Merge branch 'mbedtls-2.16' into baremetal
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5f7d0d8..746b38a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -185,6 +185,7 @@
add_subdirectory(library)
add_subdirectory(include)
+add_subdirectory(tinycrypt)
if(ENABLE_PROGRAMS)
add_subdirectory(programs)
diff --git a/ChangeLog b/ChangeLog
index cec77d2..19c3b58 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,37 @@
an error or a meaningless output from mbedtls_ecdh_get_params. In the
latter case, this could expose at most 5 bits of the private key.
+Features
+ * Add support for draft-05 of the Connection ID extension, as specified
+ in https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05.
+ The Connection ID extension allows to keep DTLS connections beyond the
+ lifetime of the underlying transport by adding a connection identifier
+ to the DTLS record header. This identifier can be used to associated an
+ incoming record with the correct connection data even after the peer has
+ changed its IP or port. The feature is enabled at compile-time by setting
+ MBEDTLS_SSL_DTLS_CONNECTION_ID (disabled by default), and at run-time
+ through the new APIs mbedtls_ssl_conf_cid() and mbedtls_ssl_set_cid().
+ * Add new API functions mbedtls_ssl_session_save() and
+ mbedtls_ssl_session_load() to allow serializing a session, for example to
+ store it in non-volatile storage, and later using it for TLS session
+ resumption.
+ * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`
+ which allows copy-less parsing of DER encoded X.509 CRTs,
+ at the cost of additional lifetime constraints on the input
+ buffer, but at the benefit of reduced RAM consumption.
+ * Add new API function mbedtls_ssl_conf_extended_master_secret_enforce() to
+ allow enforcing the usage of ExtendedMasterSecret extension. If the
+ extension is used and this option is enabled, handshakes not leading to
+ the use of the extended master secret will be aborted. On the server,
+ fail the handshake if client doesn't advertise the ExtendedMasterSecret
+ extension. On the client, fail the handshake if the server doesn't
+ consent to the use of the ExtendedMasterSecret extension in its
+ ServerHello.
+
+API Changes
+ * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`.
+ See the Features section for more information.
+
Bugfix
* Server's RSA certificate in certs.c was SHA-1 signed. In the default
mbedTLS configuration only SHA-2 signed certificates are accepted.
@@ -97,6 +128,8 @@
leading content octet. Fixes #1610.
Changes
+ * Reduce RAM consumption during session renegotiation by not storing
+ the peer CRT chain and session ticket twice.
* Include configuration file in all header files that use configuration,
instead of relying on other header files that they include.
Inserted as an enhancement for #1371
diff --git a/configs/baremetal.h b/configs/baremetal.h
new file mode 100644
index 0000000..24cce6b
--- /dev/null
+++ b/configs/baremetal.h
@@ -0,0 +1,115 @@
+/**
+ * \file baremetal.h
+ *
+ * \brief Test configuration for minimal baremetal Mbed TLS builds
+ * based on the following primitives:
+ * - ECDHE-ECDSA only
+ * - Elliptic curve SECP256R1 only
+ * - SHA-256 only
+ * - AES-CCM-8 only
+ *
+ * The library compiles in this configuration, but the example
+ * programs `ssl_client2` and `ssl_server2` require the
+ * modifications from `baremetal_test.h`.
+ */
+/*
+ * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_BAREMETAL_CONFIG_H
+#define MBEDTLS_BAREMETAL_CONFIG_H
+
+/* Symmetric crypto: AES-CCM only */
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_AES_C
+#define MBEDTLS_AES_ROM_TABLES
+#define MBEDTLS_AES_FEWER_TABLES
+#define MBEDTLS_CCM_C
+
+/* Asymmetric crypto: Single-curve ECC only. */
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
+#define MBEDTLS_ECDH_C
+#define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_NIST_OPTIM
+#define MBEDTLS_ECDSA_DETERMINISTIC
+#define MBEDTLS_ECP_WINDOW_SIZE 2
+#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0
+#define MBEDTLS_ECP_MAX_BITS 256
+#define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes
+
+/* Key exchanges */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
+
+/* Digests - just SHA-256 */
+#define MBEDTLS_MD_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SHA256_SMALLER
+
+/* TLS options */
+#define MBEDTLS_SSL_CLI_C
+#define MBEDTLS_SSL_TLS_C
+#define MBEDTLS_SSL_PROTO_TLS1_2
+#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#define MBEDTLS_SSL_SESSION_TICKETS
+#define MBEDTLS_SSL_COOKIE_C
+#define MBEDTLS_SSL_PROTO_DTLS
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+#define MBEDTLS_SSL_DTLS_CONNECTION_ID
+
+/* X.509 CRT parsing */
+#define MBEDTLS_X509_USE_C
+#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_CHECK_KEY_USAGE
+#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+#define MBEDTLS_ASN1_PARSE_C
+
+/* X.509 CSR writing */
+#define MBEDTLS_X509_CSR_WRITE_C
+#define MBEDTLS_X509_CREATE_C
+#define MBEDTLS_ASN1_WRITE_C
+
+/* RNG and PRNG */
+#define MBEDTLS_NO_PLATFORM_ENTROPY
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_HMAC_DRBG_C
+
+#define MBEDTLS_OID_C
+#define MBEDTLS_PLATFORM_C
+
+/* I/O buffer configuration */
+#define MBEDTLS_SSL_MAX_CONTENT_LEN 2048
+
+/* Server-side only */
+#define MBEDTLS_SSL_TICKET_C
+#define MBEDTLS_SSL_SRV_C
+
+#if defined(MBEDTLS_USER_CONFIG_FILE)
+#include MBEDTLS_USER_CONFIG_FILE
+#endif
+
+#include <mbedtls/check_config.h>
+
+#endif /* MBEDTLS_BAREMETAL_CONFIG_H */
diff --git a/configs/baremetal_test.h b/configs/baremetal_test.h
new file mode 100644
index 0000000..82c0ed1
--- /dev/null
+++ b/configs/baremetal_test.h
@@ -0,0 +1,63 @@
+/**
+ * \file baremetal_test.h
+ *
+ * \brief This file contains minimal modifications to the
+ * baremetal configuration `baremetal.h` which allows
+ * example programs to compile and run.
+ *
+ * It should be used as the `MBEDTLS_USER_CONFIG_FILE`
+ * in builds using `baremetal.h`.
+ */
+/*
+ * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_BAREMETAL_USER_CONFIG_H
+#define MBEDTLS_BAREMETAL_USER_CONFIG_H
+
+/* We need test CRTs to be able to run ssl_client2 and ssl_server2. */
+#define MBEDTLS_CERTS_C
+/* For the network context used by ssl_client2 and ssl_server2. */
+#define MBEDTLS_NET_C
+/* Debug output */
+#define MBEDTLS_DEBUG_C
+
+/* We don't have DER-encoded test CRTs yet. */
+#define MBEDTLS_PEM_PARSE_C
+#define MBEDTLS_BASE64_C
+/* We don't have Secp256r1 test CRTs at the moment. */
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+
+/* Correct ECP configuration values */
+#undef MBEDTLS_ECP_MAX_BITS
+#undef MBEDTLS_MPI_MAX_SIZE
+#define MBEDTLS_ECP_MAX_BITS 384
+#define MBEDTLS_MPI_MAX_SIZE 48
+
+/* ssl_client2 and ssl_server2 use CTR-DRBG so far. */
+#define MBEDTLS_CTR_DRBG_C
+
+/* The ticket implementation hardcodes AES-GCM */
+#define MBEDTLS_GCM_C
+
+/* Use Mbed TLS' timer implementation for Linux. */
+#define MBEDTLS_TIMING_C
+
+#undef MBEDTLS_NO_PLATFORM_ENTROPY
+
+#endif /* MBEDTLS_BAREMETAL_USER_CONFIG_H */
diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index c9b58dd..bd2c1a3 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -41,6 +41,7 @@
/* mbed TLS feature support */
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2
+#define MBEDTLS_SSL_PROTO_TLS
/* mbed TLS modules */
#define MBEDTLS_AES_C
diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h
index 013bc03..349ea8e 100644
--- a/configs/config-mini-tls1_1.h
+++ b/configs/config-mini-tls1_1.h
@@ -40,6 +40,7 @@
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_1
+#define MBEDTLS_SSL_PROTO_TLS
/* mbed TLS modules */
#define MBEDTLS_AES_C
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 18e2c40..e6fad1c 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -47,6 +47,7 @@
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2
+#define MBEDTLS_SSL_PROTO_TLS
/* mbed TLS modules */
#define MBEDTLS_AES_C
diff --git a/configs/config-thread.h b/configs/config-thread.h
index 25db16b..3166aa9 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -29,6 +29,7 @@
* Distinguishing features:
* - no RSA or classic DH, fully based on ECC
* - no X.509
+ * - no TLS, only DTLS
* - support for experimental EC J-PAKE key exchange
*
* See README.txt for usage instructions.
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index d1c81d8..e5d2dda 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -696,7 +696,9 @@
# Note that relative paths are relative to the directory from which doxygen is
# run.
-EXCLUDE =
+EXCLUDE = ./../include/tinycrypt/ecc.h \
+ ./../include/tinycrypt/ecc_dh.h \
+ ./../include/tinycrypt/ecc_dsa.h
# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
# directories that are symbolic links (a Unix file system feature) are excluded
diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
index c2f2bd4..a4afdb6 100644
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -3,6 +3,7 @@
if(INSTALL_MBEDTLS_HEADERS)
file(GLOB headers "mbedtls/*.h")
+ file(GLOB headers "tinycrypt/*.h")
install(FILES ${headers}
DESTINATION include/mbedtls
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index b86e580..b3677b5 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -87,6 +87,10 @@
#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_USE_TINYCRYPT) && defined(MBEDTLS_NO_64BIT_MULTIPLICATION)
+#error "MBEDTLS_USE_TINYCRYPT defined, but it cannot be defined with MBEDTLS_NO_64BIT_MULTIPLICATION"
+#endif
+
#if defined(MBEDTLS_NIST_KW_C) && \
( !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CIPHER_C) )
#error "MBEDTLS_NIST_KW_C defined, but not all prerequisites"
@@ -558,7 +562,12 @@
#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_SSL3) && \
!defined(MBEDTLS_SSL_PROTO_TLS1) && !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2))
-#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
+#error "MBEDTLS_SSL_TLS_C defined, but no protocol version is active"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && \
+ ( !defined(MBEDTLS_SSL_PROTO_TLS) && !defined(MBEDTLS_SSL_PROTO_DTLS) )
+#error "MBEDTLS_SSL_TLS_C defined, but neither TLS or DTLS is active"
#endif
#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
@@ -591,6 +600,23 @@
#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
+ ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
+#error "MBEDTLS_SSL_DTLS_CONNECTION_ID defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
+ defined(MBEDTLS_SSL_CID_IN_LEN_MAX) && \
+ MBEDTLS_SSL_CID_IN_LEN_MAX > 255
+#error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
+ defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) && \
+ MBEDTLS_SSL_CID_OUT_LEN_MAX > 255
+#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
+#endif
+
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \
( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT defined, but not all prerequisites"
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 654f972..e0b5ba4 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1270,6 +1270,34 @@
#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
/**
+ * \def MBEDTLS_SSL_DTLS_CONNECTION_ID
+ *
+ * Enable support for the DTLS Connection ID extension
+ * (version draft-ietf-tls-dtls-connection-id-05,
+ * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
+ * which allows to identify DTLS connections across changes
+ * in the underlying transport.
+ *
+ * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
+ * `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`.
+ * See the corresponding documentation for more information.
+ *
+ * \warning The Connection ID extension is still in draft state.
+ * We make no stability promises for the availability
+ * or the shape of the API controlled by this option.
+ *
+ * The maximum lengths of outgoing and incoming CIDs can be configured
+ * through the options
+ * - MBEDTLS_SSL_CID_OUT_LEN_MAX
+ * - MBEDTLS_SSL_CID_IN_LEN_MAX.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Uncomment to enable the Connection ID extension.
+ */
+//#define MBEDTLS_SSL_DTLS_CONNECTION_ID
+
+/**
* \def MBEDTLS_SSL_ASYNC_PRIVATE
*
* Enable asynchronous external private key operations in SSL. This allows
@@ -1425,7 +1453,7 @@
/**
* \def MBEDTLS_SSL_PROTO_SSL3
*
- * Enable support for SSL 3.0.
+ * Enable support for SSL 3.0 (if TLS is enabled).
*
* Requires: MBEDTLS_MD5_C
* MBEDTLS_SHA1_C
@@ -1437,7 +1465,7 @@
/**
* \def MBEDTLS_SSL_PROTO_TLS1
*
- * Enable support for TLS 1.0.
+ * Enable support for TLS 1.0 (if TLS is enabled).
*
* Requires: MBEDTLS_MD5_C
* MBEDTLS_SHA1_C
@@ -1449,7 +1477,8 @@
/**
* \def MBEDTLS_SSL_PROTO_TLS1_1
*
- * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
+ * Enable support for TLS 1.1 (if TLS is enabled) and DTLS 1.0 (if DTLS is
+ * enabled).
*
* Requires: MBEDTLS_MD5_C
* MBEDTLS_SHA1_C
@@ -1461,7 +1490,8 @@
/**
* \def MBEDTLS_SSL_PROTO_TLS1_2
*
- * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
+ * Enable support for TLS 1.2 (if TLS is enabled) and DTLS 1.2 (if DTLS is
+ * enabled).
*
* Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
* (Depends on ciphersuites)
@@ -1475,8 +1505,10 @@
*
* Enable support for DTLS (all available versions).
*
- * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
- * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
+ * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2,
+ * and/or this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0.
+ *
+ * \see MBEDTLS_SSL_PROTO_TLS
*
* Requires: MBEDTLS_SSL_PROTO_TLS1_1
* or MBEDTLS_SSL_PROTO_TLS1_2
@@ -1486,6 +1518,27 @@
#define MBEDTLS_SSL_PROTO_DTLS
/**
+ * \def MBEDTLS_SSL_PROTO_TLS
+ *
+ * Enable support for SSL/TLS (all available versions).
+ *
+ * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable TLS 1.2;
+ * enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable TLS 1.1;
+ * enable this and MBEDTLS_SSL_PROTO_TLS1 to enable TLS 1.0;
+ * and/or this and MBEDTLS_SSL_PROTO_SSL3 to enable SSL 3.0 (deprecated).
+ *
+ * \see MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_2
+ * or MBEDTLS_SSL_PROTO_TLS1_1
+ * or MBEDTLS_SSL_PROTO_TLS1
+ * or MBEDTLS_SSL_PROTO_SSL3 (deprecated)
+ *
+ * Comment this macro to disable support for TLS
+ */
+#define MBEDTLS_SSL_PROTO_TLS
+
+/**
* \def MBEDTLS_SSL_ALPN
*
* Enable support for RFC 7301 Application Layer Protocol Negotiation.
@@ -2255,6 +2308,22 @@
#define MBEDTLS_ECP_C
/**
+ * \def MBEDTLS_USE_TINYCRYPT
+ *
+ * Enable the TinyCrypt ECC library. This module provides alternative ECC
+ * handling functions replacing the native Mbed TLS ECP module.
+ *
+ * TinyCrypt is a project independent from Mbed TLS, licensed under 3-clause
+ * BSD, and can be found at https://github.com/intel/tinycrypt - this option
+ * only enables the ECC modules from TinyCrypt.
+ *
+ * Module: tinycrypt/ecc.c
+ * tinycrypt/ecc_dh.c
+ * tinycrypt/ecc_dsa.c
+ */
+//#define MBEDTLS_USE_TINYCRYPT
+
+/**
* \def MBEDTLS_ENTROPY_C
*
* Enable the platform-specific entropy code.
@@ -3145,6 +3214,37 @@
*/
//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
+/** \def MBEDTLS_SSL_CID_IN_LEN_MAX
+ *
+ * The maximum length of CIDs used for incoming DTLS messages.
+ *
+ */
+//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
+
+/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX
+ *
+ * The maximum length of CIDs used for outgoing DTLS messages.
+ *
+ */
+//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
+
+/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY
+ *
+ * This option controls the use of record plaintext padding
+ * when using the Connection ID extension in DTLS 1.2.
+ *
+ * The padding will always be chosen so that the length of the
+ * padded plaintext is a multiple of the value of this option.
+ *
+ * Note: A value of \c 1 means that no padding will be used
+ * for outgoing records.
+ *
+ * Note: On systems lacking division instructions,
+ * a power of two should be preferred.
+ *
+ */
+//#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
+
/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
*
* Maximum length (in bytes) of outgoing plaintext fragments.
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index 736444b..1020676 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -262,4 +262,3 @@
#endif
#endif /* debug.h */
-
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index bee0fe4..31f294f 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -100,8 +100,9 @@
* ECP 4 10 (Started from top)
* MD 5 5
* HKDF 5 1 (Started from top)
- * CIPHER 6 8
- * SSL 6 23 (Started from top)
+ * SSL 5 1 (Started from 0x5F00)
+ * CIPHER 6 8 (Started from 0x6080)
+ * SSL 6 24 (Started from top, plus 0x6000)
* SSL 7 32
*
* Module dependent error code (5 bits 0x.00.-0x.F8.)
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 8bcf766..69ab21f 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -74,6 +74,12 @@
#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */
#endif
+#if defined(MBEDTLS_SHA512_C)
+#define MBEDTLS_MD_MAX_BLOCK_SIZE 128
+#else
+#define MBEDTLS_MD_MAX_BLOCK_SIZE 64
+#endif
+
/**
* Opaque struct defined in md_internal.h.
*/
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index d31f6cd..5066807 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -122,6 +122,8 @@
#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */
#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 /**< The asynchronous operation is not completed yet. */
#define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 /**< Internal-only message signaling that a message arrived early. */
+#define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000 /**< An encrypted DTLS-frame with an unexpected CID was received. */
+#define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00 /**< An operation failed due to an unexpected version or configuration. */
#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 /**< A cryptographic operation is in progress. Try again later. */
/*
@@ -156,6 +158,12 @@
#define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
#define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
+#define MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED 0
+#define MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED 1
+
+#define MBEDTLS_SSL_CID_DISABLED 0
+#define MBEDTLS_SSL_CID_ENABLED 1
+
#define MBEDTLS_SSL_ETM_DISABLED 0
#define MBEDTLS_SSL_ETM_ENABLED 1
@@ -252,6 +260,21 @@
#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
#endif
+/*
+ * Maximum length of CIDs for incoming and outgoing messages.
+ */
+#if !defined(MBEDTLS_SSL_CID_IN_LEN_MAX)
+#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
+#endif
+
+#if !defined(MBEDTLS_SSL_CID_OUT_LEN_MAX)
+#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
+#endif
+
+#if !defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY)
+#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
+#endif
+
/* \} name SECTION: Module settings */
/*
@@ -299,6 +322,7 @@
#define MBEDTLS_SSL_MSG_ALERT 21
#define MBEDTLS_SSL_MSG_HANDSHAKE 22
#define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
+#define MBEDTLS_SSL_MSG_CID 25
#define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
#define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
@@ -368,6 +392,11 @@
#define MBEDTLS_TLS_EXT_SESSION_TICKET 35
+/* The value of the CID extension is still TBD as of
+ * draft-ietf-tls-dtls-connection-id-05
+ * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) */
+#define MBEDTLS_TLS_EXT_CID 254 /* TBD */
+
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
@@ -785,6 +814,14 @@
/*
* This structure is used for storing current session data.
