if m or n is not a valid privkey
- * or P or Q is not a valid pubkey,
- * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ * \param grp The ECP group.
+ * \param R The destination point.
+ * \param m The integer by which to multiply \p P.
+ * \param P The point to multiply by \p m.
+ * \param n The integer by which to multiply \p Q.
+ * \param Q The point to be multiplied by \p n.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
+ * valid private keys, or \p P or \p Q are not valid public
+ * keys.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
*/
int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
/**
- * \brief Check that a point is a valid public key on this curve
+ * \brief This function checks that a point is a valid public key
+ * on this curve.
*
- * \param grp Curve/group the point should belong to
- * \param pt Point to check
+ * It only checks that the point is non-zero, has
+ * valid coordinates and lies on the curve. It does not verify
+ * that it is indeed a multiple of \p G. This additional
+ * check is computationally more expensive, is not required
+ * by standards, and should not be necessary if the group
+ * used has a small cofactor. In particular, it is useless for
+ * the NIST groups which all have a cofactor of 1.
*
- * \return 0 if point is a valid public key,
- * MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
+ * \note This function uses bare components rather than an
+ * ::mbedtls_ecp_keypair structure, to ease use with other
+ * structures, such as ::mbedtls_ecdh_context or
+ * ::mbedtls_ecdsa_context.
*
- * \note This function only checks the point is non-zero, has valid
- * coordinates and lies on the curve, but not that it is
- * indeed a multiple of G. This is additional check is more
- * expensive, isn't required by standards, and shouldn't be
- * necessary if the group used has a small cofactor. In
- * particular, it is useless for the NIST groups which all
- * have a cofactor of 1.
+ * \param grp The curve the point should lie on.
+ * \param pt The point to check.
*
- * \note Uses bare components rather than an mbedtls_ecp_keypair structure
- * in order to ease use with other structures such as
- * mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ * \return \c 0 if the point is a valid public key.
+ * \return #MBEDTLS_ERR_ECP_INVALID_KEY on failure.
*/
int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt );
/**
- * \brief Check that an mbedtls_mpi is a valid private key for this curve
+ * \brief This function checks that an \p mbedtls_mpi is a valid private
+ * key for this curve.
*
- * \param grp Group used
- * \param d Integer to check
+ * \note This function uses bare components rather than an
+ * ::mbedtls_ecp_keypair structure to ease use with other
+ * structures, such as ::mbedtls_ecdh_context or
+ * ::mbedtls_ecdsa_context.
*
- * \return 0 if point is a valid private key,
- * MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
+ * \param grp The group used.
+ * \param d The integer to check.
*
- * \note Uses bare components rather than an mbedtls_ecp_keypair structure
- * in order to ease use with other structures such as
- * mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ * \return \c 0 if the point is a valid private key.
+ * \return #MBEDTLS_ERR_ECP_INVALID_KEY on failure.
*/
int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );
/**
- * \brief Generate a keypair with configurable base point
+ * \brief This function generates a keypair with a configurable base
+ * point.
*
- * \param grp ECP group
- * \param G Chosen base point
- * \param d Destination MPI (secret part)
- * \param Q Destination point (public part)
- * \param f_rng RNG function
- * \param p_rng RNG parameter
+ * \note This function uses bare components rather than an
+ * ::mbedtls_ecp_keypair structure to ease use with other
+ * structures, such as ::mbedtls_ecdh_context or
+ * ::mbedtls_ecdsa_context.
*
- * \return 0 if successful,
- * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ * \param grp The ECP group.
+ * \param G The chosen base point.
+ * \param d The destination MPI (secret part).
+ * \param Q The destination point (public part).
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
*
- * \note Uses bare components rather than an mbedtls_ecp_keypair structure
- * in order to ease use with other structures such as
- * mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+ * on failure.
*/
int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
const mbedtls_ecp_point *G,
@@ -619,57 +692,66 @@
void *p_rng );
/**
- * \brief Generate a keypair
+ * \brief This function generates an ECP keypair.
*
- * \param grp ECP group
- * \param d Destination MPI (secret part)
- * \param Q Destination point (public part)
- * \param f_rng RNG function
- * \param p_rng RNG parameter
+ * \note This function uses bare components rather than an
+ * ::mbedtls_ecp_keypair structure to ease use with other
+ * structures, such as ::mbedtls_ecdh_context or
+ * ::mbedtls_ecdsa_context.
*
- * \return 0 if successful,
- * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ * \param grp The ECP group.
+ * \param d The destination MPI (secret part).
+ * \param Q The destination point (public part).
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
*
- * \note Uses bare components rather than an mbedtls_ecp_keypair structure
- * in order to ease use with other structures such as
- * mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+ * on failure.
*/
int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/**
- * \brief Generate a keypair
+ * \brief This function generates an ECP key.
*
- * \param grp_id ECP group identifier
- * \param key Destination keypair
- * \param f_rng RNG function
- * \param p_rng RNG parameter
+ * \param grp_id The ECP group identifier.
+ * \param key The destination key.
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
*
- * \return 0 if successful,
- * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+ * on failure.
*/
int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/**
- * \brief Check a public-private key pair
+ * \brief This function checks that the keypair objects
+ * \p pub and \p prv have the same group and the
+ * same public point, and that the private key in
+ * \p prv is consistent with the public key.
*
- * \param pub Keypair structure holding a public key
- * \param prv Keypair structure holding a private (plus public) key
+ * \param pub The keypair structure holding the public key.
+ * If it contains a private key, that part is ignored.
+ * \param prv The keypair structure holding the full keypair.
*
- * \return 0 if successful (keys are valid and match), or
- * MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or
- * a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX code.
+ * \return \c 0 on success, meaning that the keys are valid and match.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match.
+ * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
+ * error code on calculation failure.
*/
int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv );
#if defined(MBEDTLS_SELF_TEST)
/**
- * \brief Checkup routine
+ * \brief The ECP checkup routine.
*
- * \return 0 if successful, or 1 if a test failed
+ * \return \c 0 on success.
+ * \return \c 1 on failure.
*/
int mbedtls_ecp_self_test( int verbose );
@@ -679,8 +761,4 @@
}
#endif
-#else /* MBEDTLS_ECP_ALT */
-#include "ecp_alt.h"
-#endif /* MBEDTLS_ECP_ALT */
-
#endif /* ecp.h */
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index 1e5a507..3c22033 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -1,9 +1,11 @@
/**
* \file gcm.h
*
- * \brief Galois/Counter Mode (GCM) for 128-bit block ciphers, as defined
- * in <em>D. McGrew, J. Viega, The Galois/Counter Mode of Operation
- * (GCM), Natl. Inst. Stand. Technol.</em>
+ * \brief This file contains GCM definitions and functions.
+ *
+ * The Galois/Counter Mode (GCM) for 128-bit block ciphers is defined
+ * in <em>D. McGrew, J. Viega, The Galois/Counter Mode of Operation
+ * (GCM), Natl. Inst. Stand. Technol.</em>
*
* For more information on GCM, see <em>NIST SP 800-38D: Recommendation for
* Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em>.
@@ -42,12 +44,12 @@
#define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 /**< GCM hardware accelerator failed. */
#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */
-#if !defined(MBEDTLS_GCM_ALT)
-
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_GCM_ALT)
+
/**
* \brief The GCM context structure.
*/
@@ -66,6 +68,10 @@
}
mbedtls_gcm_context;
+#else /* !MBEDTLS_GCM_ALT */
+#include "gcm_alt.h"
+#endif /* !MBEDTLS_GCM_ALT */
+
/**
* \brief This function initializes the specified GCM context,
* to make references valid, and prepares the context
@@ -91,7 +97,8 @@
* <li>192 bits</li>
* <li>256 bits</li></ul>
*
- * \return \c 0 on success, or a cipher specific error code.
+ * \return \c 0 on success.
+ * \return A cipher-specific error code on failure.
*/
int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
mbedtls_cipher_id_t cipher,
@@ -101,15 +108,16 @@
/**
* \brief This function performs GCM encryption or decryption of a buffer.
*
- * \note For encryption, the output buffer can be the same as the input buffer.
- * For decryption, the output buffer cannot be the same as input buffer.
- * If the buffers overlap, the output buffer must trail at least 8 Bytes
- * behind the input buffer.
+ * \note For encryption, the output buffer can be the same as the
+ * input buffer. For decryption, the output buffer cannot be
+ * the same as input buffer. If the buffers overlap, the output
+ * buffer must trail at least 8 Bytes behind the input buffer.
*
* \param ctx The GCM context to use for encryption or decryption.
* \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
* #MBEDTLS_GCM_DECRYPT.
- * \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish().
+ * \param length The length of the input data. This must be a multiple of
+ * 16 except in the last call before mbedtls_gcm_finish().
* \param iv The initialization vector.
* \param iv_len The length of the IV.
* \param add The buffer holding the additional data.
@@ -137,12 +145,13 @@
* \brief This function performs a GCM authenticated decryption of a
* buffer.
*
- * \note For decryption, the output buffer cannot be the same as input buffer.
- * If the buffers overlap, the output buffer must trail at least 8 Bytes
- * behind the input buffer.
+ * \note For decryption, the output buffer cannot be the same as
+ * input buffer. If the buffers overlap, the output buffer
+ * must trail at least 8 Bytes behind the input buffer.
*
* \param ctx The GCM context.
- * \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish().
+ * \param length The length of the input data. This must be a multiple
+ * of 16 except in the last call before mbedtls_gcm_finish().
* \param iv The initialization vector.
* \param iv_len The length of the IV.
* \param add The buffer holding the additional data.
@@ -152,8 +161,8 @@
* \param input The buffer holding the input data.
* \param output The buffer for holding the output data.
*
- * \return 0 if successful and authenticated, or
- * #MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match.
+ * \return 0 if successful and authenticated.
+ * \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
*/
int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
size_t length,
@@ -175,10 +184,12 @@
* #MBEDTLS_GCM_DECRYPT.
* \param iv The initialization vector.
* \param iv_len The length of the IV.
- * \param add The buffer holding the additional data, or NULL if \p add_len is 0.
- * \param add_len The length of the additional data. If 0, \p add is NULL.
+ * \param add The buffer holding the additional data, or NULL
+ * if \p add_len is 0.
+ * \param add_len The length of the additional data. If 0,
+ * \p add is NULL.
*
- * \return \c 0 on success.
+ * \return \c 0 on success.
*/
int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
int mode,
@@ -195,16 +206,18 @@
* Bytes. Only the last call before calling
* mbedtls_gcm_finish() can be less than 16 Bytes.
*
- * \note For decryption, the output buffer cannot be the same as input buffer.
- * If the buffers overlap, the output buffer must trail at least 8 Bytes
- * behind the input buffer.
+ * \note For decryption, the output buffer cannot be the same as
+ * input buffer. If the buffers overlap, the output buffer
+ * must trail at least 8 Bytes behind the input buffer.
*
* \param ctx The GCM context.
- * \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish().
+ * \param length The length of the input data. This must be a multiple of
+ * 16 except in the last call before mbedtls_gcm_finish().
* \param input The buffer holding the input data.
* \param output The buffer for holding the output data.
*
- * \return \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
*/
int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
size_t length,
@@ -222,7 +235,8 @@
* \param tag The buffer for holding the tag.
* \param tag_len The length of the tag to generate. Must be at least four.
*
- * \return \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
*/
int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
unsigned char *tag,
@@ -236,22 +250,11 @@
*/
void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
-#ifdef __cplusplus
-}
-#endif
-
-#else /* !MBEDTLS_GCM_ALT */
-#include "gcm_alt.h"
-#endif /* !MBEDTLS_GCM_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief The GCM checkup routine.
*
- * \return \c 0 on success, or \c 1 on failure.
+ * \return \c 0 on success.
+ * \return \c 1 on failure.
*/
int mbedtls_gcm_self_test( int verbose );
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 06538c3..6b6f5c5 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -1,7 +1,7 @@
/**
* \file md.h
*
- * \brief The generic message-digest wrapper.
+ * \brief This file contains the generic message-digest wrapper.
*
* \author Adriaan de Jong <dejong@fox-it.com>
*/
@@ -46,7 +46,7 @@
#endif
/**
- * \brief Enumeration of supported message digests
+ * \brief Supported message digests.
*
* \warning MD2, MD4, MD5 and SHA-1 are considered weak message digests and
* their use constitutes a security risk. We recommend considering
@@ -54,16 +54,16 @@
*
*/
typedef enum {
- MBEDTLS_MD_NONE=0,
- MBEDTLS_MD_MD2,
- MBEDTLS_MD_MD4,
- MBEDTLS_MD_MD5,
- MBEDTLS_MD_SHA1,
- MBEDTLS_MD_SHA224,
- MBEDTLS_MD_SHA256,
- MBEDTLS_MD_SHA384,
- MBEDTLS_MD_SHA512,
- MBEDTLS_MD_RIPEMD160,
+ MBEDTLS_MD_NONE=0, /**< None. */
+ MBEDTLS_MD_MD2, /**< The MD2 message digest. */
+ MBEDTLS_MD_MD4, /**< The MD4 message digest. */
+ MBEDTLS_MD_MD5, /**< The MD5 message digest. */
+ MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */
+ MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */
+ MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */
+ MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */
+ MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */
+ MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */
} mbedtls_md_type_t;
#if defined(MBEDTLS_SHA512_C)
@@ -108,8 +108,8 @@
*
* \param md_name The name of the digest to search for.
*
- * \return The message-digest information associated with \p md_name,
- * or NULL if not found.
+ * \return The message-digest information associated with \p md_name.
+ * \return NULL if the associated message-digest information is not found.
*/
const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
@@ -119,8 +119,8 @@
*
* \param md_type The type of digest to search for.
*
- * \return The message-digest information associated with \p md_type,
- * or NULL if not found.
+ * \return The message-digest information associated with \p md_type.
+ * \return NULL if the associated message-digest information is not found.
*/
const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
@@ -168,9 +168,10 @@
* \param md_info The information structure of the message-digest algorithm
* to use.
*
- * \returns \c 0 on success,
- * #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
- * #MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+ * failure.
+ * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
*/
int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
#undef MBEDTLS_DEPRECATED
@@ -187,12 +188,13 @@
* \param ctx The context to set up.
* \param md_info The information structure of the message-digest algorithm
* to use.
- * \param hmac <ul><li>0: HMAC is not used. Saves some memory.</li>
- * <li>non-zero: HMAC is used with this context.</li></ul>
+ * \param hmac Defines if HMAC is used. 0: HMAC is not used (saves some memory),
+ * or non-zero: HMAC is used with this context.
*
- * \returns \c 0 on success,
- * #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure, or
- * #MBEDTLS_ERR_MD_ALLOC_FAILED on memory allocation failure.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+ * failure.
+ * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
*/
int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
@@ -212,8 +214,8 @@
* \param dst The destination context.
* \param src The context to be cloned.
*
- * \return \c 0 on success,
- * #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
*/
int mbedtls_md_clone( mbedtls_md_context_t *dst,
const mbedtls_md_context_t *src );
@@ -260,8 +262,9 @@
*
* \param ctx The generic message-digest context.
*
- * \returns \c 0 on success, #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- * parameter verification fails.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+ * failure.
*/
int mbedtls_md_starts( mbedtls_md_context_t *ctx );
@@ -277,8 +280,9 @@
* \param input The buffer holding the input data.
* \param ilen The length of the input data.
*
- * \returns \c 0 on success, #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- * parameter verification fails.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+ * failure.
*/
int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
@@ -296,8 +300,9 @@
* \param ctx The generic message-digest context.
* \param output The buffer for the generic message-digest checksum result.
*
- * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- * parameter verification fails.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+ * failure.
*/
int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
@@ -315,8 +320,9 @@
* \param ilen The length of the input data.
* \param output The generic message-digest checksum result.
*
- * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- * parameter verification fails.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+ * failure.
*/
int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
unsigned char *output );
@@ -334,9 +340,10 @@
* \param path The input file name.
* \param output The generic message-digest checksum result.
*
- * \return \c 0 on success,
- * #MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed, or
- * #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MD_FILE_IO_ERROR on an I/O error accessing
+ * the file pointed by \p path.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
*/
int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
unsigned char *output );
@@ -356,8 +363,9 @@
* \param key The HMAC secret key.
* \param keylen The length of the HMAC key in Bytes.
*
- * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- * parameter verification fails.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+ * failure.
*/
int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
size_t keylen );
@@ -377,8 +385,9 @@
* \param input The buffer holding the input data.
* \param ilen The length of the input data.
*
- * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- * parameter verification fails.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+ * failure.
*/
int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
size_t ilen );
@@ -397,8 +406,9 @@
* context.
* \param output The generic HMAC checksum result.
*
- * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- * parameter verification fails.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+ * failure.
*/
int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
@@ -413,8 +423,9 @@
* \param ctx The message digest context containing an embedded HMAC
* context.
*
- * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- * parameter verification fails.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+ * failure.
*/
int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
@@ -436,8 +447,9 @@
* \param ilen The length of the input data.
* \param output The generic HMAC result.
*
- * \returns \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- * parameter verification fails.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+ * failure.
*/
int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h
index 0fd8b5a..08e75b2 100644
--- a/include/mbedtls/md2.h
+++ b/include/mbedtls/md2.h
@@ -39,14 +39,14 @@
#define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */
-#if !defined(MBEDTLS_MD2_ALT)
-// Regular implementation
-//
-
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_MD2_ALT)
+// Regular implementation
+//
+
/**
* \brief MD2 context structure
*
@@ -64,6 +64,10 @@
}
mbedtls_md2_context;
+#else /* MBEDTLS_MD2_ALT */
+#include "md2_alt.h"
+#endif /* MBEDTLS_MD2_ALT */
+
/**
* \brief Initialize MD2 context
*
@@ -235,18 +239,6 @@
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_MD2_ALT */
-#include "md2_alt.h"
-#endif /* MBEDTLS_MD2_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief Output = MD2( input buffer )
*
diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h
index 23fa95e..8ee4e5c 100644
--- a/include/mbedtls/md4.h
+++ b/include/mbedtls/md4.h
@@ -40,14 +40,14 @@
#define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */
-#if !defined(MBEDTLS_MD4_ALT)
-// Regular implementation
-//
-
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_MD4_ALT)
+// Regular implementation
+//
+
/**
* \brief MD4 context structure
*
@@ -64,6 +64,10 @@
}
mbedtls_md4_context;
+#else /* MBEDTLS_MD4_ALT */
+#include "md4_alt.h"
+#endif /* MBEDTLS_MD4_ALT */
+
/**
* \brief Initialize MD4 context
*
@@ -238,18 +242,6 @@
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_MD4_ALT */
-#include "md4_alt.h"
-#endif /* MBEDTLS_MD4_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief Output = MD4( input buffer )
*
diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h
index 06ea4c5..43ead4b 100644
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@@ -39,14 +39,14 @@
#define MBEDTLS_ERR_MD5_HW_ACCEL_FAILED -0x002F /**< MD5 hardware accelerator failed */
-#if !defined(MBEDTLS_MD5_ALT)
-// Regular implementation
-//
-
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_MD5_ALT)
+// Regular implementation
+//
+
/**
* \brief MD5 context structure
*
@@ -63,6 +63,10 @@
}
mbedtls_md5_context;
+#else /* MBEDTLS_MD5_ALT */
+#include "md5_alt.h"
+#endif /* MBEDTLS_MD5_ALT */
+
/**
* \brief Initialize MD5 context
*
@@ -238,18 +242,6 @@
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_MD5_ALT */
-#include "md5_alt.h"
-#endif /* MBEDTLS_MD5_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief Output = MD5( input buffer )
*
diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index 54e612c..0f9b31e 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -46,12 +46,17 @@
#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */
#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */
#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */
+#define MBEDTLS_ERR_NET_POLL_FAILED -0x0047 /**< Polling the net context failed. */
+#define MBEDTLS_ERR_NET_BAD_INPUT_DATA -0x0049 /**< Input invalid. */
#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */
#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */
#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */
+#define MBEDTLS_NET_POLL_READ 1 /**< Used in \c mbedtls_net_poll to check for pending data */
+#define MBEDTLS_NET_POLL_WRITE 2 /**< Used in \c mbedtls_net_poll to check if write possible */
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -118,9 +123,10 @@
*
* \param bind_ctx Relevant socket
* \param client_ctx Will contain the connected client socket
- * \param client_ip Will contain the client IP address
+ * \param client_ip Will contain the client IP address, can be NULL
* \param buf_size Size of the client_ip buffer
- * \param ip_len Will receive the size of the client IP written
+ * \param ip_len Will receive the size of the client IP written,
+ * can be NULL if client_ip is null
*
* \return 0 if successful, or
* MBEDTLS_ERR_NET_ACCEPT_FAILED, or
@@ -133,6 +139,29 @@
void *client_ip, size_t buf_size, size_t *ip_len );
/**
+ * \brief Check and wait for the context to be ready for read/write
+ *
+ * \param ctx Socket to check
+ * \param rw Bitflag composed of MBEDTLS_NET_POLL_READ and
+ * MBEDTLS_NET_POLL_WRITE specifying the events
+ * to wait for:
+ * - If MBEDTLS_NET_POLL_READ is set, the function
+ * will return as soon as the net context is available
+ * for reading.
+ * - If MBEDTLS_NET_POLL_WRITE is set, the function
+ * will return as soon as the net context is available
+ * for writing.
+ * \param timeout Maximal amount of time to wait before returning,
+ * in milliseconds. If \c timeout is zero, the
+ * function returns immediately. If \c timeout is
+ * -1u, the function blocks potentially indefinitely.
+ *
+ * \return Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE
+ * on success or timeout, or a negative return code otherwise.
+ */
+int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout );
+
+/**
* \brief Set the socket blocking
*
* \param ctx Socket to set
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 1059bda..ee06b2f 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -63,7 +63,7 @@
#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 /**< The algorithm tag or value is invalid. */
#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */
#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */
-#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The signature is valid but its length is less than expected. */
+#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The buffer contains a valid signature followed by more data. */
#define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 /**< PK hardware accelerator failed. */
#ifdef __cplusplus
@@ -269,8 +269,8 @@
* \param sig_len Signature length
*
* \return 0 on success (signature is valid),
- * MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
- * valid but its actual length is less than sig_len,
+ * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
+ * signature in sig but its length is less than \p siglen,
* or a specific error code.
*
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
@@ -300,10 +300,10 @@
* \param sig_len Signature length
*
* \return 0 on success (signature is valid),
- * MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
+ * #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
* used for this type of signatures,
- * MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
- * valid but its actual length is less than sig_len,
+ * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
+ * signature in sig but its length is less than \p siglen,
* or a specific error code.
*
* \note If hash_len is 0, then the length associated with md_alg
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index ed10775..a53229b 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -1,7 +1,16 @@
/**
* \file platform.h
*
- * \brief The Mbed TLS platform abstraction layer.
+ * \brief This file contains the definitions and functions of the
+ * Mbed TLS platform abstraction layer.
+ *
+ * The platform abstraction layer removes the need for the library
+ * to directly link to standard C library functions or operating
+ * system services, making the library easier to port and embed.
+ * Application developers and users of the library can provide their own
+ * implementations of these functions, or implementations specific to
+ * their platform, which can be statically linked to the library or
+ * dynamically configured at runtime.
*/
/*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
@@ -102,7 +111,7 @@
/* \} name SECTION: Module settings */
/*
- * The function pointers for calloc and free
+ * The function pointers for calloc and free.
*/
#if defined(MBEDTLS_PLATFORM_MEMORY)
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
@@ -116,7 +125,8 @@
extern void (*mbedtls_free)( void *ptr );
/**
- * \brief This function allows configuring custom memory-management functions.
+ * \brief This function dynamically sets the memory-management
+ * functions used by the library, during runtime.
*
* \param calloc_func The \c calloc function implementation.
* \param free_func The \c free function implementation.
@@ -140,7 +150,9 @@
extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
/**
- * \brief This function allows configuring a custom \p fprintf function pointer.
+ * \brief This function dynamically configures the fprintf
+ * function that is called when the
+ * mbedtls_fprintf() function is invoked by the library.
*
* \param fprintf_func The \c fprintf function implementation.
*
@@ -163,8 +175,9 @@
extern int (*mbedtls_printf)( const char *format, ... );
/**
- * \brief This function allows configuring a custom \c printf function
- * pointer.
+ * \brief This function dynamically configures the snprintf
+ * function that is called when the mbedtls_snprintf()
+ * function is invoked by the library.
*
* \param printf_func The \c printf function implementation.
*
@@ -197,12 +210,12 @@
extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
/**
- * \brief This function allows configuring a custom \c snprintf function
- * pointer.
+ * \brief This function allows configuring a custom
+ * \c snprintf function pointer.
*
* \param snprintf_func The \c snprintf function implementation.
*
- * \return \c 0 on success.
+ * \return \c 0 on success.
*/
int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
const char * format, ... ) );
@@ -210,7 +223,7 @@
#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
#else
-#define mbedtls_snprintf snprintf
+#define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF
#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
@@ -221,12 +234,13 @@
extern void (*mbedtls_exit)( int status );
/**
- * \brief This function allows configuring a custom \c exit function
- * pointer.
+ * \brief This function dynamically configures the exit
+ * function that is called when the mbedtls_exit()
+ * function is invoked by the library.
*
* \param exit_func The \c exit function implementation.
*
- * \return \c 0 on success.
+ * \return \c 0 on success.
*/
int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
#else
@@ -302,7 +316,7 @@
* setup or teardown operations.
*/
typedef struct {
- char dummy; /**< Placeholder member, as empty structs are not portable. */
+ char dummy; /**< A placeholder member, as empty structs are not portable. */
}
mbedtls_platform_context;
@@ -311,33 +325,34 @@
#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
/**
- * \brief This function performs any platform initialization operations.
+ * \brief This function performs any platform-specific initialization
+ * operations.
*
- * \param ctx The Mbed TLS context.
+ * \note This function should be called before any other library functions.
+ *
+ * Its implementation is platform-specific, and unless
+ * platform-specific code is provided, it does nothing.
+ *
+ * \note The usage and necessity of this function is dependent on the platform.
+ *
+ * \param ctx The platform context.
*
* \return \c 0 on success.
- *
- * \note This function is intended to allow platform-specific initialization,
- * and should be called before any other library functions. Its
- * implementation is platform-specific, and unless
- * platform-specific code is provided, it does nothing.
- *
- * Its use and whether it is necessary to call it is dependent on the
- * platform.
*/
int mbedtls_platform_setup( mbedtls_platform_context *ctx );
/**
* \brief This function performs any platform teardown operations.
*
- * \param ctx The Mbed TLS context.
- *
* \note This function should be called after every other Mbed TLS module
* has been correctly freed using the appropriate free function.
+ *
* Its implementation is platform-specific, and unless
* platform-specific code is provided, it does nothing.
*
- * Its use and whether it is necessary to call it is dependent on the
- * platform.
+ * \note The usage and necessity of this function is dependent on the platform.
+ *
+ * \param ctx The platform context.
+ *
*/
void mbedtls_platform_teardown( mbedtls_platform_context *ctx );
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
new file mode 100644
index 0000000..84f0732
--- /dev/null
+++ b/include/mbedtls/platform_util.h
@@ -0,0 +1,62 @@
+/**
+ * \file platform_util.h
+ *
+ * \brief Common and shared functions used by multiple modules in the Mbed TLS
+ * library.
+ */
+/*
+ * Copyright (C) 2018, Arm Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of Mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PLATFORM_UTIL_H
+#define MBEDTLS_PLATFORM_UTIL_H
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Securely zeroize a buffer
+ *
+ * The function is meant to wipe the data contained in a buffer so
+ * that it can no longer be recovered even if the program memory
+ * is later compromised. Call this function on sensitive data
+ * stored on the stack before returning from a function, and on
+ * sensitive data stored on the heap before freeing the heap
+ * object.
+ *
+ * It is extremely difficult to guarantee that calls to
+ * mbedtls_platform_zeroize() are not removed by aggressive
+ * compiler optimizations in a portable way. For this reason, Mbed
+ * TLS provides the configuration option
+ * MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
+ * mbedtls_platform_zeroize() to use a suitable implementation for
+ * their platform and needs
+ *
+ * \param buf Buffer to be zeroized
+ * \param len Length of the buffer in bytes
+ *
+ */
+void mbedtls_platform_zeroize( void *buf, size_t len );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_PLATFORM_UTIL_H */
diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h
index 3a8b50a..a0dac0c 100644
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@@ -35,14 +35,14 @@
#define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */
-#if !defined(MBEDTLS_RIPEMD160_ALT)
-// Regular implementation
-//
-
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_RIPEMD160_ALT)
+// Regular implementation
+//
+
/**
* \brief RIPEMD-160 context structure
*/
@@ -54,6 +54,10 @@
}
mbedtls_ripemd160_context;
+#else /* MBEDTLS_RIPEMD160_ALT */
+#include "ripemd160.h"
+#endif /* MBEDTLS_RIPEMD160_ALT */
+
/**
* \brief Initialize RIPEMD-160 context
*
@@ -178,18 +182,6 @@
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_RIPEMD160_ALT */
-#include "ripemd160_alt.h"
-#endif /* MBEDTLS_RIPEMD160_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief Output = RIPEMD-160( input buffer )
*
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index fb2f77f..df6e3e5 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -1,11 +1,12 @@
/**
* \file rsa.h
*
- * \brief The RSA public-key cryptosystem.
+ * \brief This file provides an API for the RSA public-key cryptosystem.
*
- * For more information, see <em>Public-Key Cryptography Standards (PKCS)
- * #1 v1.5: RSA Encryption</em> and <em>Public-Key Cryptography Standards
- * (PKCS) #1 v2.1: RSA Cryptography Specifications</em>.
+ * The RSA public-key cryptosystem is defined in <em>Public-Key
+ * Cryptography Standards (PKCS) #1 v1.5: RSA Encryption</em>
+ * and <em>Public-Key Cryptography Standards (PKCS) #1 v2.1:
+ * RSA Cryptography Specifications</em>.
*
*/
/*
@@ -63,8 +64,8 @@
#define MBEDTLS_RSA_PUBLIC 0 /**< Request private key operation. */
#define MBEDTLS_RSA_PRIVATE 1 /**< Request public key operation. */
-#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS-1 v1.5 encoding. */
-#define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS-1 v2.1 encoding. */
+#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */
+#define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS#1 v2.1 encoding. */
#define MBEDTLS_RSA_SIGN 1 /**< Identifier for RSA signature operations. */
#define MBEDTLS_RSA_CRYPT 2 /**< Identifier for RSA encryption and decryption operations. */
@@ -76,14 +77,14 @@
* eg for alternative (PKCS#11) RSA implemenations in the PK layers.
*/
-#if !defined(MBEDTLS_RSA_ALT)
-// Regular implementation
-//
-
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_RSA_ALT)
+// Regular implementation
+//
+
/**
* \brief The RSA context structure.
*
@@ -96,24 +97,24 @@
int ver; /*!< Always 0.*/
size_t len; /*!< The size of \p N in Bytes. */
- mbedtls_mpi N; /*!< The public modulus. */
- mbedtls_mpi E; /*!< The public exponent. */
+ mbedtls_mpi N; /*!< The public modulus. */
+ mbedtls_mpi E; /*!< The public exponent. */
- mbedtls_mpi D; /*!< The private exponent. */
- mbedtls_mpi P; /*!< The first prime factor. */
- mbedtls_mpi Q; /*!< The second prime factor. */
+ mbedtls_mpi D; /*!< The private exponent. */
+ mbedtls_mpi P; /*!< The first prime factor. */
+ mbedtls_mpi Q; /*!< The second prime factor. */
- mbedtls_mpi DP; /*!< \p D % (P - 1) */
- mbedtls_mpi DQ; /*!< \p D % (Q - 1) */
- mbedtls_mpi QP; /*!< 1 / (Q % P) */
+ mbedtls_mpi DP; /*!< <code>D % (P - 1)</code>. */
+ mbedtls_mpi DQ; /*!< <code>D % (Q - 1)</code>. */
+ mbedtls_mpi QP; /*!< <code>1 / (Q % P)</code>. */
- mbedtls_mpi RN; /*!< cached R^2 mod \p N */
+ mbedtls_mpi RN; /*!< cached <code>R^2 mod N</code>. */
- mbedtls_mpi RP; /*!< cached R^2 mod \p P */
- mbedtls_mpi RQ; /*!< cached R^2 mod \p Q */
+ mbedtls_mpi RP; /*!< cached <code>R^2 mod P</code>. */
+ mbedtls_mpi RQ; /*!< cached <code>R^2 mod Q</code>. */
- mbedtls_mpi Vi; /*!< The cached blinding value. */
- mbedtls_mpi Vf; /*!< The cached un-blinding value. */
+ mbedtls_mpi Vi; /*!< The cached blinding value. */
+ mbedtls_mpi Vf; /*!< The cached un-blinding value. */
int padding; /*!< Selects padding mode:
#MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
@@ -128,18 +129,16 @@
}
mbedtls_rsa_context;
+#else /* MBEDTLS_RSA_ALT */
+#include "rsa_alt.h"
+#endif /* MBEDTLS_RSA_ALT */
+
/**
* \brief This function initializes an RSA context.
*
* \note Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
* encryption scheme and the RSASSA-PSS signature scheme.
*
- * \param ctx The RSA context to initialize.
- * \param padding Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or
- * #MBEDTLS_RSA_PKCS_V21.
- * \param hash_id The hash identifier of #mbedtls_md_type_t type, if
- * \p padding is #MBEDTLS_RSA_PKCS_V21.
- *
* \note The \p hash_id parameter is ignored when using
* #MBEDTLS_RSA_PKCS_V15 padding.
*
@@ -153,6 +152,12 @@
* encryption. For PSS signatures, it is always used for
* making signatures, but can be overriden for verifying them.
* If set to #MBEDTLS_MD_NONE, it is always overriden.
+ *
+ * \param ctx The RSA context to initialize.
+ * \param padding Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or
+ * #MBEDTLS_RSA_PKCS_V21.
+ * \param hash_id The hash identifier of #mbedtls_md_type_t type, if
+ * \p padding is #MBEDTLS_RSA_PKCS_V21.
*/
void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
int padding,
@@ -162,13 +167,6 @@
* \brief This function imports a set of core parameters into an
* RSA context.
*
- * \param ctx The initialized RSA context to store the parameters in.
- * \param N The RSA modulus, or NULL.
- * \param P The first prime factor of \p N, or NULL.
- * \param Q The second prime factor of \p N, or NULL.
- * \param D The private exponent, or NULL.
- * \param E The public exponent, or NULL.
- *
* \note This function can be called multiple times for successive
* imports, if the parameters are not simultaneously present.
*
@@ -184,7 +182,15 @@
* \note The imported parameters are copied and need not be preserved
* for the lifetime of the RSA context being set up.
*
- * \return \c 0 on success, or a non-zero error code on failure.
+ * \param ctx The initialized RSA context to store the parameters in.
+ * \param N The RSA modulus, or NULL.
+ * \param P The first prime factor of \p N, or NULL.
+ * \param Q The second prime factor of \p N, or NULL.
+ * \param D The private exponent, or NULL.
+ * \param E The public exponent, or NULL.
+ *
+ * \return \c 0 on success.
+ * \return A non-zero error code on failure.
*/
int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
const mbedtls_mpi *N,
@@ -195,6 +201,21 @@
* \brief This function imports core RSA parameters, in raw big-endian
* binary format, into an RSA context.
*
+ * \note This function can be called multiple times for successive
+ * imports, if the parameters are not simultaneously present.
+ *
+ * Any sequence of calls to this function should be followed
+ * by a call to mbedtls_rsa_complete(), which checks and
+ * completes the provided information to a ready-for-use
+ * public or private RSA key.
+ *
+ * \note See mbedtls_rsa_complete() for more information on which
+ * parameters are necessary to set up a private or public
+ * RSA key.
+ *
+ * \note The imported parameters are copied and need not be preserved
+ * for the lifetime of the RSA context being set up.
+ *
* \param ctx The initialized RSA context to store the parameters in.
* \param N The RSA modulus, or NULL.
* \param N_len The Byte length of \p N, ignored if \p N == NULL.
@@ -207,22 +228,8 @@
* \param E The public exponent, or NULL.
* \param E_len The Byte length of \p E, ignored if \p E == NULL.
*
- * \note This function can be called multiple times for successive
- * imports, if the parameters are not simultaneously present.
- *
- * Any sequence of calls to this function should be followed
- * by a call to mbedtls_rsa_complete(), which checks and
- * completes the provided information to a ready-for-use
- * public or private RSA key.
- *
- * \note See mbedtls_rsa_complete() for more information on which
- * parameters are necessary to set up a private or public
- * RSA key.
- *
- * \note The imported parameters are copied and need not be preserved
- * for the lifetime of the RSA context being set up.
- *
- * \return \c 0 on success, or a non-zero error code on failure.
+ * \return \c 0 on success.
+ * \return A non-zero error code on failure.
*/
int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
unsigned char const *N, size_t N_len,
@@ -250,17 +257,18 @@
* the RSA context can be used for RSA operations without
* the risk of failure or crash.
*
- * \param ctx The initialized RSA context holding imported parameters.
- *
- * \return \c 0 on success, or #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the
- * attempted derivations failed.
- *
* \warning This function need not perform consistency checks
* for the imported parameters. In particular, parameters that
* are not needed by the implementation might be silently
* discarded and left unchecked. To check the consistency
* of the key material, see mbedtls_rsa_check_privkey().
*
+ * \param ctx The initialized RSA context holding imported parameters.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted derivations
+ * failed.
+ *
*/
int mbedtls_rsa_complete( mbedtls_rsa_context *ctx );
@@ -292,11 +300,11 @@
* \param D The MPI to hold the private exponent, or NULL.
* \param E The MPI to hold the public exponent, or NULL.
*
- * \return \c 0 on success,
- * #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the
* requested parameters cannot be done due to missing
- * functionality or because of security policies,
- * or a non-zero return code on any other failure.
+ * functionality or because of security policies.
+ * \return A non-zero return code on any other failure.
*
*/
int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
@@ -324,6 +332,9 @@
* If the function fails due to an unsupported operation,
* the RSA context stays intact and remains usable.
*
+ * \note The length parameters are ignored if the corresponding
+ * buffer pointers are NULL.
+ *
* \param ctx The initialized RSA context.
* \param N The Byte array to store the RSA modulus, or NULL.
* \param N_len The size of the buffer for the modulus.
@@ -331,21 +342,18 @@
* NULL.
* \param P_len The size of the buffer for the first prime factor.
* \param Q The Byte array to hold the second prime factor of \p N, or
- NULL.
+ * NULL.
* \param Q_len The size of the buffer for the second prime factor.
* \param D The Byte array to hold the private exponent, or NULL.
* \param D_len The size of the buffer for the private exponent.
* \param E The Byte array to hold the public exponent, or NULL.
* \param E_len The size of the buffer for the public exponent.
*
- * \note The length fields are ignored if the corresponding
- * buffer pointers are NULL.
- *
- * \return \c 0 on success,
- * #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the
* requested parameters cannot be done due to missing
- * functionality or because of security policies,
- * or a non-zero return code on any other failure.
+ * functionality or because of security policies.
+ * \return A non-zero return code on any other failure.
*/
int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
unsigned char *N, size_t N_len,
@@ -357,16 +365,17 @@
/**
* \brief This function exports CRT parameters of a private RSA key.
*
+ * \note Alternative RSA implementations not using CRT-parameters
+ * internally can implement this function based on
+ * mbedtls_rsa_deduce_opt().
+ *
* \param ctx The initialized RSA context.
* \param DP The MPI to hold D modulo P-1, or NULL.
* \param DQ The MPI to hold D modulo Q-1, or NULL.
* \param QP The MPI to hold modular inverse of Q modulo P, or NULL.
*
- * \return \c 0 on success, non-zero error code otherwise.
- *
- * \note Alternative RSA implementations not using CRT-parameters
- * internally can implement this function based on
- * mbedtls_rsa_deduce_opt().
+ * \return \c 0 on success.
+ * \return A non-zero error code on failure.
*
*/
int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
@@ -397,17 +406,17 @@
/**
* \brief This function generates an RSA keypair.
*
- * \param ctx The RSA context used to hold the key.
- * \param f_rng The RNG function.
- * \param p_rng The RNG parameter.
- * \param nbits The size of the public key in bits.
- * \param exponent The public exponent. For example, 65537.
- *
* \note mbedtls_rsa_init() must be called before this function,
* to set up the RSA context.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- on failure.
+ * \param ctx The RSA context used to hold the key.
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
+ * \param nbits The size of the public key in bits.
+ * \param exponent The public exponent. For example, 65537.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -424,8 +433,8 @@
*
* \param ctx The RSA context to check.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- * on failure.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*
*/
int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
@@ -434,11 +443,6 @@
* \brief This function checks if a context contains an RSA private key
* and perform basic consistency checks.
*
- * \param ctx The RSA context to check.
- *
- * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code on
- * failure.
- *
* \note The consistency checks performed by this function not only
* ensure that mbedtls_rsa_private() can be called successfully
* on the given context, but that the various parameters are
@@ -465,6 +469,11 @@
* user to ensure the trustworthiness of the source of his RSA
* parameters, which goes beyond what is effectively checkable
* by the library.</li></ul>
+ *
+ * \param ctx The RSA context to check.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
@@ -476,8 +485,8 @@
* \param pub The RSA context holding the public key.
* \param prv The RSA context holding the private key.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- * on failure.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
const mbedtls_rsa_context *prv );
@@ -485,13 +494,6 @@
/**
* \brief This function performs an RSA public key operation.
*
- * \param ctx The RSA context.
- * \param input The input buffer.
- * \param output The output buffer.
- *
- * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- * on failure.
- *
* \note This function does not handle message padding.
*
* \note Make sure to set \p input[0] = 0 or ensure that
@@ -499,6 +501,13 @@
*
* \note The input and output buffers must be large
* enough. For example, 128 Bytes if RSA-1024 is used.
+ *
+ * \param ctx The RSA context.
+ * \param input The input buffer.
+ * \param output The output buffer.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
const unsigned char *input,
@@ -507,17 +516,29 @@
/**
* \brief This function performs an RSA private key operation.
*
+ * \note The input and output buffers must be large
+ * enough. For example, 128 Bytes if RSA-1024 is used.
+ *
+ * \note Blinding is used if and only if a PRNG is provided.
+ *
+ * \note If blinding is used, both the base of exponentation
+ * and the exponent are blinded, providing protection
+ * against some side-channel attacks.
+ *
+ * \warning It is deprecated and a security risk to not provide
+ * a PRNG here and thereby prevent the use of blinding.
+ * Future versions of the library may enforce the presence
+ * of a PRNG.
+ *
* \param ctx The RSA context.
* \param f_rng The RNG function. Needed for blinding.
- * \param p_rng The RNG parameter.
+ * \param p_rng The RNG context.
* \param input The input buffer.
* \param output The output buffer.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- * on failure.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*
- * \note The input and output buffers must be large
- * enough. For example, 128 Bytes if RSA-1024 is used.
*/
int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -532,15 +553,8 @@
* It is the generic wrapper for performing a PKCS#1 encryption
* operation using the \p mode from the context.
*
- *
- * \param ctx The RSA context.
- * \param f_rng The RNG function. Needed for padding, PKCS#1 v2.1
- * encoding, and #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG parameter.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param ilen The length of the plaintext.
- * \param input The buffer holding the data to encrypt.
- * \param output The buffer used to hold the ciphertext.
+ * \note The input and output buffers must be as large as the size
+ * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
*
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
@@ -551,11 +565,17 @@
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
* return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- * on failure.
+ * \param ctx The RSA context.
+ * \param f_rng The RNG function. Needed for padding, PKCS#1 v2.1
+ * encoding, and #MBEDTLS_RSA_PRIVATE.
+ * \param p_rng The RNG context.
+ * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ilen The length of the plaintext.
+ * \param input The buffer holding the data to encrypt.
+ * \param output The buffer used to hold the ciphertext.
*
- * \note The input and output buffers must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -568,14 +588,8 @@
* \brief This function performs a PKCS#1 v1.5 encryption operation
* (RSAES-PKCS1-v1_5-ENCRYPT).
*
- * \param ctx The RSA context.
- * \param f_rng The RNG function. Needed for padding and
- * #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG parameter.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param ilen The length of the plaintext.
- * \param input The buffer holding the data to encrypt.
- * \param output The buffer used to hold the ciphertext.
+ * \note The output buffer must be as large as the size
+ * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
*
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
@@ -586,11 +600,17 @@
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
* return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- * on failure.
+ * \param ctx The RSA context.
+ * \param f_rng The RNG function. Needed for padding and
+ * #MBEDTLS_RSA_PRIVATE.
+ * \param p_rng The RNG context.
+ * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param ilen The length of the plaintext.
+ * \param input The buffer holding the data to encrypt.
+ * \param output The buffer used to hold the ciphertext.
*
- * \note The output buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -603,10 +623,22 @@
* \brief This function performs a PKCS#1 v2.1 OAEP encryption
* operation (RSAES-OAEP-ENCRYPT).
*
+ * \note The output buffer must be as large as the size
+ * of ctx->N. For example, 128 Bytes if RSA-1024 is used.
+ *
+ * \deprecated It is deprecated and discouraged to call this function
+ * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
+ * are likely to remove the \p mode argument and have it
+ * implicitly set to #MBEDTLS_RSA_PUBLIC.
+ *
+ * \note Alternative implementations of RSA need not support
+ * mode being set to #MBEDTLS_RSA_PRIVATE and might instead
+ * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
+ *
* \param ctx The RSA context.
* \param f_rng The RNG function. Needed for padding and PKCS#1 v2.1
* encoding and #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG parameter.
+ * \param p_rng The RNG context.
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
* \param label The buffer holding the custom label to use.
* \param label_len The length of the label.
@@ -614,20 +646,8 @@
* \param input The buffer holding the data to encrypt.
* \param output The buffer used to hold the ciphertext.
*
- * \deprecated It is deprecated and discouraged to call this function
- * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- * are likely to remove the \p mode argument and have it
- * implicitly set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note Alternative implementations of RSA need not support
- * mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- *
- * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- * on failure.
- *
- * \note The output buffer must be as large as the size
- * of ctx->N. For example, 128 Bytes if RSA-1024 is used.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -645,14 +665,15 @@
* It is the generic wrapper for performing a PKCS#1 decryption
* operation using the \p mode from the context.
*
- * \param ctx The RSA context.
- * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG parameter.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param olen The length of the plaintext.
- * \param input The buffer holding the encrypted data.
- * \param output The buffer used to hold the plaintext.
- * \param output_max_len The maximum length of the output buffer.
+ * \note The output buffer length \c output_max_len should be
+ * as large as the size \p ctx->len of \p ctx->N (for example,
+ * 128 Bytes if RSA-1024 is used) to be able to hold an
+ * arbitrary decrypted message. If it is not large enough to
+ * hold the decryption of the particular ciphertext provided,
+ * the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
+ *
+ * \note The input buffer must be as large as the size
+ * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
*
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
@@ -663,18 +684,17 @@
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
* return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- * on failure.
+ * \param ctx The RSA context.
+ * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
+ * \param p_rng The RNG context.
+ * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param olen The length of the plaintext.
+ * \param input The buffer holding the encrypted data.
+ * \param output The buffer used to hold the plaintext.
+ * \param output_max_len The maximum length of the output buffer.
*
- * \note The output buffer length \c output_max_len should be
- * as large as the size \p ctx->len of \p ctx->N (for example,
- * 128 Bytes if RSA-1024 is used) to be able to hold an
- * arbitrary decrypted message. If it is not large enough to
- * hold the decryption of the particular ciphertext provided,
- * the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \note The input buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -688,14 +708,15 @@
* \brief This function performs a PKCS#1 v1.5 decryption
* operation (RSAES-PKCS1-v1_5-DECRYPT).
*
- * \param ctx The RSA context.
- * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG parameter.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param olen The length of the plaintext.
- * \param input The buffer holding the encrypted data.
- * \param output The buffer to hold the plaintext.
- * \param output_max_len The maximum length of the output buffer.
+ * \note The output buffer length \c output_max_len should be
+ * as large as the size \p ctx->len of \p ctx->N, for example,
+ * 128 Bytes if RSA-1024 is used, to be able to hold an
+ * arbitrary decrypted message. If it is not large enough to
+ * hold the decryption of the particular ciphertext provided,
+ * the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
+ *
+ * \note The input buffer must be as large as the size
+ * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
*
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
@@ -706,18 +727,18 @@
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
* return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
- * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- * on failure.
+ * \param ctx The RSA context.
+ * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
+ * \param p_rng The RNG context.
+ * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param olen The length of the plaintext.
+ * \param input The buffer holding the encrypted data.
+ * \param output The buffer to hold the plaintext.
+ * \param output_max_len The maximum length of the output buffer.
*
- * \note The output buffer length \c output_max_len should be
- * as large as the size \p ctx->len of \p ctx->N, for example,
- * 128 Bytes if RSA-1024 is used, to be able to hold an
- * arbitrary decrypted message. If it is not large enough to
- * hold the decryption of the particular ciphertext provided,
- * the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*
- * \note The input buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
*/
int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -728,42 +749,42 @@
size_t output_max_len );
/**
- * \brief This function performs a PKCS#1 v2.1 OAEP decryption
- * operation (RSAES-OAEP-DECRYPT).
+ * \brief This function performs a PKCS#1 v2.1 OAEP decryption
+ * operation (RSAES-OAEP-DECRYPT).
+ *
+ * \note The output buffer length \c output_max_len should be
+ * as large as the size \p ctx->len of \p ctx->N, for
+ * example, 128 Bytes if RSA-1024 is used, to be able to
+ * hold an arbitrary decrypted message. If it is not
+ * large enough to hold the decryption of the particular
+ * ciphertext provided, the function returns
+ * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
+ *
+ * \note The input buffer must be as large as the size
+ * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+ *
+ * \deprecated It is deprecated and discouraged to call this function
+ * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
+ * are likely to remove the \p mode argument and have it
+ * implicitly set to #MBEDTLS_RSA_PRIVATE.
+ *
+ * \note Alternative implementations of RSA need not support
+ * mode being set to #MBEDTLS_RSA_PUBLIC and might instead
+ * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
* \param ctx The RSA context.
* \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG parameter.
+ * \param p_rng The RNG context.
* \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
* \param label The buffer holding the custom label to use.
* \param label_len The length of the label.
* \param olen The length of the plaintext.
* \param input The buffer holding the encrypted data.
* \param output The buffer to hold the plaintext.
- * \param output_max_len The maximum length of the output buffer.
+ * \param output_max_len The maximum length of the output buffer.
*
- * \deprecated It is deprecated and discouraged to call this function
- * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- * are likely to remove the \p mode argument and have it
- * implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note Alternative implementations of RSA need not support
- * mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- *
- * \return \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- * on failure.
- *
- * \note The output buffer length \c output_max_len should be
- * as large as the size \p ctx->len of \p ctx->N, for
- * example, 128 Bytes if RSA-1024 is used, to be able to
- * hold an arbitrary decrypted message. If it is not
- * large enough to hold the decryption of the particular
- * ciphertext provided, the function returns
- * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \note The input buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -782,16 +803,12 @@
* It is the generic wrapper for performing a PKCS#1
* signature using the \p mode from the context.
*
- * \param ctx The RSA context.
- * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for
- * #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG parameter.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash The buffer holding the message digest.
- * \param sig The buffer to hold the ciphertext.
+ * \note The \p sig buffer must be as large as the size
+ * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+ *
+ * \note For PKCS#1 v2.1 encoding, see comments on
+ * mbedtls_rsa_rsassa_pss_sign() for details on
+ * \p md_alg and \p hash_id.
*
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
@@ -802,15 +819,19 @@
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
* return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
- * \return \c 0 if the signing operation was successful,
- * or an \c MBEDTLS_ERR_RSA_XXX error code on failure.
+ * \param ctx The RSA context.
+ * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for
+ * #MBEDTLS_RSA_PRIVATE.
+ * \param p_rng The RNG context.
+ * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param md_alg The message-digest algorithm used to hash the original data.
+ * Use #MBEDTLS_MD_NONE for signing raw data.
+ * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash The buffer holding the message digest.
+ * \param sig The buffer to hold the ciphertext.
*
- * \note The \p sig buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \note For PKCS#1 v2.1 encoding, see comments on
- * mbedtls_rsa_rsassa_pss_sign() for details on
- * \p md_alg and \p hash_id.
+ * \return \c 0 if the signing operation was successful.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -825,15 +846,8 @@
* \brief This function performs a PKCS#1 v1.5 signature
* operation (RSASSA-PKCS1-v1_5-SIGN).
*
- * \param ctx The RSA context.
- * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG parameter.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash The buffer holding the message digest.
- * \param sig The buffer to hold the ciphertext.
+ * \note The \p sig buffer must be as large as the size
+ * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
*
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
@@ -844,12 +858,18 @@
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
* return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
- * \return \c 0 if the signing operation was successful,
- * or an \c MBEDTLS_ERR_RSA_XXX error code
- * on failure.
+ * \param ctx The RSA context.
+ * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
+ * \param p_rng The RNG context.
+ * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param md_alg The message-digest algorithm used to hash the original data.
+ * Use #MBEDTLS_MD_NONE for signing raw data.
+ * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash The buffer holding the message digest.
+ * \param sig The buffer to hold the ciphertext.
*
- * \note The \p sig buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+ * \return \c 0 if the signing operation was successful.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -864,16 +884,15 @@
* \brief This function performs a PKCS#1 v2.1 PSS signature
* operation (RSASSA-PSS-SIGN).
*
- * \param ctx The RSA context.
- * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for
- * #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG parameter.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash The buffer holding the message digest.
- * \param sig The buffer to hold the ciphertext.
+ * \note The \p sig buffer must be as large as the size
+ * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+ *
+ * \note The \p hash_id in the RSA context is the one used for the
+ * encoding. \p md_alg in the function call is the type of hash
+ * that is encoded. According to <em>RFC-3447: Public-Key
+ * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
+ * Specifications</em> it is advised to keep both hashes the
+ * same.
*
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
@@ -884,19 +903,19 @@
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
* return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
- * \return \c 0 if the signing operation was successful,
- * or an \c MBEDTLS_ERR_RSA_XXX error code
- * on failure.
+ * \param ctx The RSA context.
+ * \param f_rng The RNG function. Needed for PKCS#1 v2.1 encoding and for
+ * #MBEDTLS_RSA_PRIVATE.
+ * \param p_rng The RNG context.
+ * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param md_alg The message-digest algorithm used to hash the original data.
+ * Use #MBEDTLS_MD_NONE for signing raw data.
+ * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash The buffer holding the message digest.
+ * \param sig The buffer to hold the ciphertext.
*
- * \note The \p sig buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \note The \p hash_id in the RSA context is the one used for the
- * encoding. \p md_alg in the function call is the type of hash
- * that is encoded. According to <em>RFC-3447: Public-Key
- * Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- * Specifications</em> it is advised to keep both hashes the
- * same.
+ * \return \c 0 if the signing operation was successful.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -914,15 +933,12 @@
* This is the generic wrapper for performing a PKCS#1
* verification using the mode from the context.
*
- * \param ctx The RSA public key context.
- * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG parameter.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash The buffer holding the message digest.
- * \param sig The buffer holding the ciphertext.
+ * \note The \p sig buffer must be as large as the size
+ * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+ *
+ * \note For PKCS#1 v2.1 encoding, see comments on
+ * mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
+ * \p hash_id.
*
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
@@ -933,16 +949,18 @@
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
* return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
- * \return \c 0 if the verify operation was successful,
- * or an \c MBEDTLS_ERR_RSA_XXX error code
- * on failure.
+ * \param ctx The RSA public key context.
+ * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
+ * \param p_rng The RNG context.
+ * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param md_alg The message-digest algorithm used to hash the original data.
+ * Use #MBEDTLS_MD_NONE for signing raw data.
+ * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash The buffer holding the message digest.
+ * \param sig The buffer holding the ciphertext.
*
- * \note The \p sig buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \note For PKCS#1 v2.1 encoding, see comments on
- * mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
- * \p hash_id.
+ * \return \c 0 if the verify operation was successful.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -957,15 +975,8 @@
* \brief This function performs a PKCS#1 v1.5 verification
* operation (RSASSA-PKCS1-v1_5-VERIFY).
*
- * \param ctx The RSA public key context.
- * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG parameter.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash The buffer holding the message digest.
- * \param sig The buffer holding the ciphertext.
+ * \note The \p sig buffer must be as large as the size
+ * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
*
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
@@ -976,12 +987,18 @@
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
* return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
*
- * \return \c 0 if the verify operation was successful,
- * or an \c MBEDTLS_ERR_RSA_XXX error code
- * on failure.
+ * \param ctx The RSA public key context.
+ * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
+ * \param p_rng The RNG context.
+ * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param md_alg The message-digest algorithm used to hash the original data.
+ * Use #MBEDTLS_MD_NONE for signing raw data.
+ * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash The buffer holding the message digest.
+ * \param sig The buffer holding the ciphertext.
*
- * \note The \p sig buffer must be as large as the size
- * of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+ * \return \c 0 if the verify operation was successful.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -999,29 +1016,6 @@
* The hash function for the MGF mask generating function
* is that specified in the RSA context.
*
- * \param ctx The RSA public key context.
- * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG parameter.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash The buffer holding the message digest.
- * \param sig The buffer holding the ciphertext.
- *
- * \deprecated It is deprecated and discouraged to call this function
- * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- * are likely to remove the \p mode argument and have it
- * implicitly set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note Alternative implementations of RSA need not support
- * mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- *
- * \return \c 0 if the verify operation was successful,
- * or an \c MBEDTLS_ERR_RSA_XXX error code
- * on failure.
- *
* \note The \p sig buffer must be as large as the size
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
*
@@ -1032,6 +1026,28 @@
* Specifications</em> it is advised to keep both hashes the
* same. If \p hash_id in the RSA context is unset,
* the \p md_alg from the function call is used.
+ *
+ * \deprecated It is deprecated and discouraged to call this function
+ * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
+ * are likely to remove the \p mode argument and have it
+ * implicitly set to #MBEDTLS_RSA_PUBLIC.
+ *
+ * \note Alternative implementations of RSA need not support
+ * mode being set to #MBEDTLS_RSA_PRIVATE and might instead
+ * return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
+ *
+ * \param ctx The RSA public key context.
+ * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
+ * \param p_rng The RNG context.
+ * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param md_alg The message-digest algorithm used to hash the original data.
