Merge pull request #8162 from yanrayw/2.28-save_stack_usage_pkwrite
Backport 2.28: pkwrite: use heap to save stack usage for writing keys in PEM string
diff --git a/.github/issue_template.md b/.github/issue_template.md
index 370066f..d4573a4 100644
--- a/.github/issue_template.md
+++ b/.github/issue_template.md
@@ -20,7 +20,7 @@
**OS**
Mbed OS|linux|windows|
-**mbed TLS build:**
+**Mbed TLS build:**
Version: x.x.x or git commit id
OS version: x.x.x
Configuration: please attach config.h file where possible
diff --git a/.travis.yml b/.travis.yml
index 0ffe249..3b4132e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,93 +1,24 @@
-language: c
-compiler: gcc
-sudo: false
+# Declare python as our language. This way we get our chosen Python version,
+# and pip is available. Gcc and clang are available anyway.
+dist: jammy
+os: linux
+language: python
+python: 3.10
+
cache: ccache
-jobs:
- include:
- - name: basic checks and reference configurations
- addons:
- apt:
- packages:
- - gnutls-bin
- - doxygen
- - graphviz
- - gcc-arm-none-eabi
- - libnewlib-arm-none-eabi
- - gcc-arm-linux-gnueabi
- - libc6-dev-armel-cross
- language: python # Needed to get pip for Python 3
- python: 3.5 # version from Ubuntu 16.04
- install:
- - scripts/min_requirements.py
- script:
- - tests/scripts/all.sh -k 'check_*'
- - tests/scripts/all.sh -k test_default_out_of_box
- - tests/scripts/all.sh -k test_ref_configs
- - tests/scripts/all.sh -k build_arm_linux_gnueabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
+branches:
+ only:
+ coverity_scan
- - name: full configuration
- os: linux
- dist: focal
- addons:
- apt:
- packages:
- - clang-10
- - gnutls-bin
- env:
- # Platform tests have an allocation that returns null
- - ASAN_OPTIONS="allocator_may_return_null=1"
- - MSAN_OPTIONS="allocator_may_return_null=1"
- script:
- # Do a manual build+test sequence rather than using all.sh,
- # because there's no all.sh component that does what we want,
- # which is a build with Clang >= 10 and ASan, running all the SSL
- # testing.
- # - The clang executable in the default PATH is Clang 7 on
- # Travis's focal instances, but we want Clang >= 10.
- # - Running all the SSL testing requires a specific set of
- # OpenSSL and GnuTLS versions and we don't want to bother
- # with those on Travis.
- # So we explicitly select clang-10 as the compiler, and we
- # have ad hoc restrictions on SSL testing based on what is
- # passing at the time of writing. We will remove these limitations
- # gradually.
- - make CC=clang-10 CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all -O2' LDFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all'
- - make test
- - programs/test/selftest
- - tests/scripts/test_psa_constant_names.py
- # Exclude a few test cases that are failing mysteriously.
- # https://github.com/Mbed-TLS/mbedtls/issues/6660
- - tests/ssl-opt.sh -e 'Fallback SCSV:\ .*list'
- # Modern OpenSSL does not support null or ancient ciphers.
- - tests/compat.sh -p OpenSSL -e 'NULL\|DES\|RC4'
- - tests/scripts/travis-log-failure.sh
- # GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it.
- # Modern GnuTLS does not support DES.
- # One NULL cipher suite is strangely missing in pre-1.2 protocol
- # versions (it works with (D)TLS1.2, but don't bother).
- - tests/compat.sh -p GnuTLS -e 'CAMELLIA\|DES\|TLS-RSA-WITH-NULL-SHA256'
- - tests/scripts/travis-log-failure.sh
- - tests/context-info.sh
-
- - name: Windows
- os: windows
- script:
- - scripts/windows_msbuild.bat v141 # Visual Studio 2017
- - visualc/VS2010/x64/Release/selftest.exe --ci
-
-after_failure:
-- tests/scripts/travis-log-failure.sh
+install:
+ - $PYTHON scripts/min_requirements.py
env:
global:
- SEED=1
- - secure: "JECCru6HASpKZ0OLfHh8f/KXhKkdrCwjquZghd/qbA4ksxsWImjR7KEPERcaPndXEilzhDbKwuFvJiQX2duVgTGoq745YGhLZIjzo1i8tySkceCVd48P8WceYGz+F/bmY7r+m6fFNuxDSoGGSVeA4Lnjvmm8PFUP45YodDV9no4="
-
+ - secure: "GF/Fde5fkm15T/RNykrjrPV5Uh1KJ70cP308igL6Xkk3eJmqkkmWCe9JqRH12J3TeWw2fu9PYPHt6iFSg6jasgqysfUyg+W03knRT5QNn3h5eHgt36cQJiJr6t3whPrRaiM6U9omE0evm+c0cAwlkA3GGSMw8Z+na4EnKI6OFCo="
addons:
- apt:
- packages:
- - gnutls-bin
coverity_scan:
project:
name: "ARMmbed/mbedtls"
diff --git a/3rdparty/CMakeLists.txt b/3rdparty/CMakeLists.txt
index 18945e5..37480f2 100644
--- a/3rdparty/CMakeLists.txt
+++ b/3rdparty/CMakeLists.txt
@@ -4,11 +4,7 @@
list (APPEND thirdparty_inc)
list (APPEND thirdparty_def)
-execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result)
-
-if(${result} EQUAL 0)
- add_subdirectory(everest)
-endif()
+add_subdirectory(everest)
set(thirdparty_src ${thirdparty_src} PARENT_SCOPE)
set(thirdparty_lib ${thirdparty_lib} PARENT_SCOPE)
diff --git a/3rdparty/everest/include/everest/vs2010/inttypes.h b/3rdparty/everest/include/everest/vs2010/inttypes.h
index d53f87f..77003be 100644
--- a/3rdparty/everest/include/everest/vs2010/inttypes.h
+++ b/3rdparty/everest/include/everest/vs2010/inttypes.h
@@ -17,7 +17,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef _INTTYPES_H_VS2010
diff --git a/3rdparty/everest/include/everest/vs2010/stdbool.h b/3rdparty/everest/include/everest/vs2010/stdbool.h
index 5b7039c..dcae6d8 100644
--- a/3rdparty/everest/include/everest/vs2010/stdbool.h
+++ b/3rdparty/everest/include/everest/vs2010/stdbool.h
@@ -17,7 +17,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef _STDBOOL_H_VS2010
diff --git a/3rdparty/everest/include/everest/x25519.h b/3rdparty/everest/include/everest/x25519.h
index 7a973dc..ef314d2 100644
--- a/3rdparty/everest/include/everest/x25519.h
+++ b/3rdparty/everest/include/everest/x25519.h
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_X25519_H
diff --git a/3rdparty/everest/library/Hacl_Curve25519_joined.c b/3rdparty/everest/library/Hacl_Curve25519_joined.c
index ee62be1..b7d0c92 100644
--- a/3rdparty/everest/library/Hacl_Curve25519_joined.c
+++ b/3rdparty/everest/library/Hacl_Curve25519_joined.c
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#include "common.h"
diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c
index 9faa9ab..83064dc 100644
--- a/3rdparty/everest/library/x25519.c
+++ b/3rdparty/everest/library/x25519.c
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#include "common.h"
diff --git a/BRANCHES.md b/BRANCHES.md
index f912e95..57d4027 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -76,6 +76,6 @@
- [`development`](https://github.com/Mbed-TLS/mbedtls/)
- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28)
maintained until at least the end of 2024, see
- <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.4>.
+ <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.5>.
Users are urged to always use the latest version of a maintained branch.
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 52814ba..b001bb7 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -34,18 +34,18 @@
cmake_policy(SET CMP0012 NEW)
if(TEST_CPP)
- project("mbed TLS" C CXX)
+ project("Mbed TLS" C CXX)
else()
- project("mbed TLS" C)
+ project("Mbed TLS" C)
endif()
# Set the project root directory.
set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
-option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library." OFF)
-option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF)
+option(USE_PKCS11_HELPER_LIBRARY "Build Mbed TLS with the pkcs11-helper library." OFF)
+option(ENABLE_ZLIB_SUPPORT "Build Mbed TLS with zlib library." OFF)
-option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
+option(ENABLE_PROGRAMS "Build Mbed TLS programs." ON)
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
@@ -57,9 +57,9 @@
# the test suites currently have compile errors with MSVC
if(CMAKE_COMPILER_IS_MSVC)
- option(ENABLE_TESTING "Build mbed TLS tests." OFF)
+ option(ENABLE_TESTING "Build Mbed TLS tests." OFF)
else()
- option(ENABLE_TESTING "Build mbed TLS tests." ON)
+ option(ENABLE_TESTING "Build Mbed TLS tests." ON)
endif()
# Warning string - created as a list for compatibility with CMake 2.8
diff --git a/ChangeLog b/ChangeLog
index c977a68..27b5820 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,54 @@
Mbed TLS ChangeLog (Sorted per branch, date)
+= Mbed TLS 2.28.5 branch released 2023-10-05
+
+Features
+ * The documentation of mbedtls_ecp_group now describes the optimized
+ representation of A for some curves. Fixes #8045.
+
+Security
+ * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should
+ review the size of the output buffer passed to this function, and note
+ that the output after decryption may include CBC padding. Consider moving
+ to the new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext()
+ which checks for overflow of the output buffer and reports the actual
+ length of the output.
+ * Improve padding calculations in CBC decryption, NIST key unwrapping and
+ RSA OAEP decryption. With the previous implementation, some compilers
+ (notably recent versions of Clang and IAR) could produce non-constant
+ time code, which could allow a padding oracle attack if the attacker
+ has access to precise timing measurements.
+ * Fix a buffer overread when parsing short TLS application data records in
+ ARC4 or null-cipher cipher suites. Credit to OSS-Fuzz.
+
+Bugfix
+ * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
+ using ECC key. The certificate was rejected by some crypto frameworks.
+ Fixes #2924.
+ * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA
+ signature can silently return an incorrect result in low memory conditions.
+ * Fix IAR compiler warnings. Fixes #7873, #4300.
+ * Fix an issue when parsing an otherName subject alternative name into a
+ mbedtls_x509_san_other_name struct. The type-id of the otherName was not
+ copied to the struct. This meant that the struct had incomplete
+ information about the otherName SAN and contained uninitialized memory.
+ * Fix the detection of HardwareModuleName otherName SANs. These were being
+ detected by comparing the wrong field and the check was erroneously
+ inverted.
+ * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
+ MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498.
+ * Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx
+ error code on failure. Before, they returned 1 to indicate failure in
+ some cases involving a missing entry or a full cache.
+
+Changes
+ * In configurations with ARIA or Camellia but not AES, the value of
+ MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might
+ suggest. This did not affect any library code, because this macro was
+ only used in relation with CMAC which does not support these ciphers.
+ Its value is now 16 if ARIA or Camellia are present. This may affect
+ application code that uses this macro.
+
= Mbed TLS 2.28.4 branch released 2023-08-04
Features
diff --git a/ChangeLog.d/fix-a-few-unchecked-return.txt b/ChangeLog.d/fix-a-few-unchecked-return.txt
deleted file mode 100644
index aadde36..0000000
--- a/ChangeLog.d/fix-a-few-unchecked-return.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA
- signature can silently return an incorrect result in low memory conditions.
diff --git a/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt b/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt
new file mode 100644
index 0000000..c52aa3d
--- /dev/null
+++ b/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix the build with CMake when Everest is enabled through
+ a user configuration file or the compiler command line. Fixes #8165.
diff --git a/ChangeLog.d/fix-iar-compiler-warnings.txt b/ChangeLog.d/fix-iar-compiler-warnings.txt
deleted file mode 100644
index 50f1dca..0000000
--- a/ChangeLog.d/fix-iar-compiler-warnings.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix IAR compiler warnings. Fixes #7873, #4300.
diff --git a/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt b/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt
deleted file mode 100644
index 8fdc588..0000000
--- a/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * The documentation of mbedtls_ecp_group now describes the optimized
- representation of A for some curves. Fixes #8045.
diff --git a/ChangeLog.d/initialize-struct-get-other-name.txt b/ChangeLog.d/initialize-struct-get-other-name.txt
deleted file mode 100644
index dc8395d..0000000
--- a/ChangeLog.d/initialize-struct-get-other-name.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Bugfix
- * Fix an issue when parsing an otherName subject alternative name into a
- mbedtls_x509_san_other_name struct. The type-id of the otherName was not
- copied to the struct. This meant that the struct had incomplete
- information about the otherName SAN and contained uninitialized memory.
- * Fix the detection of HardwareModuleName otherName SANs. These were being
- detected by comparing the wrong field and the check was erroneously
- inverted.
diff --git a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt b/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt
deleted file mode 100644
index c1de491..0000000
--- a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
- using ECC key. The certificate was rejected by some crypto frameworks.
- Fixes #2924.
diff --git a/DartConfiguration.tcl b/DartConfiguration.tcl
index dfa0f07..af0578a 100644
--- a/DartConfiguration.tcl
+++ b/DartConfiguration.tcl
@@ -1,4 +1,4 @@
Site: localhost
-BuildName: mbed TLS-test
+BuildName: Mbed TLS-test
CoverageCommand: /usr/bin/gcov
MemoryCheckCommand: /usr/bin/valgrind
diff --git a/configs/README.txt b/configs/README.txt
index 933fa7f..d2f9bcb 100644
--- a/configs/README.txt
+++ b/configs/README.txt
@@ -23,4 +23,4 @@
make
Note that the second method also works if you want to keep your custom
-configuration file outside the mbed TLS tree.
+configuration file outside the Mbed TLS tree.
diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h
index 78e31d5..318e0fb 100644
--- a/configs/config-mini-tls1_1.h
+++ b/configs/config-mini-tls1_1.h
@@ -33,13 +33,13 @@
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
-/* mbed TLS feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_1
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h
index 63f9411..72006eb 100644
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@@ -36,7 +36,7 @@
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
-/* mbed TLS feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_PADDING_PKCS7
#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
@@ -53,7 +53,7 @@
#define MBEDTLS_X509_CHECK_KEY_USAGE
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 29897fd..545a791 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -40,13 +40,13 @@
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
-/* mbed TLS feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/configs/config-thread.h b/configs/config-thread.h
index de24158..0de7e16 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -38,7 +38,7 @@
/* System support */
#define MBEDTLS_HAVE_ASM
-/* mbed TLS feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_NIST_OPTIM
@@ -50,7 +50,7 @@
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
#define MBEDTLS_SSL_EXPORT_KEYS
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index d19f93e..0cad01b 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -22,7 +22,7 @@
*/
/**
- * @mainpage Mbed TLS v2.28.4 API Documentation
+ * @mainpage Mbed TLS v2.28.5 API Documentation
*
* This documentation describes the internal structure of Mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 0fc2da0..f6f160d 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -1,4 +1,4 @@
-PROJECT_NAME = "mbed TLS v2.28.4"
+PROJECT_NAME = "Mbed TLS v2.28.5"
OUTPUT_DIRECTORY = ../apidoc/
FULL_PATH_NAMES = NO
OPTIMIZE_OUTPUT_FOR_C = YES
diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
index 62c0f62..11b417b 100644
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -1,4 +1,4 @@
-option(INSTALL_MBEDTLS_HEADERS "Install mbed TLS headers." ON)
+option(INSTALL_MBEDTLS_HEADERS "Install Mbed TLS headers." ON)
if(INSTALL_MBEDTLS_HEADERS)
diff --git a/include/mbedtls/aesni.h b/include/mbedtls/aesni.h
index 6741dea..0da40a0 100644
--- a/include/mbedtls/aesni.h
+++ b/include/mbedtls/aesni.h
@@ -36,16 +36,20 @@
#define MBEDTLS_AESNI_AES 0x02000000u
#define MBEDTLS_AESNI_CLMUL 0x00000002u
-/* Can we do AESNI with inline assembly?
- * (Only implemented with gas syntax, only for 64-bit.)
- */
-#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \
- (defined(__amd64__) || defined(__x86_64__)) && \
- !defined(MBEDTLS_HAVE_X86_64)
+#if !defined(MBEDTLS_HAVE_X86_64) && \
+ (defined(__amd64__) || defined(__x86_64__) || \
+ defined(_M_X64) || defined(_M_AMD64)) && \
+ !defined(_M_ARM64EC)
#define MBEDTLS_HAVE_X86_64
#endif
-#if defined(MBEDTLS_AESNI_C)
+#if !defined(MBEDTLS_HAVE_X86) && \
+ (defined(__i386__) || defined(_M_IX86))
+#define MBEDTLS_HAVE_X86
+#endif
+
+#if defined(MBEDTLS_AESNI_C) && \
+ (defined(MBEDTLS_HAVE_X86_64) || defined(MBEDTLS_HAVE_X86))
/* Can we do AESNI with intrinsics?
* (Only implemented with certain compilers, only for certain targets.)
@@ -72,7 +76,11 @@
* favor the assembly-based implementation if it's available. We intend to
* revise this in a later release of Mbed TLS 3.x. In the long run, we will
* likely remove the assembly implementation. */
-#if defined(MBEDTLS_HAVE_X86_64)
+#if defined(MBEDTLS_HAVE_ASM) && \
+ defined(__GNUC__) && defined(MBEDTLS_HAVE_X86_64)
+/* Can we do AESNI with inline assembly?
+ * (Only implemented with gas syntax, only for 64-bit.)
+ */
#define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly
#elif defined(MBEDTLS_AESNI_HAVE_INTRINSICS)
#define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics
@@ -168,6 +176,6 @@
#endif
#endif /* MBEDTLS_AESNI_HAVE_CODE */
-#endif /* MBEDTLS_AESNI_C */
+#endif /* MBEDTLS_AESNI_C && (MBEDTLS_HAVE_X86_64 || MBEDTLS_HAVE_X86) */
#endif /* MBEDTLS_AESNI_H */
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 2cb36e9..dddcb73 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -35,7 +35,7 @@
*/
#include <limits.h>
#if CHAR_BIT != 8
-#error "mbed TLS requires a platform with 8-bit chars"
+#error "Mbed TLS requires a platform with 8-bit chars"
#endif
#if defined(_WIN32)
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 56fc2d8..fa57efe 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -446,10 +446,29 @@
/**
- * \brief This function initializes a cipher context for
+ * \brief This function prepares a cipher context for
* use with the given cipher primitive.
*
- * \param ctx The context to initialize. This must be initialized.
+ * \warning In CBC mode, if mbedtls_cipher_set_padding_mode() is not called:
+ * - If MBEDTLS_CIPHER_PADDING_PKCS7 is enabled, the
+ * context will use PKCS7 padding.
+ * - Otherwise the context uses no padding and the input
+ * must be a whole number of blocks.
+ *
+ * \note After calling this function, you should call
+ * mbedtls_cipher_setkey() and, if the mode uses padding,
+ * mbedtls_cipher_set_padding_mode(), then for each
+ * message to encrypt or decrypt with this key, either:
+ * - mbedtls_cipher_crypt() for one-shot processing with
+ * non-AEAD modes;
+ * - mbedtls_cipher_auth_encrypt_ext() or
+ * mbedtls_cipher_auth_decrypt_ext() for one-shot
+ * processing with AEAD modes or NIST_KW;
+ * - for multi-part processing, see the documentation of
+ * mbedtls_cipher_reset().
+ *
+ * \param ctx The context to prepare. This must be initialized by
+ * a call to mbedtls_cipher_init() first.
* \param cipher_info The cipher to use.
*
* \return \c 0 on success.
@@ -663,8 +682,6 @@
* \brief This function sets the padding mode, for cipher modes
* that use padding.
*
- * The default passing mode is PKCS7 padding.
- *
* \param ctx The generic cipher context. This must be initialized and
* bound to a cipher information structure.
* \param mode The padding mode.
@@ -704,7 +721,29 @@
/**
* \brief This function resets the cipher state.
*
- * \param ctx The generic cipher context. This must be initialized.
+ * \note With non-AEAD ciphers, the order of calls for each message
+ * is as follows:
+ * 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
+ * 2. mbedtls_cipher_reset()
+ * 3. mbedtls_cipher_update() one or more times
+ * 4. mbedtls_cipher_finish()
+ * .
+ * This sequence can be repeated to encrypt or decrypt multiple
+ * messages with the same key.
+ *
+ * \note With AEAD ciphers, the order of calls for each message
+ * is as follows:
+ * 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
+ * 2. mbedtls_cipher_reset()
+ * 3. mbedtls_cipher_update_ad()
+ * 4. mbedtls_cipher_update() one or more times
+ * 5. mbedtls_cipher_check_tag() (for decryption) or
+ * mbedtls_cipher_write_tag() (for encryption).
+ * .
+ * This sequence can be repeated to encrypt or decrypt multiple
+ * messages with the same key.
+ *
+ * \param ctx The generic cipher context. This must be bound to a key.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 254995c..5c3bcba 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -45,7 +45,11 @@
#define MBEDTLS_AES_BLOCK_SIZE 16
#define MBEDTLS_DES3_BLOCK_SIZE 8
-#if defined(MBEDTLS_AES_C)
+
+/* Although the CMAC module does not support ARIA or CAMELLIA, we adjust the value of
+ * MBEDTLS_CIPHER_BLKSIZE_MAX to reflect these ciphers.