+ *
+ * Note: when changing this definition, we need to check and update:
+ * - in tests/suites/test_suite_ssl.function:
+ * ssl_populate_session() and ssl_serialize_session_save_load()
+ * - in library/ssl_tls.c:
+ * mbedtls_ssl_session_init() and mbedtls_ssl_session_free()
+ * mbedtls_ssl_session_save() and ssl_session_load()
+ * ssl_session_copy()
*/
struct mbedtls_ssl_session
{
@@ -892,6 +929,10 @@
void *p_export_keys; /*!< context for key export callback */
#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ size_t cid_len; /*!< The length of CIDs for incoming DTLS records. */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */
@@ -993,6 +1034,9 @@
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
unsigned int extended_ms : 1; /*!< negotiate extended master secret? */
+ unsigned int enforce_extended_master_secret : 1; /*!< enforce the usage
+ * of extended master
+ * secret */
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
unsigned int anti_replay : 1; /*!< detect and prevent replay? */
@@ -1016,6 +1060,11 @@
unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in
Certificate Request messages? */
#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS
+ * record with unexpected CID
+ * should lead to failure. */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
};
@@ -1083,6 +1132,10 @@
TLS: maintained by us
DTLS: read from peer */
unsigned char *in_hdr; /*!< start of record header */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ unsigned char *in_cid; /*!< The start of the CID;
+ * (the end is marked by in_len). */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
unsigned char *in_len; /*!< two-bytes message length field */
unsigned char *in_iv; /*!< ivlen-byte IV */
unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */
@@ -1119,6 +1172,10 @@
unsigned char *out_buf; /*!< output buffer */
unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
unsigned char *out_hdr; /*!< start of record header */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ unsigned char *out_cid; /*!< The start of the CID;
+ * (the end is marked by in_len). */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
unsigned char *out_len; /*!< two-bytes message length field */
unsigned char *out_iv; /*!< ivlen-byte IV */
unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */
@@ -1176,6 +1233,21 @@
char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* CID configuration to use in subsequent handshakes. */
+
+ /*! The next incoming CID, chosen by the user and applying to
+ * all subsequent handshakes. This may be different from the
+ * CID currently used in case the user has re-configured the CID
+ * after an initial handshake. */
+ unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
+ uint8_t own_cid_len; /*!< The length of \c own_cid. */
+ uint8_t negotiate_cid; /*!< This indicates whether the CID extension should
+ * be negotiated in the next handshake or not.
+ * Possible values are #MBEDTLS_SSL_CID_ENABLED
+ * and #MBEDTLS_SSL_CID_DISABLED. */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
};
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
@@ -1271,7 +1343,8 @@
/**
* \brief Set the transport type (TLS or DTLS).
- * Default: TLS
+ * Default: TLS if #MBEDTLS_SSL_PROTO_TLS is defined, else
+ * DTLS.
*
* \note For DTLS, you must either provide a recv callback that
* doesn't block, or one that handles timeouts, see
@@ -1396,6 +1469,142 @@
mbedtls_ssl_recv_timeout_t *f_recv_timeout );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+
+
+/**
+ * \brief Configure the use of the Connection ID (CID)
+ * extension in the next handshake.
+ *
+ * Reference: draft-ietf-tls-dtls-connection-id-05
+ * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
+ *
+ * The DTLS CID extension allows the reliable association of
+ * DTLS records to DTLS connections across changes in the
+ * underlying transport (changed IP and Port metadata) by
+ * adding explicit connection identifiers (CIDs) to the
+ * headers of encrypted DTLS records. The desired CIDs are
+ * configured by the application layer and are exchanged in
+ * new `ClientHello` / `ServerHello` extensions during the
+ * handshake, where each side indicates the CID it wants the
+ * peer to use when writing encrypted messages. The CIDs are
+ * put to use once records get encrypted: the stack discards
+ * any incoming records that don't include the configured CID
+ * in their header, and adds the peer's requested CID to the
+ * headers of outgoing messages.
+ *
+ * This API enables or disables the use of the CID extension
+ * in the next handshake and sets the value of the CID to
+ * be used for incoming messages.
+ *
+ * \param ssl The SSL context to configure. This must be initialized.
+ * \param enable This value determines whether the CID extension should
+ * be used or not. Possible values are:
+ * - MBEDTLS_SSL_CID_ENABLED to enable the use of the CID.
+ * - MBEDTLS_SSL_CID_DISABLED (default) to disable the use
+ * of the CID.
+ * \param own_cid The address of the readable buffer holding the CID we want
+ * the peer to use when sending encrypted messages to us.
+ * This may be \c NULL if \p own_cid_len is \c 0.
+ * This parameter is unused if \p enabled is set to
+ * MBEDTLS_SSL_CID_DISABLED.
+ * \param own_cid_len The length of \p own_cid.
+ * This parameter is unused if \p enabled is set to
+ * MBEDTLS_SSL_CID_DISABLED.
+ *
+ * \note The value of \p own_cid_len must match the value of the
+ * \c len parameter passed to mbedtls_ssl_conf_cid()
+ * when configuring the ::mbedtls_ssl_config that \p ssl
+ * is bound to.
+ *
+ * \note This CID configuration applies to subsequent handshakes
+ * performed on the SSL context \p ssl, but does not trigger
+ * one. You still have to call `mbedtls_ssl_handshake()`
+ * (for the initial handshake) or `mbedtls_ssl_renegotiate()`
+ * (for a renegotiation handshake) explicitly after a
+ * successful call to this function to run the handshake.
+ *
+ * \note This call cannot guarantee that the use of the CID
+ * will be successfully negotiated in the next handshake,
+ * because the peer might not support it. Specifically:
+ * - On the Client, enabling the use of the CID through
+ * this call implies that the `ClientHello` in the next
+ * handshake will include the CID extension, thereby
+ * offering the use of the CID to the server. Only if
+ * the `ServerHello` contains the CID extension, too,
+ * the CID extension will actually be put to use.
+ * - On the Server, enabling the use of the CID through
+ * this call implies that that the server will look for
+ * the CID extension in a `ClientHello` from the client,
+ * and, if present, reply with a CID extension in its
+ * `ServerHello`.
+ *
+ * \note To check whether the use of the CID was negotiated
+ * after the subsequent handshake has completed, please
+ * use the API mbedtls_ssl_get_peer_cid().
+ *
+ * \warning If the use of the CID extension is enabled in this call
+ * and the subsequent handshake negotiates its use, Mbed TLS
+ * will silently drop every packet whose CID does not match
+ * the CID configured in \p own_cid. It is the responsibility
+ * of the user to adapt the underlying transport to take care
+ * of CID-based demultiplexing before handing datagrams to
+ * Mbed TLS.
+ *
+ * \return \c 0 on success. In this case, the CID configuration
+ * applies to the next handshake.
+ * \return A negative error code on failure.
+ */
+int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
+ int enable,
+ unsigned char const *own_cid,
+ size_t own_cid_len );
+
+/**
+ * \brief Get information about the use of the CID extension
+ * in the current connection.
+ *
+ * \param ssl The SSL context to query.
+ * \param enabled The address at which to store whether the CID extension
+ * is currently in use or not. If the CID is in use,
+ * `*enabled` is set to MBEDTLS_SSL_CID_ENABLED;
+ * otherwise, it is set to MBEDTLS_SSL_CID_DISABLED.
+ * \param peer_cid The address of the buffer in which to store the CID
+ * chosen by the peer (if the CID extension is used).
+ * This may be \c NULL in case the value of peer CID
+ * isn't needed. If it is not \c NULL, \p peer_cid_len
+ * must not be \c NULL.
+ * \param peer_cid_len The address at which to store the size of the CID
+ * chosen by the peer (if the CID extension is used).
+ * This is also the number of Bytes in \p peer_cid that
+ * have been written.
+ * This may be \c NULL in case the length of the peer CID
+ * isn't needed. If it is \c NULL, \p peer_cid must be
+ * \c NULL, too.
+ *
+ * \note This applies to the state of the CID negotiated in
+ * the last complete handshake. If a handshake is in
+ * progress, this function will attempt to complete
+ * the handshake first.
+ *
+ * \note If CID extensions have been exchanged but both client
+ * and server chose to use an empty CID, this function
+ * sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED
+ * (the rationale for this is that the resulting
+ * communication is the same as if the CID extensions
+ * hadn't been used).
+ *
+ * \return \c 0 on success.
+ * \return A negative error code on failure.
+ */
+int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
+ int *enabled,
+ unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],
+ size_t *peer_cid_len );
+
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
/**
* \brief Set the Maximum Tranport Unit (MTU).
* Special value: 0 means unset (no limit).
@@ -1953,6 +2162,90 @@
#endif /* MBEDTLS_SSL_CLI_C */
/**
+ * \brief Load serialized session data into a session structure.
+ * On client, this can be used for loading saved sessions
+ * before resuming them with mbedstls_ssl_set_session().
+ * On server, this can be used for alternative implementations
+ * of session cache or session tickets.
+ *
+ * \warning If a peer certificate chain is associated with the session,
+ * the serialized state will only contain the peer's
+ * end-entity certificate and the result of the chain
+ * verification (unless verification was disabled), but not
+ * the rest of the chain.
+ *
+ * \see mbedtls_ssl_session_save()
+ * \see mbedtls_ssl_set_session()
+ *
+ * \param session The session structure to be populated. It must have been
+ * initialised with mbedtls_ssl_session_init() but not
+ * populated yet.
+ * \param buf The buffer holding the serialized session data. It must be a
+ * readable buffer of at least \p len bytes.
+ * \param len The size of the serialized data in bytes.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
+ * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
+ * \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data
+ * was generated in a different version or configuration of
+ * Mbed TLS.
+ * \return Another negative value for other kinds of errors (for
+ * example, unsupported features in the embedded certificate).
+ */
+int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
+ const unsigned char *buf,
+ size_t len );
+
+/**
+ * \brief Save session structure as serialized data in a buffer.
+ * On client, this can be used for saving session data,
+ * potentially in non-volatile storage, for resuming later.
+ * On server, this can be used for alternative implementations
+ * of session cache or session tickets.
+ *
+ * \see mbedtls_ssl_session_load()
+ * \see mbedtls_ssl_get_session_pointer()
+ *
+ * \param session The session structure to be saved.
+ * \param buf The buffer to write the serialized data to. It must be a
+ * writeable buffer of at least \p len bytes, or may be \c
+ * NULL if \p len is \c 0.
+ * \param buf_len The number of bytes available for writing in \p buf.
+ * \param olen The size in bytes of the data that has been or would have
+ * been written. It must point to a valid \c size_t.
+ *
+ * \note \p olen is updated to the correct value regardless of
+ * whether \p buf_len was large enough. This makes it possible
+ * to determine the necessary size by calling this function
+ * with \p buf set to \c NULL and \p buf_len to \c 0.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
+ */
+int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
+ unsigned char *buf,
+ size_t buf_len,
+ size_t *olen );
+
+/**
+ * \brief Get a pointer to the current session structure, for example
+ * to serialize it.
+ *
+ * \warning Ownership of the session remains with the SSL context, and
+ * the returned pointer is only guaranteed to be valid until
+ * the next API call operating on the same \p ssl context.
+ *
+ * \see mbedtls_ssl_session_save()
+ *
+ * \param ssl The SSL context.
+ *
+ * \return A pointer to the current session if successful.
+ * \return \c NULL if no session is active.
+ */
+const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl );
+
+/**
* \brief Set the list of allowed ciphersuites and the preference
* order. First in the list has the highest preference.
* (Overrides all version-specific lists)
@@ -1970,6 +2263,45 @@
void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
const int *ciphersuites );
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
+#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1
+/**
+ * \brief Specify the length of Connection IDs for incoming
+ * encrypted DTLS records, as well as the behaviour
+ * on unexpected CIDs.
+ *
+ * By default, the CID length is set to \c 0,
+ * and unexpected CIDs are silently ignored.
+ *
+ * \param conf The SSL configuration to modify.
+ * \param len The length in Bytes of the CID fields in encrypted
+ * DTLS records using the CID mechanism. This must
+ * not be larger than #MBEDTLS_SSL_CID_OUT_LEN_MAX.
+ * \param ignore_other_cids This determines the stack's behaviour when
+ * receiving a record with an unexpected CID.
+ * Possible values are:
+ * - #MBEDTLS_SSL_UNEXPECTED_CID_IGNORE
+ * In this case, the record is silently ignored.
+ * - #MBEDTLS_SSL_UNEXPECTED_CID_FAIL
+ * In this case, the stack fails with the specific
+ * error code #MBEDTLS_ERR_SSL_UNEXPECTED_CID.
+ *
+ * \note The CID specification allows implementations to either
+ * use a common length for all incoming connection IDs or
+ * allow variable-length incoming IDs. Mbed TLS currently
+ * requires a common length for all connections sharing the
+ * same SSL configuration; this allows simpler parsing of
+ * record headers.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len
+ * is too large.
+ */
+int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len,
+ int ignore_other_cids );
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
/**
* \brief Set the list of allowed ciphersuites and the
* preference order for a specific version of the protocol.
@@ -2495,6 +2827,26 @@
* \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
*/
void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
+
+/**
+ * \brief Enable or disable Extended Master Secret enforcing.
+ * (Default: MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED)
+ *
+ * \note If the use of extended master secret is configured (see
+ * `mbedtls_ssl_conf_extended_master_secret()`) and this
+ * option is set, handshakes not leading to the use of the
+ * extended master secret will be aborted: On the server, fail
+ * the handshake if the client doesn't advertise the
+ * ExtendedMasterSecret extension. On the client: Fail the
+ * handshake if the server doesn't consent to the use of the
+ * ExtendedMasterSecret extension in its ServerHello.
+ *
+ * \param conf Currently used SSL configuration struct.
+ * \param ems_enf MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED or
+ * MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED
+ */
+void mbedtls_ssl_conf_extended_master_secret_enforce( mbedtls_ssl_config *conf,
+ char ems_enf );
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_ARC4_C)
@@ -2704,7 +3056,7 @@
* (Default: 2^48 - 1)
*
* Renegotiation is automatically triggered when a record
- * counter (outgoing or ingoing) crosses the defined
+ * counter (outgoing or incoming) crosses the defined
* threshold. The default value is meant to prevent the
* connection from being closed when the counter is about to
* reached its maximal value (it is not allowed to wrap).
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index bd5ad94..1c8709f 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -137,7 +137,16 @@
#define MBEDTLS_SSL_COMPRESSION_ADD 0
#endif
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
+ ( defined(MBEDTLS_CIPHER_MODE_CBC) && \
+ ( defined(MBEDTLS_AES_C) || \
+ defined(MBEDTLS_CAMELLIA_C) || \
+ defined(MBEDTLS_ARIA_C) || \
+ defined(MBEDTLS_DES_C) ) )
+#define MBEDTLS_SSL_SOME_MODES_USE_MAC
+#endif
+
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
/* Ciphersuites using HMAC */
#if defined(MBEDTLS_SHA512_C)
#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
@@ -146,7 +155,7 @@
#else
#define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
#endif
-#else
+#else /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
#define MBEDTLS_SSL_MAC_ADD 16
#endif
@@ -157,10 +166,17 @@
#define MBEDTLS_SSL_PADDING_ADD 0
#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+#define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_PADDING_GRANULARITY
+#else
+#define MBEDTLS_SSL_MAX_CID_EXPANSION 0
+#endif
+
#define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD + \
MBEDTLS_MAX_IV_LENGTH + \
MBEDTLS_SSL_MAC_ADD + \
- MBEDTLS_SSL_PADDING_ADD \
+ MBEDTLS_SSL_PADDING_ADD + \
+ MBEDTLS_SSL_MAX_CID_EXPANSION \
)
#define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
@@ -213,11 +229,23 @@
implicit sequence number. */
#define MBEDTLS_SSL_HEADER_LEN 13
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define MBEDTLS_SSL_IN_BUFFER_LEN \
( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
+#else
+#define MBEDTLS_SSL_IN_BUFFER_LEN \
+ ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) \
+ + ( MBEDTLS_SSL_CID_IN_LEN_MAX ) )
+#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define MBEDTLS_SSL_OUT_BUFFER_LEN \
( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
+#else
+#define MBEDTLS_SSL_OUT_BUFFER_LEN \
+ ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) \
+ + ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
+#endif
#ifdef MBEDTLS_ZLIB_SUPPORT
/* Compression buffer holds both IN and OUT buffers, so should be size of the larger */
@@ -236,6 +264,57 @@
#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
+/*
+ * Helpers for code specific to TLS or DTLS.
+ *
+ * Goals for these helpers:
+ * - generate minimal code, eg don't test if mode is DTLS in a DTLS-only build
+ * - make the flow clear to the compiler, so that in TLS and DTLS combined
+ * builds, when there are two branches, it knows exactly one of them is taken
+ * - preserve readability
+ *
+ * There are three macros:
+ * - MBEDTLS_SSL_TRANSPORT_IS_TLS( transport )
+ * - MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport )
+ * - MBEDTLS_SSL_TRANSPORT_ELSE
+ *
+ * The first two are macros rather than static inline functions because some
+ * compilers (eg arm-none-eabi-gcc 5.4.1 20160919) don't propagate constants
+ * well enough for us with static inline functions.
+ *
+ * Usage 1 (can replace DTLS with TLS):
+ * #if defined(MBEDTLS_SSL_PROTO_DTLS)
+ * if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) )
+ * // DTLS-specific code
+ * #endif
+ *
+ * Usage 2 (can swap DTLS and TLS);
+ * #if defined(MBEDTLS_SSL_PROTO_DTLS)
+ * if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) )
+ * // DTLS-specific code
+ * MBEDTLS_SSL_TRANSPORT_ELSE
+ * #endif
+ * #if defined(MBEDTLS_SSL_PROTO_TLS)
+ * // TLS-specific code
+ * #endif
+ */
+#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_PROTO_TLS) /* both */
+#define MBEDTLS_SSL_TRANSPORT__BOTH /* shortcut for future tests */
+#define MBEDTLS_SSL_TRANSPORT_IS_TLS( transport ) \
+ ( (transport) == MBEDTLS_SSL_TRANSPORT_STREAM )
+#define MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) \
+ ( (transport) == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+#define MBEDTLS_SSL_TRANSPORT_ELSE else
+#elif defined(MBEDTLS_SSL_PROTO_DTLS) /* DTLS only */
+#define MBEDTLS_SSL_TRANSPORT_IS_TLS( transport ) 0
+#define MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) 1
+#define MBEDTLS_SSL_TRANSPORT_ELSE /* empty: no other branch */
+#else /* TLS only */
+#define MBEDTLS_SSL_TRANSPORT_IS_TLS( transport ) 1
+#define MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) 0
+#define MBEDTLS_SSL_TRANSPORT_ELSE /* empty: no other branch */
+#endif /* TLS and/or DTLS */
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -334,6 +413,18 @@
unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
for resending messages */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* The state of CID configuration in this handshake. */
+
+ uint8_t cid_in_use; /*!< This indicates whether the use of the CID extension
+ * has been negotiated. Possible values are
+ * #MBEDTLS_SSL_CID_ENABLED and
+ * #MBEDTLS_SSL_CID_DISABLED. */
+ unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */
+ uint8_t peer_cid_len; /*!< The length of
+ * \c peer_cid. */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
struct
{
size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
@@ -381,12 +472,14 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
- void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
+ void (*calc_verify)(const mbedtls_ssl_context *, unsigned char *, size_t *);
void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
int (*tls_prf)(const unsigned char *, size_t, const char *,
const unsigned char *, size_t,
unsigned char *, size_t);
+ mbedtls_ssl_ciphersuite_t const *ciphersuite_info;
+
size_t pmslen; /*!< premaster length */
unsigned char randbytes[64]; /*!< random bytes */
@@ -422,25 +515,116 @@
typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
/*
- * This structure contains a full set of runtime transform parameters
- * either in negotiation or active.
+ * Representation of decryption/encryption transformations on records
+ *
+ * There are the following general types of record transformations:
+ * - Stream transformations (TLS versions <= 1.2 only)
+ * Transformation adding a MAC and applying a stream-cipher
+ * to the authenticated message.
+ * - CBC block cipher transformations ([D]TLS versions <= 1.2 only)
+ * In addition to the distinction of the order of encryption and
+ * authentication, there's a fundamental difference between the
+ * handling in SSL3 & TLS 1.0 and TLS 1.1 and TLS 1.2: For SSL3
+ * and TLS 1.0, the final IV after processing a record is used
+ * as the IV for the next record. No explicit IV is contained
+ * in an encrypted record. The IV for the first record is extracted
+ * at key extraction time. In contrast, for TLS 1.1 and 1.2, no
+ * IV is generated at key extraction time, but every encrypted
+ * record is explicitly prefixed by the IV with which it was encrypted.
+ * - AEAD transformations ([D]TLS versions >= 1.2 only)
+ * These come in two fundamentally different versions, the first one
+ * used in TLS 1.2, excluding ChaChaPoly ciphersuites, and the second
+ * one used for ChaChaPoly ciphersuites in TLS 1.2 as well as for TLS 1.3.