+ * Use #MBEDTLS_MD_NONE for signing raw data.
+ * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hash The buffer holding the message digest.
+ * \param sig The buffer holding the ciphertext.
+ *
+ * \return \c 0 if the verify operation was successful.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -1049,27 +1065,27 @@
* The hash function for the MGF mask generating function
* is that specified in \p mgf1_hash_id.
*
- * \param ctx The RSA public key context.
- * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng The RNG parameter.
- * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param md_alg The message-digest algorithm used to hash the original data.
- * Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash The buffer holding the message digest.
- * \param mgf1_hash_id The message digest used for mask generation.
- * \param expected_salt_len The length of the salt used in padding. Use
- * #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
- * \param sig The buffer holding the ciphertext.
- *
- * \return \c 0 if the verify operation was successful,
- * or an \c MBEDTLS_ERR_RSA_XXX error code
- * on failure.
- *
* \note The \p sig buffer must be as large as the size
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
*
* \note The \p hash_id in the RSA context is ignored.
+ *
+ * \param ctx The RSA public key context.
+ * \param f_rng The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
+ * \param p_rng The RNG context.
+ * \param mode #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
+ * \param md_alg The message-digest algorithm used to hash the original data.
+ * Use #MBEDTLS_MD_NONE for signing raw data.
+ * \param hashlen The length of the message digest. Only used if \p md_alg is
+ * #MBEDTLS_MD_NONE.
+ * \param hash The buffer holding the message digest.
+ * \param mgf1_hash_id The message digest used for mask generation.
+ * \param expected_salt_len The length of the salt used in padding. Use
+ * #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
+ * \param sig The buffer holding the ciphertext.
+ *
+ * \return \c 0 if the verify operation was successful.
+ * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -1088,8 +1104,8 @@
* \param dst The destination context.
* \param src The source context.
*
- * \return \c 0 on success,
- * #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
*/
int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );
@@ -1100,22 +1116,11 @@
*/
void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_RSA_ALT */
-#include "rsa_alt.h"
-#endif /* MBEDTLS_RSA_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief The RSA checkup routine.
*
- * \return \c 0 on success, or \c 1 on failure.
+ * \return \c 0 on success.
+ * \return \c 1 on failure.
*/
int mbedtls_rsa_self_test( int verbose );
diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h
index bcb3c94..53abd3c 100644
--- a/include/mbedtls/rsa_internal.h
+++ b/include/mbedtls/rsa_internal.h
@@ -2,6 +2,37 @@
* \file rsa_internal.h
*
* \brief Context-independent RSA helper functions
+ *
+ * This module declares some RSA-related helper functions useful when
+ * implementing the RSA interface. These functions are provided in a separate
+ * compilation unit in order to make it easy for designers of alternative RSA
+ * implementations to use them in their own code, as it is conceived that the
+ * functionality they provide will be necessary for most complete
+ * implementations.
+ *
+ * End-users of Mbed TLS who are not providing their own alternative RSA
+ * implementations should not use these functions directly, and should instead
+ * use only the functions declared in rsa.h.
+ *
+ * The interface provided by this module will be maintained through LTS (Long
+ * Term Support) branches of Mbed TLS, but may otherwise be subject to change,
+ * and must be considered an internal interface of the library.
+ *
+ * There are two classes of helper functions:
+ *
+ * (1) Parameter-generating helpers. These are:
+ * - mbedtls_rsa_deduce_primes
+ * - mbedtls_rsa_deduce_private_exponent
+ * - mbedtls_rsa_deduce_crt
+ * Each of these functions takes a set of core RSA parameters and
+ * generates some other, or CRT related parameters.
+ *
+ * (2) Parameter-checking helpers. These are:
+ * - mbedtls_rsa_validate_params
+ * - mbedtls_rsa_validate_crt
+ * They take a set of core or CRT related RSA parameters and check their
+ * validity.
+ *
*/
/*
* Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
@@ -21,31 +52,6 @@
*
* This file is part of mbed TLS (https://tls.mbed.org)
*
- *
- * This file declares some RSA-related helper functions useful when
- * implementing the RSA interface. They are public and provided in a
- * separate compilation unit in order to make it easy for designers of
- * alternative RSA implementations to use them in their code, as it is
- * conceived that the functionality they provide will be necessary
- * for most complete implementations.
- *
- * End-users of Mbed TLS not intending to re-implement the RSA functionality
- * are not expected to get into the need of making use of these functions directly,
- * but instead should be able to use the functions declared in rsa.h.
- *
- * There are two classes of helper functions:
- * (1) Parameter-generating helpers. These are:
- * - mbedtls_rsa_deduce_primes
- * - mbedtls_rsa_deduce_private_exponent
- * - mbedtls_rsa_deduce_crt
- * Each of these functions takes a set of core RSA parameters
- * and generates some other, or CRT related parameters.
- * (2) Parameter-checking helpers. These are:
- * - mbedtls_rsa_validate_params
- * - mbedtls_rsa_validate_crt
- * They take a set of core or CRT related RSA parameters
- * and check their validity.
- *
*/
#ifndef MBEDTLS_RSA_INTERNAL_H
@@ -213,4 +219,8 @@
const mbedtls_mpi *D, const mbedtls_mpi *DP,
const mbedtls_mpi *DQ, const mbedtls_mpi *QP );
+#ifdef __cplusplus
+}
+#endif
+
#endif /* rsa_internal.h */
diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h
index 05540cd..8f805fb 100644
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@@ -1,7 +1,10 @@
/**
* \file sha1.h
*
- * \brief The SHA-1 cryptographic hash function.
+ * \brief This file contains SHA-1 definitions and functions.
+ *
+ * The Secure Hash Algorithm 1 (SHA-1) cryptographic hash function is defined in
+ * <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
*
* \warning SHA-1 is considered a weak message digest and its use constitutes
* a security risk. We recommend considering stronger message
@@ -39,14 +42,14 @@
#define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */
-#if !defined(MBEDTLS_SHA1_ALT)
-// Regular implementation
-//
-
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_SHA1_ALT)
+// Regular implementation
+//
+
/**
* \brief The SHA-1 context structure.
*
@@ -63,40 +66,44 @@
}
mbedtls_sha1_context;
+#else /* MBEDTLS_SHA1_ALT */
+#include "sha1_alt.h"
+#endif /* MBEDTLS_SHA1_ALT */
+
/**
* \brief This function initializes a SHA-1 context.
*
- * \param ctx The SHA-1 context to initialize.
- *
* \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
+ * \param ctx The SHA-1 context to initialize.
+ *
*/
void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
/**
* \brief This function clears a SHA-1 context.
*
- * \param ctx The SHA-1 context to clear.
- *
* \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
+ * \param ctx The SHA-1 context to clear.
+ *
*/
void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
/**
* \brief This function clones the state of a SHA-1 context.
*
- * \param dst The destination context.
- * \param src The context to clone.
- *
* \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
+ * \param dst The SHA-1 context to clone to.
+ * \param src The SHA-1 context to clone from.
+ *
*/
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
const mbedtls_sha1_context *src );
@@ -104,14 +111,14 @@
/**
* \brief This function starts a SHA-1 checksum calculation.
*
- * \param ctx The context to initialize.
- *
- * \return \c 0 if successful
- *
* \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
+ * \param ctx The SHA-1 context to initialize.
+ *
+ * \return \c 0 on success.
+ *
*/
int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
@@ -119,16 +126,15 @@
* \brief This function feeds an input buffer into an ongoing SHA-1
* checksum calculation.
*
- * \param ctx The SHA-1 context.
- * \param input The buffer holding the input data.
- * \param ilen The length of the input data.
- *
- * \return \c 0 if successful
- *
* \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
+ * \param ctx The SHA-1 context.
+ * \param input The buffer holding the input data.
+ * \param ilen The length of the input data.
+ *
+ * \return \c 0 on success.
*/
int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
const unsigned char *input,
@@ -138,31 +144,30 @@
* \brief This function finishes the SHA-1 operation, and writes
* the result to the output buffer.
*
- * \param ctx The SHA-1 context.
- * \param output The SHA-1 checksum result.
- *
- * \return \c 0 if successful
- *
* \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
+ * \param ctx The SHA-1 context.
+ * \param output The SHA-1 checksum result.
+ *
+ * \return \c 0 on success.
*/
int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
unsigned char output[20] );
/**
- * \brief SHA-1 process data block (internal use only)
- *
- * \param ctx SHA-1 context
- * \param data The data block being processed.
- *
- * \return \c 0 if successful
+ * \brief SHA-1 process data block (internal use only).
*
* \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
+ * \param ctx The SHA-1 context.
+ * \param data The data block being processed.
+ *
+ * \return \c 0 on success.
+ *
*/
int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
const unsigned char data[64] );
@@ -174,65 +179,67 @@
#define MBEDTLS_DEPRECATED
#endif
/**
- * \brief SHA-1 context setup
- *
- * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0
- *
- * \param ctx The SHA-1 context to be initialized.
+ * \brief This function starts a SHA-1 checksum calculation.
*
* \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
+ * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0.
+ *
+ * \param ctx The SHA-1 context to initialize.
+ *
*/
MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
/**
- * \brief SHA-1 process buffer
- *
- * \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0
- *
- * \param ctx The SHA-1 context.
- * \param input The buffer holding the input data.
- * \param ilen The length of the input data.
+ * \brief This function feeds an input buffer into an ongoing SHA-1
+ * checksum calculation.
*
* \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
+ * \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0.
+ *
+ * \param ctx The SHA-1 context.
+ * \param input The buffer holding the input data.
+ * \param ilen The length of the input data.
+ *
*/
MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
const unsigned char *input,
size_t ilen );
/**
- * \brief SHA-1 final digest
- *
- * \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0
- *
- * \param ctx The SHA-1 context.
- * \param output The SHA-1 checksum result.
+ * \brief This function finishes the SHA-1 operation, and writes
+ * the result to the output buffer.
*
* \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
+ * \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0.
+ *
+ * \param ctx The SHA-1 context.
+ * \param output The SHA-1 checksum result.
+ *
*/
MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
unsigned char output[20] );
/**
- * \brief SHA-1 process data block (internal use only)
- *
- * \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0
- *
- * \param ctx The SHA-1 context.
- * \param data The data block being processed.
+ * \brief SHA-1 process data block (internal use only).
*
* \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
+ * \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0.
+ *
+ * \param ctx The SHA-1 context.
+ * \param data The data block being processed.
+ *
*/
MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
const unsigned char data[64] );
@@ -240,18 +247,6 @@
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_SHA1_ALT */
-#include "sha1_alt.h"
-#endif /* MBEDTLS_SHA1_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief This function calculates the SHA-1 checksum of a buffer.
*
@@ -261,15 +256,15 @@
* The SHA-1 result is calculated as
* output = SHA-1(input buffer).
*
+ * \warning SHA-1 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
+ *
* \param input The buffer holding the input data.
* \param ilen The length of the input data.
* \param output The SHA-1 checksum result.
*
- * \return \c 0 if successful
- *
- * \warning SHA-1 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
+ * \return \c 0 on success.
*
*/
int mbedtls_sha1_ret( const unsigned char *input,
@@ -283,7 +278,17 @@
#define MBEDTLS_DEPRECATED
#endif
/**
- * \brief Output = SHA-1( input buffer )
+ * \brief This function calculates the SHA-1 checksum of a buffer.
+ *
+ * The function allocates the context, performs the
+ * calculation, and frees the context.
+ *
+ * The SHA-1 result is calculated as
+ * output = SHA-1(input buffer).
+ *
+ * \warning SHA-1 is considered a weak message digest and its use
+ * constitutes a security risk. We recommend considering
+ * stronger message digests instead.
*
* \deprecated Superseded by mbedtls_sha1_ret() in 2.7.0
*
@@ -291,10 +296,6 @@
* \param ilen The length of the input data.
* \param output The SHA-1 checksum result.
*
- * \warning SHA-1 is considered a weak message digest and its use
- * constitutes a security risk. We recommend considering
- * stronger message digests instead.
- *
*/
MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
size_t ilen,
@@ -306,12 +307,13 @@
/**
* \brief The SHA-1 checkup routine.
*
- * \return \c 0 on success, or \c 1 on failure.
- *
* \warning SHA-1 is considered a weak message digest and its use
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*
+ * \return \c 0 on success.
+ * \return \c 1 on failure.
+ *
*/
int mbedtls_sha1_self_test( int verbose );
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index ffb16c2..adf31a8 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -1,7 +1,10 @@
/**
* \file sha256.h
*
- * \brief The SHA-224 and SHA-256 cryptographic hash function.
+ * \brief This file contains SHA-224 and SHA-256 definitions and functions.
+ *
+ * The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic
+ * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
*/
/*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
@@ -35,14 +38,14 @@
#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */
-#if !defined(MBEDTLS_SHA256_ALT)
-// Regular implementation
-//
-
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_SHA256_ALT)
+// Regular implementation
+//
+
/**
* \brief The SHA-256 context structure.
*
@@ -55,12 +58,15 @@
uint32_t total[2]; /*!< The number of Bytes processed. */
uint32_t state[8]; /*!< The intermediate digest state. */
unsigned char buffer[64]; /*!< The data block being processed. */
- int is224; /*!< Determines which function to use.
- <ul><li>0: Use SHA-256.</li>
- <li>1: Use SHA-224.</li></ul> */
+ int is224; /*!< Determines which function to use:
+ 0: Use SHA-256, or 1: Use SHA-224. */
}
mbedtls_sha256_context;
+#else /* MBEDTLS_SHA256_ALT */
+#include "sha256_alt.h"
+#endif /* MBEDTLS_SHA256_ALT */
+
/**
* \brief This function initializes a SHA-256 context.
*
@@ -89,9 +95,8 @@
* calculation.
*
* \param ctx The context to initialize.
- * \param is224 Determines which function to use.
- * <ul><li>0: Use SHA-256.</li>
- * <li>1: Use SHA-224.</li></ul>
+ * \param is224 Determines which function to use:
+ * 0: Use SHA-256, or 1: Use SHA-224.
*
* \return \c 0 on success.
*/
@@ -101,9 +106,9 @@
* \brief This function feeds an input buffer into an ongoing
* SHA-256 checksum calculation.
*
- * \param ctx SHA-256 context
- * \param input buffer holding the data
- * \param ilen length of the input data
+ * \param ctx The SHA-256 context.
+ * \param input The buffer holding the data.
+ * \param ilen The length of the input data.
*
* \return \c 0 on success.
*/
@@ -143,14 +148,15 @@
#define MBEDTLS_DEPRECATED
#endif
/**
- * \brief This function starts a SHA-256 checksum calculation.
+ * \brief This function starts a SHA-224 or SHA-256 checksum
+ * calculation.
+ *
*
* \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0.
*
- * \param ctx The SHA-256 context to initialize.
- * \param is224 Determines which function to use.
- * <ul><li>0: Use SHA-256.</li>
- * <li>1: Use SHA-224.</li></ul>
+ * \param ctx The context to initialize.
+ * \param is224 Determines which function to use:
+ * 0: Use SHA-256, or 1: Use SHA-224.
*/
MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
int is224 );
@@ -176,7 +182,7 @@
* \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0.
*
* \param ctx The SHA-256 context.
- * \param output The SHA-224or SHA-256 checksum result.
+ * \param output The SHA-224 or SHA-256 checksum result.
*/
MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
unsigned char output[32] );
@@ -196,17 +202,6 @@
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_SHA256_ALT */
-#include "sha256_alt.h"
-#endif /* MBEDTLS_SHA256_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
/**
* \brief This function calculates the SHA-224 or SHA-256
@@ -221,9 +216,8 @@
* \param input The buffer holding the input data.
* \param ilen The length of the input data.
* \param output The SHA-224 or SHA-256 checksum result.
- * \param is224 Determines which function to use.
- * <ul><li>0: Use SHA-256.</li>
- * <li>1: Use SHA-224.</li></ul>
+ * \param is224 Determines which function to use:
+ * 0: Use SHA-256, or 1: Use SHA-224.
*/
int mbedtls_sha256_ret( const unsigned char *input,
size_t ilen,
@@ -252,9 +246,8 @@
* \param input The buffer holding the data.
* \param ilen The length of the input data.
* \param output The SHA-224 or SHA-256 checksum result.
- * \param is224 Determines which function to use.
- * <ul><li>0: Use SHA-256.</li>
- * <li>1: Use SHA-224.</li></ul>
+ * \param is224 Determines which function to use:
+ * 0: Use SHA-256, or 1: Use SHA-224.
*/
MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
size_t ilen,
@@ -267,7 +260,8 @@
/**
* \brief The SHA-224 and SHA-256 checkup routine.
*
- * \return \c 0 on success, or \c 1 on failure.
+ * \return \c 0 on success.
+ * \return \c 1 on failure.
*/
int mbedtls_sha256_self_test( int verbose );
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
index 8404a2d..5bb83f4 100644
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@@ -1,7 +1,9 @@
/**
* \file sha512.h
+ * \brief This file contains SHA-384 and SHA-512 definitions and functions.
*
- * \brief The SHA-384 and SHA-512 cryptographic hash function.
+ * The Secure Hash Algorithms 384 and 512 (SHA-384 and SHA-512) cryptographic
+ * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
*/
/*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
@@ -35,14 +37,14 @@
#define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */
-#if !defined(MBEDTLS_SHA512_ALT)
-// Regular implementation
-//
-
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_SHA512_ALT)
+// Regular implementation
+//
+
/**
* \brief The SHA-512 context structure.
*
@@ -55,12 +57,15 @@
uint64_t total[2]; /*!< The number of Bytes processed. */
uint64_t state[8]; /*!< The intermediate digest state. */
unsigned char buffer[128]; /*!< The data block being processed. */
- int is384; /*!< Determines which function to use.
- * <ul><li>0: Use SHA-512.</li>
- * <li>1: Use SHA-384.</li></ul> */
+ int is384; /*!< Determines which function to use:
+ 0: Use SHA-512, or 1: Use SHA-384. */
}
mbedtls_sha512_context;
+#else /* MBEDTLS_SHA512_ALT */
+#include "sha512_alt.h"
+#endif /* MBEDTLS_SHA512_ALT */
+
/**
* \brief This function initializes a SHA-512 context.
*
@@ -89,9 +94,8 @@
* calculation.
*
* \param ctx The SHA-512 context to initialize.
- * \param is384 Determines which function to use.
- * <ul><li>0: Use SHA-512.</li>
- * <li>1: Use SHA-384.</li></ul>
+ * \param is384 Determines which function to use:
+ * 0: Use SHA-512, or 1: Use SHA-384.
*
* \return \c 0 on success.
*/
@@ -148,9 +152,8 @@
* \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.7.0
*
* \param ctx The SHA-512 context to initialize.
- * \param is384 Determines which function to use.
- * <ul><li>0: Use SHA-512.</li>
- * <li>1: Use SHA-384.</li></ul>
+ * \param is384 Determines which function to use:
+ * 0: Use SHA-512, or 1: Use SHA-384.
*/
MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
int is384 );
@@ -159,7 +162,7 @@
* \brief This function feeds an input buffer into an ongoing
* SHA-512 checksum calculation.
*
- * \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0
+ * \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0.
*
* \param ctx The SHA-512 context.
* \param input The buffer holding the data.
@@ -173,7 +176,7 @@
* \brief This function finishes the SHA-512 operation, and writes
* the result to the output buffer.
*
- * \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0
+ * \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0.
*
* \param ctx The SHA-512 context.
* \param output The SHA-384 or SHA-512 checksum result.
@@ -186,7 +189,7 @@
* the ongoing SHA-512 computation. This function is for
* internal use only.
*
- * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0
+ * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0.
*
* \param ctx The SHA-512 context.
* \param data The buffer holding one block of data.
@@ -198,18 +201,6 @@
#undef MBEDTLS_DEPRECATED
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_SHA512_ALT */
-#include "sha512_alt.h"
-#endif /* MBEDTLS_SHA512_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief This function calculates the SHA-512 or SHA-384
* checksum of a buffer.
@@ -223,9 +214,8 @@
* \param input The buffer holding the input data.
* \param ilen The length of the input data.
* \param output The SHA-384 or SHA-512 checksum result.
- * \param is384 Determines which function to use.
- * <ul><li>0: Use SHA-512.</li>
- * <li>1: Use SHA-384.</li></ul>
+ * \param is384 Determines which function to use:
+ * 0: Use SHA-512, or 1: Use SHA-384.
*
* \return \c 0 on success.
*/
@@ -255,9 +245,8 @@
* \param input The buffer holding the data.
* \param ilen The length of the input data.
* \param output The SHA-384 or SHA-512 checksum result.
- * \param is384 Determines which function to use.
- * <ul><li>0: Use SHA-512.</li>
- * <li>1: Use SHA-384.</li></ul>
+ * \param is384 Determines which function to use:
+ * 0: Use SHA-512, or 1: Use SHA-384.
*/
MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
size_t ilen,
@@ -269,7 +258,8 @@
/**
* \brief The SHA-384 or SHA-512 checkup routine.
*
- * \return \c 0 on success, or \c 1 on failure.
+ * \return \c 0 on success.
+ * \return \c 1 on failure.
*/
int mbedtls_sha512_self_test( int verbose );
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 51e843a..bb9c02d 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -49,6 +49,15 @@
#endif
#if defined(MBEDTLS_ZLIB_SUPPORT)
+
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
+#endif
+
+#if defined(MBEDTLS_DEPRECATED_REMOVED)
+#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
+#endif
+
#include "zlib.h"
#endif
@@ -103,13 +112,14 @@
#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /**< DTLS client must retry for hello verification */
#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 /**< A buffer is too small to receive or write a message */
#define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */
-#define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< Connection requires a read call. */
+#define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< No data of requested type currently available on underlying transport. */
#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 /**< Connection requires a write call. */
#define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 /**< The operation timed out. */
#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 /**< The client initiated a reconnect from the same port. */
#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 /**< Record header looks valid but is not expected. */
#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */
#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */
+#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */
/*
* Various constants
@@ -673,10 +683,18 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
- unsigned char *psk; /*!< pre-shared key */
- size_t psk_len; /*!< length of the pre-shared key */
- unsigned char *psk_identity; /*!< identity for PSK negotiation */
- size_t psk_identity_len;/*!< length of identity */
+ unsigned char *psk; /*!< pre-shared key. This field should
+ only be set via
+ mbedtls_ssl_conf_psk() */
+ size_t psk_len; /*!< length of the pre-shared key. This
+ field should only be set via
+ mbedtls_ssl_conf_psk() */
+ unsigned char *psk_identity; /*!< identity for PSK negotiation. This
+ field should only be set via
+ mbedtls_ssl_conf_psk() */
+ size_t psk_identity_len;/*!< length of identity. This field should
+ only be set via
+ mbedtls_ssl_conf_psk() */
#endif
#if defined(MBEDTLS_SSL_ALPN)
@@ -971,8 +989,13 @@
* \note No copy of the configuration context is made, it can be
* shared by many mbedtls_ssl_context structures.
*
- * \warning Modifying the conf structure after it has been used in this
- * function is unsupported!
+ * \warning The conf structure will be accessed during the session.
+ * It must not be modified or freed as long as the session
+ * is active.
+ *
+ * \warning This function must be called exactly once per context.
+ * Calling mbedtls_ssl_setup again is not supported, even
+ * if no session is active.
*
* \param ssl SSL context
* \param conf SSL configuration to use
@@ -1587,6 +1610,10 @@
/**
* \brief Set the data required to verify peer certificate
*
+ * \note See \c mbedtls_x509_crt_verify() for notes regarding the
+ * parameters ca_chain (maps to trust_ca for that function)
+ * and ca_crl.
+ *
* \param conf SSL configuration
* \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
* \param ca_crl trusted CA CRLs
@@ -2275,11 +2302,59 @@
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/**
- * \brief Return the number of data bytes available to read
+ * \brief Check if there is data already read from the
+ * underlying transport but not yet processed.
*
* \param ssl SSL context
*
- * \return how many bytes are available in the read buffer
+ * \return 0 if nothing's pending, 1 otherwise.
+ *
+ * \note This is different in purpose and behaviour from
+ * \c mbedtls_ssl_get_bytes_avail in that it considers
+ * any kind of unprocessed data, not only unread
+ * application data. If \c mbedtls_ssl_get_bytes
+ * returns a non-zero value, this function will
+ * also signal pending data, but the converse does
+ * not hold. For example, in DTLS there might be
+ * further records waiting to be processed from
+ * the current underlying transport's datagram.
+ *
+ * \note If this function returns 1 (data pending), this
+ * does not imply that a subsequent call to
+ * \c mbedtls_ssl_read will provide any data;
+ * e.g., the unprocessed data might turn out
+ * to be an alert or a handshake message.
+ *
+ * \note This function is useful in the following situation:
+ * If the SSL/TLS module successfully returns from an
+ * operation - e.g. a handshake or an application record
+ * read - and you're awaiting incoming data next, you
+ * must not immediately idle on the underlying transport
+ * to have data ready, but you need to check the value
+ * of this function first. The reason is that the desired
+ * data might already be read but not yet processed.
+ * If, in contrast, a previous call to the SSL/TLS module
+ * returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary
+ * to call this function, as the latter error code entails
+ * that all internal data has been processed.
+ *
+ */
+int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl );
+
+/**
+ * \brief Return the number of application data bytes
+ * remaining to be read from the current record.
+ *
+ * \param ssl SSL context
+ *
+ * \return How many bytes are available in the application
+ * data record read buffer.
+ *
+ * \note When working over a datagram transport, this is
+ * useful to detect the current datagram's boundary
+ * in case \c mbedtls_ssl_read has written the maximal
+ * amount of data fitting into the input buffer.
+ *
*/
size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
@@ -2394,11 +2469,25 @@
* MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or
* a specific SSL error code.
*
+ * If this function returns MBEDTLS_ERR_SSL_WANT_READ, the
+ * handshake is unfinished and no further data is available
+ * from the underlying transport. In this case, you must call
+ * the function again at some later stage.
+ *
+ * \note Remarks regarding event-driven DTLS:
+ * If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram
+ * from the underlying transport layer is currently being processed,
+ * and it is safe to idle until the timer or the underlying transport
+ * signal a new event. This is not true for a successful handshake,
+ * in which case the datagram of the underlying transport that is
+ * currently being processed might or might not contain further
+ * DTLS records.
+ *
* \note If this function returns something other than 0 or
- * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
- * becomes unusable, and you should either free it or call
- * \c mbedtls_ssl_session_reset() on it before re-using it for
- * a new connection; the current connection must be closed.
+ * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
+ * the SSL context for reading or writing, and either free it or
+ * call \c mbedtls_ssl_session_reset() on it before re-using it
+ * for a new connection; the current connection must be closed.
*
* \note If DTLS is in use, then you may choose to handle
* MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
@@ -2415,10 +2504,10 @@
* call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
*
* \note If this function returns something other than 0 or
- * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
- * becomes unusable, and you should either free it or call
- * \c mbedtls_ssl_session_reset() on it before re-using it for
- * a new connection; the current connection must be closed.
+ * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
+ * the SSL context for reading or writing, and either free it or
+ * call \c mbedtls_ssl_session_reset() on it before re-using it
+ * for a new connection; the current connection must be closed.
*
* \param ssl SSL context
*
@@ -2442,10 +2531,10 @@
* value.
*
* \note If this function returns something other than 0 or
- * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
- * becomes unusable, and you should either free it or call
- * \c mbedtls_ssl_session_reset() on it before re-using it for
- * a new connection; the current connection must be closed.
+ * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
+ * the SSL context for reading or writing, and either free it or
+ * call \c mbedtls_ssl_session_reset() on it before re-using it
+ * for a new connection; the current connection must be closed.
*/
int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_RENEGOTIATION */
@@ -2457,20 +2546,20 @@
* \param buf buffer that will hold the data
* \param len maximum number of bytes to read
*
- * \return the number of bytes read, or
- * 0 for EOF, or
- * MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
- * MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or
- * another negative error code.
+ * \return One of the following:
+ * - 0 if the read end of the underlying transport was closed,
+ * - the (positive) number of bytes read, or
+ * - a negative error code on failure.
*
- * \note If this function returns something other than a positive
- * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE or
- * MBEDTLS_ERR_SSL_CLIENT_RECONNECT, then the ssl context
- * becomes unusable, and you should either free it or call
- * \c mbedtls_ssl_session_reset() on it before re-using it for
- * a new connection; the current connection must be closed.
+ * If MBEDTLS_ERR_SSL_WANT_READ is returned, no application data
+ * is available from the underlying transport. In this case,
+ * the function needs to be called again at some later stage.
*
- * \note When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
+ * If MBEDTLS_ERR_SSL_WANT_WRITE is returned, a write is pending
+ * but the underlying transport isn't available for writing. In this
+ * case, the function needs to be called again at some later stage.
+ *
+ * When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
* (which can only happen server-side), it means that a client
* is initiating a new connection using the same source port.
* You can either treat that as a connection close and wait
@@ -2483,6 +2572,28 @@
* again. WARNING: not validating the identity of the client
* again, or not transmitting the new identity to the
* application layer, would allow authentication bypass!
+ *
+ * \note If this function returns something other than a positive value
+ * or MBEDTLS_ERR_SSL_WANT_READ/WRITE or MBEDTLS_ERR_SSL_CLIENT_RECONNECT,
+ * you must stop using the SSL context for reading or writing,
+ * and either free it or call \c mbedtls_ssl_session_reset() on it
+ * before re-using it for a new connection; the current connection
+ * must be closed.
+ *
+ * \note Remarks regarding event-driven DTLS:
+ * - If the function returns MBEDTLS_ERR_SSL_WANT_READ, no datagram
+ * from the underlying transport layer is currently being processed,
+ * and it is safe to idle until the timer or the underlying transport
+ * signal a new event.
+ * - This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was
+ * initially available on the underlying transport, as this data may have
+ * been only e.g. duplicated messages or a renegotiation request.
+ * Therefore, you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even
+ * when reacting to an incoming-data event from the underlying transport.
+ * - On success, the datagram of the underlying transport that is currently
+ * being processed may contain further DTLS records. You should call
+ * \c mbedtls_ssl_check_pending to check for remaining records.
+ *
*/
int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
@@ -2503,15 +2614,17 @@
* or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ,
* or another negative error code.
*
- * \note If this function returns something other than a positive
- * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, the ssl context
- * becomes unusable, and you should either free it or call
- * \c mbedtls_ssl_session_reset() on it before re-using it for
- * a new connection; the current connection must be closed.
+ * \note If this function returns something other than a positive value
+ * or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
+ * the SSL context for reading or writing, and either free it or
+ * call \c mbedtls_ssl_session_reset() on it before re-using it
+ * for a new connection; the current connection must be closed.
*
* \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
* it must be called later with the *same* arguments,
- * until it returns a positive value.
+ * until it returns a positive value. When the function returns
+ * MBEDTLS_ERR_SSL_WANT_WRITE there may be some partial
+ * data in the output buffer, however this is not yet sent.
*
* \note If the requested length is greater than the maximum
* fragment length (either the built-in limit or the one set
@@ -2534,10 +2647,10 @@
* \return 0 if successful, or a specific SSL error code.
*
* \note If this function returns something other than 0 or
- * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
- * becomes unusable, and you should either free it or call
- * \c mbedtls_ssl_session_reset() on it before re-using it for
- * a new connection; the current connection must be closed.
+ * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
+ * the SSL context for reading or writing, and either free it or
+ * call \c mbedtls_ssl_session_reset() on it before re-using it
+ * for a new connection; the current connection must be closed.
*/
int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
unsigned char level,
@@ -2550,10 +2663,10 @@
* \return 0 if successful, or a specific SSL error code.
*
* \note If this function returns something other than 0 or
- * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
- * becomes unusable, and you should either free it or call
- * \c mbedtls_ssl_session_reset() on it before re-using it for
- * a new connection; the current connection must be closed.
+ * MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
+ * the SSL context for reading or writing, and either free it or
+ * call \c mbedtls_ssl_session_reset() on it before re-using it
+ * for a new connection; the current connection must be closed.
*/
int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 9f583a8..60b431a 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -71,6 +71,9 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
+#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
+
/* Determine maximum supported version */
#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 58e6db2..aeea5d0 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -96,8 +96,12 @@
/*
* Global mutexes
*/
+#if defined(MBEDTLS_FS_IO)
extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
+#endif
+#if defined(MBEDTLS_HAVE_TIME_DATE)
extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
+#endif
#endif /* MBEDTLS_THREADING_C */
#ifdef __cplusplus
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
index 2c497bf..bbcb906 100644
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@@ -30,16 +30,16 @@
#include MBEDTLS_CONFIG_FILE
#endif
-#if !defined(MBEDTLS_TIMING_ALT)
-// Regular implementation
-//
-
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_TIMING_ALT)
+// Regular implementation
+//
+
/**
* \brief timer structure
*/
@@ -58,6 +58,10 @@
uint32_t fin_ms;
} mbedtls_timing_delay_context;
+#else /* MBEDTLS_TIMING_ALT */
+#include "timing_alt.h"
+#endif /* MBEDTLS_TIMING_ALT */
+
extern volatile int mbedtls_timing_alarmed;
/**
@@ -133,18 +137,6 @@
*/
int mbedtls_timing_get_delay( void *data );
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_TIMING_ALT */
-#include "timing_alt.h"
-#endif /* MBEDTLS_TIMING_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
#if defined(MBEDTLS_SELF_TEST)
/**
* \brief Checkup routine
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 961be59..aa52ce2 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -39,7 +39,7 @@
* Major, Minor, Patchlevel
*/
#define MBEDTLS_VERSION_MAJOR 2
-#define MBEDTLS_VERSION_MINOR 7
+#define MBEDTLS_VERSION_MINOR 9
#define MBEDTLS_VERSION_PATCH 0
/**
@@ -47,9 +47,9 @@
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02070000
-#define MBEDTLS_VERSION_STRING "2.7.0"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.0"
+#define MBEDTLS_VERSION_NUMBER 0x02090000
+#define MBEDTLS_VERSION_STRING "2.9.0"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.9.0"
#if defined(MBEDTLS_VERSION_C)
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 2dbb7ec..ac23cff 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -287,8 +287,15 @@
* used to sign the certificate, CRL verification is skipped
* silently, that is *without* setting any flag.
*
+ * \note The \c trust_ca list can contain two types of certificates:
+ * (1) those of trusted root CAs, so that certificates
+ * chaining up to those CAs will be trusted, and (2)
+ * self-signed end-entity certificates to be trusted (for
+ * specific peers you know) - in that case, the self-signed
+ * certificate doesn't need to have the CA bit set.
+ *
* \param crt a certificate (chain) to be verified
- * \param trust_ca the list of trusted CAs
+ * \param trust_ca the list of trusted CAs (see note above)
* \param ca_crl the list of CRLs for trusted CAs (see note above)
* \param cn expected Common Name (can be set to
* NULL if the CN must not be verified)
diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h
index 34ccee3..8df708a 100644
--- a/include/mbedtls/xtea.h
+++ b/include/mbedtls/xtea.h
@@ -39,14 +39,14 @@
#define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */
#define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED -0x0029 /**< XTEA hardware accelerator failed. */
-#if !defined(MBEDTLS_XTEA_ALT)
-// Regular implementation
-//
-
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_XTEA_ALT)
+// Regular implementation
+//
+
/**
* \brief XTEA context structure
*/
@@ -56,6 +56,10 @@
}
mbedtls_xtea_context;
+#else /* MBEDTLS_XTEA_ALT */
+#include "xtea_alt.h"
+#endif /* MBEDTLS_XTEA_ALT */
+
/**
* \brief Initialize XTEA context
*
@@ -115,18 +119,6 @@
unsigned char *output);
#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_XTEA_ALT */
-#include "xtea_alt.h"
-#endif /* MBEDTLS_XTEA_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/**
* \brief Checkup routine
*
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 02ccea8..6177ca2 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -46,6 +46,7 @@
pkparse.c
pkwrite.c
platform.c
+ platform_util.c
ripemd160.c
rsa.c
rsa_internal.c
@@ -141,15 +142,15 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto})
- set_target_properties(mbedcrypto PROPERTIES VERSION 2.7.0 SOVERSION 1)
+ set_target_properties(mbedcrypto PROPERTIES VERSION 2.9.0 SOVERSION 2)
target_link_libraries(mbedcrypto ${libs})
add_library(mbedx509 SHARED ${src_x509})
- set_target_properties(mbedx509 PROPERTIES VERSION 2.7.0 SOVERSION 0)
+ set_target_properties(mbedx509 PROPERTIES VERSION 2.9.0 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
add_library(mbedtls SHARED ${src_tls})
- set_target_properties(mbedtls PROPERTIES VERSION 2.7.0 SOVERSION 10)
+ set_target_properties(mbedtls PROPERTIES VERSION 2.9.0 SOVERSION 10)
target_link_libraries(mbedtls ${libs} mbedx509)
install(TARGETS mbedtls mbedx509 mbedcrypto
diff --git a/library/Makefile b/library/Makefile
index 65a102f..b155c72 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -33,11 +33,14 @@
SOEXT_TLS=so.10
SOEXT_X509=so.0
-SOEXT_CRYPTO=so.1
+SOEXT_CRYPTO=so.2
-DLEXT=so
-# OSX shared library extension:
-# DLEXT=dylib
+# Set DLEXT=dylib to compile as a shared library for Mac OS X
+DLEXT ?= so
+
+# Set AR_DASH= (empty string) to use an ar implentation that does not accept
+# the - prefix for command line options (e.g. llvm-ar)
+AR_DASH ?= -
# Windows shared library extension:
ifdef WINDOWS_BUILD
@@ -59,10 +62,11 @@
padlock.o pem.o pk.o \
pk_wrap.o pkcs12.o pkcs5.o \
pkparse.o pkwrite.o platform.o \
- ripemd160.o rsa_internal.o rsa.o \
- sha1.o sha256.o sha512.o \
- threading.o timing.o version.o \
- version_features.o xtea.o
+ platform_util.o ripemd160.o rsa_internal.o \
+ rsa.o sha1.o sha256.o \
+ sha512.o threading.o timing.o \
+ version.o version_features.o \
+ xtea.o
OBJS_X509= certs.o pkcs11.o x509.o \
x509_create.o x509_crl.o x509_crt.o \
@@ -91,9 +95,9 @@
# tls
libmbedtls.a: $(OBJS_TLS)
echo " AR $@"
- $(AR) -rc $@ $(OBJS_TLS)
+ $(AR) $(AR_DASH)rc $@ $(OBJS_TLS)
echo " RL $@"
- $(AR) -s $@
+ $(AR) $(AR_DASH)s $@
libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so
echo " LD $@"
@@ -103,9 +107,9 @@
echo " LN $@ -> $<"
ln -sf $< $@
-libmbedtls.dylib: $(OBJS_TLS)
+libmbedtls.dylib: $(OBJS_TLS) libmbedx509.dylib
echo " LD $@"
- $(CC) -dynamiclib $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS)
+ $(CC) -dynamiclib -L. -lmbedcrypto -lmbedx509 $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_TLS)
libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll
echo " LD $@"
@@ -114,9 +118,9 @@
# x509
libmbedx509.a: $(OBJS_X509)
echo " AR $@"
- $(AR) -rc $@ $(OBJS_X509)
+ $(AR) $(AR_DASH)rc $@ $(OBJS_X509)
echo " RL $@"
- $(AR) -s $@
+ $(AR) $(AR_DASH)s $@
libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so
echo " LD $@"
@@ -126,9 +130,9 @@
echo " LN $@ -> $<"
ln -sf $< $@
-libmbedx509.dylib: $(OBJS_X509)
+libmbedx509.dylib: $(OBJS_X509) libmbedcrypto.dylib
echo " LD $@"
- $(CC) -dynamiclib $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509)
+ $(CC) -dynamiclib -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS_X509)
libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll
echo " LD $@"
@@ -137,9 +141,9 @@
# crypto
libmbedcrypto.a: $(OBJS_CRYPTO)
echo " AR $@"
- $(AR) -rc $@ $(OBJS_CRYPTO)
+ $(AR) $(AR_DASH)rc $@ $(OBJS_CRYPTO)
echo " RL $@"
- $(AR) -s $@
+ $(AR) $(AR_DASH)s $@
libmbedcrypto.$(SOEXT_CRYPTO): $(OBJS_CRYPTO)
echo " LD $@"
diff --git a/library/aes.c b/library/aes.c
index dba4a5f..b0aea00 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -36,6 +36,7 @@
#include <string.h>
#include "mbedtls/aes.h"
+#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_PADLOCK_C)
#include "mbedtls/padlock.h"
#endif
@@ -54,11 +55,6 @@
#if !defined(MBEDTLS_AES_ALT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
/*
* 32-bit integer manipulation macros (little endian)
*/
@@ -201,6 +197,8 @@
static const uint32_t FT0[256] = { FT };
#undef V
+#if !defined(MBEDTLS_AES_FEWER_TABLES)
+
#define V(a,b,c,d) 0x##b##c##d##a
static const uint32_t FT1[256] = { FT };
#undef V
@@ -213,6 +211,8 @@
static const uint32_t FT3[256] = { FT };
#undef V
+#endif /* !MBEDTLS_AES_FEWER_TABLES */
+
#undef FT
/*
@@ -328,6 +328,8 @@
static const uint32_t RT0[256] = { RT };
#undef V
+#if !defined(MBEDTLS_AES_FEWER_TABLES)
+
#define V(a,b,c,d) 0x##b##c##d##a
static const uint32_t RT1[256] = { RT };
#undef V
@@ -340,6 +342,8 @@
static const uint32_t RT3[256] = { RT };
#undef V
+#endif /* !MBEDTLS_AES_FEWER_TABLES */
+
#undef RT
/*
@@ -359,18 +363,22 @@
*/
static unsigned char FSb[256];
static uint32_t FT0[256];
+#if !defined(MBEDTLS_AES_FEWER_TABLES)
static uint32_t FT1[256];
static uint32_t FT2[256];
static uint32_t FT3[256];
+#endif /* !MBEDTLS_AES_FEWER_TABLES */
/*
* Reverse S-box & tables
*/
static unsigned char RSb[256];
static uint32_t RT0[256];
+#if !defined(MBEDTLS_AES_FEWER_TABLES)
static uint32_t RT1[256];
static uint32_t RT2[256];
static uint32_t RT3[256];
+#endif /* !MBEDTLS_AES_FEWER_TABLES */
/*
* Round constants
@@ -445,9 +453,11 @@
( (uint32_t) x << 16 ) ^
( (uint32_t) z << 24 );
+#if !defined(MBEDTLS_AES_FEWER_TABLES)
FT1[i] = ROTL8( FT0[i] );
FT2[i] = ROTL8( FT1[i] );
FT3[i] = ROTL8( FT2[i] );
+#endif /* !MBEDTLS_AES_FEWER_TABLES */
x = RSb[i];
@@ -456,14 +466,48 @@
( (uint32_t) MUL( 0x0D, x ) << 16 ) ^
( (uint32_t) MUL( 0x0B, x ) << 24 );
+#if !defined(MBEDTLS_AES_FEWER_TABLES)
RT1[i] = ROTL8( RT0[i] );
RT2[i] = ROTL8( RT1[i] );
RT3[i] = ROTL8( RT2[i] );
+#endif /* !MBEDTLS_AES_FEWER_TABLES */
}
}
+#undef ROTL8
+
#endif /* MBEDTLS_AES_ROM_TABLES */
+#if defined(MBEDTLS_AES_FEWER_TABLES)
+
+#define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) )
+#define ROTL16(x) ( (uint32_t)( ( x ) << 16 ) + (uint32_t)( ( x ) >> 16 ) )
+#define ROTL24(x) ( (uint32_t)( ( x ) << 24 ) + (uint32_t)( ( x ) >> 8 ) )
+
+#define AES_RT0(idx) RT0[idx]
+#define AES_RT1(idx) ROTL8( RT0[idx] )
+#define AES_RT2(idx) ROTL16( RT0[idx] )
+#define AES_RT3(idx) ROTL24( RT0[idx] )
+
+#define AES_FT0(idx) FT0[idx]
+#define AES_FT1(idx) ROTL8( FT0[idx] )
+#define AES_FT2(idx) ROTL16( FT0[idx] )
+#define AES_FT3(idx) ROTL24( FT0[idx] )
+
+#else /* MBEDTLS_AES_FEWER_TABLES */
+
+#define AES_RT0(idx) RT0[idx]
+#define AES_RT1(idx) RT1[idx]
+#define AES_RT2(idx) RT2[idx]
+#define AES_RT3(idx) RT3[idx]
+
+#define AES_FT0(idx) FT0[idx]
+#define AES_FT1(idx) FT1[idx]
+#define AES_FT2(idx) FT2[idx]
+#define AES_FT3(idx) FT3[idx]
+
+#endif /* MBEDTLS_AES_FEWER_TABLES */
+
void mbedtls_aes_init( mbedtls_aes_context *ctx )
{
memset( ctx, 0, sizeof( mbedtls_aes_context ) );
@@ -474,7 +518,7 @@
if( ctx == NULL )
return;
- mbedtls_zeroize( ctx, sizeof( mbedtls_aes_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) );
}
/*
@@ -641,10 +685,10 @@
{
for( j = 0; j < 4; j++, SK++ )
{
- *RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^
- RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^
- RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^
- RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ];
+ *RK++ = AES_RT0( FSb[ ( *SK ) & 0xFF ] ) ^
+ AES_RT1( FSb[ ( *SK >> 8 ) & 0xFF ] ) ^
+ AES_RT2( FSb[ ( *SK >> 16 ) & 0xFF ] ) ^
+ AES_RT3( FSb[ ( *SK >> 24 ) & 0xFF ] );
}
}
@@ -660,50 +704,50 @@
}
#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
-#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
-{ \
- X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \
- FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
- FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
- FT3[ ( Y3 >> 24 ) & 0xFF ]; \
- \
- X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \
- FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
- FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
- FT3[ ( Y0 >> 24 ) & 0xFF ]; \
- \
- X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \
- FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
- FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
- FT3[ ( Y1 >> 24 ) & 0xFF ]; \
- \
- X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \
- FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
- FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
- FT3[ ( Y2 >> 24 ) & 0xFF ]; \
+#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
+{ \
+ X0 = *RK++ ^ AES_FT0( ( Y0 ) & 0xFF ) ^ \
+ AES_FT1( ( Y1 >> 8 ) & 0xFF ) ^ \
+ AES_FT2( ( Y2 >> 16 ) & 0xFF ) ^ \
+ AES_FT3( ( Y3 >> 24 ) & 0xFF ); \
+ \
+ X1 = *RK++ ^ AES_FT0( ( Y1 ) & 0xFF ) ^ \
+ AES_FT1( ( Y2 >> 8 ) & 0xFF ) ^ \
+ AES_FT2( ( Y3 >> 16 ) & 0xFF ) ^ \
+ AES_FT3( ( Y0 >> 24 ) & 0xFF ); \
+ \
+ X2 = *RK++ ^ AES_FT0( ( Y2 ) & 0xFF ) ^ \
+ AES_FT1( ( Y3 >> 8 ) & 0xFF ) ^ \
+ AES_FT2( ( Y0 >> 16 ) & 0xFF ) ^ \
+ AES_FT3( ( Y1 >> 24 ) & 0xFF ); \
+ \
+ X3 = *RK++ ^ AES_FT0( ( Y3 ) & 0xFF ) ^ \
+ AES_FT1( ( Y0 >> 8 ) & 0xFF ) ^ \
+ AES_FT2( ( Y1 >> 16 ) & 0xFF ) ^ \
+ AES_FT3( ( Y2 >> 24 ) & 0xFF ); \
}
-#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
-{ \
- X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \
- RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
- RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
- RT3[ ( Y1 >> 24 ) & 0xFF ]; \
- \
- X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \
- RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
- RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
- RT3[ ( Y2 >> 24 ) & 0xFF ]; \
- \
- X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \
- RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
- RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
- RT3[ ( Y3 >> 24 ) & 0xFF ]; \
- \
- X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \
- RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
- RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
- RT3[ ( Y0 >> 24 ) & 0xFF ]; \
+#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
+{ \
+ X0 = *RK++ ^ AES_RT0( ( Y0 ) & 0xFF ) ^ \
+ AES_RT1( ( Y3 >> 8 ) & 0xFF ) ^ \
+ AES_RT2( ( Y2 >> 16 ) & 0xFF ) ^ \
+ AES_RT3( ( Y1 >> 24 ) & 0xFF ); \
+ \
+ X1 = *RK++ ^ AES_RT0( ( Y1 ) & 0xFF ) ^ \
+ AES_RT1( ( Y0 >> 8 ) & 0xFF ) ^ \
+ AES_RT2( ( Y3 >> 16 ) & 0xFF ) ^ \
+ AES_RT3( ( Y2 >> 24 ) & 0xFF ); \
+ \
+ X2 = *RK++ ^ AES_RT0( ( Y2 ) & 0xFF ) ^ \
+ AES_RT1( ( Y1 >> 8 ) & 0xFF ) ^ \
+ AES_RT2( ( Y0 >> 16 ) & 0xFF ) ^ \
+ AES_RT3( ( Y3 >> 24 ) & 0xFF ); \
+ \
+ X3 = *RK++ ^ AES_RT0( ( Y3 ) & 0xFF ) ^ \
+ AES_RT1( ( Y2 >> 8 ) & 0xFF ) ^ \
+ AES_RT2( ( Y1 >> 16 ) & 0xFF ) ^ \
+ AES_RT3( ( Y0 >> 24 ) & 0xFF ); \
}
/*
@@ -765,12 +809,14 @@
}
#endif /* !MBEDTLS_AES_ENCRYPT_ALT */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] )
{
mbedtls_internal_aes_encrypt( ctx, input, output );
}
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
/*
* AES-ECB block decryption
@@ -831,12 +877,14 @@
}
#endif /* !MBEDTLS_AES_DECRYPT_ALT */
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] )
{
mbedtls_internal_aes_decrypt( ctx, input, output );
}
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
/*
* AES-ECB block encryption/decryption
diff --git a/library/aesni.c b/library/aesni.c
index 1ca3c3e..062708b 100644
--- a/library/aesni.c
+++ b/library/aesni.c
@@ -32,6 +32,12 @@
#if defined(MBEDTLS_AESNI_C)
+#if defined(__has_feature)
+#if __has_feature(memory_sanitizer)
+#warning "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
+#endif
+#endif
+
#include "mbedtls/aesni.h"
#include <string.h>
diff --git a/library/arc4.c b/library/arc4.c
index 05b33d3..b8998ac 100644
--- a/library/arc4.c
+++ b/library/arc4.c
@@ -33,6 +33,7 @@
#if defined(MBEDTLS_ARC4_C)
#include "mbedtls/arc4.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -47,11 +48,6 @@
#if !defined(MBEDTLS_ARC4_ALT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
void mbedtls_arc4_init( mbedtls_arc4_context *ctx )
{
memset( ctx, 0, sizeof( mbedtls_arc4_context ) );
@@ -62,7 +58,7 @@
if( ctx == NULL )
return;
- mbedtls_zeroize( ctx, sizeof( mbedtls_arc4_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_arc4_context ) );
}
/*
diff --git a/library/asn1parse.c b/library/asn1parse.c
index 4dd65c0..171c340 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -28,6 +28,7 @@
#if defined(MBEDTLS_ASN1_PARSE_C)
#include "mbedtls/asn1.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -43,11 +44,6 @@
#define mbedtls_free free
#endif
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
/*
* ASN.1 DER decoding routines
*/
@@ -313,7 +309,7 @@
if( *p == end )
{
- mbedtls_zeroize( params, sizeof(mbedtls_asn1_buf) );
+ mbedtls_platform_zeroize( params, sizeof(mbedtls_asn1_buf) );
return( 0 );
}
@@ -358,7 +354,7 @@
mbedtls_free( cur->oid.p );
mbedtls_free( cur->val.p );
- mbedtls_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
+ mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
}
void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
diff --git a/library/bignum.c b/library/bignum.c
index d27c130..423e375 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -45,6 +45,7 @@
#include "mbedtls/bignum.h"
#include "mbedtls/bn_mul.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -58,16 +59,6 @@
#define mbedtls_free free
#endif
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) {
- volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0;
-}
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
#define biL (ciL << 3) /* bits in limb */
#define biH (ciL << 2) /* half limb size */
@@ -81,6 +72,12 @@
#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) )
#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n )
+{
+ mbedtls_platform_zeroize( v, ciL * n );
+}
+
/*
* Initialize one MPI
*/
@@ -184,7 +181,7 @@
*/
int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
{
- int ret;
+ int ret = 0;
size_t i;
if( X == Y )
@@ -203,9 +200,15 @@
X->s = Y->s;
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) );
+ if( X->n < i )
+ {
+ MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) );
+ }
+ else
+ {
+ memset( X->p + i, 0, ( X->n - i ) * ciL );
+ }
- memset( X->p, 0, X->n * ciL );
memcpy( X->p, Y->p, i * ciL );
cleanup:
@@ -963,7 +966,7 @@
while( c != 0 )
{
z = ( *d < c ); *d -= c;
- c = z; i++; d++;
+ c = z; d++;
}
}
@@ -1201,8 +1204,8 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
- for( i++; j > 0; j-- )
- mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] );
+ for( ; j > 0; j-- )
+ mpi_mul_hlp( i, A->p, X->p + j - 1, B->p[j - 1] );
X->s = A->s * B->s;
@@ -1623,7 +1626,7 @@
mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos;
int neg;
- if( mbedtls_mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 )
+ if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 )
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
@@ -1891,7 +1894,7 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) );
cleanup:
- mbedtls_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( ret );
}
@@ -2188,12 +2191,23 @@
/*
* Prime number generation
+ *
+ * If dh_flag is 0 and nbits is at least 1024, then the procedure
+ * follows the RSA probably-prime generation method of FIPS 186-4.
+ * NB. FIPS 186-4 only allows the specific bit lengths of 1024 and 1536.
*/
int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- int ret;
+#ifdef MBEDTLS_HAVE_INT64
+// ceil(2^63.5)
+#define CEIL_MAXUINT_DIV_SQRT2 0xb504f333f9de6485ULL
+#else
+// ceil(2^31.5)
+#define CEIL_MAXUINT_DIV_SQRT2 0xb504f334U
+#endif
+ int ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
size_t k, n;
mbedtls_mpi_uint r;
mbedtls_mpi Y;
@@ -2205,69 +2219,66 @@
n = BITS_TO_LIMBS( nbits );
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) );
-
- k = mbedtls_mpi_bitlen( X );
- if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits + 1 ) );
-
- mbedtls_mpi_set_bit( X, nbits-1, 1 );
-
- X->p[0] |= 1;
-
- if( dh_flag == 0 )
+ while( 1 )
{
- while( ( ret = mbedtls_mpi_is_prime( X, f_rng, p_rng ) ) != 0 )
+ MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) );
+ /* make sure generated number is at least (nbits-1)+0.5 bits (FIPS 186-4 §B.3.3 steps 4.4, 5.5) */
+ if( X->p[n-1] < CEIL_MAXUINT_DIV_SQRT2 ) continue;
+
+ k = n * biL;
+ if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits ) );
+ X->p[0] |= 1;
+
+ if( dh_flag == 0 )
{
+ ret = mbedtls_mpi_is_prime( X, f_rng, p_rng );
+
if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
goto cleanup;
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 2 ) );
}
- }
- else
- {
- /*
- * An necessary condition for Y and X = 2Y + 1 to be prime
- * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3).
- * Make sure it is satisfied, while keeping X = 3 mod 4
- */
-
- X->p[0] |= 2;
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) );
- if( r == 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) );
- else if( r == 1 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) );
-
- /* Set Y = (X-1) / 2, which is X / 2 because X is odd */
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) );
-
- while( 1 )
+ else
{
/*
- * First, check small factors for X and Y
- * before doing Miller-Rabin on any of them
+ * An necessary condition for Y and X = 2Y + 1 to be prime
+ * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3).
+ * Make sure it is satisfied, while keeping X = 3 mod 4
*/
- if( ( ret = mpi_check_small_factors( X ) ) == 0 &&
- ( ret = mpi_check_small_factors( &Y ) ) == 0 &&
- ( ret = mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 &&
- ( ret = mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 )
+
+ X->p[0] |= 2;
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) );
+ if( r == 0 )
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) );
+ else if( r == 1 )
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) );
+
+ /* Set Y = (X-1) / 2, which is X / 2 because X is odd */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) );
+
+ while( 1 )
{
- break;
+ /*
+ * First, check small factors for X and Y
+ * before doing Miller-Rabin on any of them
+ */
+ if( ( ret = mpi_check_small_factors( X ) ) == 0 &&
+ ( ret = mpi_check_small_factors( &Y ) ) == 0 &&
+ ( ret = mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 &&
+ ( ret = mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 )
+ goto cleanup;
+
+ if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+ goto cleanup;
+
+ /*
+ * Next candidates. We want to preserve Y = (X-1) / 2 and
+ * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3)
+ * so up Y by 6 and X by 12.
+ */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 12 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6 ) );
}
-
- if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
- goto cleanup;
-
- /*
- * Next candidates. We want to preserve Y = (X-1) / 2 and
- * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3)
- * so up Y by 6 and X by 12.