+ * This is done to avoid confusion, given the general-purpose name of the macro. */
+#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)
#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */
#else
#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */
diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h
index 3a34cf6..117c88a 100644
--- a/include/mbedtls/compat-1.3.h
+++ b/include/mbedtls/compat-1.3.h
@@ -1,7 +1,7 @@
/**
* \file compat-1.3.h
*
- * \brief Compatibility definitions for using mbed TLS with client code written
+ * \brief Compatibility definitions for using Mbed TLS with client code written
* for the PolarSSL naming conventions.
*
* \deprecated Use the new names directly instead
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index fa5ebd7..7b1f38a 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -163,7 +163,7 @@
*
* Enable the memory allocation layer.
*
- * By default mbed TLS uses the system-provided calloc() and free().
+ * By default Mbed TLS uses the system-provided calloc() and free().
* This allows different allocators (self-implemented or provided) to be
* provided to the platform abstraction layer.
*
@@ -236,10 +236,10 @@
/**
* \def MBEDTLS_PLATFORM_EXIT_ALT
*
- * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
+ * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let Mbed TLS support the
* function in the platform abstraction layer.
*
- * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
+ * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, Mbed TLS will
* provide a function "mbedtls_platform_set_printf()" that allows you to set an
* alternative printf function pointer.
*
@@ -266,6 +266,45 @@
//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
/**
+ * Uncomment the macro to let Mbed TLS use your alternate implementation of
+ * mbedtls_platform_gmtime_r(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * gmtime() is not a thread-safe function as defined in the C standard. The
+ * library will try to use safer implementations of this function, such as
+ * gmtime_r() when available. However, if Mbed TLS cannot identify the target
+ * system, the implementation of mbedtls_platform_gmtime_r() will default to
+ * using the standard gmtime(). In this case, calls from the library to
+ * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
+ * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
+ * library are also guarded with this mutex to avoid race conditions. However,
+ * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
+ * unconditionally use the implementation for mbedtls_platform_gmtime_r()
+ * supplied at compile time.
+ */
+//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
+
+/**
+ * Uncomment the macro to let Mbed TLS use your alternate implementation of
+ * mbedtls_platform_zeroize(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * mbedtls_platform_zeroize() is a widely used function across the library to
+ * zero a block of memory. The implementation is expected to be secure in the
+ * sense that it has been written to prevent the compiler from removing calls
+ * to mbedtls_platform_zeroize() as part of redundant code elimination
+ * optimizations. However, it is difficult to guarantee that calls to
+ * mbedtls_platform_zeroize() will not be optimized by the compiler as older
+ * versions of the C language standards do not provide a secure implementation
+ * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
+ * configure their own implementation of mbedtls_platform_zeroize(), for
+ * example by using directives specific to their compiler, features from newer
+ * C standards (e.g using memset_s() in C11) or calling a secure memset() from
+ * their system (e.g explicit_bzero() in BSD).
+ */
+//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
+
+/**
* \def MBEDTLS_DEPRECATED_WARNING
*
* Mark deprecated functions and features so that they generate a warning if
@@ -361,7 +400,7 @@
/** \} name SECTION: System support */
/**
- * \name SECTION: mbed TLS feature support
+ * \name SECTION: Mbed TLS feature support
*
* This section sets support for features that are or are not needed
* within the modules that are enabled.
@@ -384,7 +423,7 @@
/**
* \def MBEDTLS_AES_ALT
*
- * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your
* alternate core implementation of a symmetric crypto, an arithmetic or hash
* module (e.g. platform specific assembly optimized implementations). Keep
* in mind that the function prototypes should remain the same.
@@ -392,7 +431,7 @@
* This replaces the whole module. If you only want to replace one of the
* functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
*
- * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
+ * Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer
* provide the "struct mbedtls_aes_context" definition and omit the base
* function declarations and implementations. "aes_alt.h" will be included from
* "aes.h" to include the new function definitions.
@@ -445,14 +484,14 @@
/**
* \def MBEDTLS_MD2_PROCESS_ALT
*
- * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
+ * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use you
* alternate core implementation of symmetric crypto or hash function. Keep in
* mind that function prototypes should remain the same.
*
- * This replaces only one function. The header file from mbed TLS is still
+ * This replaces only one function. The header file from Mbed TLS is still
* used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
*
- * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
+ * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, Mbed TLS will
* no longer provide the mbedtls_sha1_process() function, but it will still provide
* the other function (using your mbedtls_sha1_process() function) and the definition
* of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
@@ -512,11 +551,11 @@
*
* Expose a part of the internal interface of the Elliptic Curve Point module.
*
- * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use your
* alternative core implementation of elliptic curve arithmetic. Keep in mind
* that function prototypes should remain the same.
*
- * This partially replaces one function. The header file from mbed TLS is still
+ * This partially replaces one function. The header file from Mbed TLS is still
* used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
* is still present and it is used for group structures not supported by the
* alternative.
@@ -540,11 +579,11 @@
* implement optimized set up and tear down instructions.
*
* Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and
- * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac()
+ * MBEDTLS_ECP_DOUBLE_JAC_ALT, Mbed TLS will still provide the ecp_double_jac()
* function, but will use your mbedtls_internal_ecp_double_jac() if the group
* for the operation is supported by your implementation (i.e. your
* mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the
- * group is not supported by your implementation, then the original mbed TLS
+ * group is not supported by your implementation, then the original Mbed TLS
* implementation of ecp_double_jac() is used instead, unless this fallback
* behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case
* ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE).
@@ -575,7 +614,7 @@
/**
* \def MBEDTLS_TEST_NULL_ENTROPY
*
- * Enables testing and use of mbed TLS without any configured entropy sources.
+ * Enables testing and use of Mbed TLS without any configured entropy sources.
* This permits use of the library on platforms before an entropy source has
* been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
* MBEDTLS_ENTROPY_NV_SEED switches).
@@ -592,7 +631,7 @@
/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
- * Uncomment this macro to let mbed TLS use your own implementation of a
+ * Uncomment this macro to let Mbed TLS use your own implementation of a
* hardware entropy collector.
*
* Your function must be called \c mbedtls_hardware_poll(), have the same
@@ -819,6 +858,15 @@
#define MBEDTLS_REMOVE_3DES_CIPHERSUITES
/**
+ * Enable the verified implementations of ECDH primitives from Project Everest
+ * (currently only Curve25519). This feature changes the layout of ECDH
+ * contexts and therefore is a compatibility break for applications that access
+ * fields of a mbedtls_ecdh_context structure directly. See also
+ * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
+ */
+//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
+
+/**
* \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
*
* MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
@@ -1591,7 +1639,7 @@
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
*
* Enable sending of alert messages in case of encountered errors as per RFC.
- * If you choose not to send the alert messages, mbed TLS can still communicate
+ * If you choose not to send the alert messages, Mbed TLS can still communicate
* with other servers, only debugging of failures is harder.
*
* The advantage of not sending alert messages, is that no information is given
@@ -2118,6 +2166,23 @@
//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
/**
+ * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
+ * signature and ciphersuite selection. Without this build-time option, SHA-1
+ * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
+ * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
+ * default. At the time of writing, there is no practical attack on the use
+ * of SHA-1 in handshake signatures, hence this option is turned on by default
+ * to preserve compatibility with existing peers, but the general
+ * warning applies nonetheless:
+ *
+ * \warning SHA-1 is considered a weak message digest and its use constitutes
+ * a security risk. If possible, we recommend avoiding dependencies
+ * on it, and considering stronger message digests instead.
+ *
+ */
+//#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
+
+/**
* \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
*
* Enable testing of the constant-flow nature of some sensitive functions with
@@ -2364,12 +2429,12 @@
* Uncomment to enable use of ZLIB
*/
//#define MBEDTLS_ZLIB_SUPPORT
-/** \} name SECTION: mbed TLS feature support */
+/** \} name SECTION: Mbed TLS feature support */
/**
- * \name SECTION: mbed TLS modules
+ * \name SECTION: Mbed TLS modules
*
- * This section enables or disables entire modules in mbed TLS
+ * This section enables or disables entire modules in Mbed TLS
* \{
*/
@@ -3090,7 +3155,7 @@
* Module: library/memory_buffer_alloc.c
*
* Requires: MBEDTLS_PLATFORM_C
- * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
+ * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS)
*
* Enable this module to enable the buffer memory allocator.
*/
@@ -3530,7 +3595,7 @@
* \def MBEDTLS_THREADING_C
*
* Enable the threading abstraction layer.
- * By default mbed TLS assumes it is used in a non-threaded environment or that
+ * By default Mbed TLS assumes it is used in a non-threaded environment or that
* contexts are not shared between threads. If you do intend to use contexts
* between threads, you will need to enable this layer to prevent race
* conditions. See also our Knowledge Base article about threading:
@@ -3544,7 +3609,7 @@
* You will have to enable either MBEDTLS_THREADING_ALT or
* MBEDTLS_THREADING_PTHREAD.
*
- * Enable this layer to allow use of mutexes within mbed TLS
+ * Enable this layer to allow use of mutexes within Mbed TLS
*/
//#define MBEDTLS_THREADING_C
@@ -3696,7 +3761,7 @@
*/
#define MBEDTLS_XTEA_C
-/** \} name SECTION: mbed TLS modules */
+/** \} name SECTION: Mbed TLS modules */
/**
* \name SECTION: General configuration options
@@ -4141,71 +4206,6 @@
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
-/**
- * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
- * signature and ciphersuite selection. Without this build-time option, SHA-1
- * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
- * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
- * default. At the time of writing, there is no practical attack on the use
- * of SHA-1 in handshake signatures, hence this option is turned on by default
- * to preserve compatibility with existing peers, but the general
- * warning applies nonetheless:
- *
- * \warning SHA-1 is considered a weak message digest and its use constitutes
- * a security risk. If possible, we recommend avoiding dependencies
- * on it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
-
-/**
- * Uncomment the macro to let mbed TLS use your alternate implementation of
- * mbedtls_platform_zeroize(). This replaces the default implementation in
- * platform_util.c.
- *
- * mbedtls_platform_zeroize() is a widely used function across the library to
- * zero a block of memory. The implementation is expected to be secure in the
- * sense that it has been written to prevent the compiler from removing calls
- * to mbedtls_platform_zeroize() as part of redundant code elimination
- * optimizations. However, it is difficult to guarantee that calls to
- * mbedtls_platform_zeroize() will not be optimized by the compiler as older
- * versions of the C language standards do not provide a secure implementation
- * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
- * configure their own implementation of mbedtls_platform_zeroize(), for
- * example by using directives specific to their compiler, features from newer
- * C standards (e.g using memset_s() in C11) or calling a secure memset() from
- * their system (e.g explicit_bzero() in BSD).
- */
-//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
-
-/**
- * Uncomment the macro to let Mbed TLS use your alternate implementation of
- * mbedtls_platform_gmtime_r(). This replaces the default implementation in
- * platform_util.c.
- *
- * gmtime() is not a thread-safe function as defined in the C standard. The
- * library will try to use safer implementations of this function, such as
- * gmtime_r() when available. However, if Mbed TLS cannot identify the target
- * system, the implementation of mbedtls_platform_gmtime_r() will default to
- * using the standard gmtime(). In this case, calls from the library to
- * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
- * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
- * library are also guarded with this mutex to avoid race conditions. However,
- * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
- * unconditionally use the implementation for mbedtls_platform_gmtime_r()
- * supplied at compile time.
- */
-//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
-
-/**
- * Enable the verified implementations of ECDH primitives from Project Everest
- * (currently only Curve25519). This feature changes the layout of ECDH
- * contexts and therefore is a compatibility break for applications that access
- * fields of a mbedtls_ecdh_context structure directly. See also
- * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
- */
-//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
-
/** \} name SECTION: Module configuration options */
/* Target and application specific configurations
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 1e74a1b..67d5df1 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -110,6 +110,10 @@
#if defined(PSA_WANT_ALG_HKDF)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
+/*
+ * The PSA implementation has its own implementation of HKDF, separate from
+ * hkdf.c. No need to enable MBEDTLS_HKDF_C here.
+ */
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 23ebe9b..4995090 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -219,7 +219,7 @@
#if !defined(MBEDTLS_ECP_ALT)
/*
- * default mbed TLS elliptic curve arithmetic implementation
+ * default Mbed TLS elliptic curve arithmetic implementation
*
* (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
* alternative implementation for the whole module and it will replace this
diff --git a/include/mbedtls/entropy_poll.h b/include/mbedtls/entropy_poll.h
index eca3b56..fed6862 100644
--- a/include/mbedtls/entropy_poll.h
+++ b/include/mbedtls/entropy_poll.h
@@ -82,7 +82,7 @@
/**
* \brief Entropy poll callback for a hardware source
*
- * \warning This is not provided by mbed TLS!
+ * \warning This is not provided by Mbed TLS!
* See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h.
*
* \note This must accept NULL as its first argument.
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index dd3c787..0d6230f 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -171,9 +171,9 @@
}
/**
- * \brief Translate a mbed TLS error code into a string representation,
- * Result is truncated if necessary and always includes a terminating
- * null byte.
+ * \brief Translate an Mbed TLS error code into a string representation.
+ * The result is truncated if necessary and always includes a
+ * terminating null byte.
*
* \param errnum error code
* \param buffer buffer to place representation in
diff --git a/include/mbedtls/padlock.h b/include/mbedtls/padlock.h
index 01069ea..076fd60 100644
--- a/include/mbedtls/padlock.h
+++ b/include/mbedtls/padlock.h
@@ -44,9 +44,12 @@
#endif
/* Some versions of ASan result in errors about not enough registers */
-#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \
+#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_ASM) && \
+ defined(__GNUC__) && defined(__i386__) && \
!defined(MBEDTLS_HAVE_ASAN)
+#define MBEDTLS_VIA_PADLOCK_HAVE_CODE
+
#ifndef MBEDTLS_HAVE_X86
#define MBEDTLS_HAVE_X86
#endif
@@ -120,6 +123,7 @@
}
#endif
-#endif /* HAVE_X86 */
+#endif /* MBEDTLS_PADLOCK_C && MBEDTLS_HAVE_ASM &&
+ __GNUC__ && __i386__ && !MBEDTLS_HAVE_ASAN */
#endif /* padlock.h */
diff --git a/include/mbedtls/pkcs11.h b/include/mbedtls/pkcs11.h
index 80a8a9c..908a1bc 100644
--- a/include/mbedtls/pkcs11.h
+++ b/include/mbedtls/pkcs11.h
@@ -71,7 +71,7 @@
MBEDTLS_DEPRECATED void mbedtls_pkcs11_init(mbedtls_pkcs11_context *ctx);
/**
- * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
+ * Fill in a Mbed TLS certificate, based on the given PKCS11 helper certificate.
*
* \deprecated This function is deprecated and will be removed in a
* future version of the library.
diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h
index cd13852..63e2e63 100644
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@@ -79,6 +79,21 @@
* \brief PKCS12 Password Based function (encryption / decryption)
* for cipher-based and mbedtls_md-based PBE's
*
+ * \note When encrypting, #MBEDTLS_CIPHER_PADDING_PKCS7 must
+ * be enabled at compile time.
+ *
+ * \warning When decrypting:
+ * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile
+ * time, this function validates the CBC padding and returns
+ * #MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH if the padding is
+ * invalid. Note that this can help active adversaries
+ * attempting to brute-forcing the password. Note also that
+ * there is no guarantee that an invalid password will be
+ * detected (the chances of a valid padding with a random
+ * password are about 1/255).
+ * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is disabled at compile
+ * time, this function does not validate the CBC padding.
+ *
* \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure
* \param mode either #MBEDTLS_PKCS12_PBE_ENCRYPT or
* #MBEDTLS_PKCS12_PBE_DECRYPT
@@ -87,18 +102,77 @@
* \param pwd Latin1-encoded password used. This may only be \c NULL when
* \p pwdlen is 0. No null terminator should be used.
* \param pwdlen length of the password (may be 0)
- * \param input the input data
+ * \param data the input data
* \param len data length
- * \param output the output buffer
+ * \param output Output buffer.
+ * On success, it contains the encrypted or decrypted data,
+ * possibly followed by the CBC padding.
+ * On failure, the content is indeterminate.
+ * For decryption, there must be enough room for \p len
+ * bytes.
+ * For encryption, there must be enough room for
+ * \p len + 1 bytes, rounded up to the block size of
+ * the block cipher identified by \p pbe_params.
*
* \return 0 if successful, or a MBEDTLS_ERR_XXX code
*/
int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
const unsigned char *pwd, size_t pwdlen,
- const unsigned char *input, size_t len,
+ const unsigned char *data, size_t len,
unsigned char *output);
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+
+/**
+ * \brief PKCS12 Password Based function (encryption / decryption)
+ * for cipher-based and mbedtls_md-based PBE's
+ *
+ *
+ * \warning When decrypting:
+ * - This function validates the CBC padding and returns
+ * #MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH if the padding is
+ * invalid. Note that this can help active adversaries
+ * attempting to brute-forcing the password. Note also that
+ * there is no guarantee that an invalid password will be
+ * detected (the chances of a valid padding with a random
+ * password are about 1/255).
+ *
+ * \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure
+ * \param mode either #MBEDTLS_PKCS12_PBE_ENCRYPT or
+ * #MBEDTLS_PKCS12_PBE_DECRYPT
+ * \param cipher_type the cipher used
+ * \param md_type the mbedtls_md used
+ * \param pwd Latin1-encoded password used. This may only be \c NULL when
+ * \p pwdlen is 0. No null terminator should be used.
+ * \param pwdlen length of the password (may be 0)
+ * \param data the input data
+ * \param len data length
+ * \param output Output buffer.
+ * On success, it contains the encrypted or decrypted data,
+ * possibly followed by the CBC padding.
+ * On failure, the content is indeterminate.
+ * For decryption, there must be enough room for \p len
+ * bytes.
+ * For encryption, there must be enough room for
+ * \p len + 1 bytes, rounded up to the block size of
+ * the block cipher identified by \p pbe_params.
+ * \param output_size size of output buffer.
+ * This must be big enough to accommodate for output plus
+ * padding data.
+ * \param output_len On success, length of actual data written to the output buffer.
+ *
+ * \return 0 if successful, or a MBEDTLS_ERR_XXX code
+ */
+int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
+ mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t len,
+ unsigned char *output, size_t output_size,
+ size_t *output_len);
+
+#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
+
#endif /* MBEDTLS_ASN1_PARSE_C */
/**
diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h
index 12dec05..e995d3d 100644
--- a/include/mbedtls/pkcs5.h
+++ b/include/mbedtls/pkcs5.h
@@ -57,13 +57,36 @@
/**
* \brief PKCS#5 PBES2 function
*
+ * \note When encrypting, #MBEDTLS_CIPHER_PADDING_PKCS7 must
+ * be enabled at compile time.
+ *
+ * \warning When decrypting:
+ * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile
+ * time, this function validates the CBC padding and returns
+ * #MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is
+ * invalid. Note that this can help active adversaries
+ * attempting to brute-forcing the password. Note also that
+ * there is no guarantee that an invalid password will be
+ * detected (the chances of a valid padding with a random
+ * password are about 1/255).
+ * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is disabled at compile
+ * time, this function does not validate the CBC padding.
+ *
* \param pbe_params the ASN.1 algorithm parameters
- * \param mode either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT
+ * \param mode either #MBEDTLS_PKCS5_DECRYPT or #MBEDTLS_PKCS5_ENCRYPT
* \param pwd password to use when generating key
* \param pwdlen length of password
* \param data data to process
* \param datalen length of data
- * \param output output buffer
+ * \param output Output buffer.
+ * On success, it contains the encrypted or decrypted data,
+ * possibly followed by the CBC padding.
+ * On failure, the content is indeterminate.
+ * For decryption, there must be enough room for \p datalen
+ * bytes.
+ * For encryption, there must be enough room for
+ * \p datalen + 1 bytes, rounded up to the block size of
+ * the block cipher identified by \p pbe_params.
*
* \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
*/
@@ -72,6 +95,49 @@
const unsigned char *data, size_t datalen,
unsigned char *output);
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+
+/**
+ * \brief PKCS#5 PBES2 function
+ *
+ * \warning When decrypting:
+ * - This function validates the CBC padding and returns
+ * #MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is
+ * invalid. Note that this can help active adversaries
+ * attempting to brute-forcing the password. Note also that
+ * there is no guarantee that an invalid password will be
+ * detected (the chances of a valid padding with a random
+ * password are about 1/255).
+ *
+ * \param pbe_params the ASN.1 algorithm parameters
+ * \param mode either #MBEDTLS_PKCS5_DECRYPT or #MBEDTLS_PKCS5_ENCRYPT
+ * \param pwd password to use when generating key
+ * \param pwdlen length of password
+ * \param data data to process
+ * \param datalen length of data
+ * \param output Output buffer.
+ * On success, it contains the decrypted data.
+ * On failure, the content is indetermidate.
+ * For decryption, there must be enough room for \p datalen
+ * bytes.