+ * In the first transformation, the IV to be used for a record is obtained
+ * as the concatenation of an explicit, static 4-byte IV and the 8-byte
+ * record sequence number, and explicitly prepending this sequence number
+ * to the encrypted record. In contrast, in the second transformation
+ * the IV is obtained by XOR'ing a static IV obtained at key extraction
+ * time with the 8-byte record sequence number, without prepending the
+ * latter to the encrypted record.
+ *
+ * In addition to type and version, the following parameters are relevant:
+ * - The symmetric cipher algorithm to be used.
+ * - The (static) encryption/decryption keys for the cipher.
+ * - For stream/CBC, the type of message digest to be used.
+ * - For stream/CBC, (static) encryption/decryption keys for the digest.
+ * - For AEAD transformations, the size (potentially 0) of an explicit,
+ * random initialization vector placed in encrypted records.
+ * - For some transformations (currently AEAD and CBC in SSL3 and TLS 1.0)
+ * an implicit IV. It may be static (e.g. AEAD) or dynamic (e.g. CBC)
+ * and (if present) is combined with the explicit IV in a transformation-
+ * dependent way (e.g. appending in TLS 1.2 and XOR'ing in TLS 1.3).
+ * - For stream/CBC, a flag determining the order of encryption and MAC.
+ * - The details of the transformation depend on the SSL/TLS version.
+ * - The length of the authentication tag.
+ *
+ * Note: Except for CBC in SSL3 and TLS 1.0, these parameters are
+ * constant across multiple encryption/decryption operations.
+ * For CBC, the implicit IV needs to be updated after each
+ * operation.
+ *
+ * The struct below refines this abstract view as follows:
+ * - The cipher underlying the transformation is managed in
+ * cipher contexts cipher_ctx_{enc/dec}, which must have the
+ * same cipher type. The mode of these cipher contexts determines
+ * the type of the transformation in the sense above: e.g., if
+ * the type is MBEDTLS_CIPHER_AES_256_CBC resp. MBEDTLS_CIPHER_AES_192_GCM
+ * then the transformation has type CBC resp. AEAD.
+ * - The cipher keys are never stored explicitly but
+ * are maintained within cipher_ctx_{enc/dec}.
+ * - For stream/CBC transformations, the message digest contexts
+ * used for the MAC's are stored in md_ctx_{enc/dec}. These contexts
+ * are unused for AEAD transformations.
+ * - For stream/CBC transformations and versions > SSL3, the
+ * MAC keys are not stored explicitly but maintained within
+ * md_ctx_{enc/dec}.
+ * - For stream/CBC transformations and version SSL3, the MAC
+ * keys are stored explicitly in mac_enc, mac_dec and have
+ * a fixed size of 20 bytes. These fields are unused for
+ * AEAD transformations or transformations >= TLS 1.0.
+ * - For transformations using an implicit IV maintained within
+ * the transformation context, its contents are stored within
+ * iv_{enc/dec}.
+ * - The value of ivlen indicates the length of the IV.
+ * This is redundant in case of stream/CBC transformations
+ * which always use 0 resp. the cipher's block length as the
+ * IV length, but is needed for AEAD ciphers and may be
+ * different from the underlying cipher's block length
+ * in this case.
+ * - The field fixed_ivlen is nonzero for AEAD transformations only
+ * and indicates the length of the static part of the IV which is
+ * constant throughout the communication, and which is stored in
+ * the first fixed_ivlen bytes of the iv_{enc/dec} arrays.
+ * Note: For CBC in SSL3 and TLS 1.0, the fields iv_{enc/dec}
+ * still store IV's for continued use across multiple transformations,
+ * so it is not true that fixed_ivlen == 0 means that iv_{enc/dec} are
+ * not being used!
+ * - minor_ver denotes the SSL/TLS version
+ * - For stream/CBC transformations, maclen denotes the length of the
+ * authentication tag, while taglen is unused and 0.
+ * - For AEAD transformations, taglen denotes the length of the
+ * authentication tag, while maclen is unused and 0.
+ * - For CBC transformations, encrypt_then_mac determines the
+ * order of encryption and authentication. This field is unused
+ * in other transformations.
+ *
*/
struct mbedtls_ssl_transform
{
/*
* Session specific crypto layer
*/
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
- /*!< Chosen cipersuite_info */
- unsigned int keylen; /*!< symmetric key length (bytes) */
size_t minlen; /*!< min. ciphertext length */
size_t ivlen; /*!< IV length */
size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
- size_t maclen; /*!< MAC length */
+ size_t maclen; /*!< MAC(CBC) len */
+ size_t taglen; /*!< TAG(AEAD) len */
unsigned char iv_enc[16]; /*!< IV (encryption) */
unsigned char iv_dec[16]; /*!< IV (decryption) */
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
+
#if defined(MBEDTLS_SSL_PROTO_SSL3)
/* Needed only for SSL v3.0 secret */
unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
@@ -450,8 +634,22 @@
mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ int encrypt_then_mac; /*!< flag for EtM activation */
+#endif
+
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
+
mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
+ int minor_ver;
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ uint8_t in_cid_len;
+ uint8_t out_cid_len;
+ unsigned char in_cid [ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
+ unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/*
* Session specific compression layer
@@ -462,6 +660,49 @@
#endif
};
+/*
+ * Internal representation of record frames
+ *
+ * Instances come in two flavors:
+ * (1) Encrypted
+ * These always have data_offset = 0
+ * (2) Unencrypted
+ * These have data_offset set to the amount of
+ * pre-expansion during record protection. Concretely,
+ * this is the length of the fixed part of the explicit IV
+ * used for encryption, or 0 if no explicit IV is used
+ * (e.g. for CBC in TLS 1.0, or stream ciphers).
+ *
+ * The reason for the data_offset in the unencrypted case
+ * is to allow for in-place conversion of an unencrypted to
+ * an encrypted record. If the offset wasn't included, the
+ * encrypted content would need to be shifted afterwards to
+ * make space for the fixed IV.
+ *
+ */
+#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
+#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_OUT_LEN_MAX
+#else
+#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX
+#endif
+
+typedef struct
+{
+ uint8_t ctr[8]; /* Record sequence number */
+ uint8_t type; /* Record type */
+ uint8_t ver[2]; /* SSL/TLS version */
+
+ unsigned char *buf; /* Memory buffer enclosing the record content */
+ size_t buf_len; /* Buffer length */
+ size_t data_offset; /* Offset of record content */
+ size_t data_len; /* Length of record content */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ uint8_t cid_len; /* Length of the CID (0 if not present) */
+ unsigned char cid[ MBEDTLS_SSL_CID_LEN_MAX ]; /* The CID */
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+} mbedtls_record;
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/*
* List of certificate + private key pairs
@@ -703,25 +944,26 @@
void mbedtls_ssl_read_version( int *major, int *minor, int transport,
const unsigned char ver[2] );
-static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl )
{
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- return( 13 );
-#else
- ((void) ssl);
-#endif
- return( 5 );
+ return( (size_t) ( ssl->in_iv - ssl->in_hdr ) );
+}
+
+static inline size_t mbedtls_ssl_out_hdr_len( const mbedtls_ssl_context *ssl )
+{
+ return( (size_t) ( ssl->out_iv - ssl->out_hdr ) );
}
static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
{
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- return( 12 );
-#else
+#if !defined(MBEDTLS_SSL_PROTO__BOTH)
((void) ssl);
#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
+ return( 12 );
+#endif
return( 4 );
}
@@ -779,4 +1021,14 @@
}
#endif
+void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform );
+int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform,
+ mbedtls_record *rec,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform,
+ mbedtls_record *rec );
+
#endif /* ssl_internal.h */
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 670bd10..62c3c2e 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -52,6 +52,8 @@
*/
typedef struct mbedtls_x509_crt
{
+ int own_buffer; /**< Indicates if \c raw is owned
+ * by the structure or not. */
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
@@ -220,16 +222,58 @@
/**
* \brief Parse a single DER formatted certificate and add it
- * to the chained list.
+ * to the end of the provided chained list.
*
- * \param chain points to the start of the chain
- * \param buf buffer holding the certificate DER data
- * \param buflen size of the buffer
+ * \param chain The pointer to the start of the CRT chain to attach to.
+ * When parsing the first CRT in a chain, this should point
+ * to an instance of ::mbedtls_x509_crt initialized through
+ * mbedtls_x509_crt_init().
+ * \param buf The buffer holding the DER encoded certificate.
+ * \param buflen The size in Bytes of \p buf.
*
- * \return 0 if successful, or a specific X509 or PEM error code
+ * \note This function makes an internal copy of the CRT buffer
+ * \p buf. In particular, \p buf may be destroyed or reused
+ * after this call returns. To avoid duplicating the CRT
+ * buffer (at the cost of stricter lifetime constraints),
+ * use mbedtls_x509_crt_parse_der_nocopy() instead.
+ *
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
-int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
- size_t buflen );
+int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen );
+
+/**
+ * \brief Parse a single DER formatted certificate and add it
+ * to the end of the provided chained list. This is a
+ * variant of mbedtls_x509_crt_parse_der() which takes
+ * temporary ownership of the CRT buffer until the CRT
+ * is destroyed.
+ *
+ * \param chain The pointer to the start of the CRT chain to attach to.
+ * When parsing the first CRT in a chain, this should point
+ * to an instance of ::mbedtls_x509_crt initialized through
+ * mbedtls_x509_crt_init().
+ * \param buf The address of the readable buffer holding the DER encoded
+ * certificate to use. On success, this buffer must be
+ * retained and not be changed for the liftetime of the
+ * CRT chain \p chain, that is, until \p chain is destroyed
+ * through a call to mbedtls_x509_crt_free().
+ * \param buflen The size in Bytes of \p buf.
+ *
+ * \note This call is functionally equivalent to
+ * mbedtls_x509_crt_parse_der(), but it avoids creating a
+ * copy of the input buffer at the cost of stronger lifetime
+ * constraints. This is useful in constrained environments
+ * where duplication of the CRT cannot be tolerated.
+ *
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
+ */
+int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen );
/**
* \brief Parse one DER-encoded or one or more concatenated PEM-encoded
diff --git a/include/tinycrypt/ecc.h b/include/tinycrypt/ecc.h
new file mode 100644
index 0000000..37a7ef1
--- /dev/null
+++ b/include/tinycrypt/ecc.h
@@ -0,0 +1,547 @@
+/* ecc.h - TinyCrypt interface to common ECC functions */
+
+/* Copyright (c) 2014, Kenneth MacKay
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief -- Interface to common ECC functions.
+ *
+ * Overview: This software is an implementation of common functions
+ * necessary to elliptic curve cryptography. This implementation uses
+ * curve NIST p-256.
+ *
+ * Security: The curve NIST p-256 provides approximately 128 bits of security.
+ *
+ */
+
+#if defined(MBEDTLS_USE_TINYCRYPT)
+#ifndef __TC_UECC_H__
+#define __TC_UECC_H__
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Word size (4 bytes considering 32-bits architectures) */
+#define uECC_WORD_SIZE 4
+
+/* setting max number of calls to prng: */
+#ifndef uECC_RNG_MAX_TRIES
+#define uECC_RNG_MAX_TRIES 64
+#endif
+
+/* defining data types to store word and bit counts: */
+typedef int8_t wordcount_t;
+typedef int16_t bitcount_t;
+/* defining data type for comparison result: */
+typedef int8_t cmpresult_t;
+/* defining data type to store ECC coordinate/point in 32bits words: */
+typedef unsigned int uECC_word_t;
+/* defining data type to store an ECC coordinate/point in 64bits words: */
+typedef uint64_t uECC_dword_t;
+
+/* defining masks useful for ecc computations: */
+#define HIGH_BIT_SET 0x80000000
+#define uECC_WORD_BITS 32
+#define uECC_WORD_BITS_SHIFT 5
+#define uECC_WORD_BITS_MASK 0x01F
+
+/* Number of words of 32 bits to represent an element of the the curve p-256: */
+#define NUM_ECC_WORDS 8
+/* Number of bytes to represent an element of the the curve p-256: */
+#define NUM_ECC_BYTES (uECC_WORD_SIZE*NUM_ECC_WORDS)
+
+/* structure that represents an elliptic curve (e.g. p256):*/
+struct uECC_Curve_t;
+typedef const struct uECC_Curve_t * uECC_Curve;
+struct uECC_Curve_t {
+ wordcount_t num_words;
+ wordcount_t num_bytes;
+ bitcount_t num_n_bits;
+ uECC_word_t p[NUM_ECC_WORDS];
+ uECC_word_t n[NUM_ECC_WORDS];
+ uECC_word_t G[NUM_ECC_WORDS * 2];
+ uECC_word_t b[NUM_ECC_WORDS];
+ void (*double_jacobian)(uECC_word_t * X1, uECC_word_t * Y1, uECC_word_t * Z1,
+ uECC_Curve curve);
+ void (*x_side)(uECC_word_t *result, const uECC_word_t *x, uECC_Curve curve);
+ void (*mmod_fast)(uECC_word_t *result, uECC_word_t *product);
+};
+
+/*
+ * @brief computes doubling of point ion jacobian coordinates, in place.
+ * @param X1 IN/OUT -- x coordinate
+ * @param Y1 IN/OUT -- y coordinate
+ * @param Z1 IN/OUT -- z coordinate
+ * @param curve IN -- elliptic curve
+ */
+void double_jacobian_default(uECC_word_t * X1, uECC_word_t * Y1,
+ uECC_word_t * Z1, uECC_Curve curve);
+
+/*
+ * @brief Computes x^3 + ax + b. result must not overlap x.
+ * @param result OUT -- x^3 + ax + b
+ * @param x IN -- value of x
+ * @param curve IN -- elliptic curve
+ */
+void x_side_default(uECC_word_t *result, const uECC_word_t *x,
+ uECC_Curve curve);
+
+/*
+ * @brief Computes result = product % curve_p
+ * from http://www.nsa.gov/ia/_files/nist-routines.pdf
+ * @param result OUT -- product % curve_p
+ * @param product IN -- value to be reduced mod curve_p
+ */
+void vli_mmod_fast_secp256r1(unsigned int *result, unsigned int *product);
+
+/* Bytes to words ordering: */
+#define BYTES_TO_WORDS_8(a, b, c, d, e, f, g, h) 0x##d##c##b##a, 0x##h##g##f##e
+#define BYTES_TO_WORDS_4(a, b, c, d) 0x##d##c##b##a
+#define BITS_TO_WORDS(num_bits) \
+ ((num_bits + ((uECC_WORD_SIZE * 8) - 1)) / (uECC_WORD_SIZE * 8))
+#define BITS_TO_BYTES(num_bits) ((num_bits + 7) / 8)
+
+/* definition of curve NIST p-256: */
+static const struct uECC_Curve_t curve_secp256r1 = {
+ NUM_ECC_WORDS,
+ NUM_ECC_BYTES,
+ 256, /* num_n_bits */ {
+ BYTES_TO_WORDS_8(FF, FF, FF, FF, FF, FF, FF, FF),
+ BYTES_TO_WORDS_8(FF, FF, FF, FF, 00, 00, 00, 00),
+ BYTES_TO_WORDS_8(00, 00, 00, 00, 00, 00, 00, 00),
+ BYTES_TO_WORDS_8(01, 00, 00, 00, FF, FF, FF, FF)
+ }, {
+ BYTES_TO_WORDS_8(51, 25, 63, FC, C2, CA, B9, F3),
+ BYTES_TO_WORDS_8(84, 9E, 17, A7, AD, FA, E6, BC),
+ BYTES_TO_WORDS_8(FF, FF, FF, FF, FF, FF, FF, FF),
+ BYTES_TO_WORDS_8(00, 00, 00, 00, FF, FF, FF, FF)
+ }, {
+ BYTES_TO_WORDS_8(96, C2, 98, D8, 45, 39, A1, F4),
+ BYTES_TO_WORDS_8(A0, 33, EB, 2D, 81, 7D, 03, 77),
+ BYTES_TO_WORDS_8(F2, 40, A4, 63, E5, E6, BC, F8),
+ BYTES_TO_WORDS_8(47, 42, 2C, E1, F2, D1, 17, 6B),
+
+ BYTES_TO_WORDS_8(F5, 51, BF, 37, 68, 40, B6, CB),
+ BYTES_TO_WORDS_8(CE, 5E, 31, 6B, 57, 33, CE, 2B),
+ BYTES_TO_WORDS_8(16, 9E, 0F, 7C, 4A, EB, E7, 8E),
+ BYTES_TO_WORDS_8(9B, 7F, 1A, FE, E2, 42, E3, 4F)
+ }, {
+ BYTES_TO_WORDS_8(4B, 60, D2, 27, 3E, 3C, CE, 3B),
+ BYTES_TO_WORDS_8(F6, B0, 53, CC, B0, 06, 1D, 65),
+ BYTES_TO_WORDS_8(BC, 86, 98, 76, 55, BD, EB, B3),
+ BYTES_TO_WORDS_8(E7, 93, 3A, AA, D8, 35, C6, 5A)
+ },
+ &double_jacobian_default,
+ &x_side_default,
+ &vli_mmod_fast_secp256r1
+};
+
+uECC_Curve uECC_secp256r1(void);
+
+/*
+ * @brief Generates a random integer in the range 0 < random < top.
+ * Both random and top have num_words words.
+ * @param random OUT -- random integer in the range 0 < random < top
+ * @param top IN -- upper limit
+ * @param num_words IN -- number of words
+ * @return a random integer in the range 0 < random < top
+ */
+int uECC_generate_random_int(uECC_word_t *random, const uECC_word_t *top,
+ wordcount_t num_words);
+
+
+/* uECC_RNG_Function type
+ * The RNG function should fill 'size' random bytes into 'dest'. It should
+ * return 1 if 'dest' was filled with random data, or 0 if the random data could
+ * not be generated. The filled-in values should be either truly random, or from
+ * a cryptographically-secure PRNG.
+ *
+ * A correctly functioning RNG function must be set (using uECC_set_rng())
+ * before calling uECC_make_key() or uECC_sign().
+ *
+ * Setting a correctly functioning RNG function improves the resistance to
+ * side-channel attacks for uECC_shared_secret().
+ *
+ * A correct RNG function is set by default. If you are building on another
+ * POSIX-compliant system that supports /dev/random or /dev/urandom, you can
+ * define uECC_POSIX to use the predefined RNG.
+ */
+typedef int(*uECC_RNG_Function)(uint8_t *dest, unsigned int size);
+
+/*
+ * @brief Set the function that will be used to generate random bytes. The RNG
+ * function should return 1 if the random data was generated, or 0 if the random
+ * data could not be generated.
+ *
+ * @note On platforms where there is no predefined RNG function, this must be
+ * called before uECC_make_key() or uECC_sign() are used.
+ *
+ * @param rng_function IN -- function that will be used to generate random bytes
+ */
+void uECC_set_rng(uECC_RNG_Function rng_function);
+
+/*
+ * @brief provides current uECC_RNG_Function.
+ * @return Returns the function that will be used to generate random bytes.
+ */
+uECC_RNG_Function uECC_get_rng(void);
+
+/*
+ * @brief computes the size of a private key for the curve in bytes.
+ * @param curve IN -- elliptic curve
+ * @return size of a private key for the curve in bytes.
+ */
+int uECC_curve_private_key_size(uECC_Curve curve);
+
+/*
+ * @brief computes the size of a public key for the curve in bytes.
+ * @param curve IN -- elliptic curve
+ * @return the size of a public key for the curve in bytes.
+ */
+int uECC_curve_public_key_size(uECC_Curve curve);
+
+/*
+ * @brief Compute the corresponding public key for a private key.
+ * @param private_key IN -- The private key to compute the public key for
+ * @param public_key OUT -- Will be filled in with the corresponding public key
+ * @param curve
+ * @return Returns 1 if key was computed successfully, 0 if an error occurred.
+ */
+int uECC_compute_public_key(const uint8_t *private_key,
+ uint8_t *public_key, uECC_Curve curve);
+
+/*
+ * @brief Compute public-key.
+ * @return corresponding public-key.
+ * @param result OUT -- public-key
+ * @param private_key IN -- private-key
+ * @param curve IN -- elliptic curve
+ */
+uECC_word_t EccPoint_compute_public_key(uECC_word_t *result,
+ uECC_word_t *private_key, uECC_Curve curve);
+
+/*
+ * @brief Regularize the bitcount for the private key so that attackers cannot
+ * use a side channel attack to learn the number of leading zeros.