- */
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 12 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6 ) );
}
}
diff --git a/library/blowfish.c b/library/blowfish.c
index 9003f0d..5b6bb98 100644
--- a/library/blowfish.c
+++ b/library/blowfish.c
@@ -34,16 +34,12 @@
#if defined(MBEDTLS_BLOWFISH_C)
#include "mbedtls/blowfish.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
#if !defined(MBEDTLS_BLOWFISH_ALT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
/*
* 32-bit integer manipulation macros (big endian)
*/
@@ -165,7 +161,7 @@
if( ctx == NULL )
return;
- mbedtls_zeroize( ctx, sizeof( mbedtls_blowfish_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_blowfish_context ) );
}
/*
diff --git a/library/camellia.c b/library/camellia.c
index ac6f96a..41b7da0 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -34,6 +34,7 @@
#if defined(MBEDTLS_CAMELLIA_C)
#include "mbedtls/camellia.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -48,11 +49,6 @@
#if !defined(MBEDTLS_CAMELLIA_ALT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
/*
* 32-bit integer manipulation macros (big endian)
*/
@@ -333,7 +329,7 @@
if( ctx == NULL )
return;
- mbedtls_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
}
/*
diff --git a/library/ccm.c b/library/ccm.c
index 9101e5f..cf65209 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -37,6 +37,7 @@
#if defined(MBEDTLS_CCM_C)
#include "mbedtls/ccm.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -51,11 +52,6 @@
#if !defined(MBEDTLS_CCM_ALT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
#define CCM_ENCRYPT 0
#define CCM_DECRYPT 1
@@ -102,7 +98,7 @@
void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
{
mbedtls_cipher_free( &ctx->cipher_ctx );
- mbedtls_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
}
/*
@@ -343,7 +339,7 @@
if( diff != 0 )
{
- mbedtls_zeroize( output, length );
+ mbedtls_platform_zeroize( output, length );
return( MBEDTLS_ERR_CCM_AUTH_FAILED );
}
diff --git a/library/cipher.c b/library/cipher.c
index ff03273..a5cd61c 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -33,6 +33,7 @@
#include "mbedtls/cipher.h"
#include "mbedtls/cipher_internal.h"
+#include "mbedtls/platform_util.h"
#include <stdlib.h>
#include <string.h>
@@ -60,11 +61,6 @@
#define MBEDTLS_CIPHER_MODE_STREAM
#endif
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
static int supported_init = 0;
const int *mbedtls_cipher_list( void )
@@ -141,7 +137,8 @@
#if defined(MBEDTLS_CMAC_C)
if( ctx->cmac_ctx )
{
- mbedtls_zeroize( ctx->cmac_ctx, sizeof( mbedtls_cmac_context_t ) );
+ mbedtls_platform_zeroize( ctx->cmac_ctx,
+ sizeof( mbedtls_cmac_context_t ) );
mbedtls_free( ctx->cmac_ctx );
}
#endif
@@ -149,7 +146,7 @@
if( ctx->cipher_ctx )
ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
- mbedtls_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
+ mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
}
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info )
@@ -325,8 +322,10 @@
/*
* If there is not enough data for a full block, cache it.
*/
- if( ( ctx->operation == MBEDTLS_DECRYPT &&
+ if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding &&
ilen <= block_size - ctx->unprocessed_len ) ||
+ ( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding &&
+ ilen < block_size - ctx->unprocessed_len ) ||
( ctx->operation == MBEDTLS_ENCRYPT &&
ilen < block_size - ctx->unprocessed_len ) )
{
@@ -372,9 +371,17 @@
return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
}
+ /* Encryption: only cache partial blocks
+ * Decryption w/ padding: always keep at least one whole block
+ * Decryption w/o padding: only cache partial blocks
+ */
copy_len = ilen % block_size;
- if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT )
+ if( copy_len == 0 &&
+ ctx->operation == MBEDTLS_DECRYPT &&
+ NULL != ctx->add_padding)
+ {
copy_len = block_size;
+ }
memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
copy_len );
diff --git a/library/cmac.c b/library/cmac.c
index 9dbff90..4d7a1f1 100644
--- a/library/cmac.c
+++ b/library/cmac.c
@@ -49,6 +49,7 @@
#if defined(MBEDTLS_CMAC_C)
#include "mbedtls/cmac.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -67,11 +68,6 @@
#if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
/*
* Multiplication by u in the Galois field of GF(2^n)
*
@@ -144,7 +140,7 @@
unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX];
size_t olen, block_size;
- mbedtls_zeroize( L, sizeof( L ) );
+ mbedtls_platform_zeroize( L, sizeof( L ) );
block_size = ctx->cipher_info->block_size;
@@ -162,7 +158,7 @@
goto exit;
exit:
- mbedtls_zeroize( L, sizeof( L ) );
+ mbedtls_platform_zeroize( L, sizeof( L ) );
return( ret );
}
@@ -238,7 +234,7 @@
ctx->cmac_ctx = cmac_ctx;
- mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) );
+ mbedtls_platform_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) );
return 0;
}
@@ -330,8 +326,8 @@
block_size = ctx->cipher_info->block_size;
state = cmac_ctx->state;
- mbedtls_zeroize( K1, sizeof( K1 ) );
- mbedtls_zeroize( K2, sizeof( K2 ) );
+ mbedtls_platform_zeroize( K1, sizeof( K1 ) );
+ mbedtls_platform_zeroize( K2, sizeof( K2 ) );
cmac_generate_subkeys( ctx, K1, K2 );
last_block = cmac_ctx->unprocessed_block;
@@ -361,14 +357,14 @@
exit:
/* Wipe the generated keys on the stack, and any other transients to avoid
* side channel leakage */
- mbedtls_zeroize( K1, sizeof( K1 ) );
- mbedtls_zeroize( K2, sizeof( K2 ) );
+ mbedtls_platform_zeroize( K1, sizeof( K1 ) );
+ mbedtls_platform_zeroize( K2, sizeof( K2 ) );
cmac_ctx->unprocessed_len = 0;
- mbedtls_zeroize( cmac_ctx->unprocessed_block,
- sizeof( cmac_ctx->unprocessed_block ) );
+ mbedtls_platform_zeroize( cmac_ctx->unprocessed_block,
+ sizeof( cmac_ctx->unprocessed_block ) );
- mbedtls_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX );
+ mbedtls_platform_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX );
return( ret );
}
@@ -383,10 +379,10 @@
/* Reset the internal state */
cmac_ctx->unprocessed_len = 0;
- mbedtls_zeroize( cmac_ctx->unprocessed_block,
- sizeof( cmac_ctx->unprocessed_block ) );
- mbedtls_zeroize( cmac_ctx->state,
- sizeof( cmac_ctx->state ) );
+ mbedtls_platform_zeroize( cmac_ctx->unprocessed_block,
+ sizeof( cmac_ctx->unprocessed_block ) );
+ mbedtls_platform_zeroize( cmac_ctx->state,
+ sizeof( cmac_ctx->state ) );
return( 0 );
}
@@ -466,7 +462,7 @@
output );
exit:
- mbedtls_zeroize( int_key, sizeof( int_key ) );
+ mbedtls_platform_zeroize( int_key, sizeof( int_key ) );
return( ret );
}
@@ -771,7 +767,7 @@
int block_size,
int num_tests )
{
- int i, ret;
+ int i, ret = 0;
mbedtls_cipher_context_t ctx;
const mbedtls_cipher_info_t *cipher_info;
unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
@@ -853,7 +849,7 @@
int num_tests )
{
const mbedtls_cipher_info_t *cipher_info;
- int i, ret;
+ int i, ret = 0;
unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
cipher_info = mbedtls_cipher_info_from_type( cipher_type );
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index ff532a0..d0e5ba8 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -33,6 +33,7 @@
#if defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -49,11 +50,6 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
/*
* CTR_DRBG context initialization
*/
@@ -125,7 +121,7 @@
mbedtls_mutex_free( &ctx->mutex );
#endif
mbedtls_aes_free( &ctx->aes_ctx );
- mbedtls_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
}
void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, int resistance )
@@ -245,16 +241,16 @@
/*
* tidy up the stack
*/
- mbedtls_zeroize( buf, sizeof( buf ) );
- mbedtls_zeroize( tmp, sizeof( tmp ) );
- mbedtls_zeroize( key, sizeof( key ) );
- mbedtls_zeroize( chain, sizeof( chain ) );
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+ mbedtls_platform_zeroize( key, sizeof( key ) );
+ mbedtls_platform_zeroize( chain, sizeof( chain ) );
if( 0 != ret )
{
/*
* wipe partial seed from memory
*/
- mbedtls_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN );
+ mbedtls_platform_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN );
}
return( ret );
@@ -493,7 +489,7 @@
ret = 0;
exit:
- mbedtls_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
fclose( f );
return( ret );
@@ -526,7 +522,7 @@
fclose( f );
- mbedtls_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
if( ret != 0 )
return( ret );
diff --git a/library/debug.c b/library/debug.c
index f9229b3..db3924a 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -91,7 +91,7 @@
va_start( argp, format );
#if defined(_WIN32)
-#if defined(_TRUNCATE)
+#if defined(_TRUNCATE) && !defined(__MINGW32__)
ret = _vsnprintf_s( str, DEBUG_BUF_SIZE, _TRUNCATE, format, argp );
#else
ret = _vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
diff --git a/library/des.c b/library/des.c
index 09f95cfc..ca9e071 100644
--- a/library/des.c
+++ b/library/des.c
@@ -34,6 +34,7 @@
#if defined(MBEDTLS_DES_C)
#include "mbedtls/des.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -48,11 +49,6 @@
#if !defined(MBEDTLS_DES_ALT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
/*
* 32-bit integer manipulation macros (big endian)
*/
@@ -316,7 +312,7 @@
if( ctx == NULL )
return;
- mbedtls_zeroize( ctx, sizeof( mbedtls_des_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) );
}
void mbedtls_des3_init( mbedtls_des3_context *ctx )
@@ -329,7 +325,7 @@
if( ctx == NULL )
return;
- mbedtls_zeroize( ctx, sizeof( mbedtls_des3_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) );
}
static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
@@ -553,7 +549,7 @@
uint32_t sk[96];
des3_set2key( ctx->sk, sk, key );
- mbedtls_zeroize( sk, sizeof( sk ) );
+ mbedtls_platform_zeroize( sk, sizeof( sk ) );
return( 0 );
}
@@ -567,7 +563,7 @@
uint32_t sk[96];
des3_set2key( sk, ctx->sk, key );
- mbedtls_zeroize( sk, sizeof( sk ) );
+ mbedtls_platform_zeroize( sk, sizeof( sk ) );
return( 0 );
}
@@ -604,7 +600,7 @@
uint32_t sk[96];
des3_set3key( ctx->sk, sk, key );
- mbedtls_zeroize( sk, sizeof( sk ) );
+ mbedtls_platform_zeroize( sk, sizeof( sk ) );
return( 0 );
}
@@ -618,7 +614,7 @@
uint32_t sk[96];
des3_set3key( sk, ctx->sk, key );
- mbedtls_zeroize( sk, sizeof( sk ) );
+ mbedtls_platform_zeroize( sk, sizeof( sk ) );
return( 0 );
}
diff --git a/library/dhm.c b/library/dhm.c
index 28ac310..82cbb0c 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -36,6 +36,7 @@
#if defined(MBEDTLS_DHM_C)
#include "mbedtls/dhm.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -58,10 +59,6 @@
#endif
#if !defined(MBEDTLS_DHM_ALT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
/*
* helper to validate the mbedtls_mpi size and import it
@@ -437,7 +434,7 @@
mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X );
mbedtls_mpi_free( &ctx->G ); mbedtls_mpi_free( &ctx->P );
- mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
}
#if defined(MBEDTLS_ASN1_PARSE_C)
@@ -575,7 +572,7 @@
{
fclose( f );
- mbedtls_zeroize( *buf, *n + 1 );
+ mbedtls_platform_zeroize( *buf, *n + 1 );
mbedtls_free( *buf );
return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
@@ -605,7 +602,7 @@
ret = mbedtls_dhm_parse_dhm( dhm, buf, n );
- mbedtls_zeroize( buf, n );
+ mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf );
return( ret );
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 826fefe..17a88bd 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -400,6 +400,9 @@
&ctx->Q, &r, &s ) ) != 0 )
goto cleanup;
+ /* At this point we know that the buffer starts with a valid signature.
+ * Return 0 if the buffer just contains the signature, and a specific
+ * error code if the valid signature is followed by more data. */
if( p != end )
ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH;
diff --git a/library/ecp.c b/library/ecp.c
index b41baef..41db3fb 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -26,6 +26,7 @@
* GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone
* FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
* RFC 4492 for the related TLS structures and constants
+ * RFC 7748 for the Curve448 and Curve25519 curve definitions
*
* [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf
*
@@ -50,6 +51,7 @@
#include "mbedtls/ecp.h"
#include "mbedtls/threading.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -72,11 +74,6 @@
#define inline __inline
#endif
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
#if defined(MBEDTLS_SELF_TEST)
/*
* Counts of point addition and doubling, and field multiplications.
@@ -99,7 +96,8 @@
#define ECP_SHORTWEIERSTRASS
#endif
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
#define ECP_MONTGOMERY
#endif
@@ -346,7 +344,7 @@
mbedtls_free( grp->T );
}
- mbedtls_zeroize( grp, sizeof( mbedtls_ecp_group ) );
+ mbedtls_platform_zeroize( grp, sizeof( mbedtls_ecp_group ) );
}
/*
@@ -1852,6 +1850,8 @@
static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
{
/* [Curve25519 p. 5] Just check X is the correct number of bytes */
+ /* Allow any public value, if it's too big then we'll just reduce it mod p
+ * (RFC 7748 sec. 5 para. 3). */
if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 )
return( MBEDTLS_ERR_ECP_INVALID_KEY );
@@ -1887,14 +1887,18 @@
#if defined(ECP_MONTGOMERY)
if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
{
- /* see [Curve25519] page 5 */
+ /* see RFC 7748 sec. 5 para. 5 */
if( mbedtls_mpi_get_bit( d, 0 ) != 0 ||
mbedtls_mpi_get_bit( d, 1 ) != 0 ||
- mbedtls_mpi_get_bit( d, 2 ) != 0 ||
mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */
return( MBEDTLS_ERR_ECP_INVALID_KEY );
else
- return( 0 );
+
+ /* see [Curve25519] page 5 */
+ if( grp->nbits == 254 && mbedtls_mpi_get_bit( d, 2 ) != 0 )
+ return( MBEDTLS_ERR_ECP_INVALID_KEY );
+
+ return( 0 );
}
#endif /* ECP_MONTGOMERY */
#if defined(ECP_SHORTWEIERSTRASS)
@@ -1941,10 +1945,14 @@
else
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, grp->nbits, 1 ) );
- /* Make sure the last three bits are unset */
+ /* Make sure the last two bits are unset for Curve448, three bits for
+ Curve25519 */
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
+ if( grp->nbits == 254 )
+ {
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
+ }
}
else
#endif /* ECP_MONTGOMERY */
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index df5ac3e..68e2441 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -627,6 +627,9 @@
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
static int ecp_mod_p255( mbedtls_mpi * );
#endif
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+static int ecp_mod_p448( mbedtls_mpi * );
+#endif
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
static int ecp_mod_p192k1( mbedtls_mpi * );
#endif
@@ -670,7 +673,12 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 19 ) );
grp->pbits = mbedtls_mpi_bitlen( &grp->P );
- /* Y intentionaly not set, since we use x/z coordinates.
+ /* N = 2^252 + 27742317777372353535851937790883648493 */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->N, 16,
+ "14DEF9DEA2F79CD65812631A5CF5D3ED" ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) );
+
+ /* Y intentionally not set, since we use x/z coordinates.
* This is used as a marker to identify Montgomery curves! */
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
@@ -687,6 +695,52 @@
}
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+/*
+ * Specialized function for creating the Curve448 group
+ */
+static int ecp_use_curve448( mbedtls_ecp_group *grp )
+{
+ mbedtls_mpi Ns;
+ int ret;
+
+ mbedtls_mpi_init( &Ns );
+
+ /* Actually ( A + 2 ) / 4 */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "98AA" ) );
+
+ /* P = 2^448 - 2^224 - 1 */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) );
+ grp->pbits = mbedtls_mpi_bitlen( &grp->P );
+
+ /* Y intentionally not set, since we use x/z coordinates.
+ * This is used as a marker to identify Montgomery curves! */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 5 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
+ mbedtls_mpi_free( &grp->G.Y );
+
+ /* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 446, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &Ns, 16,
+ "8335DC163BB124B65129C96FDE933D8D723A70AADC873D6D54A7BB0D" ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &grp->N, &grp->N, &Ns ) );
+
+ /* Actually, the required msb for private keys */
+ grp->nbits = 447;
+
+cleanup:
+ mbedtls_mpi_free( &Ns );
+ if( ret != 0 )
+ mbedtls_ecp_group_free( grp );
+
+ return( ret );
+}
+#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
+
/*
* Set a group using well-known domain parameters
*/
@@ -767,6 +821,12 @@
return( ecp_use_curve25519( grp ) );
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+ case MBEDTLS_ECP_DP_CURVE448:
+ grp->modp = ecp_mod_p448;
+ return( ecp_use_curve448( grp ) );
+#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
+
default:
mbedtls_ecp_group_free( grp );
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
@@ -1176,7 +1236,7 @@
M.s = 1;
M.n = N->n - ( P255_WIDTH - 1 );
if( M.n > P255_WIDTH + 1 )
- M.n = P255_WIDTH + 1;
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
M.p = Mp;
memset( Mp, 0, sizeof Mp );
memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
@@ -1197,6 +1257,77 @@
}
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+
+/* Size of p448 in terms of mbedtls_mpi_uint */
+#define P448_WIDTH ( 448 / 8 / sizeof( mbedtls_mpi_uint ) )
+
+/* Number of limbs fully occupied by 2^224 (max), and limbs used by it (min) */
+#define DIV_ROUND_UP( X, Y ) ( ( ( X ) + ( Y ) - 1 ) / ( Y ) )
+#define P224_WIDTH_MIN ( 28 / sizeof( mbedtls_mpi_uint ) )
+#define P224_WIDTH_MAX DIV_ROUND_UP( 28, sizeof( mbedtls_mpi_uint ) )
+#define P224_UNUSED_BITS ( ( P224_WIDTH_MAX * sizeof( mbedtls_mpi_uint ) * 8 ) - 224 )
+
+/*
+ * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1
+ * Write N as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return
+ * A0 + A1 + B1 + (B0 + B1) * 2^224. This is different to the reference
+ * implementation of Curve448, which uses its own special 56-bit limbs rather
+ * than a generic bignum library. We could squeeze some extra speed out on
+ * 32-bit machines by splitting N up into 32-bit limbs and doing the
+ * arithmetic using the limbs directly as we do for the NIST primes above,
+ * but for 64-bit targets it should use half the number of operations if we do
+ * the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds.
+ */
+static int ecp_mod_p448( mbedtls_mpi *N )
+{
+ int ret;
+ size_t i;
+ mbedtls_mpi M, Q;
+ mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH];
+
+ if( N->n <= P448_WIDTH )
+ return( 0 );
+
+ /* M = A1 */
+ M.s = 1;
+ M.n = N->n - ( P448_WIDTH );
+ if( M.n > P448_WIDTH )
+ /* Shouldn't be called with N larger than 2^896! */
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ M.p = Mp;
+ memset( Mp, 0, sizeof( Mp ) );
+ memcpy( Mp, N->p + P448_WIDTH, M.n * sizeof( mbedtls_mpi_uint ) );
+
+ /* N = A0 */
+ for( i = P448_WIDTH; i < N->n; i++ )
+ N->p[i] = 0;
+
+ /* N += A1 */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) );
+
+ /* Q = B1, N += B1 */
+ Q = M;
+ Q.p = Qp;
+ memcpy( Qp, Mp, sizeof( Qp ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Q, 224 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &Q ) );
+
+ /* M = (B0 + B1) * 2^224, N += M */
+ if( sizeof( mbedtls_mpi_uint ) > 4 )
+ Mp[P224_WIDTH_MIN] &= ( (mbedtls_mpi_uint)-1 ) >> ( P224_UNUSED_BITS );
+ for( i = P224_WIDTH_MAX; i < M.n; ++i )
+ Mp[i] = 0;
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M, &M, &Q ) );
+ M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &M, 224 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) );
+
+cleanup:
+ return( ret );
+}
+#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
+
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
diff --git a/library/entropy.c b/library/entropy.c
index e17512e..f8db1a5 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -35,6 +35,7 @@
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -59,11 +60,6 @@
#include "mbedtls/havege.h"
#endif
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
@@ -140,7 +136,7 @@
ctx->initial_entropy_run = 0;
#endif
ctx->source_count = 0;
- mbedtls_zeroize( ctx->source, sizeof( ctx->source ) );
+ mbedtls_platform_zeroize( ctx->source, sizeof( ctx->source ) );
ctx->accumulator_started = 0;
}
@@ -232,7 +228,7 @@
#endif
cleanup:
- mbedtls_zeroize( tmp, sizeof( tmp ) );
+ mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
return( ret );
}
@@ -300,7 +296,7 @@
ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE;
cleanup:
- mbedtls_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( ret );
}
@@ -433,7 +429,7 @@
ret = 0;
exit:
- mbedtls_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
#if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
@@ -486,7 +482,7 @@
ret = 0;
exit:
- mbedtls_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
fclose( f );
return( ret );
@@ -516,7 +512,7 @@
fclose( f );
- mbedtls_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
if( ret != 0 )
return( ret );
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index a116e60..67900c4 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -44,7 +44,7 @@
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
- !defined(__APPLE__) && !defined(_WIN32)
+ !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__)
#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h"
#endif
diff --git a/library/error.c b/library/error.c
index 0292480..222d85b 100644
--- a/library/error.c
+++ b/library/error.c
@@ -256,19 +256,19 @@
if( use_ret == -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL) )
mbedtls_snprintf( buf, buflen, "ECP - The buffer is too small to write to" );
if( use_ret == -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE) )
- mbedtls_snprintf( buf, buflen, "ECP - Requested curve not available" );
+ mbedtls_snprintf( buf, buflen, "ECP - The requested feature is not available, for example, the requested curve is not supported" );
if( use_ret == -(MBEDTLS_ERR_ECP_VERIFY_FAILED) )
mbedtls_snprintf( buf, buflen, "ECP - The signature is not valid" );
if( use_ret == -(MBEDTLS_ERR_ECP_ALLOC_FAILED) )
mbedtls_snprintf( buf, buflen, "ECP - Memory allocation failed" );
if( use_ret == -(MBEDTLS_ERR_ECP_RANDOM_FAILED) )
- mbedtls_snprintf( buf, buflen, "ECP - Generation of random value, such as (ephemeral) key, failed" );
+ mbedtls_snprintf( buf, buflen, "ECP - Generation of random value, such as ephemeral key, failed" );
if( use_ret == -(MBEDTLS_ERR_ECP_INVALID_KEY) )
mbedtls_snprintf( buf, buflen, "ECP - Invalid private or public key" );
if( use_ret == -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) )
- mbedtls_snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" );
+ mbedtls_snprintf( buf, buflen, "ECP - The buffer contains a valid signature followed by more data" );
if( use_ret == -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) )
- mbedtls_snprintf( buf, buflen, "ECP - ECP hardware accelerator failed" );
+ mbedtls_snprintf( buf, buflen, "ECP - The ECP hardware accelerator failed" );
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_MD_C)
@@ -333,7 +333,7 @@
if( use_ret == -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) )
mbedtls_snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" );
if( use_ret == -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH) )
- mbedtls_snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" );
+ mbedtls_snprintf( buf, buflen, "PK - The buffer contains a valid signature followed by more data" );
if( use_ret == -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "PK - PK hardware accelerator failed" );
#endif /* MBEDTLS_PK_C */
@@ -478,7 +478,7 @@
if( use_ret == -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE) )
mbedtls_snprintf( buf, buflen, "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" );
if( use_ret == -(MBEDTLS_ERR_SSL_WANT_READ) )
- mbedtls_snprintf( buf, buflen, "SSL - Connection requires a read call" );
+ mbedtls_snprintf( buf, buflen, "SSL - No data of requested type currently available on underlying transport" );
if( use_ret == -(MBEDTLS_ERR_SSL_WANT_WRITE) )
mbedtls_snprintf( buf, buflen, "SSL - Connection requires a write call" );
if( use_ret == -(MBEDTLS_ERR_SSL_TIMEOUT) )
@@ -491,6 +491,8 @@
mbedtls_snprintf( buf, buflen, "SSL - The alert message received indicates a non-fatal error" );
if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH) )
mbedtls_snprintf( buf, buflen, "SSL - Couldn't set the hash for verifying CertificateVerify" );
+ if( use_ret == -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) )
+ mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that further message-processing should be done" );
#endif /* MBEDTLS_SSL_TLS_C */
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
@@ -745,6 +747,10 @@
mbedtls_snprintf( buf, buflen, "NET - Buffer is too small to hold the data" );
if( use_ret == -(MBEDTLS_ERR_NET_INVALID_CONTEXT) )
mbedtls_snprintf( buf, buflen, "NET - The context is invalid, eg because it was free()ed" );
+ if( use_ret == -(MBEDTLS_ERR_NET_POLL_FAILED) )
+ mbedtls_snprintf( buf, buflen, "NET - Polling the net context failed" );
+ if( use_ret == -(MBEDTLS_ERR_NET_BAD_INPUT_DATA) )
+ mbedtls_snprintf( buf, buflen, "NET - Input invalid" );
#endif /* MBEDTLS_NET_C */
#if defined(MBEDTLS_OID_C)
diff --git a/library/gcm.c b/library/gcm.c
index 294a86d..57b0279 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -38,6 +38,7 @@
#if defined(MBEDTLS_GCM_C)
#include "mbedtls/gcm.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -80,11 +81,6 @@
}
#endif
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
/*
* Initialize a context
*/
@@ -498,7 +494,7 @@
if( diff != 0 )
{
- mbedtls_zeroize( output, length );
+ mbedtls_platform_zeroize( output, length );
return( MBEDTLS_ERR_GCM_AUTH_FAILED );
}
@@ -508,7 +504,7 @@
void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
{
mbedtls_cipher_free( &ctx->cipher_ctx );
- mbedtls_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
}
#endif /* !MBEDTLS_GCM_ALT */
diff --git a/library/havege.c b/library/havege.c
index 2b75ef7..4dcac02 100644
--- a/library/havege.c
+++ b/library/havege.c
@@ -36,14 +36,10 @@
#include "mbedtls/havege.h"
#include "mbedtls/timing.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
/* ------------------------------------------------------------------------
* On average, one iteration accesses two 8-word blocks in the havege WALK
* table, and generates 16 words in the RES array.
@@ -208,7 +204,7 @@
if( hs == NULL )
return;
- mbedtls_zeroize( hs, sizeof( mbedtls_havege_state ) );
+ mbedtls_platform_zeroize( hs, sizeof( mbedtls_havege_state ) );
}
/*
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index 24c609e..dad55ff 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -34,6 +34,7 @@
#if defined(MBEDTLS_HMAC_DRBG_C)
#include "mbedtls/hmac_drbg.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -50,11 +51,6 @@
#endif /* MBEDTLS_SELF_TEST */
#endif /* MBEDTLS_PLATFORM_C */
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
/*
* HMAC_DRBG context initialization
*/
@@ -338,7 +334,7 @@
mbedtls_mutex_free( &ctx->mutex );
#endif
mbedtls_md_free( &ctx->md_ctx );
- mbedtls_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) );
}
#if defined(MBEDTLS_FS_IO)
@@ -364,7 +360,7 @@
exit:
fclose( f );
- mbedtls_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( ret );
}
@@ -396,7 +392,7 @@
fclose( f );
- mbedtls_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
if( ret != 0 )
return( ret );
diff --git a/library/md.c b/library/md.c
index 00249af..303cdcb 100644
--- a/library/md.c
+++ b/library/md.c
@@ -33,6 +33,7 @@
#include "mbedtls/md.h"
#include "mbedtls/md_internal.h"
+#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
@@ -48,11 +49,6 @@
#include <stdio.h>
#endif
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
/*
* Reminder: update profiles in x509_crt.c when adding a new hash!
*/
@@ -193,11 +189,12 @@
if( ctx->hmac_ctx != NULL )
{
- mbedtls_zeroize( ctx->hmac_ctx, 2 * ctx->md_info->block_size );
+ mbedtls_platform_zeroize( ctx->hmac_ctx,
+ 2 * ctx->md_info->block_size );
mbedtls_free( ctx->hmac_ctx );
}
- mbedtls_zeroize( ctx, sizeof( mbedtls_md_context_t ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) );
}
int mbedtls_md_clone( mbedtls_md_context_t *dst,
@@ -311,7 +308,7 @@
ret = md_info->finish_func( ctx.md_ctx, output );
cleanup:
- mbedtls_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
fclose( f );
mbedtls_md_free( &ctx );
@@ -361,7 +358,7 @@
goto cleanup;
cleanup:
- mbedtls_zeroize( sum, sizeof( sum ) );
+ mbedtls_platform_zeroize( sum, sizeof( sum ) );
return( ret );
}
diff --git a/library/md2.c b/library/md2.c
index b88aa40..1c0b3df 100644
--- a/library/md2.c
+++ b/library/md2.c
@@ -34,6 +34,7 @@
#if defined(MBEDTLS_MD2_C)
#include "mbedtls/md2.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -48,11 +49,6 @@
#if !defined(MBEDTLS_MD2_ALT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
static const unsigned char PI_SUBST[256] =
{
0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,
@@ -93,7 +89,7 @@
if( ctx == NULL )
return;
- mbedtls_zeroize( ctx, sizeof( mbedtls_md2_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md2_context ) );
}
void mbedtls_md2_clone( mbedtls_md2_context *dst,
diff --git a/library/md4.c b/library/md4.c
index ba704f5..3f8ddff 100644
--- a/library/md4.c
+++ b/library/md4.c
@@ -34,6 +34,7 @@
#if defined(MBEDTLS_MD4_C)
#include "mbedtls/md4.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -48,11 +49,6 @@
#if !defined(MBEDTLS_MD4_ALT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
/*
* 32-bit integer manipulation macros (little endian)
*/
@@ -86,7 +82,7 @@
if( ctx == NULL )
return;
- mbedtls_zeroize( ctx, sizeof( mbedtls_md4_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md4_context ) );
}
void mbedtls_md4_clone( mbedtls_md4_context *dst,
diff --git a/library/md5.c b/library/md5.c
index 8440ebf..8238c2b 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -33,6 +33,7 @@
#if defined(MBEDTLS_MD5_C)
#include "mbedtls/md5.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -47,11 +48,6 @@
#if !defined(MBEDTLS_MD5_ALT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
/*
* 32-bit integer manipulation macros (little endian)
*/
@@ -85,7 +81,7 @@
if( ctx == NULL )
return;
- mbedtls_zeroize( ctx, sizeof( mbedtls_md5_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md5_context ) );
}
void mbedtls_md5_clone( mbedtls_md5_context *dst,
diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c
index 545d5a2..ceaeda1 100644
--- a/library/memory_buffer_alloc.c
+++ b/library/memory_buffer_alloc.c
@@ -31,6 +31,7 @@
/* No need for the header guard as MBEDTLS_MEMORY_BUFFER_ALLOC_C
is dependent upon MBEDTLS_PLATFORM_C */
#include "mbedtls/platform.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -42,11 +43,6 @@
#include "mbedtls/threading.h"
#endif
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
#define MAGIC1 0xFF00AA55
#define MAGIC2 0xEE119966
#define MAX_BT 20
@@ -113,7 +109,7 @@
#endif
}
-static void debug_chain()
+static void debug_chain( void )
{
memory_header *cur = heap.first;
@@ -180,11 +176,11 @@
return( 0 );
}
-static int verify_chain()
+static int verify_chain( void )
{
- memory_header *prv = heap.first, *cur = heap.first->next;
+ memory_header *prv = heap.first, *cur;
- if( verify_header( heap.first ) != 0 )
+ if( prv == NULL || verify_header( prv ) != 0 )
{
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_fprintf( stderr, "FATAL: verification of first header "
@@ -202,6 +198,8 @@
return( 1 );
}
+ cur = heap.first->next;
+
while( cur != NULL )
{
if( verify_header( cur ) != 0 )
@@ -245,7 +243,9 @@
original_len = len = n * size;
- if( n != 0 && len / n != size )
+ if( n == 0 || size == 0 || len / n != size )
+ return( NULL );
+ else if( len > (size_t)-MBEDTLS_MEMORY_ALIGN_MULTIPLE )
return( NULL );
if( len % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
@@ -386,7 +386,7 @@
if( ptr == NULL || heap.buf == NULL || heap.first == NULL )
return;
- if( p < heap.buf || p > heap.buf + heap.len )
+ if( p < heap.buf || p >= heap.buf + heap.len )
{
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_fprintf( stderr, "FATAL: mbedtls_free() outside of managed "
@@ -500,13 +500,13 @@
heap.verify = verify;
}
-int mbedtls_memory_buffer_alloc_verify()
+int mbedtls_memory_buffer_alloc_verify( void )
{
return verify_chain();
}
#if defined(MBEDTLS_MEMORY_DEBUG)
-void mbedtls_memory_buffer_alloc_status()
+void mbedtls_memory_buffer_alloc_status( void )
{
mbedtls_fprintf( stderr,
"Current use: %zu blocks / %zu bytes, max: %zu blocks / "
@@ -570,8 +570,7 @@
void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len )
{
- memset( &heap, 0, sizeof(buffer_alloc_ctx) );
- memset( buf, 0, len );
+ memset( &heap, 0, sizeof( buffer_alloc_ctx ) );
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_init( &heap.mutex );
@@ -581,31 +580,35 @@
mbedtls_platform_set_calloc_free( buffer_alloc_calloc, buffer_alloc_free );
#endif
- if( (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
+ if( len < sizeof( memory_header ) + MBEDTLS_MEMORY_ALIGN_MULTIPLE )
+ return;
+ else if( (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
{
/* Adjust len first since buf is used in the computation */
len -= MBEDTLS_MEMORY_ALIGN_MULTIPLE
- - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
+ - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
buf += MBEDTLS_MEMORY_ALIGN_MULTIPLE
- - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
+ - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
}
+ memset( buf, 0, len );
+
heap.buf = buf;
heap.len = len;
- heap.first = (memory_header *) buf;
- heap.first->size = len - sizeof(memory_header);
+ heap.first = (memory_header *)buf;
+ heap.first->size = len - sizeof( memory_header );
heap.first->magic1 = MAGIC1;
heap.first->magic2 = MAGIC2;
heap.first_free = heap.first;
}
-void mbedtls_memory_buffer_alloc_free()
+void mbedtls_memory_buffer_alloc_free( void )
{
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_free( &heap.mutex );
#endif
- mbedtls_zeroize( &heap, sizeof(buffer_alloc_ctx) );
+ mbedtls_platform_zeroize( &heap, sizeof(buffer_alloc_ctx) );
}
#if defined(MBEDTLS_SELF_TEST)
@@ -620,7 +623,7 @@
return( 0 );
}
-static int check_all_free( )
+static int check_all_free( void )
{
if(
#if defined(MBEDTLS_MEMORY_DEBUG)
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 345f102..7b4a423 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -28,7 +28,7 @@
#if defined(MBEDTLS_NET_C)
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
- !defined(__APPLE__) && !defined(_WIN32)
+ !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__)
#error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h"
#endif
@@ -45,6 +45,8 @@
#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
!defined(EFI32)
+#define IS_EINTR( ret ) ( ( ret ) == WSAEINTR )
+
#ifdef _WIN32_WINNT
#undef _WIN32_WINNT
#endif
@@ -82,6 +84,8 @@
#include <netdb.h>
#include <errno.h>
+#define IS_EINTR( ret ) ( ( ret ) == EINTR )
+
#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
/* Some MS functions want int and MSVC warns if we pass size_t,
@@ -271,7 +275,7 @@
static int net_would_block( const mbedtls_net_context *ctx )
{
int err = errno;
-
+
/*
* Never return 'WOULD BLOCK' on a non-blocking socket
*/
@@ -439,6 +443,72 @@
}
/*
+ * Check if data is available on the socket
+ */
+
+int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout )
+{
+ int ret;
+ struct timeval tv;
+
+ fd_set read_fds;
+ fd_set write_fds;
+
+ int fd = ctx->fd;
+
+ if( fd < 0 )
+ return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+
+#if defined(__has_feature)
+#if __has_feature(memory_sanitizer)
+ /* Ensure that memory sanitizers consider read_fds and write_fds as
+ * initialized even on platforms such as Glibc/x86_64 where FD_ZERO
+ * is implemented in assembly. */
+ memset( &read_fds, 0, sizeof( read_fds ) );
+ memset( &write_fds, 0, sizeof( write_fds ) );
+#endif
+#endif
+
+ FD_ZERO( &read_fds );
+ if( rw & MBEDTLS_NET_POLL_READ )
+ {
+ rw &= ~MBEDTLS_NET_POLL_READ;
+ FD_SET( fd, &read_fds );
+ }
+
+ FD_ZERO( &write_fds );
+ if( rw & MBEDTLS_NET_POLL_WRITE )
+ {
+ rw &= ~MBEDTLS_NET_POLL_WRITE;
+ FD_SET( fd, &write_fds );
+ }
+
+ if( rw != 0 )
+ return( MBEDTLS_ERR_NET_BAD_INPUT_DATA );
+
+ tv.tv_sec = timeout / 1000;
+ tv.tv_usec = ( timeout % 1000 ) * 1000;
+
+ do
+ {
+ ret = select( fd + 1, &read_fds, &write_fds, NULL,
+ timeout == (uint32_t) -1 ? NULL : &tv );
+ }
+ while( IS_EINTR( ret ) );
+
+ if( ret < 0 )
+ return( MBEDTLS_ERR_NET_POLL_FAILED );
+
+ ret = 0;
+ if( FD_ISSET( fd, &read_fds ) )
+ ret |= MBEDTLS_NET_POLL_READ;
+ if( FD_ISSET( fd, &write_fds ) )
+ ret |= MBEDTLS_NET_POLL_WRITE;
+
+ return( ret );
+}
+
+/*
* Portable usleep helper
*/
void mbedtls_net_usleep( unsigned long usec )
@@ -497,8 +567,8 @@
/*
* Read at most 'len' characters, blocking for at most 'timeout' ms
*/
-int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
- uint32_t timeout )
+int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf,
+ size_t len, uint32_t timeout )
{
int ret;
struct timeval tv;
diff --git a/library/pem.c b/library/pem.c
index c09651f..6069a23 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -33,6 +33,7 @@
#include "mbedtls/aes.h"
#include "mbedtls/md5.h"
#include "mbedtls/cipher.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -45,11 +46,6 @@
#endif
#if defined(MBEDTLS_PEM_PARSE_C)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
void mbedtls_pem_init( mbedtls_pem_context *ctx )
{
memset( ctx, 0, sizeof( mbedtls_pem_context ) );
@@ -135,7 +131,7 @@
exit:
mbedtls_md5_free( &md5_ctx );
- mbedtls_zeroize( md5sum, 16 );
+ mbedtls_platform_zeroize( md5sum, 16 );
return( ret );
}
@@ -164,7 +160,7 @@
exit:
mbedtls_des_free( &des_ctx );
- mbedtls_zeroize( des_key, 8 );
+ mbedtls_platform_zeroize( des_key, 8 );
return( ret );
}
@@ -192,7 +188,7 @@
exit:
mbedtls_des3_free( &des3_ctx );
- mbedtls_zeroize( des3_key, 24 );
+ mbedtls_platform_zeroize( des3_key, 24 );
return( ret );
}
@@ -222,7 +218,7 @@
exit:
mbedtls_aes_free( &aes_ctx );
- mbedtls_zeroize( aes_key, keylen );
+ mbedtls_platform_zeroize( aes_key, keylen );
return( ret );
}
@@ -359,7 +355,7 @@
if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 )
{
- mbedtls_zeroize( buf, len );
+ mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
}
@@ -370,7 +366,7 @@
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
if( pwd == NULL )
{
- mbedtls_zeroize( buf, len );
+ mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
}
@@ -403,16 +399,16 @@
* The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
* length bytes (allow 4 to be sure) in all known use cases.
*
- * Use that as heurisitic to try detecting password mismatchs.
+ * Use that as a heuristic to try to detect password mismatches.
*/
if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
{
- mbedtls_zeroize( buf, len );
+ mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH );
}
#else
- mbedtls_zeroize( buf, len );
+ mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
@@ -428,11 +424,11 @@
void mbedtls_pem_free( mbedtls_pem_context *ctx )
{
if( ctx->buf != NULL )
- mbedtls_zeroize( ctx->buf, ctx->buflen );
+ mbedtls_platform_zeroize( ctx->buf, ctx->buflen );
mbedtls_free( ctx->buf );
mbedtls_free( ctx->info );
- mbedtls_zeroize( ctx, sizeof( mbedtls_pem_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) );
}
#endif /* MBEDTLS_PEM_PARSE_C */
@@ -442,7 +438,7 @@
unsigned char *buf, size_t buf_len, size_t *olen )
{
int ret;
- unsigned char *encode_buf, *c, *p = buf;
+ unsigned char *encode_buf = NULL, *c, *p = buf;
size_t len = 0, use_len, add_len = 0;
mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len );
@@ -454,7 +450,8 @@
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
}
- if( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL )
+ if( use_len != 0 &&
+ ( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) )
return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data,
diff --git a/library/pk.c b/library/pk.c
index b52c73f..f05b139 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -29,6 +29,8 @@
#include "mbedtls/pk.h"
#include "mbedtls/pk_internal.h"
+#include "mbedtls/platform_util.h"
+
#if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h"
#endif
@@ -42,11 +44,6 @@
#include <limits.h>
#include <stdint.h>
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
/*
* Initialise a mbedtls_pk_context
*/
@@ -69,7 +66,7 @@
ctx->pk_info->ctx_free_func( ctx->pk_ctx );
- mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) );
}
/*
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index a4bb35f..2c7d2d7 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -41,6 +41,10 @@
#include "mbedtls/ecdsa.h"
#endif
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+#include "mbedtls/platform_util.h"
+#endif
+
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
@@ -52,13 +56,6 @@
#include <limits.h>
#include <stdint.h>
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-#endif
-
#if defined(MBEDTLS_RSA_C)
static int rsa_can_do( mbedtls_pk_type_t type )
{
@@ -93,6 +90,11 @@
(unsigned int) hash_len, hash, sig ) ) != 0 )
return( ret );
+ /* The buffer contains a valid signature followed by extra data.
+ * We have a special error code for that so that so that callers can
+ * use mbedtls_pk_verify() to check "Does the buffer start with a
+ * valid signature?" and not just "Does the buffer contain a valid
+ * signature?". */
if( sig_len > rsa_len )
return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
@@ -493,7 +495,7 @@
static void rsa_alt_free_wrap( void *ctx )
{
- mbedtls_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
mbedtls_free( ctx );
}
diff --git a/library/pkcs12.c b/library/pkcs12.c
index c603a13..16a15cb 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -36,6 +36,7 @@
#include "mbedtls/pkcs12.h"
#include "mbedtls/asn1.h"
#include "mbedtls/cipher.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -47,11 +48,6 @@
#include "mbedtls/des.h"
#endif
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
mbedtls_asn1_buf *salt, int *iterations )
{
@@ -166,7 +162,7 @@
goto exit;
exit:
- mbedtls_zeroize( key, sizeof( key ) );
+ mbedtls_platform_zeroize( key, sizeof( key ) );
mbedtls_arc4_free( &ctx );
return( ret );
@@ -223,8 +219,8 @@
ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH;
exit:
- mbedtls_zeroize( key, sizeof( key ) );
- mbedtls_zeroize( iv, sizeof( iv ) );
+ mbedtls_platform_zeroize( key, sizeof( key ) );
+ mbedtls_platform_zeroize( iv, sizeof( iv ) );
mbedtls_cipher_free( &cipher_ctx );
return( ret );
@@ -352,10 +348,10 @@
ret = 0;
exit:
- mbedtls_zeroize( salt_block, sizeof( salt_block ) );
- mbedtls_zeroize( pwd_block, sizeof( pwd_block ) );
- mbedtls_zeroize( hash_block, sizeof( hash_block ) );
- mbedtls_zeroize( hash_output, sizeof( hash_output ) );
+ mbedtls_platform_zeroize( salt_block, sizeof( salt_block ) );
+ mbedtls_platform_zeroize( pwd_block, sizeof( pwd_block ) );
+ mbedtls_platform_zeroize( hash_block, sizeof( hash_block ) );
+ mbedtls_platform_zeroize( hash_output, sizeof( hash_output ) );
mbedtls_md_free( &md_ctx );
diff --git a/library/pkcs5.c b/library/pkcs5.c
index 95f44fa..440a174 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -38,9 +38,12 @@
#if defined(MBEDTLS_PKCS5_C)
#include "mbedtls/pkcs5.h"
+
+#if defined(MBEDTLS_ASN1_PARSE_C)
#include "mbedtls/asn1.h"
#include "mbedtls/cipher.h"
#include "mbedtls/oid.h"
+#endif /* MBEDTLS_ASN1_PARSE_C */
#include <string.h>
@@ -51,6 +54,22 @@
#define mbedtls_printf printf
#endif
+#if !defined(MBEDTLS_ASN1_PARSE_C)
+int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t datalen,
+ unsigned char *output )
+{
+ ((void) pbe_params);
+ ((void) mode);
+ ((void) pwd);
+ ((void) pwdlen);
+ ((void) data);
+ ((void) datalen);
+ ((void) output);
+ return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
+}
+#else
static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
mbedtls_asn1_buf *salt, int *iterations,
int *keylen, mbedtls_md_type_t *md_type )
@@ -211,6 +230,7 @@
return( ret );
}
+#endif /* MBEDTLS_ASN1_PARSE_C */
int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
size_t plen, const unsigned char *salt, size_t slen,
diff --git a/library/pkparse.c b/library/pkparse.c
index aae1785..ccb7f54 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -30,6 +30,7 @@
#include "mbedtls/pk.h"
#include "mbedtls/asn1.h"
#include "mbedtls/oid.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -60,14 +61,6 @@
#define mbedtls_free free
#endif
-#if defined(MBEDTLS_FS_IO) || \
- defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-#endif
-
#if defined(MBEDTLS_FS_IO)
/*
* Load all data from a file into a given buffer.
@@ -105,7 +98,7 @@
{
fclose( f );
- mbedtls_zeroize( *buf, *n );
+ mbedtls_platform_zeroize( *buf, *n );
mbedtls_free( *buf );
return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
@@ -140,7 +133,7 @@
ret = mbedtls_pk_parse_key( ctx, buf, n,
(const unsigned char *) pwd, strlen( pwd ) );
- mbedtls_zeroize( buf, n );
+ mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf );
return( ret );
@@ -160,7 +153,7 @@
ret = mbedtls_pk_parse_public_key( ctx, buf, n );
- mbedtls_zeroize( buf, n );
+ mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf );
return( ret );
@@ -181,6 +174,10 @@
{
int ret;
+ if ( end - *p < 1 )
+ return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
+ MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
/* Tag may be either OID or SEQUENCE */
params->tag = **p;
if( params->tag != MBEDTLS_ASN1_OID
@@ -857,7 +854,10 @@
mbedtls_ecp_keypair_free( eck );
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
}
+ }
+ if( p != end )
+ {
/*
* Is 'publickey' present? If not, or if we can't read it (eg because it
* is compressed), create it from the private key.
@@ -1277,6 +1277,9 @@
{
unsigned char *key_copy;
+ if( keylen == 0 )
+ return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+
if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
@@ -1285,7 +1288,7 @@
ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
pwd, pwdlen );
- mbedtls_zeroize( key_copy, keylen );
+ mbedtls_platform_zeroize( key_copy, keylen );
mbedtls_free( key_copy );
}
diff --git a/library/platform.c b/library/platform.c
index 76df7fa..9e99287 100644
--- a/library/platform.c
+++ b/library/platform.c
@@ -28,14 +28,7 @@
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED) && \
- !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-#endif
+#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_PLATFORM_MEMORY)
#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
@@ -82,7 +75,7 @@
return( -1 );
va_start( argp, fmt );
-#if defined(_TRUNCATE)
+#if defined(_TRUNCATE) && !defined(__MINGW32__)
ret = _vsnprintf_s( s, n, _TRUNCATE, fmt, argp );
#else
ret = _vsnprintf( s, n, fmt, argp );
@@ -241,7 +234,7 @@
if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len )
{
fclose( file );
- mbedtls_zeroize( buf, buf_len );
+ mbedtls_platform_zeroize( buf, buf_len );
return( -1 );
}
diff --git a/library/platform_util.c b/library/platform_util.c
new file mode 100644
index 0000000..1a57de9
--- /dev/null
+++ b/library/platform_util.c
@@ -0,0 +1,67 @@
+/*
+ * Common and shared functions used by multiple modules in the Mbed TLS
+ * library.
+ *
+ * Copyright (C) 2018, Arm Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of Mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "mbedtls/platform_util.h"
+
+#include <stddef.h>
+#include <string.h>
+
+#if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
+/*
+ * This implementation should never be optimized out by the compiler
+ *
+ * This implementation for mbedtls_platform_zeroize() was inspired from Colin
+ * Percival's blog article at:
+ *
+ * http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html
+ *
+ * It uses a volatile function pointer to the standard memset(). Because the
+ * pointer is volatile the compiler expects it to change at
+ * any time and will not optimize out the call that could potentially perform
+ * other operations on the input buffer instead of just setting it to 0.
+ * Nevertheless, as pointed out by davidtgoldblatt on Hacker News
+ * (refer to http://www.daemonology.net/blog/2014-09-05-erratum.html for
+ * details), optimizations of the following form are still possible:
+ *
+ * if( memset_func != memset )
+ * memset_func( buf, 0, len );
+ *
+ * Note that it is extremely difficult to guarantee that
+ * mbedtls_platform_zeroize() will not be optimized out by aggressive compilers
+ * in a portable way. For this reason, Mbed TLS also provides the configuration
+ * option MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
+ * mbedtls_platform_zeroize() to use a suitable implementation for their
+ * platform and needs.
+ */
+static void * (* const volatile memset_func)( void *, int, size_t ) = memset;
+
+void mbedtls_platform_zeroize( void *buf, size_t len )
+{
+ memset_func( buf, 0, len );
+}
+#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
diff --git a/library/ripemd160.c b/library/ripemd160.c
index 2ba48b7..bd25ada 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -34,6 +34,7 @@
#if defined(MBEDTLS_RIPEMD160_C)
#include "mbedtls/ripemd160.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -71,11 +72,6 @@
}
#endif
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx )
{
memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) );
@@ -86,7 +82,7 @@
if( ctx == NULL )
return;
- mbedtls_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) );
}
void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
diff --git a/library/rsa.c b/library/rsa.c
index 6526978..88c1cf1 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -48,6 +48,7 @@
#include "mbedtls/rsa.h"
#include "mbedtls/rsa_internal.h"
#include "mbedtls/oid.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -70,11 +71,7 @@
#if !defined(MBEDTLS_RSA_ALT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
+#if defined(MBEDTLS_PKCS1_V15)
/* constant-time buffer comparison */
static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
{
@@ -88,6 +85,7 @@
return( diff );
}
+#endif /* MBEDTLS_PKCS1_V15 */
int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
const mbedtls_mpi *N,
@@ -493,6 +491,9 @@
/*
* Generate an RSA keypair
+ *
+ * This generation method follows the RSA key pair generation procedure of
+ * FIPS 186-4 if 2^16 < exponent < 2^256 and nbits = 2048 or nbits = 3072.
*/
int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -500,7 +501,7 @@
unsigned int nbits, int exponent )
{
int ret;
- mbedtls_mpi H, G;
+ mbedtls_mpi H, G, L;
if( f_rng == NULL || nbits < 128 || exponent < 3 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -510,10 +511,13 @@
mbedtls_mpi_init( &H );
mbedtls_mpi_init( &G );
+ mbedtls_mpi_init( &L );
/*
* find primes P and Q with Q < P so that:
- * GCD( E, (P-1)*(Q-1) ) == 1
+ * 1. |P-Q| > 2^( nbits / 2 - 100 )
+ * 2. GCD( E, (P-1)*(Q-1) ) == 1
+ * 3. E^-1 mod LCM(P-1, Q-1) > 2^( nbits / 2 )
*/
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) );
@@ -525,40 +529,51 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
f_rng, p_rng ) );
- if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
+ /* make sure the difference between p and q is not too small (FIPS 186-4 §B.3.3 step 5.4) */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &H, &ctx->P, &ctx->Q ) );
+ if( mbedtls_mpi_bitlen( &H ) <= ( ( nbits >= 200 ) ? ( ( nbits >> 1 ) - 99 ) : 0 ) )
continue;
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) );
- if( mbedtls_mpi_bitlen( &ctx->N ) != nbits )
- continue;
-
- if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
+ /* not required by any standards, but some users rely on the fact that P > Q */
+ if( H.s < 0 )
mbedtls_mpi_swap( &ctx->P, &ctx->Q );
/* Temporarily replace P,Q by P-1, Q-1 */
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &ctx->P, &ctx->Q ) );
+
+ /* check GCD( E, (P-1)*(Q-1) ) == 1 (FIPS 186-4 §B.3.1 criterion 2(a)) */
MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) );
+ if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
+ continue;
+
+ /* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) (FIPS 186-4 §B.3.1 criterion 3(b)) */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->P, &ctx->Q ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L, NULL, &H, &G ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &L ) );
+
+ if( mbedtls_mpi_bitlen( &ctx->D ) <= ( ( nbits + 1 ) / 2 ) ) // (FIPS 186-4 §B.3.1 criterion 3(a))
+ continue;
+
+ break;
}
- while( mbedtls_mpi_cmp_int( &G, 1 ) != 0 );
+ while( 1 );
/* Restore P,Q */
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q, &ctx->Q, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) );
+
ctx->len = mbedtls_mpi_size( &ctx->N );
+#if !defined(MBEDTLS_RSA_NO_CRT)
/*
- * D = E^-1 mod ((P-1)*(Q-1))
* DP = D mod (P - 1)
* DQ = D mod (Q - 1)
* QP = Q^-1 mod P
*/
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &H ) );
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
MBEDTLS_MPI_CHK( mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
&ctx->DP, &ctx->DQ, &ctx->QP ) );
#endif /* MBEDTLS_RSA_NO_CRT */
@@ -570,6 +585,7 @@
mbedtls_mpi_free( &H );
mbedtls_mpi_free( &G );
+ mbedtls_mpi_free( &L );
if( ret != 0 )
{
@@ -773,16 +789,38 @@
{
int ret;
size_t olen;
- mbedtls_mpi T, T1, T2;
+
+ /* Temporary holding the result */
+ mbedtls_mpi T;
+
+ /* Temporaries holding P-1, Q-1 and the
+ * exponent blinding factor, respectively. */
mbedtls_mpi P1, Q1, R;
-#if defined(MBEDTLS_RSA_NO_CRT)
- mbedtls_mpi D_blind;
- mbedtls_mpi *D = &ctx->D;
-#else
+
+#if !defined(MBEDTLS_RSA_NO_CRT)
+ /* Temporaries holding the results mod p resp. mod q. */
+ mbedtls_mpi TP, TQ;
+
+ /* Temporaries holding the blinded exponents for
+ * the mod p resp. mod q computation (if used). */
mbedtls_mpi DP_blind, DQ_blind;
+
+ /* Pointers to actual exponents to be used - either the unblinded
+ * or the blinded ones, depending on the presence of a PRNG. */
mbedtls_mpi *DP = &ctx->DP;
mbedtls_mpi *DQ = &ctx->DQ;
-#endif
+#else
+ /* Temporary holding the blinded exponent (if used). */
+ mbedtls_mpi D_blind;
+
+ /* Pointer to actual exponent to be used - either the unblinded
+ * or the blinded one, depending on the presence of a PRNG. */
+ mbedtls_mpi *D = &ctx->D;
+#endif /* MBEDTLS_RSA_NO_CRT */
+
+ /* Temporaries holding the initial input and the double
+ * checked result; should be the same in the end. */
+ mbedtls_mpi I, C;
if( rsa_check_context( ctx, 1 /* private key checks */,
f_rng != NULL /* blinding y/n */ ) != 0 )
@@ -790,8 +828,17 @@
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
- mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 );
- mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &R );
+#if defined(MBEDTLS_THREADING_C)
+ if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+ return( ret );
+#endif
+
+ /* MPI Initialization */
+ mbedtls_mpi_init( &T );
+
+ mbedtls_mpi_init( &P1 );
+ mbedtls_mpi_init( &Q1 );
+ mbedtls_mpi_init( &R );
if( f_rng != NULL )
{
@@ -803,12 +850,15 @@
#endif
}
-
-#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
- return( ret );
+#if !defined(MBEDTLS_RSA_NO_CRT)
+ mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ );
#endif
+ mbedtls_mpi_init( &I );
+ mbedtls_mpi_init( &C );
+
+ /* End of MPI initialization */
+
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
{
@@ -816,6 +866,8 @@
goto cleanup;
}
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) );
+
if( f_rng != NULL )
{
/*
@@ -874,24 +926,25 @@
/*
* Faster decryption using the CRT
*
- * T1 = input ^ dP mod P
- * T2 = input ^ dQ mod Q
+ * TP = input ^ dP mod P
+ * TQ = input ^ dQ mod Q
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T1, &T, DP, &ctx->P, &ctx->RP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T2, &T, DQ, &ctx->Q, &ctx->RQ ) );
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TP, &T, DP, &ctx->P, &ctx->RP ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TQ, &T, DQ, &ctx->Q, &ctx->RQ ) );
/*
- * T = (T1 - T2) * (Q^-1 mod P) mod P
+ * T = (TP - TQ) * (Q^-1 mod P) mod P
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &T1, &T2 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T, &ctx->QP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T1, &ctx->P ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &TP, &TQ ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->QP ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &TP, &ctx->P ) );
/*
- * T = T2 + T * Q
+ * T = TQ + T * Q
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T, &ctx->Q ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &T2, &T1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->Q ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &TQ, &TP ) );
#endif /* MBEDTLS_RSA_NO_CRT */
if( f_rng != NULL )
@@ -904,6 +957,15 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
}
+ /* Verify the result to prevent glitching attacks. */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E,
+ &ctx->N, &ctx->RN ) );
+ if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 )
+ {
+ ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
+ goto cleanup;
+ }
+
olen = ctx->len;
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
@@ -913,8 +975,9 @@
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
#endif
- mbedtls_mpi_free( &T ); mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 );
- mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &R );
+ mbedtls_mpi_free( &P1 );
+ mbedtls_mpi_free( &Q1 );
+ mbedtls_mpi_free( &R );
if( f_rng != NULL )
{
@@ -926,6 +989,15 @@
#endif
}
+ mbedtls_mpi_free( &T );
+
+#if !defined(MBEDTLS_RSA_NO_CRT)
+ mbedtls_mpi_free( &TP ); mbedtls_mpi_free( &TQ );
+#endif
+
+ mbedtls_mpi_free( &C );
+ mbedtls_mpi_free( &I );
+
if( ret != 0 )
return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret );
@@ -984,7 +1056,7 @@
}
exit:
- mbedtls_zeroize( mask, sizeof( mask ) );
+ mbedtls_platform_zeroize( mask, sizeof( mask ) );
return( ret );
}
@@ -1298,8 +1370,8 @@
ret = 0;
cleanup:
- mbedtls_zeroize( buf, sizeof( buf ) );
- mbedtls_zeroize( lhash, sizeof( lhash ) );
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize( lhash, sizeof( lhash ) );
return( ret );
}
@@ -1396,7 +1468,7 @@
ret = 0;
cleanup:
- mbedtls_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( ret );
}
@@ -1527,7 +1599,7 @@
p += hlen;
*p++ = 0xBC;
- mbedtls_zeroize( salt, sizeof( salt ) );
+ mbedtls_platform_zeroize( salt, sizeof( salt ) );
exit:
mbedtls_md_free( &md_ctx );
@@ -1669,7 +1741,7 @@
* after the initial bounds check. */
if( p != dst + dst_len )
{
- mbedtls_zeroize( dst, dst_len );
+ mbedtls_platform_zeroize( dst, dst_len );
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
@@ -2006,13 +2078,13 @@
if( encoded != NULL )
{
- mbedtls_zeroize( encoded, sig_len );
+ mbedtls_platform_zeroize( encoded, sig_len );
mbedtls_free( encoded );
}
if( encoded_expected != NULL )
{
- mbedtls_zeroize( encoded_expected, sig_len );
+ mbedtls_platform_zeroize( encoded_expected, sig_len );
mbedtls_free( encoded_expected );
}
@@ -2222,7 +2294,8 @@
if( verbose != 0 )
mbedtls_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto cleanup;
}
if( verbose != 0 )
@@ -2237,7 +2310,8 @@
if( verbose != 0 )
mbedtls_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto cleanup;
}
if( verbose != 0 )
@@ -2250,7 +2324,8 @@
if( verbose != 0 )
mbedtls_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto cleanup;
}
if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
@@ -2258,7 +2333,8 @@
if( verbose != 0 )
mbedtls_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto cleanup;
}
if( verbose != 0 )
@@ -2283,7 +2359,8 @@
if( verbose != 0 )
mbedtls_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto cleanup;
}
if( verbose != 0 )
@@ -2296,7 +2373,8 @@
if( verbose != 0 )
mbedtls_printf( "failed\n" );
- return( 1 );
+ ret = 1;
+ goto cleanup;
}
if( verbose != 0 )
diff --git a/library/sha1.c b/library/sha1.c
index 1f29a0f..1587de4 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -33,6 +33,7 @@
#if defined(MBEDTLS_SHA1_C)
#include "mbedtls/sha1.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -47,11 +48,6 @@
#if !defined(MBEDTLS_SHA1_ALT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
/*
* 32-bit integer manipulation macros (big endian)
*/
@@ -85,7 +81,7 @@
if( ctx == NULL )
return;
- mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
}
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
diff --git a/library/sha256.c b/library/sha256.c
index f39bcba..695485d 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -33,6 +33,7 @@
#if defined(MBEDTLS_SHA256_C)
#include "mbedtls/sha256.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -50,11 +51,6 @@
#if !defined(MBEDTLS_SHA256_ALT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
/*
* 32-bit integer manipulation macros (big endian)
*/
@@ -88,7 +84,7 @@
if( ctx == NULL )
return;
- mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
}
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
diff --git a/library/sha512.c b/library/sha512.c
index 97cee07..6de94e9 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -33,6 +33,7 @@
#if defined(MBEDTLS_SHA512_C)
#include "mbedtls/sha512.h"
+#include "mbedtls/platform_util.h"
#if defined(_MSC_VER) || defined(__WATCOMC__)
#define UL64(x) x##ui64
@@ -56,11 +57,6 @@
#if !defined(MBEDTLS_SHA512_ALT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
/*
* 64-bit integer manipulation macros (big endian)
*/
@@ -102,7 +98,7 @@
if( ctx == NULL )
return;
- mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
}
void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 2534346..b3dc4db 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -48,10 +48,7 @@
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
+#include "mbedtls/platform_util.h"
#endif
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@@ -717,6 +714,49 @@
return( 0 );
}
+/**
+ * \brief Validate cipher suite against config in SSL context.