+ * For encryption, there must be enough room for
+ * \p datalen + 1 bytes, rounded up to the block size of
+ * the block cipher identified by \p pbe_params.
+ * \param output_size size of output buffer.
+ * This must be big enough to accommodate for output plus
+ * padding data.
+ * \param output_len On success, length of actual data written to the output buffer.
+ *
+ * \returns 0 on success, or a MBEDTLS_ERR_XXX code if parsing or decryption fails.
+ */
+int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t datalen,
+ unsigned char *output, size_t output_size,
+ size_t *output_len);
+
+#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
+
#endif /* MBEDTLS_ASN1_PARSE_C */
/**
diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h
index eee61d6..112286b 100644
--- a/include/mbedtls/platform_time.h
+++ b/include/mbedtls/platform_time.h
@@ -1,7 +1,7 @@
/**
* \file platform_time.h
*
- * \brief mbed TLS Platform time abstraction
+ * \brief Mbed TLS Platform time abstraction
*/
/*
* Copyright The Mbed TLS Contributors
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index cc9a270..3ec558b 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -193,6 +193,8 @@
#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000
/** Invalid value in SSL config */
#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
+/** Cache entry not found */
+#define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND -0x5E00
/*
* Various constants
diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index e358c6c..b1ea801 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -99,6 +99,11 @@
*
* \param data SSL cache context
* \param session session to retrieve entry for
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND if there is
+ * no cache entry with specified session ID found, or
+ * any other negative error code for other failures.
*/
int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session);
@@ -108,6 +113,9 @@
*
* \param data SSL cache context
* \param session session to store entry for
+ *
+ * \return \c 0 on success.
+ * \return A negative error code on failure.
*/
int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session);
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 5300125..cdf724c 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -1,7 +1,7 @@
/**
* \file ssl_ciphersuites.h
*
- * \brief SSL Ciphersuites for mbed TLS
+ * \brief SSL Ciphersuites for Mbed TLS
*/
/*
* Copyright The Mbed TLS Contributors
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 25de77e..5b5efca 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -63,9 +63,9 @@
* \brief Set your alternate threading implementation function
* pointers and initialize global mutexes. If used, this
* function must be called once in the main thread before any
- * other mbed TLS function is called, and
+ * other Mbed TLS function is called, and
* mbedtls_threading_free_alt() must be called once in the main
- * thread after all other mbed TLS functions.
+ * thread after all other Mbed TLS functions.
*
* \note mutex_init() and mutex_free() don't return a status code.
* If mutex_init() fails, it should leave its argument (the
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 1ae06e6..4fe37c2 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -21,7 +21,7 @@
*/
/*
* This set of compile-time defines and run-time variables can be used to
- * determine the version number of the mbed TLS library used.
+ * determine the version number of the Mbed TLS library used.
*/
#ifndef MBEDTLS_VERSION_H
#define MBEDTLS_VERSION_H
@@ -38,16 +38,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 28
-#define MBEDTLS_VERSION_PATCH 4
+#define MBEDTLS_VERSION_PATCH 5
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x021C0400
-#define MBEDTLS_VERSION_STRING "2.28.4"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.28.4"
+#define MBEDTLS_VERSION_NUMBER 0x021C0500
+#define MBEDTLS_VERSION_STRING "2.28.5"
+#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 2.28.5"
#if defined(MBEDTLS_VERSION_C)
@@ -72,9 +72,9 @@
void mbedtls_version_get_string(char *string);
/**
- * Get the full version string ("mbed TLS x.y.z").
+ * Get the full version string ("Mbed TLS x.y.z").
*
- * \param string The string that will receive the value. The mbed TLS version
+ * \param string The string that will receive the value. The Mbed TLS version
* string will use 18 bytes AT MOST including a terminating
* null byte.
* (So the buffer should be at least 18 bytes to receive this
@@ -84,12 +84,12 @@
/**
* \brief Check if support for a feature was compiled into this
- * mbed TLS binary. This allows you to see at runtime if the
+ * Mbed TLS binary. This allows you to see at runtime if the
* library was for instance compiled with or without
* Multi-threading support.
*
* \note only checks against defines in the sections "System
- * support", "mbed TLS modules" and "mbed TLS feature
+ * support", "Mbed TLS modules" and "Mbed TLS feature
* support" in config.h
*
* \param feature The string for the define to check (e.g. "MBEDTLS_AES_C")
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index d436635..bf883e8 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -914,7 +914,7 @@
* \brief Set the issuer name for a Certificate
* Issuer names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS CA"
+ * e.g. "C=UK,O=ARM,CN=Mbed TLS CA"
*
* \param ctx CRT context to use
* \param issuer_name issuer name to set
@@ -929,7 +929,7 @@
* \brief Set the subject name for a Certificate
* Subject names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+ * e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1"
*
* \param ctx CRT context to use
* \param subject_name subject name to set
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 5975584..6daf57b 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -171,7 +171,7 @@
* \brief Set the subject name for a CSR
* Subject names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+ * e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1"
*
* \param ctx CSR context to use
* \param subject_name subject name to set
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 147caaf..8d88101 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -1,7 +1,7 @@
-option(USE_STATIC_MBEDTLS_LIBRARY "Build mbed TLS static library." ON)
-option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
-option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)
-option(LINK_WITH_TRUSTED_STORAGE "Explicitly link mbed TLS library to trusted_storage." OFF)
+option(USE_STATIC_MBEDTLS_LIBRARY "Build Mbed TLS static library." ON)
+option(USE_SHARED_MBEDTLS_LIBRARY "Build Mbed TLS shared library." OFF)
+option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF)
+option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF)
# Set the project root directory if it's not already defined, as may happen if
# the library folder is included directly by a parent project, without
@@ -204,15 +204,15 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
add_library(${mbedcrypto_target} SHARED ${src_crypto})
- set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.28.4 SOVERSION 7)
+ set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.28.5 SOVERSION 7)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
add_library(${mbedx509_target} SHARED ${src_x509})
- set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.28.4 SOVERSION 1)
+ set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.28.5 SOVERSION 1)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
add_library(${mbedtls_target} SHARED ${src_tls})
- set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.28.4 SOVERSION 14)
+ set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.28.5 SOVERSION 14)
target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
endif(USE_SHARED_MBEDTLS_LIBRARY)
diff --git a/library/aes.c b/library/aes.c
index d5a45fd..683480a 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -50,7 +50,7 @@
#define AES_VALIDATE(cond) \
MBEDTLS_INTERNAL_VALIDATE(cond)
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
+#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
static int aes_padlock_ace = -1;
#endif
@@ -334,7 +334,7 @@
/*
* Round constants
*/
-static const uint32_t RCON[10] =
+static const uint32_t round_constants[10] =
{
0x00000001, 0x00000002, 0x00000004, 0x00000008,
0x00000010, 0x00000020, 0x00000040, 0x00000080,
@@ -381,7 +381,7 @@
/*
* Round constants
*/
-static uint32_t RCON[10];
+static uint32_t round_constants[10];
/*
* Tables generation code
@@ -411,7 +411,7 @@
* calculate the round constants
*/
for (i = 0, x = 1; i < 10; i++) {
- RCON[i] = (uint32_t) x;
+ round_constants[i] = (uint32_t) x;
x = MBEDTLS_BYTE_0(XTIME(x));
}
@@ -548,7 +548,7 @@
* Note that the offset is in units of elements of buf, i.e. 32-bit words,
* i.e. an offset of 1 means 4 bytes and so on.
*/
-#if (defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)) || \
+#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) || \
(defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2)
#define MAY_NEED_TO_ALIGN
#endif
@@ -560,7 +560,7 @@
#if defined(MAY_NEED_TO_ALIGN)
int align_16_bytes = 0;
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
+#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
if (aes_padlock_ace == -1) {
aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
}
@@ -637,7 +637,7 @@
case 10:
for (i = 0; i < 10; i++, RK += 4) {
- RK[4] = RK[0] ^ RCON[i] ^
+ RK[4] = RK[0] ^ round_constants[i] ^
((uint32_t) FSb[MBEDTLS_BYTE_1(RK[3])]) ^
((uint32_t) FSb[MBEDTLS_BYTE_2(RK[3])] << 8) ^
((uint32_t) FSb[MBEDTLS_BYTE_3(RK[3])] << 16) ^
@@ -652,7 +652,7 @@
case 12:
for (i = 0; i < 8; i++, RK += 6) {
- RK[6] = RK[0] ^ RCON[i] ^
+ RK[6] = RK[0] ^ round_constants[i] ^
((uint32_t) FSb[MBEDTLS_BYTE_1(RK[5])]) ^
((uint32_t) FSb[MBEDTLS_BYTE_2(RK[5])] << 8) ^
((uint32_t) FSb[MBEDTLS_BYTE_3(RK[5])] << 16) ^
@@ -669,7 +669,7 @@
case 14:
for (i = 0; i < 7; i++, RK += 8) {
- RK[8] = RK[0] ^ RCON[i] ^
+ RK[8] = RK[0] ^ round_constants[i] ^
((uint32_t) FSb[MBEDTLS_BYTE_1(RK[7])]) ^
((uint32_t) FSb[MBEDTLS_BYTE_2(RK[7])] << 8) ^
((uint32_t) FSb[MBEDTLS_BYTE_3(RK[7])] << 16) ^
@@ -1076,7 +1076,7 @@
}
#endif
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
+#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
if (aes_padlock_ace) {
return mbedtls_padlock_xcryptecb(ctx, mode, input, output);
}
@@ -1115,7 +1115,7 @@
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
}
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
+#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
if (aes_padlock_ace) {
if (mbedtls_padlock_xcryptcbc(ctx, mode, length, iv, input, output) == 0) {
return 0;
@@ -1875,7 +1875,7 @@
#if defined(MBEDTLS_AES_ALT)
mbedtls_printf(" AES note: alternative implementation.\n");
#else /* MBEDTLS_AES_ALT */
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
+#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
if (mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE)) {
mbedtls_printf(" AES note: using VIA Padlock.\n");
} else
diff --git a/library/ccm.c b/library/ccm.c
index 2d2695e..79a04a2 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -33,6 +33,7 @@
#include "mbedtls/ccm.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
+#include "mbedtls/constant_time.h"
#include <string.h>
@@ -362,7 +363,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char check_tag[16];
- unsigned char i;
int diff;
CCM_VALIDATE_RET(ctx != NULL);
@@ -379,9 +379,7 @@
}
/* Check tag in "constant-time" */
- for (diff = 0, i = 0; i < tag_len; i++) {
- diff |= tag[i] ^ check_tag[i];
- }
+ diff = mbedtls_ct_memcmp(tag, check_tag, tag_len);
if (diff != 0) {
mbedtls_platform_zeroize(output, length);
diff --git a/library/chachapoly.c b/library/chachapoly.c
index ceb4292..547ffb2 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -25,6 +25,7 @@
#include "mbedtls/chachapoly.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
+#include "mbedtls/constant_time.h"
#include <string.h>
@@ -337,7 +338,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char check_tag[16];
- size_t i;
int diff;
CHACHAPOLY_VALIDATE_RET(ctx != NULL);
CHACHAPOLY_VALIDATE_RET(nonce != NULL);
@@ -353,9 +353,7 @@
}
/* Check tag in "constant-time" */
- for (diff = 0, i = 0; i < sizeof(check_tag); i++) {
- diff |= tag[i] ^ check_tag[i];
- }
+ diff = mbedtls_ct_memcmp(tag, check_tag, sizeof(check_tag));
if (diff != 0) {
mbedtls_platform_zeroize(output, length);
diff --git a/library/cipher.c b/library/cipher.c
index 36f87c3..09ca686 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -1,7 +1,7 @@
/**
* \file cipher.c
*
- * \brief Generic cipher wrapper for mbed TLS
+ * \brief Generic cipher wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
@@ -30,6 +30,7 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include "mbedtls/constant_time.h"
+#include "constant_time_internal.h"
#include <stdlib.h>
#include <string.h>
@@ -748,17 +749,17 @@
*data_len = input_len - padding_len;
/* Avoid logical || since it results in a branch */
- bad |= padding_len > input_len;
- bad |= padding_len == 0;
+ bad |= ~mbedtls_ct_size_mask_ge(input_len, padding_len);
+ bad |= mbedtls_ct_size_bool_eq(padding_len, 0);
/* The number of bytes checked must be independent of padding_len,
* so pick input_len, which is usually 8 or 16 (one block) */
pad_idx = input_len - padding_len;
for (i = 0; i < input_len; i++) {
- bad |= (input[i] ^ padding_len) * (i >= pad_idx);
+ size_t mask = mbedtls_ct_size_mask_ge(i, pad_idx);
+ bad |= (input[i] ^ padding_len) & mask;
}
-
- return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0);
+ return -(int) mbedtls_ct_uint_if(bad, -MBEDTLS_ERR_CIPHER_INVALID_PADDING, 0);
}
#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
@@ -781,24 +782,29 @@
static int get_one_and_zeros_padding(unsigned char *input, size_t input_len,
size_t *data_len)
{
- size_t i;
- unsigned char done = 0, prev_done, bad;
+ unsigned int bad = 1;
if (NULL == input || NULL == data_len) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
- bad = 0x80;
*data_len = 0;
- for (i = input_len; i > 0; i--) {
- prev_done = done;
- done |= (input[i - 1] != 0);
- *data_len |= (i - 1) * (done != prev_done);
- bad ^= input[i - 1] * (done != prev_done);
+ size_t in_padding = ~0;
+
+ for (ptrdiff_t i = (ptrdiff_t) (input_len) - 1; i >= 0; i--) {
+ size_t is_nonzero = mbedtls_ct_uint_mask(input[i]);
+
+ size_t hit_first_nonzero = is_nonzero & in_padding;
+
+ *data_len = (*data_len & ~hit_first_nonzero) | ((size_t) i & hit_first_nonzero);
+
+ bad = mbedtls_ct_uint_if((unsigned int) hit_first_nonzero,
+ !mbedtls_ct_size_bool_eq(input[i], 0x80), bad);
+
+ in_padding = in_padding & ~is_nonzero;
}
- return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0);
-
+ return -(int) mbedtls_ct_uint_if(bad, -MBEDTLS_ERR_CIPHER_INVALID_PADDING, 0);
}
#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
@@ -832,16 +838,17 @@
*data_len = input_len - padding_len;
/* Avoid logical || since it results in a branch */
- bad |= padding_len > input_len;
- bad |= padding_len == 0;
+ bad |= mbedtls_ct_size_mask_ge(padding_len, input_len + 1);
+ bad |= mbedtls_ct_size_bool_eq(padding_len, 0);
/* The number of bytes checked must be independent of padding_len */
pad_idx = input_len - padding_len;
for (i = 0; i < input_len - 1; i++) {
- bad |= input[i] * (i >= pad_idx);
+ size_t mask = mbedtls_ct_size_mask_ge(i, pad_idx);
+ bad |= input[i] & mask;
}
- return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0);
+ return -(int) mbedtls_ct_uint_if(bad, -MBEDTLS_ERR_CIPHER_INVALID_PADDING, 0);
}
#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
@@ -872,8 +879,9 @@
*data_len = 0;
for (i = input_len; i > 0; i--) {
prev_done = done;
- done |= (input[i-1] != 0);
- *data_len |= i * (done != prev_done);
+ done |= !mbedtls_ct_size_bool_eq(input[i-1], 0);
+ size_t mask = mbedtls_ct_size_mask(done ^ prev_done);
+ *data_len |= i & mask;
}
return 0;
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index 737cf97..f92d000 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -1,7 +1,7 @@
/**
* \file cipher_wrap.c
*
- * \brief Generic cipher wrapper for mbed TLS
+ * \brief Generic cipher wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
diff --git a/library/constant_time.c b/library/constant_time.c
index c0f53bb..2307ed5 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -80,7 +80,8 @@
#endif
}
-#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) || defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) || \
+ defined(MBEDTLS_NIST_KW_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
size_t mbedtls_ct_size_mask(size_t value)
{
@@ -96,7 +97,8 @@
#endif
}
-#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
+#endif /* defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) || defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) ||
+ defined(MBEDTLS_NIST_KW_C) || defined(MBEDTLS_CIPHER_MODE_CBC) */
#if defined(MBEDTLS_BIGNUM_C)
@@ -116,7 +118,8 @@
#endif /* MBEDTLS_BIGNUM_C */
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) || defined(MBEDTLS_NIST_KW_C) || \
+ defined(MBEDTLS_CIPHER_MODE_CBC)
/** Constant-flow mask generation for "less than" comparison:
* - if \p x < \p y, return all-bits 1, that is (size_t) -1
@@ -151,7 +154,8 @@
return ~mbedtls_ct_size_mask_lt(x, y);
}
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
+#endif /* defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) || defined(MBEDTLS_NIST_KW_C) ||
+ defined(MBEDTLS_CIPHER_MODE_CBC) */
#if defined(MBEDTLS_BASE64_C)
diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h
index 402cf14..0ba8a7a 100644
--- a/library/constant_time_internal.h
+++ b/library/constant_time_internal.h
@@ -45,7 +45,8 @@
*/
unsigned mbedtls_ct_uint_mask(unsigned value);
-#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) || defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) || \
+ defined(MBEDTLS_NIST_KW_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
/** Turn a value into a mask:
* - if \p value == 0, return the all-bits 0 mask, aka 0
@@ -60,7 +61,8 @@
*/
size_t mbedtls_ct_size_mask(size_t value);
-#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
+#endif /* defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) || defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) ||
+ defined(MBEDTLS_NIST_KW_C) || defined(MBEDTLS_CIPHER_MODE_CBC) */
#if defined(MBEDTLS_BIGNUM_C)
@@ -79,7 +81,8 @@
#endif /* MBEDTLS_BIGNUM_C */
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) || defined(MBEDTLS_NIST_KW_C) || \
+ defined(MBEDTLS_CIPHER_MODE_CBC)
/** Constant-flow mask generation for "greater or equal" comparison:
* - if \p x >= \p y, return all-bits 1, that is (size_t) -1
@@ -97,7 +100,8 @@
size_t mbedtls_ct_size_mask_ge(size_t x,
size_t y);
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
+#endif /* defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) || defined(MBEDTLS_NIST_KW_C) ||
+ defined(MBEDTLS_CIPHER_MODE_CBC) */
/** Constant-flow boolean "equal" comparison:
* return x == y
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 3ede933..2fcb2fb 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -240,6 +240,19 @@
}
#endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */
+int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
+{
+ switch (gid) {
+#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ case MBEDTLS_ECP_DP_CURVE25519: return 0;
+#endif
+#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
+ case MBEDTLS_ECP_DP_CURVE448: return 0;
+#endif
+ default: return 1;
+ }
+}
+
#if !defined(MBEDTLS_ECDSA_SIGN_ALT)
/*
* Compute ECDSA signature of a hashed message (SEC1 4.1.3)
@@ -379,19 +392,6 @@
return ret;
}
-int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
-{
- switch (gid) {
-#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
- case MBEDTLS_ECP_DP_CURVE25519: return 0;
-#endif
-#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
- case MBEDTLS_ECP_DP_CURVE448: return 0;
-#endif
- default: return 1;
- }
-}
-
/*
* Compute ECDSA signature of a hashed message
*/
diff --git a/library/ecjpake.c b/library/ecjpake.c
index 3728d1a..17fa698 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -1060,7 +1060,7 @@
#if !defined(MBEDTLS_ECJPAKE_ALT)
/* 'reference handshake' tests can only be run against implementations
* for which we have 100% control over how the random ephemeral keys
- * are generated. This is only the case for the internal mbed TLS
+ * are generated. This is only the case for the internal Mbed TLS
* implementation, so these tests are skipped in case the internal
* implementation is swapped out for an alternative one. */
if (verbose != 0) {
diff --git a/library/error.c b/library/error.c
index f4826c8..6aa4b92 100644
--- a/library/error.c
+++ b/library/error.c
@@ -518,6 +518,8 @@
return( "SSL - A cryptographic operation is in progress. Try again later" );
case -(MBEDTLS_ERR_SSL_BAD_CONFIG):
return( "SSL - Invalid value in SSL config" );
+ case -(MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND):
+ return( "SSL - Cache entry not found" );
#endif /* MBEDTLS_SSL_TLS_C */
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
diff --git a/library/gcm.c b/library/gcm.c
index 0c958c7..71e7b2e 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -35,6 +35,7 @@
#include "mbedtls/platform.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
+#include "mbedtls/constant_time.h"
#include <string.h>
@@ -478,7 +479,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char check_tag[16];
- size_t i;
int diff;
GCM_VALIDATE_RET(ctx != NULL);
@@ -495,9 +495,7 @@
}
/* Check tag in "constant-time" */
- for (diff = 0, i = 0; i < tag_len; i++) {
- diff |= tag[i] ^ check_tag[i];
- }
+ diff = mbedtls_ct_memcmp(tag, check_tag, tag_len);
if (diff != 0) {
mbedtls_platform_zeroize(output, length);
diff --git a/library/md.c b/library/md.c
index 1e24ee4..4556378 100644
--- a/library/md.c
+++ b/library/md.c
@@ -1,7 +1,7 @@
/**
* \file md.c
*
- * \brief Generic message digest wrapper for mbed TLS
+ * \brief Generic message digest wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
diff --git a/library/mps_common.h b/library/mps_common.h
index 4a10176..80e3133 100644
--- a/library/mps_common.h
+++ b/library/mps_common.h
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**
diff --git a/library/mps_error.h b/library/mps_error.h
index 15570d2..5113959 100644
--- a/library/mps_error.h
+++ b/library/mps_error.h
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**
diff --git a/library/mps_reader.h b/library/mps_reader.h
index bff6705..bb912ec 100644
--- a/library/mps_reader.h
+++ b/library/mps_reader.h
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**
diff --git a/library/mps_trace.h b/library/mps_trace.h
index 6f0455f..f8e0a5d 100644
--- a/library/mps_trace.h
+++ b/library/mps_trace.h
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**
diff --git a/library/nist_kw.c b/library/nist_kw.c
index 5817bf4..4ff5e41 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -35,6 +35,7 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#include "mbedtls/constant_time.h"
+#include "constant_time_internal.h"
#include <stdint.h>
#include <string.h>
@@ -335,7 +336,7 @@
int ret = 0;
size_t i, olen;
unsigned char A[KW_SEMIBLOCK_LENGTH];
- unsigned char diff, bad_padding = 0;
+ unsigned char diff;
*out_len = 0;
if (out_size < in_len - KW_SEMIBLOCK_LENGTH) {
@@ -420,18 +421,13 @@
* larger than 8, because of the type wrap around.