+ * @return Regularized k
+ * @param k IN -- private-key
+ * @param k0 IN/OUT -- regularized k
+ * @param k1 IN/OUT -- regularized k
+ * @param curve IN -- elliptic curve
+ */
+uECC_word_t regularize_k(const uECC_word_t * const k, uECC_word_t *k0,
+ uECC_word_t *k1, uECC_Curve curve);
+
+/*
+ * @brief Point multiplication algorithm using Montgomery's ladder with co-Z
+ * coordinates. See http://eprint.iacr.org/2011/338.pdf.
+ * @note Result may overlap point.
+ * @param result OUT -- returns scalar*point
+ * @param point IN -- elliptic curve point
+ * @param scalar IN -- scalar
+ * @param initial_Z IN -- initial value for z
+ * @param num_bits IN -- number of bits in scalar
+ * @param curve IN -- elliptic curve
+ */
+void EccPoint_mult(uECC_word_t * result, const uECC_word_t * point,
+ const uECC_word_t * scalar, const uECC_word_t * initial_Z,
+ bitcount_t num_bits, uECC_Curve curve);
+
+/*
+ * @brief Constant-time comparison to zero - secure way to compare long integers
+ * @param vli IN -- very long integer
+ * @param num_words IN -- number of words in the vli
+ * @return 1 if vli == 0, 0 otherwise.
+ */
+uECC_word_t uECC_vli_isZero(const uECC_word_t *vli, wordcount_t num_words);
+
+/*
+ * @brief Check if 'point' is the point at infinity
+ * @param point IN -- elliptic curve point
+ * @param curve IN -- elliptic curve
+ * @return if 'point' is the point at infinity, 0 otherwise.
+ */
+uECC_word_t EccPoint_isZero(const uECC_word_t *point, uECC_Curve curve);
+
+/*
+ * @brief computes the sign of left - right, in constant time.
+ * @param left IN -- left term to be compared
+ * @param right IN -- right term to be compared
+ * @param num_words IN -- number of words
+ * @return the sign of left - right
+ */
+cmpresult_t uECC_vli_cmp(const uECC_word_t *left, const uECC_word_t *right,
+ wordcount_t num_words);
+
+/*
+ * @brief computes sign of left - right, not in constant time.
+ * @note should not be used if inputs are part of a secret
+ * @param left IN -- left term to be compared
+ * @param right IN -- right term to be compared
+ * @param num_words IN -- number of words
+ * @return the sign of left - right
+ */
+cmpresult_t uECC_vli_cmp_unsafe(const uECC_word_t *left, const uECC_word_t *right,
+ wordcount_t num_words);
+
+/*
+ * @brief Computes result = (left - right) % mod.
+ * @note Assumes that (left < mod) and (right < mod), and that result does not
+ * overlap mod.
+ * @param result OUT -- (left - right) % mod
+ * @param left IN -- leftright term in modular subtraction
+ * @param right IN -- right term in modular subtraction
+ * @param mod IN -- mod
+ * @param num_words IN -- number of words
+ */
+void uECC_vli_modSub(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, const uECC_word_t *mod,
+ wordcount_t num_words);
+
+/*
+ * @brief Computes P' = (x1', y1', Z3), P + Q = (x3, y3, Z3) or
+ * P => P', Q => P + Q
+ * @note assumes Input P = (x1, y1, Z), Q = (x2, y2, Z)
+ * @param X1 IN -- x coordinate of P
+ * @param Y1 IN -- y coordinate of P
+ * @param X2 IN -- x coordinate of Q
+ * @param Y2 IN -- y coordinate of Q
+ * @param curve IN -- elliptic curve
+ */
+void XYcZ_add(uECC_word_t * X1, uECC_word_t * Y1, uECC_word_t * X2,
+ uECC_word_t * Y2, uECC_Curve curve);
+
+/*
+ * @brief Computes (x1 * z^2, y1 * z^3)
+ * @param X1 IN -- previous x1 coordinate
+ * @param Y1 IN -- previous y1 coordinate
+ * @param Z IN -- z value
+ * @param curve IN -- elliptic curve
+ */
+void apply_z(uECC_word_t * X1, uECC_word_t * Y1, const uECC_word_t * const Z,
+ uECC_Curve curve);
+
+/*
+ * @brief Check if bit is set.
+ * @return Returns nonzero if bit 'bit' of vli is set.
+ * @warning It is assumed that the value provided in 'bit' is within the
+ * boundaries of the word-array 'vli'.
+ * @note The bit ordering layout assumed for vli is: {31, 30, ..., 0},
+ * {63, 62, ..., 32}, {95, 94, ..., 64}, {127, 126,..., 96} for a vli consisting
+ * of 4 uECC_word_t elements.
+ */
+uECC_word_t uECC_vli_testBit(const uECC_word_t *vli, bitcount_t bit);
+
+/*
+ * @brief Computes result = product % mod, where product is 2N words long.
+ * @param result OUT -- product % mod
+ * @param mod IN -- module
+ * @param num_words IN -- number of words
+ * @warning Currently only designed to work for curve_p or curve_n.
+ */
+void uECC_vli_mmod(uECC_word_t *result, uECC_word_t *product,
+ const uECC_word_t *mod, wordcount_t num_words);
+
+/*
+ * @brief Computes modular product (using curve->mmod_fast)
+ * @param result OUT -- (left * right) mod % curve_p
+ * @param left IN -- left term in product
+ * @param right IN -- right term in product
+ * @param curve IN -- elliptic curve
+ */
+void uECC_vli_modMult_fast(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, uECC_Curve curve);
+
+/*
+ * @brief Computes result = left - right.
+ * @note Can modify in place.
+ * @param result OUT -- left - right
+ * @param left IN -- left term in subtraction
+ * @param right IN -- right term in subtraction
+ * @param num_words IN -- number of words
+ * @return borrow
+ */
+uECC_word_t uECC_vli_sub(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, wordcount_t num_words);
+
+/*
+ * @brief Constant-time comparison function(secure way to compare long ints)
+ * @param left IN -- left term in comparison
+ * @param right IN -- right term in comparison
+ * @param num_words IN -- number of words
+ * @return Returns 0 if left == right, 1 otherwise.
+ */
+uECC_word_t uECC_vli_equal(const uECC_word_t *left, const uECC_word_t *right,
+ wordcount_t num_words);
+
+/*
+ * @brief Computes (left * right) % mod
+ * @param result OUT -- (left * right) % mod
+ * @param left IN -- left term in product
+ * @param right IN -- right term in product
+ * @param mod IN -- mod
+ * @param num_words IN -- number of words
+ */
+void uECC_vli_modMult(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, const uECC_word_t *mod,
+ wordcount_t num_words);
+
+/*
+ * @brief Computes (1 / input) % mod
+ * @note All VLIs are the same size.
+ * @note See "Euclid's GCD to Montgomery Multiplication to the Great Divide"
+ * @param result OUT -- (1 / input) % mod
+ * @param input IN -- value to be modular inverted
+ * @param mod IN -- mod
+ * @param num_words -- number of words
+ */
+void uECC_vli_modInv(uECC_word_t *result, const uECC_word_t *input,
+ const uECC_word_t *mod, wordcount_t num_words);
+
+/*
+ * @brief Sets dest = src.
+ * @param dest OUT -- destination buffer
+ * @param src IN -- origin buffer
+ * @param num_words IN -- number of words
+ */
+void uECC_vli_set(uECC_word_t *dest, const uECC_word_t *src,
+ wordcount_t num_words);
+
+/*
+ * @brief Computes (left + right) % mod.
+ * @note Assumes that (left < mod) and right < mod), and that result does not
+ * overlap mod.
+ * @param result OUT -- (left + right) % mod.
+ * @param left IN -- left term in addition
+ * @param right IN -- right term in addition
+ * @param mod IN -- mod
+ * @param num_words IN -- number of words
+ */
+void uECC_vli_modAdd(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, const uECC_word_t *mod,
+ wordcount_t num_words);
+
+/*
+ * @brief Counts the number of bits required to represent vli.
+ * @param vli IN -- very long integer
+ * @param max_words IN -- number of words
+ * @return number of bits in given vli
+ */
+bitcount_t uECC_vli_numBits(const uECC_word_t *vli,
+ const wordcount_t max_words);
+
+/*
+ * @brief Erases (set to 0) vli
+ * @param vli IN -- very long integer
+ * @param num_words IN -- number of words
+ */
+void uECC_vli_clear(uECC_word_t *vli, wordcount_t num_words);
+
+/*
+ * @brief check if it is a valid point in the curve
+ * @param point IN -- point to be checked
+ * @param curve IN -- elliptic curve
+ * @return 0 if point is valid
+ * @exception returns -1 if it is a point at infinity
+ * @exception returns -2 if x or y is smaller than p,
+ * @exception returns -3 if y^2 != x^3 + ax + b.
+ */
+int uECC_valid_point(const uECC_word_t *point, uECC_Curve curve);
+
+/*
+ * @brief Check if a public key is valid.
+ * @param public_key IN -- The public key to be checked.
+ * @return returns 0 if the public key is valid
+ * @exception returns -1 if it is a point at infinity
+ * @exception returns -2 if x or y is smaller than p,
+ * @exception returns -3 if y^2 != x^3 + ax + b.
+ * @exception returns -4 if public key is the group generator.
+ *
+ * @note Note that you are not required to check for a valid public key before
+ * using any other uECC functions. However, you may wish to avoid spending CPU
+ * time computing a shared secret or verifying a signature using an invalid
+ * public key.
+ */
+int uECC_valid_public_key(const uint8_t *public_key, uECC_Curve curve);
+
+ /*
+ * @brief Converts an integer in uECC native format to big-endian bytes.
+ * @param bytes OUT -- bytes representation
+ * @param num_bytes IN -- number of bytes
+ * @param native IN -- uECC native representation
+ */
+void uECC_vli_nativeToBytes(uint8_t *bytes, int num_bytes,
+ const unsigned int *native);
+
+/*
+ * @brief Converts big-endian bytes to an integer in uECC native format.
+ * @param native OUT -- uECC native representation
+ * @param bytes IN -- bytes representation
+ * @param num_bytes IN -- number of bytes
+ */
+void uECC_vli_bytesToNative(unsigned int *native, const uint8_t *bytes,
+ int num_bytes);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TC_UECC_H__ */
+#endif /* MBEDTLS_USE_TINYCRYPT */
diff --git a/include/tinycrypt/ecc_dh.h b/include/tinycrypt/ecc_dh.h
new file mode 100644
index 0000000..c680a77
--- /dev/null
+++ b/include/tinycrypt/ecc_dh.h
@@ -0,0 +1,133 @@
+/* ecc_dh.h - TinyCrypt interface to EC-DH implementation */
+
+/*
+ * Copyright (c) 2014, Kenneth MacKay
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief -- Interface to EC-DH implementation.
+ *
+ * Overview: This software is an implementation of EC-DH. This implementation
+ * uses curve NIST p-256.
+ *
+ * Security: The curve NIST p-256 provides approximately 128 bits of security.
+ */
+
+#if defined(MBEDTLS_USE_TINYCRYPT)
+#ifndef __TC_ECC_DH_H__
+#define __TC_ECC_DH_H__
+
+#include <tinycrypt/ecc.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Create a public/private key pair.
+ * @return returns TC_CRYPTO_SUCCESS (1) if the key pair was generated successfully
+ * returns TC_CRYPTO_FAIL (0) if error while generating key pair
+ *
+ * @param p_public_key OUT -- Will be filled in with the public key. Must be at
+ * least 2 * the curve size (in bytes) long. For curve secp256r1, p_public_key
+ * must be 64 bytes long.
+ * @param p_private_key OUT -- Will be filled in with the private key. Must be as
+ * long as the curve order (for secp256r1, p_private_key must be 32 bytes long).
+ *
+ * @note side-channel countermeasure: algorithm strengthened against timing
+ * attack.
+ * @warning A cryptographically-secure PRNG function must be set (using
+ * uECC_set_rng()) before calling uECC_make_key().
+ */
+int uECC_make_key(uint8_t *p_public_key, uint8_t *p_private_key, uECC_Curve curve);
+
+#ifdef ENABLE_TESTS
+
+/**
+ * @brief Create a public/private key pair given a specific d.
+ *
+ * @note THIS FUNCTION SHOULD BE CALLED ONLY FOR TEST PURPOSES. Refer to
+ * uECC_make_key() function for real applications.
+ */
+int uECC_make_key_with_d(uint8_t *p_public_key, uint8_t *p_private_key,
+ unsigned int *d, uECC_Curve curve);
+#endif
+
+/**
+ * @brief Compute a shared secret given your secret key and someone else's
+ * public key.
+ * @return returns TC_CRYPTO_SUCCESS (1) if the shared secret was computed successfully
+ * returns TC_CRYPTO_FAIL (0) otherwise
+ *
+ * @param p_secret OUT -- Will be filled in with the shared secret value. Must be
+ * the same size as the curve size (for curve secp256r1, secret must be 32 bytes
+ * long.
+ * @param p_public_key IN -- The public key of the remote party.
+ * @param p_private_key IN -- Your private key.
+ *
+ * @warning It is recommended to use the output of uECC_shared_secret() as the
+ * input of a recommended Key Derivation Function (see NIST SP 800-108) in
+ * order to produce a cryptographically secure symmetric key.
+ */
+int uECC_shared_secret(const uint8_t *p_public_key, const uint8_t *p_private_key,
+ uint8_t *p_secret, uECC_Curve curve);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TC_ECC_DH_H__ */
+#endif /* MBEDTLS_USE_TINYCRYPT */
diff --git a/include/tinycrypt/ecc_dsa.h b/include/tinycrypt/ecc_dsa.h
new file mode 100644
index 0000000..cc5eebc
--- /dev/null
+++ b/include/tinycrypt/ecc_dsa.h
@@ -0,0 +1,141 @@
+/* ecc_dh.h - TinyCrypt interface to EC-DSA implementation */
+
+/*
+ * Copyright (c) 2014, Kenneth MacKay
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief -- Interface to EC-DSA implementation.
+ *
+ * Overview: This software is an implementation of EC-DSA. This implementation
+ * uses curve NIST p-256.
+ *
+ * Security: The curve NIST p-256 provides approximately 128 bits of security.
+ *
+ * Usage: - To sign: Compute a hash of the data you wish to sign (SHA-2 is
+ * recommended) and pass it in to ecdsa_sign function along with your
+ * private key and a random number. You must use a new non-predictable
+ * random number to generate each new signature.
+ * - To verify a signature: Compute the hash of the signed data using
+ * the same hash as the signer and pass it to this function along with
+ * the signer's public key and the signature values (r and s).
+ */
+
+#if defined(MBEDTLS_USE_TINYCRYPT)
+#ifndef __TC_ECC_DSA_H__
+#define __TC_ECC_DSA_H__
+
+#include <tinycrypt/ecc.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Generate an ECDSA signature for a given hash value.
+ * @return returns TC_CRYPTO_SUCCESS (1) if the signature generated successfully
+ * returns TC_CRYPTO_FAIL (0) if an error occurred.
+ *
+ * @param p_private_key IN -- Your private key.
+ * @param p_message_hash IN -- The hash of the message to sign.
+ * @param p_hash_size IN -- The size of p_message_hash in bytes.
+ * @param p_signature OUT -- Will be filled in with the signature value. Must be
+ * at least 2 * curve size long (for secp256r1, signature must be 64 bytes long).
+ *
+ * @warning A cryptographically-secure PRNG function must be set (using
+ * uECC_set_rng()) before calling uECC_sign().
+ * @note Usage: Compute a hash of the data you wish to sign (SHA-2 is
+ * recommended) and pass it in to this function along with your private key.
+ * @note side-channel countermeasure: algorithm strengthened against timing
+ * attack.
+ */
+int uECC_sign(const uint8_t *p_private_key, const uint8_t *p_message_hash,
+ unsigned p_hash_size, uint8_t *p_signature, uECC_Curve curve);
+
+#ifdef ENABLE_TESTS
+/*
+ * THIS FUNCTION SHOULD BE CALLED FOR TEST PURPOSES ONLY.
+ * Refer to uECC_sign() function for real applications.
+ */
+int uECC_sign_with_k(const uint8_t *private_key, const uint8_t *message_hash,
+ unsigned int hash_size, uECC_word_t *k, uint8_t *signature,
+ uECC_Curve curve);
+#endif
+
+/**
+ * @brief Verify an ECDSA signature.
+ * @return returns TC_SUCCESS (1) if the signature is valid
+ * returns TC_FAIL (0) if the signature is invalid.
+ *
+ * @param p_public_key IN -- The signer's public key.
+ * @param p_message_hash IN -- The hash of the signed data.
+ * @param p_hash_size IN -- The size of p_message_hash in bytes.
+ * @param p_signature IN -- The signature values.
+ *
+ * @note Usage: Compute the hash of the signed data using the same hash as the
+ * signer and pass it to this function along with the signer's public key and
+ * the signature values (hash_size and signature).
+ */
+int uECC_verify(const uint8_t *p_public_key, const uint8_t *p_message_hash,
+ unsigned int p_hash_size, const uint8_t *p_signature, uECC_Curve curve);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TC_ECC_DSA_H__ */
+#endif /* MBEDTLS_USE_TINYCRYPT */
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 720c7fa..a9a5b7b 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -131,6 +131,8 @@
set(libs ${libs} pthread)
endif()
+set(libs ${libs} tinycrypt)
+
if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
message(FATAL_ERROR "Need to choose static or shared mbedtls build!")
endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
diff --git a/library/Makefile b/library/Makefile
index 430c598..d653aa0 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -63,6 +63,8 @@
endif
endif
+VPATH = ../tinycrypt
+
OBJS_CRYPTO= aes.o aesni.o arc4.o \
aria.o asn1parse.o asn1write.o \
base64.o bignum.o blowfish.o \
@@ -84,7 +86,8 @@
ripemd160.o rsa_internal.o rsa.o \
sha1.o sha256.o sha512.o \
threading.o timing.o version.o \
- version_features.o xtea.o
+ version_features.o xtea.o \
+ ecc.o ecc_dh.o ecc_dsa.o
OBJS_X509= certs.o pkcs11.o x509.o \
x509_create.o x509_crl.o x509_crt.o \
diff --git a/library/error.c b/library/error.c
index 12312a0..546fa49 100644
--- a/library/error.c
+++ b/library/error.c
@@ -523,6 +523,10 @@
mbedtls_snprintf( buf, buflen, "SSL - The asynchronous operation is not completed yet" );
if( use_ret == -(MBEDTLS_ERR_SSL_EARLY_MESSAGE) )
mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that a message arrived early" );
+ if( use_ret == -(MBEDTLS_ERR_SSL_UNEXPECTED_CID) )
+ mbedtls_snprintf( buf, buflen, "SSL - An encrypted DTLS-frame with an unexpected CID was received" );
+ if( use_ret == -(MBEDTLS_ERR_SSL_VERSION_MISMATCH) )
+ mbedtls_snprintf( buf, buflen, "SSL - An operation failed due to an unexpected version or configuration" );
if( use_ret == -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) )
mbedtls_snprintf( buf, buflen, "SSL - A cryptographic operation is in progress. Try again later" );
#endif /* MBEDTLS_SSL_TLS_C */
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index afced7a..cd9793e 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -433,6 +433,54 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+ size_t ext_len;
+ const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
+
+ /*
+ * Quoting draft-ietf-tls-dtls-connection-id-05
+ * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
+ *
+ * struct {
+ * opaque cid<0..2^8-1>;
+ * } ConnectionId;
+ */
+
+ *olen = 0;
+ if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) ||
+ ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
+ {
+ return;
+ }
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding CID extension" ) );
+
+ /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX
+ * which is at most 255, so the increment cannot overflow. */
+ if( end < p || (size_t)( end - p ) < (unsigned)( ssl->own_cid_len + 5 ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return;
+ }
+
+ /* Add extension ID + size */
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF );
+ ext_len = (size_t) ssl->own_cid_len + 1;
+ *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( ext_len ) & 0xFF );
+
+ *p++ = (uint8_t) ssl->own_cid_len;
+ memcpy( p, ssl->own_cid, ssl->own_cid_len );
+
+ *olen = ssl->own_cid_len + 5;
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -686,7 +734,7 @@
* When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
ssl->handshake->verify_cookie != NULL )
{
return( 0 );
@@ -737,7 +785,7 @@
return( 1 );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
return( 1 );
#endif
@@ -878,7 +926,7 @@
* DTLS cookie
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
if( ssl->handshake->verify_cookie == NULL )
{
@@ -973,7 +1021,7 @@
* an actual need for it.