+ *
+ * \param suite_info cipher suite to validate
+ * \param ssl SSL context
+ * \param min_minor_ver Minimal minor version to accept a cipher suite
+ * \param max_minor_ver Maximal minor version to accept a cipher suite
+ *
+ * \return 0 if valid, else 1
+ */
+static int ssl_validate_ciphersuite( const mbedtls_ssl_ciphersuite_t * suite_info,
+ const mbedtls_ssl_context * ssl,
+ int min_minor_ver, int max_minor_ver )
+{
+ (void) ssl;
+ if( suite_info == NULL )
+ return( 1 );
+
+ if( suite_info->min_minor_ver > max_minor_ver ||
+ suite_info->max_minor_ver < min_minor_ver )
+ return( 1 );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
+ return( 1 );
+#endif
+
+#if defined(MBEDTLS_ARC4_C)
+ if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
+ suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
+ return( 1 );
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
+ mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
+ return( 1 );
+#endif
+
+ return( 0 );
+}
+
static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
{
int ret;
@@ -869,31 +909,11 @@
{
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] );
- if( ciphersuite_info == NULL )
+ if( ssl_validate_ciphersuite( ciphersuite_info, ssl,
+ ssl->conf->min_minor_ver,
+ ssl->conf->max_minor_ver ) != 0 )
continue;
- if( ciphersuite_info->min_minor_ver > ssl->conf->max_minor_ver ||
- ciphersuite_info->max_minor_ver < ssl->conf->min_minor_ver )
- continue;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
- continue;
-#endif
-
-#if defined(MBEDTLS_ARC4_C)
- if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
- ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
- continue;
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
- mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
- continue;
-#endif
-
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x",
ciphersuites[i] ) );
@@ -902,6 +922,8 @@
*p++ = (unsigned char)( ciphersuites[i] );
}
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
+
/*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*/
@@ -909,6 +931,7 @@
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
#endif
{
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO );
n++;
@@ -928,8 +951,6 @@
*q++ = (unsigned char)( n >> 7 );
*q++ = (unsigned char)( n << 1 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
-
#if defined(MBEDTLS_ZLIB_SUPPORT)
offer_compress = 1;
#else
@@ -937,7 +958,7 @@
#endif
/*
- * We don't support compression with DTLS right now: is many records come
+ * We don't support compression with DTLS right now: if many records come
* in the same datagram, uncompressing one could overwrite the next one.
* We don't want to add complexity for handling that case unless there is
* an actual need for it.
@@ -1689,22 +1710,9 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) );
- suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
- if( suite_info == NULL
-#if defined(MBEDTLS_ARC4_C)
- || ( ssl->conf->arc4_disabled &&
- suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
-#endif
- )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
- }
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
-
+ /*
+ * Perform cipher suite validation in same way as in ssl_write_client_hello.
+ */
i = 0;
while( 1 )
{
@@ -1723,6 +1731,17 @@
}
}
+ suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
+ if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver, ssl->minor_ver ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
+
if( comp != MBEDTLS_SSL_COMPRESS_NULL
#if defined(MBEDTLS_ZLIB_SUPPORT)
&& comp != MBEDTLS_SSL_COMPRESS_DEFLATE
@@ -2057,10 +2076,16 @@
*
* opaque psk_identity_hint<0..2^16-1>;
*/
+ if( (*p) > end - 2 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
+ "(psk_identity_hint length)" ) );
+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ }
len = (*p)[0] << 8 | (*p)[1];
*p += 2;
- if( (*p) + len > end )
+ if( (*p) > end - len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
"(psk_identity_hint length)" ) );
@@ -2478,10 +2503,18 @@
/*
* Read signature
*/
+
+ if( p > end - 2 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ }
sig_len = ( p[0] << 8 ) | p[1];
p += 2;
- if( end != p + sig_len )
+ if( p != end - sig_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@@ -2658,10 +2691,27 @@
buf = ssl->in_msg;
/* certificate_types */
+ if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
+ }
cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )];
n = cert_type_len;
- if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
+ /*
+ * In the subsequent code there are two paths that read from buf:
+ * * the length of the signature algorithms field (if minor version of
+ * SSL is 3),
+ * * distinguished name length otherwise.
+ * Both reach at most the index:
+ * ...hdr_len + 2 + n,
+ * therefore the buffer length at this point must be greater than that
+ * regardless of the actual code path.
+ */
+ if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@@ -2676,9 +2726,32 @@
size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
| ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
#if defined(MBEDTLS_DEBUG_C)
- unsigned char* sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
+ unsigned char* sig_alg;
size_t i;
+#endif
+ /*
+ * The furthest access in buf is in the loop few lines below:
+ * sig_alg[i + 1],
+ * where:
+ * sig_alg = buf + ...hdr_len + 3 + n,
+ * max(i) = sig_alg_len - 1.
+ * Therefore the furthest access is:
+ * buf[...hdr_len + 3 + n + sig_alg_len - 1 + 1],
+ * which reduces to:
+ * buf[...hdr_len + 3 + n + sig_alg_len],
+ * which is one less than we need the buf to be.
+ */
+ if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n + sig_alg_len )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
+ }
+
+#if defined(MBEDTLS_DEBUG_C)
+ sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
for( i = 0; i < sig_alg_len; i += 2 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Signature Algorithm found: %d"
@@ -2687,14 +2760,6 @@
#endif
n += 2 + sig_alg_len;
-
- if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
- }
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -3274,8 +3339,8 @@
if( ticket_len == 0 )
return( 0 );
- mbedtls_zeroize( ssl->session_negotiate->ticket,
- ssl->session_negotiate->ticket_len );
+ mbedtls_platform_zeroize( ssl->session_negotiate->ticket,
+ ssl->session_negotiate->ticket_len );
mbedtls_free( ssl->session_negotiate->ticket );
ssl->session_negotiate->ticket = NULL;
ssl->session_negotiate->ticket_len = 0;
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index caf1199..56e9bdd 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -40,14 +40,10 @@
#include "mbedtls/ssl_cookie.h"
#include "mbedtls/ssl_internal.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
/*
* If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
* available. Try SHA-256 first, 512 wastes resources since we need to stay
@@ -101,7 +97,7 @@
mbedtls_mutex_free( &ctx->mutex );
#endif
- mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
}
int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
@@ -122,7 +118,7 @@
if( ret != 0 )
return( ret );
- mbedtls_zeroize( key, sizeof( key ) );
+ mbedtls_platform_zeroize( key, sizeof( key ) );
return( 0 );
}
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index aca4235..09b7a3f 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -38,6 +38,7 @@
#include "mbedtls/debug.h"
#include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -49,13 +50,6 @@
#include "mbedtls/platform_time.h"
#endif
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-#endif
-
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
const unsigned char *info,
@@ -553,7 +547,7 @@
memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) );
/* Zeroize instead of free as we copied the content */
- mbedtls_zeroize( &session, sizeof( mbedtls_ssl_session ) );
+ mbedtls_platform_zeroize( &session, sizeof( mbedtls_ssl_session ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from ticket" ) );
@@ -793,7 +787,7 @@
const mbedtls_ssl_ciphersuite_t *suite_info;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
mbedtls_pk_type_t sig_type;
#endif
@@ -2961,7 +2955,7 @@
return( ret );
}
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
dig_signed = p;
dig_signed_len = len;
#endif
@@ -3050,7 +3044,7 @@
/*
* 3.1: Choose hash algorithm:
- * A: For TLS 1.2, obey signature-hash-algorithm extension
+ * A: For TLS 1.2, obey signature-hash-algorithm extension
* to choose appropriate hash.
* B: For SSL3, TLS1.0, TLS1.1 and ECDHE_ECDSA, use SHA1
* (RFC 4492, Sec. 5.4)
@@ -3071,7 +3065,7 @@
sig_alg ) ) == MBEDTLS_MD_NONE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- /* (... because we choose a cipher suite
+ /* (... because we choose a cipher suite
* only if there is a matching hash.) */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
@@ -3750,7 +3744,10 @@
/* Read the message without adding it to the checksum */
do {
- if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 )
+ do ret = mbedtls_ssl_read_record_layer( ssl );
+ while( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
+
+ if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
return( ret );
@@ -3758,7 +3755,8 @@
ret = mbedtls_ssl_handle_message_type( ssl );
- } while( MBEDTLS_ERR_SSL_NON_FATAL == ret );
+ } while( MBEDTLS_ERR_SSL_NON_FATAL == ret ||
+ MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret );
if( 0 != ret )
{
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 4d9116d..a2b3048 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -36,14 +36,10 @@
#endif
#include "mbedtls/ssl_ticket.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
/*
* Initialze context
*/
@@ -83,7 +79,7 @@
mbedtls_cipher_get_key_bitlen( &key->ctx ),
MBEDTLS_ENCRYPT );
- mbedtls_zeroize( buf, sizeof( buf ) );
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( ret );
}
@@ -483,7 +479,7 @@
mbedtls_mutex_free( &ctx->mutex );
#endif
- mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) );
}
#endif /* MBEDTLS_SSL_TICKET_C */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ff52104..cf1b694 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -46,6 +46,7 @@
#include "mbedtls/debug.h"
#include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -53,11 +54,6 @@
#include "mbedtls/oid.h"
#endif
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
/* Length of the "epoch" field in the record header */
static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
{
@@ -269,8 +265,8 @@
mbedtls_md5_free( &md5 );
mbedtls_sha1_free( &sha1 );
- mbedtls_zeroize( padding, sizeof( padding ) );
- mbedtls_zeroize( sha1sum, sizeof( sha1sum ) );
+ mbedtls_platform_zeroize( padding, sizeof( padding ) );
+ mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
return( ret );
}
@@ -367,8 +363,8 @@
mbedtls_md_free( &md_ctx );
- mbedtls_zeroize( tmp, sizeof( tmp ) );
- mbedtls_zeroize( h_i, sizeof( h_i ) );
+ mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+ mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
return( 0 );
}
@@ -432,8 +428,8 @@
mbedtls_md_free( &md_ctx );
- mbedtls_zeroize( tmp, sizeof( tmp ) );
- mbedtls_zeroize( h_i, sizeof( h_i ) );
+ mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+ mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
return( 0 );
}
@@ -642,7 +638,8 @@
return( ret );
}
- mbedtls_zeroize( handshake->premaster, sizeof(handshake->premaster) );
+ mbedtls_platform_zeroize( handshake->premaster,
+ sizeof(handshake->premaster) );
}
else
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
@@ -653,7 +650,7 @@
memcpy( tmp, handshake->randbytes, 64 );
memcpy( handshake->randbytes, tmp + 32, 32 );
memcpy( handshake->randbytes + 32, tmp, 32 );
- mbedtls_zeroize( tmp, sizeof( tmp ) );
+ mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
/*
* SSLv3:
@@ -681,7 +678,8 @@
MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
- mbedtls_zeroize( handshake->randbytes, sizeof( handshake->randbytes ) );
+ mbedtls_platform_zeroize( handshake->randbytes,
+ sizeof( handshake->randbytes ) );
/*
* Determine the appropriate key, IV and MAC length.
@@ -855,8 +853,13 @@
defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
{
- mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
- mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
+ /* For HMAC-based ciphersuites, initialize the HMAC transforms.
+ For AEAD-based ciphersuites, there is nothing to do here. */
+ if( mac_key_len != 0 )
+ {
+ mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
+ mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
+ }
}
else
#endif
@@ -943,7 +946,7 @@
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
- mbedtls_zeroize( keyblk, sizeof( keyblk ) );
+ mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
#if defined(MBEDTLS_ZLIB_SUPPORT)
// Initialize compression
@@ -2103,6 +2106,7 @@
{
int ret;
unsigned char *msg_post = ssl->out_msg;
+ ptrdiff_t bytes_written = ssl->out_msg - ssl->out_buf;
size_t len_pre = ssl->out_msglen;
unsigned char *msg_pre = ssl->compress_buf;
@@ -2122,7 +2126,7 @@
ssl->transform_out->ctx_deflate.next_in = msg_pre;
ssl->transform_out->ctx_deflate.avail_in = len_pre;
ssl->transform_out->ctx_deflate.next_out = msg_post;
- ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN;
+ ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN - bytes_written;
ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH );
if( ret != Z_OK )
@@ -2132,7 +2136,7 @@
}
ssl->out_msglen = MBEDTLS_SSL_BUFFER_LEN -
- ssl->transform_out->ctx_deflate.avail_out;
+ ssl->transform_out->ctx_deflate.avail_out - bytes_written;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
ssl->out_msglen ) );
@@ -2149,6 +2153,7 @@
{
int ret;
unsigned char *msg_post = ssl->in_msg;
+ ptrdiff_t header_bytes = ssl->in_msg - ssl->in_buf;
size_t len_pre = ssl->in_msglen;
unsigned char *msg_pre = ssl->compress_buf;
@@ -2168,7 +2173,8 @@
ssl->transform_in->ctx_inflate.next_in = msg_pre;
ssl->transform_in->ctx_inflate.avail_in = len_pre;
ssl->transform_in->ctx_inflate.next_out = msg_post;
- ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_MAX_CONTENT_LEN;
+ ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_BUFFER_LEN -
+ header_bytes;
ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH );
if( ret != Z_OK )
@@ -2177,8 +2183,8 @@
return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
}
- ssl->in_msglen = MBEDTLS_SSL_MAX_CONTENT_LEN -
- ssl->transform_in->ctx_inflate.avail_out;
+ ssl->in_msglen = MBEDTLS_SSL_BUFFER_LEN -
+ ssl->transform_in->ctx_inflate.avail_out - header_bytes;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
ssl->in_msglen ) );
@@ -2332,7 +2338,10 @@
* that will end up being dropped.
*/
if( ssl_check_timer( ssl ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "timer has expired" ) );
ret = MBEDTLS_ERR_SSL_TIMEOUT;
+ }
else
{
len = MBEDTLS_SSL_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf );
@@ -2434,6 +2443,14 @@
if( ret < 0 )
return( ret );
+ if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "f_recv returned %d bytes but only %lu were requested",
+ ret, (unsigned long)len ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
ssl->in_left += ret;
}
}
@@ -2481,6 +2498,14 @@
if( ret <= 0 )
return( ret );
+ if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "f_send returned %d bytes but only %lu bytes were sent",
+ ret, (unsigned long)ssl->out_left ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
ssl->out_left -= ret;
}
@@ -3064,7 +3089,7 @@
if( ssl_bitmask_check( bitmask, msg_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message is not complete yet" ) );
- return( MBEDTLS_ERR_SSL_WANT_READ );
+ return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
}
MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake message completed" ) );
@@ -3141,9 +3166,11 @@
int ret;
unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
- /* ssl->handshake is NULL when receiving ClientHello for renego */
if( ssl->handshake != NULL &&
- recv_msg_seq != ssl->handshake->in_msg_seq )
+ ( ( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER &&
+ recv_msg_seq != ssl->handshake->in_msg_seq ) ||
+ ( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
+ ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) )
{
/* Retransmit only on last message from previous flight, to avoid
* too many retransmissions.
@@ -3170,7 +3197,7 @@
ssl->handshake->in_msg_seq ) );
}
- return( MBEDTLS_ERR_SSL_WANT_READ );
+ return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
}
/* Wait until message completion to increment in_msg_seq */
@@ -3573,81 +3600,23 @@
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
- /* Check length against bounds of the current transform and version */
- if( ssl->transform_in == NULL )
- {
- if( ssl->in_msglen < 1 ||
- ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
- }
- }
- else
- {
- if( ssl->in_msglen < ssl->transform_in->minlen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
- }
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
- ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
- }
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
- /*
- * TLS encrypted messages can have up to 256 bytes of padding
- */
- if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 &&
- ssl->in_msglen > ssl->transform_in->minlen +
- MBEDTLS_SSL_MAX_CONTENT_LEN + 256 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
- return( MBEDTLS_ERR_SSL_INVALID_RECORD );
- }
-#endif
- }
-
/*
- * DTLS-related tests done last, because most of them may result in
- * silently dropping the record (but not the whole datagram), and we only
- * want to consider that after ensuring that the "basic" fields (type,
- * version, length) are sane.
+ * DTLS-related tests.
+ * Check epoch before checking length constraint because
+ * the latter varies with the epoch. E.g., if a ChangeCipherSpec
+ * message gets duplicated before the corresponding Finished message,
+ * the second ChangeCipherSpec should be discarded because it belongs
+ * to an old epoch, but not because its length is shorter than
+ * the minimum record length for packets using the new record transform.
+ * Note that these two kinds of failures are handled differently,
+ * as an unexpected record is silently skipped but an invalid
+ * record leads to the entire datagram being dropped.
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
- /* Drop unexpected ChangeCipherSpec messages */
- if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
- ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
- ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
- }
-
- /* Drop unexpected ApplicationData records,
- * except at the beginning of renegotiations */
- if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
- ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
- ssl->state == MBEDTLS_SSL_SERVER_HELLO )
-#endif
- )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
- }
-
/* Check epoch (and sequence number) with DTLS */
if( rec_epoch != ssl->in_epoch )
{
@@ -3687,9 +3656,74 @@
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
}
#endif
+
+ /* Drop unexpected ChangeCipherSpec messages */
+ if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
+ ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
+ ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) );
+ return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
+ }
+
+ /* Drop unexpected ApplicationData records,
+ * except at the beginning of renegotiations */
+ if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
+ ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+ ssl->state == MBEDTLS_SSL_SERVER_HELLO )
+#endif
+ )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
+ return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
+ }
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+ /* Check length against bounds of the current transform and version */
+ if( ssl->transform_in == NULL )
+ {
+ if( ssl->in_msglen < 1 ||
+ ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
+ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ }
+ }
+ else
+ {
+ if( ssl->in_msglen < ssl->transform_in->minlen )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
+ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ }
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+ if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
+ ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
+ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ }
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+ defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ /*
+ * TLS encrypted messages can have up to 256 bytes of padding
+ */
+ if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 &&
+ ssl->in_msglen > ssl->transform_in->minlen +
+ MBEDTLS_SSL_MAX_CONTENT_LEN + 256 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
+ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ }
+#endif
+ }
+
return( 0 );
}
@@ -3778,7 +3812,10 @@
{
do {
- if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 )
+ do ret = mbedtls_ssl_read_record_layer( ssl );
+ while( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
+
+ if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
return( ret );
@@ -3786,11 +3823,12 @@
ret = mbedtls_ssl_handle_message_type( ssl );
- } while( MBEDTLS_ERR_SSL_NON_FATAL == ret );
+ } while( MBEDTLS_ERR_SSL_NON_FATAL == ret ||
+ MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret );
if( 0 != ret )
{
- MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret );
return( ret );
}
@@ -3828,11 +3866,6 @@
* (2) Alert messages:
* Consume whole record content, in_msglen = 0.
*
- * NOTE: This needs to be fixed, since like for
- * handshake messages it is allowed to have
- * multiple alerts witin a single record.
- * Internal reference IOTSSL-1321.
- *
* (3) Change cipher spec:
* Consume whole record content, in_msglen = 0.
*
@@ -3860,12 +3893,12 @@
*/
/* Notes:
- * (1) in_hslen is *NOT* necessarily the size of the
+ * (1) in_hslen is not necessarily the size of the
* current handshake content: If DTLS handshake
* fragmentation is used, that's the fragment
* size instead. Using the total handshake message
- * size here is FAULTY and should be changed at
- * some point. Internal reference IOTSSL-1414.
+ * size here is faulty and should be changed at
+ * some point.
* (2) While it doesn't seem to cause problems, one
* has to be very careful not to assume that in_hslen
* is always <= in_msglen in a sensible communication.
@@ -3916,12 +3949,6 @@
return( 0 );
}
- /* Need to fetch a new record */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-read_record_header:
-#endif
-
/* Current record either fully processed or to be discarded. */
if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 )
@@ -3956,7 +3983,7 @@
}
/* Get next record */
- goto read_record_header;
+ return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
}
#endif
return( ret );
@@ -3975,7 +4002,13 @@
/* Done reading this record, get ready for the next one */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl );
+ if( ssl->next_record_offset < ssl->in_left )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) );
+ }
+ }
else
#endif
ssl->in_left = 0;
@@ -4022,7 +4055,7 @@
ssl->in_left = 0;
MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) );
- goto read_record_header;
+ return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
}
return( ret );
@@ -4043,46 +4076,6 @@
}
}
- /*
- * When we sent the last flight of the handshake, we MUST respond to a
- * retransmit of the peer's previous flight with a retransmit. (In
- * practice, only the Finished message will make it, other messages
- * including CCS use the old transform so they're dropped as invalid.)
- *
- * If the record we received is not a handshake message, however, it
- * means the peer received our last flight so we can clean up
- * handshake info.
- *
- * This check needs to be done before prepare_handshake() due to an edge
- * case: if the client immediately requests renegotiation, this
- * finishes the current handshake first, avoiding the new ClientHello
- * being mistaken for an ancient message in the current handshake.
- */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->handshake != NULL &&
- ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
- {
- if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
- ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "received retransmit of last flight" ) );
-
- if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
- return( ret );
- }
-
- return( MBEDTLS_ERR_SSL_WANT_READ );
- }
- else
- {
- ssl_handshake_wrapup_free_hs_transform( ssl );
- }
- }
-#endif
-
return( 0 );
}
@@ -4127,7 +4120,7 @@
if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION )
{
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no renegotiation alert" ) );
/* Will be handled when trying to parse ServerHello */
return( 0 );
}
@@ -4149,6 +4142,15 @@
return MBEDTLS_ERR_SSL_NON_FATAL;
}
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl->handshake != NULL &&
+ ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+ {
+ ssl_handshake_wrapup_free_hs_transform( ssl );
+ }
+#endif
+
return( 0 );
}
@@ -5026,9 +5028,9 @@
mbedtls_md5_free( &md5 );
mbedtls_sha1_free( &sha1 );
- mbedtls_zeroize( padbuf, sizeof( padbuf ) );
- mbedtls_zeroize( md5sum, sizeof( md5sum ) );
- mbedtls_zeroize( sha1sum, sizeof( sha1sum ) );
+ mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
+ mbedtls_platform_zeroize( md5sum, sizeof( md5sum ) );
+ mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
}
@@ -5087,7 +5089,7 @@
mbedtls_md5_free( &md5 );
mbedtls_sha1_free( &sha1 );
- mbedtls_zeroize( padbuf, sizeof( padbuf ) );
+ mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
}
@@ -5137,7 +5139,7 @@
mbedtls_sha256_free( &sha256 );
- mbedtls_zeroize( padbuf, sizeof( padbuf ) );
+ mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
}
@@ -5186,7 +5188,7 @@
mbedtls_sha512_free( &sha512 );
- mbedtls_zeroize( padbuf, sizeof( padbuf ) );
+ mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
}
@@ -6105,7 +6107,7 @@
if( conf->psk != NULL )
{
- mbedtls_zeroize( conf->psk, conf->psk_len );
+ mbedtls_platform_zeroize( conf->psk, conf->psk_len );
mbedtls_free( conf->psk );
conf->psk = NULL;
@@ -6148,7 +6150,8 @@
if( ssl->handshake->psk != NULL )
{
- mbedtls_zeroize( ssl->handshake->psk, ssl->handshake->psk_len );
+ mbedtls_platform_zeroize( ssl->handshake->psk,
+ ssl->handshake->psk_len );
mbedtls_free( ssl->handshake->psk );
ssl->handshake->psk_len = 0;
}
@@ -6278,7 +6281,7 @@
if( ssl->hostname != NULL )
{
- mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) );
+ mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
mbedtls_free( ssl->hostname );
}
@@ -6485,6 +6488,61 @@
return( ssl->in_offt == NULL ? 0 : ssl->in_msglen );
}
+int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl )
+{
+ /*
+ * Case A: We're currently holding back
+ * a message for further processing.
+ */
+
+ if( ssl->keep_current_message == 1 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: record held back for processing" ) );
+ return( 1 );
+ }
+
+ /*
+ * Case B: Further records are pending in the current datagram.
+ */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl->in_left > ssl->next_record_offset )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records within current datagram" ) );
+ return( 1 );
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+ /*
+ * Case C: A handshake message is being processed.
+ */
+
+ if( ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more handshake messages within current record" ) );
+ return( 1 );
+ }
+
+ /*
+ * Case D: An application data message is being processed
+ */
+ if( ssl->in_offt != NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: application data record is being processed" ) );
+ return( 1 );
+ }
+
+ /*
+ * In all other cases, the rest of the message can be dropped.
+ * As in ssl_read_record_layer, this needs to be adapted if
+ * we implement support for multiple alerts in single records.
+ */
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: nothing pending" ) );
+ return( 0 );
+}
+
uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl )
{
if( ssl->session != NULL )
@@ -6893,25 +6951,16 @@
}
/*
- * TODO
- *
- * The logic should be streamlined here:
- *
- * Instead of
- *
+ * The logic could be streamlined here. Instead of
* - Manually checking whether ssl->in_offt is NULL
* - Fetching a new record if yes
* - Setting ssl->in_offt if one finds an application record
* - Resetting keep_current_message after handling the application data
- *
* one should
- *
* - Adapt read_record to set ssl->in_offt automatically
* when a new application data record is processed.
* - Always call mbedtls_ssl_read_record here.
- *
* This way, the logic of ssl_read would be much clearer:
- *
* (1) Always call record layer and see what kind of record is on
* and have it ready for consumption (in particular, in_offt
* properly set for application data records).
@@ -6921,13 +6970,12 @@
* (3) If it's something different from application data,
* handle it accordingly, e.g. potentially start a
* renegotiation.
- *
* This will also remove the need to manually reset
* ssl->keep_current_message = 0 below.
- *
*/
- if( ssl->in_offt == NULL )
+ /* Loop as long as no application data record is available */
+ while( ssl->in_offt == NULL )
{
/* Start timer if not already running */
if( ssl->f_get_timer != NULL &&
@@ -6981,7 +7029,9 @@
/* With DTLS, drop the packet (probably from last handshake) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- return( MBEDTLS_ERR_SSL_WANT_READ );
+ {
+ continue;
+ }
#endif
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
@@ -6996,7 +7046,9 @@
/* With DTLS, drop the packet (probably from last handshake) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- return( MBEDTLS_ERR_SSL_WANT_READ );
+ {
+ continue;
+ }
#endif
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
@@ -7069,7 +7121,25 @@
}
}
- return( MBEDTLS_ERR_SSL_WANT_READ );
+ /* At this point, we don't know whether the renegotiation has been
+ * completed or not. The cases to consider are the following:
+ * 1) The renegotiation is complete. In this case, no new record
+ * has been read yet.
+ * 2) The renegotiation is incomplete because the client received
+ * an application data record while awaiting the ServerHello.
+ * 3) The renegotiation is incomplete because the client received
+ * a non-handshake, non-application data message while awaiting
+ * the ServerHello.
+ * In each of these case, looping will be the proper action:
+ * - For 1), the next iteration will read a new record and check
+ * if it's application data.
+ * - For 2), the loop condition isn't satisfied as application data
+ * is present, hence continue is the same as break
+ * - For 3), the loop condition is satisfied and read_record
+ * will re-deliver the message that was held back by the client
+ * when expecting the ServerHello.
+ */
+ continue;
}
#if defined(MBEDTLS_SSL_RENEGOTIATION)
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
@@ -7324,7 +7394,7 @@
mbedtls_md_free( &transform->md_ctx_enc );
mbedtls_md_free( &transform->md_ctx_dec );
- mbedtls_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
+ mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -7384,7 +7454,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( handshake->psk != NULL )
{
- mbedtls_zeroize( handshake->psk, handshake->psk_len );
+ mbedtls_platform_zeroize( handshake->psk, handshake->psk_len );
mbedtls_free( handshake->psk );
}
#endif
@@ -7414,7 +7484,8 @@
ssl_flight_free( handshake->flight );
#endif
- mbedtls_zeroize( handshake, sizeof( mbedtls_ssl_handshake_params ) );
+ mbedtls_platform_zeroize( handshake,
+ sizeof( mbedtls_ssl_handshake_params ) );
}
void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
@@ -7434,7 +7505,7 @@
mbedtls_free( session->ticket );
#endif
- mbedtls_zeroize( session, sizeof( mbedtls_ssl_session ) );
+ mbedtls_platform_zeroize( session, sizeof( mbedtls_ssl_session ) );
}
/*
@@ -7449,20 +7520,20 @@
if( ssl->out_buf != NULL )
{
- mbedtls_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN );
+ mbedtls_platform_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN );
mbedtls_free( ssl->out_buf );
}
if( ssl->in_buf != NULL )
{
- mbedtls_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN );
+ mbedtls_platform_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN );
mbedtls_free( ssl->in_buf );
}
#if defined(MBEDTLS_ZLIB_SUPPORT)
if( ssl->compress_buf != NULL )
{
- mbedtls_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN );
+ mbedtls_platform_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN );
mbedtls_free( ssl->compress_buf );
}
#endif
@@ -7493,7 +7564,7 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if( ssl->hostname != NULL )
{
- mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) );
+ mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
mbedtls_free( ssl->hostname );
}
#endif
@@ -7513,7 +7584,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) );
/* Actually clear after last debug message */
- mbedtls_zeroize( ssl, sizeof( mbedtls_ssl_context ) );
+ mbedtls_platform_zeroize( ssl, sizeof( mbedtls_ssl_context ) );
}
/*
@@ -7685,8 +7756,14 @@
* Default
*/
default:
- conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
- conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */
+ conf->min_major_ver = ( MBEDTLS_SSL_MIN_MAJOR_VERSION >
+ MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION ) ?
+ MBEDTLS_SSL_MIN_MAJOR_VERSION :
+ MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION;
+ conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION >
+ MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ?
+ MBEDTLS_SSL_MIN_MINOR_VERSION :
+ MBEDTLS_SSL_MIN_VALID_MINOR_VERSION;
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
@@ -7734,11 +7811,17 @@
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( conf->psk != NULL )
{
- mbedtls_zeroize( conf->psk, conf->psk_len );
- mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len );
+ mbedtls_platform_zeroize( conf->psk, conf->psk_len );
mbedtls_free( conf->psk );
- mbedtls_free( conf->psk_identity );
+ conf->psk = NULL;
conf->psk_len = 0;
+ }
+
+ if( conf->psk_identity != NULL )
+ {
+ mbedtls_platform_zeroize( conf->psk_identity, conf->psk_identity_len );
+ mbedtls_free( conf->psk_identity );
+ conf->psk_identity = NULL;
conf->psk_identity_len = 0;
}
#endif
@@ -7747,7 +7830,7 @@
ssl_key_cert_free( conf->key_cert );
#endif
- mbedtls_zeroize( conf, sizeof( mbedtls_ssl_config ) );
+ mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) );
}
#if defined(MBEDTLS_PK_C) && \
diff --git a/library/threading.c b/library/threading.c
index 0758675..f1c3724 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -111,8 +111,12 @@
mbedtls_mutex_lock = mutex_lock;
mbedtls_mutex_unlock = mutex_unlock;
+#if defined(MBEDTLS_FS_IO)
mbedtls_mutex_init( &mbedtls_threading_readdir_mutex );
+#endif
+#if defined(MBEDTLS_HAVE_TIME_DATE)
mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex );
+#endif
}
/*
@@ -120,8 +124,12 @@
*/
void mbedtls_threading_free_alt( void )
{
+#if defined(MBEDTLS_FS_IO)
mbedtls_mutex_free( &mbedtls_threading_readdir_mutex );
+#endif
+#if defined(MBEDTLS_HAVE_TIME_DATE)
mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex );
+#endif
}
#endif /* MBEDTLS_THREADING_ALT */
@@ -131,7 +139,11 @@
#ifndef MUTEX_INIT
#define MUTEX_INIT
#endif
+#if defined(MBEDTLS_FS_IO)
mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT;
+#endif
+#if defined(MBEDTLS_HAVE_TIME_DATE)
mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT;
+#endif
#endif /* MBEDTLS_THREADING_C */
diff --git a/library/timing.c b/library/timing.c
index 35d6d89..6a30e51 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -39,7 +39,7 @@
#if !defined(MBEDTLS_TIMING_ALT)
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
- !defined(__APPLE__) && !defined(_WIN32)
+ !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__)
#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h"
#endif
diff --git a/library/version.c b/library/version.c
index 6ca80d4..fd96750 100644
--- a/library/version.c
+++ b/library/version.c
@@ -30,7 +30,7 @@
#include "mbedtls/version.h"
#include <string.h>
-unsigned int mbedtls_version_get_number()
+unsigned int mbedtls_version_get_number( void )
{
return( MBEDTLS_VERSION_NUMBER );
}
diff --git a/library/version_features.c b/library/version_features.c
index da47e3d..a452caf 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -237,6 +237,9 @@
#if defined(MBEDTLS_AES_ROM_TABLES)
"MBEDTLS_AES_ROM_TABLES",
#endif /* MBEDTLS_AES_ROM_TABLES */
+#if defined(MBEDTLS_AES_FEWER_TABLES)
+ "MBEDTLS_AES_FEWER_TABLES",
+#endif /* MBEDTLS_AES_FEWER_TABLES */
#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
"MBEDTLS_CAMELLIA_SMALL_MEMORY",
#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
@@ -306,6 +309,9 @@
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
"MBEDTLS_ECP_DP_CURVE25519_ENABLED",
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+ "MBEDTLS_ECP_DP_CURVE448_ENABLED",
+#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
#if defined(MBEDTLS_ECP_NIST_OPTIM)
"MBEDTLS_ECP_NIST_OPTIM",
#endif /* MBEDTLS_ECP_NIST_OPTIM */
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 55d12ac..8450f87 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -39,6 +39,7 @@
#include "mbedtls/x509_crl.h"
#include "mbedtls/oid.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -66,11 +67,6 @@
#include <stdio.h>
#endif
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
/*
* Version ::= INTEGER { v1(0), v2(1) }
*/
@@ -95,17 +91,23 @@
}
/*
- * X.509 CRL v2 extensions (no extensions parsed yet.)
+ * X.509 CRL v2 extensions
+ *
+ * We currently don't parse any extension's content, but we do check that the
+ * list of extensions is well-formed and abort on critical extensions (that
+ * are unsupported as we don't support any extension so far)
*/
static int x509_get_crl_ext( unsigned char **p,
const unsigned char *end,
mbedtls_x509_buf *ext )
{
int ret;
- size_t len = 0;
- /* Get explicit tag */
- if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0) ) != 0 )
+ /*
+ * crlExtensions [0] EXPLICIT Extensions OPTIONAL
+ * -- if present, version MUST be v2
+ */
+ if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0 ) ) != 0 )
{
if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
return( 0 );
@@ -115,11 +117,54 @@
while( *p < end )
{
+ /*
+ * Extension ::= SEQUENCE {
+ * extnID OBJECT IDENTIFIER,
+ * critical BOOLEAN DEFAULT FALSE,
+ * extnValue OCTET STRING }
+ */
+ int is_critical = 0;
+ const unsigned char *end_ext_data;
+ size_t len;
+
+ /* Get enclosing sequence tag */
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+ end_ext_data = *p + len;
+
+ /* Get OID (currently ignored) */
+ if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
+ MBEDTLS_ASN1_OID ) ) != 0 )
+ {
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+ }
*p += len;
+
+ /* Get optional critical */
+ if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data,
+ &is_critical ) ) != 0 &&
+ ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
+ {
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+ }
+
+ /* Data should be octet string type */
+ if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
+ MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+ /* Ignore data so far and just check its length */
+ *p += len;
+ if( *p != end_ext_data )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+ /* Abort on (unsupported) critical extensions */
+ if( is_critical )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
}
if( *p != end )
@@ -257,7 +302,7 @@
{
int ret;
size_t len;
- unsigned char *p, *end;
+ unsigned char *p = NULL, *end = NULL;
mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
mbedtls_x509_crl *crl = chain;
@@ -294,7 +339,11 @@
/*
* Copy raw DER-encoded CRL
*/
- if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL )
+ if( buflen == 0 )
+ return( MBEDTLS_ERR_X509_INVALID_FORMAT );
+
+ p = mbedtls_calloc( 1, buflen );
+ if( p == NULL )
return( MBEDTLS_ERR_X509_ALLOC_FAILED );
memcpy( p, buf, buflen );
@@ -563,7 +612,7 @@
ret = mbedtls_x509_crl_parse( chain, buf, n );
- mbedtls_zeroize( buf, n );
+ mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf );
return( ret );
@@ -684,7 +733,7 @@
{
name_prv = name_cur;
name_cur = name_cur->next;
- mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
+ mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
mbedtls_free( name_prv );
}
@@ -693,13 +742,14 @@
{
entry_prv = entry_cur;
entry_cur = entry_cur->next;
- mbedtls_zeroize( entry_prv, sizeof( mbedtls_x509_crl_entry ) );
+ mbedtls_platform_zeroize( entry_prv,
+ sizeof( mbedtls_x509_crl_entry ) );
mbedtls_free( entry_prv );
}
if( crl_cur->raw.p != NULL )
{
- mbedtls_zeroize( crl_cur->raw.p, crl_cur->raw.len );
+ mbedtls_platform_zeroize( crl_cur->raw.p, crl_cur->raw.len );
mbedtls_free( crl_cur->raw.p );
}
@@ -713,7 +763,7 @@
crl_prv = crl_cur;
crl_cur = crl_cur->next;
- mbedtls_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) );
+ mbedtls_platform_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) );
if( crl_prv != crl )
mbedtls_free( crl_prv );
}
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 0e28dac..462cbcf 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -27,6 +27,8 @@
*
* http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
* http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
+ *
+ * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -39,6 +41,7 @@
#include "mbedtls/x509_crt.h"
#include "mbedtls/oid.h"
+#include "mbedtls/platform_util.h"
#include <stdio.h>
#include <string.h>
@@ -75,10 +78,18 @@
#endif /* !_WIN32 || EFIX64 || EFI32 */
#endif
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
+/*
+ * Item in a verification chain: cert and flags for it
+ */
+typedef struct {
+ mbedtls_x509_crt *crt;
+ uint32_t flags;
+} x509_crt_verify_chain_item;
+
+/*
+ * Max size of verification chain: end-entity + intermediates + trusted root
+ */
+#define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
/*
* Default profile
@@ -147,7 +158,7 @@
/*
* Check md_alg against profile
- * Return 0 if md_alg acceptable for this profile, -1 otherwise
+ * Return 0 if md_alg is acceptable for this profile, -1 otherwise
*/
static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile,
mbedtls_md_type_t md_alg )
@@ -160,7 +171,7 @@
/*
* Check pk_alg against profile
- * Return 0 if pk_alg acceptable for this profile, -1 otherwise
+ * Return 0 if pk_alg is acceptable for this profile, -1 otherwise
*/
static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile,
mbedtls_pk_type_t pk_alg )
@@ -173,12 +184,13 @@
/*
* Check key against profile
- * Return 0 if pk_alg acceptable for this profile, -1 otherwise
+ * Return 0 if pk is acceptable for this profile, -1 otherwise
*/
static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
- mbedtls_pk_type_t pk_alg,
const mbedtls_pk_context *pk )
{
+ const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type( pk );
+
#if defined(MBEDTLS_RSA_C)
if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS )
{
@@ -194,7 +206,7 @@
pk_alg == MBEDTLS_PK_ECKEY ||
pk_alg == MBEDTLS_PK_ECKEY_DH )
{
- mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
+ const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 )
return( 0 );
@@ -473,9 +485,12 @@
if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
- if( ( tag & MBEDTLS_ASN1_CONTEXT_SPECIFIC ) != MBEDTLS_ASN1_CONTEXT_SPECIFIC )
+ if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) !=
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC )
+ {
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+ }
/* Skip everything but DNS name */
if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) )
@@ -1096,7 +1111,7 @@
ret = mbedtls_x509_crt_parse( chain, buf, n );
- mbedtls_zeroize( buf, n );
+ mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf );
return( ret );
@@ -1631,7 +1646,7 @@
/*
* Check that the given certificate is not revoked according to the CRL.
- * Skip validation is no CRL for the given CA is present.
+ * Skip validation if no CRL for the given CA is present.
*/
static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
mbedtls_x509_crl *crl_list,
@@ -1676,18 +1691,14 @@
flags |= MBEDTLS_X509_BADCRL_BAD_PK;
md_info = mbedtls_md_info_from_type( crl_list->sig_md );
- if( md_info == NULL )
+ if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 )
{
- /*
- * Cannot check 'unknown' hash
- */
+ /* Note: this can't happen except after an internal error */
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
break;
}
- mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
-
- if( x509_profile_check_key( profile, crl_list->sig_pk, &ca->pk ) != 0 )
+ if( x509_profile_check_key( profile, &ca->pk ) != 0 )
flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
@@ -1755,13 +1766,14 @@
/*
* Return 0 if name matches wildcard, -1 otherwise
*/
-static int x509_check_wildcard( const char *cn, mbedtls_x509_buf *name )
+static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name )
{
size_t i;
size_t cn_idx = 0, cn_len = strlen( cn );
+ /* We can't have a match if there is no wildcard to match */
if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
- return( 0 );
+ return( -1 );
for( i = 0; i < cn_len; ++i )
{
@@ -1853,15 +1865,40 @@
}
/*
+ * Check the signature of a certificate by its parent
+ */
+static int x509_crt_check_signature( const mbedtls_x509_crt *child,
+ mbedtls_x509_crt *parent )
+{
+ const mbedtls_md_info_t *md_info;
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+
+ md_info = mbedtls_md_info_from_type( child->sig_md );
+ if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
+ {
+ /* Note: this can't happen except after an internal error */
+ return( -1 );
+ }
+
+ if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk,
+ child->sig_md, hash, mbedtls_md_get_size( md_info ),
+ child->sig.p, child->sig.len ) != 0 )
+ {
+ return( -1 );
+ }
+
+ return( 0 );
+}
+
+/*
* Check if 'parent' is a suitable parent (signing CA) for 'child'.
* Return 0 if yes, -1 if not.
*
* top means parent is a locally-trusted certificate
- * bottom means child is the end entity cert
*/
static int x509_crt_check_parent( const mbedtls_x509_crt *child,
const mbedtls_x509_crt *parent,
- int top, int bottom )
+ int top )
{
int need_ca_bit;
@@ -1876,14 +1913,6 @@
if( top && parent->version < 3 )
need_ca_bit = 0;
- /* Exception: self-signed end-entity certs that are locally trusted. */
- if( top && bottom &&
- child->raw.len == parent->raw.len &&
- memcmp( child->raw.p, parent->raw.p, child->raw.len ) == 0 )
- {
- need_ca_bit = 0;
- }
-
if( need_ca_bit && ! parent->ca_istrue )
return( -1 );
@@ -1898,86 +1927,78 @@
return( 0 );
}
-static int x509_crt_verify_top(
- mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca,
- mbedtls_x509_crl *ca_crl,
- const mbedtls_x509_crt_profile *profile,
- int path_cnt, int self_cnt, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy )
+/*
+ * Find a suitable parent for child in candidates, or return NULL.
+ *
+ * Here suitable is defined as:
+ * 1. subject name matches child's issuer
+ * 2. if necessary, the CA bit is set and key usage allows signing certs
+ * 3. for trusted roots, the signature is correct
+ * 4. pathlen constraints are satisfied
+ *
+ * If there's a suitable candidate which is also time-valid, return the first
+ * such. Otherwise, return the first suitable candidate (or NULL if there is
+ * none).
+ *
+ * The rationale for this rule is that someone could have a list of trusted
+ * roots with two versions on the same root with different validity periods.
+ * (At least one user reported having such a list and wanted it to just work.)
+ * The reason we don't just require time-validity is that generally there is
+ * only one version, and if it's expired we want the flags to state that
+ * rather than NOT_TRUSTED, as would be the case if we required it here.
+ *
+ * The rationale for rule 3 (signature for trusted roots) is that users might
+ * have two versions of the same CA with different keys in their list, and the
+ * way we select the correct one is by checking the signature (as we don't
+ * rely on key identifier extensions). (This is one way users might choose to
+ * handle key rollover, another relies on self-issued certs, see [SIRO].)
+ *
+ * Arguments:
+ * - [in] child: certificate for which we're looking for a parent
+ * - [in] candidates: chained list of potential parents
+ * - [in] top: 1 if candidates consists of trusted roots, ie we're at the top
+ * of the chain, 0 otherwise
+ * - [in] path_cnt: number of intermediates seen so far
+ * - [in] self_cnt: number of self-signed intermediates seen so far
+ * (will never be greater than path_cnt)
+ *
+ * Return value:
+ * - the first suitable parent found (see above regarding time-validity)
+ * - NULL if no suitable parent was found
+ */
+static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child,
+ mbedtls_x509_crt *candidates,
+ int top,
+ size_t path_cnt,
+ size_t self_cnt )
{
- int ret;
- uint32_t ca_flags = 0;
- int check_path_cnt;
- unsigned char hash[MBEDTLS_MD_MAX_SIZE];
- const mbedtls_md_info_t *md_info;
- mbedtls_x509_crt *future_past_ca = NULL;
+ mbedtls_x509_crt *parent, *badtime_parent = NULL;
- if( mbedtls_x509_time_is_past( &child->valid_to ) )
- *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
-
- if( mbedtls_x509_time_is_future( &child->valid_from ) )
- *flags |= MBEDTLS_X509_BADCERT_FUTURE;
-
- if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
- *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
-
- if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
- *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
-
- /*
- * Child is the top of the chain. Check against the trust_ca list.
- */
- *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
-
- md_info = mbedtls_md_info_from_type( child->sig_md );
- if( md_info == NULL )
+ for( parent = candidates; parent != NULL; parent = parent->next )
{
- /*
- * Cannot check 'unknown', no need to try any CA
- */
- trust_ca = NULL;
- }
- else
- mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash );
-
- for( /* trust_ca */ ; trust_ca != NULL; trust_ca = trust_ca->next )
- {
- if( x509_crt_check_parent( child, trust_ca, 1, path_cnt == 0 ) != 0 )
+ /* basic parenting skills (name, CA bit, key usage) */
+ if( x509_crt_check_parent( child, parent, top ) != 0 )
continue;
- check_path_cnt = path_cnt + 1;
-
- /*
- * Reduce check_path_cnt to check against if top of the chain is
- * the same as the trusted CA
- */
- if( child->subject_raw.len == trust_ca->subject_raw.len &&
- memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
- child->issuer_raw.len ) == 0 )
- {
- check_path_cnt--;
- }
-
- /* Self signed certificates do not count towards the limit */
- if( trust_ca->max_pathlen > 0 &&
- trust_ca->max_pathlen < check_path_cnt - self_cnt )
+ /* +1 because stored max_pathlen is 1 higher that the actual value */
+ if( parent->max_pathlen > 0 &&
+ (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt )
{
continue;
}
- if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk,
- child->sig_md, hash, mbedtls_md_get_size( md_info ),
- child->sig.p, child->sig.len ) != 0 )
+ /* Signature */
+ if( top && x509_crt_check_signature( child, parent ) != 0 )
{
continue;
}
- if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ||
- mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
+ /* optional time check */
+ if( mbedtls_x509_time_is_past( &parent->valid_to ) ||
+ mbedtls_x509_time_is_future( &parent->valid_from ) )
{
- if ( future_past_ca == NULL )
- future_past_ca = trust_ca;
+ if( badtime_parent == NULL )
+ badtime_parent = parent;
continue;
}
@@ -1985,190 +2006,292 @@
break;
}
- if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL )
- {
- /*
- * Top of chain is signed by a trusted CA
- */
- *flags &= ~MBEDTLS_X509_BADCERT_NOT_TRUSTED;
+ if( parent == NULL )
+ parent = badtime_parent;
- if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 )
- *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
- }
-
- /*
- * If top of chain is not the same as the trusted CA send a verify request
- * to the callback for any issues with validity and CRL presence for the
- * trusted CA certificate.
- */
- if( trust_ca != NULL &&
- ( child->subject_raw.len != trust_ca->subject_raw.len ||
- memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
- child->issuer_raw.len ) != 0 ) )
- {
-#if defined(MBEDTLS_X509_CRL_PARSE_C)
- /* Check trusted CA's CRL for the chain's top crt */
- *flags |= x509_crt_verifycrl( child, trust_ca, ca_crl, profile );
-#else
- ((void) ca_crl);
-#endif
-
- if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) )
- ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED;
-
- if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
- ca_flags |= MBEDTLS_X509_BADCERT_FUTURE;
-
- if( NULL != f_vrfy )
- {
- if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1,
- &ca_flags ) ) != 0 )
- {
- return( ret );
- }
- }
- }
-
- /* Call callback on top cert */
- if( NULL != f_vrfy )
- {
- if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
- return( ret );
- }
-
- *flags |= ca_flags;
-
- return( 0 );
+ return( parent );
}
-static int x509_crt_verify_child(
- mbedtls_x509_crt *child, mbedtls_x509_crt *parent,
- mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl,
- const mbedtls_x509_crt_profile *profile,
- int path_cnt, int self_cnt, uint32_t *flags,
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
- void *p_vrfy )
+/*
+ * Find a parent in trusted CAs or the provided chain, or return NULL.
+ *
+ * Searches in trusted CAs first, and return the first suitable parent found
+ * (see find_parent_in() for definition of suitable).
+ *
+ * Arguments:
+ * - [in] child: certificate for which we're looking for a parent, followed
+ * by a chain of possible intermediates
+ * - [in] trust_ca: locally trusted CAs
+ * - [out] 1 if parent was found in trust_ca, 0 if found in provided chain
+ * - [in] path_cnt: number of intermediates seen so far
+ * - [in] self_cnt: number of self-signed intermediates seen so far
+ * (will always be no greater than path_cnt)
+ *
+ * Return value:
+ * - the first suitable parent found (see find_parent_in() for "suitable")
+ * - NULL if no suitable parent was found
+ */
+static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child,
+ mbedtls_x509_crt *trust_ca,
+ int *parent_is_trusted,
+ size_t path_cnt,
+ size_t self_cnt )
{
- int ret;
- uint32_t parent_flags = 0;
- unsigned char hash[MBEDTLS_MD_MAX_SIZE];
- mbedtls_x509_crt *grandparent;
- const mbedtls_md_info_t *md_info;
+ mbedtls_x509_crt *parent;
- /* Counting intermediate self signed certificates */
- if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 )
- self_cnt++;
+ /* Look for a parent in trusted CAs */
+ *parent_is_trusted = 1;
+ parent = x509_crt_find_parent_in( child, trust_ca, 1, path_cnt, self_cnt );
- /* path_cnt is 0 for the first intermediate CA */
- if( 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
+ if( parent != NULL )
+ return( parent );
+
+ /* Look for a parent upwards the chain */
+ *parent_is_trusted = 0;
+ return( x509_crt_find_parent_in( child, child->next, 0, path_cnt, self_cnt ) );
+}
+
+/*
+ * Check if an end-entity certificate is locally trusted
+ *
+ * Currently we require such certificates to be self-signed (actually only
+ * check for self-issued as self-signatures are not checked)
+ */
+static int x509_crt_check_ee_locally_trusted(
+ mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca )
+{
+ mbedtls_x509_crt *cur;
+
+ /* must be self-issued */
+ if( x509_name_cmp( &crt->issuer, &crt->subject ) != 0 )
+ return( -1 );
+
+ /* look for an exact match with trusted cert */
+ for( cur = trust_ca; cur != NULL; cur = cur->next )
{
- /* return immediately as the goal is to avoid unbounded recursion */
- return( MBEDTLS_ERR_X509_FATAL_ERROR );
- }
-
- if( mbedtls_x509_time_is_past( &child->valid_to ) )
- *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
-
- if( mbedtls_x509_time_is_future( &child->valid_from ) )
- *flags |= MBEDTLS_X509_BADCERT_FUTURE;
-
- if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
- *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
-
- if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
- *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
-
- md_info = mbedtls_md_info_from_type( child->sig_md );
- if( md_info == NULL )
- {
- /*
- * Cannot check 'unknown' hash
- */
- *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
- }
- else
- {
- mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash );
-
- if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 )
- *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
-
- if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk,
- child->sig_md, hash, mbedtls_md_get_size( md_info ),
- child->sig.p, child->sig.len ) != 0 )
+ if( crt->raw.len == cur->raw.len &&
+ memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 )
{
- *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
+ return( 0 );
}
}
+ /* too bad */
+ return( -1 );
+}
+
+/*
+ * Build and verify a certificate chain
+ *
+ * Given a peer-provided list of certificates EE, C1, ..., Cn and
+ * a list of trusted certs R1, ... Rp, try to build and verify a chain
+ * EE, Ci1, ... Ciq [, Rj]
+ * such that every cert in the chain is a child of the next one,
+ * jumping to a trusted root as early as possible.
+ *
+ * Verify that chain and return it with flags for all issues found.
+ *
+ * Special cases:
+ * - EE == Rj -> return a one-element list containing it
+ * - EE, Ci1, ..., Ciq cannot be continued with a trusted root
+ * -> return that chain with NOT_TRUSTED set on Ciq
+ *
+ * Arguments:
+ * - [in] crt: the cert list EE, C1, ..., Cn
+ * - [in] trust_ca: the trusted list R1, ..., Rp
+ * - [in] ca_crl, profile: as in verify_with_profile()
+ * - [out] ver_chain, chain_len: the built and verified chain
+ *
+ * Return value:
+ * - non-zero if the chain could not be fully built and examined
+ * - 0 is the chain was successfully built and examined,
+ * even if it was found to be invalid
+ */
+static int x509_crt_verify_chain(
+ mbedtls_x509_crt *crt,
+ mbedtls_x509_crt *trust_ca,
+ mbedtls_x509_crl *ca_crl,
+ const mbedtls_x509_crt_profile *profile,
+ x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE],
+ size_t *chain_len )
+{
+ uint32_t *flags;
+ mbedtls_x509_crt *child;
+ mbedtls_x509_crt *parent;
+ int parent_is_trusted = 0;
+ int child_is_trusted = 0;
+ size_t self_cnt = 0;
+
+ child = crt;
+ *chain_len = 0;
+
+ while( 1 ) {
+ /* Add certificate to the verification chain */
+ ver_chain[*chain_len].crt = child;
+ flags = &ver_chain[*chain_len].flags;
+ ++*chain_len;
+
+ /* Check time-validity (all certificates) */
+ if( mbedtls_x509_time_is_past( &child->valid_to ) )
+ *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
+
+ if( mbedtls_x509_time_is_future( &child->valid_from ) )
+ *flags |= MBEDTLS_X509_BADCERT_FUTURE;
+
+ /* Stop here for trusted roots (but not for trusted EE certs) */
+ if( child_is_trusted )
+ return( 0 );
+
+ /* Check signature algorithm: MD & PK algs */
+ if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
+ *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
+
+ if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
+ *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
+
+ /* Special case: EE certs that are locally trusted */
+ if( *chain_len == 1 &&
+ x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 )
+ {
+ return( 0 );
+ }
+
+ /* Look for a parent in trusted CAs or up the chain */
+ parent = x509_crt_find_parent( child, trust_ca, &parent_is_trusted,
+ *chain_len - 1, self_cnt );
+
+ /* No parent? We're done here */
+ if( parent == NULL )
+ {
+ *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
+ return( 0 );
+ }
+
+ /* Count intermediate self-issued (not necessarily self-signed) certs.