*/
padlen = in_len - KW_SEMIBLOCK_LENGTH - Plen;
- if (padlen > 7) {
- padlen &= 7;
- ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
- }
+ ret = -(int) mbedtls_ct_uint_if(padlen & ~7, -MBEDTLS_ERR_CIPHER_AUTH_FAILED, -ret);
+ padlen &= 7;
/* Check padding in "constant-time" */
for (diff = 0, i = 0; i < KW_SEMIBLOCK_LENGTH; i++) {
- if (i >= KW_SEMIBLOCK_LENGTH - padlen) {
- diff |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
- } else {
- bad_padding |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
- }
+ size_t mask = mbedtls_ct_size_mask_ge(i, KW_SEMIBLOCK_LENGTH - padlen);
+ diff |= (unsigned char) (mask & output[*out_len - KW_SEMIBLOCK_LENGTH + i]);
}
if (diff != 0) {
@@ -454,7 +450,6 @@
*out_len = 0;
}
- mbedtls_platform_zeroize(&bad_padding, sizeof(bad_padding));
mbedtls_platform_zeroize(&diff, sizeof(diff));
mbedtls_platform_zeroize(A, sizeof(A));
diff --git a/library/padlock.c b/library/padlock.c
index 303f82c7..c09d31f 100644
--- a/library/padlock.c
+++ b/library/padlock.c
@@ -37,7 +37,7 @@
#endif
/* *INDENT-ON* */
-#if defined(MBEDTLS_HAVE_X86)
+#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
/*
* PadLock detection routine
@@ -161,6 +161,6 @@
return 0;
}
-#endif /* MBEDTLS_HAVE_X86 */
+#endif /* MBEDTLS_VIA_PADLOCK_HAVE_CODE */
#endif /* MBEDTLS_PADLOCK_C */
diff --git a/library/pkcs12.c b/library/pkcs12.c
index 039026b..89fda10 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -172,18 +172,46 @@
#endif /* MBEDTLS_ARC4_C */
}
+#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
+ mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t len,
+ unsigned char *output, size_t output_size,
+ size_t *output_len);
+#endif
+
int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
const unsigned char *pwd, size_t pwdlen,
const unsigned char *data, size_t len,
unsigned char *output)
{
+ size_t output_len = 0;
+
+ /* We assume caller of the function is providing a big enough output buffer
+ * so we pass output_size as SIZE_MAX to pass checks, However, no guarantees
+ * for the output size actually being correct.
+ */
+ return mbedtls_pkcs12_pbe_ext(pbe_params, mode, cipher_type, md_type,
+ pwd, pwdlen, data, len, output, SIZE_MAX,
+ &output_len);
+}
+
+int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
+ mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t len,
+ unsigned char *output, size_t output_size,
+ size_t *output_len)
+{
int ret, keylen = 0;
unsigned char key[32];
unsigned char iv[16];
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t cipher_ctx;
- size_t olen = 0;
+ size_t finish_olen = 0;
+ unsigned int padlen = 0;
if (pwd == NULL && pwdlen != 0) {
return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA;
@@ -196,6 +224,19 @@
keylen = cipher_info->key_bitlen / 8;
+ if (mode == MBEDTLS_PKCS12_PBE_DECRYPT) {
+ if (output_size < len) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+ }
+
+ if (mode == MBEDTLS_PKCS12_PBE_ENCRYPT) {
+ padlen = cipher_info->block_size - (len % cipher_info->block_size);
+ if (output_size < (len + padlen)) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+ }
+
if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, md_type, pwd, pwdlen,
key, keylen,
iv, cipher_info->iv_size)) != 0) {
@@ -214,6 +255,25 @@
goto exit;
}
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+ /* PKCS12 uses CBC with PKCS7 padding */
+
+ mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7;
+#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ /* For historical reasons, when decrypting, this function works when
+ * decrypting even when support for PKCS7 padding is disabled. In this
+ * case, it ignores the padding, and so will never report a
+ * password mismatch.
+ */
+ if (mode == MBEDTLS_PKCS12_PBE_DECRYPT) {
+ padding = MBEDTLS_PADDING_NONE;
+ }
+#endif
+ if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) {
+ goto exit;
+ }
+#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
+
if ((ret = mbedtls_cipher_set_iv(&cipher_ctx, iv, cipher_info->iv_size)) != 0) {
goto exit;
}
@@ -223,14 +283,16 @@
}
if ((ret = mbedtls_cipher_update(&cipher_ctx, data, len,
- output, &olen)) != 0) {
+ output, output_len)) != 0) {
goto exit;
}
- if ((ret = mbedtls_cipher_finish(&cipher_ctx, output + olen, &olen)) != 0) {
+ if ((ret = mbedtls_cipher_finish(&cipher_ctx, output + (*output_len), &finish_olen)) != 0) {
ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH;
}
+ *output_len += finish_olen;
+
exit:
mbedtls_platform_zeroize(key, sizeof(key));
mbedtls_platform_zeroize(iv, sizeof(iv));
diff --git a/library/pkcs5.c b/library/pkcs5.c
index 52f1a0d..ebf391a 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -44,6 +44,7 @@
#include "mbedtls/platform.h"
+
#if defined(MBEDTLS_ASN1_PARSE_C)
static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params,
mbedtls_asn1_buf *salt, int *iterations,
@@ -109,23 +110,47 @@
return 0;
}
+#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t datalen,
+ unsigned char *output, size_t output_size,
+ size_t *output_len);
+#endif
+
int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode,
const unsigned char *pwd, size_t pwdlen,
const unsigned char *data, size_t datalen,
unsigned char *output)
{
+ size_t output_len = 0;
+
+ /* We assume caller of the function is providing a big enough output buffer
+ * so we pass output_size as SIZE_MAX to pass checks, However, no guarantees
+ * for the output size actually being correct.
+ */
+ return mbedtls_pkcs5_pbes2_ext(pbe_params, mode, pwd, pwdlen, data,
+ datalen, output, SIZE_MAX, &output_len);
+}
+
+int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode,
+ const unsigned char *pwd, size_t pwdlen,
+ const unsigned char *data, size_t datalen,
+ unsigned char *output, size_t output_size,
+ size_t *output_len)
+{
int ret, iterations = 0, keylen = 0;
unsigned char *p, *end;
mbedtls_asn1_buf kdf_alg_oid, enc_scheme_oid, kdf_alg_params, enc_scheme_params;
mbedtls_asn1_buf salt;
mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1;
unsigned char key[32], iv[32];
- size_t olen = 0;
const mbedtls_md_info_t *md_info;
const mbedtls_cipher_info_t *cipher_info;
mbedtls_md_context_t md_ctx;
mbedtls_cipher_type_t cipher_alg;
mbedtls_cipher_context_t cipher_ctx;
+ unsigned int padlen = 0;
p = pbe_params->p;
end = p + pbe_params->len;
@@ -188,7 +213,21 @@
return MBEDTLS_ERR_PKCS5_INVALID_FORMAT;
}
+ if (mode == MBEDTLS_PKCS5_DECRYPT) {
+ if (output_size < datalen) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+ }
+
+ if (mode == MBEDTLS_PKCS5_ENCRYPT) {
+ padlen = cipher_info->block_size - (datalen % cipher_info->block_size);
+ if (output_size < (datalen + padlen)) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+ }
+
mbedtls_md_init(&md_ctx);
+
mbedtls_cipher_init(&cipher_ctx);
memcpy(iv, enc_scheme_params.p, enc_scheme_params.len);
@@ -211,8 +250,28 @@
goto exit;
}
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+ /* PKCS5 uses CBC with PKCS7 padding (which is the same as
+ * "PKCS5 padding" except that it's typically only called PKCS5
+ * with 64-bit-block ciphers).
+ */
+ mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7;
+#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ /* For historical reasons, when decrypting, this function works when
+ * decrypting even when support for PKCS7 padding is disabled. In this
+ * case, it ignores the padding, and so will never report a
+ * password mismatch.
+ */
+ if (mode == MBEDTLS_DECRYPT) {
+ padding = MBEDTLS_PADDING_NONE;
+ }
+#endif
+ if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) {
+ goto exit;
+ }
+#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
if ((ret = mbedtls_cipher_crypt(&cipher_ctx, iv, enc_scheme_params.len,
- data, datalen, output, &olen)) != 0) {
+ data, datalen, output, output_len)) != 0) {
ret = MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH;
}
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index fade286..e4b865e 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3393,7 +3393,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
- size_t default_iv_length;
+ size_t default_iv_length = 0;
if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 688ea38..781c9d2 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -238,12 +238,12 @@
const uint8_t *data,
size_t data_length);
-/** Convert an mbed TLS error code to a PSA error code
+/** Convert an Mbed TLS error code to a PSA error code
*
* \note This function is provided solely for the convenience of
* Mbed TLS and may be removed at any time without notice.
*
- * \param ret An mbed TLS-thrown error code
+ * \param ret An Mbed TLS-thrown error code
*
* \return The corresponding PSA error code
*/
diff --git a/library/rsa.c b/library/rsa.c
index f44b2c3..01d0eb0 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1351,7 +1351,8 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t ilen, i, pad_len;
- unsigned char *p, bad, pad_done;
+ unsigned char *p, pad_done;
+ int bad;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
unsigned char lhash[MBEDTLS_MD_MAX_SIZE];
unsigned int hlen;
@@ -1439,9 +1440,8 @@
p += hlen; /* Skip seed */
/* Check lHash */
- for (i = 0; i < hlen; i++) {
- bad |= lhash[i] ^ *p++;
- }
+ bad |= mbedtls_ct_memcmp(lhash, p, hlen);
+ p += hlen;
/* Get zero-padding len, but always read till end of buffer
* (minus one, for the 01 byte) */
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 0f0e610..6082074 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -26,6 +26,7 @@
#if defined(MBEDTLS_SSL_CACHE_C)
#include "mbedtls/platform.h"
+#include "mbedtls/error.h"
#include "mbedtls/ssl_cache.h"
#include "mbedtls/ssl_internal.h"
@@ -46,7 +47,7 @@
int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session)
{
- int ret = 1;
+ int ret = MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND;
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t t = mbedtls_time(NULL);
#endif
@@ -54,8 +55,8 @@
mbedtls_ssl_cache_entry *cur, *entry;
#if defined(MBEDTLS_THREADING_C)
- if (mbedtls_mutex_lock(&cache->mutex) != 0) {
- return 1;
+ if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) {
+ return ret;
}
#endif
@@ -81,7 +82,6 @@
ret = mbedtls_ssl_session_copy(session, &entry->session);
if (ret != 0) {
- ret = 1;
goto exit;
}
@@ -97,16 +97,15 @@
if ((session->peer_cert = mbedtls_calloc(1,
sizeof(mbedtls_x509_crt))) == NULL) {
- ret = 1;
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto exit;
}
mbedtls_x509_crt_init(session->peer_cert);
- if (mbedtls_x509_crt_parse(session->peer_cert, entry->peer_cert.p,
- entry->peer_cert.len) != 0) {
+ if ((ret = mbedtls_x509_crt_parse(session->peer_cert, entry->peer_cert.p,
+ entry->peer_cert.len)) != 0) {
mbedtls_free(session->peer_cert);
session->peer_cert = NULL;
- ret = 1;
goto exit;
}
}
@@ -119,7 +118,7 @@
exit:
#if defined(MBEDTLS_THREADING_C)
if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
- ret = 1;
+ ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
}
#endif
@@ -128,7 +127,7 @@
int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session)
{
- int ret = 1;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t t = mbedtls_time(NULL), oldest = 0;
mbedtls_ssl_cache_entry *old = NULL;
@@ -179,7 +178,9 @@
*/
if (count >= cache->max_entries) {
if (old == NULL) {
- ret = 1;
+ /* This should only happen on an ill-configured cache
+ * with max_entries == 0. */
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
goto exit;
}
@@ -192,7 +193,7 @@
*/
if (count >= cache->max_entries) {
if (cache->chain == NULL) {
- ret = 1;
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
goto exit;
}
@@ -208,7 +209,7 @@
*/
cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry));
if (cur == NULL) {
- ret = 1;
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto exit;
}
@@ -242,7 +243,6 @@
* field anymore in the first place, and we're done after this call. */
ret = mbedtls_ssl_session_copy(&cur->session, session);
if (ret != 0) {
- ret = 1;
goto exit;
}
@@ -253,7 +253,7 @@
cur->peer_cert.p =
mbedtls_calloc(1, cur->session.peer_cert->raw.len);
if (cur->peer_cert.p == NULL) {
- ret = 1;
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
goto exit;
}
@@ -273,7 +273,7 @@
exit:
#if defined(MBEDTLS_THREADING_C)
if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
- ret = 1;
+ ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
}
#endif
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index b37921a..f1e9956 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -1,7 +1,7 @@
/**
* \file ssl_ciphersuites.c
*
- * \brief SSL ciphersuites for mbed TLS
+ * \brief SSL ciphersuites for Mbed TLS
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 8a2ab7b..4e9cc7f 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -1149,6 +1149,14 @@
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
if (mode == MBEDTLS_MODE_STREAM) {
+ if (rec->data_len < transform->maclen) {
+ MBEDTLS_SSL_DEBUG_MSG(1,
+ ("Record too short for MAC:"
+ " %" MBEDTLS_PRINTF_SIZET " < %" MBEDTLS_PRINTF_SIZET,
+ rec->data_len, transform->maclen));
+ return MBEDTLS_ERR_SSL_INVALID_MAC;
+ }
+
padlen = 0;
if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_dec,
transform->iv_dec,
@@ -1561,7 +1569,7 @@
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD] = { 0 };
unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD] = { 0 };
- /* If the initial value of padlen was such that
+ /* For CBC+MAC, If the initial value of padlen was such that
* data_len < maclen + padlen + 1, then padlen
* got reset to 1, and the initial check
* data_len >= minlen + maclen + 1
@@ -1573,6 +1581,9 @@
* subtracted either padlen + 1 (if the padding was correct)
* or 0 (if the padding was incorrect) since then,
* hence data_len >= maclen in any case.
+ *
+ * For stream ciphers, we checked above that
+ * data_len >= maclen.