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
offer_compress = 0;
#endif
@@ -1034,6 +1082,11 @@
ext_len += olen;
#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
@@ -1084,7 +1137,7 @@
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
mbedtls_ssl_send_flight_completed( ssl );
#endif
@@ -1095,7 +1148,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
@@ -1191,6 +1244,62 @@
}
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ size_t peer_cid_len;
+
+ if( /* CID extension only makes sense in DTLS */
+ MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) ||
+ /* The server must only send the CID extension if we have offered it. */
+ ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension unexpected" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ if( len == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ peer_cid_len = *buf++;
+ len--;
+
+ if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ if( len != peer_cid_len )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
+ ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
+ memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Server CID", buf, peer_cid_len );
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
@@ -1312,7 +1421,7 @@
{
int ret;
- if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
+ if( ssl->handshake->ciphersuite_info->key_exchange !=
MBEDTLS_KEY_EXCHANGE_ECJPAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) );
@@ -1498,8 +1607,6 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) );
- buf = ssl->in_msg;
-
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
{
/* No alert on a read error. */
@@ -1507,6 +1614,8 @@
return( ret );
}
+ buf = ssl->in_msg;
+
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
{
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -1536,7 +1645,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
if( buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
{
@@ -1653,12 +1762,7 @@
#if defined(MBEDTLS_ZLIB_SUPPORT)
/* See comments in ssl_write_client_hello() */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- accept_comp = 0;
- else
-#endif
- accept_comp = 1;
+ accept_comp = MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport );
if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) )
@@ -1675,9 +1779,8 @@
/*
* Initialize update checksum functions
*/
- ssl->transform_negotiate->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i );
-
- if( ssl->transform_negotiate->ciphersuite_info == NULL )
+ ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i );
+ if( ssl->handshake->ciphersuite_info == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", i ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@@ -1685,7 +1788,7 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- mbedtls_ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
+ mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );
@@ -1843,6 +1946,20 @@
break;
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ case MBEDTLS_TLS_EXT_CID:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) );
+
+ if( ( ret = ssl_parse_cid_ext( ssl,
+ ext + 4,
+ ext_size ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ break;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt_then_mac extension" ) );
@@ -1968,6 +2085,21 @@
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
+ /*
+ * Check if extended master secret is being enforced
+ */
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED &&
+ ssl->conf->enforce_extended_master_secret ==
+ MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED &&
+ ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Peer not offering extended master "
+ "secret, while it is enforced") );
+ handshake_failure = 1;
+ }
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+
if( handshake_failure == 1 )
{
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@@ -2330,7 +2462,7 @@
{
int ret;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
unsigned char *p = NULL, *end = NULL;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
@@ -2670,7 +2802,7 @@
static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
@@ -2692,7 +2824,7 @@
size_t n = 0;
size_t cert_type_len = 0, dn_len = 0;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
@@ -2879,7 +3011,7 @@
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
mbedtls_ssl_recv_flight_completed( ssl );
#endif
@@ -2893,7 +3025,7 @@
int ret;
size_t i, n;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
@@ -3183,7 +3315,7 @@
static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
int ret;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
@@ -3213,12 +3345,12 @@
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
size_t n = 0, offset = 0;
unsigned char hash[48];
unsigned char *hash_start = hash;
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
- unsigned int hashlen;
+ size_t hashlen;
void *rs_ctx = NULL;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
@@ -3271,7 +3403,7 @@
sign:
#endif
- ssl->handshake->calc_verify( ssl, hash );
+ ssl->handshake->calc_verify( ssl, hash, &hashlen );
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
@@ -3289,7 +3421,6 @@
* sha_hash
* SHA(handshake_messages);
*/
- hashlen = 36;
md_alg = MBEDTLS_MD_NONE;
/*
@@ -3323,8 +3454,7 @@
* Reason: Otherwise we should have running hashes for SHA512 and SHA224
* in order to satisfy 'weird' needs from the server side.
*/
- if( ssl->transform_negotiate->ciphersuite_info->mac ==
- MBEDTLS_MD_SHA384 )
+ if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
{
md_alg = MBEDTLS_MD_SHA384;
ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384;
@@ -3463,6 +3593,15 @@
if( ticket_len == 0 )
return( 0 );
+ if( ssl->session != NULL && ssl->session->ticket != NULL )
+ {
+ mbedtls_platform_zeroize( ssl->session->ticket,
+ ssl->session->ticket_len );
+ mbedtls_free( ssl->session->ticket );
+ ssl->session->ticket = NULL;
+ ssl->session->ticket_len = 0;
+ }
+
mbedtls_platform_zeroize( ssl->session_negotiate->ticket,
ssl->session_negotiate->ticket_len );
mbedtls_free( ssl->session_negotiate->ticket );
@@ -3513,7 +3652,7 @@
return( ret );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
{
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index bc77f80..d40a21f 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -433,6 +433,78 @@
}
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ size_t peer_cid_len;
+
+ /* CID extension only makes sense in DTLS */
+ if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ /*
+ * Quoting draft-ietf-tls-dtls-connection-id-05
+ * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
+ *
+ * struct {
+ * opaque cid<0..2^8-1>;
+ * } ConnectionId;
+ */
+
+ if( len < 1 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ peer_cid_len = *buf++;
+ len--;
+
+ if( len != peer_cid_len )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ /* Ignore CID if the user has disabled its use. */
+ if( ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
+ {
+ /* Leave ssl->handshake->cid_in_use in its default
+ * value of MBEDTLS_SSL_CID_DISABLED. */
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Client sent CID extension, but CID disabled" ) );
+ return( 0 );
+ }
+
+ if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+ }
+
+ ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
+ ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
+ memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Client CID", buf, peer_cid_len );
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
@@ -827,7 +899,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
return( 0 );
#endif
@@ -1155,7 +1227,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) );
ssl->session_negotiate->ciphersuite = ciphersuites[i];
- ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
+ ssl->handshake->ciphersuite_info = ciphersuite_info;
/*
* SSLv2 Client Hello relevant renegotiation security checks
@@ -1232,15 +1304,16 @@
buf = ssl->in_hdr;
-#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
-#endif
- if( ( buf[0] & 0x80 ) != 0 )
- return( ssl_parse_client_hello_v2( ssl ) );
+#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) && \
+ defined(MBEDTLS_SSL_PROTO_TLS)
+ if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) &&
+ ( buf[0] & 0x80 ) != 0 )
+ {
+ return( ssl_parse_client_hello_v2( ssl ) );
+ }
#endif
- MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_hdr_len( ssl ) );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) );
/*
* SSLv3/TLS Client Hello
@@ -1281,7 +1354,7 @@
/* For DTLS if this is the initial handshake, remember the client sequence
* number to use it in our next message (RFC 6347 4.2.1) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport )
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
#endif
@@ -1329,19 +1402,25 @@
}
if( ( ret = mbedtls_ssl_fetch_input( ssl,
- mbedtls_ssl_hdr_len( ssl ) + msg_len ) ) != 0 )
+ mbedtls_ssl_in_hdr_len( ssl ) + msg_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
}
- /* Done reading this record, get ready for the next one */
+ /* Done reading this record, get ready for the next one */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- ssl->next_record_offset = msg_len + mbedtls_ssl_hdr_len( ssl );
- else
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
+ {
+ ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len( ssl );
+ }
+ MBEDTLS_SSL_TRANSPORT_ELSE
#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS)
+ {
ssl->in_left = 0;
+ }
+#endif
}
buf = ssl->in_msg;
@@ -1384,7 +1463,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
/*
* Copy the client's handshake message_seq on initial handshakes,
@@ -1523,7 +1602,7 @@
* Check the cookie length and content
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
cookie_offset = 35 + sess_len;
cookie_len = buf[cookie_offset];
@@ -1578,9 +1657,13 @@
*/
ciph_offset = cookie_offset + 1 + cookie_len;
}
- else
+ MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_PROTO_TLS)
+ {
ciph_offset = 35 + sess_len;
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS */
ciph_len = ( buf[ciph_offset + 0] << 8 )
| ( buf[ciph_offset + 1] );
@@ -1632,7 +1715,7 @@
/* See comments in ssl_write_client_hello() */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
#endif
@@ -1783,6 +1866,16 @@
break;
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ case MBEDTLS_TLS_EXT_CID:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) );
+
+ ret = ssl_parse_cid_ext( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) );
@@ -1942,6 +2035,21 @@
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
+ /*
+ * Check if extended master secret is being enforced
+ */
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED &&
+ ssl->conf->enforce_extended_master_secret ==
+ MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED &&
+ ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Peer not offering extended master "
+ "secret, while it is enforced") );
+ handshake_failure = 1;
+ }
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+
if( handshake_failure == 1 )
{
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@@ -1999,12 +2107,12 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) );
ssl->session_negotiate->ciphersuite = ciphersuites[i];
- ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
+ ssl->handshake->ciphersuite_info = ciphersuite_info;
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
mbedtls_ssl_recv_flight_completed( ssl );
#endif
@@ -2060,6 +2168,54 @@
}
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+ size_t ext_len;
+ const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
+
+ *olen = 0;
+
+ /* Skip writing the extension if we don't want to use it or if
+ * the client hasn't offered it. */
+ if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED )
+ return;
+
+ /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX
+ * which is at most 255, so the increment cannot overflow. */
+ if( end < p || (size_t)( end - p ) < (unsigned)( ssl->own_cid_len + 5 ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+ return;
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding CID extension" ) );
+
+ /*
+ * Quoting draft-ietf-tls-dtls-connection-id-05
+ * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
+ *
+ * struct {
+ * opaque cid<0..2^8-1>;
+ * } ConnectionId;
+ */
+
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF );
+ ext_len = (size_t) ssl->own_cid_len + 1;
+ *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( ext_len ) & 0xFF );
+
+ *p++ = (uint8_t) ssl->own_cid_len;
+ memcpy( p, ssl->own_cid, ssl->own_cid_len );
+
+ *olen = ssl->own_cid_len + 5;
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -2266,7 +2422,7 @@
*olen = 0;
/* Skip costly computation if not needed */
- if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
+ if( ssl->handshake->ciphersuite_info->key_exchange !=
MBEDTLS_KEY_EXCHANGE_ECJPAKE )
return;
@@ -2391,7 +2547,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
@@ -2417,7 +2573,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
ssl->handshake->verify_cookie_len != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello was not authenticated" ) );
@@ -2581,6 +2737,11 @@
ext_len += olen;
#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif
+
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
@@ -2649,7 +2810,7 @@
static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
@@ -2672,7 +2833,7 @@
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
size_t dn_size, total_dn_size; /* excluding length bytes */
size_t ct_len, sa_len; /* including length bytes */
unsigned char *buf, *p;
@@ -2899,7 +3060,8 @@
size_t *signature_len )
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
+
#if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
unsigned char *dig_signed = NULL;
@@ -3265,7 +3427,7 @@
size_t signature_len = 0;
#if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED)
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
#endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
@@ -3369,7 +3531,7 @@
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
mbedtls_ssl_send_flight_completed( ssl );
#endif
@@ -3380,7 +3542,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
@@ -3711,7 +3873,7 @@
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
unsigned char *p, *end;
- ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ ciphersuite_info = ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) );
@@ -3994,7 +4156,7 @@
static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
@@ -4025,7 +4187,7 @@
#endif
mbedtls_md_type_t md_alg;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
@@ -4162,7 +4324,10 @@
}
/* Calculate hash and verify signature */
- ssl->handshake->calc_verify( ssl, hash );
+ {
+ size_t dummy_hlen;
+ ssl->handshake->calc_verify( ssl, hash, &dummy_hlen );
+ }
if( ( ret = mbedtls_pk_verify( &ssl->session_negotiate->peer_cert->pk,
md_alg, hash_start, hashlen,
@@ -4262,7 +4427,7 @@
return( ret );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
{
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 8492c19..5fe693c 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -157,115 +157,6 @@
}
/*
- * Serialize a session in the following format:
- * 0 . n-1 session structure, n = sizeof(mbedtls_ssl_session)
- * n . n+2 peer_cert length = m (0 if no certificate)
- * n+3 . n+2+m peer cert ASN.1
- */
-static int ssl_save_session( const mbedtls_ssl_session *session,
- unsigned char *buf, size_t buf_len,
- size_t *olen )
-{
- unsigned char *p = buf;
- size_t left = buf_len;
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- size_t cert_len;
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
- if( left < sizeof( mbedtls_ssl_session ) )
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-
- memcpy( p, session, sizeof( mbedtls_ssl_session ) );
- p += sizeof( mbedtls_ssl_session );
- left -= sizeof( mbedtls_ssl_session );
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- if( session->peer_cert == NULL )
- cert_len = 0;
- else
- cert_len = session->peer_cert->raw.len;
-
- if( left < 3 + cert_len )
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-
- *p++ = (unsigned char)( ( cert_len >> 16 ) & 0xFF );
- *p++ = (unsigned char)( ( cert_len >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( cert_len ) & 0xFF );
-
- if( session->peer_cert != NULL )
- memcpy( p, session->peer_cert->raw.p, cert_len );
-
- p += cert_len;
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
- *olen = p - buf;
-
- return( 0 );
-}
-
-/*
- * Unserialise session, see ssl_save_session()
- */
-static int ssl_load_session( mbedtls_ssl_session *session,
- const unsigned char *buf, size_t len )
-{
- const unsigned char *p = buf;
- const unsigned char * const end = buf + len;
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- size_t cert_len;
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
- if( sizeof( mbedtls_ssl_session ) > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- memcpy( session, p, sizeof( mbedtls_ssl_session ) );
- p += sizeof( mbedtls_ssl_session );
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- if( 3 > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
- p += 3;
-
- if( cert_len == 0 )
- {
- session->peer_cert = NULL;
- }
- else
- {
- int ret;
-
- if( cert_len > (size_t)( end - p ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
-
- if( session->peer_cert == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-
- mbedtls_x509_crt_init( session->peer_cert );
-
- if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert,
- p, cert_len ) ) != 0 )
- {
- mbedtls_x509_crt_free( session->peer_cert );
- mbedtls_free( session->peer_cert );
- session->peer_cert = NULL;
- return( ret );
- }
-
- p += cert_len;
- }
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
- if( p != end )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- return( 0 );
-}
-
-/*
* Create session ticket, with the following structure:
*
* struct {
@@ -323,8 +214,9 @@
goto cleanup;
/* Dump session state */
- if( ( ret = ssl_save_session( session,
- state, end - state, &clear_len ) ) != 0 ||
+ if( ( ret = mbedtls_ssl_session_save( session,
+ state, end - state,
+ &clear_len ) ) != 0 ||
(unsigned long) clear_len > 65535 )
{
goto cleanup;
@@ -441,7 +333,7 @@
}
/* Actually load session */
- if( ( ret = ssl_load_session( session, ticket, clear_len ) ) != 0 )
+ if( ( ret = mbedtls_ssl_session_load( session, ticket, clear_len ) ) != 0 )
goto cleanup;
#if defined(MBEDTLS_HAVE_TIME)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 38690fa..ca4ab36 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -47,6 +47,7 @@
#include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h"
#include "mbedtls/platform_util.h"
+#include "mbedtls/version.h"
#include <string.h>
@@ -60,12 +61,14 @@
/* Length of the "epoch" field in the record header */
static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
{
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- return( 2 );
-#else
+#if !defined(MBEDTLS_SSL_TRANSPORT__BOTH)
((void) ssl);
#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
+ return( 2 );
+#endif
return( 0 );
}
@@ -101,14 +104,106 @@
static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform );
-static void ssl_update_in_pointers( mbedtls_ssl_context *ssl,
- mbedtls_ssl_transform *transform );
+static void ssl_update_in_pointers( mbedtls_ssl_context *ssl );
#define SSL_DONT_FORCE_FLUSH 0
#define SSL_FORCE_FLUSH 1
#if defined(MBEDTLS_SSL_PROTO_DTLS)
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+/* Top-level Connection ID API */
+
+int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf,
+ size_t len,
+ int ignore_other_cid )
+{
+ if( len > MBEDTLS_SSL_CID_IN_LEN_MAX )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ if( ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_FAIL &&
+ ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_IGNORE )
+ {
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ conf->ignore_unexpected_cid = ignore_other_cid;
+ conf->cid_len = len;
+ return( 0 );
+}
+
+int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
+ int enable,
+ unsigned char const *own_cid,
+ size_t own_cid_len )
+{
+ if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ ssl->negotiate_cid = enable;
+ if( enable == MBEDTLS_SSL_CID_DISABLED )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Disable use of CID extension." ) );
+ return( 0 );
+ }
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Enable use of CID extension." ) );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Own CID", own_cid, own_cid_len );
+
+ if( own_cid_len != ssl->conf->cid_len )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "CID length %u does not match CID length %u in config",
+ (unsigned) own_cid_len,
+ (unsigned) ssl->conf->cid_len ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ memcpy( ssl->own_cid, own_cid, own_cid_len );
+ /* Truncation is not an issue here because
+ * MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */
+ ssl->own_cid_len = (uint8_t) own_cid_len;
+
+ return( 0 );
+}
+
+int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
+ int *enabled,
+ unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],
+ size_t *peer_cid_len )
+{
+ *enabled = MBEDTLS_SSL_CID_DISABLED;
+
+ if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) ||
+ ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ {
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ /* We report MBEDTLS_SSL_CID_DISABLED in case the CID extensions
+ * were used, but client and server requested the empty CID.
+ * This is indistinguishable from not using the CID extension
+ * in the first place. */
+ if( ssl->transform_in->in_cid_len == 0 &&
+ ssl->transform_in->out_cid_len == 0 )
+ {
+ return( 0 );
+ }
+
+ if( peer_cid_len != NULL )
+ {
+ *peer_cid_len = ssl->transform_in->out_cid_len;
+ if( peer_cid != NULL )
+ {
+ memcpy( peer_cid, ssl->transform_in->out_cid,
+ ssl->transform_in->out_cid_len );
+ }
+ }
+
+ *enabled = MBEDTLS_SSL_CID_ENABLED;
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
/* Forward declarations for functions related to message buffering. */
static void ssl_buffering_free( mbedtls_ssl_context *ssl );
static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
@@ -584,33 +679,75 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_SSL3)
-static void ssl_calc_verify_ssl( mbedtls_ssl_context *, unsigned char * );
+static void ssl_calc_verify_ssl( const mbedtls_ssl_context *, unsigned char *, size_t * );
static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int );
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-static void ssl_calc_verify_tls( mbedtls_ssl_context *, unsigned char * );
+static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char *, size_t * );
static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int );
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
-static void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *,unsigned char * );
+static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char *, size_t * );
static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
#endif
#if defined(MBEDTLS_SHA512_C)
static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t );
-static void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *, unsigned char * );
+static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char *, size_t * );
static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
+/* Type for the TLS PRF */
+typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
+ const unsigned char *, size_t,
+ unsigned char *, size_t);
+
+/*
+ * Populate a transform structure with session keys and all the other
+ * necessary information.