+ * These can occur with some strategies for key rollover, see [SIRO],
+ * and should be excluded from max_pathlen checks. */
+ if( *chain_len != 1 &&
+ x509_name_cmp( &child->issuer, &child->subject ) == 0 )
+ {
+ self_cnt++;
+ }
+
+ /* path_cnt is 0 for the first intermediate CA,
+ * and if parent is trusted it's not an intermediate CA */
+ if( ! parent_is_trusted &&
+ *chain_len > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
+ {
+ /* return immediately to avoid overflow the chain array */
+ return( MBEDTLS_ERR_X509_FATAL_ERROR );
+ }
+
+ /* if parent is trusted, the signature was checked by find_parent() */
+ if( ! parent_is_trusted && x509_crt_check_signature( child, parent ) != 0 )
+ *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
+
+ /* check size of signing key */
+ if( x509_profile_check_key( profile, &parent->pk ) != 0 )
+ *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
+
#if defined(MBEDTLS_X509_CRL_PARSE_C)
- /* Check trusted CA's CRL for the given crt */
- *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile );
+ /* Check trusted CA's CRL for the given crt */
+ *flags |= x509_crt_verifycrl( child, parent, ca_crl, profile );
+#else
+ (void) ca_crl;
#endif
- /* Look for a grandparent in trusted CAs */
- for( grandparent = trust_ca;
- grandparent != NULL;
- grandparent = grandparent->next )
+ /* prepare for next iteration */
+ child = parent;
+ parent = NULL;
+ child_is_trusted = parent_is_trusted;
+ }
+}
+
+/*
+ * Check for CN match
+ */
+static int x509_crt_check_cn( const mbedtls_x509_buf *name,
+ const char *cn, size_t cn_len )
+{
+ /* try exact match */
+ if( name->len == cn_len &&
+ x509_memcasecmp( cn, name->p, cn_len ) == 0 )
{
- if( x509_crt_check_parent( parent, grandparent,
- 0, path_cnt == 0 ) == 0 )
- break;
+ return( 0 );
}
- if( grandparent != NULL )
+ /* try wildcard match */
+ if( x509_check_wildcard( cn, name ) == 0 )
{
- ret = x509_crt_verify_top( parent, grandparent, ca_crl, profile,
- path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy );
- if( ret != 0 )
- return( ret );
+ return( 0 );
}
- else
+
+ return( -1 );
+}
+
+/*
+ * Verify the requested CN - only call this if cn is not NULL!
+ */
+static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
+ const char *cn,
+ uint32_t *flags )
+{
+ const mbedtls_x509_name *name;
+ const mbedtls_x509_sequence *cur;
+ size_t cn_len = strlen( cn );
+
+ if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
{
- /* Look for a grandparent upwards the chain */
- for( grandparent = parent->next;
- grandparent != NULL;
- grandparent = grandparent->next )
+ for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next )
{
- /* +2 because the current step is not yet accounted for
- * and because max_pathlen is one higher than it should be.
- * Also self signed certificates do not count to the limit. */
- if( grandparent->max_pathlen > 0 &&
- grandparent->max_pathlen < 2 + path_cnt - self_cnt )
- {
- continue;
- }
-
- if( x509_crt_check_parent( parent, grandparent,
- 0, path_cnt == 0 ) == 0 )
+ if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 )
break;
}
- /* Is our parent part of the chain or at the top? */
- if( grandparent != NULL )
- {
- ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl,
- profile, path_cnt + 1, self_cnt, &parent_flags,
- f_vrfy, p_vrfy );
- if( ret != 0 )
- return( ret );
- }
- else
- {
- ret = x509_crt_verify_top( parent, trust_ca, ca_crl, profile,
- path_cnt + 1, self_cnt, &parent_flags,
- f_vrfy, p_vrfy );
- if( ret != 0 )
- return( ret );
- }
+ if( cur == NULL )
+ *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
}
+ else
+ {
+ for( name = &crt->subject; name != NULL; name = name->next )
+ {
+ if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 &&
+ x509_crt_check_cn( &name->val, cn, cn_len ) == 0 )
+ {
+ break;
+ }
+ }
- /* child is verified to be a child of the parent, call verify callback */
- if( NULL != f_vrfy )
- if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
- return( ret );
+ if( name == NULL )
+ *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
+ }
+}
- *flags |= parent_flags;
+/*
+ * Merge the flags for all certs in the chain, after calling callback
+ */
+static int x509_crt_merge_flags_with_cb(
+ uint32_t *flags,
+ x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE],
+ size_t chain_len,
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+ void *p_vrfy )
+{
+ int ret;
+ size_t i;
+ uint32_t cur_flags;
+
+ for( i = chain_len; i != 0; --i )
+ {
+ cur_flags = ver_chain[i-1].flags;
+
+ if( NULL != f_vrfy )
+ if( ( ret = f_vrfy( p_vrfy, ver_chain[i-1].crt, (int) i-1, &cur_flags ) ) != 0 )
+ return( ret );
+
+ *flags |= cur_flags;
+ }
return( 0 );
}
@@ -2187,9 +2310,15 @@
&mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) );
}
-
/*
* Verify the certificate validity, with profile
+ *
+ * This function:
+ * - checks the requested CN (if any)
+ * - checks the type and size of the EE cert's key,
+ * as that isn't done as part of chain building/verification currently
+ * - builds and verifies the chain
+ * - then calls the callback and merges the flags
*/
int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
@@ -2199,15 +2328,15 @@
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy )
{
- size_t cn_len;
int ret;
- int pathlen = 0, selfsigned = 0;
- mbedtls_x509_crt *parent;
- mbedtls_x509_name *name;
- mbedtls_x509_sequence *cur = NULL;
mbedtls_pk_type_t pk_type;
+ x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE];
+ size_t chain_len;
+ uint32_t *ee_flags = &ver_chain[0].flags;
*flags = 0;
+ memset( ver_chain, 0, sizeof( ver_chain ) );
+ chain_len = 0;
if( profile == NULL )
{
@@ -2215,104 +2344,28 @@
goto exit;
}
+ /* check name if requested */
if( cn != NULL )
- {
- name = &crt->subject;
- cn_len = strlen( cn );
-
- if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
- {
- cur = &crt->subject_alt_names;
-
- while( cur != NULL )
- {
- if( cur->buf.len == cn_len &&
- x509_memcasecmp( cn, cur->buf.p, cn_len ) == 0 )
- break;
-
- if( cur->buf.len > 2 &&
- memcmp( cur->buf.p, "*.", 2 ) == 0 &&
- x509_check_wildcard( cn, &cur->buf ) == 0 )
- {
- break;
- }
-
- cur = cur->next;
- }
-
- if( cur == NULL )
- *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
- }
- else
- {
- while( name != NULL )
- {
- if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 )
- {
- if( name->val.len == cn_len &&
- x509_memcasecmp( name->val.p, cn, cn_len ) == 0 )
- break;
-
- if( name->val.len > 2 &&
- memcmp( name->val.p, "*.", 2 ) == 0 &&
- x509_check_wildcard( cn, &name->val ) == 0 )
- break;
- }
-
- name = name->next;
- }
-
- if( name == NULL )
- *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
- }
- }
+ x509_crt_verify_name( crt, cn, ee_flags );
/* Check the type and size of the key */
pk_type = mbedtls_pk_get_type( &crt->pk );
if( x509_profile_check_pk_alg( profile, pk_type ) != 0 )
- *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
+ *ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
- if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 )
- *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
+ if( x509_profile_check_key( profile, &crt->pk ) != 0 )
+ *ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
- /* Look for a parent in trusted CAs */
- for( parent = trust_ca; parent != NULL; parent = parent->next )
- {
- if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
- break;
- }
+ /* Check the chain */
+ ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile,
+ ver_chain, &chain_len );
+ if( ret != 0 )
+ goto exit;
- if( parent != NULL )
- {
- ret = x509_crt_verify_top( crt, parent, ca_crl, profile,
- pathlen, selfsigned, flags, f_vrfy, p_vrfy );
- if( ret != 0 )
- goto exit;
- }
- else
- {
- /* Look for a parent upwards the chain */
- for( parent = crt->next; parent != NULL; parent = parent->next )
- if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
- break;
-
- /* Are we part of the chain or at the top? */
- if( parent != NULL )
- {
- ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile,
- pathlen, selfsigned, flags, f_vrfy, p_vrfy );
- if( ret != 0 )
- goto exit;
- }
- else
- {
- ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile,
- pathlen, selfsigned, flags, f_vrfy, p_vrfy );
- if( ret != 0 )
- goto exit;
- }
- }
+ /* Build final flags, calling callback on the way if any */
+ ret = x509_crt_merge_flags_with_cb( flags,
+ ver_chain, chain_len, f_vrfy, p_vrfy );
exit:
/* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
@@ -2369,7 +2422,7 @@
{
name_prv = name_cur;
name_cur = name_cur->next;
- mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
+ mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
mbedtls_free( name_prv );
}
@@ -2378,7 +2431,7 @@
{
name_prv = name_cur;
name_cur = name_cur->next;
- mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
+ mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
mbedtls_free( name_prv );
}
@@ -2387,7 +2440,8 @@
{
seq_prv = seq_cur;
seq_cur = seq_cur->next;
- mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) );
+ mbedtls_platform_zeroize( seq_prv,
+ sizeof( mbedtls_x509_sequence ) );
mbedtls_free( seq_prv );
}
@@ -2396,13 +2450,14 @@
{
seq_prv = seq_cur;
seq_cur = seq_cur->next;
- mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) );
+ mbedtls_platform_zeroize( seq_prv,
+ sizeof( mbedtls_x509_sequence ) );
mbedtls_free( seq_prv );
}
if( cert_cur->raw.p != NULL )
{
- mbedtls_zeroize( cert_cur->raw.p, cert_cur->raw.len );
+ mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len );
mbedtls_free( cert_cur->raw.p );
}
@@ -2416,7 +2471,7 @@
cert_prv = cert_cur;
cert_cur = cert_cur->next;
- mbedtls_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) );
+ mbedtls_platform_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) );
if( cert_prv != crt )
mbedtls_free( cert_prv );
}
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 26a06db..3e8e8fb 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -39,6 +39,7 @@
#include "mbedtls/x509_csr.h"
#include "mbedtls/oid.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -60,11 +61,6 @@
#include <stdio.h>
#endif
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
/*
* Version ::= INTEGER { v1(0) }
*/
@@ -325,7 +321,7 @@
ret = mbedtls_x509_csr_parse( csr, buf, n );
- mbedtls_zeroize( buf, n );
+ mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf );
return( ret );
@@ -407,17 +403,17 @@
{
name_prv = name_cur;
name_cur = name_cur->next;
- mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
+ mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
mbedtls_free( name_prv );
}
if( csr->raw.p != NULL )
{
- mbedtls_zeroize( csr->raw.p, csr->raw.len );
+ mbedtls_platform_zeroize( csr->raw.p, csr->raw.len );
mbedtls_free( csr->raw.p );
}
- mbedtls_zeroize( csr, sizeof( mbedtls_x509_csr ) );
+ mbedtls_platform_zeroize( csr, sizeof( mbedtls_x509_csr ) );
}
#endif /* MBEDTLS_X509_CSR_PARSE_C */
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 41dfe87..b1ef216 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -37,6 +37,7 @@
#include "mbedtls/oid.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/sha1.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -44,11 +45,6 @@
#include "mbedtls/pem.h"
#endif /* MBEDTLS_PEM_WRITE_C */
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
{
memset( ctx, 0, sizeof( mbedtls_x509write_cert ) );
@@ -65,7 +61,7 @@
mbedtls_asn1_free_named_data_list( &ctx->issuer );
mbedtls_asn1_free_named_data_list( &ctx->extensions );
- mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_cert ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_cert ) );
}
void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version )
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index e800538..66cee56 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -35,6 +35,7 @@
#include "mbedtls/x509_csr.h"
#include "mbedtls/oid.h"
#include "mbedtls/asn1write.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
#include <stdlib.h>
@@ -43,11 +44,6 @@
#include "mbedtls/pem.h"
#endif
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
{
memset( ctx, 0, sizeof( mbedtls_x509write_csr ) );
@@ -58,7 +54,7 @@
mbedtls_asn1_free_named_data_list( &ctx->subject );
mbedtls_asn1_free_named_data_list( &ctx->extensions );
- mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_csr ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_csr ) );
}
void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg )
diff --git a/library/xtea.c b/library/xtea.c
index fe0a350..a33707b 100644
--- a/library/xtea.c
+++ b/library/xtea.c
@@ -28,6 +28,7 @@
#if defined(MBEDTLS_XTEA_C)
#include "mbedtls/xtea.h"
+#include "mbedtls/platform_util.h"
#include <string.h>
@@ -42,11 +43,6 @@
#if !defined(MBEDTLS_XTEA_ALT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
- volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
/*
* 32-bit integer manipulation macros (big endian)
*/
@@ -80,7 +76,7 @@
if( ctx == NULL )
return;
- mbedtls_zeroize( ctx, sizeof( mbedtls_xtea_context ) );
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_xtea_context ) );
}
/*
diff --git a/programs/.gitignore b/programs/.gitignore
index 27055b8..ddfa1a4 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -47,6 +47,7 @@
test/selftest
test/ssl_cert_test
test/udp_proxy
+test/zeroize
util/pem2der
util/strerror
x509/cert_app
diff --git a/programs/Makefile b/programs/Makefile
index 443689b..080e82d 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -35,7 +35,7 @@
SHARED_SUFFIX=.$(DLEXT)
endif
else
-DLEXT=so
+DLEXT ?= so
EXEXT=
SHARED_SUFFIX=
endif
@@ -67,6 +67,7 @@
random/gen_random_ctr_drbg$(EXEXT) \
test/ssl_cert_test$(EXEXT) test/benchmark$(EXEXT) \
test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \
+ test/zeroize$(EXEXT) \
util/pem2der$(EXEXT) util/strerror$(EXEXT) \
x509/cert_app$(EXEXT) x509/crl_app$(EXEXT) \
x509/cert_req$(EXEXT) x509/cert_write$(EXEXT) \
@@ -249,6 +250,10 @@
echo " CC test/udp_proxy.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/udp_proxy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+test/zeroize$(EXEXT): test/zeroize.c $(DEP)
+ echo " CC test/zeroize.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
util/pem2der$(EXEXT): util/pem2der.c $(DEP)
echo " CC util/pem2der.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/pem2der.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index daf08a9..55df95e 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -29,6 +29,7 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
+#include <stdlib.h>
#define mbedtls_snprintf snprintf
#define mbedtls_printf printf
#endif
@@ -100,8 +101,7 @@
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
{
- ret = 1;
- mbedtls_printf( " failed\n ! Could not open '%s'\n", argv[1] );
+ mbedtls_printf( " failed\n ! Could not parse '%s'\n", argv[1] );
goto exit;
}
@@ -141,6 +141,7 @@
if( fwrite( buf, 1, olen, f ) != olen )
{
+ ret = 1;
mbedtls_printf( "failed\n ! fwrite failed\n\n" );
fclose( f );
goto exit;
@@ -168,7 +169,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ return( ret ? EXIT_FAILURE : EXIT_SUCCESS );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 8e2feb1..5d8969d 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -73,6 +73,7 @@
#define DFL_REQUEST_SIZE -1
#define DFL_DEBUG_LEVEL 0
#define DFL_NBIO 0
+#define DFL_EVENT 0
#define DFL_READ_TIMEOUT 0
#define DFL_MAX_RESEND 0
#define DFL_CA_FILE ""
@@ -245,24 +246,26 @@
" server_addr=%%s default: given by name\n" \
" server_port=%%d default: 4433\n" \
" request_page=%%s default: \".\"\n" \
- " request_size=%%d default: about 34 (basic request)\n" \
+ " request_size=%%d default: about 34 (basic request)\n" \
" (minimum: 0, max: " MAX_REQUEST_SIZE_STR " )\n" \
- " debug_level=%%d default: 0 (disabled)\n" \
- " nbio=%%d default: 0 (blocking I/O)\n" \
- " options: 1 (non-blocking), 2 (added delays)\n" \
- " read_timeout=%%d default: 0 ms (no timeout)\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " nbio=%%d default: 0 (blocking I/O)\n" \
+ " options: 1 (non-blocking), 2 (added delays)\n" \
+ " event=%%d default: 0 (loop)\n" \
+ " options: 1 (level-triggered, implies nbio=1),\n" \
+ " read_timeout=%%d default: 0 ms (no timeout)\n" \
" max_resend=%%d default: 0 (no resend on timeout)\n" \
"\n" \
USAGE_DTLS \
"\n" \
- " auth_mode=%%s default: (library default: none)\n" \
+ " auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \
USAGE_IO \
"\n" \
USAGE_PSK \
USAGE_ECJPAKE \
"\n" \
- " allow_legacy=%%d default: (library default: no)\n" \
+ " allow_legacy=%%d default: (library default: no)\n" \
USAGE_RENEGO \
" exchanges=%%d default: 1\n" \
" reconnect=%%d default: 0 (disabled)\n" \
@@ -302,7 +305,8 @@
const char *server_port; /* port on which the ssl service runs */
int debug_level; /* level of debugging */
int nbio; /* should I/O be blocking? */
- uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
+ int event; /* loop or event-driven IO? level or edge triggered? */
+ uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
int max_resend; /* DTLS times to resend on read timeout */
const char *request_page; /* page on server to request */
int request_size; /* pad request with header to requested size */
@@ -353,7 +357,8 @@
if( *p == '/' || *p == '\\' )
basename = p + 1;
- mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s", basename, line, level, str );
+ mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s",
+ basename, line, level, str );
fflush( (FILE *) ctx );
}
@@ -399,7 +404,8 @@
/*
* Enabled if debug_level > 1 in code below
*/
-static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags )
+static int my_verify( void *data, mbedtls_x509_crt *crt,
+ int depth, uint32_t *flags )
{
char buf[1024];
((void) data);
@@ -436,6 +442,57 @@
};
#endif /* MBEDTLS_X509_CRT_PARSE_C */
+/*
+ * Wait for an event from the underlying transport or the timer
+ * (Used in event-driven IO mode).
+ */
+#if !defined(MBEDTLS_TIMING_C)
+int idle( mbedtls_net_context *fd,
+ int idle_reason )
+#else
+int idle( mbedtls_net_context *fd,
+ mbedtls_timing_delay_context *timer,
+ int idle_reason )
+#endif
+{
+
+ int ret;
+ int poll_type = 0;
+
+ if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE )
+ poll_type = MBEDTLS_NET_POLL_WRITE;
+ else if( idle_reason == MBEDTLS_ERR_SSL_WANT_READ )
+ poll_type = MBEDTLS_NET_POLL_READ;
+#if !defined(MBEDTLS_TIMING_C)
+ else
+ return( 0 );
+#endif
+
+ while( 1 )
+ {
+ /* Check if timer has expired */
+#if defined(MBEDTLS_TIMING_C)
+ if( timer != NULL &&
+ mbedtls_timing_get_delay( timer ) == 2 )
+ {
+ break;
+ }
+#endif /* MBEDTLS_TIMING_C */
+
+ /* Check if underlying transport became available */
+ if( poll_type != 0 )
+ {
+ ret = mbedtls_net_poll( fd, poll_type, 0 );
+ if( ret < 0 )
+ return( ret );
+ if( ret == poll_type )
+ break;
+ }
+ }
+
+ return( 0 );
+}
+
int main( int argc, char *argv[] )
{
int ret = 0, len, tail_len, i, written, frags, retry_left;
@@ -521,6 +578,7 @@
opt.server_port = DFL_SERVER_PORT;
opt.debug_level = DFL_DEBUG_LEVEL;
opt.nbio = DFL_NBIO;
+ opt.event = DFL_EVENT;
opt.read_timeout = DFL_READ_TIMEOUT;
opt.max_resend = DFL_MAX_RESEND;
opt.request_page = DFL_REQUEST_PAGE;
@@ -594,6 +652,12 @@
if( opt.nbio < 0 || opt.nbio > 2 )
goto usage;
}
+ else if( strcmp( p, "event" ) == 0 )
+ {
+ opt.event = atoi( q );
+ if( opt.event < 0 || opt.event > 2 )
+ goto usage;
+ }
else if( strcmp( p, "read_timeout" ) == 0 )
opt.read_timeout = atoi( q );
else if( strcmp( p, "max_resend" ) == 0 )
@@ -638,16 +702,23 @@
}
else if( strcmp( p, "renegotiation" ) == 0 )
{
- opt.renegotiation = (atoi( q )) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED :
- MBEDTLS_SSL_RENEGOTIATION_DISABLED;
+ opt.renegotiation = (atoi( q )) ?
+ MBEDTLS_SSL_RENEGOTIATION_ENABLED :
+ MBEDTLS_SSL_RENEGOTIATION_DISABLED;
}
else if( strcmp( p, "allow_legacy" ) == 0 )
{
switch( atoi( q ) )
{
- case -1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; break;
- case 0: opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; break;
- case 1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; break;
+ case -1:
+ opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE;
+ break;
+ case 0:
+ opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
+ break;
+ case 1:
+ opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION;
+ break;
default: goto usage;
}
}
@@ -704,8 +775,12 @@
{
switch( atoi( q ) )
{
- case 0: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; break;
- case 1: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; break;
+ case 0:
+ opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED;
+ break;
+ case 1:
+ opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
+ break;
default: goto usage;
}
}
@@ -864,6 +939,15 @@
goto usage;
}
+ /* Event-driven IO is incompatible with the above custom
+ * receive and send functions, as the polling builds on
+ * refers to the underlying net_context. */
+ if( opt.event == 1 && opt.nbio != 1 )
+ {
+ mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" );
+ opt.nbio = 1;
+ }
+
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold( opt.debug_level );
#endif
@@ -871,19 +955,20 @@
if( opt.force_ciphersuite[0] > 0 )
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
- ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
+ ciphersuite_info =
+ mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
if( opt.max_version != -1 &&
ciphersuite_info->min_minor_ver > opt.max_version )
{
- mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
+ mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
ciphersuite_info->max_minor_ver < opt.min_version )
{
- mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
+ mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
goto usage;
}
@@ -909,7 +994,7 @@
{
if( opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED )
{
- mbedtls_printf("forced RC4 ciphersuite with RC4 disabled\n");
+ mbedtls_printf( "forced RC4 ciphersuite with RC4 disabled\n" );
ret = 2;
goto usage;
}
@@ -929,7 +1014,7 @@
if( strlen( opt.psk ) % 2 != 0 )
{
- mbedtls_printf("pre-shared key not valid hex\n");
+ mbedtls_printf( "pre-shared key not valid hex\n" );
goto exit;
}
@@ -946,7 +1031,7 @@
c -= 'A' - 10;
else
{
- mbedtls_printf("pre-shared key not valid hex\n");
+ mbedtls_printf( "pre-shared key not valid hex\n" );
goto exit;
}
psk[ j / 2 ] = c << 4;
@@ -960,7 +1045,7 @@
c -= 'A' - 10;
else
{
- mbedtls_printf("pre-shared key not valid hex\n");
+ mbedtls_printf( "pre-shared key not valid hex\n" );
goto exit;
}
psk[ j / 2 ] |= c;
@@ -1051,11 +1136,12 @@
fflush( stdout );
mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
+ -ret );
goto exit;
}
@@ -1093,12 +1179,13 @@
#else
{
ret = 1;
- mbedtls_printf("MBEDTLS_CERTS_C not defined.");
+ mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
}
#endif
if( ret < 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
+ -ret );
goto exit;
}
@@ -1121,7 +1208,8 @@
else
#endif
#if defined(MBEDTLS_CERTS_C)
- ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
+ ret = mbedtls_x509_crt_parse( &clicert,
+ (const unsigned char *) mbedtls_test_cli_crt,
mbedtls_test_cli_crt_len );
#else
{
@@ -1131,7 +1219,8 @@
#endif
if( ret != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
+ -ret );
goto exit;
}
@@ -1144,7 +1233,8 @@
else
#endif
#if defined(MBEDTLS_CERTS_C)
- ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key,
+ ret = mbedtls_pk_parse_key( &pkey,
+ (const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len, NULL, 0 );
#else
{
@@ -1154,7 +1244,8 @@
#endif
if( ret != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
+ -ret );
goto exit;
}
@@ -1172,11 +1263,13 @@
opt.server_addr, opt.server_port );
fflush( stdout );
- if( ( ret = mbedtls_net_connect( &server_fd, opt.server_addr, opt.server_port,
- opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
- MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
+ if( ( ret = mbedtls_net_connect( &server_fd,
+ opt.server_addr, opt.server_port,
+ opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
+ MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
+ -ret );
goto exit;
}
@@ -1186,7 +1279,8 @@
ret = mbedtls_net_set_block( &server_fd );
if( ret != 0 )
{
- mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
+ -ret );
goto exit;
}
@@ -1203,7 +1297,8 @@
opt.transport,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n",
+ -ret );
goto exit;
}
@@ -1226,13 +1321,15 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
- mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
+ mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min,
+ opt.hs_to_max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n",
+ ret );
goto exit;
}
#endif
@@ -1255,8 +1352,8 @@
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
if( opt.recsplit != DFL_RECSPLIT )
mbedtls_ssl_conf_cbc_record_splitting( &conf, opt.recsplit
- ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
- : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
+ ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
+ : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
#endif
#if defined(MBEDTLS_DHM_C)
@@ -1268,7 +1365,8 @@
if( opt.alpn_string != NULL )
if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n",
+ ret );
goto exit;
}
#endif
@@ -1307,7 +1405,8 @@
{
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n",
+ ret );
goto exit;
}
}
@@ -1326,16 +1425,19 @@
(const unsigned char *) opt.psk_identity,
strlen( opt.psk_identity ) ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n",
+ ret );
goto exit;
}
#endif
if( opt.min_version != DFL_MIN_VERSION )
- mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
+ mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ opt.min_version );
if( opt.max_version != DFL_MAX_VERSION )
- mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
+ mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ opt.max_version );
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
if( opt.fallback != DFL_FALLBACK )
@@ -1344,14 +1446,16 @@
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
+ -ret );
goto exit;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
+ ret );
goto exit;
}
#endif
@@ -1363,7 +1467,8 @@
(const unsigned char *) opt.ecjpake_pw,
strlen( opt.ecjpake_pw ) ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n",
+ ret );
goto exit;
}
}
@@ -1372,7 +1477,8 @@
if( opt.nbio == 2 )
mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL );
else
- mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv,
+ mbedtls_ssl_set_bio( &ssl, &server_fd,
+ mbedtls_net_send, mbedtls_net_recv,
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
#if defined(MBEDTLS_TIMING_C)
@@ -1390,9 +1496,11 @@
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
- if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
+ -ret );
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
mbedtls_printf(
" Unable to verify the server's certificate. "
@@ -1404,10 +1512,23 @@
mbedtls_printf( "\n" );
goto exit;
}
+
+ /* For event-driven IO, wait for socket to become available */
+ if( opt.event == 1 /* level triggered IO */ )
+ {
+#if defined(MBEDTLS_TIMING_C)
+ ret = idle( &server_fd, &timer, ret );
+#else
+ ret = idle( &server_fd, ret );
+#endif
+ if( ret != 0 )
+ goto exit;
+ }
}
mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
- mbedtls_ssl_get_version( &ssl ), mbedtls_ssl_get_ciphersuite( &ssl ) );
+ mbedtls_ssl_get_version( &ssl ),
+ mbedtls_ssl_get_ciphersuite( &ssl ) );
if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
mbedtls_printf( " [ Record expansion is %d ]\n", ret );
@@ -1435,7 +1556,8 @@
if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
+ -ret );
goto exit;
}
@@ -1454,7 +1576,8 @@
mbedtls_printf( " failed\n" );
- mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
+ mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ),
+ " ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
}
@@ -1484,9 +1607,21 @@
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n",
+ ret );
goto exit;
}
+
+ /* For event-driven IO, wait for socket to become available */
+ if( opt.event == 1 /* level triggered IO */ )
+ {
+#if defined(MBEDTLS_TIMING_C)
+ idle( &server_fd, &timer, ret );
+#else
+ idle( &server_fd, ret );
+#endif
+ }
+
}
mbedtls_printf( " ok\n" );
}
@@ -1530,27 +1665,54 @@
{
for( written = 0, frags = 0; written < len; written += ret, frags++ )
{
- while( ( ret = mbedtls_ssl_write( &ssl, buf + written, len - written ) )
- <= 0 )
+ while( ( ret = mbedtls_ssl_write( &ssl, buf + written,
+ len - written ) ) <= 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
+ -ret );
goto exit;
}
+
+ /* For event-driven IO, wait for socket to become available */
+ if( opt.event == 1 /* level triggered IO */ )
+ {
+#if defined(MBEDTLS_TIMING_C)
+ idle( &server_fd, &timer, ret );
+#else
+ idle( &server_fd, ret );
+#endif
+ }
}
}
}
else /* Not stream, so datagram */
{
- do ret = mbedtls_ssl_write( &ssl, buf, len );
- while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ while( 1 )
+ {
+ ret = mbedtls_ssl_write( &ssl, buf, len );
+
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ break;
+
+ /* For event-driven IO, wait for socket to become available */
+ if( opt.event == 1 /* level triggered IO */ )
+ {
+#if defined(MBEDTLS_TIMING_C)
+ idle( &server_fd, &timer, ret );
+#else
+ idle( &server_fd, ret );
+#endif
+ }
+ }
if( ret < 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n",
+ ret );
goto exit;
}
@@ -1565,7 +1727,8 @@
}
buf[written] = '\0';
- mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
+ mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n",
+ written, frags, (char *) buf );
/*
* 7. Read the HTTP response
@@ -1586,7 +1749,18 @@
if( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ /* For event-driven IO, wait for socket to become available */
+ if( opt.event == 1 /* level triggered IO */ )
+ {
+#if defined(MBEDTLS_TIMING_C)
+ idle( &server_fd, &timer, ret );
+#else
+ idle( &server_fd, ret );
+#endif
+ }
continue;
+ }
if( ret <= 0 )
{
@@ -1604,7 +1778,8 @@
goto reconnect;
default:
- mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
+ mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n",
+ -ret );
goto exit;
}
}
@@ -1628,9 +1803,24 @@
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
- do ret = mbedtls_ssl_read( &ssl, buf, len );
- while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ while( 1 )
+ {
+ ret = mbedtls_ssl_read( &ssl, buf, len );
+
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ break;
+
+ /* For event-driven IO, wait for socket to become available */
+ if( opt.event == 1 /* level triggered IO */ )
+ {
+#if defined(MBEDTLS_TIMING_C)
+ idle( &server_fd, &timer, ret );
+#else
+ idle( &server_fd, ret );
+#endif
+ }
+ }
if( ret <= 0 )
{
@@ -1671,7 +1861,8 @@
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
+ -ret );
goto exit;
}
@@ -1680,9 +1871,20 @@
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
+ -ret );
goto exit;
}
+
+ /* For event-driven IO, wait for socket to become available */
+ if( opt.event == 1 /* level triggered IO */ )
+ {
+#if defined(MBEDTLS_TIMING_C)
+ idle( &server_fd, &timer, ret );
+#else
+ idle( &server_fd, ret );
+#endif
+ }
}
mbedtls_printf( " ok\n" );
@@ -1729,21 +1931,25 @@
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
+ -ret );
goto exit;
}
if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_session returned %d\n\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_session returned %d\n\n",
+ ret );
goto exit;
}
- if( ( ret = mbedtls_net_connect( &server_fd, opt.server_addr, opt.server_port,
- opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
- MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
+ if( ( ret = mbedtls_net_connect( &server_fd,
+ opt.server_addr, opt.server_port,
+ opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
+ MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
+ -ret );
goto exit;
}
@@ -1754,7 +1960,7 @@
if( ret != 0 )
{
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
- -ret );
+ -ret );
goto exit;
}
@@ -1763,7 +1969,8 @@
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
+ -ret );
goto exit;
}
}
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index cc29b49..6bfb210 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -101,6 +101,7 @@
#define DFL_SERVER_PORT "4433"
#define DFL_DEBUG_LEVEL 0
#define DFL_NBIO 0
+#define DFL_EVENT 0
#define DFL_READ_TIMEOUT 0
#define DFL_CA_FILE ""
#define DFL_CA_PATH ""
@@ -331,6 +332,8 @@
" debug_level=%%d default: 0 (disabled)\n" \
" nbio=%%d default: 0 (blocking I/O)\n" \
" options: 1 (non-blocking), 2 (added delays)\n" \
+ " event=%%d default: 0 (loop)\n" \
+ " options: 1 (level-triggered, implies nbio=1),\n" \
" read_timeout=%%d default: 0 ms (no timeout)\n" \
"\n" \
USAGE_DTLS \
@@ -399,6 +402,7 @@
const char *server_port; /* port on which the ssl service runs */
int debug_level; /* level of debugging */
int nbio; /* should I/O be blocking? */
+ int event; /* loop or event-driven IO? level or edge triggered? */
uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
const char *ca_file; /* the file with the CA certificate(s) */
const char *ca_path; /* the path with the CA certificate(s) reside */
@@ -837,6 +841,56 @@
};
#endif /* MBEDTLS_X509_CRT_PARSE_C */
+/*
+ * Wait for an event from the underlying transport or the timer
+ * (Used in event-driven IO mode).
+ */
+#if !defined(MBEDTLS_TIMING_C)
+int idle( mbedtls_net_context *fd,
+ int idle_reason )
+#else
+int idle( mbedtls_net_context *fd,
+ mbedtls_timing_delay_context *timer,
+ int idle_reason )
+#endif
+{
+ int ret;
+ int poll_type = 0;
+
+ if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE )
+ poll_type = MBEDTLS_NET_POLL_WRITE;
+ else if( idle_reason == MBEDTLS_ERR_SSL_WANT_READ )
+ poll_type = MBEDTLS_NET_POLL_READ;
+#if !defined(MBEDTLS_TIMING_C)
+ else
+ return( 0 );
+#endif
+
+ while( 1 )
+ {
+ /* Check if timer has expired */
+#if defined(MBEDTLS_TIMING_C)
+ if( timer != NULL &&
+ mbedtls_timing_get_delay( timer ) == 2 )
+ {
+ break;
+ }
+#endif /* MBEDTLS_TIMING_C */
+
+ /* Check if underlying transport became available */
+ if( poll_type != 0 )
+ {
+ ret = mbedtls_net_poll( fd, poll_type, 0 );
+ if( ret < 0 )
+ return( ret );
+ if( ret == poll_type )
+ break;
+ }
+ }
+
+ return( 0 );
+}
+
int main( int argc, char *argv[] )
{
int ret = 0, len, written, frags, exchanges_left;
@@ -969,6 +1023,7 @@
opt.server_addr = DFL_SERVER_ADDR;
opt.server_port = DFL_SERVER_PORT;
opt.debug_level = DFL_DEBUG_LEVEL;
+ opt.event = DFL_EVENT;
opt.nbio = DFL_NBIO;
opt.read_timeout = DFL_READ_TIMEOUT;
opt.ca_file = DFL_CA_FILE;
@@ -1047,6 +1102,12 @@
if( opt.nbio < 0 || opt.nbio > 2 )
goto usage;
}
+ else if( strcmp( p, "event" ) == 0 )
+ {
+ opt.event = atoi( q );
+ if( opt.event < 0 || opt.event > 2 )
+ goto usage;
+ }
else if( strcmp( p, "read_timeout" ) == 0 )
opt.read_timeout = atoi( q );
else if( strcmp( p, "ca_file" ) == 0 )
@@ -1088,16 +1149,23 @@
opt.version_suites = q;
else if( strcmp( p, "renegotiation" ) == 0 )
{
- opt.renegotiation = (atoi( q )) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED :
- MBEDTLS_SSL_RENEGOTIATION_DISABLED;
+ opt.renegotiation = (atoi( q )) ?
+ MBEDTLS_SSL_RENEGOTIATION_ENABLED :
+ MBEDTLS_SSL_RENEGOTIATION_DISABLED;
}
else if( strcmp( p, "allow_legacy" ) == 0 )
{
switch( atoi( q ) )
{
- case -1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; break;
- case 0: opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; break;
- case 1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; break;
+ case -1:
+ opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE;
+ break;
+ case 0:
+ opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
+ break;
+ case 1:
+ opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION;
+ break;
default: goto usage;
}
}
@@ -1254,8 +1322,12 @@
{
switch( atoi( q ) )
{
- case 0: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; break;
- case 1: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; break;
+ case 0:
+ opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED;
+ break;
+ case 1:
+ opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
+ break;
default: goto usage;
}
}
@@ -1328,6 +1400,15 @@
goto usage;
}
+ /* Event-driven IO is incompatible with the above custom
+ * receive and send functions, as the polling builds on
+ * refers to the underlying net_context. */
+ if( opt.event == 1 && opt.nbio != 1 )
+ {
+ mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" );
+ opt.nbio = 1;
+ }
+
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold( opt.debug_level );
#endif
@@ -1335,19 +1416,20 @@
if( opt.force_ciphersuite[0] > 0 )
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
- ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
+ ciphersuite_info =
+ mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
if( opt.max_version != -1 &&
ciphersuite_info->min_minor_ver > opt.max_version )
{
- mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
+ mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
ciphersuite_info->max_minor_ver < opt.min_version )
{
- mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
+ mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
goto usage;
}
@@ -1526,11 +1608,12 @@
fflush( stdout );
mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
+ -ret );
goto exit;
}
@@ -1627,7 +1710,7 @@
if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
- -ret );
+ -ret );
goto exit;
}
}
@@ -1645,8 +1728,7 @@
strcmp( opt.key_file2, "none" ) != 0 )
{
#if !defined(MBEDTLS_CERTS_C)
- mbedtls_printf( "Not certificated or key provided, and \n"
- "MBEDTLS_CERTS_C not defined!\n" );
+ mbedtls_printf( "Not certificated or key provided, and \nMBEDTLS_CERTS_C not defined!\n" );
goto exit;
#else
#if defined(MBEDTLS_RSA_C)
@@ -1654,14 +1736,16 @@
(const unsigned char *) mbedtls_test_srv_crt_rsa,
mbedtls_test_srv_crt_rsa_len ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
+ -ret );
goto exit;
}
if( ( ret = mbedtls_pk_parse_key( &pkey,
(const unsigned char *) mbedtls_test_srv_key_rsa,
mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
+ -ret );
goto exit;
}
key_cert_init = 2;
@@ -1671,14 +1755,16 @@
(const unsigned char *) mbedtls_test_srv_crt_ec,
mbedtls_test_srv_crt_ec_len ) ) != 0 )
{
- mbedtls_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n",
+ -ret );
goto exit;
}
if( ( ret = mbedtls_pk_parse_key( &pkey2,
(const unsigned char *) mbedtls_test_srv_key_ec,
mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 )
{
- mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n",
+ -ret );
goto exit;
}
key_cert_init2 = 2;
@@ -2088,8 +2174,8 @@
if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl,
client_ip, cliip_len ) ) != 0 )
{
- mbedtls_printf( " failed\n ! "
- "mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", -ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n",
+ -ret );
goto exit;
}
}
@@ -2117,9 +2203,24 @@
mbedtls_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
- do ret = mbedtls_ssl_handshake( &ssl );
- while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
+ {
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ break;
+
+ /* For event-driven IO, wait for socket to become available */
+ if( opt.event == 1 /* level triggered IO */ )
+ {
+#if defined(MBEDTLS_TIMING_C)
+ ret = idle( &client_fd, &timer, ret );
+#else
+ ret = idle( &client_fd, ret );
+#endif
+ if( ret != 0 )
+ goto reset;
+ }
+ }
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
{
@@ -2225,7 +2326,18 @@
if( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE )
+ {
+ if( opt.event == 1 /* level triggered IO */ )
+ {
+#if defined(MBEDTLS_TIMING_C)
+ idle( &client_fd, &timer, ret );
+#else
+ idle( &client_fd, ret );
+#endif
+ }
+
continue;
+ }
if( ret <= 0 )
{
@@ -2313,9 +2425,40 @@
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
- do ret = mbedtls_ssl_read( &ssl, buf, len );
- while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ while( 1 )
+ {
+ /* Without the call to `mbedtls_ssl_check_pending`, it might
+ * happen that the client sends application data in the same
+ * datagram as the Finished message concluding the handshake.
+ * In this case, the application data would be ready to be
+ * processed while the underlying transport wouldn't signal
+ * any further incoming data.
+ *
+ * See the test 'Event-driven I/O: session-id resume, UDP packing'
+ * in tests/ssl-opt.sh.
+ */
+
+ /* For event-driven IO, wait for socket to become available */
+ if( mbedtls_ssl_check_pending( &ssl ) == 0 &&
+ opt.event == 1 /* level triggered IO */ )
+ {
+#if defined(MBEDTLS_TIMING_C)
+ idle( &client_fd, &timer, MBEDTLS_ERR_SSL_WANT_READ );
+#else
+ idle( &client_fd, MBEDTLS_ERR_SSL_WANT_READ );
+#endif
+ }
+
+ ret = mbedtls_ssl_read( &ssl, buf, len );
+
+ /* Note that even if `mbedtls_ssl_check_pending` returns true,
+ * it can happen that the subsequent call to `mbedtls_ssl_read`
+ * returns `MBEDTLS_ERR_SSL_WANT_READ`, because the pending messages
+ * might be discarded (e.g. because they are retransmissions). */
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ break;
+ }
if( ret <= 0 )
{
@@ -2356,6 +2499,16 @@
mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret );
goto reset;
}
+
+ /* For event-driven IO, wait for socket to become available */
+ if( opt.event == 1 /* level triggered IO */ )
+ {
+#if defined(MBEDTLS_TIMING_C)
+ idle( &client_fd, &timer, ret );
+#else
+ idle( &client_fd, ret );
+#endif
+ }
}
mbedtls_printf( " ok\n" );
@@ -2390,14 +2543,39 @@
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
goto reset;
}
+
+ /* For event-driven IO, wait for socket to become available */
+ if( opt.event == 1 /* level triggered IO */ )
+ {
+#if defined(MBEDTLS_TIMING_C)
+ idle( &client_fd, &timer, ret );
+#else
+ idle( &client_fd, ret );
+#endif
+ }
}
}
}
else /* Not stream, so datagram */
{
- do ret = mbedtls_ssl_write( &ssl, buf, len );
- while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+ while( 1 )
+ {
+ ret = mbedtls_ssl_write( &ssl, buf, len );
+
+ if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE )
+ break;
+
+ /* For event-driven IO, wait for socket to become available */
+ if( opt.event == 1 /* level triggered IO */ )
+ {
+#if defined(MBEDTLS_TIMING_C)
+ idle( &client_fd, &timer, ret );
+#else
+ idle( &client_fd, ret );
+#endif
+ }
+ }
if( ret < 0 )
{
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 0ed7145..0c5ce27 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -22,6 +22,9 @@
add_executable(udp_proxy udp_proxy.c)
target_link_libraries(udp_proxy ${libs})
+add_executable(zeroize zeroize.c)
+target_link_libraries(zeroize ${libs})
+
install(TARGETS selftest benchmark ssl_cert_test udp_proxy
DESTINATION "bin"
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 2864caf..cecf3e3 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -658,13 +658,13 @@
if( todo.dhm )
{
int dhm_sizes[] = { 2048, 3072 };
- const unsigned char dhm_P_2048[] =
+ static const unsigned char dhm_P_2048[] =
MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
- const unsigned char dhm_P_3072[] =
+ static const unsigned char dhm_P_3072[] =
MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN;
- const unsigned char dhm_G_2048[] =
+ static const unsigned char dhm_G_2048[] =
MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN;
- const unsigned char dhm_G_3072[] =
+ static const unsigned char dhm_G_3072[] =
MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN;
const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 };
@@ -766,9 +766,16 @@
if( todo.ecdh )
{
mbedtls_ecdh_context ecdh;
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
mbedtls_mpi z;
+ const mbedtls_ecp_curve_info montgomery_curve_list[] = {
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+ { MBEDTLS_ECP_DP_CURVE25519, 0, 0, "Curve25519" },
#endif
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+ { MBEDTLS_ECP_DP_CURVE448, 0, 0, "Curve448" },
+#endif
+ { MBEDTLS_ECP_DP_NONE, 0, 0, 0 }
+ };
const mbedtls_ecp_curve_info *curve_info;
size_t olen;
@@ -797,27 +804,32 @@
mbedtls_ecdh_free( &ecdh );
}
- /* Curve25519 needs to be handled separately */
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
- mbedtls_ecdh_init( &ecdh );
- mbedtls_mpi_init( &z );
-
- if( mbedtls_ecp_group_load( &ecdh.grp, MBEDTLS_ECP_DP_CURVE25519 ) != 0 ||
- mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL ) != 0 )
+ /* Montgomery curves need to be handled separately */
+ for ( curve_info = montgomery_curve_list;
+ curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+ curve_info++ )
{
- mbedtls_exit( 1 );
+ mbedtls_ecdh_init( &ecdh );
+ mbedtls_mpi_init( &z );
+
+ if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 ||
+ mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL ) != 0 )
+ {
+ mbedtls_exit( 1 );
+ }
+
+ mbedtls_snprintf( title, sizeof(title), "ECDHE-%s",
+ curve_info->name );
+ TIME_PUBLIC( title, "handshake",
+ ret |= mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q,
+ myrand, NULL );
+ ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
+ myrand, NULL ) );
+
+ mbedtls_ecdh_free( &ecdh );
+ mbedtls_mpi_free( &z );
}
- TIME_PUBLIC( "ECDHE-Curve25519", "handshake",
- ret |= mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q,
- myrand, NULL );
- ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
- myrand, NULL ) );
-
- mbedtls_ecdh_free( &ecdh );
- mbedtls_mpi_free( &z );
-#endif
-
for( curve_info = mbedtls_ecp_curve_list();
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
curve_info++ )
@@ -843,26 +855,31 @@
mbedtls_ecdh_free( &ecdh );
}
- /* Curve25519 needs to be handled separately */
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
- mbedtls_ecdh_init( &ecdh );
- mbedtls_mpi_init( &z );
-
- if( mbedtls_ecp_group_load( &ecdh.grp, MBEDTLS_ECP_DP_CURVE25519 ) != 0 ||
- mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp,
- myrand, NULL ) != 0 ||
- mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL ) != 0 )
+ /* Montgomery curves need to be handled separately */
+ for ( curve_info = montgomery_curve_list;
+ curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+ curve_info++)
{
- mbedtls_exit( 1 );
+ mbedtls_ecdh_init( &ecdh );
+ mbedtls_mpi_init( &z );
+
+ if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 ||
+ mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp,
+ myrand, NULL ) != 0 ||
+ mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL ) != 0 )
+ {
+ mbedtls_exit( 1 );
+ }
+
+ mbedtls_snprintf( title, sizeof(title), "ECDH-%s",
+ curve_info->name );
+ TIME_PUBLIC( title, "handshake",
+ ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
+ myrand, NULL ) );
+
+ mbedtls_ecdh_free( &ecdh );
+ mbedtls_mpi_free( &z );
}
-
- TIME_PUBLIC( "ECDH-Curve25519", "handshake",
- ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
- myrand, NULL ) );
-
- mbedtls_ecdh_free( &ecdh );
- mbedtls_mpi_free( &z );
-#endif
}
#endif
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 20624d2..5797f3d 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -53,6 +53,7 @@
#include "mbedtls/net_sockets.h"
#include "mbedtls/error.h"
#include "mbedtls/ssl.h"
+#include "mbedtls/timing.h"
#include <string.h>
@@ -74,17 +75,21 @@
#include <unistd.h>
#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
-/* For gettimeofday() */
-#if !defined(_WIN32)
-#include <sys/time.h>
-#endif
-
#define MAX_MSG_SIZE 16384 + 2048 /* max record/datagram size */
#define DFL_SERVER_ADDR "localhost"
#define DFL_SERVER_PORT "4433"
#define DFL_LISTEN_ADDR "localhost"
#define DFL_LISTEN_PORT "5556"
+#define DFL_PACK 0
+
+#if defined(MBEDTLS_TIMING_C)
+#define USAGE_PACK \
+ " pack=%%d default: 0 (don't pack)\n" \
+ " options: t > 0 (pack for t milliseconds)\n"
+#else
+#define USAGE_PACK
+#endif
#define USAGE \
"\n usage: udp_proxy param=<>...\n" \
@@ -105,9 +110,10 @@
" drop packets larger than N bytes\n" \
" bad_ad=0/1 default: 0 (don't add bad ApplicationData)\n" \
" protect_hvr=0/1 default: 0 (don't protect HelloVerifyRequest)\n" \
- " protect_len=%%d default: (don't protect packets of this size)\n" \
+ " protect_len=%%d default: (don't protect packets of this size)\n" \
"\n" \
" seed=%%d default: (use current time)\n" \
+ USAGE_PACK \
"\n"
/*
@@ -128,7 +134,8 @@
int bad_ad; /* inject corrupted ApplicationData record */
int protect_hvr; /* never drop or delay HelloVerifyRequest */
int protect_len; /* never drop/delay packet of the given size*/
-
+ unsigned pack; /* merge packets into single datagram for
+ * at most \c merge milliseconds if > 0 */
unsigned int seed; /* seed for "random" events */
} opt;
@@ -152,6 +159,7 @@
opt.server_port = DFL_SERVER_PORT;
opt.listen_addr = DFL_LISTEN_ADDR;
opt.listen_port = DFL_LISTEN_PORT;
+ opt.pack = DFL_PACK;
/* Other members default to 0 */
for( i = 1; i < argc; i++ )
@@ -193,6 +201,15 @@
if( opt.drop < 0 || opt.drop > 20 || opt.drop == 1 )
exit_usage( p, q );
}
+ else if( strcmp( p, "pack" ) == 0 )
+ {
+#if defined(MBEDTLS_TIMING_C)
+ opt.pack = (unsigned) atoi( q );
+#else
+ mbedtls_printf( " option pack only defined if MBEDTLS_TIMING_C is enabled\n" );
+ exit( 1 );
+#endif
+ }
else if( strcmp( p, "mtu" ) == 0 )
{
opt.mtu = atoi( q );
@@ -267,25 +284,122 @@
}
}
+#if defined(MBEDTLS_TIMING_C)
/* Return elapsed time in milliseconds since the first call */
-static unsigned long ellapsed_time( void )
+static unsigned ellapsed_time( void )
{
-#if defined(_WIN32)
- return( 0 );
-#else
- static struct timeval ref = { 0, 0 };
- struct timeval now;
+ static int initialized = 0;
+ static struct mbedtls_timing_hr_time hires;
- if( ref.tv_sec == 0 && ref.tv_usec == 0 )
+ if( initialized == 0 )
{
- gettimeofday( &ref, NULL );
+ (void) mbedtls_timing_get_timer( &hires, 1 );
+ initialized = 1;
return( 0 );
}
- gettimeofday( &now, NULL );
- return( 1000 * ( now.tv_sec - ref.tv_sec )
- + ( now.tv_usec - ref.tv_usec ) / 1000 );
-#endif
+ return( mbedtls_timing_get_timer( &hires, 0 ) );
+}
+
+typedef struct
+{
+ mbedtls_net_context *ctx;
+
+ const char *description;
+
+ unsigned packet_lifetime;
+ unsigned num_datagrams;
+
+ unsigned char data[MAX_MSG_SIZE];
+ size_t len;
+
+} ctx_buffer;
+
+static ctx_buffer outbuf[2];
+
+static int ctx_buffer_flush( ctx_buffer *buf )
+{
+ int ret;
+
+ mbedtls_printf( " %05u flush %s: %u bytes, %u datagrams, last %u ms\n",
+ ellapsed_time(), buf->description,
+ (unsigned) buf->len, buf->num_datagrams,
+ ellapsed_time() - buf->packet_lifetime );
+
+ ret = mbedtls_net_send( buf->ctx, buf->data, buf->len );
+
+ buf->len = 0;
+ buf->num_datagrams = 0;
+
+ return( ret );
+}
+
+static unsigned ctx_buffer_time_remaining( ctx_buffer *buf )
+{
+ unsigned const cur_time = ellapsed_time();
+
+ if( buf->num_datagrams == 0 )
+ return( (unsigned) -1 );
+
+ if( cur_time - buf->packet_lifetime >= opt.pack )
+ return( 0 );
+
+ return( opt.pack - ( cur_time - buf->packet_lifetime ) );
+}
+
+static int ctx_buffer_append( ctx_buffer *buf,
+ const unsigned char * data,
+ size_t len )
+{
+ int ret;
+
+ if( len > (size_t) INT_MAX )
+ return( -1 );
+
+ if( len > sizeof( buf->data ) )
+ {
+ mbedtls_printf( " ! buffer size %u too large (max %u)\n",
+ (unsigned) len, (unsigned) sizeof( buf->data ) );
+ return( -1 );
+ }
+
+ if( sizeof( buf->data ) - buf->len < len )
+ {
+ if( ( ret = ctx_buffer_flush( buf ) ) <= 0 )
+ return( ret );
+ }
+
+ memcpy( buf->data + buf->len, data, len );
+
+ buf->len += len;
+ if( ++buf->num_datagrams == 1 )
+ buf->packet_lifetime = ellapsed_time();
+
+ return( (int) len );
+}
+#endif /* MBEDTLS_TIMING_C */
+
+static int dispatch_data( mbedtls_net_context *ctx,
+ const unsigned char * data,
+ size_t len )
+{
+#if defined(MBEDTLS_TIMING_C)
+ ctx_buffer *buf = NULL;
+ if( opt.pack > 0 )
+ {
+ if( outbuf[0].ctx == ctx )
+ buf = &outbuf[0];
+ else if( outbuf[1].ctx == ctx )
+ buf = &outbuf[1];
+
+ if( buf == NULL )
+ return( -1 );
+
+ return( ctx_buffer_append( buf, data, len ) );
+ }
+#endif /* MBEDTLS_TIMING_C */
+
+ return( mbedtls_net_send( ctx, data, len ) );
}
typedef struct
@@ -300,12 +414,22 @@
/* Print packet. Outgoing packets come with a reason (forward, dupl, etc.) */
void print_packet( const packet *p, const char *why )
{
+#if defined(MBEDTLS_TIMING_C)
if( why == NULL )
- mbedtls_printf( " %05lu %s %s (%u bytes)\n",
+ mbedtls_printf( " %05u dispatch %s %s (%u bytes)\n",
ellapsed_time(), p->way, p->type, p->len );
else
- mbedtls_printf( " %s %s (%u bytes): %s\n",
+ mbedtls_printf( " %05u dispatch %s %s (%u bytes): %s\n",
+ ellapsed_time(), p->way, p->type, p->len, why );
+#else
+ if( why == NULL )
+ mbedtls_printf( " dispatch %s %s (%u bytes)\n",
+ p->way, p->type, p->len );
+ else
+ mbedtls_printf( " dispatch %s %s (%u bytes): %s\n",
p->way, p->type, p->len, why );
+#endif
+
fflush( stdout );
}
@@ -320,20 +444,28 @@
{
unsigned char buf[MAX_MSG_SIZE];
memcpy( buf, p->buf, p->len );
- ++buf[p->len - 1];
- print_packet( p, "corrupted" );
- if( ( ret = mbedtls_net_send( dst, buf, p->len ) ) <= 0 )
+ if( p->len <= 13 )
{
- mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret );
+ mbedtls_printf( " ! can't corrupt empty AD record" );
+ }
+ else
+ {
+ ++buf[13];
+ print_packet( p, "corrupted" );
+ }
+
+ if( ( ret = dispatch_data( dst, buf, p->len ) ) <= 0 )
+ {
+ mbedtls_printf( " ! dispatch returned %d\n", ret );
return( ret );
}
}
print_packet( p, why );
- if( ( ret = mbedtls_net_send( dst, p->buf, p->len ) ) <= 0 )
+ if( ( ret = dispatch_data( dst, p->buf, p->len ) ) <= 0 )
{
- mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret );
+ mbedtls_printf( " ! dispatch returned %d\n", ret );
return( ret );
}
@@ -344,9 +476,9 @@
{
print_packet( p, "duplicated" );
- if( ( ret = mbedtls_net_send( dst, p->buf, p->len ) ) <= 0 )
+ if( ( ret = dispatch_data( dst, p->buf, p->len ) ) <= 0 )
{
- mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret );
+ mbedtls_printf( " ! dispatch returned %d\n", ret );
return( ret );
}
}
@@ -472,6 +604,12 @@
mbedtls_net_context listen_fd, client_fd, server_fd;
+#if defined( MBEDTLS_TIMING_C )
+ struct timeval tm;
+#endif
+
+ struct timeval *tm_ptr = NULL;
+
int nb_fds;
fd_set read_fds;
@@ -560,14 +698,65 @@
nb_fds = listen_fd.fd;
++nb_fds;
+#if defined(MBEDTLS_TIMING_C)
+ if( opt.pack > 0 )
+ {
+ outbuf[0].ctx = &server_fd;
+ outbuf[0].description = "S <- C";
+ outbuf[0].num_datagrams = 0;
+ outbuf[0].len = 0;
+
+ outbuf[1].ctx = &client_fd;
+ outbuf[1].description = "S -> C";
+ outbuf[1].num_datagrams = 0;
+ outbuf[1].len = 0;
+ }
+#endif /* MBEDTLS_TIMING_C */
+
while( 1 )
{
+#if defined(MBEDTLS_TIMING_C)
+ if( opt.pack > 0 )
+ {
+ unsigned max_wait_server, max_wait_client, max_wait;
+ max_wait_server = ctx_buffer_time_remaining( &outbuf[0] );
+ max_wait_client = ctx_buffer_time_remaining( &outbuf[1] );
+
+ max_wait = (unsigned) -1;
+
+ if( max_wait_server == 0 )
+ ctx_buffer_flush( &outbuf[0] );
+ else
+ max_wait = max_wait_server;
+
+ if( max_wait_client == 0 )
+ ctx_buffer_flush( &outbuf[1] );
+ else
+ {
+ if( max_wait_client < max_wait )
+ max_wait = max_wait_client;
+ }
+
+ if( max_wait != (unsigned) -1 )
+ {
+ tm.tv_sec = max_wait / 1000;
+ tm.tv_usec = ( max_wait % 1000 ) * 1000;
+
+ tm_ptr = &tm;
+ }
+ else
+ {
+ tm_ptr = NULL;
+ }
+ }
+#endif /* MBEDTLS_TIMING_C */
+
FD_ZERO( &read_fds );
FD_SET( server_fd.fd, &read_fds );
FD_SET( client_fd.fd, &read_fds );
FD_SET( listen_fd.fd, &read_fds );
- if( ( ret = select( nb_fds, &read_fds, NULL, NULL, NULL ) ) <= 0 )
+ if( ( ret = select( nb_fds, &read_fds, NULL, NULL, tm_ptr ) ) < 0 )
{
perror( "select" );
goto exit;
@@ -589,6 +778,7 @@
&client_fd, &server_fd ) ) != 0 )
goto accept;
}
+
}
exit:
diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh
new file mode 100755
index 0000000..29033d5
--- /dev/null
+++ b/programs/test/udp_proxy_wrapper.sh
@@ -0,0 +1,117 @@
+#!/bin/sh
+# -*-sh-basic-offset: 4-*-
+# Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...]