*/
rec->data_len -= transform->maclen;
ssl_extract_add_data_from_record(add_data, &add_data_len, rec,
diff --git a/library/version_features.c b/library/version_features.c
index 049a58a..ad8a357 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -75,6 +75,12 @@
#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
"MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT",
#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
+#if defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
+ "MBEDTLS_PLATFORM_GMTIME_R_ALT",
+#endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */
+#if defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
+ "MBEDTLS_PLATFORM_ZEROIZE_ALT",
+#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
#if defined(MBEDTLS_DEPRECATED_WARNING)
"MBEDTLS_DEPRECATED_WARNING",
#endif /* MBEDTLS_DEPRECATED_WARNING */
@@ -312,6 +318,9 @@
#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
"MBEDTLS_REMOVE_3DES_CIPHERSUITES",
#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED",
+#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
"MBEDTLS_ECP_DP_SECP192R1_ENABLED",
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
@@ -576,6 +585,9 @@
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
"MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH",
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
+#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
+ "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE",
+#endif /* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE */
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
"MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN",
#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index beac5d5..5c47cb4 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -294,7 +294,6 @@
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
mbedtls_printf(" connection was closed gracefully\n");
- ret = 0;
goto close_notify;
default:
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 2128d02..38833cf 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -331,7 +331,6 @@
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
printf(" connection was closed gracefully\n");
- ret = 0;
goto close_notify;
default:
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index ebdef4f..41b12e9 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -1,5 +1,5 @@
/*
- * MbedTLS SSL context deserializer from base64 code
+ * Mbed TLS SSL context deserializer from base64 code
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index adba12a..d50a6b8 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -69,7 +69,7 @@
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 89a26fc..a10aa76 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -771,9 +771,9 @@
mbedtls_printf(" > Write content to server:");
fflush(stdout);
- len = sprintf((char *) buf, "From: %s\r\nSubject: mbed TLS Test mail\r\n\r\n"
+ len = sprintf((char *) buf, "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n"
"This is a simple test mail from the "
- "mbed TLS mail client example.\r\n"
+ "Mbed TLS mail client example.\r\n"
"\r\n"
"Enjoy!", opt.mail_from);
ret = write_ssl_data(&ssl, buf, len);
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index b4a718d..a2a0ca3 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -71,7 +71,7 @@
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 69fd0bb..f8ce7c4 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -64,7 +64,7 @@
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 2d5a133..c3c5149 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -160,7 +160,7 @@
* packets (for fragmentation purposes) */
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n" // LONG_RESPONSE
/*
@@ -3437,7 +3437,6 @@
switch (ret) {
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
mbedtls_printf(" connection was closed gracefully\n");
- ret = 0;
goto close_notify;
default:
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index bbb7046..cf92e95 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -89,12 +89,12 @@
#define HEADER_FORMAT " %-24s : "
#define TITLE_LEN 25
-#define OPTIONS \
- "md4, md5, ripemd160, sha1, sha256, sha512,\n" \
- "arc4, des3, des, camellia, blowfish, chacha20,\n" \
- "aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,\n" \
- "aes_cmac, des3_cmac, poly1305\n" \
- "havege, ctr_drbg, hmac_drbg\n" \
+#define OPTIONS \
+ "md4, md5, ripemd160, sha1, sha256, sha512,\n" \
+ "arc4, des3, des, camellia, blowfish, chacha20,\n" \
+ "aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly,\n" \
+ "aes_cmac, des3_cmac, poly1305\n" \
+ "havege, ctr_drbg, hmac_drbg\n" \
"rsa, dhm, ecdsa, ecdh.\n"
#if defined(MBEDTLS_ERROR_C)
@@ -280,7 +280,7 @@
typedef struct {
char md4, md5, ripemd160, sha1, sha256, sha512,
arc4, des3, des,
- aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,
+ aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly,
aes_cmac, des3_cmac,
aria, camellia, blowfish, chacha20,
poly1305,
@@ -336,6 +336,10 @@
todo.des = 1;
} else if (strcmp(argv[i], "aes_cbc") == 0) {
todo.aes_cbc = 1;
+ } else if (strcmp(argv[i], "aes_cfb128") == 0) {
+ todo.aes_cfb128 = 1;
+ } else if (strcmp(argv[i], "aes_cfb8") == 0) {
+ todo.aes_cfb8 = 1;
} else if (strcmp(argv[i], "aes_xts") == 0) {
todo.aes_xts = 1;
} else if (strcmp(argv[i], "aes_gcm") == 0) {
@@ -432,6 +436,7 @@
#if defined(MBEDTLS_ARC4_C)
if (todo.arc4) {
mbedtls_arc4_context arc4;
+
mbedtls_arc4_init(&arc4);
mbedtls_arc4_setup(&arc4, tmp, 32);
TIME_AND_TSC("ARC4", mbedtls_arc4_crypt(&arc4, BUFSIZE, buf, buf));
@@ -443,6 +448,7 @@
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if (todo.des3) {
mbedtls_des3_context des3;
+
mbedtls_des3_init(&des3);
if (mbedtls_des3_set3key_enc(&des3, tmp) != 0) {
mbedtls_exit(1);
@@ -454,6 +460,7 @@
if (todo.des) {
mbedtls_des_context des;
+
mbedtls_des_init(&des);
if (mbedtls_des_setkey_enc(&des, tmp) != 0) {
mbedtls_exit(1);
@@ -486,6 +493,7 @@
if (todo.aes_cbc) {
int keysize;
mbedtls_aes_context aes;
+
mbedtls_aes_init(&aes);
for (keysize = 128; keysize <= 256; keysize += 64) {
mbedtls_snprintf(title, sizeof(title), "AES-CBC-%d", keysize);
@@ -500,6 +508,44 @@
mbedtls_aes_free(&aes);
}
#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+ if (todo.aes_cfb128) {
+ int keysize;
+ size_t iv_off = 0;
+ mbedtls_aes_context aes;
+
+ mbedtls_aes_init(&aes);
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "AES-CFB128-%d", keysize);
+
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize));
+
+ TIME_AND_TSC(title,
+ mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE,
+ &iv_off, tmp, buf, buf));
+ }
+ mbedtls_aes_free(&aes);
+ }
+ if (todo.aes_cfb8) {
+ int keysize;
+ mbedtls_aes_context aes;
+
+ mbedtls_aes_init(&aes);
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "AES-CFB8-%d", keysize);
+
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize));
+
+ TIME_AND_TSC(title,
+ mbedtls_aes_crypt_cfb8(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf));
+ }
+ mbedtls_aes_free(&aes);
+ }
+#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
if (todo.aes_xts) {
int keysize;
@@ -617,6 +663,7 @@
if (todo.aria) {
int keysize;
mbedtls_aria_context aria;
+
mbedtls_aria_init(&aria);
for (keysize = 128; keysize <= 256; keysize += 64) {
mbedtls_snprintf(title, sizeof(title), "ARIA-CBC-%d", keysize);
@@ -637,6 +684,7 @@
if (todo.camellia) {
int keysize;
mbedtls_camellia_context camellia;
+
mbedtls_camellia_init(&camellia);
for (keysize = 128; keysize <= 256; keysize += 64) {
mbedtls_snprintf(title, sizeof(title), "CAMELLIA-CBC-%d", keysize);
@@ -669,6 +717,7 @@
if (todo.blowfish) {
int keysize;
mbedtls_blowfish_context blowfish;
+
mbedtls_blowfish_init(&blowfish);
for (keysize = 128; keysize <= 256; keysize += 64) {
@@ -690,6 +739,7 @@
#if defined(MBEDTLS_HAVEGE_C)
if (todo.havege) {
mbedtls_havege_state hs;
+
mbedtls_havege_init(&hs);
TIME_AND_TSC("HAVEGE", mbedtls_havege_random(&hs, buf, BUFSIZE));
mbedtls_havege_free(&hs);
@@ -774,6 +824,7 @@
if (todo.rsa) {
int keysize;
mbedtls_rsa_context rsa;
+
for (keysize = 2048; keysize <= 4096; keysize *= 2) {
mbedtls_snprintf(title, sizeof(title), "RSA-%d", keysize);
@@ -815,6 +866,7 @@
mbedtls_dhm_context dhm;
size_t olen;
+
for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) {
mbedtls_dhm_init(&dhm);
@@ -928,6 +980,7 @@
if (curve_list == (const mbedtls_ecp_curve_info *) &single_curve) {
mbedtls_ecp_group grp;
+
mbedtls_ecp_group_init(&grp);
if (mbedtls_ecp_group_load(&grp, curve_list->grp_id) != 0) {
mbedtls_exit(1);
diff --git a/programs/test/query_config.c b/programs/test/query_config.c
index b3a6a59..9bf717c 100644
--- a/programs/test/query_config.c
+++ b/programs/test/query_config.c
@@ -260,6 +260,22 @@
}
#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
+#if defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_GMTIME_R_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_GMTIME_R_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */
+
+#if defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_ZEROIZE_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_ZEROIZE_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
+
#if defined(MBEDTLS_DEPRECATED_WARNING)
if( strcmp( "MBEDTLS_DEPRECATED_WARNING", config ) == 0 )
{
@@ -892,6 +908,14 @@
}
#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ if( strcmp( "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
+
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
if( strcmp( "MBEDTLS_ECP_DP_SECP192R1_ENABLED", config ) == 0 )
{
@@ -1596,6 +1620,14 @@
}
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
+#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
+ if( strcmp( "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE */
+
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
if( strcmp( "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN", config ) == 0 )
{
@@ -2844,38 +2876,6 @@
}
#endif /* MBEDTLS_X509_MAX_FILE_PATH_LEN */
-#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
- if( strcmp( "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE", config ) == 0 )
- {
- MACRO_EXPANSION_TO_STR( MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE );
- return( 0 );
- }
-#endif /* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE */
-
-#if defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
- if( strcmp( "MBEDTLS_PLATFORM_ZEROIZE_ALT", config ) == 0 )
- {
- MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_ZEROIZE_ALT );
- return( 0 );
- }
-#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
-
-#if defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
- if( strcmp( "MBEDTLS_PLATFORM_GMTIME_R_ALT", config ) == 0 )
- {
- MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_GMTIME_R_ALT );
- return( 0 );
- }
-#endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */
-
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
- if( strcmp( "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED", config ) == 0 )
- {
- MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED );
- return( 0 );
- }
-#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
-
/* If the symbol is not found, return an error */
return 1;
}
@@ -2946,6 +2946,14 @@
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT);
#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
+#if defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_GMTIME_R_ALT);
+#endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */
+
+#if defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_ZEROIZE_ALT);
+#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
+
#if defined(MBEDTLS_DEPRECATED_WARNING)
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_DEPRECATED_WARNING);
#endif /* MBEDTLS_DEPRECATED_WARNING */
@@ -3262,6 +3270,10 @@
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_REMOVE_3DES_CIPHERSUITES);
#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED);
+#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
+
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_DP_SECP192R1_ENABLED);
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
@@ -3614,6 +3626,10 @@
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH);
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
+#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE);
+#endif /* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE */
+
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN);
#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */
@@ -4238,22 +4254,6 @@
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_X509_MAX_FILE_PATH_LEN);
#endif /* MBEDTLS_X509_MAX_FILE_PATH_LEN */
-#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
- OUTPUT_MACRO_NAME_VALUE(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE);
-#endif /* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE */
-
-#if defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
- OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_ZEROIZE_ALT);
-#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
-
-#if defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
- OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_GMTIME_R_ALT);
-#endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */
-
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
- OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED);
-#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
-
}
#if defined(_MSC_VER)
diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py
index d27cc47..d44678b 100755
--- a/scripts/assemble_changelog.py
+++ b/scripts/assemble_changelog.py
@@ -60,6 +60,11 @@
message = ('Lost content from {}: "{}"'.format(filename, line))
super().__init__(message)
+class FilePathError(Exception):
+ def __init__(self, filenames):
+ message = ('Changelog filenames do not end with .txt: {}'.format(", ".join(filenames)))
+ super().__init__(message)
+
# The category names we use in the changelog.
# If you edit this, update ChangeLog.d/README.md.
STANDARD_CATEGORIES = (
@@ -445,8 +450,21 @@
"""List the entry files to merge, oldest first.
"Oldest" is defined by `EntryFileSortKey`.
+
+ Also check for required .txt extension
"""
- files_to_merge = glob.glob(os.path.join(options.dir, '*.txt'))
+ files_to_merge = glob.glob(os.path.join(options.dir, '*'))
+
+ # Ignore 00README.md
+ readme = os.path.join(options.dir, "00README.md")
+ if readme in files_to_merge:
+ files_to_merge.remove(readme)
+
+ # Identify files without the required .txt extension
+ bad_files = [x for x in files_to_merge if not x.endswith(".txt")]
+ if bad_files:
+ raise FilePathError(bad_files)
+
files_to_merge.sort(key=EntryFileSortKey)
return files_to_merge
@@ -454,6 +472,7 @@
"""Merge changelog entries into the changelog file.
Read the changelog file from options.input.
+ Check that all entries have a .txt extension
Read entries to merge from the directory options.dir.
Write the new changelog to options.output.
Remove the merged entries if options.keep_entries is false.
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index df629e9..b84308d 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -125,7 +125,7 @@
sed -e "s/_VERSION_PATCH .\{1,\}/_VERSION_PATCH $PATCH/" | \
sed -e "s/_VERSION_NUMBER .\{1,\}/_VERSION_NUMBER $VERSION_NR/" | \
sed -e "s/_VERSION_STRING .\{1,\}/_VERSION_STRING \"$VERSION\"/" | \
- sed -e "s/_VERSION_STRING_FULL .\{1,\}/_VERSION_STRING_FULL \"mbed TLS $VERSION\"/" \
+ sed -e "s/_VERSION_STRING_FULL .\{1,\}/_VERSION_STRING_FULL \"Mbed TLS $VERSION\"/" \
> tmp
mv tmp include/mbedtls/version.h
@@ -136,7 +136,7 @@
[ $VERBOSE ] && echo "Bumping PROJECT_NAME in doxygen/mbedtls.doxyfile and doxygen/input/doc_mainpage.h"
for i in doxygen/mbedtls.doxyfile doxygen/input/doc_mainpage.h;
do
- sed -e "s/mbed TLS v[0-9\.]\{1,\}/mbed TLS v$VERSION/g" < $i > tmp
+ sed -e "s/\\([Mm]bed TLS v\\)[0-9][0-9.]*/\\1$VERSION/g" < $i > tmp
mv tmp $i
done
diff --git a/scripts/config.py b/scripts/config.py
index 2db67ef..2f79978 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -225,7 +225,11 @@
Exclude alternative implementations of library functions since they require
an implementation of the relevant functions and an xxx_alt.h header.
"""
- if name == 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT':
+ if name in (
+ 'MBEDTLS_PLATFORM_GMTIME_R_ALT',
+ 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT',
+ 'MBEDTLS_PLATFORM_ZEROIZE_ALT',
+ ):
# Similar to non-platform xxx_ALT, requires platform_alt.h
return False
return name.startswith('MBEDTLS_PLATFORM_')
diff --git a/scripts/footprint.sh b/scripts/footprint.sh
index 4d7be7a..8e7f60a 100755
--- a/scripts/footprint.sh
+++ b/scripts/footprint.sh
@@ -17,7 +17,7 @@
#
# Purpose
#
-# This script determines ROM size (or code size) for the standard mbed TLS
+# This script determines ROM size (or code size) for the standard Mbed TLS
# configurations, when built for a Cortex M3/M4 target.
#
# Configurations included:
@@ -108,7 +108,7 @@
fi
log ""
-log "mbed TLS $MBEDTLS_VERSION$GIT_VERSION"
+log "Mbed TLS $MBEDTLS_VERSION$GIT_VERSION"
log "$( arm-none-eabi-gcc --version | head -n1 )"
log "CFLAGS=$ARMGCC_FLAGS"
diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl
index 74a9527..6b1ef10 100755
--- a/scripts/generate_features.pl
+++ b/scripts/generate_features.pl
@@ -39,8 +39,8 @@
my $feature_format_file = $data_dir.'/version_features.fmt';
-my @sections = ( "System support", "mbed TLS modules",
- "mbed TLS feature support" );
+my @sections = ( "System support", "Mbed TLS modules",
+ "Mbed TLS feature support" );
my $line_separator = $/;
undef $/;
diff --git a/scripts/lcov.sh b/scripts/lcov.sh
index 8d141ee..6bba02f 100755
--- a/scripts/lcov.sh
+++ b/scripts/lcov.sh
@@ -51,7 +51,7 @@
lcov --rc lcov_branch_coverage=1 --add-tracefile Coverage/tmp/files.info --add-tracefile Coverage/tmp/tests.info -o Coverage/tmp/all.info
lcov --rc lcov_branch_coverage=1 --remove Coverage/tmp/all.info -o Coverage/tmp/final.info '*.h'
gendesc tests/Descriptions.txt -o Coverage/tmp/descriptions
- genhtml --title "mbed TLS" --description-file Coverage/tmp/descriptions --keep-descriptions --legend --branch-coverage -o Coverage Coverage/tmp/final.info
+ genhtml --title "Mbed TLS" --description-file Coverage/tmp/descriptions --keep-descriptions --legend --branch-coverage -o Coverage Coverage/tmp/final.info
rm -f Coverage/tmp/*.info Coverage/tmp/descriptions
echo "Coverage report in: Coverage/index.html"
}
diff --git a/scripts/rename.pl b/scripts/rename.pl
index 9ea5f09..2214f37 100755
--- a/scripts/rename.pl
+++ b/scripts/rename.pl
@@ -17,8 +17,8 @@
#
# Purpose
#
-# This script migrates application source code from the mbed TLS 1.3 API to the
-# mbed TLS 2.0 API.
+# This script migrates application source code from the Mbed TLS 1.3 API to the
+# Mbed TLS 2.0 API.
#
# The script processes the given source code and renames identifiers - functions
# types, enums etc, as
@@ -88,7 +88,7 @@
if( dir($filename)->parent eq $lib_include_dir ||
dir($filename)->parent eq $lib_source_dir )
{
- die "Script cannot be executed on the mbed TLS library itself.";
+ die "Script cannot be executed on the Mbed TLS library itself.";
}
if( -d $filename ) { print STDERR "skip (directory)\n"; next }
diff --git a/tests/compat.sh b/tests/compat.sh
index 9529975..ba8465b 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -276,7 +276,7 @@
{
if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ];
then
- # Ciphersuite for mbed TLS
+ # Ciphersuite for Mbed TLS
M_CIPHERS=$( filter "$M_CIPHERS" )
# Ciphersuite for OpenSSL
@@ -286,7 +286,7 @@
G_CIPHERS=$( filter "$G_CIPHERS" )
fi
- # For GnuTLS client -> mbed TLS server,
+ # For GnuTLS client -> Mbed TLS server,
# we need to force IPv4 by connecting to 127.0.0.1 but then auth fails
if is_dtls "$MODE" && [ "X$VERIFY" = "XYES" ]; then
G_CIPHERS=""
diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h
index fbec4f4..ed30be5 100644
--- a/tests/configs/user-config-for-test.h
+++ b/tests/configs/user-config-for-test.h
@@ -23,11 +23,31 @@
*/
#if defined(PSA_CRYPTO_DRIVER_TEST_ALL)
+/* PSA_CRYPTO_DRIVER_TEST_ALL activates test drivers while keeping the
+ * built-in implementations active. Normally setting MBEDTLS_PSA_ACCEL_xxx
+ * would disable MBEDTLS_PSA_BUILTIN_xxx unless fallback is activated, but
+ * here we arrange to have both active so that psa_crypto_*.c includes
+ * the built-in implementations and the driver code can call the built-in
+ * implementations.
+ *
+ * The point of this test mode is to verify that the
+ * driver entry points are called when they should be in a lightweight
+ * way, without requiring an actual driver. This is different from builds
+ * with libtestdriver1, where we make a copy of the library source code
+ * and use that as an external driver.
+ */
/* Enable the use of the test driver in the library, and build the generic
* part of the test driver. */
#define PSA_CRYPTO_DRIVER_TEST
+/* With MBEDTLS_PSA_CRYPTO_CONFIG, if we set up the acceleration, the
+ * built-in implementations won't be enabled. */
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
+#error \
+ "PSA_CRYPTO_DRIVER_TEST_ALL sets up a nonstandard configuration that is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG"
+#endif
+
/* Use the accelerator driver for all cryptographic mechanisms for which
* the test driver implemented. */
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
diff --git a/tests/configs/config-wrapper-malloc-0-null.h b/tests/configs/user-config-malloc-0-null.h
similarity index 82%
rename from tests/configs/config-wrapper-malloc-0-null.h
rename to tests/configs/user-config-malloc-0-null.h
index 622ac57..366dfc4 100644
--- a/tests/configs/config-wrapper-malloc-0-null.h
+++ b/tests/configs/user-config-malloc-0-null.h
@@ -1,4 +1,4 @@
-/* config.h wrapper that forces calloc(0) to return NULL.
+/* config.h modifier that forces calloc(0) to return NULL.
* Used for testing.
*/
/*
@@ -18,11 +18,6 @@
* limitations under the License.
*/
-#ifndef MBEDTLS_CONFIG_H
-/* Don't #define MBEDTLS_CONFIG_H, let config.h do it. */
-
-#include "mbedtls/config.h"
-
#include <stdlib.h>
#ifndef MBEDTLS_PLATFORM_STD_CALLOC
@@ -37,5 +32,3 @@
#define MBEDTLS_PLATFORM_MEMORY
#define MBEDTLS_PLATFORM_STD_CALLOC custom_calloc
#endif
-
-#endif /* MBEDTLS_CONFIG_H */
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index e2e4190..f67db07 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -1,7 +1,7 @@
## This file contains a record of how some of the test data was
## generated. The final build products are committed to the repository
## as well to make sure that the test data is identical. You do not
-## need to use this makefile unless you're extending mbed TLS's tests.
+## need to use this makefile unless you're extending Mbed TLS's tests.
## Many data files were generated prior to the existence of this
## makefile, so the method of their generation was not recorded.
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index 6b51950..74fcece 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -468,6 +468,27 @@
size_t cid0_len,
size_t cid1_len);
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
+/**
+ * \param[in,out] record The record to prepare.
+ * It must contain the data to MAC at offset
+ * `record->data_offset`, of length
+ * `record->data_length`.
+ * On success, write the MAC immediately
+ * after the data and increment
+ * `record->data_length` accordingly.
+ * \param[in,out] transform_out The out transform, typically prepared by
+ * mbedtls_test_ssl_build_transforms().
+ * Its HMAC context may be used. Other than that
+ * it is treated as an input parameter.
+ *
+ * \return 0 on success, an `MBEDTLS_ERR_xxx` error code
+ * or -1 on error.
+ */
+int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
+ mbedtls_ssl_transform *transform_out);
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
+
/*
* Populate a session structure for serialization tests.
* Choose dummy values, mostly non-0 to distinguish from the init default.
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 4ed1949..afb4a9d 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -125,7 +125,7 @@
pre_check_environment () {
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ echo "Must be run from Mbed TLS root" >&2
exit 1
fi
}
@@ -2122,7 +2122,6 @@
}
component_test_psa_crypto_config_no_driver() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
@@ -2134,24 +2133,33 @@
make test
}
-component_test_psa_crypto_config_chachapoly_disabled() {
- # full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
- msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
+component_test_aead_chachapoly_disabled() {
+ msg "build: full minus CHACHAPOLY"
scripts/config.py full
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_GCM
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CHACHA20_POLY1305
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
- msg "test: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
+ msg "test: full minus CHACHAPOLY"
+ make test
+}
+
+component_test_aead_only_ccm() {
+ msg "build: full minus CHACHAPOLY and GCM"
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM
+ make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
+
+ msg "test: full minus CHACHAPOLY and GCM"
make test
}
# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test.
component_build_psa_accel_alg_ecdh() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH
- # without MBEDTLS_ECDH_C
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2168,8 +2176,7 @@
# This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test.
component_build_psa_accel_key_type_ecc_key_pair() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2182,8 +2189,7 @@
# This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test.
component_build_psa_accel_key_type_ecc_public_key() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2196,8 +2202,7 @@
# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test.
component_build_psa_accel_alg_hmac() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2208,9 +2213,7 @@
# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test.
component_build_psa_accel_alg_hkdf() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HKDF
- # without MBEDTLS_HKDF_C
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2224,8 +2227,7 @@
# This should be renamed to test and updated once the accelerator MD2 code is in place and ready to test.
component_build_psa_accel_alg_md2() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD2 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD2 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD2 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2244,8 +2246,7 @@
# This should be renamed to test and updated once the accelerator MD4 code is in place and ready to test.
component_build_psa_accel_alg_md4() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD4 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD4 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD4 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2264,8 +2265,7 @@
# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test.
component_build_psa_accel_alg_md5() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD5 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD5 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD5 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2284,8 +2284,7 @@
# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test.
component_build_psa_accel_alg_ripemd160() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RIPEMD160 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RIPEMD160 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RIPEMD160 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2304,8 +2303,7 @@
# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test.
component_build_psa_accel_alg_sha1() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_1 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_1 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_1 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2324,8 +2322,7 @@
# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test.
component_build_psa_accel_alg_sha224() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_224 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_224 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_224 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2343,8 +2340,7 @@
# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test.
component_build_psa_accel_alg_sha256() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_256 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_256 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_256 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2363,8 +2359,7 @@
# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test.
component_build_psa_accel_alg_sha384() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_384 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_384 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_384 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2382,8 +2377,7 @@
# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test.
component_build_psa_accel_alg_sha512() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_512 without other hashes
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_512 - other hashes"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_512 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2402,8 +2396,7 @@
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_alg_rsa_pkcs1v15_crypt() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2418,8 +2411,7 @@
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_alg_rsa_pkcs1v15_sign() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_SIGN and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2434,8 +2426,7 @@
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_alg_rsa_oaep() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_OAEP and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2450,8 +2441,7 @@
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_alg_rsa_pss() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PSS and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2466,8 +2456,7 @@
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_key_type_rsa_key_pair() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR and PSA_WANT_ALG_RSA_PSS
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR + PSA_WANT_ALG_RSA_PSS"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR + PSA_WANT_ALG_RSA_PSS"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2480,8 +2469,7 @@
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
component_build_psa_accel_key_type_rsa_public_key() {
- # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY and PSA_WANT_ALG_RSA_PSS
- msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS"
+ msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
@@ -2834,7 +2822,7 @@
component_test_malloc_0_null () {
msg "build: malloc(0) returns NULL (ASan+UBSan build)"
scripts/config.py full
- make CC=gcc CFLAGS="'-DMBEDTLS_CONFIG_FILE=\"$PWD/tests/configs/config-wrapper-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS"
+ make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS"
msg "test: malloc(0) returns NULL (ASan+UBSan build)"
make test
@@ -2928,17 +2916,16 @@
}
component_test_psa_crypto_drivers () {
- msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks"
+ msg "build: full + test drivers dispatching to builtins"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
- scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
loc_cflags="${loc_cflags} -I../tests/include -O2"
make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
- msg "test: full + MBEDTLS_PSA_CRYPTO_DRIVERS"
+ msg "test: full + test drivers dispatching to builtins"
make test
}
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index abc4a2f..196ce45 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -43,7 +43,7 @@
set -eu
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ echo "Must be run from Mbed TLS root" >&2
exit 1
fi
diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl
index 3ed7069..dd95530 100755
--- a/tests/scripts/check-doxy-blocks.pl
+++ b/tests/scripts/check-doxy-blocks.pl
@@ -68,7 +68,7 @@
# Check that the script is being run from the project's root directory.
for my $dir (@directories) {
if (! -d $dir) {
- die "This script must be run from the mbed TLS root directory";
+ die "This script must be run from the Mbed TLS root directory";
} else {
check_dir($dir)
}
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index f8a2449..ac0a08d 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -34,7 +34,7 @@
fi
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ echo "Must be run from Mbed TLS root" >&2
exit 1
fi
diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 8c08e5c..96a1d3c 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -930,7 +930,7 @@
"This script confirms that the naming of all symbols and identifiers "
"in Mbed TLS are consistent with the house style and are also "
"self-consistent.\n\n"
- "Expected to be run from the MbedTLS root directory.")