+ *
+ * Parameters:
+ * - [in/out]: transform: structure to populate
+ * [in] must be just initialised with mbedtls_ssl_transform_init()
+ * [out] fully populated, ready for use by mbedtls_ssl_{en,de}crypt_buf()
+ * - [in] ciphersuite
+ * - [in] master
+ * - [in] encrypt_then_mac
+ * - [in] trunc_hmac
+ * - [in] compression
+ * - [in] tls_prf: pointer to PRF to use for key derivation
+ * - [in] randbytes: buffer holding ServerHello.random + ClientHello.random
+ * - [in] minor_ver: SSL/TLS minor version
+ * - [in] endpoint: client or server
+ * - [in] ssl: optionally used for:
+ * - MBEDTLS_SSL_HW_RECORD_ACCEL: whole context
+ * - MBEDTLS_SSL_EXPORT_KEYS: ssl->conf->{f,p}_export_keys
+ * - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
+ */
+static int ssl_populate_transform( mbedtls_ssl_transform *transform,
+ int ciphersuite,
+ const unsigned char master[48],
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ int encrypt_then_mac,
+#endif
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+ int trunc_hmac,
+#endif
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+ int compression,
+#endif
+ ssl_tls_prf_t tls_prf,
+ const unsigned char randbytes[64],
+ int minor_ver,
+ unsigned endpoint,
+ const mbedtls_ssl_context *ssl )
{
int ret = 0;
- unsigned char tmp[64];
unsigned char keyblk[256];
unsigned char *key1;
unsigned char *key2;
@@ -618,173 +755,75 @@
unsigned char *mac_dec;
size_t mac_key_len;
size_t iv_copy_len;
+ unsigned keylen;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
const mbedtls_cipher_info_t *cipher_info;
const mbedtls_md_info_t *md_info;
- mbedtls_ssl_session *session = ssl->session_negotiate;
- mbedtls_ssl_transform *transform = ssl->transform_negotiate;
- mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+#if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL) && \
+ !defined(MBEDTLS_SSL_EXPORT_KEYS) && \
+ !defined(MBEDTLS_DEBUG_C)
+ ssl = NULL; /* make sure we don't use it except for those cases */
+ (void) ssl;
+#endif
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
+ /* Copy info about negotiated version and extensions */
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ transform->encrypt_then_mac = encrypt_then_mac;
+#endif
+ transform->minor_ver = minor_ver;
- cipher_info = mbedtls_cipher_info_from_type( transform->ciphersuite_info->cipher );
+ /*
+ * Get various info structures
+ */
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite );
+ if( ciphersuite_info == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %d not found",
+ ciphersuite ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+ cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
if( cipher_info == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found",
- transform->ciphersuite_info->cipher ) );
+ ciphersuite_info->cipher ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- md_info = mbedtls_md_info_from_type( transform->ciphersuite_info->mac );
+ md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
if( md_info == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found",
- transform->ciphersuite_info->mac ) );
+ ciphersuite_info->mac ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- /*
- * Set appropriate PRF function and other SSL / TLS / TLS1.2 functions
- */
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* Copy own and peer's CID if the use of the CID
+ * extension has been negotiated. */
+ if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED )
{
- handshake->tls_prf = ssl3_prf;
- handshake->calc_verify = ssl_calc_verify_ssl;
- handshake->calc_finished = ssl_calc_finished_ssl;
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) );
+
+ transform->in_cid_len = ssl->own_cid_len;
+ memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Incoming CID", transform->in_cid,
+ transform->in_cid_len );
+
+ transform->out_cid_len = ssl->handshake->peer_cid_len;
+ memcpy( transform->out_cid, ssl->handshake->peer_cid,
+ ssl->handshake->peer_cid_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid,
+ transform->out_cid_len );
}
- else
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- handshake->tls_prf = tls1_prf;
- handshake->calc_verify = ssl_calc_verify_tls;
- handshake->calc_finished = ssl_calc_finished_tls;
- }
- else
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA512_C)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
- transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
- {
- handshake->tls_prf = tls_prf_sha384;
- handshake->calc_verify = ssl_calc_verify_tls_sha384;
- handshake->calc_finished = ssl_calc_finished_tls_sha384;
- }
- else
-#endif
-#if defined(MBEDTLS_SHA256_C)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- handshake->tls_prf = tls_prf_sha256;
- handshake->calc_verify = ssl_calc_verify_tls_sha256;
- handshake->calc_finished = ssl_calc_finished_tls_sha256;
- }
- else
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/*
- * SSLv3:
- * master =
- * MD5( premaster + SHA1( 'A' + premaster + randbytes ) ) +
- * MD5( premaster + SHA1( 'BB' + premaster + randbytes ) ) +
- * MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) )
- *
- * TLSv1+:
- * master = PRF( premaster, "master secret", randbytes )[0..47]
+ * Compute key block using the PRF
*/
- if( handshake->resume == 0 )
- {
- MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
- handshake->pmslen );
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED )
- {
- unsigned char session_hash[48];
- size_t hash_len;
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "using extended master secret" ) );
-
- ssl->handshake->calc_verify( ssl, session_hash );
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
-#if defined(MBEDTLS_SHA512_C)
- if( ssl->transform_negotiate->ciphersuite_info->mac ==
- MBEDTLS_MD_SHA384 )
- {
- hash_len = 48;
- }
- else
-#endif
- hash_len = 32;
- }
- else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- hash_len = 36;
-
- MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len );
-
- ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
- "extended master secret",
- session_hash, hash_len,
- session->master, 48 );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
- return( ret );
- }
-
- }
- else
-#endif
- ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
- "master secret",
- handshake->randbytes, 64,
- session->master, 48 );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
- return( ret );
- }
-
- mbedtls_platform_zeroize( handshake->premaster,
- sizeof(handshake->premaster) );
- }
- else
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
-
- /*
- * Swap the client and server random values.
- */
- memcpy( tmp, handshake->randbytes, 64 );
- memcpy( handshake->randbytes, tmp + 32, 32 );
- memcpy( handshake->randbytes + 32, tmp, 32 );
- mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
-
- /*
- * SSLv3:
- * key block =
- * MD5( master + SHA1( 'A' + master + randbytes ) ) +
- * MD5( master + SHA1( 'BB' + master + randbytes ) ) +
- * MD5( master + SHA1( 'CCC' + master + randbytes ) ) +
- * MD5( master + SHA1( 'DDDD' + master + randbytes ) ) +
- * ...
- *
- * TLSv1:
- * key block = PRF( master, "key expansion", randbytes )
- */
- ret = handshake->tls_prf( session->master, 48, "key expansion",
- handshake->randbytes, 64, keyblk, 256 );
+ ret = tls_prf( master, 48, "key expansion", randbytes, 64, keyblk, 256 );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
@@ -792,28 +831,30 @@
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s",
- mbedtls_ssl_get_ciphersuite_name( session->ciphersuite ) ) );
- MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", session->master, 48 );
- MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
+ mbedtls_ssl_get_ciphersuite_name( ciphersuite ) ) );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", master, 48 );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", randbytes, 64 );
MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
- mbedtls_platform_zeroize( handshake->randbytes,
- sizeof( handshake->randbytes ) );
-
/*
* Determine the appropriate key, IV and MAC length.
*/
- transform->keylen = cipher_info->key_bitlen / 8;
+ keylen = cipher_info->key_bitlen / 8;
+#if defined(MBEDTLS_GCM_C) || \
+ defined(MBEDTLS_CCM_C) || \
+ defined(MBEDTLS_CHACHAPOLY_C)
if( cipher_info->mode == MBEDTLS_MODE_GCM ||
cipher_info->mode == MBEDTLS_MODE_CCM ||
cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
{
- size_t taglen, explicit_ivlen;
+ size_t explicit_ivlen;
transform->maclen = 0;
mac_key_len = 0;
+ transform->taglen =
+ ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
/* All modes haves 96-bit IVs;
* GCM and CCM has 4 implicit and 8 explicit bytes
@@ -825,16 +866,15 @@
else
transform->fixed_ivlen = 4;
- /* All modes have 128-bit tags, except CCM_8 (ciphersuite flag) */
- taglen = transform->ciphersuite_info->flags &
- MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
-
-
/* Minimum length of encrypted record */
explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
- transform->minlen = explicit_ivlen + taglen;
+ transform->minlen = explicit_ivlen + transform->taglen;
}
else
+#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
+ if( cipher_info->mode == MBEDTLS_MODE_STREAM ||
+ cipher_info->mode == MBEDTLS_MODE_CBC )
{
/* Initialize HMAC contexts */
if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
@@ -854,7 +894,7 @@
* (rfc 6066 page 13 or rfc 2104 section 4),
* so we only need to adjust the length here.
*/
- if( session->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
+ if( trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
{
transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN;
@@ -882,7 +922,7 @@
* 2. IV except for SSL3 and TLS 1.0
*/
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( session->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
+ if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
{
transform->minlen = transform->maclen
+ cipher_info->block_size;
@@ -896,14 +936,14 @@
}
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
- ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 )
+ if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
+ minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 )
; /* No need to adjust minlen */
else
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 ||
- ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 ||
+ minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
transform->minlen += transform->ivlen;
}
@@ -915,19 +955,27 @@
}
}
}
+ else
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
- transform->keylen, transform->minlen, transform->ivlen,
- transform->maclen ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, minlen: %u, ivlen: %u, maclen: %u",
+ (unsigned) keylen,
+ (unsigned) transform->minlen,
+ (unsigned) transform->ivlen,
+ (unsigned) transform->maclen ) );
/*
* Finally setup the cipher contexts, IVs and MAC secrets.
*/
#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ if( endpoint == MBEDTLS_SSL_IS_CLIENT )
{
key1 = keyblk + mac_key_len * 2;
- key2 = keyblk + mac_key_len * 2 + transform->keylen;
+ key2 = keyblk + mac_key_len * 2 + keylen;
mac_enc = keyblk;
mac_dec = keyblk + mac_key_len;
@@ -937,16 +985,16 @@
*/
iv_copy_len = ( transform->fixed_ivlen ) ?
transform->fixed_ivlen : transform->ivlen;
- memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len );
- memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len,
+ memcpy( transform->iv_enc, key2 + keylen, iv_copy_len );
+ memcpy( transform->iv_dec, key2 + keylen + iv_copy_len,
iv_copy_len );
}
else
#endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+ if( endpoint == MBEDTLS_SSL_IS_SERVER )
{
- key1 = keyblk + mac_key_len * 2 + transform->keylen;
+ key1 = keyblk + mac_key_len * 2 + keylen;
key2 = keyblk + mac_key_len * 2;
mac_enc = keyblk + mac_key_len;
@@ -957,8 +1005,8 @@
*/
iv_copy_len = ( transform->fixed_ivlen ) ?
transform->fixed_ivlen : transform->ivlen;
- memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len );
- memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
+ memcpy( transform->iv_dec, key1 + keylen, iv_copy_len );
+ memcpy( transform->iv_enc, key1 + keylen + iv_copy_len,
iv_copy_len );
}
else
@@ -968,10 +1016,11 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+ if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
- if( mac_key_len > sizeof transform->mac_enc )
+ if( mac_key_len > sizeof( transform->mac_enc ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -984,7 +1033,7 @@
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
+ if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
{
/* For HMAC-based ciphersuites, initialize the HMAC transforms.
For AEAD-based ciphersuites, there is nothing to do here. */
@@ -1000,6 +1049,7 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_init != NULL )
@@ -1008,7 +1058,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) );
- if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, transform->keylen,
+ if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, keylen,
transform->iv_enc, transform->iv_dec,
iv_copy_len,
mac_enc, mac_dec,
@@ -1018,14 +1068,17 @@
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
}
+#else
+ ((void) mac_dec);
+ ((void) mac_enc);
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
if( ssl->conf->f_export_keys != NULL )
{
ssl->conf->f_export_keys( ssl->conf->p_export_keys,
- session->master, keyblk,
- mac_key_len, transform->keylen,
+ master, keyblk,
+ mac_key_len, keylen,
iv_copy_len );
}
#endif
@@ -1081,23 +1134,10 @@
mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
+ /* Initialize Zlib contexts */
#if defined(MBEDTLS_ZLIB_SUPPORT)
- // Initialize compression
- //
- if( session->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
+ if( compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
{
- if( ssl->compress_buf == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) );
- ssl->compress_buf = mbedtls_calloc( 1, MBEDTLS_SSL_COMPRESS_BUFFER_LEN );
- if( ssl->compress_buf == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
- MBEDTLS_SSL_COMPRESS_BUFFER_LEN ) );
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
- }
- }
-
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) );
memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) );
@@ -1113,13 +1153,231 @@
}
#endif /* MBEDTLS_ZLIB_SUPPORT */
+ return( 0 );
+}
+
+/*
+ * Set appropriate PRF function and other SSL / TLS 1.0/1.1 / TLS1.2 functions
+ *
+ * Inputs:
+ * - SSL/TLS minor version
+ * - hash associated with the ciphersuite (only used by TLS 1.2)
+ *
+ * Outputs:
+ * - the tls_prf, calc_verify and calc_finished members of handshake structure
+ */
+static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
+ int minor_ver,
+ mbedtls_md_type_t hash )
+{
+#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) || !defined(MBEDTLS_SHA512_C)
+ (void) hash;
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+ if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+ {
+ handshake->tls_prf = ssl3_prf;
+ handshake->calc_verify = ssl_calc_verify_ssl;
+ handshake->calc_finished = ssl_calc_finished_ssl;
+ }
+ else
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
+ if( minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
+ {
+ handshake->tls_prf = tls1_prf;
+ handshake->calc_verify = ssl_calc_verify_tls;
+ handshake->calc_finished = ssl_calc_finished_tls;
+ }
+ else
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA512_C)
+ if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
+ hash == MBEDTLS_MD_SHA384 )
+ {
+ handshake->tls_prf = tls_prf_sha384;
+ handshake->calc_verify = ssl_calc_verify_tls_sha384;
+ handshake->calc_finished = ssl_calc_finished_tls_sha384;
+ }
+ else
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ {
+ handshake->tls_prf = tls_prf_sha256;
+ handshake->calc_verify = ssl_calc_verify_tls_sha256;
+ handshake->calc_finished = ssl_calc_finished_tls_sha256;
+ }
+ else
+#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+ {
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ return( 0 );
+}
+
+/*
+ * Compute master secret if needed
+ *
+ * Parameters:
+ * [in/out] handshake
+ * [in] resume, premaster, extended_ms, calc_verify, tls_prf
+ * [out] premaster (cleared)
+ * [out] master
+ * [in] ssl: optionally used for debugging and calc_verify
+ */
+static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
+ unsigned char *master,
+ const mbedtls_ssl_context *ssl )
+{
+ int ret;
+
+#if !defined(MBEDTLS_DEBUG_C) && !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ ssl = NULL; /* make sure we don't use it except for debug and EMS */
+ (void) ssl;
+#endif
+
+ if( handshake->resume != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
+ return( 0 );
+ }
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
+ handshake->pmslen );
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ if( handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED )
+ {
+ unsigned char session_hash[48];
+ size_t hash_len;
+
+ handshake->calc_verify( ssl, session_hash, &hash_len );
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "session hash for extended master secret",
+ session_hash, hash_len );
+
+ ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
+ "extended master secret",
+ session_hash, hash_len,
+ master, 48 );
+ }
+ else
+#endif
+ {
+ ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
+ "master secret",
+ handshake->randbytes, 64,
+ master, 48 );
+ }
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
+ return( ret );
+ }
+
+ mbedtls_platform_zeroize( handshake->premaster,
+ sizeof(handshake->premaster) );
+
+ return( 0 );
+}
+
+int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
+{
+ int ret;
+ const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
+ ssl->handshake->ciphersuite_info;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
+
+ /* Set PRF, calc_verify and calc_finished function pointers */
+ ret = ssl_set_handshake_prfs( ssl->handshake,
+ ssl->minor_ver,
+ ciphersuite_info->mac );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_set_handshake_prfs", ret );
+ return( ret );
+ }
+
+ /* Compute master secret if needed */
+ ret = ssl_compute_master( ssl->handshake,
+ ssl->session_negotiate->master,
+ ssl );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compute_master", ret );
+ return( ret );
+ }
+
+ /* Swap the client and server random values:
+ * - MS derivation wanted client+server (RFC 5246 8.1)
+ * - key derivation wants server+client (RFC 5246 6.3) */
+ {
+ unsigned char tmp[64];
+ memcpy( tmp, ssl->handshake->randbytes, 64 );
+ memcpy( ssl->handshake->randbytes, tmp + 32, 32 );
+ memcpy( ssl->handshake->randbytes + 32, tmp, 32 );
+ mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+ }
+
+ /* Populate transform structure */
+ ret = ssl_populate_transform( ssl->transform_negotiate,
+ ssl->session_negotiate->ciphersuite,
+ ssl->session_negotiate->master,
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ ssl->session_negotiate->encrypt_then_mac,
+#endif
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+ ssl->session_negotiate->trunc_hmac,
+#endif
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+ ssl->session_negotiate->compression,
+#endif
+ ssl->handshake->tls_prf,
+ ssl->handshake->randbytes,
+ ssl->minor_ver,
+ ssl->conf->endpoint,
+ ssl );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_populate_transform", ret );
+ return( ret );
+ }
+
+ /* We no longer need Server/ClientHello.random values */
+ mbedtls_platform_zeroize( ssl->handshake->randbytes,
+ sizeof( ssl->handshake->randbytes ) );
+
+ /* Allocate compression buffer */
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+ if( session->compression == MBEDTLS_SSL_COMPRESS_DEFLATE &&
+ ssl->compress_buf == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) );
+ ssl->compress_buf = mbedtls_calloc( 1, MBEDTLS_SSL_COMPRESS_BUFFER_LEN );
+ if( ssl->compress_buf == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
+ MBEDTLS_SSL_COMPRESS_BUFFER_LEN ) );
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ }
+ }
+#endif
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
return( 0 );
}
#if defined(MBEDTLS_SSL_PROTO_SSL3)
-void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] )
+void ssl_calc_verify_ssl( const mbedtls_ssl_context *ssl,
+ unsigned char hash[36],
+ size_t *hlen )
{
mbedtls_md5_context md5;
mbedtls_sha1_context sha1;
@@ -1157,7 +1415,9 @@
mbedtls_sha1_update_ret( &sha1, hash + 16, 20 );
mbedtls_sha1_finish_ret( &sha1, hash + 16 );
- MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
+ *hlen = 36;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
mbedtls_md5_free( &md5 );
@@ -1168,7 +1428,9 @@
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] )
+void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl,
+ unsigned char hash[36],
+ size_t *hlen )
{
mbedtls_md5_context md5;
mbedtls_sha1_context sha1;
@@ -1184,7 +1446,9 @@
mbedtls_md5_finish_ret( &md5, hash );
mbedtls_sha1_finish_ret( &sha1, hash + 16 );
- MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
+ *hlen = 36;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
mbedtls_md5_free( &md5 );
@@ -1196,7 +1460,9 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
-void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] )
+void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl,
+ unsigned char hash[32],
+ size_t *hlen )
{
mbedtls_sha256_context sha256;
@@ -1207,7 +1473,9 @@
mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
mbedtls_sha256_finish_ret( &sha256, hash );
- MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 );
+ *hlen = 32;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
mbedtls_sha256_free( &sha256 );
@@ -1217,7 +1485,9 @@
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA512_C)
-void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] )
+void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl,
+ unsigned char hash[48],
+ size_t *hlen )
{
mbedtls_sha512_context sha512;
@@ -1228,7 +1498,9 @@
mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
mbedtls_sha512_finish_ret( &sha512, hash );
- MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 );
+ *hlen = 48;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
mbedtls_sha512_free( &sha512 );
@@ -1407,15 +1679,9 @@
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
- ( defined(MBEDTLS_CIPHER_MODE_CBC) && \
- ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C)) )
-#define SSL_SOME_MODES_USE_MAC
-#endif
-
/* The function below is only used in the Lucky 13 counter-measure in
- * ssl_decrypt_buf(). These are the defines that guard the call site. */
-#if defined(SSL_SOME_MODES_USE_MAC) && \
+ * mbedtls_ssl_decrypt_buf(). These are the defines that guard the call site. */
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) && \
( defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2) )
@@ -1437,65 +1703,267 @@
/*
* Encryption/decryption functions
*/
-static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+/* This functions transforms a DTLS plaintext fragment and a record content
+ * type into an instance of the DTLSInnerPlaintext structure:
+ *
+ * struct {
+ * opaque content[DTLSPlaintext.length];
+ * ContentType real_type;
+ * uint8 zeros[length_of_padding];
+ * } DTLSInnerPlaintext;
+ *
+ * Input:
+ * - `content`: The beginning of the buffer holding the
+ * plaintext to be wrapped.
+ * - `*content_size`: The length of the plaintext in Bytes.
+ * - `max_len`: The number of Bytes available starting from
+ * `content`. This must be `>= *content_size`.
+ * - `rec_type`: The desired record content type.
+ *
+ * Output:
+ * - `content`: The beginning of the resulting DTLSInnerPlaintext structure.
+ * - `*content_size`: The length of the resulting DTLSInnerPlaintext structure.
+ *
+ * Returns:
+ * - `0` on success.
+ * - A negative error code if `max_len` didn't offer enough space
+ * for the expansion.