+
+set -u
+
+MBEDTLS_BASE="$(dirname -- "$0")/../.."
+TPXY_BIN="$MBEDTLS_BASE/programs/test/udp_proxy"
+SRV_BIN="$MBEDTLS_BASE/programs/ssl/ssl_server2"
+
+: ${VERBOSE:=0}
+
+stop_proxy() {
+ if [ -n "${tpxy_pid:-}" ]; then
+ echo
+ echo " * Killing proxy (pid $tpxy_pid) ..."
+ kill $tpxy_pid
+ fi
+}
+
+stop_server() {
+ if [ -n "${srv_pid:-}" ]; then
+ echo
+ echo " * Killing server (pid $srv_pid) ..."
+ kill $srv_pid >/dev/null 2>/dev/null
+ fi
+}
+
+cleanup() {
+ stop_server
+ stop_proxy
+ exit 129
+}
+
+trap cleanup INT TERM HUP
+
+# Extract the proxy parameters
+tpxy_cmd_snippet='"$TPXY_BIN"'
+while [ $# -ne 0 ] && [ "$1" != "--" ]; do
+ tail="$1" quoted=""
+ while [ -n "$tail" ]; do
+ case "$tail" in
+ *\'*) quoted="${quoted}${tail%%\'*}'\\''" tail="${tail#*\'}";;
+ *) quoted="${quoted}${tail}"; tail=; false;;
+ esac
+ done
+ tpxy_cmd_snippet="$tpxy_cmd_snippet '$quoted'"
+ shift
+done
+unset tail quoted
+if [ $# -eq 0 ]; then
+ echo " * No server arguments (must be preceded by \" -- \") - exit"
+ exit 3
+fi
+shift
+
+dtls_enabled=
+ipv6_in_use=
+server_port_orig=
+server_addr_orig=
+for param; do
+ case "$param" in
+ server_port=*) server_port_orig="${param#*=}";;
+ server_addr=*:*) server_addr_orig="${param#*=}"; ipv6_in_use=1;;
+ server_addr=*) server_addr_orig="${param#*=}";;
+ dtls=[!0]*) dtls_enabled=1;;
+ esac
+done
+
+if [ -z "$dtls_enabled" ] || [ -n "$ipv6_in_use" ]; then
+ echo >&2 "$0: Couldn't find DTLS enabling, or IPv6 is in use - immediate fallback to server application..."
+ if [ $VERBOSE -gt 0 ]; then
+ echo "[ $SRV_BIN $* ]"
+ fi
+ exec "$SRV_BIN" "$@"
+fi
+
+if [ -z "$server_port_orig" ]; then
+ server_port_orig=4433
+fi
+echo " * Server port: $server_port_orig"
+tpxy_cmd_snippet="$tpxy_cmd_snippet \"listen_port=\$server_port_orig\""
+tpxy_cmd_snippet="$tpxy_cmd_snippet \"server_port=\$server_port\""
+
+if [ -n "$server_addr_orig" ]; then
+ echo " * Server address: $server_addr_orig"
+ tpxy_cmd_snippet="$tpxy_cmd_snippet \"server_addr=\$server_addr_orig\""
+ tpxy_cmd_snippet="$tpxy_cmd_snippet \"listen_addr=\$server_addr_orig\""
+fi
+
+server_port=$(( server_port_orig + 1 ))
+set -- "$@" "server_port=$server_port"
+echo " * Intermediate port: $server_port"
+
+echo " * Start proxy in background ..."
+if [ $VERBOSE -gt 0 ]; then
+ echo "[ $tpxy_cmd_snippet ]"
+fi
+eval exec "$tpxy_cmd_snippet" >/dev/null 2>&1 &
+tpxy_pid=$!
+
+if [ $VERBOSE -gt 0 ]; then
+ echo " * Proxy ID: $TPXY_PID"
+fi
+
+echo " * Starting server ..."
+if [ $VERBOSE -gt 0 ]; then
+ echo "[ $SRV_BIN $* ]"
+fi
+
+exec "$SRV_BIN" "$@" >&2 &
+srv_pid=$!
+
+wait $srv_pid
+
+stop_proxy
+return 0
diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c
new file mode 100644
index 0000000..252438b
--- /dev/null
+++ b/programs/test/zeroize.c
@@ -0,0 +1,101 @@
+/*
+ * Zeroize application for debugger-driven testing
+ *
+ * This is a simple test application used for debugger-driven testing to check
+ * whether calls to mbedtls_platform_zeroize() are being eliminated by compiler
+ * optimizations. This application is used by the GDB script at
+ * tests/scripts/test_zeroize.gdb under the assumption that the code does not
+ * change often (as opposed to the library code) because the script sets a
+ * breakpoint at the last return statement in the main() function of this
+ * program. The debugger facilities are then used to manually inspect the
+ * memory and verify that the call to mbedtls_platform_zeroize() was not
+ * eliminated.
+ *
+ * Copyright (C) 2018, Arm Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stdio.h>
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_printf printf
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif
+
+#include "mbedtls/platform_util.h"
+
+#define BUFFER_LEN 1024
+
+void usage( void )
+{
+ mbedtls_printf( "Zeroize is a simple program to assist with testing\n" );
+ mbedtls_printf( "the mbedtls_platform_zeroize() function by using the\n" );
+ mbedtls_printf( "debugger. This program takes a file as input and\n" );
+ mbedtls_printf( "prints the first %d characters. Usage:\n\n", BUFFER_LEN );
+ mbedtls_printf( " zeroize <FILE>\n" );
+}
+
+int main( int argc, char** argv )
+{
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ FILE *fp;
+ char buf[BUFFER_LEN];
+ char *p = buf;
+ char *end = p + BUFFER_LEN;
+ char c;
+
+ if( argc != 2 )
+ {
+ mbedtls_printf( "This program takes exactly 1 agument\n" );
+ usage();
+ return( exit_code );
+ }
+
+ fp = fopen( argv[1], "r" );
+ if( fp == NULL )
+ {
+ mbedtls_printf( "Could not open file '%s'\n", argv[1] );
+ return( exit_code );
+ }
+
+ while( ( c = fgetc( fp ) ) != EOF && p < end - 1 )
+ *p++ = c;
+ *p = '\0';
+
+ if( p - buf != 0 )
+ {
+ mbedtls_printf( "%s\n", buf );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+ }
+ else
+ mbedtls_printf( "The file is empty!\n" );
+
+ fclose( fp );
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
+
+ return( exit_code );
+}
diff --git a/scripts/config.pl b/scripts/config.pl
index 76ca470..5bf2785 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -17,7 +17,7 @@
#
# Full usage description provided below.
#
-# Things that shouldn't be enabled with "full".
+# The following options are disabled instead of enabled with "full".
#
# MBEDTLS_TEST_NULL_ENTROPY
# MBEDTLS_DEPRECATED_REMOVED
@@ -30,6 +30,7 @@
# MBEDTLS_NO_PLATFORM_ENTROPY
# MBEDTLS_REMOVE_ARC4_CIPHERSUITES
# MBEDTLS_SSL_HW_RECORD_ACCEL
+# MBEDTLS_RSA_NO_CRT
# MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
# MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
# - this could be enabled if the respective tests were adapted
@@ -86,6 +87,7 @@
MBEDTLS_ECP_DP_M511_ENABLED
MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
MBEDTLS_NO_PLATFORM_ENTROPY
+MBEDTLS_RSA_NO_CRT
MBEDTLS_REMOVE_ARC4_CIPHERSUITES
MBEDTLS_SSL_HW_RECORD_ACCEL
MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
diff --git a/scripts/footprint.sh b/scripts/footprint.sh
index d38e50a..c08ef1c 100755
--- a/scripts/footprint.sh
+++ b/scripts/footprint.sh
@@ -11,7 +11,6 @@
#
# Configurations included:
# default include/mbedtls/config.h
-# yotta yotta/module/mbedtls/config.h
# thread configs/config-thread.h
# suite-b configs/config-suite-b.h
# psk configs/config-ccm-psk-tls1_2.h
@@ -102,11 +101,7 @@
log "$( arm-none-eabi-gcc --version | head -n1 )"
log "CFLAGS=$ARMGCC_FLAGS"
-# creates the yotta config
-yotta/create-module.sh >/dev/null
-
doit default include/mbedtls/config.h
-doit yotta yotta/module/mbedtls/config.h
doit thread configs/config-thread.h
doit suite-b configs/config-suite-b.h
doit psk configs/config-ccm-psk-tls1_2.h
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index 59618d4..ac0fbff 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -47,7 +47,14 @@
$/ = $line_separator;
-open(GREP, "grep \"define MBEDTLS_ERR_\" $include_dir/* |") || die("Failure when calling grep: $!");
+my @files = <$include_dir/*.h>;
+my @matches;
+foreach my $file (@files) {
+ open(FILE, "$file");
+ my @grep_res = grep(/^\s*#define\s+MBEDTLS_ERR_\w+\s+\-0x[0-9A-Fa-f]+/, <FILE>);
+ push(@matches, @grep_res);
+ close FILE;
+}
my $ll_old_define = "";
my $hl_old_define = "";
@@ -59,7 +66,8 @@
my %error_codes_seen;
-while (my $line = <GREP>)
+
+foreach my $line (@matches)
{
next if ($line =~ /compat-1.2.h/);
my ($error_name, $error_code) = $line =~ /(MBEDTLS_ERR_\w+)\s+\-(0x\w+)/;
diff --git a/scripts/output_env.sh b/scripts/output_env.sh
index 1afaac3..e9ad8c5 100755
--- a/scripts/output_env.sh
+++ b/scripts/output_env.sh
@@ -47,13 +47,15 @@
print_version "uname" "-a" ""
echo
-: ${ARMC5_CC:=armcc}
-print_version "$ARMC5_CC" "--vsn" "armcc not found!" "head -n 2"
-echo
+if [ "${RUN_ARMCC:-1}" -ne 0 ]; then
+ : "${ARMC5_CC:=armcc}"
+ print_version "$ARMC5_CC" "--vsn" "armcc not found!" "head -n 2"
+ echo
-: ${ARMC6_CC:=armclang}
-print_version "$ARMC6_CC" "--vsn" "armclang not found!" "head -n 2"
-echo
+ : "${ARMC6_CC:=armclang}"
+ print_version "$ARMC6_CC" "--vsn" "armclang not found!" "head -n 2"
+ echo
+fi
print_version "arm-none-eabi-gcc" "--version" "gcc-arm not found!" "head -n 1"
echo
diff --git a/tests/Makefile b/tests/Makefile
index 4787f25..d85617f 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -35,7 +35,7 @@
SHARED_SUFFIX=.$(DLEXT)
endif
else
-DLEXT=so
+DLEXT ?= so
EXEXT=
SHARED_SUFFIX=
endif
diff --git a/tests/compat.sh b/tests/compat.sh
index 672bdab..34e38f1 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -1087,7 +1087,7 @@
cp $CLI_OUT c-cli-${TESTS}.log
echo " ! outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log"
- if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot ]; then
+ if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
echo " ! server output:"
cat c-srv-${TESTS}.log
echo " ! ==================================================="
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 0380633..4a24352 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -12,6 +12,7 @@
## Tools
OPENSSL ?= openssl
+FAKETIME ?= faketime
MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write
## Build the generated test data. Note that since the final outputs
@@ -46,6 +47,40 @@
$(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.csr -out $@
all_final += test-ca-sha256.crt
+test_ca_key_file_rsa_alt = test-ca-alt.key
+
+$(test_ca_key_file_rsa_alt):
+ $(OPENSSL) genrsa -out $@ 2048
+test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file)
+ $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
+all_intermediate += test-ca-alt.csr
+test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr
+ $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@
+all_final += test-ca-alt.crt
+test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt
+ cat test-ca-alt.crt test-ca-sha256.crt > $@
+all_final += test-ca-alt-good.crt
+test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt
+ cat test-ca-sha256.crt test-ca-alt.crt > $@
+all_final += test-ca-good-alt.crt
+
+test_ca_crt_file_ec = test-ca2.crt
+test_ca_key_file_ec = test-ca2.key
+
+test-int-ca.csr: test-int-ca.key $(test_ca_config_file)
+ $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@
+all_intermediate += test-int-ca.csr
+test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr
+ $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
+all_final += test-int-ca-exp.crt
+
+crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
+ $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@
+all_final += crl-idp.pem
+crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
+ $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@
+all_final += crl-idpnc.pem
+
cli_crt_key_file_rsa = cli-rsa.key
cli_crt_extensions_file = cli.opensslconf
@@ -66,6 +101,33 @@
$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@
all_final += server2-sha256.crt
+test_ca_int_rsa1 = test-int-ca.crt
+
+server7.csr: server7.key
+ $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
+all_intermediate += server7.csr
+server7-expired.crt: server7.csr $(test_ca_int_rsa1)
+ $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
+all_final += server7-expired.crt
+server7-future.crt: server7.csr $(test_ca_int_rsa1)
+ $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
+all_final += server7-future.crt
+server7-badsign.crt: server7.crt $(test_ca_int_rsa1)
+ { head -n-2 server7.crt; tail -n-2 server7.crt | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat test-int-ca.crt; } > server7-badsign.crt
+all_final += server7-badsign.crt
+server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt
+ cat server7.crt test-int-ca-exp.crt > $@
+all_final += server7_int-ca-exp.crt
+
+server5-ss-expired.crt: server5.key
+ $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@
+all_final += server5-ss-expired.crt
+
+# try to forge a copy of test-int-ca3 with different key
+server5-ss-forgeca.crt: server5.key
+ $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@
+all_final += server5-ss-forgeca.crt
+
rsa_pkcs1_2048_public.pem: server8.key
$(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@
all_final += rsa_pkcs1_2048_public.pem
@@ -571,7 +633,86 @@
### Generate all RSA keys
keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
+################################################################
+#### Generate various EC keys
+################################################################
+###
+### PKCS8 encoded
+###
+
+ec_prv.pk8.der:
+ $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER
+all_final += ec_prv.pk8.der
+
+# ### Instructions for creating `ec_prv.pk8nopub.der`,
+# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from
+# ### `ec_prv.pk8.der`.
+#
+# These instructions assume you are familiar with ASN.1 DER encoding and can
+# use a hex editor to manipulate DER.
+#
+# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
+#
+# PrivateKeyInfo ::= SEQUENCE {
+# version Version,
+# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
+# privateKey PrivateKey,
+# attributes [0] IMPLICIT Attributes OPTIONAL
+# }
+#
+# AlgorithmIdentifier ::= SEQUENCE {
+# algorithm OBJECT IDENTIFIER,
+# parameters ANY DEFINED BY algorithm OPTIONAL
+# }
+#
+# ECParameters ::= CHOICE {
+# namedCurve OBJECT IDENTIFIER
+# -- implicitCurve NULL
+# -- specifiedCurve SpecifiedECDomain
+# }
+#
+# ECPrivateKey ::= SEQUENCE {
+# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+# privateKey OCTET STRING,
+# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+# publicKey [1] BIT STRING OPTIONAL
+# }
+#
+# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following
+# fields:
+#
+# * privateKeyAlgorithm namedCurve
+# * privateKey.parameters NOT PRESENT
+# * privateKey.publicKey PRESENT
+# * attributes NOT PRESENT
+#
+# # ec_prv.pk8nopub.der
+#
+# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`.
+#
+# # ec_prv.pk8nopubparam.der
+#
+# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as
+# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
+#
+# # ec_prv.pk8param.der
+#
+# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as
+# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
+
+ec_prv.pk8.pem: ec_prv.pk8.der
+ $(OPENSSL) pkey -in $< -inform DER -out $@
+all_final += ec_prv.pk8.pem
+ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der
+ $(OPENSSL) pkey -in $< -inform DER -out $@
+all_final += ec_prv.pk8nopub.pem
+ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der
+ $(OPENSSL) pkey -in $< -inform DER -out $@
+all_final += ec_prv.pk8nopubparam.pem
+ec_prv.pk8param.pem: ec_prv.pk8param.der
+ $(OPENSSL) pkey -in $< -inform DER -out $@
+all_final += ec_prv.pk8param.pem
################################################################
### Generate certificates for CRT write check tests
diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt
index 60b0fd4..b56346a 100644
--- a/tests/data_files/Readme-x509.txt
+++ b/tests/data_files/Readme-x509.txt
@@ -74,10 +74,12 @@
- server7*.crt: I1 E L P1*: EC signed by RSA signed by EC
*P1 except 7.crt, P2 _int-ca_ca2.crt
*_space: with PEM error(s)
+ _spurious: has spurious cert in its chain (S7 + I2 + I1)
- server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2)
- server9*.crt: 1 R C* L P1*: signed using RSASSA-PSS
*CRL for: 9.crt, -badsign, -with-ca (P1)
- server10*.crt: I3 E L P2/P3
+ _spurious: S10 + I3 + I1(spurious) + I2
Certificate revocation lists
----------------------------
diff --git a/tests/data_files/crl-idp.pem b/tests/data_files/crl-idp.pem
new file mode 100644
index 0000000..a229e7d
--- /dev/null
+++ b/tests/data_files/crl-idp.pem
@@ -0,0 +1,12 @@
+-----BEGIN X509 CRL-----
+MIIBszCBnAIBATANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UE
+ChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTE4MDMxNDA3
+MzE0OFoXDTI4MDMxNDA3MzE0OFqgLTArMCkGA1UdHAEB/wQfMB2gG6AZhhdodHRw
+Oi8vcGtpLmV4YW1wbGUuY29tLzANBgkqhkiG9w0BAQsFAAOCAQEAs/vp1Ybq9Lj/
+YM+O2uBqhRNdt494GYSYcZcltbQDwLgDwsFQ9S+q5zBtanhxiF3C6dyDoWS6xyY3
+dkdO9kK2YAQLNaFBCsKRrI9vGKuF5/1uIr0a8cQcqVzyRI9uK0KgGEk9/APGtqob
+nj/nt2ryGC+yEh20FmvwFn1vN5xaWK3uUIJCNDTZe+KQn150iAU/mWZG2xDdSXgm
+JtpTrY6toBgTwDGyus2wIDvAF6rBc1lRoR0BPuTR1fcUPMvr8jceZqG+xuH+vmkU
+j1B4Tu+K27ZmZMlhltfgwLzcgH9Ee1TgWPN2QqMzeZW/vNMyIIvWAWk2cFyCJj6r
+16/9upL64w==
+-----END X509 CRL-----
diff --git a/tests/data_files/crl-idpnc.pem b/tests/data_files/crl-idpnc.pem
new file mode 100644
index 0000000..0ebe480
--- /dev/null
+++ b/tests/data_files/crl-idpnc.pem
@@ -0,0 +1,12 @@
+-----BEGIN X509 CRL-----
+MIIBsDCBmQIBATANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UE
+ChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTE4MDMxNDEx
+MTQzNloXDTI4MDMxNDExMTQzNlqgKjAoMCYGA1UdHAQfMB2gG6AZhhdodHRwOi8v
+cGtpLmV4YW1wbGUuY29tLzANBgkqhkiG9w0BAQsFAAOCAQEACsszsNwAMkmUrbti
+H1wpWN3LIb32MTZkBWZeFWWQ1MyzSFslgnOcu6tesJuTQJVJMGCSXZv7jkVHeeiK
+x+BAoHCrR2aRVPbmiaP43Qp/dFOOfHVMM/VVWmuEYuCQaCAeVLQgGbgAYHE9aHQN
+vBg8m7NJ95av2svLHMFIhirZlKWsAXM+aCyzoudEIhrP4Ppwt01SCtDl5gyg1Gkd
+B3wuOckjTk0xwXdlOSMH9o0SD2fkc41AFDqOZTK2NTQzNChDNFbKXl8sr9SavJCm
+k72l7wNJs6UOEhQMygyXEvqp8JbIi9JI+3TD4z4wUt0EnPkw0U48grLXFhjwBLWi
+cxyjQQ==
+-----END X509 CRL-----
diff --git a/tests/data_files/ec_prv.noopt.der b/tests/data_files/ec_prv.pk8nopub.der
similarity index 100%
rename from tests/data_files/ec_prv.noopt.der
rename to tests/data_files/ec_prv.pk8nopub.der
Binary files differ
diff --git a/tests/data_files/ec_prv.pk8nopub.pem b/tests/data_files/ec_prv.pk8nopub.pem
new file mode 100644
index 0000000..0ec5272
--- /dev/null
+++ b/tests/data_files/ec_prv.pk8nopub.pem
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDH78XUX+cxmTPQ1hVkYbu3VvBc9c82
+EyGKaGvkAo1Pkw==
+-----END PRIVATE KEY-----
diff --git a/tests/data_files/ec_prv.pk8nopubparam.der b/tests/data_files/ec_prv.pk8nopubparam.der
new file mode 100644
index 0000000..70d30fb
--- /dev/null
+++ b/tests/data_files/ec_prv.pk8nopubparam.der
Binary files differ
diff --git a/tests/data_files/ec_prv.pk8nopubparam.pem b/tests/data_files/ec_prv.pk8nopubparam.pem
new file mode 100644
index 0000000..5c910c9
--- /dev/null
+++ b/tests/data_files/ec_prv.pk8nopubparam.pem
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+ME0CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEMzAxAgEBBCDH78XUX+cxmTPQ1hVkYbu3VvBc9c82
+EyGKaGvkAo1Pk6AKBggqhkjOPQMBBw==
+-----END PRIVATE KEY-----
diff --git a/tests/data_files/ec_prv.pk8param.der b/tests/data_files/ec_prv.pk8param.der
new file mode 100644
index 0000000..8bbaa3a
--- /dev/null
+++ b/tests/data_files/ec_prv.pk8param.der
Binary files differ
diff --git a/tests/data_files/ec_prv.pk8param.pem b/tests/data_files/ec_prv.pk8param.pem
new file mode 100644
index 0000000..978beca
--- /dev/null
+++ b/tests/data_files/ec_prv.pk8param.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgx+/F1F/nMZkz0NYVZGG7t1bwXPXP
+NhMhimhr5AKNT5OgCgYIKoZIzj0DAQehRANCAARkJXH1LofHesYJwJkoZQ0ijCVrxDFEi8e/fc1d
+6DS2Hsk55TWpL953QEIDN8RmW01lejceK3jQWs0uGDenGCcM
+-----END PRIVATE KEY-----
diff --git a/tests/data_files/server10_int3_int-ca2.crt b/tests/data_files/server10_int3_int-ca2.crt
index dfe889a..0df2c65 100644
--- a/tests/data_files/server10_int3_int-ca2.crt
+++ b/tests/data_files/server10_int3_int-ca2.crt
@@ -9,46 +9,6 @@
AzO3pJx7WJAApZuBX1Q=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIBwjCCAUegAwIBAgIBSTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTE1MDkwMTEzNDIxOFoXDTI1MDgyOTEzNDIxOFowSjELMAkG
-A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
-ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
-732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
-2J/utoHyjUtVpQOzdTrbsaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCB4Aw
-CgYIKoZIzj0EAwIDaQAwZgIxAJ9RX38bht+RNsQI2GUpNhC/Y+Tb1OU74O4iEa6+
-CkjBWTpLtHRKVdZq7ST0wk1LsQIxAIUi8L1Vx4DuUP0bJxIX/nuJqlBnBG+qRhSf
-VgHKgSyHidpZAJpaRi4IkY504CY/Yg==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
-WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
-ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
-BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
-D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
-FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
-yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
-ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
-7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
-CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
-ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
-A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
-VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
-oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
-Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
-rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
-AzO3pJx7WJAApZuBX1Q=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
diff --git a/tests/data_files/server10_int3_int-ca2_ca.crt b/tests/data_files/server10_int3_int-ca2_ca.crt
index e85cc4a..c25482b 100644
--- a/tests/data_files/server10_int3_int-ca2_ca.crt
+++ b/tests/data_files/server10_int3_int-ca2_ca.crt
@@ -9,46 +9,6 @@
AzO3pJx7WJAApZuBX1Q=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIBwjCCAUegAwIBAgIBSTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTE1MDkwMTEzNDIxOFoXDTI1MDgyOTEzNDIxOFowSjELMAkG
-A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
-ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
-732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
-2J/utoHyjUtVpQOzdTrbsaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCB4Aw
-CgYIKoZIzj0EAwIDaQAwZgIxAJ9RX38bht+RNsQI2GUpNhC/Y+Tb1OU74O4iEa6+
-CkjBWTpLtHRKVdZq7ST0wk1LsQIxAIUi8L1Vx4DuUP0bJxIX/nuJqlBnBG+qRhSf
-VgHKgSyHidpZAJpaRi4IkY504CY/Yg==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
-WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
-ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
-BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
-D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
-FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
-yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
-ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
-7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
-CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
-ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
-A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
-VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
-oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
-Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
-rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
-AzO3pJx7WJAApZuBX1Q=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
diff --git a/tests/data_files/server10_int3_spurious_int-ca2.crt b/tests/data_files/server10_int3_spurious_int-ca2.crt
new file mode 100644
index 0000000..c9d6715
--- /dev/null
+++ b/tests/data_files/server10_int3_spurious_int-ca2.crt
@@ -0,0 +1,64 @@
+-----BEGIN CERTIFICATE-----
+MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
+A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
+YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
+VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
+oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
+Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
+rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
+AzO3pJx7WJAApZuBX1Q=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
+732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
+ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
+Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
+pz590JvGWfM=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
+vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
+wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
+CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g
+Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q
+AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2
+qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM
+uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA
+kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P
+d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br
+Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
+updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
+a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
+AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
+i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
+Af5cNR8KhzegznL6amRObGGKmX1F
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
+WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
+ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
+BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
+D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
+FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
+yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
+ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
+7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
+CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
+ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-ss-expired.crt b/tests/data_files/server5-ss-expired.crt
new file mode 100644
index 0000000..287ce98
--- /dev/null
+++ b/tests/data_files/server5-ss-expired.crt
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB1jCCAX2gAwIBAgIJANhkYQXjo814MAoGCCqGSM49BAMCMEgxCzAJBgNVBAYT
+AlVLMREwDwYDVQQKDAhtYmVkIFRMUzESMBAGA1UECwwJdGVzdHN1aXRlMRIwEAYD
+VQQDDAlsb2NhbGhvc3QwHhcNMDcwNjI3MDkyNzE1WhcNMTcwNjI3MDkyNzE1WjBI
+MQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMxEjAQBgNVBAsMCXRlc3Rz
+dWl0ZTESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
+QgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/6i/SNF1d
+Fr2KiMJrdw1VzYoqDvoByLTt/6NQME4wHQYDVR0OBBYEFFBhpY/UB9nXggEM5WV/
+jGNGpxO+MB8GA1UdIwQYMBaAFFBhpY/UB9nXggEM5WV/jGNGpxO+MAwGA1UdEwQF
+MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgIAQ47gmTsbA8pphQ1jBeLQDp7W99qr6P
+oTl7/vYSJJcCICxNSJGLrNu8TfWLhgJiRsozMR9jGhp+tse1rlGUUJL6
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-ss-forgeca.crt b/tests/data_files/server5-ss-forgeca.crt
new file mode 100644
index 0000000..bfd7b70
--- /dev/null
+++ b/tests/data_files/server5-ss-forgeca.crt
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATmgAwIBAgIBTTAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
+A1UECgwIbWJlZCBUTFMxKDAmBgNVBAMMH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
+YXRlIENBIDMwHhcNMTUwOTAxMTIwODQzWhcNMjUwODI5MTIwODQzWjBKMQswCQYD
+VQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMxKDAmBgNVBAMMH21iZWQgVExTIFRl
+c3QgaW50ZXJtZWRpYXRlIENBIDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3
+zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI
+wmt3DVXNiioO+gHItO3/oxAwDjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kA
+MEYCIQDF5pY54AUMNbhy3jk+8sdgsZS6bmeH/QI4D0I6UiIhXQIhAO7Y8V7Z8bx2
+gZyyk/wZpswb53ZaIP2XsJiJ/CPMCCVq
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server7-badsign.crt b/tests/data_files/server7-badsign.crt
new file mode 100644
index 0000000..954b53a
--- /dev/null
+++ b/tests/data_files/server7-badsign.crt
@@ -0,0 +1,47 @@
+-----BEGIN CERTIFICATE-----
+MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
+47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
+MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
+IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
+AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
+FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
+8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
++gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
+QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
+yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
+TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
+deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
+0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
+OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
+VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
+a8Si6UK0
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
+vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
+wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
+CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g
+Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q
+AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2
+qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM
+uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA
+kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P
+d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br
+Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
+updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
+a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
+AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
+i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
+Af5cNR8KhzegznL6amRObGGKmX1F
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server7-expired.crt b/tests/data_files/server7-expired.crt
new file mode 100644
index 0000000..a25ce4b
--- /dev/null
+++ b/tests/data_files/server7-expired.crt
@@ -0,0 +1,47 @@
+-----BEGIN CERTIFICATE-----
+MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTA3MDYwNTA4MTQwM1oXDTE3MDYwNTA4MTQwM1owNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
+WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
+47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
+MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBv
+bGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBAHcG1ysT8yImc0x3Z2O0SOtSYYjCPS1Gc89j
+fWdBSoS5YhPHLgEjHQgDA6XdDNL0eUo3afhucEvSexhqLUABLu89cmi7ST+TsTEb
+/lu8qZUgpa1bcMOk1+whl0JllfcDEq2y0aclkO0/6M6JftNNJ3egq2qVBDEszTtY
+zcYZIr1o04TNp0fAtmPUH6zjpBkNB0DQyKFhgYPJNwTapj6ZDVi1zBK3wwFfZfgK
+s3QvwhWNNbHL4B0sPec/6TiF5dY3SeUM4L8oAGdT7/ELE6E74rFyS/EpjJdVzXDs
+FfQvUDPb6PJuWZbr4mNg/FANeGPa3VENcPz+4fj+Azi1vV3wD4OKT7W0zIkRZ+Wq
+1hLFuwa/JCSHsn1GWFyWd3+qHIoFJUSU3HNxWho+MZqta0Jx/PGvMdOxnJ2az1QX
+TaRwrilvN3KwvjGJ+cvGa7V9x8y9seRHZwfXXOx1ZZ0uEYquZ0jxKpBp/SdhRbA5
+zLmq088npt7tgi+LcrXydorgltBaGZA7P+/OJA2JkbIBBwdSjyfG6T07y4pgQ90h
+CeRqzu4jFcZE7mjpTdEyxAQRJa2dhHkhFB7Muq7ZTi3jlml5LZnlbUdPlR5iTgOU
+yueZsAAEb//A6EU008WmG/K+EY230JxEUzGNf2l1j1H94HcP9OwjY4bn2PJdVzcb
+B8PmaiMB
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
+vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
+wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
+CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g
+Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q
+AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2
+qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM
+uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA
+kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P
+d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br
+Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
+updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
+a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
+AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
+i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
+Af5cNR8KhzegznL6amRObGGKmX1F
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server7-future.crt b/tests/data_files/server7-future.crt
new file mode 100644
index 0000000..eeb596f
--- /dev/null
+++ b/tests/data_files/server7-future.crt
@@ -0,0 +1,47 @@
+-----BEGIN CERTIFICATE-----
+MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTI3MDYwNjA4MTQwM1oXDTM3MDYwNjA4MTQwM1owNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
+WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
+47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
+MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBv
+bGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBAHF4y9PmCUF1yOlBIUCUAAFMZmXJwOGsMNKI
+u0+At0sbs+W8J06PVyYt4UxL4TyIxHM6SOvKndFdCQxG7NQY0KU+HBdLVUM1iZy0
+Kopg7yHvEAZ0YWPptgCd10C/wmTz0b0R3cxhSb8FZjlBjNB7dJKhRQsh0za+GMx/
+LXunH/t0oP5an4yO3zTog+4+7bDGGEY7SymQJ9Z8t2gdZpn/r60j9IGhL5XI2BS/
++cU96DMF3cMmFk24vAfduYicKc8KowhUpGCsIP0bl+TY8Vq6kepBA2lnj7/YOkDs
+/f+wIS/Id/hdw9KxRUPX+cQLUt0/C7JktDVudZ5zLt1y0A971R+23ARtJGUBJGSp
+5tkVX8+hK8sT6AVOkcvA51IOBsVxmuoWk/WcjBDdOjyIK2JFdbcJYvR8cpRbL+j8
+HdQEu+LorvGp28m3Q5mBTKZLKgyUeQWrbYDqeub1OvYYkuvZPZWFEDP2VYcS7AXN
+IoUSTcMyhLNuncQl/z0Jbkto59+il6cQ2HIqkubLBk2X8uwMw2tloROlmklweHqR
+ta6aRlLxBMgccJpK7cU5H8TMb6aR9GJGyzQJ2vET3jPBq/uEwbvK8HRVJ7Ld68k6
+ZMCwXGdTeYuDWt0ngAhf+i+GNexJRSLvzRGt18DOrpmj2X3naarNSTfRArm4EINW
+WKW7hd8h
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
+vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
+wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
+CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g
+Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q
+AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2
+qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM
+uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA
+kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P
+d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br
+Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
+updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
+a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
+AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
+i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
+Af5cNR8KhzegznL6amRObGGKmX1F
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server7_int-ca-exp.crt b/tests/data_files/server7_int-ca-exp.crt
new file mode 100644
index 0000000..fc00517
--- /dev/null
+++ b/tests/data_files/server7_int-ca-exp.crt
@@ -0,0 +1,47 @@
+-----BEGIN CERTIFICATE-----
+MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
+47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
+MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
+IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
+AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
+FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
+8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
++gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
+QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
+yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
+TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
+deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
+0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
+OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
+VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
+a8Si6UK5
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MDcwNjI3MTAzODM3WhcNMTcwNjI3MTAzODM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
+vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
+wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
+CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g
+Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q
+AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2
+qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM
+uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA
+kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P
+d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br
+Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
+updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
+a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
+AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAPu/FDEPvIC/BnzPQDAr1bQakGiwBsE9zGKRgXgX
+Y3Q+XJKhMEKZ8h1m+S5c6taO0gIwNB14zmJ1gJ9X3+tPDfriWrVaNMG54Kr57/Ep
+773Ap7Gxpk168id1EFhvW22YabKs
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server7_spurious_int-ca.crt b/tests/data_files/server7_spurious_int-ca.crt
new file mode 100644
index 0000000..632c4fd
--- /dev/null
+++ b/tests/data_files/server7_spurious_int-ca.crt
@@ -0,0 +1,65 @@
+-----BEGIN CERTIFICATE-----
+MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
+47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
+MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
+IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
+AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
+FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
+8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
++gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
+QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
+yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
+TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
+deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
+0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
+OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
+VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
+a8Si6UK5
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
+WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
+ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
+BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
+D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
+FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
+yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
+ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
+7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
+CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
+ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
+vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
+wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
+CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g
+Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q
+AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2
+qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM
+uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA
+kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P
+d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br
+Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
+updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
+a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
+AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
+i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
+Af5cNR8KhzegznL6amRObGGKmX1F
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-alt-good.crt b/tests/data_files/test-ca-alt-good.crt
new file mode 100644
index 0000000..50c1453
--- /dev/null
+++ b/tests/data_files/test-ca-alt-good.crt
@@ -0,0 +1,42 @@
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTcwNzAzMTU1MzQxWhcNMjcwNzA0MTU1MzQxWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2crirFCFKa5J4yx4gC+/Pe2kkIpoT
+/SEvzefxJ8siPJl2XQVDrUFenNC8Uzw87/3Z7tW3uLKebn5++QEVYDtz5HAWfck1
+wwanGFL6noHw7qgQ5ak6HMoipPChD7Z6bKbBRgx2IVKoIbaXh0QmJ4qlaYc9rKGZ
+aH9vms5pwPwDTlQqnm+VenG6ThFajWLeL/MlvcGd4pLHAWjL6S2E0vU5WQR6rev7
+He9pdtD/vLO30nOPJ6JuDp+1gB5UIm1+jP9Ww8OsQVJHGyp729dvIvEicgp8NSNB
+UBtBZHpSVJM+BPlzKpXIVbiI7pU01q3xu0mleveUzL0tE0n9YT5uIcenAgMBAAGj
+gZUwgZIwHQYDVR0OBBYEFJSaOPcahiGKvsg629IQvHh34EuwMGMGA1UdIwRcMFqA
+FJSaOPcahiGKvsg629IQvHh34EuwoT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
+CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWsyH6AZdugfP40tiXH5PKD93QCuV
+dAm9c2oUKbNfsAJMHOsWWp+b7hSNRMvKz4jcPAIQnMGNp/U4PuESp16uS0O9szud
+X4HS8SD8GEto9d8uEF9J3fY6ZalCmgRrgwVpChy+MQmfqMr30OLTANsmoksA4ON3
+zdm5xDInPPjOq7emtdXoNOhv4rkM7dmeztC8DhO0n1PGeeY1CMCr93TcQzx1UVtl
+QHOkQQQJM9UoV0fEA1N5lsc9uSQxPmZCVMw/W+MFIEkH6nbgh0bM/qjcaqDsWXyT
+n5RutVDPESLLKaZxeR7J8srX/0nzhOiPIX+hDRWqhwQLxVkkRs6MxVDoiw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA
+FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
+CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHK/HHrTZMnnVMpde1io+voAtql7j
+4sRhLrjD7o3THtwRbDa2diCvpq0Sq23Ng2LMYoXsOxoL/RQK3iN7UKxV3MKPEr0w
+XQS+kKQqiT2bsfrjnWMVHZtUOMpm6FNqcdGm/Rss3vKda2lcKl8kUnq/ylc1+QbB
+G6A6tUvQcr2ZyWfVg+mM5XkhTrOOXus2OLikb4WwEtJTJRNE0f+yPODSUz0/vT57
+ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY
+n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-alt.crt b/tests/data_files/test-ca-alt.crt
new file mode 100644
index 0000000..7399e43
--- /dev/null
+++ b/tests/data_files/test-ca-alt.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTcwNzAzMTU1MzQxWhcNMjcwNzA0MTU1MzQxWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2crirFCFKa5J4yx4gC+/Pe2kkIpoT
+/SEvzefxJ8siPJl2XQVDrUFenNC8Uzw87/3Z7tW3uLKebn5++QEVYDtz5HAWfck1
+wwanGFL6noHw7qgQ5ak6HMoipPChD7Z6bKbBRgx2IVKoIbaXh0QmJ4qlaYc9rKGZ
+aH9vms5pwPwDTlQqnm+VenG6ThFajWLeL/MlvcGd4pLHAWjL6S2E0vU5WQR6rev7
+He9pdtD/vLO30nOPJ6JuDp+1gB5UIm1+jP9Ww8OsQVJHGyp729dvIvEicgp8NSNB
+UBtBZHpSVJM+BPlzKpXIVbiI7pU01q3xu0mleveUzL0tE0n9YT5uIcenAgMBAAGj
+gZUwgZIwHQYDVR0OBBYEFJSaOPcahiGKvsg629IQvHh34EuwMGMGA1UdIwRcMFqA
+FJSaOPcahiGKvsg629IQvHh34EuwoT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
+CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWsyH6AZdugfP40tiXH5PKD93QCuV
+dAm9c2oUKbNfsAJMHOsWWp+b7hSNRMvKz4jcPAIQnMGNp/U4PuESp16uS0O9szud
+X4HS8SD8GEto9d8uEF9J3fY6ZalCmgRrgwVpChy+MQmfqMr30OLTANsmoksA4ON3
+zdm5xDInPPjOq7emtdXoNOhv4rkM7dmeztC8DhO0n1PGeeY1CMCr93TcQzx1UVtl
+QHOkQQQJM9UoV0fEA1N5lsc9uSQxPmZCVMw/W+MFIEkH6nbgh0bM/qjcaqDsWXyT
+n5RutVDPESLLKaZxeR7J8srX/0nzhOiPIX+hDRWqhwQLxVkkRs6MxVDoiw==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-alt.csr b/tests/data_files/test-ca-alt.csr
new file mode 100644
index 0000000..898c9e6
--- /dev/null
+++ b/tests/data_files/test-ca-alt.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgDCCAWgCAQAwOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw
+FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAtnK4qxQhSmuSeMseIAvvz3tpJCKaE/0hL83n8SfLIjyZdl0FQ61B
+XpzQvFM8PO/92e7Vt7iynm5+fvkBFWA7c+RwFn3JNcMGpxhS+p6B8O6oEOWpOhzK
+IqTwoQ+2emymwUYMdiFSqCG2l4dEJieKpWmHPayhmWh/b5rOacD8A05UKp5vlXpx
+uk4RWo1i3i/zJb3BneKSxwFoy+kthNL1OVkEeq3r+x3vaXbQ/7yzt9Jzjyeibg6f
+tYAeVCJtfoz/VsPDrEFSRxsqe9vXbyLxInIKfDUjQVAbQWR6UlSTPgT5cyqVyFW4
+iO6VNNat8btJpXr3lMy9LRNJ/WE+biHHpwIDAQABoAAwDQYJKoZIhvcNAQELBQAD
+ggEBAGHWUwqKMe+XwZ44u+1RKsH3jCXmxkBW4rwJwqtkrW8dzjCqFGmQoJeFivOA
+o0TPchkpQXGUNssFPbXZZsq7OBt1hPkH7wMxknztu+D4F9wJ2Oxpy8x44WeUr3pI
+rnl/VivUaywiIPMwR3W+7IIFTmzKfcSYf0l6uv4/A8BiSvtI4U9InfSvU+ENHuNH
+rb0ynhYEqy9NHA2exD0A/gQb40CAHtJL+sTVTRgxOx8xT8K8WAQufk0HSB6iel6M
+I+6VLnVjGJ5P/t6zPI4jcLzyg4V9DS282a/SadRFGc0uwPWxJW906BO5g6PNMaA8
+BdcuWaWwa2KQ/LuUCmumy+fC68E=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/test-ca-alt.key b/tests/data_files/test-ca-alt.key
new file mode 100644
index 0000000..84b8fab
--- /dev/null
+++ b/tests/data_files/test-ca-alt.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAtnK4qxQhSmuSeMseIAvvz3tpJCKaE/0hL83n8SfLIjyZdl0F
+Q61BXpzQvFM8PO/92e7Vt7iynm5+fvkBFWA7c+RwFn3JNcMGpxhS+p6B8O6oEOWp
+OhzKIqTwoQ+2emymwUYMdiFSqCG2l4dEJieKpWmHPayhmWh/b5rOacD8A05UKp5v
+lXpxuk4RWo1i3i/zJb3BneKSxwFoy+kthNL1OVkEeq3r+x3vaXbQ/7yzt9Jzjyei
+bg6ftYAeVCJtfoz/VsPDrEFSRxsqe9vXbyLxInIKfDUjQVAbQWR6UlSTPgT5cyqV
+yFW4iO6VNNat8btJpXr3lMy9LRNJ/WE+biHHpwIDAQABAoIBAAT6+rmI0iPS7euo
+N8lOKhyy1LrsyuHyzf4dE9DMckob92B4x5UCXL91bmlFqGZNctOJJoJeY1nZ0FAt
+Ae+Qce8G9FxY0K5MBZl4G4PF4ewux522dzkj4gyyDfOHl0aeQqsR+3MaE8SNLwvR
+4HVeLPW4/L0dQkgKxzfHtQzD/N0mMW2/iywyiLYmvLBSHl3eZ+te0Q+5/JEm8fjU
+FkVytSvJ6Z/c5U2PR0N6ampVgB7X7Uf6nEhDJW21q+u85JC60ujIn7TEZKd4bfIM
+dMZF8LFczSzQ4mWISfhfRKVRew457tJalA/8qwg14jeggEuiDBE1FnR2f/JdHA9I
+e/VyrnkCgYEA32bBltrgz9V6Z1x9XD2+T2aot/u1XHORM7EPZJMA9gP4wMBcbyy8
+zdpGf1hrJX3JMoKBDy6Xty8Cs9WJytWUwfwd92Sz01It4XeLsIeqYBq51gjGN+Fp
+auw/8zifKdAEPMJXNhUX9sSuUz1LaT6wFI3vatWliliMPPbdgyoRmKMCgYEA0RIj
++huEwNkHWEaj47aDafekpRoVs81IjUjrXx6c0cabco10YR+TPX9+dwmjV4O5Y2f2
+Ph+ivXlPiOpf7Psx0PFlMPawWeoKIZjKPR92bMiLDXC0uF9frTujKm7VRNbAVjFE
+7tvrVJnoDITSHMGXMui69o844klJUMwNpGFOcS0CgYEAkENaBiHIBU5VIgQvC+7v
+Q3UGxPCtmEsk3B2d1BO+DiBYdZiC2GQqdEBdQAUIBAjrcUunLfenj2qzMxBVT/+G
+dZJqg4SrP26VJEE/mrqxAiigEyBNaG6O1bZEQbsxxR2IbvgMu2b5t6gg7q3pUchi
+ipNxpSrcIK+3t/Ku7vGutUMCgYEAl5t0A1YZOk8nCFiRV/tt6FXwStlTi4L9bZbH
+N77XMTe4WaVCE3v2Jc5iQqf2juuyb+dfpUUDmipyBnMPBKZTRZUHMC5zS4BvwFUv
+sosyMUhrrV9hbaGbm993ProIZVblOpuXxS4sxLimkQ1v3/JyVjR1/310XoOOaszN
+x7nYTDECgYEAoLAWorWXzAO5GOAc3sf51dtTNnm2gJQ8v4FlJ0kWrjStUmb+aLR0
+20MCjIDuW/zWP5bVcD+pw8YW6UN0C5m45vTpUQgF59Ic1UMC+0H4z31N+QafaRfJ
+yk5Nd2sIrJSkwuI23CnEh5khhiNTE2zvgNaHs5vkJu57xDxjg0GH45k=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/test-ca-good-alt.crt b/tests/data_files/test-ca-good-alt.crt
new file mode 100644
index 0000000..9edf4c2
--- /dev/null
+++ b/tests/data_files/test-ca-good-alt.crt
@@ -0,0 +1,42 @@
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA
+FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
+CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHK/HHrTZMnnVMpde1io+voAtql7j
+4sRhLrjD7o3THtwRbDa2diCvpq0Sq23Ng2LMYoXsOxoL/RQK3iN7UKxV3MKPEr0w
+XQS+kKQqiT2bsfrjnWMVHZtUOMpm6FNqcdGm/Rss3vKda2lcKl8kUnq/ylc1+QbB
+G6A6tUvQcr2ZyWfVg+mM5XkhTrOOXus2OLikb4WwEtJTJRNE0f+yPODSUz0/vT57
+ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY
+n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTcwNzAzMTU1MzQxWhcNMjcwNzA0MTU1MzQxWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2crirFCFKa5J4yx4gC+/Pe2kkIpoT
+/SEvzefxJ8siPJl2XQVDrUFenNC8Uzw87/3Z7tW3uLKebn5++QEVYDtz5HAWfck1
+wwanGFL6noHw7qgQ5ak6HMoipPChD7Z6bKbBRgx2IVKoIbaXh0QmJ4qlaYc9rKGZ
+aH9vms5pwPwDTlQqnm+VenG6ThFajWLeL/MlvcGd4pLHAWjL6S2E0vU5WQR6rev7
+He9pdtD/vLO30nOPJ6JuDp+1gB5UIm1+jP9Ww8OsQVJHGyp729dvIvEicgp8NSNB
+UBtBZHpSVJM+BPlzKpXIVbiI7pU01q3xu0mleveUzL0tE0n9YT5uIcenAgMBAAGj
+gZUwgZIwHQYDVR0OBBYEFJSaOPcahiGKvsg629IQvHh34EuwMGMGA1UdIwRcMFqA
+FJSaOPcahiGKvsg629IQvHh34EuwoT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
+CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWsyH6AZdugfP40tiXH5PKD93QCuV
+dAm9c2oUKbNfsAJMHOsWWp+b7hSNRMvKz4jcPAIQnMGNp/U4PuESp16uS0O9szud
+X4HS8SD8GEto9d8uEF9J3fY6ZalCmgRrgwVpChy+MQmfqMr30OLTANsmoksA4ON3
+zdm5xDInPPjOq7emtdXoNOhv4rkM7dmeztC8DhO0n1PGeeY1CMCr93TcQzx1UVtl
+QHOkQQQJM9UoV0fEA1N5lsc9uSQxPmZCVMw/W+MFIEkH6nbgh0bM/qjcaqDsWXyT
+n5RutVDPESLLKaZxeR7J8srX/0nzhOiPIX+hDRWqhwQLxVkkRs6MxVDoiw==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf
index 12835df..f66b39e 100644
--- a/tests/data_files/test-ca.opensslconf
+++ b/tests/data_files/test-ca.opensslconf
@@ -11,3 +11,18 @@
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
+
+[noext_ca]
+basicConstraints = CA:true
+
+[test_ca]
+database = /dev/null
+
+[crl_ext_idp]
+issuingDistributionPoint=critical, @idpdata
+
+[crl_ext_idp_nc]
+issuingDistributionPoint=@idpdata
+
+[idpdata]
+fullname=URI:http://pki.example.com/
diff --git a/tests/data_files/test-ca2-expired.crt b/tests/data_files/test-ca2-expired.crt
new file mode 100644
index 0000000..22e4797
--- /dev/null
+++ b/tests/data_files/test-ca2-expired.crt
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0wMzA5MjQxNTQ5NDhaFw0xMzA5MjQxNTQ5NDhaMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2
+MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5
+WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p
+w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E
+FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ
+vH4kydv7NnwwDAYIKoZIzj0EAwIFAANpADBmAjEAvQ/49lXXrLYdOIGtTaYWjpZP
+tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm
+l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-int-ca-exp.crt b/tests/data_files/test-int-ca-exp.crt
new file mode 100644
index 0000000..c549654
--- /dev/null
+++ b/tests/data_files/test-int-ca-exp.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MDcwNjI3MTAzODM3WhcNMTcwNjI3MTAzODM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
+vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
+wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
+CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g
+Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q
+AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2
+qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM
+uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA
+kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P
+d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br
+Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
+updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
+a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
+AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAPu/FDEPvIC/BnzPQDAr1bQakGiwBsE9zGKRgXgX
+Y3Q+XJKhMEKZ8h1m+S5c6taO0gIwNB14zmJ1gJ9X3+tPDfriWrVaNMG54Kr57/Ep
+773Ap7Gxpk168id1EFhvW22YabKs
+-----END CERTIFICATE-----
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index d5fc12d..e6c7549 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -94,7 +94,6 @@
MEMORY=0
FORCE=0
KEEP_GOING=0
-RELEASE=0
RUN_ARMCC=1
YOTTA=1
@@ -126,8 +125,12 @@
-m|--memory Additional optional memory tests.
--armcc Run ARM Compiler builds (on by default).
--no-armcc Skip ARM Compiler builds.
+ --no-force Refuse to overwrite modified files (default).
+ --no-keep-going Stop at the first error (default).
+ --no-memory No additional memory tests (default).
--no-yotta Skip yotta module build.
--out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
+ --random-seed Use a random seed value for randomized tests (default).
-r|--release-test Run this script in release mode. This fixes the seed value to 1.
-s|--seed Integer seed value to use for this test run.
--yotta Build yotta module (on by default).
@@ -214,74 +217,29 @@
while [ $# -gt 0 ]; do
case "$1" in
- --armcc)
- RUN_ARMCC=1
- ;;
- --armc5-bin-dir)
- shift
- ARMC5_BIN_DIR="$1"
- ;;
- --armc6-bin-dir)
- shift
- ARMC6_BIN_DIR="$1"
- ;;
- --force|-f)
- FORCE=1
- ;;
- --gnutls-cli)
- shift
- GNUTLS_CLI="$1"
- ;;
- --gnutls-legacy-cli)
- shift
- GNUTLS_LEGACY_CLI="$1"
- ;;
- --gnutls-legacy-serv)
- shift
- GNUTLS_LEGACY_SERV="$1"
- ;;
- --gnutls-serv)
- shift
- GNUTLS_SERV="$1"
- ;;
- --help|-h)
- usage
- exit
- ;;
- --keep-going|-k)
- KEEP_GOING=1
- ;;
- --memory|-m)
- MEMORY=1
- ;;
- --no-armcc)
- RUN_ARMCC=0
- ;;
- --no-yotta)
- YOTTA=0
- ;;
- --openssl)
- shift
- OPENSSL="$1"
- ;;
- --openssl-legacy)
- shift
- OPENSSL_LEGACY="$1"
- ;;
- --out-of-source-dir)
- shift
- OUT_OF_SOURCE_DIR="$1"
- ;;
- --release-test|-r)
- RELEASE=1
- ;;
- --seed|-s)
- shift
- SEED="$1"
- ;;
- --yotta)
- YOTTA=1
- ;;
+ --armcc) RUN_ARMCC=1;;
+ --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
+ --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
+ --force|-f) FORCE=1;;
+ --gnutls-cli) shift; GNUTLS_CLI="$1";;
+ --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";;
+ --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";;
+ --gnutls-serv) shift; GNUTLS_SERV="$1";;
+ --help|-h) usage; exit;;
+ --keep-going|-k) KEEP_GOING=1;;
+ --memory|-m) MEMORY=1;;
+ --no-armcc) RUN_ARMCC=0;;
+ --no-force) FORCE=0;;
+ --no-keep-going) KEEP_GOING=0;;
+ --no-memory) MEMORY=0;;
+ --no-yotta) YOTTA=0;;
+ --openssl) shift; OPENSSL="$1";;
+ --openssl-legacy) shift; OPENSSL_LEGACY="$1";;
+ --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
+ --random-seed) unset SEED;;
+ --release-test|-r) SEED=1;;
+ --seed|-s) shift; SEED="$1";;
+ --yotta) YOTTA=1;;
*)
echo >&2 "Unknown option: $1"
echo >&2 "Run $0 --help for usage."
@@ -328,7 +286,7 @@
start_red=
end_color=
if [ -t 1 ]; then
- case "$TERM" in
+ case "${TERM:-}" in
*color*|cygwin|linux|rxvt*|screen|[Eex]term*)
start_red=$(printf '\033[31m')
end_color=$(printf '\033[0m')
@@ -386,11 +344,6 @@
fi
}
-if [ $RELEASE -eq 1 ]; then
- # Fix the seed value to 1 to ensure that the tests are deterministic.
- SEED=1
-fi
-
msg "info: $0 configuration"
echo "MEMORY: $MEMORY"
echo "FORCE: $FORCE"
@@ -416,12 +369,14 @@
export GNUTLS_SERV="$GNUTLS_SERV"
# Avoid passing --seed flag in every call to ssl-opt.sh
-[ ! -z ${SEED+set} ] && export SEED
+if [ -n "${SEED-}" ]; then
+ export SEED
+fi
# Make sure the tools we need are available.
check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \
"$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \
- "arm-none-eabi-gcc" "i686-w64-mingw32-gcc"
+ "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" "gdb"
if [ $RUN_ARMCC -ne 0 ]; then
check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR"
fi
@@ -447,7 +402,7 @@
OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \
GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \
GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" ARMC5_CC="$ARMC5_CC" \
- ARMC6_CC="$ARMC6_CC" scripts/output_env.sh
+ ARMC6_CC="$ARMC6_CC" RUN_ARMCC="$RUN_ARMCC" scripts/output_env.sh
msg "test: recursion.pl" # < 1s
tests/scripts/recursion.pl library/*.c
@@ -492,7 +447,7 @@
if_build_succeeded tests/ssl-opt.sh
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
-if_build_succeeded tests/scripts/test-ref-configs.pl
+record_status tests/scripts/test-ref-configs.pl
msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min
make
@@ -530,16 +485,32 @@
msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
if_build_succeeded tests/ssl-opt.sh
-msg "build: cmake, full config, clang, C99" # ~ 50s
+msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl set MBEDTLS_RSA_NO_CRT
+CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+make
+
+msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
+make test
+
+msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
+tests/ssl-opt.sh -f RSA
+
+msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
+tests/compat.sh -t RSA
+
+msg "build: cmake, full config, clang" # ~ 50s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On .
-make CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic'
+make
msg "test: main suites (full config)" # ~ 5s
-make CFLAGS='-Werror -Wall -Wextra' test
+make test
msg "test: ssl-opt.sh default (full config)" # ~ 1s
if_build_succeeded tests/ssl-opt.sh -f Default
@@ -549,13 +520,19 @@
msg "test/build: curves.pl (gcc)" # ~ 4 min
cleanup
-cmake -D CMAKE_BUILD_TYPE:String=Debug .
-if_build_succeeded tests/scripts/curves.pl
+record_status tests/scripts/curves.pl
+
+msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min
+cleanup
+record_status tests/scripts/depends-hashes.pl
+
+msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min
+cleanup
+record_status tests/scripts/depends-pkalgs.pl
msg "test/build: key-exchanges (gcc)" # ~ 1 min
cleanup
-cmake -D CMAKE_BUILD_TYPE:String=Check .