+ "Expected to be run from the Mbed TLS root directory.")
)
parser.add_argument(
"-v", "--verbose",
diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh
index 2bc8dc9..cb87829 100755
--- a/tests/scripts/doxygen.sh
+++ b/tests/scripts/doxygen.sh
@@ -21,7 +21,7 @@
set -eu
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ echo "Must be run from Mbed TLS root" >&2
exit 1
fi
diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh
index a640b56..a51fbc9 100755
--- a/tests/scripts/generate-afl-tests.sh
+++ b/tests/scripts/generate-afl-tests.sh
@@ -41,7 +41,7 @@
if [ -d ../library -a -d ../include -a -d ../tests -a $THIS_DIR == "tests" ];
then :;
else
- echo " [!] Must be run from mbed TLS tests directory" >&2
+ echo " [!] Must be run from Mbed TLS tests directory" >&2
exit 1
fi
diff --git a/tests/src/external_timing/timing_alt.h b/tests/src/external_timing/timing_alt.h
index 82e8c8b..d71ceb9 100644
--- a/tests/src/external_timing/timing_alt.h
+++ b/tests/src/external_timing/timing_alt.h
@@ -1,5 +1,5 @@
/*
- * Copy of the internal MbedTLS timing implementation, to be used in tests.
+ * Copy of the internal Mbed TLS timing implementation, to be used in tests.
*/
/*
* Copyright The Mbed TLS Contributors
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 2fea014..6fbbe35 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -1195,6 +1195,39 @@
return ret;
}
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
+int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
+ mbedtls_ssl_transform *transform_out)
+{
+ /* Serialized version of record header for MAC purposes */
+ unsigned char add_data[13];
+ memcpy(add_data, record->ctr, 8);
+ add_data[8] = record->type;
+ add_data[9] = record->ver[0];
+ add_data[10] = record->ver[1];
+ add_data[11] = (record->data_len >> 8) & 0xff;
+ add_data[12] = (record->data_len >> 0) & 0xff;
+
+ /* MAC with additional data */
+ TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13));
+ TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc,
+ record->buf + record->data_offset,
+ record->data_len));
+ /* Use a temporary buffer for the MAC, because with the truncated HMAC
+ * extension, there might not be enough room in the record for the
+ * full-length MAC. */
+ unsigned char mac[MBEDTLS_MD_MAX_SIZE];
+ TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac));
+ memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen);
+ record->data_len += transform_out->maclen;
+
+ return 0;
+
+exit:
+ return -1;
+}
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
+
int mbedtls_test_ssl_populate_session(mbedtls_ssl_session *session,
int ticket_len,
const char *crt_file)
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index a3103d9..b134061 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -489,7 +489,7 @@
* MBEDTLS_ECP_WINDOW_SIZE, as well as implementation details that may
* change in the future. A factor 2 is a minimum safety margin.
*
- * For reference, with mbed TLS 2.4 and default settings, for P-256:
+ * For reference, with Mbed TLS 2.4 and default settings, for P-256:
* - Random point mult: ~3250M
* - Cold base point mult: ~3300M
* - Hot base point mult: ~1100M
diff --git a/tests/suites/test_suite_pkcs12.data b/tests/suites/test_suite_pkcs12.data
index a8c4bab..d078a68 100644
--- a/tests/suites/test_suite_pkcs12.data
+++ b/tests/suites/test_suite_pkcs12.data
@@ -33,3 +33,39 @@
PKCS#12 derive key: MD5: Valid password and salt
depends_on:MBEDTLS_MD5_C
pkcs12_derive_key:MBEDTLS_MD_MD5:48:"0123456789abcdef":USE_GIVEN_INPUT:"0123456789abcdef":USE_GIVEN_INPUT:3:"46559deeee036836ab1b633ec620178d4c70eacf42f72a2ad7360c812efa09ca3d7567b489a109050345c2dc6a262995":0
+
+PBE Encrypt, pad = 7 (OK)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"AAAAAAAAAAAAAAAAAA":16:0:"5F2C15056A36F3A78856E9E662DD27CB"
+
+PBE Encrypt, pad = 8 (OK)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"AAAAAAAAAAAAAAAA":16:0:"5F2C15056A36F3A70F70A3D4EC4004A8"
+
+PBE Encrypt, pad = 8 (Invalid output size)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"AAAAAAAAAAAAAAAA":15:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:"5F2C15056A36F3A70F70A3D4EC4004A8"
+
+PBE Encrypt, pad = 8 (PKCS7 padding disabled)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"AAAAAAAAAAAAAAAA":0:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:""
+
+PBE Decrypt, pad = 7 (OK)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A78856E9E662DD27CB":16:0:"AAAAAAAAAAAAAAAAAA"
+
+PBE Decrypt, pad = 8 (Invalid output size)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A70F70A3D4EC4004A8":15:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:"AAAAAAAAAAAAAAAA"
+
+PBE Decrypt, pad = 8 (OK)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A70F70A3D4EC4004A8":16:0:"AAAAAAAAAAAAAAAA"
+
+PBE Decrypt, (Invalid padding & PKCS7 padding disabled)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A79F2B90F1428110E2":16:0:"AAAAAAAAAAAAAAAAAA07070707070708"
+
+PBE Decrypt, (Invalid padding & PKCS7 padding enabled)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pkcs12_pbe_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:"0409CCCCCCCCCCCCCCCCCC02010A":"BBBBBBBBBBBBBBBBBB":"5F2C15056A36F3A79F2B90F1428110E2":16:MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH:"AAAAAAAAAAAAAAAAAA07070707070708"
diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function
index 0d39912..a5a9019 100644
--- a/tests/suites/test_suite_pkcs12.function
+++ b/tests/suites/test_suite_pkcs12.function
@@ -1,6 +1,7 @@
/* BEGIN_HEADER */
#include "mbedtls/pkcs12.h"
#include "mbedtls/error.h"
+#include "common.h"
typedef enum {
USE_NULL_INPUT = 0,
@@ -66,3 +67,104 @@
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
+void pkcs12_pbe_encrypt(int params_tag, int cipher, int md, data_t *params_hex, data_t *pw,
+ data_t *data, int outsize, int ref_ret, data_t *ref_out)
+{
+ int my_ret;
+ mbedtls_asn1_buf pbe_params;
+ unsigned char *my_out = NULL;
+ mbedtls_cipher_type_t cipher_alg = (mbedtls_cipher_type_t) cipher;
+ mbedtls_md_type_t md_alg = (mbedtls_md_type_t) md;
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ size_t my_out_len = 0;
+#endif
+
+ ASSERT_ALLOC(my_out, outsize);
+
+ pbe_params.tag = params_tag;
+ pbe_params.len = params_hex->len;
+ pbe_params.p = params_hex->x;
+
+ if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
+ my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_ENCRYPT, cipher_alg,
+ md_alg, pw->x, pw->len, data->x, data->len, my_out);
+ TEST_EQUAL(my_ret, ref_ret);
+ }
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, ref_out->len,
+ ref_out->x, ref_out->len);
+ }
+
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+
+ pbe_params.tag = params_tag;
+ pbe_params.len = params_hex->len;
+ pbe_params.p = params_hex->x;
+
+ my_ret = mbedtls_pkcs12_pbe_ext(&pbe_params, MBEDTLS_PKCS12_PBE_ENCRYPT, cipher_alg,
+ md_alg, pw->x, pw->len, data->x, data->len, my_out,
+ outsize, &my_out_len);
+ TEST_EQUAL(my_ret, ref_ret);
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, my_out_len,
+ ref_out->x, ref_out->len);
+ }
+#endif
+
+exit:
+ mbedtls_free(my_out);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
+void pkcs12_pbe_decrypt(int params_tag, int cipher, int md, data_t *params_hex, data_t *pw,
+ data_t *data, int outsize, int ref_ret, data_t *ref_out)
+{
+ int my_ret;
+ mbedtls_asn1_buf pbe_params;
+ unsigned char *my_out = NULL;
+ mbedtls_cipher_type_t cipher_alg = (mbedtls_cipher_type_t) cipher;
+ mbedtls_md_type_t md_alg = (mbedtls_md_type_t) md;
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ size_t my_out_len = 0;
+#endif
+
+ ASSERT_ALLOC(my_out, outsize);
+
+ pbe_params.tag = params_tag;
+ pbe_params.len = params_hex->len;
+ pbe_params.p = params_hex->x;
+
+ if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
+ my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, cipher_alg,
+ md_alg, pw->x, pw->len, data->x, data->len, my_out);
+ TEST_EQUAL(my_ret, ref_ret);
+ }
+
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, ref_out->len,
+ ref_out->x, ref_out->len);
+ }
+
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+
+ pbe_params.tag = params_tag;
+ pbe_params.len = params_hex->len;
+ pbe_params.p = params_hex->x;
+
+ my_ret = mbedtls_pkcs12_pbe_ext(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, cipher_alg,
+ md_alg, pw->x, pw->len, data->x, data->len, my_out,
+ outsize, &my_out_len);
+ TEST_EQUAL(my_ret, ref_ret);
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, my_out_len,
+ ref_out->x, ref_out->len);
+ }
+#endif
+
+exit:
+ mbedtls_free(my_out);
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data
index bd251f7..76fb0ab 100644
--- a/tests/suites/test_suite_pkcs5.data
+++ b/tests/suites/test_suite_pkcs5.data
@@ -106,109 +106,141 @@
depends_on:MBEDTLS_SHA512_C
pbkdf2_hmac:MBEDTLS_MD_SHA512:"7061737300776f7264":"7361006c74":4096:16:"9d9e9c4cd21fe4be24d5b8244c759665"
+PBES2 Encrypt, pad=6 (OK)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF":144:0:"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7"
+
+PBES2 Encrypt, pad=8 (OK)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55":136:0:"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC2262AD99FBD6C3B0AB"
+
+PBES2 Encrypt, pad=8 (Invalid output size)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D5510101010101010101010101010101010":151:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22D8D337E00CB5D1B5B76BE4AE393414050646A102DEF61A9F"
+
+PBES2 Encrypt, pad=6 (PKCS7 padding disabled)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF":138:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:""
+
+PBES2 Encrypt, pad=8 (PKCS7 padding disabled)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D5510101010101010101010101010101010":138:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:""
+
PBES2 Decrypt (OK)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF"
+
+PBES2 Decrypt (Invalid output size)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":143:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
+
+PBES2 Decrypt (Invalid padding & PKCS7 padding disabled)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607"
+
+PBES2 Decrypt (Invalid padding & PKCS7 padding enabled)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607"
PBES2 Decrypt (bad params tag)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_SEQUENCE:"":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_SEQUENCE:"":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad KDF AlgId: not a sequence)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"31":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"31":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad KDF AlgId: overlong)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"3001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"3001":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (KDF != PBKDF2)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300B06092A864886F70D01050D":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300B06092A864886F70D01050D":"":"":0:MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
PBES2 Decrypt (bad PBKDF2 params: not a sequence)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3100":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3100":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad PBKDF2 params: overlong)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3001":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (bad PBKDF2 params salt: not an octet string)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010500":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010500":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad PBKDF2 params salt: overlong)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010401":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010401":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (bad PBKDF2 params iter: not an int)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70300":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70300":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad PBKDF2 params iter: overlong)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70201":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70201":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (OK, PBKDF2 params explicit keylen)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301E06092A864886F70D01050C301104082ED7F24A1D516DD702020800020118301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301E06092A864886F70D01050C301104082ED7F24A1D516DD702020800020118301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF"
PBES2 Decrypt (bad PBKDF2 params explicit keylen: overlong)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208000201":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208000201":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (OK, PBKDF2 params explicit prf_alg)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0207301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0207301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF"
PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg not a sequence)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003100":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003100":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg overlong)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003001":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg != HMAC-SHA*)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0206":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0206":"":"":0:MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
PBES2 Decrypt (bad, PBKDF2 params extra data)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302806092A864886F70D01050C301B04082ED7F24A1D516DD702020800300A06082A864886F70D020700":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302806092A864886F70D01050C301B04082ED7F24A1D516DD702020800300A06082A864886F70D020700":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH:""
PBES2 Decrypt (bad enc_scheme_alg: not a sequence)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003100":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003100":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad enc_scheme_alg: overlong)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD7020208003001":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (bad enc_scheme_alg: unknown oid)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300A06082A864886F70D03FF":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300A06082A864886F70D03FF":"":"":0:MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
PBES2 Decrypt (bad enc_scheme_alg params: not an octet string)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070500":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070500":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT:""
PBES2 Decrypt (bad enc_scheme_alg params: overlong)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070401":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070401":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (bad enc_scheme_alg params: len != iv_len)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301306082A864886F70D030704078A4FCC9DCC3949":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:""
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301306082A864886F70D030704078A4FCC9DCC3949":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT:""
PBES2 Decrypt (bad password)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"F0617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"F0617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
PBES2 Decrypt (bad iter value)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020801301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020801301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
PKCS#5 Selftest
pkcs5_selftest:
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index 5d10da4..7ce88cb 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -1,5 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/pkcs5.h"
+#include "mbedtls/cipher.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -33,26 +34,86 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
-void mbedtls_pkcs5_pbes2(int params_tag, data_t *params_hex, data_t *pw,
- data_t *data, int ref_ret, data_t *ref_out)
+void pbes2_encrypt(int params_tag, data_t *params_hex, data_t *pw,
+ data_t *data, int outsize, int ref_ret,
+ data_t *ref_out)
{
int my_ret;
mbedtls_asn1_buf params;
unsigned char *my_out = NULL;
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ size_t my_out_len = 0;
+#endif
params.tag = params_tag;
params.p = params_hex->x;
params.len = params_hex->len;
- my_out = mbedtls_test_zero_alloc(ref_out->len);
+ ASSERT_ALLOC(my_out, outsize);
- my_ret = mbedtls_pkcs5_pbes2(¶ms, MBEDTLS_PKCS5_DECRYPT,
- pw->x, pw->len, data->x, data->len, my_out);
- TEST_ASSERT(my_ret == ref_ret);
-
- if (ref_ret == 0) {
- TEST_ASSERT(memcmp(my_out, ref_out->x, ref_out->len) == 0);
+ if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
+ my_ret = mbedtls_pkcs5_pbes2(¶ms, MBEDTLS_PKCS5_ENCRYPT,
+ pw->x, pw->len, data->x, data->len, my_out);
+ TEST_EQUAL(my_ret, ref_ret);
}
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, ref_out->len,
+ ref_out->x, ref_out->len);
+ }
+
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ my_ret = mbedtls_pkcs5_pbes2_ext(¶ms, MBEDTLS_PKCS5_ENCRYPT,
+ pw->x, pw->len, data->x, data->len, my_out,
+ outsize, &my_out_len);
+ TEST_EQUAL(my_ret, ref_ret);
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, my_out_len,
+ ref_out->x, ref_out->len);
+ }
+#endif
+
+exit:
+ mbedtls_free(my_out);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
+void pbes2_decrypt(int params_tag, data_t *params_hex, data_t *pw,
+ data_t *data, int outsize, int ref_ret,
+ data_t *ref_out)
+{
+ int my_ret;
+ mbedtls_asn1_buf params;
+ unsigned char *my_out = NULL;
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ size_t my_out_len = 0;
+#endif
+
+ params.tag = params_tag;
+ params.p = params_hex->x;
+ params.len = params_hex->len;
+
+ ASSERT_ALLOC(my_out, outsize);
+
+ if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
+ my_ret = mbedtls_pkcs5_pbes2(¶ms, MBEDTLS_PKCS5_DECRYPT,
+ pw->x, pw->len, data->x, data->len, my_out);
+ TEST_EQUAL(my_ret, ref_ret);
+ }
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, ref_out->len,
+ ref_out->x, ref_out->len);
+ }
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ my_ret = mbedtls_pkcs5_pbes2_ext(¶ms, MBEDTLS_PKCS5_DECRYPT,
+ pw->x, pw->len, data->x, data->len, my_out,
+ outsize, &my_out_len);
+ TEST_EQUAL(my_ret, ref_ret);
+ if (ref_ret == 0) {
+ ASSERT_COMPARE(my_out, my_out_len,
+ ref_out->x, ref_out->len);
+ }
+#endif
exit:
mbedtls_free(my_out);
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index e8ac888..c238642 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -8699,1030 +8699,6 @@
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
-Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-1
-
-Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-2
-
-Decrypt CBC !EtM, AES MD5 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:-1
-
-Decrypt CBC !EtM, AES MD5 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:-2
-
-Decrypt CBC !EtM, AES MD5 !trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0
-
-Decrypt CBC !EtM, AES MD5 !trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:240
-
-Decrypt CBC !EtM, AES MD5 trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0
-
-Decrypt CBC !EtM, AES MD5 trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:240
-
-Decrypt CBC !EtM, AES MD5 !trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1
-
-Decrypt CBC !EtM, AES MD5 !trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:241
-
-Decrypt CBC !EtM, AES MD5 trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1
-
-Decrypt CBC !EtM, AES MD5 trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:241
-
-Decrypt CBC !EtM, AES MD5 !trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:15
-
-Decrypt CBC !EtM, AES MD5 !trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:255
-
-Decrypt CBC !EtM, AES MD5 trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:15
-
-Decrypt CBC !EtM, AES MD5 trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:255
-
-Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-1
-
-Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-2
-
-Decrypt CBC !EtM, AES SHA1 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:-1
-
-Decrypt CBC !EtM, AES SHA1 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:-2
-
-Decrypt CBC !EtM, AES SHA1 !trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0
-
-Decrypt CBC !EtM, AES SHA1 !trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:240
-
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0
-
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:240
-
-Decrypt CBC !EtM, AES SHA1 !trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1
-
-Decrypt CBC !EtM, AES SHA1 !trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:241
-
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1
-
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:241
-
-Decrypt CBC !EtM, AES SHA1 !trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:15
-
-Decrypt CBC !EtM, AES SHA1 !trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:255
-
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:15
-
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:255
-
-Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-1
-
-Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-2
-
-Decrypt CBC !EtM, AES SHA256 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:-1
-
-Decrypt CBC !EtM, AES SHA256 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:-2
-
-Decrypt CBC !EtM, AES SHA256 !trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0
-
-Decrypt CBC !EtM, AES SHA256 !trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:240
-
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0
-
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:240
-
-Decrypt CBC !EtM, AES SHA256 !trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1
-
-Decrypt CBC !EtM, AES SHA256 !trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:241
-
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1
-
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:241
-
-Decrypt CBC !EtM, AES SHA256 !trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:15
-
-Decrypt CBC !EtM, AES SHA256 !trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255
-
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:15
-
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:255
-
-Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1
-
-Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2
-
-Decrypt CBC !EtM, AES SHA384 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:-1
-
-Decrypt CBC !EtM, AES SHA384 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:-2
-
-Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0
-
-Decrypt CBC !EtM, AES SHA384 !trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240
-
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0
-
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:240
-
-Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1
-
-Decrypt CBC !EtM, AES SHA384 !trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241
-
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1
-
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:241
-
-Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15
-
-Decrypt CBC !EtM, AES SHA384 !trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255
-
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:15
-
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:255
-
-Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-1
-
-Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-2
-
-Decrypt CBC !EtM, ARIA MD5 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:-1
-
-Decrypt CBC !EtM, ARIA MD5 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:-2
-
-Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0
-
-Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:240
-
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0
-
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:240
-
-Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1
-
-Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:241
-
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1
-
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:241
-
-Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:15
-
-Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:255
-
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:15
-
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:255
-
-Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-1
-
-Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-2
-
-Decrypt CBC !EtM, ARIA SHA1 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:-1
-
-Decrypt CBC !EtM, ARIA SHA1 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:-2
-
-Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0
-
-Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:240
-
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0
-
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:240
-
-Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1
-
-Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:241
-
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1
-
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:241
-
-Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:15
-
-Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:255
-
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:15
-
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:255
-
-Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-1
-
-Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-2
-
-Decrypt CBC !EtM, ARIA SHA256 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:-1
-
-Decrypt CBC !EtM, ARIA SHA256 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:-2
-
-Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0
-
-Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:240
-
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0
-
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:240
-
-Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1
-
-Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:241
-
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1
-
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:241
-
-Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:15
-
-Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255
-
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:15
-
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:255
-
-Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
-
-Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
-
-Decrypt CBC !EtM, ARIA SHA384 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:-1
-
-Decrypt CBC !EtM, ARIA SHA384 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:-2
-
-Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0
-
-Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240
-
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0
-
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:240
-
-Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1
-
-Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241
-
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1
-
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:241
-
-Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15
-
-Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255
-
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:15
-
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:255
-
-Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-1
-
-Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-2
-
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:-1
-
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:-2
-
-Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0
-
-Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:240
-
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0
-
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:240
-
-Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1
-
-Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:241
-
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1
-
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:241
-
-Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:15
-
-Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:255
-
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:15
-
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:255
-
-Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-1
-
-Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-2
-
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:-1
-
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:-2
-
-Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0
-
-Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:240
-
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0
-
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:240
-
-Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1
-
-Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:241
-
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1
-
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:241
-
-Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:15
-
-Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:255
-
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:15
-
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:255
-
-Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-1
-
-Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-2
-
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:-1
-
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:-2
-
-Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0
-
-Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:240
-
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0
-
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:240
-
-Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1
-
-Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:241
-
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1
-
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:241
-
-Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:15
-
-Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255
-
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:15
-
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:255
-
-Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
-
-Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
-
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:-1
-
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:-2
-
-Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0
-
-Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240
-
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0
-
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:240
-
-Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1
-
-Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241
-
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1
-
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:241
-
-Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15
-
-Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255
-
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:15
-
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:255
-
-Decrypt CBC !EtM, 3DES MD5 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:-1
-
-Decrypt CBC !EtM, 3DES MD5 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:-2
-
-Decrypt CBC !EtM, 3DES MD5 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:-1
-
-Decrypt CBC !EtM, 3DES MD5 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:-2
-
-Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=0
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:0
-
-Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=248
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:248
-
-Decrypt CBC !EtM, 3DES MD5 trunc, padlen=0
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:0
-
-Decrypt CBC !EtM, 3DES MD5 trunc, padlen=248
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:248
-
-Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=1
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:1
-
-Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=249
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:249
-
-Decrypt CBC !EtM, 3DES MD5 trunc, padlen=1
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:1
-
-Decrypt CBC !EtM, 3DES MD5 trunc, padlen=249
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:249
-
-Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=7
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:7
-
-Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=255
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:255
-
-Decrypt CBC !EtM, 3DES MD5 trunc, padlen=7
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:7
-
-Decrypt CBC !EtM, 3DES MD5 trunc, padlen=255
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:255
-
-Decrypt CBC !EtM, 3DES SHA1 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:-1
-
-Decrypt CBC !EtM, 3DES SHA1 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:-2
-
-Decrypt CBC !EtM, 3DES SHA1 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:-1
-
-Decrypt CBC !EtM, 3DES SHA1 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:-2
-
-Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=0
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:0
-
-Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=248
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:248
-
-Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=0
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:0
-
-Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=248
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:248
-
-Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=1
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:1
-
-Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=249
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:249
-
-Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=1
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:1
-
-Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=249
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:249
-
-Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=7
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:7
-
-Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=255
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:255
-
-Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=7
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:7
-
-Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=255
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:255
-
-Decrypt CBC !EtM, 3DES SHA256 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:-1
-
-Decrypt CBC !EtM, 3DES SHA256 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:-2
-
-Decrypt CBC !EtM, 3DES SHA256 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:-1
-
-Decrypt CBC !EtM, 3DES SHA256 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:-2
-
-Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=0
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:0
-
-Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=248
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:248
-
-Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=0
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:0
-
-Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=248
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:248
-
-Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=1
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:1
-
-Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=249
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:249
-
-Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=1
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:1
-
-Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=249
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:249
-
-Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=7
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:7
-
-Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=255
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:255
-
-Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=7
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:7
-
-Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=255
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:255
-
-Decrypt CBC !EtM, 3DES SHA384 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:-1
-
-Decrypt CBC !EtM, 3DES SHA384 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:-2
-
-Decrypt CBC !EtM, 3DES SHA384 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:-1
-
-Decrypt CBC !EtM, 3DES SHA384 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:-2
-
-Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=0
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:0
-
-Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=248
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:248
-
-Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=0
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:0
-
-Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=248
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:248
-
-Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=1
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:1
-
-Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=249
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:249
-
-Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=1
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:1
-
-Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=249
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:249
-
-Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=7
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:7
-
-Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=255
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:255
-
-Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=7
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:7
-
-Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=255
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:255
-
SSL TLS 1.3 Key schedule: Secret evolution #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Initial secret to Early Secret
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 02c3799..0a35aa9 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -1385,19 +1385,16 @@
ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec,
mbedtls_test_rnd_std_rand, NULL);
- if ((mode == 1 || mode == 2) && seen_success) {
- TEST_ASSERT(ret == 0);
- } else {
- TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
- if (ret == 0) {
- seen_success = 1;
- }
- }
-
- if (ret != 0) {
+ if (ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
+ /* It's ok if the output buffer is too small. We do insist
+ * on at least one mode succeeding; this is tracked by
+ * seen_success. */
continue;
}
+ TEST_EQUAL(ret, 0);
+ seen_success = 1;
+
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if (rec.cid_len != 0) {
/* DTLS 1.2 + CID hides the real content type and
@@ -1445,217 +1442,6 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */
-void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac,
- int length_selector)
-{
- /*
- * Test record decryption for CBC without EtM, focused on the verification
- * of padding and MAC.