+ */
+static int ssl_cid_build_inner_plaintext( unsigned char *content,
+ size_t *content_size,
+ size_t remaining,
+ uint8_t rec_type )
+{
+ size_t len = *content_size;
+ size_t pad = ( MBEDTLS_SSL_CID_PADDING_GRANULARITY -
+ ( len + 1 ) % MBEDTLS_SSL_CID_PADDING_GRANULARITY ) %
+ MBEDTLS_SSL_CID_PADDING_GRANULARITY;
+
+ /* Write real content type */
+ if( remaining == 0 )
+ return( -1 );
+ content[ len ] = rec_type;
+ len++;
+ remaining--;
+
+ if( remaining < pad )
+ return( -1 );
+ memset( content + len, 0, pad );
+ len += pad;
+ remaining -= pad;
+
+ *content_size = len;
+ return( 0 );
+}
+
+/* This function parses a DTLSInnerPlaintext structure.
+ * See ssl_cid_build_inner_plaintext() for details. */
+static int ssl_cid_parse_inner_plaintext( unsigned char const *content,
+ size_t *content_size,
+ uint8_t *rec_type )
+{
+ size_t remaining = *content_size;
+
+ /* Determine length of padding by skipping zeroes from the back. */
+ do
+ {
+ if( remaining == 0 )
+ return( -1 );
+ remaining--;
+ } while( content[ remaining ] == 0 );
+
+ *content_size = remaining;
+ *rec_type = content[ remaining ];
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+/* `add_data` must have size 13 Bytes if the CID extension is disabled,
+ * and 13 + 1 + CID-length Bytes if the CID extension is enabled. */
+static void ssl_extract_add_data_from_record( unsigned char* add_data,
+ size_t *add_data_len,
+ mbedtls_record *rec )
+{
+ /* Quoting RFC 5246 (TLS 1.2):
+ *
+ * additional_data = seq_num + TLSCompressed.type +
+ * TLSCompressed.version + TLSCompressed.length;
+ *
+ * For the CID extension, this is extended as follows
+ * (quoting draft-ietf-tls-dtls-connection-id-05,
+ * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05):
+ *
+ * additional_data = seq_num + DTLSPlaintext.type +
+ * DTLSPlaintext.version +
+ * cid +
+ * cid_length +
+ * length_of_DTLSInnerPlaintext;
+ */
+
+ memcpy( add_data, rec->ctr, sizeof( rec->ctr ) );
+ add_data[8] = rec->type;
+ memcpy( add_data + 9, rec->ver, sizeof( rec->ver ) );
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( rec->cid_len != 0 )
+ {
+ memcpy( add_data + 11, rec->cid, rec->cid_len );
+ add_data[11 + rec->cid_len + 0] = rec->cid_len;
+ add_data[11 + rec->cid_len + 1] = ( rec->data_len >> 8 ) & 0xFF;
+ add_data[11 + rec->cid_len + 2] = ( rec->data_len >> 0 ) & 0xFF;
+ *add_data_len = 13 + 1 + rec->cid_len;
+ }
+ else
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ {
+ add_data[11 + 0] = ( rec->data_len >> 8 ) & 0xFF;
+ add_data[11 + 1] = ( rec->data_len >> 0 ) & 0xFF;
+ *add_data_len = 13;
+ }
+}
+
+int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform,
+ mbedtls_record *rec,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
mbedtls_cipher_mode_t mode;
int auth_done = 0;
+ unsigned char * data;
+ unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
+ size_t add_data_len;
+ size_t post_avail;
+
+ /* The SSL context is only used for debugging purposes! */
+#if !defined(MBEDTLS_DEBUG_C)
+ ssl = NULL; /* make sure we don't use it except for debug */
+ ((void) ssl);
+#endif
+
+ /* The PRNG is used for dynamic IV generation that's used
+ * for CBC transformations in TLS 1.1 and TLS 1.2. */
+#if !( defined(MBEDTLS_CIPHER_MODE_CBC) && \
+ ( defined(MBEDTLS_AES_C) || \
+ defined(MBEDTLS_ARIA_C) || \
+ defined(MBEDTLS_CAMELLIA_C) ) && \
+ ( defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) ) )
+ ((void) f_rng);
+ ((void) p_rng);
+#endif
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
- if( ssl->session_out == NULL || ssl->transform_out == NULL )
+ if( transform == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "no transform provided to encrypt_buf" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+ if( rec == NULL
+ || rec->buf == NULL
+ || rec->buf_len < rec->data_offset
+ || rec->buf_len - rec->data_offset < rec->data_len
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ || rec->cid_len != 0
+#endif
+ )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to encrypt_buf" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc );
-
+ data = rec->buf + rec->data_offset;
+ post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
- ssl->out_msg, ssl->out_msglen );
+ data, rec->data_len );
+
+ mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc );
+
+ if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %u too large, maximum %d",
+ (unsigned) rec->data_len,
+ MBEDTLS_SSL_OUT_CONTENT_LEN ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /*
+ * Add CID information
+ */
+ rec->cid_len = transform->out_cid_len;
+ memcpy( rec->cid, transform->out_cid, transform->out_cid_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "CID", rec->cid, rec->cid_len );
+
+ if( rec->cid_len != 0 )
+ {
+ /*
+ * Wrap plaintext into DTLSInnerPlaintext structure.
+ * See ssl_cid_build_inner_plaintext() for more information.
+ *
+ * Note that this changes `rec->data_len`, and hence
+ * `post_avail` needs to be recalculated afterwards.
+ */
+ if( ssl_cid_build_inner_plaintext( data,
+ &rec->data_len,
+ post_avail,
+ rec->type ) != 0 )
+ {
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
+
+ rec->type = MBEDTLS_SSL_MSG_CID;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
/*
* Add MAC before if needed
*/
-#if defined(SSL_SOME_MODES_USE_MAC)
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
if( mode == MBEDTLS_MODE_STREAM ||
( mode == MBEDTLS_MODE_CBC
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- && ssl->session_out->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
+ && transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
#endif
) )
{
+ if( post_avail < transform->maclen )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
+
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+ if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
unsigned char mac[SSL_MAC_MAX_BYTES];
-
- ssl_mac( &ssl->transform_out->md_ctx_enc,
- ssl->transform_out->mac_enc,
- ssl->out_msg, ssl->out_msglen,
- ssl->out_ctr, ssl->out_msgtype,
- mac );
-
- memcpy( ssl->out_msg + ssl->out_msglen, mac, ssl->transform_out->maclen );
+ ssl_mac( &transform->md_ctx_enc, transform->mac_enc,
+ data, rec->data_len, rec->ctr, rec->type, mac );
+ memcpy( data + rec->data_len, mac, transform->maclen );
}
else
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
+ if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
{
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
- mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 8 );
- mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_hdr, 3 );
- mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_len, 2 );
- mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc,
- ssl->out_msg, ssl->out_msglen );
- mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, mac );
- mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc );
+ ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
- memcpy( ssl->out_msg + ssl->out_msglen, mac, ssl->transform_out->maclen );
+ mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
+ add_data_len );
+ mbedtls_md_hmac_update( &transform->md_ctx_enc,
+ data, rec->data_len );
+ mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
+ mbedtls_md_hmac_reset( &transform->md_ctx_enc );
+
+ memcpy( data + rec->data_len, mac, transform->maclen );
}
else
#endif
@@ -1504,14 +1972,14 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac",
- ssl->out_msg + ssl->out_msglen,
- ssl->transform_out->maclen );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", data + rec->data_len,
+ transform->maclen );
- ssl->out_msglen += ssl->transform_out->maclen;
+ rec->data_len += transform->maclen;
+ post_avail -= transform->maclen;
auth_done++;
}
-#endif /* AEAD not the only option */
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
/*
* Encrypt
@@ -1520,23 +1988,21 @@
if( mode == MBEDTLS_MODE_STREAM )
{
int ret;
- size_t olen = 0;
-
+ size_t olen;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
- "including %d bytes of padding",
- ssl->out_msglen, 0 ) );
+ "including %d bytes of padding",
+ rec->data_len, 0 ) );
- if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
- ssl->transform_out->iv_enc,
- ssl->transform_out->ivlen,
- ssl->out_msg, ssl->out_msglen,
- ssl->out_msg, &olen ) ) != 0 )
+ if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
+ transform->iv_enc, transform->ivlen,
+ data, rec->data_len,
+ data, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
- if( ssl->out_msglen != olen )
+ if( rec->data_len != olen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -1544,6 +2010,7 @@
}
else
#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
+
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
@@ -1552,26 +2019,17 @@
mode == MBEDTLS_MODE_CHACHAPOLY )
{
int ret;
- size_t enc_msglen, olen;
- unsigned char *enc_msg;
- unsigned char add_data[13];
unsigned char iv[12];
- mbedtls_ssl_transform *transform = ssl->transform_out;
- unsigned char taglen = transform->ciphersuite_info->flags &
- MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
- size_t explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
+ size_t explicit_iv_len = transform->ivlen - transform->fixed_ivlen;
- /*
- * Prepare additional authenticated data
- */
- memcpy( add_data, ssl->out_ctr, 8 );
- add_data[8] = ssl->out_msgtype;
- mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
- ssl->conf->transport, add_data + 9 );
- add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF;
- add_data[12] = ssl->out_msglen & 0xFF;
-
- MBEDTLS_SSL_DEBUG_BUF( 4, "additional data for AEAD", add_data, 13 );
+ /* Check that there's space for both the authentication tag
+ * and the explicit IV before and after the record content. */
+ if( post_avail < transform->taglen ||
+ rec->data_offset < explicit_iv_len )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
/*
* Generate IV
@@ -1580,9 +2038,10 @@
{
/* GCM and CCM: fixed || explicit (=seqnum) */
memcpy( iv, transform->iv_enc, transform->fixed_ivlen );
- memcpy( iv + transform->fixed_ivlen, ssl->out_ctr, 8 );
- memcpy( ssl->out_iv, ssl->out_ctr, 8 );
-
+ memcpy( iv + transform->fixed_ivlen, rec->ctr,
+ explicit_iv_len );
+ /* Prefix record content with explicit IV. */
+ memcpy( data - explicit_iv_len, rec->ctr, explicit_iv_len );
}
else if( transform->ivlen == 12 && transform->fixed_ivlen == 12 )
{
@@ -1592,7 +2051,7 @@
memcpy( iv, transform->iv_enc, transform->fixed_ivlen );
for( i = 0; i < 8; i++ )
- iv[i+4] ^= ssl->out_ctr[i];
+ iv[i+4] ^= rec->ctr[i];
}
else
{
@@ -1601,46 +2060,40 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+ ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
+
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
iv, transform->ivlen );
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)",
- ssl->out_iv, explicit_ivlen );
-
- /*
- * Fix message length with added IV
- */
- enc_msg = ssl->out_msg;
- enc_msglen = ssl->out_msglen;
- ssl->out_msglen += explicit_ivlen;
-
+ data - explicit_iv_len, explicit_iv_len );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
+ add_data, add_data_len );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
"including 0 bytes of padding",
- ssl->out_msglen ) );
+ rec->data_len ) );
/*
* Encrypt and authenticate
*/
+
if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc,
- iv, transform->ivlen,
- add_data, 13,
- enc_msg, enc_msglen,
- enc_msg, &olen,
- enc_msg + enc_msglen, taglen ) ) != 0 )
+ iv, transform->ivlen,
+ add_data, add_data_len, /* add data */
+ data, rec->data_len, /* source */
+ data, &rec->data_len, /* destination */
+ data + rec->data_len, transform->taglen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret );
return( ret );
}
- if( olen != enc_msglen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
+ MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
+ data + rec->data_len, transform->taglen );
- ssl->out_msglen += taglen;
+ rec->data_len += transform->taglen + explicit_iv_len;
+ rec->data_offset -= explicit_iv_len;
+ post_avail -= transform->taglen;
auth_done++;
-
- MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, taglen );
}
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
@@ -1649,81 +2102,97 @@
if( mode == MBEDTLS_MODE_CBC )
{
int ret;
- unsigned char *enc_msg;
- size_t enc_msglen, padlen, olen = 0, i;
+ size_t padlen, i;
+ size_t olen;
- padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) %
- ssl->transform_out->ivlen;
- if( padlen == ssl->transform_out->ivlen )
+ /* Currently we're always using minimal padding
+ * (up to 255 bytes would be allowed). */
+ padlen = transform->ivlen - ( rec->data_len + 1 ) % transform->ivlen;
+ if( padlen == transform->ivlen )
padlen = 0;
+ /* Check there's enough space in the buffer for the padding. */
+ if( post_avail < padlen + 1 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
+
for( i = 0; i <= padlen; i++ )
- ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen;
+ data[rec->data_len + i] = (unsigned char) padlen;
- ssl->out_msglen += padlen + 1;
-
- enc_msglen = ssl->out_msglen;
- enc_msg = ssl->out_msg;
+ rec->data_len += padlen + 1;
+ post_avail -= padlen + 1;
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
/*
* Prepend per-record IV for block cipher in TLS v1.1 and up as per
* Method 1 (6.2.3.2. in RFC4346 and RFC5246)
*/
- if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+ if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
{
+ if( f_rng == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "No PRNG provided to encrypt_record routine" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ if( rec->data_offset < transform->ivlen )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
+
/*
* Generate IV
*/
- ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc,
- ssl->transform_out->ivlen );
+ ret = f_rng( p_rng, transform->iv_enc, transform->ivlen );
if( ret != 0 )
return( ret );
- memcpy( ssl->out_iv, ssl->transform_out->iv_enc,
- ssl->transform_out->ivlen );
+ memcpy( data - transform->ivlen, transform->iv_enc,
+ transform->ivlen );
- /*
- * Fix pointer positions and message length with added IV
- */
- enc_msg = ssl->out_msg;
- enc_msglen = ssl->out_msglen;
- ssl->out_msglen += ssl->transform_out->ivlen;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
"including %d bytes of IV and %d bytes of padding",
- ssl->out_msglen, ssl->transform_out->ivlen,
+ rec->data_len, transform->ivlen,
padlen + 1 ) );
- if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
- ssl->transform_out->iv_enc,
- ssl->transform_out->ivlen,
- enc_msg, enc_msglen,
- enc_msg, &olen ) ) != 0 )
+ if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
+ transform->iv_enc,
+ transform->ivlen,
+ data, rec->data_len,
+ data, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
- if( enc_msglen != olen )
+ if( rec->data_len != olen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
- if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
+ if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
{
/*
* Save IV in SSL3 and TLS1
*/
- memcpy( ssl->transform_out->iv_enc,
- ssl->transform_out->cipher_ctx_enc.iv,
- ssl->transform_out->ivlen );
+ memcpy( transform->iv_enc, transform->cipher_ctx_enc.iv,
+ transform->ivlen );
}
+ else
#endif
+ {
+ data -= transform->ivlen;
+ rec->data_offset -= transform->ivlen;
+ rec->data_len += transform->ivlen;
+ }
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( auth_done == 0 )
@@ -1738,27 +2207,30 @@
* IV + // except for TLS 1.0
* ENC(content + padding + padding_length));
*/
- unsigned char pseudo_hdr[13];
+
+ if( post_avail < transform->maclen)
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
+
+ ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
+ add_data_len );
- memcpy( pseudo_hdr + 0, ssl->out_ctr, 8 );
- memcpy( pseudo_hdr + 8, ssl->out_hdr, 3 );
- pseudo_hdr[11] = (unsigned char)( ( ssl->out_msglen >> 8 ) & 0xFF );
- pseudo_hdr[12] = (unsigned char)( ( ssl->out_msglen ) & 0xFF );
+ mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
+ add_data_len );
+ mbedtls_md_hmac_update( &transform->md_ctx_enc,
+ data, rec->data_len );
+ mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
+ mbedtls_md_hmac_reset( &transform->md_ctx_enc );
- MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 );
+ memcpy( data + rec->data_len, mac, transform->maclen );
- mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 );
- mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc,
- ssl->out_iv, ssl->out_msglen );
- mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, mac );
- mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc );
-
- memcpy( ssl->out_iv + ssl->out_msglen, mac,
- ssl->transform_out->maclen );
-
- ssl->out_msglen += ssl->transform_out->maclen;
+ rec->data_len += transform->maclen;
+ post_avail -= transform->maclen;
auth_done++;
}
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
@@ -1783,50 +2255,69 @@
return( 0 );
}
-static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
+ mbedtls_ssl_transform *transform,
+ mbedtls_record *rec )
{
+ size_t olen;
mbedtls_cipher_mode_t mode;
- int auth_done = 0;
-#if defined(SSL_SOME_MODES_USE_MAC)
+ int ret, auth_done = 0;
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
size_t padlen = 0, correct = 1;
#endif
+ unsigned char* data;
+ unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_IN_LEN_MAX ];
+ size_t add_data_len;
+
+#if !defined(MBEDTLS_DEBUG_C)
+ ssl = NULL; /* make sure we don't use it except for debug */
+ ((void) ssl);
+#endif
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
-
- if( ssl->session_in == NULL || ssl->transform_in == NULL )
+ if( transform == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "no transform provided to decrypt_buf" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+ if( rec == NULL ||
+ rec->buf == NULL ||
+ rec->buf_len < rec->data_offset ||
+ rec->buf_len - rec->data_offset < rec->data_len )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to decrypt_buf" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_in->cipher_ctx_dec );
+ data = rec->buf + rec->data_offset;
+ mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec );
- if( ssl->in_msglen < ssl->transform_in->minlen )
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /*
+ * Match record's CID with incoming CID.
+ */
+ if( rec->cid_len != transform->in_cid_len ||
+ memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)",
- ssl->in_msglen, ssl->transform_in->minlen ) );
- return( MBEDTLS_ERR_SSL_INVALID_MAC );
+ return( MBEDTLS_ERR_SSL_UNEXPECTED_CID );
}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
if( mode == MBEDTLS_MODE_STREAM )
{
- int ret;
- size_t olen = 0;
-
padlen = 0;
-
- if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec,
- ssl->transform_in->iv_dec,
- ssl->transform_in->ivlen,
- ssl->in_msg, ssl->in_msglen,
- ssl->in_msg, &olen ) ) != 0 )
+ if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec,
+ transform->iv_dec,
+ transform->ivlen,
+ data, rec->data_len,
+ data, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
- if( ssl->in_msglen != olen )
+ if( rec->data_len != olen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -1841,44 +2332,19 @@
mode == MBEDTLS_MODE_CCM ||
mode == MBEDTLS_MODE_CHACHAPOLY )
{
- int ret;
- size_t dec_msglen, olen;
- unsigned char *dec_msg;
- unsigned char *dec_msg_result;
- unsigned char add_data[13];
unsigned char iv[12];
- mbedtls_ssl_transform *transform = ssl->transform_in;
- unsigned char taglen = transform->ciphersuite_info->flags &
- MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
size_t explicit_iv_len = transform->ivlen - transform->fixed_ivlen;
/*
* Compute and update sizes
*/
- if( ssl->in_msglen < explicit_iv_len + taglen )
+ if( rec->data_len < explicit_iv_len + transform->taglen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) "
- "+ taglen (%d)", ssl->in_msglen,
- explicit_iv_len, taglen ) );
+ "+ taglen (%d)", rec->data_len,
+ explicit_iv_len, transform->taglen ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
- dec_msglen = ssl->in_msglen - explicit_iv_len - taglen;
-
- dec_msg = ssl->in_msg;
- dec_msg_result = ssl->in_msg;
- ssl->in_msglen = dec_msglen;
-
- /*
- * Prepare additional authenticated data
- */
- memcpy( add_data, ssl->in_ctr, 8 );
- add_data[8] = ssl->in_msgtype;
- mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
- ssl->conf->transport, add_data + 9 );
- add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF;
- add_data[12] = ssl->in_msglen & 0xFF;
-
- MBEDTLS_SSL_DEBUG_BUF( 4, "additional data for AEAD", add_data, 13 );
/*
* Prepare IV
@@ -1887,7 +2353,7 @@
{
/* GCM and CCM: fixed || explicit (transmitted) */
memcpy( iv, transform->iv_dec, transform->fixed_ivlen );
- memcpy( iv + transform->fixed_ivlen, ssl->in_iv, 8 );
+ memcpy( iv + transform->fixed_ivlen, data, 8 );
}
else if( transform->ivlen == 12 && transform->fixed_ivlen == 12 )
@@ -1898,7 +2364,7 @@
memcpy( iv, transform->iv_dec, transform->fixed_ivlen );
for( i = 0; i < 8; i++ )
- iv[i+4] ^= ssl->in_ctr[i];
+ iv[i+4] ^= rec->ctr[i];
}
else
{
@@ -1907,18 +2373,32 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+ data += explicit_iv_len;
+ rec->data_offset += explicit_iv_len;
+ rec->data_len -= explicit_iv_len + transform->taglen;
+
+ ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
+ add_data, add_data_len );
+
+ memcpy( transform->iv_dec + transform->fixed_ivlen,
+ data - explicit_iv_len, explicit_iv_len );
+
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", iv, transform->ivlen );
- MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, taglen );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", data + rec->data_len,
+ transform->taglen );
+
/*
* Decrypt and authenticate
*/
- if( ( ret = mbedtls_cipher_auth_decrypt( &ssl->transform_in->cipher_ctx_dec,
- iv, transform->ivlen,
- add_data, 13,
- dec_msg, dec_msglen,
- dec_msg_result, &olen,
- dec_msg + dec_msglen, taglen ) ) != 0 )
+ if( ( ret = mbedtls_cipher_auth_decrypt( &transform->cipher_ctx_dec,
+ iv, transform->ivlen,
+ add_data, add_data_len,
+ data, rec->data_len,
+ data, &olen,
+ data + rec->data_len,
+ transform->taglen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret );
@@ -1929,7 +2409,7 @@
}
auth_done++;
- if( olen != dec_msglen )
+ if( olen != rec->data_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -1941,75 +2421,83 @@
( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) )
if( mode == MBEDTLS_MODE_CBC )
{
- /*
- * Decrypt and check the padding
- */
- int ret;
- unsigned char *dec_msg;
- unsigned char *dec_msg_result;
- size_t dec_msglen;
size_t minlen = 0;
- size_t olen = 0;
/*
* Check immediate ciphertext sanity
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
- minlen += ssl->transform_in->ivlen;
+ if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+ {
+ /* The ciphertext is prefixed with the CBC IV. */
+ minlen += transform->ivlen;
+ }
#endif
- if( ssl->in_msglen < minlen + ssl->transform_in->ivlen ||
- ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 )
+ /* Size considerations:
+ *
+ * - The CBC cipher text must not be empty and hence
+ * at least of size transform->ivlen.