-if_build_succeeded tests/scripts/key-exchanges.pl
+record_status tests/scripts/key-exchanges.pl
msg "build: Unix make, -Os (gcc)" # ~ 30s
cleanup
@@ -642,6 +619,34 @@
msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)"
make test
+msg "build: default config with AES_FEWER_TABLES enabled"
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl set MBEDTLS_AES_FEWER_TABLES
+make CC=gcc CFLAGS='-Werror -Wall -Wextra'
+
+msg "test: AES_FEWER_TABLES"
+make test
+
+msg "build: default config with AES_ROM_TABLES enabled"
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl set MBEDTLS_AES_ROM_TABLES
+make CC=gcc CFLAGS='-Werror -Wall -Wextra'
+
+msg "test: AES_ROM_TABLES"
+make test
+
+msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled"
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl set MBEDTLS_AES_FEWER_TABLES
+scripts/config.pl set MBEDTLS_AES_ROM_TABLES
+make CC=gcc CFLAGS='-Werror -Wall -Wextra'
+
+msg "test: AES_FEWER_TABLES + AES_ROM_TABLES"
+make test
+
if uname -a | grep -F Linux >/dev/null; then
msg "build/test: make shared" # ~ 40s
cleanup
@@ -857,6 +862,15 @@
cd "$MBEDTLS_ROOT_DIR"
rm -rf "$OUT_OF_SOURCE_DIR"
+for optimization_flag in -O2 -O3 -Ofast -Os; do
+ for compiler in clang gcc; do
+ msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
+ cleanup
+ CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" make programs
+ gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx
+ done
+done
+
################################################################
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
index bd13f52..0041814 100755
--- a/tests/scripts/curves.pl
+++ b/tests/scripts/curves.pl
@@ -17,9 +17,12 @@
#
# And any test suite with the wrong dependencies will fail.
#
-# Usage: curves.pl
+# Usage: tests/scripts/curves.pl
#
# This script should be executed from the root of the project directory.
+#
+# For best effect, run either with cmake disabled, or cmake enabled in a mode
+# that includes -Werror.
use warnings;
use strict;
@@ -33,14 +36,17 @@
system( "cp $config_h $config_h.bak" ) and die;
sub abort {
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
- die $_[0];
+ # use an exit code between 1 and 124 for git bisect (die returns 255)
+ warn $_[0];
+ exit 1;
}
for my $curve (@curves) {
system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
+ system( "make clean" ) and die;
+
# depends on a specific curve. Also, ignore error if it wasn't enabled
system( "scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED" );
- system( "make clean" ) and die;
print "\n******************************************\n";
print "* Testing without curve: $curve\n";
diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl
new file mode 100755
index 0000000..29dcfb0
--- /dev/null
+++ b/tests/scripts/depends-hashes.pl
@@ -0,0 +1,77 @@
+#!/usr/bin/perl
+
+# depends-hashes.pl
+#
+# Copyright (c) 2017, ARM Limited, All Rights Reserved
+#
+# Purpose
+#
+# To test the code dependencies on individual hashes in each test suite. This
+# is a verification step to ensure we don't ship test suites that do not work
+# for some build options.
+#
+# The process is:
+# for each possible hash
+# build the library and test suites with the hash disabled
+# execute the test suites
+#
+# And any test suite with the wrong dependencies will fail.
+#
+# Usage: tests/scripts/depends-hashes.pl
+#
+# This script should be executed from the root of the project directory.
+#
+# For best effect, run either with cmake disabled, or cmake enabled in a mode
+# that includes -Werror.
+
+use warnings;
+use strict;
+
+-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
+
+my $config_h = 'include/mbedtls/config.h';
+
+# as many SSL options depend on specific hashes,
+# and SSL is not in the test suites anyways,
+# disable it to avoid dependcies issues
+my $ssl_sed_cmd = 's/^#define \(MBEDTLS_SSL.*\)/\1/p';
+my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` );
+
+# for md we want to catch MD5_C but not MD_C, hence the extra dot
+my $mdx_sed_cmd = 's/^#define \(MBEDTLS_MD..*_C\)/\1/p';
+my $sha_sed_cmd = 's/^#define \(MBEDTLS_SHA.*_C\)/\1/p';
+my @hashes = split( /\s+/,
+ `sed -n -e '$mdx_sed_cmd' -e '$sha_sed_cmd' $config_h` );
+system( "cp $config_h $config_h.bak" ) and die;
+sub abort {
+ system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
+ # use an exit code between 1 and 124 for git bisect (die returns 255)
+ warn $_[0];
+ exit 1;
+}
+
+for my $hash (@hashes) {
+ system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
+ system( "make clean" ) and die;
+
+ print "\n******************************************\n";
+ print "* Testing without hash: $hash\n";
+ print "******************************************\n";
+
+ system( "scripts/config.pl unset $hash" )
+ and abort "Failed to disable $hash\n";
+
+ for my $opt (@ssl) {
+ system( "scripts/config.pl unset $opt" )
+ and abort "Failed to disable $opt\n";
+ }
+
+ system( "CFLAGS='-Werror -Wall -Wextra' make lib" )
+ and abort "Failed to build lib: $hash\n";
+ system( "cd tests && make" ) and abort "Failed to build tests: $hash\n";
+ system( "make test" ) and abort "Failed test suite: $hash\n";
+}
+
+system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
+system( "make clean" ) and die;
+exit 0;
diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl
new file mode 100755
index 0000000..14c92b2
--- /dev/null
+++ b/tests/scripts/depends-pkalgs.pl
@@ -0,0 +1,91 @@
+#!/usr/bin/perl
+
+# depends-pkalgs.pl
+#
+# Copyright (c) 2017, ARM Limited, All Rights Reserved
+#
+# Purpose
+#
+# To test the code dependencies on individual PK algs (those that can be used
+# from the PK layer, so currently signature and encryption but not key
+# exchange) in each test suite. This is a verification step to ensure we don't
+# ship test suites that do not work for some build options.
+#
+# The process is:
+# for each possible PK alg
+# build the library and test suites with that alg disabled
+# execute the test suites
+#
+# And any test suite with the wrong dependencies will fail.
+#
+# Usage: tests/scripts/depends-pkalgs.pl
+#
+# This script should be executed from the root of the project directory.
+#
+# For best effect, run either with cmake disabled, or cmake enabled in a mode
+# that includes -Werror.
+
+use warnings;
+use strict;
+
+-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
+
+my $config_h = 'include/mbedtls/config.h';
+
+# Some algorithms can't be disabled on their own as others depend on them, so
+# we list those reverse-dependencies here to keep check_config.h happy.
+my %algs = (
+ 'MBEDTLS_ECDSA_C' => ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'],
+ 'MBEDTLS_ECP_C' => ['MBEDTLS_ECDSA_C',
+ 'MBEDTLS_ECDH_C',
+ 'MBEDTLS_ECJPAKE_C',
+ 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
+ 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED',
+ 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED',
+ 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
+ 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'],
+ 'MBEDTLS_X509_RSASSA_PSS_SUPPORT' => [],
+ 'MBEDTLS_PKCS1_V21' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'],
+ 'MBEDTLS_PKCS1_V15' => ['MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED',
+ 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
+ 'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED',
+ 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'],
+ 'MBEDTLS_RSA_C' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT',
+ 'MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED',
+ 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
+ 'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED',
+ 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'],
+);
+
+system( "cp $config_h $config_h.bak" ) and die;
+sub abort {
+ system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
+ # use an exit code between 1 and 124 for git bisect (die returns 255)
+ warn $_[0];
+ exit 1;
+}
+
+while( my ($alg, $extras) = each %algs ) {
+ system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
+ system( "make clean" ) and die;
+
+ print "\n******************************************\n";
+ print "* Testing without alg: $alg\n";
+ print "******************************************\n";
+
+ system( "scripts/config.pl unset $alg" )
+ and abort "Failed to disable $alg\n";
+ for my $opt (@$extras) {
+ system( "scripts/config.pl unset $opt" )
+ and abort "Failed to disable $opt\n";
+ }
+
+ system( "CFLAGS='-Werror -Wall -Wextra' make lib" )
+ and abort "Failed to build lib: $alg\n";
+ system( "cd tests && make" ) and abort "Failed to build tests: $alg\n";
+ system( "make test" ) and abort "Failed test suite: $alg\n";
+}
+
+system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
+system( "make clean" ) and die;
+exit 0;
diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl
index 46826c3..d167c67 100755
--- a/tests/scripts/key-exchanges.pl
+++ b/tests/scripts/key-exchanges.pl
@@ -1,8 +1,25 @@
#!/usr/bin/perl
-# test that all configs with only a single key exchange enabled build
+# key-exchanges.pl
+#
+# Copyright (c) 2015-2017, ARM Limited, All Rights Reserved
+#
+# Purpose
+#
+# To test the code dependencies on individual key exchanges in the SSL module.
+# is a verification step to ensure we don't ship SSL code that do not work
+# for some build options.
+#
+# The process is:
+# for each possible key exchange
+# build the library with all but that key exchange disabled
#
# Usage: tests/scripts/key-exchanges.pl
+#
+# This script should be executed from the root of the project directory.
+#
+# For best effect, run either with cmake disabled, or cmake enabled in a mode
+# that includes -Werror.
use warnings;
use strict;
@@ -16,7 +33,9 @@
system( "cp $config_h $config_h.bak" ) and die;
sub abort {
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
- die $_[0];
+ # use an exit code between 1 and 124 for git bisect (die returns 255)
+ warn $_[0];
+ exit 1;
}
for my $kex (@kexes) {
diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl
index 1f73a54..7e2974b 100755
--- a/tests/scripts/run-test-suites.pl
+++ b/tests/scripts/run-test-suites.pl
@@ -41,6 +41,7 @@
# in case test suites are linked dynamically
$ENV{'LD_LIBRARY_PATH'} = '../library';
+$ENV{'DYLD_LIBRARY_PATH'} = '../library';
my $prefix = $^O eq "MSWin32" ? '' : './';
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index 79bacd4..b07329c 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -53,7 +53,9 @@
system( "cp $config_h $config_h.bak" ) and die;
sub abort {
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
- die $_[0];
+ # use an exit code between 1 and 124 for git bisect (die returns 255)
+ warn $_[0];
+ exit 1;
}
while( my ($conf, $data) = each %configs ) {
diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb
new file mode 100644
index 0000000..617ab55
--- /dev/null
+++ b/tests/scripts/test_zeroize.gdb
@@ -0,0 +1,70 @@
+# test_zeroize.gdb
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+#
+# Copyright (c) 2018, Arm Limited, All Rights Reserved
+#
+# Purpose
+#
+# Run a test using the debugger to check that the mbedtls_platform_zeroize()
+# function in platform_util.h is not being optimized out by the compiler. To do
+# so, the script loads the test program at programs/test/zeroize.c and sets a
+# breakpoint at the last return statement in main(). When the breakpoint is
+# hit, the debugger manually checks the contents to be zeroized and checks that
+# it is actually cleared.
+#
+# The mbedtls_platform_zeroize() test is debugger driven because there does not
+# seem to be a mechanism to reliably check whether the zeroize calls are being
+# eliminated by compiler optimizations from within the compiled program. The
+# problem is that a compiler would typically remove what it considers to be
+# "unecessary" assignments as part of redundant code elimination. To identify
+# such code, the compilar will create some form dependency graph between
+# reads and writes to variables (among other situations). It will then use this
+# data structure to remove redundant code that does not have an impact on the
+# program's observable behavior. In the case of mbedtls_platform_zeroize(), an
+# intelligent compiler could determine that this function clears a block of
+# memory that is not accessed later in the program, so removing the call to
+# mbedtls_platform_zeroize() does not have an observable behavior. However,
+# inserting a test after a call to mbedtls_platform_zeroize() to check whether
+# the block of memory was correctly zeroed would force the compiler to not
+# eliminate the mbedtls_platform_zeroize() call. If this does not occur, then
+# the compiler potentially has a bug.
+#
+# Note: This test requires that the test program is compiled with -g3.
+#
+# WARNING: There does not seem to be a mechanism in GDB scripts to set a
+# breakpoint at the end of a function (probably because there are a lot of
+# complications as function can have multiple exit points, etc). Therefore, it
+# was necessary to hard-code the line number of the breakpoint in the zeroize.c
+# test app. The assumption is that zeroize.c is a simple test app that does not
+# change often (as opposed to the actual library code), so the breakpoint line
+# number does not need to be updated often.
+
+set confirm off
+file ./programs/test/zeroize
+break zeroize.c:100
+
+set args ./programs/test/zeroize.c
+run
+
+set $i = 0
+set $len = sizeof(buf)
+set $buf = buf
+
+while $i < $len
+ if $buf[$i++] != 0
+ echo The buffer at was not zeroized\n
+ quit 1
+ end
+end
+
+echo The buffer was correctly zeroized\n
+
+continue
+
+if $_exitcode != 0
+ echo The program did not terminate correctly\n
+ quit 1
+end
+
+quit 0
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 2d6b71a..c4a10a2 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -231,7 +231,7 @@
fi
echo " ! outputs saved to o-XXX-${TESTS}.log"
- if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot ]; then
+ if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
echo " ! server output:"
cat o-srv-${TESTS}.log
echo " ! ========================================================"
@@ -465,9 +465,12 @@
eval "$CLI_CMD" >> $CLI_OUT 2>&1 &
wait_client_done
+ sleep 0.05
+
# terminate the server (and the proxy)
kill $SRV_PID
wait $SRV_PID
+
if [ -n "$PXY_CMD" ]; then
kill $PXY_PID >/dev/null 2>&1
wait $PXY_PID
@@ -631,16 +634,19 @@
get_options "$@"
# sanity checks, avoid an avalanche of errors
-if [ ! -x "$P_SRV" ]; then
- echo "Command '$P_SRV' is not an executable file"
+P_SRV_BIN="${P_SRV%%[ ]*}"
+P_CLI_BIN="${P_CLI%%[ ]*}"
+P_PXY_BIN="${P_PXY%%[ ]*}"
+if [ ! -x "$P_SRV_BIN" ]; then
+ echo "Command '$P_SRV_BIN' is not an executable file"
exit 1
fi
-if [ ! -x "$P_CLI" ]; then
- echo "Command '$P_CLI' is not an executable file"
+if [ ! -x "$P_CLI_BIN" ]; then
+ echo "Command '$P_CLI_BIN' is not an executable file"
exit 1
fi
-if [ ! -x "$P_PXY" ]; then
- echo "Command '$P_PXY' is not an executable file"
+if [ ! -x "$P_PXY_BIN" ]; then
+ echo "Command '$P_PXY_BIN' is not an executable file"
exit 1
fi
if [ "$MEMCHECK" -gt 0 ]; then
@@ -2704,6 +2710,118 @@
-C "mbedtls_ssl_handshake returned" \
-c "Read from server: .* bytes read"
+# Tests for event-driven I/O: exercise a variety of handshake flows
+
+run_test "Event-driven I/O: basic handshake" \
+ "$P_SRV event=1 tickets=0 auth_mode=none" \
+ "$P_CLI event=1 tickets=0" \
+ 0 \
+ -S "mbedtls_ssl_handshake returned" \
+ -C "mbedtls_ssl_handshake returned" \
+ -c "Read from server: .* bytes read"
+
+run_test "Event-driven I/O: client auth" \
+ "$P_SRV event=1 tickets=0 auth_mode=required" \
+ "$P_CLI event=1 tickets=0" \
+ 0 \
+ -S "mbedtls_ssl_handshake returned" \
+ -C "mbedtls_ssl_handshake returned" \
+ -c "Read from server: .* bytes read"
+
+run_test "Event-driven I/O: ticket" \
+ "$P_SRV event=1 tickets=1 auth_mode=none" \
+ "$P_CLI event=1 tickets=1" \
+ 0 \
+ -S "mbedtls_ssl_handshake returned" \
+ -C "mbedtls_ssl_handshake returned" \
+ -c "Read from server: .* bytes read"
+
+run_test "Event-driven I/O: ticket + client auth" \
+ "$P_SRV event=1 tickets=1 auth_mode=required" \
+ "$P_CLI event=1 tickets=1" \
+ 0 \
+ -S "mbedtls_ssl_handshake returned" \
+ -C "mbedtls_ssl_handshake returned" \
+ -c "Read from server: .* bytes read"
+
+run_test "Event-driven I/O: ticket + client auth + resume" \
+ "$P_SRV event=1 tickets=1 auth_mode=required" \
+ "$P_CLI event=1 tickets=1 reconnect=1" \
+ 0 \
+ -S "mbedtls_ssl_handshake returned" \
+ -C "mbedtls_ssl_handshake returned" \
+ -c "Read from server: .* bytes read"
+
+run_test "Event-driven I/O: ticket + resume" \
+ "$P_SRV event=1 tickets=1 auth_mode=none" \
+ "$P_CLI event=1 tickets=1 reconnect=1" \
+ 0 \
+ -S "mbedtls_ssl_handshake returned" \
+ -C "mbedtls_ssl_handshake returned" \
+ -c "Read from server: .* bytes read"
+
+run_test "Event-driven I/O: session-id resume" \
+ "$P_SRV event=1 tickets=0 auth_mode=none" \
+ "$P_CLI event=1 tickets=0 reconnect=1" \
+ 0 \
+ -S "mbedtls_ssl_handshake returned" \
+ -C "mbedtls_ssl_handshake returned" \
+ -c "Read from server: .* bytes read"
+
+run_test "Event-driven I/O, DTLS: basic handshake" \
+ "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \
+ "$P_CLI dtls=1 event=1 tickets=0" \
+ 0 \
+ -c "Read from server: .* bytes read"
+
+run_test "Event-driven I/O, DTLS: client auth" \
+ "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \
+ "$P_CLI dtls=1 event=1 tickets=0" \
+ 0 \
+ -c "Read from server: .* bytes read"
+
+run_test "Event-driven I/O, DTLS: ticket" \
+ "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
+ "$P_CLI dtls=1 event=1 tickets=1" \
+ 0 \
+ -c "Read from server: .* bytes read"
+
+run_test "Event-driven I/O, DTLS: ticket + client auth" \
+ "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
+ "$P_CLI dtls=1 event=1 tickets=1" \
+ 0 \
+ -c "Read from server: .* bytes read"
+
+run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \
+ "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
+ "$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \
+ 0 \
+ -c "Read from server: .* bytes read"
+
+run_test "Event-driven I/O, DTLS: ticket + resume" \
+ "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
+ "$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \
+ 0 \
+ -c "Read from server: .* bytes read"
+
+run_test "Event-driven I/O, DTLS: session-id resume" \
+ "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \
+ "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \
+ 0 \
+ -c "Read from server: .* bytes read"
+
+# This test demonstrates the need for the mbedtls_ssl_check_pending function.
+# During session resumption, the client will send its ApplicationData record
+# within the same datagram as the Finished messages. In this situation, the
+# server MUST NOT idle on the underlying transport after handshake completion,
+# because the ApplicationData request has already been queued internally.
+run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \
+ -p "$P_PXY pack=50" \
+ "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \
+ "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \
+ 0 \
+ -c "Read from server: .* bytes read"
+
# Tests for version negotiation
run_test "Version check: all -> 1.2" \
@@ -4195,8 +4313,8 @@
0 \
-c "replayed record" \
-s "replayed record" \
- -c "discarding invalid record" \
- -s "discarding invalid record" \
+ -c "record from another epoch" \
+ -s "record from another epoch" \
-S "resend" \
-s "Extra-header:" \
-c "HTTP/1.0 200 OK"
@@ -4208,13 +4326,29 @@
0 \
-c "replayed record" \
-S "replayed record" \
- -c "discarding invalid record" \
- -s "discarding invalid record" \
+ -c "record from another epoch" \
+ -s "record from another epoch" \
-c "resend" \
-s "resend" \
-s "Extra-header:" \
-c "HTTP/1.0 200 OK"
+run_test "DTLS proxy: multiple records in same datagram" \
+ -p "$P_PXY pack=50" \
+ "$P_SRV dtls=1 debug_level=2" \
+ "$P_CLI dtls=1 debug_level=2" \
+ 0 \
+ -c "next record in same datagram" \
+ -s "next record in same datagram"
+
+run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \
+ -p "$P_PXY pack=50 duplicate=1" \
+ "$P_SRV dtls=1 debug_level=2" \
+ "$P_CLI dtls=1 debug_level=2" \
+ 0 \
+ -c "next record in same datagram" \
+ -s "next record in same datagram"
+
run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \
-p "$P_PXY bad_ad=1" \
"$P_SRV dtls=1 debug_level=1" \
@@ -4270,8 +4404,6 @@
0 \
-c "record from another epoch" \
-s "record from another epoch" \
- -c "discarding invalid record" \
- -s "discarding invalid record" \
-s "Extra-header:" \
-c "HTTP/1.0 200 OK"
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index eef41c7..f82694a 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -109,6 +109,9 @@
}
test_info;
+#if defined(MBEDTLS_PLATFORM_C)
+mbedtls_platform_context platform_ctx;
+#endif
/*----------------------------------------------------------------------------*/
/* Helper flags for complex dependencies */
@@ -127,6 +130,21 @@
/*----------------------------------------------------------------------------*/
/* Helper Functions */
+static int platform_setup()
+{
+ int ret = 0;
+#if defined(MBEDTLS_PLATFORM_C)
+ ret = mbedtls_platform_setup( &platform_ctx );
+#endif /* MBEDTLS_PLATFORM_C */
+ return( ret );
+}
+
+static void platform_teardown()
+{
+#if defined(MBEDTLS_PLATFORM_C)
+ mbedtls_platform_teardown( &platform_ctx );
+#endif /* MBEDTLS_PLATFORM_C */
+}
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
static int redirect_output( FILE** out_stream, const char* path )
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 042085f..1390f9f 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -281,6 +281,18 @@
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
!defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
unsigned char alloc_buf[1000000];
+#endif
+ /* Platform setup should be called in the beginning */
+ ret = platform_setup();
+ if( ret != 0 )
+ {
+ mbedtls_fprintf( stderr,
+ "FATAL: Failed to initialize platform - error %d\n",
+ ret );
+ return( -1 );
+ }
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
+ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
#endif
@@ -293,6 +305,7 @@
if( pointer != NULL )
{
mbedtls_fprintf( stderr, "all-bits-zero is not a NULL pointer\n" );
+ platform_teardown();
return( 1 );
}
@@ -302,7 +315,8 @@
if( run_test_snprintf() != 0 )
{
mbedtls_fprintf( stderr, "the snprintf implementation is broken\n" );
- return( 0 );
+ platform_teardown();
+ return( 1 );
}
while( arg_index < argc)
@@ -318,6 +332,7 @@
strcmp(next_arg, "-h" ) == 0 )
{
mbedtls_fprintf( stdout, USAGE );
+ platform_teardown();
mbedtls_exit( EXIT_SUCCESS );
}
else
@@ -357,6 +372,7 @@
{
mbedtls_fprintf( stderr, "Failed to open test file: %s\n",
test_filename );
+ platform_teardown();
return( 1 );
}
@@ -366,6 +382,7 @@
{
mbedtls_fprintf( stderr,
"FATAL: Dep count larger than zero at start of loop\n" );
+ platform_teardown();
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
unmet_dep_count = 0;
@@ -402,6 +419,7 @@
if( unmet_dependencies[ unmet_dep_count ] == NULL )
{
mbedtls_fprintf( stderr, "FATAL: Out of memory\n" );
+ platform_teardown();
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
unmet_dep_count++;
@@ -427,6 +445,7 @@
stdout_fd = redirect_output( &stdout, "/dev/null" );
if( stdout_fd == -1 )
{
+ platform_teardown();
/* Redirection has failed with no stdout so exit */
exit( 1 );
}
@@ -439,6 +458,7 @@
if( !option_verbose && restore_output( &stdout, stdout_fd ) )
{
/* Redirection has failed with no stdout so exit */
+ platform_teardown();
exit( 1 );
}
#endif /* __unix__ || __APPLE__ __MACH__ */
@@ -490,6 +510,7 @@
{
mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" );
fclose( file );
+ platform_teardown();
mbedtls_exit( 2 );
}
else
@@ -501,6 +522,7 @@
{
mbedtls_fprintf( stderr, "Should be empty %d\n",
(int) strlen( buf ) );
+ platform_teardown();
return( 1 );
}
}
@@ -533,5 +555,6 @@
close_output( stdout );
#endif /* __unix__ || __APPLE__ __MACH__ */
+ platform_teardown();
return( total_errors != 0 );
}
diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data
index 4a878ec..e8e9a15 100644
--- a/tests/suites/test_suite_cipher.aes.data
+++ b/tests/suites/test_suite_cipher.aes.data
@@ -2,765 +2,789 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
dec_empty_buf:
-AES Encrypt and decrypt 0 bytes
+AES-128 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:-1
-AES Encrypt and decrypt 1 byte
+AES-128 CBC - Encrypt and decrypt 1 byte with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:1:-1
-AES Encrypt and decrypt 2 bytes
+AES-128 CBC - Encrypt and decrypt 2 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:2:-1
-AES Encrypt and decrypt 7 bytes
+AES-128 CBC - Encrypt and decrypt 7 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:7:-1
-AES Encrypt and decrypt 8 bytes
+AES-128 CBC - Encrypt and decrypt 8 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:8:-1
-AES Encrypt and decrypt 9 bytes
+AES-128 CBC - Encrypt and decrypt 9 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:9:-1
-AES Encrypt and decrypt 15 bytes
+AES-128 CBC - Encrypt and decrypt 15 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:15:-1
-AES Encrypt and decrypt 16 bytes
+AES-128 CBC - Encrypt and decrypt 16 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:-1
-AES Encrypt and decrypt 17 bytes
+AES-128 CBC - Encrypt and decrypt 17 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:17:-1
-AES Encrypt and decrypt 31 bytes
+AES-128 CBC - Encrypt and decrypt 31 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:31:-1
-AES Encrypt and decrypt 32 bytes
+AES-128 CBC - Encrypt and decrypt 32 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:-1
-AES Encrypt and decrypt 33 bytes
+AES-128 CBC - Encrypt and decrypt 33 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:33:-1
-AES Encrypt and decrypt 47 bytes
+AES-128 CBC - Encrypt and decrypt 47 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:47:-1
-AES Encrypt and decrypt 48 bytes
+AES-128 CBC - Encrypt and decrypt 48 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:-1
-AES Encrypt and decrypt 49 bytes
+AES-128 CBC - Encrypt and decrypt 49 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:49:-1
-AES Encrypt and decrypt 0 bytes with one and zeros padding
+AES-128 CBC - Encrypt and decrypt 0 bytes with one and zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:MBEDTLS_PADDING_ONE_AND_ZEROS
-AES Encrypt and decrypt 1 byte with one and zeros padding
+AES-128 CBC - Encrypt and decrypt 1 byte with one and zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:1:MBEDTLS_PADDING_ONE_AND_ZEROS
-AES Encrypt and decrypt 2 bytes with one and zeros padding
+AES-128 CBC - Encrypt and decrypt 2 bytes with one and zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:2:MBEDTLS_PADDING_ONE_AND_ZEROS
-AES Encrypt and decrypt 7 bytes with one and zeros padding
+AES-128 CBC - Encrypt and decrypt 7 bytes with one and zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:7:MBEDTLS_PADDING_ONE_AND_ZEROS
-AES Encrypt and decrypt 8 bytes with one and zeros padding
+AES-128 CBC - Encrypt and decrypt 8 bytes with one and zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:8:MBEDTLS_PADDING_ONE_AND_ZEROS
-AES Encrypt and decrypt 9 bytes with one and zeros padding
+AES-128 CBC - Encrypt and decrypt 9 bytes with one and zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:9:MBEDTLS_PADDING_ONE_AND_ZEROS
-AES Encrypt and decrypt 15 bytes with one and zeros padding
+AES-128 CBC - Encrypt and decrypt 15 bytes with one and zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:15:MBEDTLS_PADDING_ONE_AND_ZEROS
-AES Encrypt and decrypt 16 bytes with one and zeros padding
+AES-128 CBC - Encrypt and decrypt 16 bytes with one and zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:MBEDTLS_PADDING_ONE_AND_ZEROS
-AES Encrypt and decrypt 17 bytes with one and zeros padding
+AES-128 CBC - Encrypt and decrypt 17 bytes with one and zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:17:MBEDTLS_PADDING_ONE_AND_ZEROS
-AES Encrypt and decrypt 31 bytes with one and zeros padding
+AES-128 CBC - Encrypt and decrypt 31 bytes with one and zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:31:MBEDTLS_PADDING_ONE_AND_ZEROS
-AES Encrypt and decrypt 32 bytes with one and zeros padding
+AES-128 CBC - Encrypt and decrypt 32 bytes with one and zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:MBEDTLS_PADDING_ONE_AND_ZEROS
-AES Encrypt and decrypt 33 bytes with one and zeros padding
+AES-128 CBC - Encrypt and decrypt 33 bytes with one and zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:33:MBEDTLS_PADDING_ONE_AND_ZEROS
-AES Encrypt and decrypt 47 bytes with one and zeros padding
+AES-128 CBC - Encrypt and decrypt 47 bytes with one and zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:47:MBEDTLS_PADDING_ONE_AND_ZEROS
-AES Encrypt and decrypt 48 bytes with one and zeros padding
+AES-128 CBC - Encrypt and decrypt 48 bytes with one and zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:MBEDTLS_PADDING_ONE_AND_ZEROS
-AES Encrypt and decrypt 49 bytes with one and zeros padding
+AES-128 CBC - Encrypt and decrypt 49 bytes with one and zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:49:MBEDTLS_PADDING_ONE_AND_ZEROS
-AES Encrypt and decrypt 0 bytes with zeros and len padding
+AES-128 CBC - Encrypt and decrypt 0 bytes with zeros and len padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:MBEDTLS_PADDING_ZEROS_AND_LEN
-AES Encrypt and decrypt 1 byte with zeros and len padding
+AES-128 CBC - Encrypt and decrypt 1 byte with zeros and len padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:1:MBEDTLS_PADDING_ZEROS_AND_LEN
-AES Encrypt and decrypt 2 bytes with zeros and len padding
+AES-128 CBC - Encrypt and decrypt 2 bytes with zeros and len padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:2:MBEDTLS_PADDING_ZEROS_AND_LEN
-AES Encrypt and decrypt 7 bytes with zeros and len padding
+AES-128 CBC - Encrypt and decrypt 7 bytes with zeros and len padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:7:MBEDTLS_PADDING_ZEROS_AND_LEN
-AES Encrypt and decrypt 8 bytes with zeros and len padding
+AES-128 CBC - Encrypt and decrypt 8 bytes with zeros and len padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:8:MBEDTLS_PADDING_ZEROS_AND_LEN
-AES Encrypt and decrypt 9 bytes with zeros and len padding
+AES-128 CBC - Encrypt and decrypt 9 bytes with zeros and len padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:9:MBEDTLS_PADDING_ZEROS_AND_LEN
-AES Encrypt and decrypt 15 bytes with zeros and len padding
+AES-128 CBC - Encrypt and decrypt 15 bytes with zeros and len padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:15:MBEDTLS_PADDING_ZEROS_AND_LEN
-AES Encrypt and decrypt 16 bytes with zeros and len padding
+AES-128 CBC - Encrypt and decrypt 16 bytes with zeros and len padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:MBEDTLS_PADDING_ZEROS_AND_LEN
-AES Encrypt and decrypt 17 bytes with zeros and len padding
+AES-128 CBC - Encrypt and decrypt 17 bytes with zeros and len padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:17:MBEDTLS_PADDING_ZEROS_AND_LEN
-AES Encrypt and decrypt 31 bytes with zeros and len padding
+AES-128 CBC - Encrypt and decrypt 31 bytes with zeros and len padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:31:MBEDTLS_PADDING_ZEROS_AND_LEN
-AES Encrypt and decrypt 32 bytes with zeros and len padding
+AES-128 CBC - Encrypt and decrypt 32 bytes with zeros and len padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:MBEDTLS_PADDING_ZEROS_AND_LEN
-AES Encrypt and decrypt 33 bytes with zeros and len padding
+AES-128 CBC - Encrypt and decrypt 33 bytes with zeros and len padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:33:MBEDTLS_PADDING_ZEROS_AND_LEN
-AES Encrypt and decrypt 47 bytes with zeros and len padding
+AES-128 CBC - Encrypt and decrypt 47 bytes with zeros and len padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:47:MBEDTLS_PADDING_ZEROS_AND_LEN
-AES Encrypt and decrypt 48 bytes with zeros and len padding
+AES-128 CBC - Encrypt and decrypt 48 bytes with zeros and len padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:MBEDTLS_PADDING_ZEROS_AND_LEN
-AES Encrypt and decrypt 49 bytes with zeros and len padding
+AES-128 CBC - Encrypt and decrypt 49 bytes with zeros and len padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:49:MBEDTLS_PADDING_ZEROS_AND_LEN
-AES Encrypt and decrypt 0 bytes with zeros padding
+AES-128 CBC - Encrypt and decrypt 0 bytes with zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:MBEDTLS_PADDING_ZEROS
-AES Encrypt and decrypt 1 byte with zeros padding
+AES-128 CBC - Encrypt and decrypt 1 byte with zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:1:MBEDTLS_PADDING_ZEROS
-AES Encrypt and decrypt 2 bytes with zeros padding
+AES-128 CBC - Encrypt and decrypt 2 bytes with zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:2:MBEDTLS_PADDING_ZEROS
-AES Encrypt and decrypt 7 bytes with zeros padding
+AES-128 CBC - Encrypt and decrypt 7 bytes with zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:7:MBEDTLS_PADDING_ZEROS
-AES Encrypt and decrypt 8 bytes with zeros padding
+AES-128 CBC - Encrypt and decrypt 8 bytes with zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:8:MBEDTLS_PADDING_ZEROS
-AES Encrypt and decrypt 9 bytes with zeros padding
+AES-128 CBC - Encrypt and decrypt 9 bytes with zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:9:MBEDTLS_PADDING_ZEROS
-AES Encrypt and decrypt 15 bytes with zeros padding
+AES-128 CBC - Encrypt and decrypt 15 bytes with zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:15:MBEDTLS_PADDING_ZEROS
-AES Encrypt and decrypt 16 bytes with zeros padding
+AES-128 CBC - Encrypt and decrypt 16 bytes with zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:MBEDTLS_PADDING_ZEROS
-AES Encrypt and decrypt 17 bytes with zeros padding
+AES-128 CBC - Encrypt and decrypt 17 bytes with zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:17:MBEDTLS_PADDING_ZEROS
-AES Encrypt and decrypt 31 bytes with zeros padding
+AES-128 CBC - Encrypt and decrypt 31 bytes with zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:31:MBEDTLS_PADDING_ZEROS
-AES Encrypt and decrypt 32 bytes with zeros padding
+AES-128 CBC - Encrypt and decrypt 32 bytes with zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:MBEDTLS_PADDING_ZEROS
-AES Encrypt and decrypt 33 bytes with zeros padding
+AES-128 CBC - Encrypt and decrypt 33 bytes with zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:33:MBEDTLS_PADDING_ZEROS
-AES Encrypt and decrypt 47 bytes with zeros padding
+AES-128 CBC - Encrypt and decrypt 47 bytes with zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:47:MBEDTLS_PADDING_ZEROS
-AES Encrypt and decrypt 48 bytes with zeros padding
+AES-128 CBC - Encrypt and decrypt 48 bytes with zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:MBEDTLS_PADDING_ZEROS
-AES Encrypt and decrypt 49 bytes with zeros padding
+AES-128 CBC - Encrypt and decrypt 49 bytes with zeros padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:49:MBEDTLS_PADDING_ZEROS
-AES Encrypt and decrypt 0 bytes with no padding
+AES-128 CBC - Encrypt and decrypt 0 bytes with no padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:0:MBEDTLS_PADDING_NONE
-AES Encrypt and decrypt 16 bytes with no padding
+AES-128 CBC - Encrypt and decrypt 16 bytes with no padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:16:MBEDTLS_PADDING_NONE
-AES Encrypt and decrypt 32 bytes with no padding
+AES-128 CBC - Encrypt and decrypt 32 bytes with no padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:32:MBEDTLS_PADDING_NONE
-AES Encrypt and decrypt 48 bytes with no padding
+AES-128 CBC - Encrypt and decrypt 48 bytes with no padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CBC:"AES-128-CBC":128:48:MBEDTLS_PADDING_NONE
-AES Try encrypting 1 bytes with no padding
+AES-128 CBC - Try encrypting 1 bytes with no padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:1:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-AES Try encrypting 2 bytes with no padding
+AES-128 CBC - Try encrypting 2 bytes with no padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:2:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-AES Try encrypting 7 bytes with no padding
+AES-128 CBC - Try encrypting 7 bytes with no padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:7:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-AES Try encrypting 8 bytes with no padding
+AES-128 CBC - Try encrypting 8 bytes with no padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:8:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-AES Try encrypting 9 bytes with no padding
+AES-128 CBC - Try encrypting 9 bytes with no padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:9:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-AES Try encrypting 15 bytes with no padding
+AES-128 CBC - Try encrypting 15 bytes with no padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:15:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-AES Try encrypting 17 bytes with no padding
+AES-128 CBC - Try encrypting 17 bytes with no padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:17:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-AES Try encrypting 31 bytes with no padding
+AES-128 CBC - Try encrypting 31 bytes with no padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:31:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-AES Try encrypting 33 bytes with no padding
+AES-128 CBC - Try encrypting 33 bytes with no padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:33:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-AES Try encrypting 47 bytes with no padding
+AES-128 CBC - Try encrypting 47 bytes with no padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:47:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-AES Try encrypting 49 bytes with no padding
+AES-128 CBC - Try encrypting 49 bytes with no padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_fail:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_PADDING_NONE:128:49:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-AES Encrypt and decrypt 0 bytes in multiple parts
+AES-128 CBC - Encrypt and decrypt 0 bytes in multiple parts with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
-AES Encrypt and decrypt 1 bytes in multiple parts 1
+AES-128 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:1:0:MBEDTLS_PADDING_PKCS7:0:0:0:0
-AES Encrypt and decrypt 1 bytes in multiple parts 2
+AES-128 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:1:MBEDTLS_PADDING_PKCS7:0:0:0:0
-AES Encrypt and decrypt 16 bytes in multiple parts 1
+AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:0:MBEDTLS_PADDING_PKCS7:16:0:0:16
-AES Encrypt and decrypt 16 bytes in multiple parts 2
+AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:16:MBEDTLS_PADDING_PKCS7:0:16:0:16
-AES Encrypt and decrypt 16 bytes in multiple parts 3
+AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 3
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:1:15:MBEDTLS_PADDING_PKCS7:0:16:0:16
-AES Encrypt and decrypt 16 bytes in multiple parts 4
+AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 4
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:15:1:MBEDTLS_PADDING_PKCS7:0:16:0:16
-AES Encrypt and decrypt 22 bytes in multiple parts 1
+AES-128 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:15:7:MBEDTLS_PADDING_PKCS7:0:16:0:16
-AES Encrypt and decrypt 22 bytes in multiple parts 1
+AES-128 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:6:MBEDTLS_PADDING_PKCS7:16:0:0:16
-AES Encrypt and decrypt 22 bytes in multiple parts 1
+AES-128 CBC - Encrypt and decrypt 23 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:17:6:MBEDTLS_PADDING_PKCS7:16:0:16:0
-AES Encrypt and decrypt 32 bytes in multiple parts 1
+AES-128 CBC - Encrypt and decrypt 32 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:16:MBEDTLS_PADDING_PKCS7:16:16:0:32
-AES Encrypt and decrypt 0 bytes
+AES-128 CBC - Encrypt and decrypt 0 bytes in multiple parts with no padding
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:0:MBEDTLS_PADDING_NONE:0:0:0:0
+
+AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with no padding 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:0:MBEDTLS_PADDING_NONE:16:0:16:0
+
+AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with no padding 2
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:0:16:MBEDTLS_PADDING_NONE:0:16:0:16
+
+AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with no padding 3
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:1:15:MBEDTLS_PADDING_NONE:0:16:0:16
+
+AES-128 CBC - Encrypt and decrypt 16 bytes in multiple parts with no padding 4
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:15:1:MBEDTLS_PADDING_NONE:0:16:0:16
+
+AES-128 CBC - Encrypt and decrypt 32 bytes in multiple parts with no padding 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CBC:128:16:16:MBEDTLS_PADDING_NONE:16:16:16:16
+
+AES-128 CFB - Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:0:-1
-AES Encrypt and decrypt 1 byte
+AES-128 CFB - Encrypt and decrypt 1 byte
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:1:-1
-AES Encrypt and decrypt 2 bytes
+AES-128 CFB - Encrypt and decrypt 2 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:2:-1
-AES Encrypt and decrypt 7 bytes
+AES-128 CFB - Encrypt and decrypt 7 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:7:-1
-AES Encrypt and decrypt 8 bytes
+AES-128 CFB - Encrypt and decrypt 8 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:8:-1
-AES Encrypt and decrypt 9 bytes
+AES-128 CFB - Encrypt and decrypt 9 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:9:-1
-AES Encrypt and decrypt 15 bytes
+AES-128 CFB - Encrypt and decrypt 15 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:15:-1
-AES Encrypt and decrypt 16 bytes
+AES-128 CFB - Encrypt and decrypt 16 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:16:-1
-AES Encrypt and decrypt 17 bytes
+AES-128 CFB - Encrypt and decrypt 17 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:17:-1
-AES Encrypt and decrypt 31 bytes
+AES-128 CFB - Encrypt and decrypt 31 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:31:-1
-AES Encrypt and decrypt 32 bytes
+AES-128 CFB - Encrypt and decrypt 32 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:32:-1
-AES Encrypt and decrypt 32 bytes
+AES-128 CFB - Encrypt and decrypt 32 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:33:-1
-AES Encrypt and decrypt 47 bytes
+AES-128 CFB - Encrypt and decrypt 47 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:47:-1
-AES Encrypt and decrypt 48 bytes
+AES-128 CFB - Encrypt and decrypt 48 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:48:-1
-AES Encrypt and decrypt 49 bytes
+AES-128 CFB - Encrypt and decrypt 49 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CFB128:"AES-128-CFB128":128:49:-1
-AES Encrypt and decrypt 0 bytes in multiple parts
+AES-128 CFB - Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:0:-1:0:0:0:0
-AES Encrypt and decrypt 1 bytes in multiple parts 1
+AES-128 CFB - Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:1:0:-1:1:0:1:0
-AES Encrypt and decrypt 1 bytes in multiple parts 2
+AES-128 CFB - Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:1:-1:0:1:0:1
-AES Encrypt and decrypt 16 bytes in multiple parts 1
+AES-128 CFB - Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:0:-1:16:0:16:0
-AES Encrypt and decrypt 16 bytes in multiple parts 2
+AES-128 CFB - Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:0:16:-1:0:16:0:16
-AES Encrypt and decrypt 16 bytes in multiple parts 3
+AES-128 CFB - Encrypt and decrypt 16 bytes in multiple parts 3
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:1:15:-1:1:15:1:15
-AES Encrypt and decrypt 16 bytes in multiple parts 4
+AES-128 CFB - Encrypt and decrypt 16 bytes in multiple parts 4
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:15:1:-1:15:1:15:1
-AES Encrypt and decrypt 22 bytes in multiple parts 1
+AES-128 CFB - Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:15:7:-1:15:7:15:7
-AES Encrypt and decrypt 22 bytes in multiple parts 1
+AES-128 CFB - Encrypt and decrypt 22 bytes in multiple parts 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:6:-1:16:6:16:6
-AES Encrypt and decrypt 22 bytes in multiple parts 1
+AES-128 CFB - Encrypt and decrypt 23 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:17:6:-1:17:6:17:6
-AES Encrypt and decrypt 32 bytes in multiple parts 1
+AES-128 CFB - Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CFB128:128:16:16:-1:16:16:16:16
-AES Encrypt and decrypt 0 bytes
+AES-128 CTR - Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:0:-1
-AES Encrypt and decrypt 1 byte
+AES-128 CTR - Encrypt and decrypt 1 byte
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:1:-1
-AES Encrypt and decrypt 2 bytes
+AES-128 CTR - Encrypt and decrypt 2 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:2:-1
-AES Encrypt and decrypt 7 bytes
+AES-128 CTR - Encrypt and decrypt 7 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:7:-1
-AES Encrypt and decrypt 8 bytes
+AES-128 CTR - Encrypt and decrypt 8 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:8:-1
-AES Encrypt and decrypt 9 bytes
+AES-128 CTR - Encrypt and decrypt 9 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:9:-1
-AES Encrypt and decrypt 15 bytes
+AES-128 CTR - Encrypt and decrypt 15 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:15:-1
-AES Encrypt and decrypt 16 bytes
+AES-128 CTR - Encrypt and decrypt 16 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:16:-1
-AES Encrypt and decrypt 17 bytes
+AES-128 CTR - Encrypt and decrypt 17 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:17:-1
-AES Encrypt and decrypt 31 bytes
+AES-128 CTR - Encrypt and decrypt 31 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:31:-1
-AES Encrypt and decrypt 32 bytes
+AES-128 CTR - Encrypt and decrypt 32 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:32:-1
-AES Encrypt and decrypt 32 bytes
+AES-128 CTR - Encrypt and decrypt 32 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:33:-1
-AES Encrypt and decrypt 47 bytes
+AES-128 CTR - Encrypt and decrypt 47 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:47:-1
-AES Encrypt and decrypt 48 bytes
+AES-128 CTR - Encrypt and decrypt 48 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:48:-1
-AES Encrypt and decrypt 49 bytes
+AES-128 CTR - Encrypt and decrypt 49 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
enc_dec_buf:MBEDTLS_CIPHER_AES_128_CTR:"AES-128-CTR":128:49:-1
-AES Encrypt and decrypt 0 bytes in multiple parts
+AES-128 CTR - Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:0:-1:0:0:0:0
-AES Encrypt and decrypt 1 bytes in multiple parts 1
+AES-128 CTR - Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:1:0:-1:1:0:1:0
-AES Encrypt and decrypt 1 bytes in multiple parts 2
+AES-128 CTR - Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:1:-1:0:1:0:1
-AES Encrypt and decrypt 16 bytes in multiple parts 1
+AES-128 CTR - Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:0:-1:16:0:16:0
-AES Encrypt and decrypt 16 bytes in multiple parts 2
+AES-128 CTR - Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:0:16:-1:0:16:0:16
-AES Encrypt and decrypt 16 bytes in multiple parts 3
+AES-128 CTR - Encrypt and decrypt 16 bytes in multiple parts 3
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:1:15:-1:1:15:1:15
-AES Encrypt and decrypt 16 bytes in multiple parts 4
+AES-128 CTR - Encrypt and decrypt 16 bytes in multiple parts 4
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:15:1:-1:15:1:15:1
-AES Encrypt and decrypt 22 bytes in multiple parts 1
+AES-128 CTR - Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:15:7:-1:15:7:15:7
-AES Encrypt and decrypt 22 bytes in multiple parts 1
+AES-128 CTR - Encrypt and decrypt 22 bytes in multiple parts 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:6:-1:16:6:16:6
-AES Encrypt and decrypt 22 bytes in multiple parts 1
+AES-128 CTR - Encrypt and decrypt 23 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:17:6:-1:17:6:17:6
-AES Encrypt and decrypt 32 bytes in multiple parts 1
+AES-128 CTR - Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_CTR:128:16:16:-1:16:16:16:16
-AES Encrypt and decrypt 0 bytes
+AES-192 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:0:-1
-AES Encrypt and decrypt 1 byte
+AES-192 CBC - Encrypt and decrypt 1 byte with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:1:-1
-AES Encrypt and decrypt 2 bytes
+AES-192 CBC - Encrypt and decrypt 2 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:2:-1
-AES Encrypt and decrypt 7 bytes
+AES-192 CBC - Encrypt and decrypt 7 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:7:-1
-AES Encrypt and decrypt 8 bytes
+AES-192 CBC - Encrypt and decrypt 8 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:8:-1
-AES Encrypt and decrypt 9 bytes
+AES-192 CBC - Encrypt and decrypt 9 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:9:-1
-AES Encrypt and decrypt 15 bytes
+AES-192 CBC - Encrypt and decrypt 15 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:15:-1
-AES Encrypt and decrypt 16 bytes
+AES-192 CBC - Encrypt and decrypt 16 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:16:-1
-AES Encrypt and decrypt 17 bytes
+AES-192 CBC - Encrypt and decrypt 17 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:17:-1
-AES Encrypt and decrypt 31 bytes
+AES-192 CBC - Encrypt and decrypt 31 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:31:-1
-AES Encrypt and decrypt 32 bytes
+AES-192 CBC - Encrypt and decrypt 32 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:32:-1
-AES Encrypt and decrypt 33 bytes
+AES-192 CBC - Encrypt and decrypt 33 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:33:-1
-AES Encrypt and decrypt 47 bytes
+AES-192 CBC - Encrypt and decrypt 47 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:47:-1
-AES Encrypt and decrypt 48 bytes
+AES-192 CBC - Encrypt and decrypt 48 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:48:-1
-AES Encrypt and decrypt 49 bytes
+AES-192 CBC - Encrypt and decrypt 49 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_192_CBC:"AES-192-CBC":192:49:-1
-AES Encrypt and decrypt 0 bytes in multiple parts
+AES-192 CBC - Encrypt and decrypt 0 bytes in multiple parts with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:0:-1:0:0:0:0
-AES Encrypt and decrypt 1 bytes in multiple parts 1
+AES-192 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:0:-1:0:0:0:0
-AES Encrypt and decrypt 1 bytes in multiple parts 2
+AES-192 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:1:-1:0:0:0:0
-AES Encrypt and decrypt 16 bytes in multiple parts 1
+AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:0:-1:16:0:0:16
-AES Encrypt and decrypt 16 bytes in multiple parts 2
+AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:0:16:-1:0:16:0:16
-AES Encrypt and decrypt 16 bytes in multiple parts 3
+AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 3
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:1:15:-1:0:16:0:16
-AES Encrypt and decrypt 16 bytes in multiple parts 4
+AES-192 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 4
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:1:-1:0:16:0:16
-AES Encrypt and decrypt 22 bytes in multiple parts 1
+AES-192 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:15:7:-1:0:16:0:16
-AES Encrypt and decrypt 22 bytes in multiple parts 1
+AES-192 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:6:-1:16:0:0:16
-AES Encrypt and decrypt 22 bytes in multiple parts 1
+AES-192 CBC - Encrypt and decrypt 23 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:17:6:-1:16:0:16:0
-AES Encrypt and decrypt 32 bytes in multiple parts 1
+AES-192 CBC - Encrypt and decrypt 32 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:16:-1:16:16:0:32
-AES Encrypt and decrypt 0 bytes
+AES-256 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:0:-1
-AES Encrypt and decrypt 1 byte
+AES-256 CBC - Encrypt and decrypt 1 byte with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:1:-1
-AES Encrypt and decrypt 2 bytes
+AES-256 CBC - Encrypt and decrypt 2 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:2:-1
-AES Encrypt and decrypt 7 bytes
+AES-256 CBC - Encrypt and decrypt 7 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:7:-1
-AES Encrypt and decrypt 8 bytes
+AES-256 CBC - Encrypt and decrypt 8 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:8:-1
-AES Encrypt and decrypt 9 bytes
+AES-256 CBC - Encrypt and decrypt 9 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:9:-1
-AES Encrypt and decrypt 15 bytes
+AES-256 CBC - Encrypt and decrypt 15 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:15:-1
-AES Encrypt and decrypt 16 bytes
+AES-256 CBC - Encrypt and decrypt 16 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:16:-1
-AES Encrypt and decrypt 17 bytes
+AES-256 CBC - Encrypt and decrypt 17 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:17:-1
-AES Encrypt and decrypt 31 bytes
+AES-256 CBC - Encrypt and decrypt 31 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:31:-1
-AES Encrypt and decrypt 32 bytes
+AES-256 CBC - Encrypt and decrypt 32 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:32:-1
-AES Encrypt and decrypt 33 bytes
+AES-256 CBC - Encrypt and decrypt 33 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:33:-1
-AES Encrypt and decrypt 47 bytes
+AES-256 CBC - Encrypt and decrypt 47 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:47:-1
-AES Encrypt and decrypt 48 bytes
+AES-256 CBC - Encrypt and decrypt 48 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:48:-1
-AES Encrypt and decrypt 49 bytes
+AES-256 CBC - Encrypt and decrypt 49 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:49:-1
-AES Encrypt and decrypt 0 bytes in multiple parts
+AES-256 CBC - Encrypt and decrypt 0 bytes in multiple parts with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:0:-1:0:0:0:0
-AES Encrypt and decrypt 1 bytes in multiple parts 1
+AES-256 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:0:-1:0:0:0:0
-AES Encrypt and decrypt 1 bytes in multiple parts 2
+AES-256 CBC - Encrypt and decrypt 1 bytes in multiple parts with PKCS7 padding 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:1:-1:0:0:0:0
-AES Encrypt and decrypt 16 bytes in multiple parts 1
+AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:0:-1:16:0:0:16
-AES Encrypt and decrypt 16 bytes in multiple parts 2
+AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:0:16:-1:0:16:0:16
-AES Encrypt and decrypt 16 bytes in multiple parts 3
+AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 3
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:1:15:-1:0:16:0:16
-AES Encrypt and decrypt 16 bytes in multiple parts 4
+AES-256 CBC - Encrypt and decrypt 16 bytes in multiple parts with PKCS7 padding 4
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:1:-1:0:16:0:16
-AES Encrypt and decrypt 22 bytes in multiple parts 1
+AES-256 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:15:7:-1:0:16:0:16
-AES Encrypt and decrypt 22 bytes in multiple parts 1
+AES-256 CBC - Encrypt and decrypt 22 bytes in multiple parts with PKCS7 padding 2
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:6:-1:16:0:0:16
-AES Encrypt and decrypt 22 bytes in multiple parts 1
+AES-256 CBC - Encrypt and decrypt 23 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:17:6:-1:16:0:16:0
-AES Encrypt and decrypt 32 bytes in multiple parts 1
+AES-256 CBC - Encrypt and decrypt 32 bytes in multiple parts with PKCS7 padding 1
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_CBC:256:16:16:-1:16:16:0:32
AES Decrypt test vector #0
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
diff --git a/tests/suites/test_suite_cipher.arc4.data b/tests/suites/test_suite_cipher.arc4.data
index 1dd2311..6e69b81 100644
--- a/tests/suites/test_suite_cipher.arc4.data
+++ b/tests/suites/test_suite_cipher.arc4.data
@@ -60,44 +60,44 @@
ARC4 Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:0:-1:0:0:0:0
ARC4 Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:1:0:-1:1:0:1:0
ARC4 Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:1:-1:0:1:0:1
ARC4 Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:0:-1:16:0:16:0
ARC4 Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:16:-1:0:16:0:16
ARC4 Encrypt and decrypt 16 bytes in multiple parts 3
depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:1:15:-1:1:15:1:15
ARC4 Encrypt and decrypt 16 bytes in multiple parts 4
depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:15:1:-1:15:1:15:1
ARC4 Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:15:7:-1:15:7:15:7
ARC4 Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:6:-1:16:6:16:6
ARC4 Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:17:6:-1:17:6:17:6
ARC4 Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_ARC4_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:16:-1:16:16:16:16
diff --git a/tests/suites/test_suite_cipher.blowfish.data b/tests/suites/test_suite_cipher.blowfish.data
index 9be846d..b94bc47 100644
--- a/tests/suites/test_suite_cipher.blowfish.data
+++ b/tests/suites/test_suite_cipher.blowfish.data
@@ -300,47 +300,47 @@
BLOWFISH Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:0:-1:0:0:0:0
BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:0:-1:0:0:0:0
BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:1:-1:0:0:0:0
BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:0:-1:16:0:8:8
BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:16:-1:0:16:0:16
BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 3
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:15:-1:0:16:0:16
BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 4
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:1:-1:8:8:8:8
BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:7:-1:8:8:8:8
BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:6:-1:16:0:8:8
BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:17:6:-1:16:0:16:0
BLOWFISH Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:16:-1:16:16:8:24
BLOWFISH Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
@@ -404,47 +404,47 @@
BLOWFISH Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:0:-1:0:0:0:0
BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:1:0:-1:1:0:1:0
BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:1:-1:0:1:0:1
BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:0:-1:16:0:16:0
BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:16:-1:0:16:0:16
BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 3
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:1:15:-1:1:15:1:15
BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 4
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:15:1:-1:15:1:15:1
BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:15:7:-1:15:7:15:7
BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:6:-1:16:6:16:6
BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:17:6:-1:17:6:17:6
BLOWFISH Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:16:-1:16:16:16:16
BLOWFISH Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
@@ -508,47 +508,47 @@
BLOWFISH Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:0:-1:0:0:0:0
BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:1:0:-1:1:0:1:0
BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:1:-1:0:1:0:1
BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:0:-1:16:0:16:0
BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:16:-1:0:16:0:16
BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 3
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:1:15:-1:1:15:1:15
BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 4
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:15:1:-1:15:1:15:1
BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:15:7:-1:15:7:15:7
BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:6:-1:16:6:16:6
BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:17:6:-1:17:6:17:6
BLOWFISH Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:16:-1:16:16:16:16
BLOWFISH CBC Encrypt and decrypt 7 bytes, 192-bits key
depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
diff --git a/tests/suites/test_suite_cipher.camellia.data b/tests/suites/test_suite_cipher.camellia.data
index b89b70d..e6342da 100644
--- a/tests/suites/test_suite_cipher.camellia.data
+++ b/tests/suites/test_suite_cipher.camellia.data
@@ -300,47 +300,47 @@
CAMELLIA Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:0:-1:0:0:0:0
CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:0:-1:0:0:0:0
CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:1:-1:0:0:0:0
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:0:-1:16:0:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:0:16:-1:0:16:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:1:15:-1:0:16:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:1:-1:0:16:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:15:7:-1:0:16:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:6:-1:16:0:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:17:6:-1:16:0:16:0
CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CBC:128:16:16:-1:16:16:0:32
CAMELLIA Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB
@@ -404,47 +404,47 @@
CAMELLIA Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:0:-1:0:0:0:0
CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:1:0:-1:1:0:1:0
CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:1:-1:0:1:0:1
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:0:-1:16:0:16:0
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:0:16:-1:0:16:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:1:15:-1:1:15:1:15
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:15:1:-1:15:1:15:1
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:15:7:-1:15:7:15:7
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:6:-1:16:6:16:6
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:17:6:-1:17:6:17:6
CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CFB
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CFB128:128:16:16:-1:16:16:16:16
CAMELLIA Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR
@@ -508,47 +508,47 @@
CAMELLIA Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:0:-1:0:0:0:0
CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:1:0:-1:1:0:1:0
CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:1:-1:0:1:0:1
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:0:-1:16:0:16:0
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:0:16:-1:0:16:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:1:15:-1:1:15:1:15
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:15:1:-1:15:1:15:1
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:15:7:-1:15:7:15:7
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:6:-1:16:6:16:6
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:17:6:-1:17:6:17:6
CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CTR
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_CTR:128:16:16:-1:16:16:16:16
CAMELLIA Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
@@ -612,47 +612,47 @@
CAMELLIA Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:0:-1:0:0:0:0
CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:0:-1:0:0:0:0
CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:1:-1:0:0:0:0
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:0:-1:16:0:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:0:16:-1:0:16:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:1:15:-1:0:16:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:1:-1:0:16:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:15:7:-1:0:16:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:6:-1:16:0:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:17:6:-1:16:0:16:0
CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_CBC:192:16:16:-1:16:16:0:32
CAMELLIA Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
@@ -716,44 +716,44 @@
CAMELLIA Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:0:-1:0:0:0:0
CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:0:-1:0:0:0:0
CAMELLIA Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:1:-1:0:0:0:0
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:0:-1:16:0:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:0:16:-1:0:16:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 3
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:1:15:-1:0:16:0:16
CAMELLIA Encrypt and decrypt 16 bytes in multiple parts 4
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:1:-1:0:16:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:15:7:-1:0:16:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:6:-1:16:0:0:16
CAMELLIA Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:17:6:-1:16:0:16:0
CAMELLIA Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_CBC:256:16:16:-1:16:16:0:32
diff --git a/tests/suites/test_suite_cipher.des.data b/tests/suites/test_suite_cipher.des.data
index 3aac934..ba9020e 100644
--- a/tests/suites/test_suite_cipher.des.data
+++ b/tests/suites/test_suite_cipher.des.data
@@ -300,47 +300,47 @@
DES Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:0:-1:0:0:0:0
DES Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:0:-1:0:0:0:0
DES Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:1:-1:0:0:0:0
DES Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:0:-1:16:0:8:8
DES Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:0:16:-1:0:16:0:16
DES Encrypt and decrypt 16 bytes in multiple parts 3
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:1:15:-1:0:16:0:16
DES Encrypt and decrypt 16 bytes in multiple parts 4
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:1:-1:8:8:8:8
DES Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:15:7:-1:8:8:8:8
DES Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:6:-1:16:0:8:8
DES Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:17:6:-1:16:0:16:0
DES Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_CBC:64:16:16:-1:16:16:8:24
DES Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
@@ -404,47 +404,47 @@
DES3 Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:0:-1:0:0:0:0
DES3 Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:0:-1:0:0:0:0
DES3 Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:1:-1:0:0:0:0
DES3 Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:0:-1:16:0:8:8
DES3 Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:0:16:-1:0:16:0:16
DES3 Encrypt and decrypt 16 bytes in multiple parts 3
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:1:15:-1:0:16:0:16
DES3 Encrypt and decrypt 16 bytes in multiple parts 4
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:1:-1:8:8:8:8
DES3 Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:15:7:-1:8:8:8:8
DES3 Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:6:-1:16:0:8:8
DES3 Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:17:6:-1:16:0:16:0
DES3 Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE_CBC:128:16:16:-1:16:16:8:24
DES3 Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
@@ -508,47 +508,47 @@
DES3 Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:0:-1:0:0:0:0
DES3 Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:0:-1:0:0:0:0
DES3 Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:1:-1:0:0:0:0
DES3 Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:0:-1:16:0:8:8
DES3 Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:0:16:-1:0:16:0:16
DES3 Encrypt and decrypt 16 bytes in multiple parts 3
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:1:15:-1:0:16:0:16
DES3 Encrypt and decrypt 16 bytes in multiple parts 4
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:1:-1:8:8:8:8
DES3 Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:15:7:-1:8:8:8:8
DES3 Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:6:-1:16:0:8:8
DES3 Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:17:6:-1:16:0:16:0
DES3 Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_DES_EDE3_CBC:192:16:16:-1:16:16:8:24
DES ECB Encrypt test vector (OpenSSL) #1
depends_on:MBEDTLS_DES_C
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 1073524..8f1109e 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -358,7 +358,9 @@
/* BEGIN_CASE */
void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val,
- int second_length_val )
+ int second_length_val, int pad_mode,
+ int first_encrypt_output_len, int second_encrypt_output_len,
+ int first_decrypt_output_len, int second_decrypt_output_len )
{
size_t first_length = first_length_val;
size_t second_length = second_length_val;
@@ -398,6 +400,16 @@
TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, key_len, MBEDTLS_DECRYPT ) );
TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_enc, key, key_len, MBEDTLS_ENCRYPT ) );
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+ if( -1 != pad_mode )
+ {
+ TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_dec, pad_mode ) );
+ TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_enc, pad_mode ) );
+ }
+#else
+ (void) pad_mode;
+#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
+
TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) );
TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, 16 ) );
@@ -414,8 +426,10 @@
/* encode length number of bytes from inbuf */
TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf, first_length, encbuf, &outlen ) );
+ TEST_ASSERT( (size_t)first_encrypt_output_len == outlen );
totaloutlen = outlen;
TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf + first_length, second_length, encbuf + totaloutlen, &outlen ) );
+ TEST_ASSERT( (size_t)second_encrypt_output_len == outlen );
totaloutlen += outlen;
TEST_ASSERT( totaloutlen == length ||
( totaloutlen % block_size == 0 &&
@@ -430,15 +444,20 @@
totaloutlen <= length + block_size ) );
/* decode the previously encoded string */
- TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, totaloutlen, decbuf, &outlen ) );
+ second_length = totaloutlen - first_length;
+ TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, first_length, decbuf, &outlen ) );
+ TEST_ASSERT( (size_t)first_decrypt_output_len == outlen );
totaloutlen = outlen;
+ TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf + first_length, second_length, decbuf + totaloutlen, &outlen ) );
+ TEST_ASSERT( (size_t)second_decrypt_output_len == outlen );
+ totaloutlen += outlen;
TEST_ASSERT( totaloutlen == length ||
( totaloutlen % block_size == 0 &&
totaloutlen < length &&
totaloutlen + block_size >= length ) );
- TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + outlen, &outlen ) );
+ TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + totaloutlen, &outlen ) );
totaloutlen += outlen;
TEST_ASSERT( totaloutlen == length );
diff --git a/tests/suites/test_suite_cipher.gcm.data b/tests/suites/test_suite_cipher.gcm.data
index b0ccbe8..0efed58 100644
--- a/tests/suites/test_suite_cipher.gcm.data
+++ b/tests/suites/test_suite_cipher.gcm.data
@@ -60,35 +60,35 @@
AES 128 GCM Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:0:-1:0:0:0:0
AES 128 GCM Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:1:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:1:0:-1:1:0:1:0
AES 128 GCM Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:1
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:1:-1:0:1:0:1
AES 128 GCM Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:0:-1:16:0:16:0
AES 128 GCM Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:16:-1:0:16:0:16
AES 128 GCM Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:6
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:6:-1:16:6:16:6
AES 128 GCM Encrypt and decrypt 22 bytes in multiple parts 2
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:22
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:0:22:-1:0:22:0:22
AES 128 GCM Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_128_GCM:128:16:16:-1:16:16:16:16
AES 128 GCM Decrypt test vector #1
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
@@ -188,35 +188,35 @@
AES 192 GCM Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:0:-1:0:0:0:0
AES 192 GCM Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:1:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:1:0:-1:1:0:1:0
AES 192 GCM Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:1
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:1:-1:0:1:0:1
AES 192 GCM Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:0:-1:16:0:16:0
AES 192 GCM Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:16:-1:0:16:0:16
AES 192 GCM Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:6
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:6:-1:16:6:16:6
AES 192 GCM Encrypt and decrypt 22 bytes in multiple parts 2
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:22
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:0:22:-1:0:22:0:22
AES 192 GCM Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_GCM:192:16:16:-1:16:16:16:16
AES 192 GCM Decrypt test vector #1
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
@@ -304,35 +304,35 @@
AES 256 GCM Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:0:-1:0:0:0:0
AES 256 GCM Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:1:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:1:0:-1:1:0:1:0
AES 256 GCM Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:1
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:1:-1:0:1:0:1
AES 256 GCM Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:0:-1:16:0:16:0
AES 256 GCM Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:16:-1:0:16:0:16
AES 256 GCM Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:6
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:6:-1:16:6:16:6
AES 256 GCM Encrypt and decrypt 22 bytes in multiple parts 2
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:22
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:0:22:-1:0:22:0:22
AES 256 GCM Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_256_GCM:256:16:16:-1:16:16:16:16
AES 128 GCM Decrypt test vector #0
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
@@ -428,35 +428,35 @@
CAMELLIA 128 GCM Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:0:-1:0:0:0:0
CAMELLIA 128 GCM Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:1:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:1:0:-1:1:0:1:0
CAMELLIA 128 GCM Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:1
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:1:-1:0:1:0:1
CAMELLIA 128 GCM Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:0:-1:16:0:16:0
CAMELLIA 128 GCM Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:16:-1:0:16:0:16
CAMELLIA 128 GCM Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:6
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:6:-1:16:6:16:6
CAMELLIA 128 GCM Encrypt and decrypt 22 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:22
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:0:22:-1:0:22:0:22
CAMELLIA 128 GCM Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_128_GCM:128:16:16:-1:16:16:16:16
CAMELLIA 128 GCM Decrypt test vector #1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
@@ -540,35 +540,35 @@
CAMELLIA 192 GCM Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:0:-1:0:0:0:0
CAMELLIA 192 GCM Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:1:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:1:0:-1:1:0:1:0
CAMELLIA 192 GCM Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:1
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:1:-1:0:1:0:1
CAMELLIA 192 GCM Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:0:-1:16:0:16:0
CAMELLIA 192 GCM Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:16:-1:0:16:0:16
CAMELLIA 192 GCM Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:6
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:6:-1:16:6:16:6
CAMELLIA 192 GCM Encrypt and decrypt 22 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:22
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:0:22:-1:0:22:0:22
CAMELLIA 192 GCM Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_192_GCM:192:16:16:-1:16:16:16:16
CAMELLIA 192 GCM Decrypt test vector #1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
@@ -652,35 +652,35 @@
CAMELLIA 256 GCM Encrypt and decrypt 0 bytes in multiple parts
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:0:-1:0:0:0:0
CAMELLIA 256 GCM Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:1:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:1:0:-1:1:0:1:0
CAMELLIA 256 GCM Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:1
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:1:-1:0:1:0:1
CAMELLIA 256 GCM Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:0
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:0:-1:16:0:16:0
CAMELLIA 256 GCM Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:16:-1:0:16:0:16
CAMELLIA 256 GCM Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:6
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:6:-1:16:6:16:6
CAMELLIA 256 GCM Encrypt and decrypt 22 bytes in multiple parts 2
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:22
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:0:22:-1:0:22:0:22
CAMELLIA 256 GCM Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:16
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CAMELLIA_256_GCM:256:16:16:-1:16:16:16:16
CAMELLIA 256 GCM Decrypt test vector #1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
diff --git a/tests/suites/test_suite_cipher.null.data b/tests/suites/test_suite_cipher.null.data
index c65e970..371b306 100644
--- a/tests/suites/test_suite_cipher.null.data
+++ b/tests/suites/test_suite_cipher.null.data
@@ -56,40 +56,40 @@
NULL Encrypt and decrypt 1 bytes in multiple parts 1
depends_on:MBEDTLS_CIPHER_NULL_CIPHER
-enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:1:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:1:0:-1:1:0:1:0
NULL Encrypt and decrypt 1 bytes in multiple parts 2
depends_on:MBEDTLS_CIPHER_NULL_CIPHER
-enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:0:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:0:1:-1:0:1:0:1
NULL Encrypt and decrypt 16 bytes in multiple parts 1
depends_on:MBEDTLS_CIPHER_NULL_CIPHER
-enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:0:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:0:-1:16:0:16:0
NULL Encrypt and decrypt 16 bytes in multiple parts 2
depends_on:MBEDTLS_CIPHER_NULL_CIPHER
-enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:0:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:0:16:-1:0:16:0:16
NULL Encrypt and decrypt 16 bytes in multiple parts 3
depends_on:MBEDTLS_CIPHER_NULL_CIPHER
-enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:1:15:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:1:15:-1:1:15:1:15
NULL Encrypt and decrypt 16 bytes in multiple parts 4
depends_on:MBEDTLS_CIPHER_NULL_CIPHER
-enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:15:1:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:15:1:-1:15:1:15:1
NULL Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CIPHER_NULL_CIPHER
-enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:15:7:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:15:7:-1:15:7:15:7
NULL Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CIPHER_NULL_CIPHER
-enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:6:-1:16:6:16:6
NULL Encrypt and decrypt 22 bytes in multiple parts 1
depends_on:MBEDTLS_CIPHER_NULL_CIPHER
-enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:17:6:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:17:6:-1:17:6:17:6
NULL Encrypt and decrypt 32 bytes in multiple parts 1
depends_on:MBEDTLS_CIPHER_NULL_CIPHER
-enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:16:
+enc_dec_buf_multipart:MBEDTLS_CIPHER_NULL:0:16:16:-1:16:16:16:16
diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data
index e28d58d..7f747d0 100644
--- a/tests/suites/test_suite_debug.data
+++ b/tests/suites/test_suite_debug.data
@@ -42,7 +42,7 @@
mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2011-02-12 14\:44\:06\nMyFile(0999)\: expires on \: 2021-02-12 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
Debug print certificate #2 (EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2013-09-24 15\:49\:48\nMyFile(0999)\: expires on \: 2023-09-22 15\:49\:48\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
Debug print mbedtls_mpi #1
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index a43e7d7..8e9d9fa 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -330,6 +330,10 @@
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_test_vec_x:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660":"057E23EA9F1CBE8A27168F6E696A791DE61DD3AF7ACD4EEACC6E7BA514FDA863":"47DC3D214174820E1154B49BC6CDB2ABD45EE95817055D255AA35831B70D3260":"6EB89DA91989AE37C7EAC7618D9E5C4951DBA1D73C285AE1CD26A855020EEF04":"61450CD98E36016B58776A897A9F0AEF738B99F09468B8D6B8511184D53494AB"
+ECP test vectors Curve448 (RFC 7748 6.2, after decodeUCoordinate)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_test_vec_x:MBEDTLS_ECP_DP_CURVE448:"eb7298a5c0d8c29a1dab27f1a6826300917389449741a974f5bac9d98dc298d46555bce8bae89eeed400584bb046cf75579f51d125498f98":"a01fc432e5807f17530d1288da125b0cd453d941726436c8bbd9c5222c3da7fa639ce03db8d23b274a0721a1aed5227de6e3b731ccf7089b":"ad997351b6106f36b0d1091b929c4c37213e0d2b97e85ebb20c127691d0dad8f1d8175b0723745e639a3cb7044290b99e0e2a0c27a6a301c":"0936f37bc6c1bd07ae3dec7ab5dc06a73ca13242fb343efc72b9d82730b445f3d4b0bd077162a46dcfec6f9b590bfcbcf520cdb029a8b73e":"9d874a5137509a449ad5853040241c5236395435c36424fd560b0cb62b281d285275a740ce32a22dd1740f4aa9161cec95ccc61a18f4ff07"
+
ECP test vectors secp192k1
depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
ecp_test_vect:MBEDTLS_ECP_DP_SECP192K1:"D1E13A359F6E0F0698791938E6D60246030AE4B0D8D4E9DE":"281BCA982F187ED30AD5E088461EBE0A5FADBB682546DF79":"3F68A8E9441FB93A4DD48CB70B504FCC9AA01902EF5BE0F3":"BE97C5D2A1A94D081E3FACE53E65A27108B7467BDF58DE43":"5EB35E922CD693F7947124F5920022C4891C04F6A8B8DCB2":"60ECF73D0FC43E0C42E8E155FFE39F9F0B531F87B34B6C3C":"372F5C5D0E18313C82AEF940EC3AFEE26087A46F1EBAE923":"D5A9F9182EC09CEAEA5F57EA10225EC77FA44174511985FD"
diff --git a/tests/suites/test_suite_memory_buffer_alloc.data b/tests/suites/test_suite_memory_buffer_alloc.data
index 8d3813a..d59f113 100644
--- a/tests/suites/test_suite_memory_buffer_alloc.data
+++ b/tests/suites/test_suite_memory_buffer_alloc.data
@@ -16,3 +16,8 @@
Memory buffer alloc - Out of Memory test
memory_buffer_alloc_oom_test:
+Memory buffer small buffer
+memory_buffer_small_buffer:
+
+Memory buffer underalloc
+memory_buffer_underalloc:
diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function
index a0c70d8..09684c1 100644
--- a/tests/suites/test_suite_memory_buffer_alloc.function
+++ b/tests/suites/test_suite_memory_buffer_alloc.function
@@ -232,3 +232,31 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
+void memory_buffer_small_buffer( )
+{
+ unsigned char buf[1];
+
+ mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
+ TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() != 0 );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
+void memory_buffer_underalloc( )
+{
+ unsigned char buf[100];
+ size_t i;
+
+ mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
+ for( i = 1; i < MBEDTLS_MEMORY_ALIGN_MULTIPLE; i++ )
+ {
+ TEST_ASSERT( mbedtls_calloc( 1,
+ (size_t)-( MBEDTLS_MEMORY_ALIGN_MULTIPLE - i ) ) == NULL );
+ TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+ }
+
+exit:
+ mbedtls_memory_buffer_alloc_free();
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index 17cf350..2a2cfce 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -688,6 +688,18 @@
depends_on:MBEDTLS_GENPRIME
mbedtls_mpi_gen_prime:3:0:0
+Test mbedtls_mpi_gen_prime (corner case limb size -1 bits)
+depends_on:MBEDTLS_GENPRIME
+mbedtls_mpi_gen_prime:63:0:0
+
+Test mbedtls_mpi_gen_prime (corner case limb size)
+depends_on:MBEDTLS_GENPRIME
+mbedtls_mpi_gen_prime:64:0:0
+
+Test mbedtls_mpi_gen_prime (corner case limb size +1 bits)
+depends_on:MBEDTLS_GENPRIME
+mbedtls_mpi_gen_prime:65:0:0
+
Test mbedtls_mpi_gen_prime (Larger)
depends_on:MBEDTLS_GENPRIME
mbedtls_mpi_gen_prime:128:0:0
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index cfb4281..a066bd9 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -139,11 +139,11 @@
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
Check pair #3 (RSA, OK)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server1.key":0
Check pair #4 (RSA, bad)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
Check pair #5 (RSA vs EC)
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 2180f5c..c0c987d 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -43,15 +43,18 @@
const unsigned char *input, unsigned char *output,
size_t output_max_len )
{
- return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen,
- input, output, output_max_len ) );
+ return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx,
+ rnd_std_rand, NULL, mode, olen,
+ input, output, output_max_len ) );
}
int mbedtls_rsa_sign_func( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig )
{
- return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode,
+ ((void) f_rng);
+ ((void) p_rng);
+ return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, rnd_std_rand, NULL, mode,
md_alg, hashlen, hash, sig ) );
}
size_t mbedtls_rsa_key_len_func( void *ctx )
@@ -105,7 +108,8 @@
if( mbedtls_pk_get_type( &prv ) == MBEDTLS_PK_RSA )
{
TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, mbedtls_pk_rsa( prv ),
- mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, mbedtls_rsa_key_len_func ) == 0 );
+ mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func,
+ mbedtls_rsa_key_len_func ) == 0 );
TEST_ASSERT( mbedtls_pk_check_pair( &pub, &alt ) == ret );
}
#endif
@@ -417,11 +421,15 @@
void pk_rsa_overflow( )
{
mbedtls_pk_context pk;
- size_t hash_len = SIZE_MAX;
+ size_t hash_len = SIZE_MAX, sig_len = SIZE_MAX;
+ unsigned char hash[50], sig[100];
if( SIZE_MAX <= UINT_MAX )
return;
+ memset( hash, 0x2a, sizeof hash );
+ memset( sig, 0, sizeof sig );
+
mbedtls_pk_init( &pk );
TEST_ASSERT( mbedtls_pk_setup( &pk,
@@ -429,14 +437,14 @@
#if defined(MBEDTLS_PKCS1_V21)
TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, NULL, &pk,
- MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0 ) ==
+ MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#endif /* MBEDTLS_PKCS1_V21 */
- TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, NULL, hash_len,
- NULL, 0 ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, hash, hash_len,
+ sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0,
+ TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, &sig_len,
rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
exit:
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index 3ad6480..98546cb 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -46,7 +46,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
void mbedtls_pkcs5_pbes2( int params_tag, char *params_hex, char *pw_hex,
char *data_hex, int ref_ret, char *ref_out_hex )
{
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 496b5b3..cbbbd5b7 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -992,10 +992,6 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0
-Parse EC Key #1a (SEC1 DER, no optional part)
-depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
-pk_parse_keyfile_ec:"data_files/ec_prv.noopt.der":"NULL":0
-
Parse EC Key #2 (SEC1 PEM)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0
@@ -1008,10 +1004,34 @@
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0
+Parse EC Key #4a (PKCS8 DER, no public key)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0
+
+Parse EC Key #4b (PKCS8 DER, no public key, with parameters)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0
+
+Parse EC Key #4c (PKCS8 DER, with parameters)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0
+
Parse EC Key #5 (PKCS8 PEM)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0
+Parse EC Key #5a (PKCS8 PEM, no public key)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0
+
+Parse EC Key #5b (PKCS8 PEM, no public key, with parameters)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0
+
+Parse EC Key #5c (PKCS8 PEM, with parameters)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0
+
Parse EC Key #6 (PKCS8 encrypted DER)
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.der":"polar":0
@@ -1053,22 +1073,32 @@
pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
Key ASN1 (Incorrect first tag)
-pk_parse_key_rsa:"":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+pk_parse_key:"":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (RSAPrivateKey, incorrect version tag)
-pk_parse_key_rsa:"300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (RSAPrivateKey, version tag missing)
-pk_parse_key_rsa:"3000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"3000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (RSAPrivateKey, invalid version)
-pk_parse_key_rsa:"3003020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"3003020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (RSAPrivateKey, correct version, incorrect tag)
-pk_parse_key_rsa:"300402010000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"300402010000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (RSAPrivateKey, values present, length mismatch)
-pk_parse_key_rsa:"301c02010002010102010102010102010102010102010102010102010100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"301c02010002010102010102010102010102010102010102010102010100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (RSAPrivateKey, values present, check_privkey fails)
-pk_parse_key_rsa:"301b020100020102020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"301b020100020102020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Key ASN1 (ECPrivateKey, empty parameters)
+depends_on:MBEDTLS_ECP_C
+pk_parse_key:"30070201010400a000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 4f1a616..94d25e7 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -113,8 +113,8 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_parse_key_rsa( char *key_data, char *result_str, int result )
+/* BEGIN_CASE */
+void pk_parse_key( char *key_data, char *result_str, int result )
{
mbedtls_pk_context pk;
unsigned char buf[2000];
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index ee3516a..fd632da 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -122,7 +122,6 @@
char *input_N, int radix_E, char *input_E,
char *result_hex_str )
{
- int res;
unsigned char message_str[1000];
unsigned char hash_result[1000];
unsigned char output[1000];
@@ -163,9 +162,11 @@
TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+#if defined(MBEDTLS_PKCS1_V15)
/* For PKCS#1 v1.5, there is an alternative way to generate signatures */
if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
{
+ int res;
memset( output, 0x00, 1000 );
memset( output_str, 0x00, 1000 );
@@ -186,6 +187,7 @@
TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
}
}
+#endif /* MBEDTLS_PKCS1_V15 */
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
@@ -201,13 +203,12 @@
char *input_N, int radix_E, char *input_E,
char *result_hex_str, int correct )
{
- int res;
unsigned char message_str[1000];
unsigned char hash_result[1000];
unsigned char result_str[1000];
unsigned char output[1000];
mbedtls_rsa_context ctx;
- size_t hash_len, olen;
+ size_t hash_len;
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
@@ -234,10 +235,13 @@
hash_len, hash_result,
result_str ) == correct );
+#if defined(MBEDTLS_PKCS1_V15)
/* For PKCS#1 v1.5, there is an alternative way to verify signatures */
if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
{
+ int res;
int ok;
+ size_t olen;
res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx,
NULL, NULL, MBEDTLS_RSA_PUBLIC,
@@ -259,6 +263,7 @@
TEST_ASSERT( ok == 0 );
}
}
+#endif /* MBEDTLS_PKCS1_V15 */
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 1aa4ffa..0aca470 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"2.7.0"
+check_compiletime_version:"2.9.0"
Check runtime library version
-check_runtime_version:"2.7.0"
+check_runtime_version:"2.9.0"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0
diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function
index 37144ca..a4847f9 100644
--- a/tests/suites/test_suite_version.function
+++ b/tests/suites/test_suite_version.function
@@ -64,7 +64,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_VERSION_FEATURES */
void check_feature( char *feature, int result )
{
int check = mbedtls_version_check_feature( feature );
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 73ccead..406cf59 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -63,23 +63,23 @@
x509_cert_info:"data_files/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
X509 Certificate information EC, SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
x509_cert_info:"data_files/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 Certificate information EC, SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
x509_cert_info:"data_files/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 Certificate information EC, SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
x509_cert_info:"data_files/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 Certificate information EC, SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
x509_cert_info:"data_files/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 Certificate information EC, SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 Certificate information, NS Cert Type
@@ -111,7 +111,7 @@
x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 Certificate information EC signed by RSA
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n"
X509 Certificate information Bitstring in subject name
@@ -123,11 +123,11 @@
x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \: identity-check.org, www.identity-check.org\n"
X509 CRL information #1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
X509 CRL Information MD2 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C:MBEDTLS_RSA_C
mbedtls_x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA with MD2\n"
X509 CRL Information MD4 Digest
@@ -135,27 +135,27 @@
mbedtls_x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD4\n"
X509 CRL Information MD5 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C
mbedtls_x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n"
X509 CRL Information SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
mbedtls_x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
X509 CRL Information SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
mbedtls_x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n"
X509 CRL Information SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
mbedtls_x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n"
X509 CRL Information SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
mbedtls_x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n"
X509 CRL Information SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
mbedtls_x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n"
X509 CRL information RSA-PSS, SHA1 Digest
@@ -179,75 +179,83 @@
mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n"
X509 CRL Information EC, SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C
mbedtls_x509_crl_info:"data_files/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n"
X509 CRL Information EC, SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
mbedtls_x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n"
X509 CRL Information EC, SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
mbedtls_x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n"
X509 CRL Information EC, SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C
mbedtls_x509_crl_info:"data_files/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n"
X509 CRL Information EC, SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C
mbedtls_x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n"
X509 CRL Malformed Input (trailing spaces at end of file)
-depends_on:MBEDTLS_PEM_PARSE_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C
mbedtls_x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
+X509 CRL Unsupported critical extension (issuingDistributionPoint)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+mbedtls_x509_crl_parse:"data_files/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRL Unsupported non-critical extension (issuingDistributionPoint)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0
+
X509 CSR Information RSA with MD4
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C
mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with MD5
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C
mbedtls_x509_csr_info:"data_files/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
mbedtls_x509_csr_info:"data_files/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA224
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
mbedtls_x509_csr_info:"data_files/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA256
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
mbedtls_x509_csr_info:"data_files/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA384
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
mbedtls_x509_csr_info:"data_files/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA512
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
mbedtls_x509_csr_info:"data_files/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n"
X509 CSR Information EC with SHA1
-depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
mbedtls_x509_csr_info:"data_files/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA224
-depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
mbedtls_x509_csr_info:"data_files/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA256
-depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
mbedtls_x509_csr_info:"data_files/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA384
-depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
mbedtls_x509_csr_info:"data_files/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA512
-depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
mbedtls_x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n"
X509 CSR Information RSA-PSS with SHA1
@@ -332,85 +340,93 @@
mbedtls_x509_time_is_past:"data_files/test-ca.crt":"valid_to":0
X509 Time Future #1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_from":0
X509 Time Future #2
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
mbedtls_x509_time_is_future:"data_files/server5.crt":"valid_to":1
X509 Time Future #3
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_from":1
X509 Time Future #4
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
mbedtls_x509_time_is_future:"data_files/server5-future.crt":"valid_to":1
X509 Time Future #5
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_from":0
X509 Time Future #6
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_SHA256_C
mbedtls_x509_time_is_future:"data_files/test-ca2.crt":"valid_to":1
X509 Certificate verification #1 (Revoked Cert, Expired CRL, no CN)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
X509 Certificate verification #1a (Revoked Cert, Future CRL, no CN)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
X509 Certificate verification #2 (Revoked Cert, Expired CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
X509 Certificate verification #2a (Revoked Cert, Future CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
X509 Certificate verification #3 (Revoked Cert, Future CRL, CN Mismatch)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
X509 Certificate verification #3a (Revoked Cert, Expired CRL, CN Mismatch)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
X509 Certificate verification #4 (Valid Cert, Expired CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
X509 Certificate verification #4a (Revoked Cert, Future CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
X509 Certificate verification #5 (Revoked Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 Certificate verification #6 (Revoked Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 Certificate verification #7 (Revoked Cert, CN Mismatch)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
X509 Certificate verification #8 (Valid Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #8a (Expired Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
X509 Certificate verification #8b (Future Cert)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server5-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
+X509 Certificate verification #8c (Expired Cert, longer chain)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
+x509_verify:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
+
+X509 Certificate verification #8d (Future Cert, longer chain)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE
+x509_verify:"data_files/server7-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
+
X509 Certificate verification #9 (Not trusted Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
@@ -433,11 +449,11 @@
X509 Certificate verification #14 (Valid Cert SHA1 Digest allowed in compile-time default profile)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"default":"NULL"
+x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"":"NULL"
X509 Certificate verification #14 (Valid Cert SHA1 Digest forbidden in default profile)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"default":"NULL"
+x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"":"NULL"
X509 Certificate verification #15 (Valid Cert SHA224 Digest)
depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@@ -512,35 +528,35 @@
x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #32 (Valid, EC cert, RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #33 (Valid, RSA cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #34 (Valid, EC cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #35 (Revoked, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 Certificate verification #36 (Valid, EC CA, SHA1 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #37 (Valid, EC CA, SHA224 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #38 (Valid, EC CA, SHA384 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #39 (Valid, EC CA, SHA512 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #40 (Valid, depth 0, RSA, CA)
@@ -548,7 +564,7 @@
x509_verify:"data_files/test-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #41 (Valid, depth 0, EC, CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #42 (Depth 0, not CA, RSA)
@@ -560,35 +576,39 @@
x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #44 (Corrupted signature, EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #45 (Corrupted signature, RSA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
+X509 Certificate verification #45b (Corrupted signature, intermediate CA)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+x509_verify:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
+
X509 Certificate verification #46 (Valid, depth 2, EC-RSA-EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #47 (Untrusted, depth 2, EC-RSA-EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #48 (Missing intermediate CA, EC-RSA-EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #49 (Valid, depth 2, RSA-EC-RSA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #50 (Valid, multiple CAs)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
x509_verify:"data_files/server2.crt":"data_files/test-ca_cat12.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #51 (Valid, multiple CAs, reverse order)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #52 (CA keyUsage valid)
@@ -600,7 +620,7 @@
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #54 (CA keyUsage missing cRLSign, no CRL)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #55 (CA keyUsage missing keyCertSign)
@@ -612,7 +632,7 @@
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #57 (Valid, RSASSA-PSS, SHA-1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #58 (Valid, RSASSA-PSS, SHA-224)
@@ -632,7 +652,7 @@
x509_verify:"data_files/server9-sha512.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha512.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #62 (Revoked, RSASSA-PSS, SHA-1)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 Certificate verification #63 (Revoked, RSASSA-PSS, SHA-1, CRL badsign)
@@ -640,7 +660,7 @@
x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1-badsign.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #64 (Valid, RSASSA-PSS, SHA-1, not top)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/server9-with-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #65 (RSASSA-PSS, SHA1, bad cert signature)
@@ -648,7 +668,7 @@
x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #66 (RSASSA-PSS, SHA1, no RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #67 (Valid, RSASSA-PSS, all defaults)
@@ -676,15 +696,15 @@
x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #73 (selfsigned trusted without CA bit)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #74 (signed by selfsigned trusted without CA bit)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #75 (encoding mismatch)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #76 (multiple CRLs, not revoked)
@@ -692,119 +712,179 @@
x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #77 (multiple CRLs, revoked)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 Certificate verification #78 (multiple CRLs, revoked by second)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 Certificate verification #79 (multiple CRLs, revoked by future)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
X509 Certificate verification #80 (multiple CRLs, first future, revoked by second)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 Certificate verification #81 (multiple CRLs, none relevant)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #82 (Not yet valid CA and valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #83 (valid CA and Not yet valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #84 (valid CA and Not yet valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #85 (Not yet valid CA and valid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #86 (Not yet valid CA and invalid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
X509 Certificate verification #87 (Expired CA and invalid CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
-X509 Certificate verification #88 (Suite B invalid, EC cert, RSA CA)
+X509 Certificate verification #88 (Spurious cert in the chain)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+x509_verify:"data_files/server7_spurious_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
+
+X509 Certificate verification #89 (Spurious cert later in the chain)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+x509_verify:"data_files/server10_int3_spurious_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
+
+X509 Certificate verification #90 (EE with same name as trusted root)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
+x509_verify:"data_files/server5-ss-forgeca.crt":"data_files/test-int-ca3.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"":"NULL"
+
+X509 Certificate verification #91 (same CA with good then bad key)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
+x509_verify:"data_files/server1.crt":"data_files/test-ca-good-alt.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
+
+X509 Certificate verification #91 (same CA with bad then good key)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
+x509_verify:"data_files/server1.crt":"data_files/test-ca-alt-good.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
+
+X509 Certificate verification #92 (bad name, allowing callback)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all"
+
+X509 Certificate verification #93 (Suite B invalid, EC cert, RSA CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL"
-X509 Certificate verification #89 (Suite B invalid, RSA cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+X509 Certificate verification #94 (Suite B invalid, RSA cert, EC CA)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL"
-X509 Certificate verification #90 (Suite B Valid, EC cert, EC CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+X509 Certificate verification #95 (Suite B Valid, EC cert, EC CA)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL"
-X509 Certificate verification #91 (next profile Invalid Cert SHA224 Digest)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+X509 Certificate verification #96 (next profile Invalid Cert SHA224 Digest)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL"
-X509 Certificate verification #92 (next profile Valid Cert SHA256 Digest)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+X509 Certificate verification #97 (next profile Valid Cert SHA256 Digest)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_SHA1_C
x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL"
+X509 Certificate verification callback: bad name
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000004\n"
+
X509 Certificate verification callback: trusted EE cert
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n"
+x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"NULL":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL - flags 0x00000000\n"
+
+X509 Certificate verification callback: trusted EE cert, expired
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAVE_TIME_DATE
+x509_verify_callback:"data_files/server5-ss-expired.crt":"data_files/server5-ss-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial D8\:64\:61\:05\:E3\:A3\:CD\:78 - subject C=UK, O=mbed TLS, OU=testsuite, CN=localhost - flags 0x00000001\n"
X509 Certificate verification callback: simple
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1\n"
+x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
+
+X509 Certificate verification callback: simple, EE expired
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+x509_verify_callback:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n"
+
+X509 Certificate verification callback: simple, root expired
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+x509_verify_callback:"data_files/server5.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
X509 Certificate verification callback: two trusted roots
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1\n"
+x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
X509 Certificate verification callback: two trusted roots, reversed order
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1\n"
+x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
X509 Certificate verification callback: root included
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1\n"
+x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n"
X509 Certificate verification callback: intermediate ca
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost\n"
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
+x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
X509 Certificate verification callback: intermediate ca, root included
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost\n"
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
+x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
X509 Certificate verification callback: intermediate ca trusted
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost\n"
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
+
+X509 Certificate verification callback: intermediate ca, EE expired
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+x509_verify_callback:"data_files/server7-expired.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n"
+
+X509 Certificate verification callback: intermediate ca, int expired
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+x509_verify_callback:"data_files/server7_int-ca-exp.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
+
+X509 Certificate verification callback: intermediate ca, root expired
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE
+x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n"
X509 Certificate verification callback: two intermediates
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n"
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
+x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
X509 Certificate verification callback: two intermediates, root included
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n"
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
+x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
X509 Certificate verification callback: two intermediates, top int trusted
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n"
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
+x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":"NULL":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
X509 Certificate verification callback: two intermediates, low int trusted
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n"
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
+x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":"NULL":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n"
+
+X509 Certificate verification callback: no intermediate, bad signature
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+x509_verify_callback:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n"
+
+X509 Certificate verification callback: one intermediate, bad signature
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+x509_verify_callback:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n"
X509 Parse Selftest
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_selftest:
X509 Certificate ASN1 (Incorrect first tag)
@@ -1047,15 +1127,15 @@
x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 Certificate ASN1 (ExtKeyUsage, bad second tag)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
x509parse_crt:"3081de3081dba003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d250416301406082b0601050507030107082b06010505070302":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 Certificate ASN1 (SubjectAltName repeated)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
x509parse_crt:"3081fd3081faa003020102020900a8b31ff37d09a37f300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313231333731365a170d3234313130383231333731365a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS
X509 Certificate ASN1 (ExtKeyUsage repeated)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
x509parse_crt:"3081fd3081faa003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS
X509 Certificate ASN1 (correct pubkey, no sig_alg)
@@ -1131,11 +1211,11 @@
x509parse_crt:"3081E630819E020103300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343631385A170D3233303730383039343631385A300F310D300B0603550403130454657374304C300D06092A864886F70D0101010500033B003038023100E8F546061D3B49BC2F6B7524B7EA4D73A8D5293EE8C64D9407B70B5D16BAEBC32B8205591EAB4E1EB57E9241883701250203010001300906072A8648CE3D0401033800303502186E18209AFBED14A0D9A796EFCAD68891E3CCD5F75815C833021900E92B4FD460B1994693243B9FFAD54729DE865381BDA41D25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0
X509 Certificate ASN1 (ECDSA signature, EC key)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C
x509parse_crt:"3081EB3081A3020900F41534662EC7E912300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343031395A170D3233303730383039343031395A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D030101033200042137969FABD4E370624A0E1A33E379CAB950CCE00EF8C3C3E2ADAEB7271C8F07659D65D3D777DCF21614363AE4B6E617300906072A8648CE3D04010338003035021858CC0F957946FE6A303D92885A456AA74C743C7B708CBD37021900FE293CAC21AF352D16B82EB8EA54E9410B3ABAADD9F05DD6":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:40\:19\nexpires on \: 2023-07-08 09\:40\:19\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n":0
X509 Certificate ASN1 (RSA signature, EC key)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0
X509 Certificate ASN1 (invalid version 3)
@@ -1144,6 +1224,10 @@
X509 Certificate ASN1 (invalid version overflow)
x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
+X509 Certificate ASN1 (invalid SubjectAltNames tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+x509parse_crt:"308203723082025AA003020102020111300D06092A864886F70D0101050500303B310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C3119301706035504031310506F6C617253534C2054657374204341301E170D3132303531303133323334315A170D3232303531313133323334315A303A310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C311830160603550403130F7777772E6578616D706C652E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100B93C4AC5C8A38E9017A49E52AA7175266180E7C7B56D8CFFAAB64126B7BE11AD5C73160C64114804FFD6E13B05DB89BBB39709D51C14DD688739B03D71CBE276D01AD8182D801B54F6E5449AF1CBAF612EDF490D9D09B7EDB1FD3CFD3CFA24CF5DBF7CE453E725B5EA4422E926D3EA20949EE66167BA2E07670B032FA209EDF0338F0BCE10EF67A4C608DAC1EDC23FD74ADD153DF95E1C8160463EB5B33D2FA6DE471CBC92AEEBDF276B1656B7DCECD15557A56EEC7525F5B77BDFABD23A5A91987D97170B130AA76B4A8BC14730FB3AF84104D5C1DFB81DBF7B01A565A2E01E36B7A65CCC305AF8CD6FCDF1196225CA01E3357FFA20F5DCFD69B26A007D17F70203010001A38181307F30090603551D1304023000301D0603551D0E041604147DE49C6BE6F9717D46D2123DAD6B1DFDC2AA784C301F0603551D23041830168014B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF30320603551D11042B3029C20B6578616D706C652E636F6D820B6578616D706C652E6E6574820D2A2E6578616D706C652E6F7267300D06092A864886F70D010105050003820101004F09CB7AD5EEF5EF620DDC7BA285D68CCA95B46BDA115B92007513B9CA0BCEEAFBC31FE23F7F217479E2E6BCDA06E52F6FF655C67339CF48BC0D2F0CD27A06C34A4CD9485DA0D07389E4D4851D969A0E5799C66F1D21271F8D0529E840AE823968C39707CF3C934C1ADF2FA6A455487F7C8C1AC922DA24CD9239C68AECB08DF5698267CB04EEDE534196C127DC2FFE33FAD30EB8D432A9842853A5F0D189D5A298E71691BB9CC0418E8C58ACFFE3DD2E7AABB0B97176AD0F2733F7A929D3C076C0BF06407C0ED5A47C8AE2326E16AEDA641FB0557CDBDDF1A4BA447CB39958D2346E00EA976C143AF2101E0AA249107601F4F2C818FDCC6346128B091BF194E6":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
X509 CRL ASN1 (Incorrect first tag)
x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT
@@ -1214,6 +1298,30 @@
X509 CRL ASN1 (invalid version overflow)
x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
+X509 CRL ASN1 (extension seq too long, crl-idp.pem byte 121)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30300603551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRL ASN1 (extension oid too long, crl-idp.pem byte 123)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290628551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRL ASN1 (extension critical invalid length, crl-idp.pem byte 128)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0102ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRL ASN1 (extension data too long, crl-idp.pem byte 131)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff0420301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRL ASN1 (extension data too short, crl-idp.pem byte 131)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
+X509 CRL ASN1 (extension not critical explicit, crl-idp.pem byte 129)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c010100041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2018-03-14 07\:31\:48\nnext update \: 2028-03-14 07\:31\:48\nRevoked certificates\:\nsigned using \: RSA with SHA-256\n":0
+
X509 CRT parse path #2 (one cert)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
mbedtls_x509_crt_parse_path:"data_files/dir1":0:1
@@ -1240,43 +1348,107 @@
X509 CRT verify chain #1 (zero pathlen intermediate)
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert14.crt data_files/dir4/cert13.crt data_files/dir4/cert12.crt":"data_files/dir4/cert11.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert14.crt data_files/dir4/cert13.crt data_files/dir4/cert12.crt":"data_files/dir4/cert11.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0
X509 CRT verify chain #2 (zero pathlen root)
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert23.crt data_files/dir4/cert22.crt":"data_files/dir4/cert21.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert23.crt data_files/dir4/cert22.crt":"data_files/dir4/cert21.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0
X509 CRT verify chain #3 (nonzero pathlen root)
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert34.crt data_files/dir4/cert33.crt data_files/dir4/cert32.crt":"data_files/dir4/cert31.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert34.crt data_files/dir4/cert33.crt data_files/dir4/cert32.crt":"data_files/dir4/cert31.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0
X509 CRT verify chain #4 (nonzero pathlen intermediate)
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert45.crt data_files/dir4/cert44.crt data_files/dir4/cert43.crt data_files/dir4/cert42.crt":"data_files/dir4/cert41.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert45.crt data_files/dir4/cert44.crt data_files/dir4/cert43.crt data_files/dir4/cert42.crt":"data_files/dir4/cert41.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0
X509 CRT verify chain #5 (nonzero maxpathlen intermediate)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert54.crt data_files/dir4/cert53.crt data_files/dir4/cert52.crt":"data_files/dir4/cert51.crt":0
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert54.crt data_files/dir4/cert53.crt data_files/dir4/cert52.crt":"data_files/dir4/cert51.crt":0:0:"":0
X509 CRT verify chain #6 (nonzero maxpathlen root)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0:0:"":0
X509 CRT verify chain #7 (maxpathlen root, self signed in path)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert74.crt data_files/dir4/cert73.crt data_files/dir4/cert72.crt":"data_files/dir4/cert71.crt":0
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert74.crt data_files/dir4/cert73.crt data_files/dir4/cert72.crt":"data_files/dir4/cert71.crt":0:0:"":0
X509 CRT verify chain #8 (self signed maxpathlen root)
-depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert61.crt data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert61.crt data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0:0:"":0
X509 CRT verify chain #9 (zero pathlen first intermediate, valid)
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert83.crt data_files/dir4/cert82.crt":"data_files/dir4/cert81.crt":0
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert83.crt data_files/dir4/cert82.crt":"data_files/dir4/cert81.crt":0:0:"":0
X509 CRT verify chain #10 (zero pathlen root, valid)
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":0
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":0:0:"":0
+
+X509 CRT verify chain #11 (valid chain, missing profile)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+mbedtls_x509_crt_verify_chain:"data_files/dir4/cert92.crt":"data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch":0
+
+X509 CRT verify chain #12 (suiteb profile, RSA root)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C
+mbedtls_x509_crt_verify_chain:"data_files/server3.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0
+
+X509 CRT verify chain #13 (RSA only profile, EC root)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+mbedtls_x509_crt_verify_chain:"data_files/server4.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
+
+X509 CRT verify chain #13 (RSA only profile, EC trusted EE)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+mbedtls_x509_crt_verify_chain:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
+
+X509 CRT verify chain #14 (RSA-3072 profile, root key too small)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
+mbedtls_x509_crt_verify_chain:"data_files/server1.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
+
+X509 CRT verify chain #15 (suiteb profile, rsa intermediate)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0
+
+X509 CRT verify chain #16 (RSA-only profile, EC intermediate)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
+mbedtls_x509_crt_verify_chain:"data_files/server8.crt data_files/test-int-ca2.crt":"data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0
+
+X509 CRT verify chain #17 (SHA-512 profile)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+mbedtls_x509_crt_verify_chain:"data_files/server7.crt data_files/test-int-ca.crt":"data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_MD:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"sha512":0
+
+X509 CRT verify chain #18 (len=1, vrfy fatal on depth 1)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C
+mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca2.crt":-1:-2:"":2
+
+X509 CRT verify chain #19 (len=0, vrfy fatal on depth 0)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C
+mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca2.crt":-1:-1:"":1
+
+X509 CRT verify chain #20 (len=1, vrfy fatal on depth 0)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_verify_chain:"data_files/server5.crt":"data_files/test-ca.crt":-1:-1:"":1
+
+X509 CRT verify chain #21 (len=3, vrfy fatal on depth 3)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-4:"":8
+
+X509 CRT verify chain #22 (len=3, vrfy fatal on depth 2)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-3:"":4
+
+X509 CRT verify chain #23 (len=3, vrfy fatal on depth 1)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-2:"":2
+
+X509 CRT verify chain #24 (len=3, vrfy fatal on depth 0)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca.crt":-1:-1:"":1
+
+X509 CRT verify chain #25 (len=3, vrfy fatal on depth 3, untrusted)
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca2.crt":-1:-4:"":8
X509 OID description #1
x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication"
@@ -1347,31 +1519,31 @@
x509_check_key_usage:"data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0
X509 crt extendedKeyUsage #1 (no extension, serverAuth)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
x509_check_extended_key_usage:"data_files/server5.crt":"2B06010505070301":0
X509 crt extendedKeyUsage #2 (single value, present)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
x509_check_extended_key_usage:"data_files/server5.eku-srv.crt":"2B06010505070301":0
X509 crt extendedKeyUsage #3 (single value, absent)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
x509_check_extended_key_usage:"data_files/server5.eku-cli.crt":"2B06010505070301":MBEDTLS_ERR_X509_BAD_INPUT_DATA
X509 crt extendedKeyUsage #4 (two values, first)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070301":0
X509 crt extendedKeyUsage #5 (two values, second)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070302":0
X509 crt extendedKeyUsage #6 (two values, other)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070303":MBEDTLS_ERR_X509_BAD_INPUT_DATA
X509 crt extendedKeyUsage #7 (any, random)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
x509_check_extended_key_usage:"data_files/server5.eku-cs_any.crt":"2B060105050703FF":0
X509 RSASSA-PSS parameters ASN1 (good, all defaults)
@@ -1486,7 +1658,7 @@
x509_parse_rsassa_pss_params:"A303020102":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG
X509 CSR ASN.1 (OK)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
mbedtls_x509_csr_parse:"308201183081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0
X509 CSR ASN.1 (bad first tag)
@@ -1532,66 +1704,66 @@
mbedtls_x509_csr_parse:"30173014020100300D310B3009060355040613024E4C300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad attributes: missing)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
mbedtls_x509_csr_parse:"3081973081940201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad attributes: bad tag)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
mbedtls_x509_csr_parse:"3081993081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (bad attributes: overlong)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
mbedtls_x509_csr_parse:"30819A3081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA00100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad sigAlg: missing)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
mbedtls_x509_csr_parse:"3081C23081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad sigAlg: not a sequence)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
mbedtls_x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (bad sigAlg: overlong)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
mbedtls_x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03001":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad sigAlg: unknown)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
mbedtls_x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04FF":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
X509 CSR ASN.1 (bad sig: missing)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
mbedtls_x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D0401":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (bad sig: not a bit string)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
mbedtls_x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010400":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (bad sig: overlong)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
mbedtls_x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010301":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (extra data after signature)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
mbedtls_x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 CSR ASN.1 (invalid version overflow)
mbedtls_x509_csr_parse:"3008300602047FFFFFFF":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
X509 File parse (no issues)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
x509parse_crt_file:"data_files/server7_int-ca.crt":0
X509 File parse (extra space in one certificate)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
x509parse_crt_file:"data_files/server7_pem_space.crt":1
X509 File parse (all certificates fail)
-depends_on:MBEDTLS_ECP_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C
x509parse_crt_file:"data_files/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_BASE64_INVALID_CHARACTER
X509 File parse (trailing spaces, OK)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
x509parse_crt_file:"data_files/server7_trailing_space.crt":0
X509 Get time (UTC no issues)
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 2a98771..06f0108 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -28,6 +28,24 @@
1024,
};
+const mbedtls_x509_crt_profile profile_rsa3072 =
+{
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ),
+ 0,
+ 3072,
+};
+
+const mbedtls_x509_crt_profile profile_sha512 =
+{
+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
+ 0xFFFFFFF, /* Any PK alg */
+ 0xFFFFFFF, /* Any curve */
+ 1024,
+};
+
int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
{
((void) data);
@@ -48,6 +66,23 @@
return 0;
}
+int verify_fatal( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
+{
+ int *levels = (int *) data;
+
+ ((void) crt);
+ ((void) certificate_depth);
+
+ /* Simulate a fatal error in the callback */
+ if( *levels & ( 1 << certificate_depth ) )
+ {
+ *flags |= ( 1 << certificate_depth );
+ return( -1 - certificate_depth );
+ }
+
+ return( 0 );
+}
+
/* strsep() not available on Windows */
char *mystrsep(char **stringp, const char *delim)
{
@@ -110,7 +145,7 @@
ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, "\n" );
+ ret = mbedtls_snprintf( p, n, " - flags 0x%08x\n", *flags );
MBEDTLS_X509_SAFE_SNPRINTF;
ctx->p = p;
@@ -248,7 +283,7 @@
if( strcmp( cn_name_str, "NULL" ) != 0 )
cn_name = cn_name_str;
- if( strcmp( profile_str, "default" ) == 0 )
+ if( strcmp( profile_str, "" ) == 0 )
profile = &mbedtls_x509_crt_profile_default;
else if( strcmp( profile_str, "next" ) == 0 )
profile = &mbedtls_x509_crt_profile_next;
@@ -285,7 +320,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void x509_verify_callback( char *crt_file, char *ca_file,
+void x509_verify_callback( char *crt_file, char *ca_file, char *name,
int exp_ret, char *exp_vrfy_out )
{
int ret;
@@ -301,9 +336,12 @@
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
+ if( strcmp( name, "NULL" ) == 0 )
+ name = NULL;
+
ret = mbedtls_x509_crt_verify_with_profile( &crt, &ca, NULL,
&compat_profile,
- NULL, &flags,
+ name, &flags,
verify_print, &vrfy_ctx );
TEST_ASSERT( ret == exp_ret );
@@ -550,14 +588,15 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, int flags_result )
+void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca,
+ int flags_result, int result,
+ char *profile_name, int vrfy_fatal_lvls )
{
char* act;
uint32_t flags;
- int result, res;
+ int res;
mbedtls_x509_crt trusted, chain;
-
- result= flags_result?MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:0;
+ const mbedtls_x509_crt_profile *profile = NULL;
mbedtls_x509_crt_init( &chain );
mbedtls_x509_crt_init( &trusted );
@@ -566,7 +605,19 @@
TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, act ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, trusted_ca ) == 0 );
- res = mbedtls_x509_crt_verify( &chain, &trusted, NULL, NULL, &flags, NULL, NULL );
+ if( strcmp( profile_name, "" ) == 0 )
+ profile = &mbedtls_x509_crt_profile_default;
+ else if( strcmp( profile_name, "next" ) == 0 )
+ profile = &mbedtls_x509_crt_profile_next;
+ else if( strcmp( profile_name, "suiteb" ) == 0 )
+ profile = &mbedtls_x509_crt_profile_suiteb;
+ else if( strcmp( profile_name, "rsa3072" ) == 0 )
+ profile = &profile_rsa3072;
+ else if( strcmp( profile_name, "sha512" ) == 0 )
+ profile = &profile_sha512;
+
+ res = mbedtls_x509_crt_verify_with_profile( &chain, &trusted, NULL, profile,
+ NULL, &flags, verify_fatal, &vrfy_fatal_lvls );
TEST_ASSERT( res == ( result ) );
TEST_ASSERT( flags == (uint32_t)( flags_result ) );
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index ca76e86..62f82e8 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -130,6 +130,7 @@
TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file,
issuer_pwd ) == 0 );
+#if defined(MBEDTLS_RSA_C)
/* For RSA PK contexts, create a copy as an alternative RSA context. */
if( rsa_alt == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA )
{
@@ -141,6 +142,9 @@
key = &issuer_key_alt;
}
+#else
+ (void) rsa_alt;
+#endif
TEST_ASSERT( mbedtls_mpi_read_string( &serial, 10, serial_str ) == 0 );
diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln
index 686091c..66b96c3 100644
--- a/visualc/VS2010/mbedTLS.sln
+++ b/visualc/VS2010/mbedTLS.sln
@@ -203,6 +203,11 @@
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zeroize", "zeroize.vcxproj", "{10C01E94-4926-063E-9F56-C84ED190D349}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pem2der", "pem2der.vcxproj", "{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@@ -574,6 +579,14 @@
{7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Release|Win32.Build.0 = Release|Win32
{7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Release|x64.ActiveCfg = Release|x64
{7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Release|x64.Build.0 = Release|x64
+ {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|Win32.ActiveCfg = Debug|Win32
+ {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|Win32.Build.0 = Debug|Win32
+ {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|x64.ActiveCfg = Debug|x64
+ {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|x64.Build.0 = Debug|x64
+ {10C01E94-4926-063E-9F56-C84ED190D349}.Release|Win32.ActiveCfg = Release|Win32
+ {10C01E94-4926-063E-9F56-C84ED190D349}.Release|Win32.Build.0 = Release|Win32
+ {10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.ActiveCfg = Release|x64
+ {10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.Build.0 = Release|x64
{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.ActiveCfg = Debug|Win32
{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.Build.0 = Debug|Win32
{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|x64.ActiveCfg = Debug|x64
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index f13f83c..802cce7 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -197,6 +197,7 @@
<ClInclude Include="..\..\include\mbedtls\pkcs5.h" />
<ClInclude Include="..\..\include\mbedtls\platform.h" />
<ClInclude Include="..\..\include\mbedtls\platform_time.h" />
+ <ClInclude Include="..\..\include\mbedtls\platform_util.h" />
<ClInclude Include="..\..\include\mbedtls\ripemd160.h" />
<ClInclude Include="..\..\include\mbedtls\rsa.h" />
<ClInclude Include="..\..\include\mbedtls\rsa_internal.h" />
@@ -266,6 +267,7 @@
<ClCompile Include="..\..\library\pkparse.c" />
<ClCompile Include="..\..\library\pkwrite.c" />
<ClCompile Include="..\..\library\platform.c" />
+ <ClCompile Include="..\..\library\platform_util.c" />
<ClCompile Include="..\..\library\ripemd160.c" />
<ClCompile Include="..\..\library\rsa.c" />
<ClCompile Include="..\..\library\rsa_internal.c" />
diff --git a/visualc/VS2010/zeroize.vcxproj b/visualc/VS2010/zeroize.vcxproj
new file mode 100644
index 0000000..9d311c7
--- /dev/null
+++ b/visualc/VS2010/zeroize.vcxproj
@@ -0,0 +1,174 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+ <ProjectConfiguration Include="Debug|Win32">
+ <Configuration>Debug</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Debug|x64">
+ <Configuration>Debug</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|Win32">
+ <Configuration>Release</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|x64">
+ <Configuration>Release</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+ <ClCompile Include="..\..\programs\test\zeroize.c" />
+ </ItemGroup>
+ <ItemGroup>
+ <ProjectReference Include="mbedTLS.vcxproj">
+ <Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
+ <LinkLibraryDependencies>true</LinkLibraryDependencies>
+ </ProjectReference>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+ <ProjectGuid>{10C01E94-4926-063E-9F56-C84ED190D349}</ProjectGuid>
+ <Keyword>Win32Proj</Keyword>
+ <RootNamespace>zeroize</RootNamespace>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>true</UseDebugLibraries>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>true</UseDebugLibraries>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>false</UseDebugLibraries>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>false</UseDebugLibraries>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ <CharacterSet>Unicode</CharacterSet>
+ <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ImportGroup Label="ExtensionSettings">
+ </ImportGroup>
+ <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <LinkIncremental>true</LinkIncremental>
+ <IntDir>$(Configuration)\$(TargetName)\</IntDir>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <LinkIncremental>true</LinkIncremental>
+ <IntDir>$(Configuration)\$(TargetName)\</IntDir>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <LinkIncremental>false</LinkIncremental>
+ <IntDir>$(Configuration)\$(TargetName)\</IntDir>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <LinkIncremental>false</LinkIncremental>
+ <IntDir>$(Configuration)\$(TargetName)\</IntDir>
+ </PropertyGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <ClCompile>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <WarningLevel>Level3</WarningLevel>
+ <Optimization>Disabled</Optimization>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <ShowProgress>NotSet</ShowProgress>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
+ </Link>
+ <ProjectReference>
+ <LinkLibraryDependencies>false</LinkLibraryDependencies>
+ </ProjectReference>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <ClCompile>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <WarningLevel>Level3</WarningLevel>
+ <Optimization>Disabled</Optimization>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <ShowProgress>NotSet</ShowProgress>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
+ </Link>
+ <ProjectReference>
+ <LinkLibraryDependencies>false</LinkLibraryDependencies>
+ </ProjectReference>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <ClCompile>
+ <WarningLevel>Level3</WarningLevel>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <Optimization>MaxSpeed</Optimization>
+ <FunctionLevelLinking>true</FunctionLevelLinking>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <EnableCOMDATFolding>true</EnableCOMDATFolding>
+ <OptimizeReferences>true</OptimizeReferences>
+ <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <ClCompile>
+ <WarningLevel>Level3</WarningLevel>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <Optimization>MaxSpeed</Optimization>
+ <FunctionLevelLinking>true</FunctionLevelLinking>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <EnableCOMDATFolding>true</EnableCOMDATFolding>
+ <OptimizeReferences>true</OptimizeReferences>
+ <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
+ <AdditionalDependencies>%(AdditionalDependencies);</AdditionalDependencies>
+ </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+ <ImportGroup Label="ExtensionTargets">
+ </ImportGroup>
+</Project>