- *
- * Actually depends on TLS >= 1.0 (SSL 3.0 computes the MAC differently),
- * and either AES, ARIA, Camellia or DES, but since the test framework
- * doesn't support alternation in dependency statements, just depend on
- * TLS 1.2 and AES.
- *
- * The length_selector argument is interpreted as follows:
- * - if it's -1, the plaintext length is 0 and minimal padding is applied
- * - if it's -2, the plaintext length is 0 and maximal padding is applied
- * - otherwise it must be in [0, 255] and is padding_length from RFC 5246:
- * it's the length of the rest of the padding, that is, excluding the
- * byte that encodes the length. The minimal non-zero plaintext length
- * that gives this padding_length is automatically selected.
- */
- mbedtls_ssl_context ssl; /* ONLY for debugging */
- mbedtls_ssl_transform t0, t1;
- mbedtls_record rec, rec_save;
- unsigned char *buf = NULL, *buf_save = NULL;
- size_t buflen, olen = 0;
- size_t plaintext_len, block_size, i;
- unsigned char padlen; /* excluding the padding_length byte */
- unsigned char add_data[13];
- unsigned char mac[MBEDTLS_MD_MAX_SIZE];
- int exp_ret;
- const unsigned char pad_max_len = 255; /* Per the standard */
-
- mbedtls_ssl_init(&ssl);
- mbedtls_ssl_transform_init(&t0);
- mbedtls_ssl_transform_init(&t1);
- USE_PSA_INIT();
-
- /* Set up transforms with dummy keys */
- TEST_ASSERT(mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id,
- 0, trunc_hmac,
- MBEDTLS_SSL_MINOR_VERSION_3,
- 0, 0) == 0);
-
- /* Determine padding/plaintext length */
- TEST_ASSERT(length_selector >= -2 && length_selector <= 255);
- block_size = t0.ivlen;
- if (length_selector < 0) {
- plaintext_len = 0;
-
- /* Minimal padding
- * The +1 is for the padding_length byte, not counted in padlen. */
- padlen = block_size - (t0.maclen + 1) % block_size;
-
- /* Maximal padding? */
- if (length_selector == -2) {
- padlen += block_size * ((pad_max_len - padlen) / block_size);
- }
- } else {
- padlen = length_selector;
-
- /* Minimal non-zero plaintext_length giving desired padding.
- * The +1 is for the padding_length byte, not counted in padlen. */
- plaintext_len = block_size - (padlen + t0.maclen + 1) % block_size;
- }
-
- /* Prepare a buffer for record data */
- buflen = block_size
- + plaintext_len
- + t0.maclen
- + padlen + 1;
- TEST_CALLOC(buf, buflen);
- TEST_CALLOC(buf_save, buflen);
-
- /* Prepare a dummy record header */
- memset(rec.ctr, 0, sizeof(rec.ctr));
- rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
- rec.ver[0] = MBEDTLS_SSL_MAJOR_VERSION_3;
- rec.ver[1] = MBEDTLS_SSL_MINOR_VERSION_3;
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- rec.cid_len = 0;
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
- /* Prepare dummy record content */
- rec.buf = buf;
- rec.buf_len = buflen;
- rec.data_offset = block_size;
- rec.data_len = plaintext_len;
- memset(rec.buf + rec.data_offset, 42, rec.data_len);
-
- /* Serialized version of record header for MAC purposes */
- memcpy(add_data, rec.ctr, 8);
- add_data[8] = rec.type;
- add_data[9] = rec.ver[0];
- add_data[10] = rec.ver[1];
- add_data[11] = (rec.data_len >> 8) & 0xff;
- add_data[12] = (rec.data_len >> 0) & 0xff;
-
- /* Set dummy IV */
- memset(t0.iv_enc, 0x55, t0.ivlen);
- memcpy(rec.buf, t0.iv_enc, t0.ivlen);
-
- /*
- * Prepare a pre-encryption record (with MAC and padding), and save it.
- */
-
- /* MAC with additional data */
- TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc, add_data, 13));
- TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc,
- rec.buf + rec.data_offset,
- rec.data_len));
- TEST_EQUAL(0, mbedtls_md_hmac_finish(&t0.md_ctx_enc, mac));
-
- memcpy(rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen);
- rec.data_len += t0.maclen;
-
- /* Pad */
- memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1);
- rec.data_len += padlen + 1;
-
- /* Save correct pre-encryption record */
- rec_save = rec;
- rec_save.buf = buf_save;
- memcpy(buf_save, buf, buflen);
-
- /*
- * Encrypt and decrypt the correct record, expecting success
- */
- TEST_EQUAL(0, mbedtls_cipher_crypt(&t0.cipher_ctx_enc,
- t0.iv_enc, t0.ivlen,
- rec.buf + rec.data_offset, rec.data_len,
- rec.buf + rec.data_offset, &olen));
- rec.data_offset -= t0.ivlen;
- rec.data_len += t0.ivlen;
-
- TEST_EQUAL(0, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
-
- /*
- * Modify each byte of the pre-encryption record before encrypting and
- * decrypting it, expecting failure every time.
- */
- for (i = block_size; i < buflen; i++) {
- mbedtls_test_set_step(i);
-
- /* Restore correct pre-encryption record */
- rec = rec_save;
- rec.buf = buf;
- memcpy(buf, buf_save, buflen);
-
- /* Corrupt one byte of the data (could be plaintext, MAC or padding) */
- rec.buf[i] ^= 0x01;
-
- /* Encrypt */
- TEST_EQUAL(0, mbedtls_cipher_crypt(&t0.cipher_ctx_enc,
- t0.iv_enc, t0.ivlen,
- rec.buf + rec.data_offset, rec.data_len,
- rec.buf + rec.data_offset, &olen));
- rec.data_offset -= t0.ivlen;
- rec.data_len += t0.ivlen;
-
- /* Decrypt and expect failure */
- TEST_EQUAL(MBEDTLS_ERR_SSL_INVALID_MAC,
- mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
- }
-
- /*
- * Use larger values of the padding bytes - with small buffers, this tests
- * the case where the announced padlen would be larger than the buffer
- * (and before that, than the buffer minus the size of the MAC), to make
- * sure our padding checking code does not perform any out-of-bounds reads
- * in this case. (With larger buffers, ie when the plaintext is long or
- * maximal length padding is used, this is less relevant but still doesn't
- * hurt to test.)
- *
- * (Start the loop with correct padding, just to double-check that record
- * saving did work, and that we're overwriting the correct bytes.)
- */
- for (i = padlen; i <= pad_max_len; i++) {
- mbedtls_test_set_step(i);
-
- /* Restore correct pre-encryption record */
- rec = rec_save;
- rec.buf = buf;
- memcpy(buf, buf_save, buflen);
-
- /* Set padding bytes to new value */
- memset(buf + buflen - padlen - 1, i, padlen + 1);
-
- /* Encrypt */
- TEST_EQUAL(0, mbedtls_cipher_crypt(&t0.cipher_ctx_enc,
- t0.iv_enc, t0.ivlen,
- rec.buf + rec.data_offset, rec.data_len,
- rec.buf + rec.data_offset, &olen));
- rec.data_offset -= t0.ivlen;
- rec.data_len += t0.ivlen;
-
- /* Decrypt and expect failure except the first time */
- exp_ret = (i == padlen) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC;
- TEST_EQUAL(exp_ret, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
- }
-
-exit:
- mbedtls_ssl_free(&ssl);
- mbedtls_ssl_transform_free(&t0);
- mbedtls_ssl_transform_free(&t1);
- mbedtls_free(buf);
- mbedtls_free(buf_save);
- USE_PSA_DONE();
-}
-/* END_CASE */
-
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_hkdf_expand_label(int hash_alg,
data_t *secret,
diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function
new file mode 100644
index 0000000..39c92ce
--- /dev/null
+++ b/tests/suites/test_suite_ssl_decrypt.function
@@ -0,0 +1,328 @@
+/* BEGIN_HEADER */
+/* Testing of mbedtls_ssl_decrypt_buf() specifically, focusing on negative
+ * testing (using malformed inputs). */
+
+#include <mbedtls/cipher.h>
+#include <mbedtls/ssl.h>
+#include <test/ssl_helpers.h>
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_SSL_TLS_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SOME_MODES_USE_MAC */
+void ssl_decrypt_stream(int cipher_type, int hash_id, int trunc_hmac)
+{
+ mbedtls_ssl_transform transform_in, transform_out;
+ mbedtls_ssl_transform_init(&transform_in);
+ mbedtls_ssl_transform_init(&transform_out);
+ mbedtls_record rec_good = {
+ .ctr = { 0 },
+ .type = MBEDTLS_SSL_MSG_APPLICATION_DATA,
+ /* For simplicity, we only test one protocol version (TLS 1.2).
+ * For stream ciphers (unlike CBC), there are no changes in the
+ * data record format between SSL 3.0 and TLS 1.2 inclusive, so
+ * testing a single version should be good enough. */
+ .ver = { MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3 },
+ .buf = NULL,
+ .buf_len = 0,
+ .data_offset = 0,
+ .data_len = 0,
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ .cid_len = 0,
+ .cid = { 0 },
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ };
+ const char sample_plaintext[3] = "ABC";
+ mbedtls_cipher_context_t cipher;
+ mbedtls_cipher_init(&cipher);
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_init(&ssl);
+ uint8_t *buf = NULL;
+
+ USE_PSA_INIT();
+
+ TEST_EQUAL(mbedtls_test_ssl_build_transforms(&transform_in, &transform_out,
+ cipher_type, hash_id,
+ 0, trunc_hmac,
+ rec_good.ver[1],
+ 0, 0), 0);
+
+ const size_t plaintext_length = sizeof(sample_plaintext);
+ rec_good.buf_len = plaintext_length + transform_in.maclen;
+ rec_good.data_len = plaintext_length;
+ TEST_CALLOC(rec_good.buf, rec_good.buf_len);
+ memcpy(rec_good.buf, sample_plaintext, plaintext_length);
+ TEST_EQUAL(mbedtls_test_ssl_prepare_record_mac(&rec_good,
+ &transform_out), 0);
+
+ /* Encrypt in place */
+ size_t len;
+ TEST_EQUAL(mbedtls_cipher_crypt(&transform_out.cipher_ctx_enc,
+ transform_out.iv_enc, transform_out.ivlen,
+ rec_good.buf + rec_good.data_offset,
+ rec_good.data_len,
+ rec_good.buf + rec_good.data_offset,
+ &len), 0);
+ /* This function only supports stream ciphers, which should preserve
+ * the length. */
+ TEST_EQUAL(len, rec_good.data_len);
+
+ /* Good case */
+ mbedtls_record rec = rec_good;
+ TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec), 0);
+
+ /* Change any one byte of the plaintext or MAC. The MAC will be wrong. */
+ TEST_CALLOC(buf, rec.buf_len);
+ for (size_t i = 0; i < rec.buf_len; i++) {
+ mbedtls_test_set_step(i);
+ rec = rec_good;
+ rec.buf = buf;
+ memcpy(buf, rec_good.buf, rec.buf_len);
+ buf[i] ^= 1;
+ TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec),
+ MBEDTLS_ERR_SSL_INVALID_MAC);
+ }
+ mbedtls_free(buf);
+ buf = NULL;
+
+ /* Shorter input buffer. Either the MAC will be wrong, or there isn't
+ * enough room for a MAC. */
+ for (size_t n = 1; n < rec.buf_len; n++) {
+ mbedtls_test_set_step(n);
+ rec = rec_good;
+ TEST_CALLOC(buf, n);
+ rec.buf = buf;
+ rec.buf_len = n;
+ rec.data_len = n;
+ memcpy(buf, rec_good.buf, n);
+ TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec),
+ MBEDTLS_ERR_SSL_INVALID_MAC);
+ mbedtls_free(buf);
+ buf = NULL;
+ }
+
+ /* For robustness, check a 0-length buffer (non-null, then null).
+ * This should not reach mbedtls_ssl_decrypt_buf() as used in the library,
+ * so the exact error doesn't matter, but we don't want a crash. */
+ {
+ const uint8_t buf1[1] = { 'a' };
+ rec = rec_good;
+ /* We won't write to buf1[0] since it's out of range, so we can cast
+ * the const away. */
+ rec.buf = (uint8_t *) buf1;
+ rec.buf_len = 0;
+ TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec),
+ MBEDTLS_ERR_SSL_INTERNAL_ERROR);
+ }
+ rec = rec_good;
+ rec.buf = NULL;
+ rec.buf_len = 0;
+ TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, &transform_in, &rec),
+ MBEDTLS_ERR_SSL_INTERNAL_ERROR);
+
+exit:
+ USE_PSA_DONE();
+ mbedtls_ssl_transform_free(&transform_in);
+ mbedtls_ssl_transform_free(&transform_out);
+ mbedtls_free(rec_good.buf);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_cipher_free(&cipher);
+ mbedtls_free(buf);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */
+void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac,
+ int length_selector)
+{
+ /*
+ * Test record decryption for CBC without EtM, focused on the verification
+ * of padding and MAC.
+ *
+ * Actually depends on TLS >= 1.0 (SSL 3.0 computes the MAC differently),
+ * and either AES, ARIA, Camellia or DES, but since the test framework
+ * doesn't support alternation in dependency statements, just depend on
+ * TLS 1.2 and AES.
+ *
+ * The length_selector argument is interpreted as follows:
+ * - if it's -1, the plaintext length is 0 and minimal padding is applied
+ * - if it's -2, the plaintext length is 0 and maximal padding is applied
+ * - otherwise it must be in [0, 255] and is padding_length from RFC 5246:
+ * it's the length of the rest of the padding, that is, excluding the
+ * byte that encodes the length. The minimal non-zero plaintext length
+ * that gives this padding_length is automatically selected.
+ */
+ mbedtls_ssl_context ssl; /* ONLY for debugging */
+ mbedtls_ssl_transform t0, t1;
+ mbedtls_record rec, rec_save;
+ unsigned char *buf = NULL, *buf_save = NULL;
+ size_t buflen, olen = 0;
+ size_t plaintext_len, block_size, i;
+ unsigned char padlen; /* excluding the padding_length byte */
+ int exp_ret;
+ const unsigned char pad_max_len = 255; /* Per the standard */
+
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_transform_init(&t0);
+ mbedtls_ssl_transform_init(&t1);
+ USE_PSA_INIT();
+
+ /* Set up transforms with dummy keys */
+ TEST_ASSERT(mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id,
+ 0, trunc_hmac,
+ MBEDTLS_SSL_MINOR_VERSION_3,
+ 0, 0) == 0);
+
+ /* Determine padding/plaintext length */
+ TEST_ASSERT(length_selector >= -2 && length_selector <= 255);
+ block_size = t0.ivlen;
+ if (length_selector < 0) {
+ plaintext_len = 0;
+
+ /* Minimal padding
+ * The +1 is for the padding_length byte, not counted in padlen. */
+ padlen = block_size - (t0.maclen + 1) % block_size;
+
+ /* Maximal padding? */
+ if (length_selector == -2) {
+ padlen += block_size * ((pad_max_len - padlen) / block_size);
+ }
+ } else {
+ padlen = length_selector;
+
+ /* Minimal non-zero plaintext_length giving desired padding.
+ * The +1 is for the padding_length byte, not counted in padlen. */
+ plaintext_len = block_size - (padlen + t0.maclen + 1) % block_size;
+ }
+
+ /* Prepare a buffer for record data */
+ buflen = block_size
+ + plaintext_len
+ + t0.maclen
+ + padlen + 1;
+ TEST_CALLOC(buf, buflen);
+ TEST_CALLOC(buf_save, buflen);
+
+ /* Prepare a dummy record header */
+ memset(rec.ctr, 0, sizeof(rec.ctr));
+ rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
+ rec.ver[0] = MBEDTLS_SSL_MAJOR_VERSION_3;
+ rec.ver[1] = MBEDTLS_SSL_MINOR_VERSION_3;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ rec.cid_len = 0;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ /* Prepare dummy record content */
+ rec.buf = buf;
+ rec.buf_len = buflen;
+ rec.data_offset = block_size;
+ rec.data_len = plaintext_len;
+ memset(rec.buf + rec.data_offset, 42, rec.data_len);
+
+ /* Set dummy IV */
+ memset(t0.iv_enc, 0x55, t0.ivlen);
+ memcpy(rec.buf, t0.iv_enc, t0.ivlen);
+
+ /*
+ * Prepare a pre-encryption record (with MAC and padding), and save it.
+ */
+ TEST_EQUAL(0, mbedtls_test_ssl_prepare_record_mac(&rec, &t0));
+
+ /* Pad */
+ memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1);
+ rec.data_len += padlen + 1;
+
+ /* Save correct pre-encryption record */
+ rec_save = rec;
+ rec_save.buf = buf_save;
+ memcpy(buf_save, buf, buflen);
+
+ /*
+ * Encrypt and decrypt the correct record, expecting success
+ */
+ TEST_EQUAL(0, mbedtls_cipher_crypt(&t0.cipher_ctx_enc,
+ t0.iv_enc, t0.ivlen,
+ rec.buf + rec.data_offset, rec.data_len,
+ rec.buf + rec.data_offset, &olen));
+ rec.data_offset -= t0.ivlen;
+ rec.data_len += t0.ivlen;
+
+ TEST_EQUAL(0, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
+
+ /*
+ * Modify each byte of the pre-encryption record before encrypting and
+ * decrypting it, expecting failure every time.
+ */
+ for (i = block_size; i < buflen; i++) {
+ mbedtls_test_set_step(i);
+
+ /* Restore correct pre-encryption record */
+ rec = rec_save;
+ rec.buf = buf;
+ memcpy(buf, buf_save, buflen);
+
+ /* Corrupt one byte of the data (could be plaintext, MAC or padding) */
+ rec.buf[i] ^= 0x01;
+
+ /* Encrypt */
+ TEST_EQUAL(0, mbedtls_cipher_crypt(&t0.cipher_ctx_enc,
+ t0.iv_enc, t0.ivlen,
+ rec.buf + rec.data_offset, rec.data_len,
+ rec.buf + rec.data_offset, &olen));
+ rec.data_offset -= t0.ivlen;
+ rec.data_len += t0.ivlen;
+
+ /* Decrypt and expect failure */
+ TEST_EQUAL(MBEDTLS_ERR_SSL_INVALID_MAC,
+ mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
+ }
+
+ /*
+ * Use larger values of the padding bytes - with small buffers, this tests
+ * the case where the announced padlen would be larger than the buffer
+ * (and before that, than the buffer minus the size of the MAC), to make
+ * sure our padding checking code does not perform any out-of-bounds reads
+ * in this case. (With larger buffers, ie when the plaintext is long or
+ * maximal length padding is used, this is less relevant but still doesn't
+ * hurt to test.)
+ *
+ * (Start the loop with correct padding, just to double-check that record
+ * saving did work, and that we're overwriting the correct bytes.)
+ */
+ for (i = padlen; i <= pad_max_len; i++) {
+ mbedtls_test_set_step(i);
+
+ /* Restore correct pre-encryption record */
+ rec = rec_save;
+ rec.buf = buf;
+ memcpy(buf, buf_save, buflen);
+
+ /* Set padding bytes to new value */
+ memset(buf + buflen - padlen - 1, i, padlen + 1);
+
+ /* Encrypt */
+ TEST_EQUAL(0, mbedtls_cipher_crypt(&t0.cipher_ctx_enc,
+ t0.iv_enc, t0.ivlen,
+ rec.buf + rec.data_offset, rec.data_len,
+ rec.buf + rec.data_offset, &olen));
+ rec.data_offset -= t0.ivlen;
+ rec.data_len += t0.ivlen;
+
+ /* Decrypt and expect failure except the first time */
+ exp_ret = (i == padlen) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC;
+ TEST_EQUAL(exp_ret, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec));
+ }
+
+exit:
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_transform_free(&t0);
+ mbedtls_ssl_transform_free(&t1);
+ mbedtls_free(buf);
+ mbedtls_free(buf_save);
+ USE_PSA_DONE();
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_ssl_decrypt.misc.data b/tests/suites/test_suite_ssl_decrypt.misc.data
new file mode 100644
index 0000000..770ca6f
--- /dev/null
+++ b/tests/suites/test_suite_ssl_decrypt.misc.data
@@ -0,0 +1,1087 @@
+Decrypt null cipher, MD5
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_MD5_C
+ssl_decrypt_stream:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0
+
+Decrypt null cipher, MD5 trunc
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_MD5_C
+ssl_decrypt_stream:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1
+
+Decrypt null cipher, SHA-1
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SHA1_C
+ssl_decrypt_stream:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0
+
+Decrypt null cipher, SHA-1 trunc
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SHA1_C
+ssl_decrypt_stream:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1
+
+Decrypt null cipher, SHA-256
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SHA256_C
+ssl_decrypt_stream:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0
+
+Decrypt null cipher, SHA-256 trunc
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SHA256_C
+ssl_decrypt_stream:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1
+
+Decrypt null cipher, SHA-384
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_stream:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0
+
+Decrypt null cipher, SHA-384 trunc
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_stream:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1
+
+Decrypt RC4, MD5
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_MD5_C
+ssl_decrypt_stream:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0
+
+Decrypt RC4, MD5 trunc
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_MD5_C
+ssl_decrypt_stream:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1
+
+Decrypt RC4, SHA-1
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C
+ssl_decrypt_stream:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0
+
+Decrypt RC4, SHA-1 trunc
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C
+ssl_decrypt_stream:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1
+
+Decrypt RC4, SHA-256
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA256_C
+ssl_decrypt_stream:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0
+
+Decrypt RC4, SHA-256 trunc
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA256_C
+ssl_decrypt_stream:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1
+
+Decrypt RC4, SHA-384
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_stream:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0
+
+Decrypt RC4, SHA-384 trunc
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_stream:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1
+
+Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-1
+
+Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-2
+
+Decrypt CBC !EtM, AES MD5 trunc, empty plaintext, minpad
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:-1
+
+Decrypt CBC !EtM, AES MD5 trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:-2
+
+Decrypt CBC !EtM, AES MD5 !trunc, padlen=0
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0
+
+Decrypt CBC !EtM, AES MD5 !trunc, padlen=240
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:240
+
+Decrypt CBC !EtM, AES MD5 trunc, padlen=0
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0
+
+Decrypt CBC !EtM, AES MD5 trunc, padlen=240
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:240
+
+Decrypt CBC !EtM, AES MD5 !trunc, padlen=1
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1
+
+Decrypt CBC !EtM, AES MD5 !trunc, padlen=241
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:241
+
+Decrypt CBC !EtM, AES MD5 trunc, padlen=1
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1
+
+Decrypt CBC !EtM, AES MD5 trunc, padlen=241
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:241
+
+Decrypt CBC !EtM, AES MD5 !trunc, padlen=15
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:15
+
+Decrypt CBC !EtM, AES MD5 !trunc, padlen=255
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:255
+
+Decrypt CBC !EtM, AES MD5 trunc, padlen=15
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:15
+
+Decrypt CBC !EtM, AES MD5 trunc, padlen=255
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:255
+
+Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-1
+
+Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-2
+
+Decrypt CBC !EtM, AES SHA1 trunc, empty plaintext, minpad
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:-1
+
+Decrypt CBC !EtM, AES SHA1 trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:-2
+
+Decrypt CBC !EtM, AES SHA1 !trunc, padlen=0
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0
+
+Decrypt CBC !EtM, AES SHA1 !trunc, padlen=240
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:240
+
+Decrypt CBC !EtM, AES SHA1 trunc, padlen=0
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0
+
+Decrypt CBC !EtM, AES SHA1 trunc, padlen=240
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:240
+
+Decrypt CBC !EtM, AES SHA1 !trunc, padlen=1
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1
+
+Decrypt CBC !EtM, AES SHA1 !trunc, padlen=241
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:241
+
+Decrypt CBC !EtM, AES SHA1 trunc, padlen=1
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1
+
+Decrypt CBC !EtM, AES SHA1 trunc, padlen=241
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:241
+
+Decrypt CBC !EtM, AES SHA1 !trunc, padlen=15
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:15
+
+Decrypt CBC !EtM, AES SHA1 !trunc, padlen=255
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:255
+
+Decrypt CBC !EtM, AES SHA1 trunc, padlen=15
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:15
+
+Decrypt CBC !EtM, AES SHA1 trunc, padlen=255
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:255
+
+Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-1
+
+Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-2
+
+Decrypt CBC !EtM, AES SHA256 trunc, empty plaintext, minpad
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:-1
+
+Decrypt CBC !EtM, AES SHA256 trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:-2
+
+Decrypt CBC !EtM, AES SHA256 !trunc, padlen=0
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0
+
+Decrypt CBC !EtM, AES SHA256 !trunc, padlen=240
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:240
+
+Decrypt CBC !EtM, AES SHA256 trunc, padlen=0
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0
+
+Decrypt CBC !EtM, AES SHA256 trunc, padlen=240
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:240
+
+Decrypt CBC !EtM, AES SHA256 !trunc, padlen=1
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1
+
+Decrypt CBC !EtM, AES SHA256 !trunc, padlen=241
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:241
+
+Decrypt CBC !EtM, AES SHA256 trunc, padlen=1
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1
+
+Decrypt CBC !EtM, AES SHA256 trunc, padlen=241
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:241
+
+Decrypt CBC !EtM, AES SHA256 !trunc, padlen=15
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:15
+
+Decrypt CBC !EtM, AES SHA256 !trunc, padlen=255
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255
+
+Decrypt CBC !EtM, AES SHA256 trunc, padlen=15
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:15
+
+Decrypt CBC !EtM, AES SHA256 trunc, padlen=255
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:255
+
+Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1
+
+Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2
+
+Decrypt CBC !EtM, AES SHA384 trunc, empty plaintext, minpad
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:-1
+
+Decrypt CBC !EtM, AES SHA384 trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:-2
+
+Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0
+
+Decrypt CBC !EtM, AES SHA384 !trunc, padlen=240
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240
+
+Decrypt CBC !EtM, AES SHA384 trunc, padlen=0
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0
+
+Decrypt CBC !EtM, AES SHA384 trunc, padlen=240
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:240
+
+Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1
+
+Decrypt CBC !EtM, AES SHA384 !trunc, padlen=241
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241
+
+Decrypt CBC !EtM, AES SHA384 trunc, padlen=1
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1
+
+Decrypt CBC !EtM, AES SHA384 trunc, padlen=241
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:241
+
+Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15
+
+Decrypt CBC !EtM, AES SHA384 !trunc, padlen=255
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255
+
+Decrypt CBC !EtM, AES SHA384 trunc, padlen=15
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:15
+
+Decrypt CBC !EtM, AES SHA384 trunc, padlen=255
+depends_on:MBEDTLS_AES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:255
+
+Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-1
+
+Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-2
+
+Decrypt CBC !EtM, ARIA MD5 trunc, empty plaintext, minpad
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:-1
+
+Decrypt CBC !EtM, ARIA MD5 trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:-2
+
+Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=0
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0
+
+Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=240
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:240
+
+Decrypt CBC !EtM, ARIA MD5 trunc, padlen=0
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0
+
+Decrypt CBC !EtM, ARIA MD5 trunc, padlen=240
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:240
+
+Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1
+
+Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=241
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:241
+
+Decrypt CBC !EtM, ARIA MD5 trunc, padlen=1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1
+
+Decrypt CBC !EtM, ARIA MD5 trunc, padlen=241
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:241
+
+Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=15
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:15
+
+Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=255
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:255
+
+Decrypt CBC !EtM, ARIA MD5 trunc, padlen=15
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:15
+
+Decrypt CBC !EtM, ARIA MD5 trunc, padlen=255
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:255
+
+Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-1
+
+Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-2
+
+Decrypt CBC !EtM, ARIA SHA1 trunc, empty plaintext, minpad
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:-1
+
+Decrypt CBC !EtM, ARIA SHA1 trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:-2
+
+Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=0
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0
+
+Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=240
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:240
+
+Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=0
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0
+
+Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=240
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:240
+
+Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1
+
+Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=241
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:241
+
+Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1
+
+Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=241
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:241
+
+Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=15
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:15
+
+Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=255
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:255
+
+Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=15
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:15
+
+Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=255
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:255
+
+Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-1
+
+Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-2
+
+Decrypt CBC !EtM, ARIA SHA256 trunc, empty plaintext, minpad
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:-1
+
+Decrypt CBC !EtM, ARIA SHA256 trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:-2
+
+Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=0
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0
+
+Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=240
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:240
+
+Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=0
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0
+
+Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=240
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:240
+
+Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1
+
+Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=241
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:241
+
+Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1
+
+Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=241
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:241
+
+Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=15
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:15
+
+Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=255
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255
+
+Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=15
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:15
+
+Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=255
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:255
+
+Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
+
+Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
+
+Decrypt CBC !EtM, ARIA SHA384 trunc, empty plaintext, minpad
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:-1
+
+Decrypt CBC !EtM, ARIA SHA384 trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:-2
+
+Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0
+
+Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=240
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240
+
+Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=0
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0
+
+Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=240
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:240
+
+Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1
+
+Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=241
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241
+
+Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=1
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1
+
+Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=241
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:241
+
+Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15
+
+Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=255
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255
+
+Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=15
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:15
+
+Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=255
+depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:255
+
+Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-1
+
+Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-2
+
+Decrypt CBC !EtM, CAMELLIA MD5 trunc, empty plaintext, minpad
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:-1
+
+Decrypt CBC !EtM, CAMELLIA MD5 trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:-2
+
+Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=0
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0
+
+Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=240
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:240
+
+Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=0
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0
+
+Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=240
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:240
+
+Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1
+
+Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=241
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:241
+
+Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1
+
+Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=241
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:241
+
+Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=15
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:15
+
+Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=255
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:255
+
+Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=15
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:15
+
+Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=255
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:255
+
+Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-1
+
+Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-2
+
+Decrypt CBC !EtM, CAMELLIA SHA1 trunc, empty plaintext, minpad
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:-1
+
+Decrypt CBC !EtM, CAMELLIA SHA1 trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:-2
+
+Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=0
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0
+
+Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=240
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:240
+
+Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=0
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0
+
+Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=240
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:240
+
+Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1
+
+Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=241
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:241
+
+Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1
+
+Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=241
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:241
+
+Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=15
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:15
+
+Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=255
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:255
+
+Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=15
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:15
+
+Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=255
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:255
+
+Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-1
+
+Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-2
+
+Decrypt CBC !EtM, CAMELLIA SHA256 trunc, empty plaintext, minpad
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:-1
+
+Decrypt CBC !EtM, CAMELLIA SHA256 trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:-2
+
+Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=0
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0
+
+Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=240
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:240
+
+Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=0
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0
+
+Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=240
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:240
+
+Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1
+
+Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=241
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:241
+
+Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1
+
+Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=241
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:241
+
+Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=15
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:15
+
+Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=255
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255
+
+Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=15
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:15
+
+Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=255
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:255
+
+Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
+
+Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
+
+Decrypt CBC !EtM, CAMELLIA SHA384 trunc, empty plaintext, minpad
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:-1
+
+Decrypt CBC !EtM, CAMELLIA SHA384 trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:-2
+
+Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0
+
+Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=240
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240
+
+Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=0
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0
+
+Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=240
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:240
+
+Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1
+
+Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=241
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241
+
+Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=1
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1
+
+Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=241
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:241
+
+Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15
+
+Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=255
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255
+
+Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=15
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:15
+
+Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=255
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:255
+
+Decrypt CBC !EtM, 3DES MD5 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:-1
+
+Decrypt CBC !EtM, 3DES MD5 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:-2
+
+Decrypt CBC !EtM, 3DES MD5 trunc, empty plaintext, minpad
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:-1
+
+Decrypt CBC !EtM, 3DES MD5 trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:-2
+
+Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=0
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:0
+
+Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=248
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:248
+
+Decrypt CBC !EtM, 3DES MD5 trunc, padlen=0
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:0
+
+Decrypt CBC !EtM, 3DES MD5 trunc, padlen=248
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:248
+
+Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=1
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:1
+
+Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=249
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:249
+
+Decrypt CBC !EtM, 3DES MD5 trunc, padlen=1
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:1
+
+Decrypt CBC !EtM, 3DES MD5 trunc, padlen=249
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:249
+
+Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:7
+
+Decrypt CBC !EtM, 3DES MD5 !trunc, padlen=255
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:0:255
+
+Decrypt CBC !EtM, 3DES MD5 trunc, padlen=7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:7
+
+Decrypt CBC !EtM, 3DES MD5 trunc, padlen=255
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD5_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_MD5:1:255
+
+Decrypt CBC !EtM, 3DES SHA1 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:-1
+
+Decrypt CBC !EtM, 3DES SHA1 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:-2
+
+Decrypt CBC !EtM, 3DES SHA1 trunc, empty plaintext, minpad
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:-1
+
+Decrypt CBC !EtM, 3DES SHA1 trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:-2
+
+Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=0
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:0
+
+Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=248
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:248
+
+Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=0
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:0
+
+Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=248
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:248
+
+Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=1
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:1
+
+Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=249
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:249
+
+Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=1
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:1
+
+Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=249
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:249
+
+Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=7
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:7
+
+Decrypt CBC !EtM, 3DES SHA1 !trunc, padlen=255
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:0:255
+
+Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=7
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:7
+
+Decrypt CBC !EtM, 3DES SHA1 trunc, padlen=255
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA1:1:255
+
+Decrypt CBC !EtM, 3DES SHA256 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:-1
+
+Decrypt CBC !EtM, 3DES SHA256 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:-2
+
+Decrypt CBC !EtM, 3DES SHA256 trunc, empty plaintext, minpad
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:-1
+
+Decrypt CBC !EtM, 3DES SHA256 trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:-2
+
+Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=0
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:0
+
+Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=248
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:248
+
+Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=0
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:0
+
+Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=248
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:248
+
+Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=1
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:1
+
+Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=249
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:249
+
+Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=1
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:1
+
+Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=249
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:249
+
+Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=7
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:7
+
+Decrypt CBC !EtM, 3DES SHA256 !trunc, padlen=255
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:0:255
+
+Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=7
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:7
+
+Decrypt CBC !EtM, 3DES SHA256 trunc, padlen=255
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA256:1:255
+
+Decrypt CBC !EtM, 3DES SHA384 !trunc, empty plaintext, minpad
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:-1
+
+Decrypt CBC !EtM, 3DES SHA384 !trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:-2
+
+Decrypt CBC !EtM, 3DES SHA384 trunc, empty plaintext, minpad
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:-1
+
+Decrypt CBC !EtM, 3DES SHA384 trunc, empty plaintext, maxpad
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:-2
+
+Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=0
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:0
+
+Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=248
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:248
+
+Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=0
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:0
+
+Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=248
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:248
+
+Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=1
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:1
+
+Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=249
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:249
+
+Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=1
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:1
+
+Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=249
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:249
+
+Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=7
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:7
+
+Decrypt CBC !EtM, 3DES SHA384 !trunc, padlen=255
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:0:255
+
+Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=7
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:7
+
+Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=255
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:255
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 8226a68..25974db 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compile time library version
-check_compiletime_version:"2.28.4"
+check_compiletime_version:"2.28.5"
Check runtime library version
-check_runtime_version:"2.28.4"
+check_runtime_version:"2.28.5"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0
diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function
index 981f8ab..eeae512 100644
--- a/tests/suites/test_suite_version.function
+++ b/tests/suites/test_suite_version.function
@@ -20,7 +20,7 @@
mbedtls_snprintf(build_str, 100, "%d.%d.%d", MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH);
- mbedtls_snprintf(build_str_full, 100, "mbed TLS %d.%d.%d", MBEDTLS_VERSION_MAJOR,
+ mbedtls_snprintf(build_str_full, 100, "Mbed TLS %d.%d.%d", MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH);
build_int = MBEDTLS_VERSION_MAJOR << 24 |
@@ -56,7 +56,7 @@
(get_int >> 24) & 0xFF,
(get_int >> 16) & 0xFF,
(get_int >> 8) & 0xFF);
- mbedtls_snprintf(build_str_full, 100, "mbed TLS %s", version_str);
+ mbedtls_snprintf(build_str_full, 100, "Mbed TLS %s", version_str);
TEST_ASSERT(strcmp(build_str, version_str) == 0);
TEST_ASSERT(strcmp(build_str_full, get_str_full) == 0);
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 09a9d12..6e32792 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -564,7 +564,7 @@
/*
* See comments on ecp_test_vect_restart() for op count precision.
*
- * For reference, with mbed TLS 2.6 and default settings:
+ * For reference, with Mbed TLS 2.6 and default settings:
* - ecdsa_verify() for P-256: ~ 6700
* - ecdsa_verify() for P-384: ~ 18800
* - x509_verify() for server5 -> test-ca2: ~ 18800