+ *
+ * Together with the potential IV-prefix, this explains
+ * the first of the two checks below.
+ *
+ * - The record must contain a MAC, either in plain or
+ * encrypted, depending on whether Encrypt-then-MAC
+ * is used or not.
+ * - If it is, the message contains the IV-prefix,
+ * the CBC ciphertext, and the MAC.
+ * - If it is not, the padded plaintext, and hence
+ * the CBC ciphertext, has at least length maclen + 1
+ * because there is at least the padding length byte.
+ *
+ * As the CBC ciphertext is not empty, both cases give the
+ * lower bound minlen + maclen + 1 on the record size, which
+ * we test for in the second check below.
+ */
+ if( rec->data_len < minlen + transform->ivlen ||
+ rec->data_len < minlen + transform->maclen + 1 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) "
- "+ 1 ) ( + expl IV )", ssl->in_msglen,
- ssl->transform_in->ivlen,
- ssl->transform_in->maclen ) );
+ "+ 1 ) ( + expl IV )", rec->data_len,
+ transform->ivlen,
+ transform->maclen ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
- dec_msglen = ssl->in_msglen;
- dec_msg = ssl->in_msg;
- dec_msg_result = ssl->in_msg;
-
/*
* Authenticate before decrypt if enabled
*/
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( ssl->session_in->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
+ if( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
{
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
- unsigned char pseudo_hdr[13];
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
- dec_msglen -= ssl->transform_in->maclen;
- ssl->in_msglen -= ssl->transform_in->maclen;
+ /* Safe due to the check data_len >= minlen + maclen + 1 above. */
+ rec->data_len -= transform->maclen;
- memcpy( pseudo_hdr + 0, ssl->in_ctr, 8 );
- memcpy( pseudo_hdr + 8, ssl->in_hdr, 3 );
- pseudo_hdr[11] = (unsigned char)( ( ssl->in_msglen >> 8 ) & 0xFF );
- pseudo_hdr[12] = (unsigned char)( ( ssl->in_msglen ) & 0xFF );
+ ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
- MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
+ add_data_len );
+ mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data,
+ add_data_len );
+ mbedtls_md_hmac_update( &transform->md_ctx_dec,
+ data, rec->data_len );
+ mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect );
+ mbedtls_md_hmac_reset( &transform->md_ctx_dec );
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, pseudo_hdr, 13 );
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec,
- ssl->in_iv, ssl->in_msglen );
- mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect );
- mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec );
-
- MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_iv + ssl->in_msglen,
- ssl->transform_in->maclen );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", data + rec->data_len,
+ transform->maclen );
MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect,
- ssl->transform_in->maclen );
+ transform->maclen );
- if( mbedtls_ssl_safer_memcmp( ssl->in_iv + ssl->in_msglen, mac_expect,
- ssl->transform_in->maclen ) != 0 )
+ if( mbedtls_ssl_safer_memcmp( data + rec->data_len, mac_expect,
+ transform->maclen ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
-
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
auth_done++;
@@ -2019,10 +2507,10 @@
/*
* Check length sanity
*/
- if( ssl->in_msglen % ssl->transform_in->ivlen != 0 )
+ if( rec->data_len % transform->ivlen != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
- ssl->in_msglen, ssl->transform_in->ivlen ) );
+ rec->data_len, transform->ivlen ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
@@ -2030,67 +2518,84 @@
/*
* Initialize for prepended IV for block cipher in TLS v1.1 and up
*/
- if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+ if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
{
- unsigned char i;
- dec_msglen -= ssl->transform_in->ivlen;
- ssl->in_msglen -= ssl->transform_in->ivlen;
+ /* This is safe because data_len >= minlen + maclen + 1 initially,
+ * and at this point we have at most subtracted maclen (note that
+ * minlen == transform->ivlen here). */
+ memcpy( transform->iv_dec, data, transform->ivlen );
- for( i = 0; i < ssl->transform_in->ivlen; i++ )
- ssl->transform_in->iv_dec[i] = ssl->in_iv[i];
+ data += transform->ivlen;
+ rec->data_offset += transform->ivlen;
+ rec->data_len -= transform->ivlen;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
- if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec,
- ssl->transform_in->iv_dec,
- ssl->transform_in->ivlen,
- dec_msg, dec_msglen,
- dec_msg_result, &olen ) ) != 0 )
+ if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec,
+ transform->iv_dec, transform->ivlen,
+ data, rec->data_len, data, &olen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
return( ret );
}
- if( dec_msglen != olen )
+ if( rec->data_len != olen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
- if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
+ if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
{
/*
* Save IV in SSL3 and TLS1
*/
- memcpy( ssl->transform_in->iv_dec,
- ssl->transform_in->cipher_ctx_dec.iv,
- ssl->transform_in->ivlen );
+ memcpy( transform->iv_dec, transform->cipher_ctx_dec.iv,
+ transform->ivlen );
}
#endif
- padlen = 1 + ssl->in_msg[ssl->in_msglen - 1];
+ /* Safe since data_len >= minlen + maclen + 1, so after having
+ * subtracted at most minlen and maclen up to this point,
+ * data_len > 0. */
+ padlen = data[rec->data_len - 1];
- if( ssl->in_msglen < ssl->transform_in->maclen + padlen &&
- auth_done == 0 )
+ if( auth_done == 1 )
+ {
+ correct *= ( rec->data_len >= padlen + 1 );
+ padlen *= ( rec->data_len >= padlen + 1 );
+ }
+ else
{
#if defined(MBEDTLS_SSL_DEBUG_ALL)
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
- ssl->in_msglen, ssl->transform_in->maclen, padlen ) );
+ if( rec->data_len < transform->maclen + padlen + 1 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
+ rec->data_len,
+ transform->maclen,
+ padlen + 1 ) );
+ }
#endif
- padlen = 0;
- correct = 0;
+
+ correct *= ( rec->data_len >= transform->maclen + padlen + 1 );
+ padlen *= ( rec->data_len >= transform->maclen + padlen + 1 );
}
+ padlen++;
+
+ /* Regardless of the validity of the padding,
+ * we have data_len >= padlen here. */
+
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+ if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
- if( padlen > ssl->transform_in->ivlen )
+ if( padlen > transform->ivlen )
{
#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
- "should be no more than %d",
- padlen, ssl->transform_in->ivlen ) );
+ "should be no more than %d",
+ padlen, transform->ivlen ) );
#endif
correct = 0;
}
@@ -2099,40 +2604,31 @@
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
+ if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
{
- /*
- * TLSv1+: always check the padding up to the first failure
- * and fake check up to 256 bytes of padding
- */
- size_t pad_count = 0, real_count = 1;
- size_t padding_idx = ssl->in_msglen - padlen;
- size_t i;
+ /* The padding check involves a series of up to 256
+ * consecutive memory reads at the end of the record
+ * plaintext buffer. In order to hide the length and
+ * validity of the padding, always perform exactly
+ * `min(256,plaintext_len)` reads (but take into account
+ * only the last `padlen` bytes for the padding check). */
+ size_t pad_count = 0;
+ size_t real_count = 0;
+ volatile unsigned char* const check = data;
- /*
- * Padding is guaranteed to be incorrect if:
- * 1. padlen > ssl->in_msglen
- *
- * 2. padding_idx > MBEDTLS_SSL_IN_CONTENT_LEN +
- * ssl->transform_in->maclen
- *
- * In both cases we reset padding_idx to a safe value (0) to
- * prevent out-of-buffer reads.
- */
- correct &= ( padlen <= ssl->in_msglen );
- correct &= ( padding_idx <= MBEDTLS_SSL_IN_CONTENT_LEN +
- ssl->transform_in->maclen );
+ /* Index of first padding byte; it has been ensured above
+ * that the subtraction is safe. */
+ size_t const padding_idx = rec->data_len - padlen;
+ size_t const num_checks = rec->data_len <= 256 ? rec->data_len : 256;
+ size_t const start_idx = rec->data_len - num_checks;
+ size_t idx;
- padding_idx *= correct;
-
- for( i = 0; i < 256; i++ )
+ for( idx = start_idx; idx < rec->data_len; idx++ )
{
- real_count &= ( i < padlen );
- pad_count += real_count *
- ( ssl->in_msg[padding_idx + i] == padlen - 1 );
+ real_count |= ( idx >= padding_idx );
+ pad_count += real_count * ( check[idx] == padlen - 1 );
}
-
- correct &= ( pad_count == padlen ); /* Only 1 on correct padding */
+ correct &= ( pad_count == padlen );
#if defined(MBEDTLS_SSL_DEBUG_ALL)
if( padlen > 0 && correct == 0 )
@@ -2148,7 +2644,11 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- ssl->in_msglen -= padlen;
+ /* If the padding was found to be invalid, padlen == 0
+ * and the subtraction is safe. If the padding was found valid,
+ * padlen hasn't been changed and the previous assertion
+ * data_len >= padlen still holds. */
+ rec->data_len -= padlen;
}
else
#endif /* MBEDTLS_CIPHER_MODE_CBC &&
@@ -2160,37 +2660,49 @@
#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption",
- ssl->in_msg, ssl->in_msglen );
+ data, rec->data_len );
#endif
/*
* Authenticate if not done yet.
* Compute the MAC regardless of the padding result (RFC4346, CBCTIME).
*/
-#if defined(SSL_SOME_MODES_USE_MAC)
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
if( auth_done == 0 )
{
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
- ssl->in_msglen -= ssl->transform_in->maclen;
+ /* If the initial value of padlen was such that
+ * data_len < maclen + padlen + 1, then padlen
+ * got reset to 1, and the initial check
+ * data_len >= minlen + maclen + 1
+ * guarantees that at this point we still
+ * have at least data_len >= maclen.
+ *
+ * If the initial value of padlen was such that
+ * data_len >= maclen + padlen + 1, then we have
+ * subtracted either padlen + 1 (if the padding was correct)
+ * or 0 (if the padding was incorrect) since then,
+ * hence data_len >= maclen in any case.
+ */
+ rec->data_len -= transform->maclen;
- ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 );
- ssl->in_len[1] = (unsigned char)( ssl->in_msglen );
+ ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
#if defined(MBEDTLS_SSL_PROTO_SSL3)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+ if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
- ssl_mac( &ssl->transform_in->md_ctx_dec,
- ssl->transform_in->mac_dec,
- ssl->in_msg, ssl->in_msglen,
- ssl->in_ctr, ssl->in_msgtype,
- mac_expect );
+ ssl_mac( &transform->md_ctx_dec,
+ transform->mac_dec,
+ data, rec->data_len,
+ rec->ctr, rec->type,
+ mac_expect );
}
else
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
+ if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
{
/*
* Process MAC and always update for padlen afterwards to make
@@ -2220,6 +2732,7 @@
* linking an extra division function in some builds).
*/
size_t j, extra_run = 0;
+ unsigned char tmp[MBEDTLS_MD_MAX_BLOCK_SIZE];
/*
* The next two sizes are the minimum and maximum values of
@@ -2231,10 +2744,12 @@
* Note that max_len + maclen is never more than the buffer
* length, as we previously did in_msglen -= maclen too.
*/
- const size_t max_len = ssl->in_msglen + padlen;
+ const size_t max_len = rec->data_len + padlen;
const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0;
- switch( ssl->transform_in->ciphersuite_info->mac )
+ memset( tmp, 0, sizeof( tmp ) );
+
+ switch( mbedtls_md_get_type( transform->md_ctx_dec.md_info ) )
{
#if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \
defined(MBEDTLS_SHA256_C)
@@ -2242,15 +2757,17 @@
case MBEDTLS_MD_SHA1:
case MBEDTLS_MD_SHA256:
/* 8 bytes of message size, 64-byte compression blocks */
- extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 -
- ( 13 + ssl->in_msglen + 8 ) / 64;
+ extra_run =
+ ( add_data_len + rec->data_len + padlen + 8 ) / 64 -
+ ( add_data_len + rec->data_len + 8 ) / 64;
break;
#endif
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA384:
/* 16 bytes of message size, 128-byte compression blocks */
- extra_run = ( 13 + ssl->in_msglen + padlen + 16 ) / 128 -
- ( 13 + ssl->in_msglen + 16 ) / 128;
+ extra_run =
+ ( add_data_len + rec->data_len + padlen + 16 ) / 128 -
+ ( add_data_len + rec->data_len + 16 ) / 128;
break;
#endif
default:
@@ -2260,30 +2777,29 @@
extra_run &= correct * 0xFF;
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 8 );
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_hdr, 3 );
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 );
- mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg,
- ssl->in_msglen );
+ mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data,
+ add_data_len );
+ mbedtls_md_hmac_update( &transform->md_ctx_dec, data,
+ rec->data_len );
/* Make sure we access everything even when padlen > 0. This
* makes the synchronisation requirements for just-in-time
* Prime+Probe attacks much tighter and hopefully impractical. */
- ssl_read_memory( ssl->in_msg + ssl->in_msglen, padlen );
- mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect );
+ ssl_read_memory( data + rec->data_len, padlen );
+ mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect );
/* Call mbedtls_md_process at least once due to cache attacks
* that observe whether md_process() was called of not */
for( j = 0; j < extra_run + 1; j++ )
- mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg );
+ mbedtls_md_process( &transform->md_ctx_dec, tmp );
- mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec );
+ mbedtls_md_hmac_reset( &transform->md_ctx_dec );
/* Make sure we access all the memory that could contain the MAC,
* before we check it in the next code block. This makes the
* synchronisation requirements for just-in-time Prime+Probe
* attacks much tighter and hopefully impractical. */
- ssl_read_memory( ssl->in_msg + min_len,
- max_len - min_len + ssl->transform_in->maclen );
+ ssl_read_memory( data + min_len,
+ max_len - min_len + transform->maclen );
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
@@ -2294,13 +2810,12 @@
}
#if defined(MBEDTLS_SSL_DEBUG_ALL)
- MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, ssl->transform_in->maclen );
- MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_msg + ssl->in_msglen,
- ssl->transform_in->maclen );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, transform->maclen );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", data + rec->data_len, transform->maclen );
#endif
- if( mbedtls_ssl_safer_memcmp( ssl->in_msg + ssl->in_msglen, mac_expect,
- ssl->transform_in->maclen ) != 0 )
+ if( mbedtls_ssl_safer_memcmp( data + rec->data_len, mac_expect,
+ transform->maclen ) != 0 )
{
#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
@@ -2315,7 +2830,7 @@
*/
if( correct == 0 )
return( MBEDTLS_ERR_SSL_INVALID_MAC );
-#endif /* SSL_SOME_MODES_USE_MAC */
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
/* Make extra sure authentication was performed, exactly once */
if( auth_done != 1 )
@@ -2324,54 +2839,15 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- if( ssl->in_msglen == 0 )
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( rec->cid_len != 0 )
{
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3
- && ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
- {
- /* TLS v1.2 explicitly disallows zero-length messages which are not application data */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) );
+ ret = ssl_cid_parse_inner_plaintext( data, &rec->data_len,
+ &rec->type );
+ if( ret != 0 )
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
- }
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
- ssl->nb_zero++;
-
- /*
- * Three or more empty messages may be a DoS attack
- * (excessive CPU consumption).
- */
- if( ssl->nb_zero > 3 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
- "messages, possible DoS attack" ) );
- return( MBEDTLS_ERR_SSL_INVALID_MAC );
- }
}
- else
- ssl->nb_zero = 0;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- ; /* in_ctr read from peer, not maintained internally */
- }
- else
-#endif
- {
- unsigned char i;
- for( i = 8; i > ssl_ep_len( ssl ); i-- )
- if( ++ssl->in_ctr[i - 1] != 0 )
- break;
-
- /* The loop goes to its end iff the counter is wrapping */
- if( i == ssl_ep_len( ssl ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
- return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
- }
- }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
@@ -2549,7 +3025,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
uint32_t timeout;
@@ -2690,8 +3166,9 @@
ssl->in_left = ret;
}
- else
-#endif
+ MBEDTLS_SSL_TRANSPORT_ELSE
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_PROTO_TLS)
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
ssl->in_left, nb_want ) );
@@ -2738,6 +3215,7 @@
ssl->in_left += ret;
}
}
+#endif /* MBEDTLS_SSL_PROTO_TLS */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
@@ -2771,7 +3249,7 @@
while( ssl->out_left > 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
- mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
+ mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
buf = ssl->out_hdr - ssl->out_left;
ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left );
@@ -2793,15 +3271,17 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
ssl->out_hdr = ssl->out_buf;
}
- else
+ MBEDTLS_SSL_TRANSPORT_ELSE
#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS)
{
ssl->out_hdr = ssl->out_buf + 8;
}
+#endif
ssl_update_out_pointers( ssl, ssl->transform_out );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
@@ -3212,7 +3692,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
ssl->handshake != NULL &&
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
{
@@ -3255,7 +3735,7 @@
* uint24 fragment_length;
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
/* Make room for the additional DTLS fields */
if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 )
@@ -3297,7 +3777,7 @@
/* Either send now, or just save to be sent (and resent) later */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) )
{
@@ -3377,7 +3857,9 @@
unsigned i;
size_t protected_record_size;
- ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
+ /* Skip writing the record content type to after the encryption,
+ * as it may change when using the CID extension. */
+
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
ssl->conf->transport, ssl->out_hdr + 1 );
@@ -3387,23 +3869,53 @@
if( ssl->transform_out != NULL )
{
- if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 )
+ mbedtls_record rec;
+
+ rec.buf = ssl->out_iv;
+ rec.buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN -
+ ( ssl->out_iv - ssl->out_buf );
+ rec.data_len = ssl->out_msglen;
+ rec.data_offset = ssl->out_msg - rec.buf;
+
+ memcpy( &rec.ctr[0], ssl->out_ctr, 8 );
+ mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
+ ssl->conf->transport, rec.ver );
+ rec.type = ssl->out_msgtype;
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* The CID is set by mbedtls_ssl_encrypt_buf(). */
+ rec.cid_len = 0;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec,
+ ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
return( ret );
}
- len = ssl->out_msglen;
- ssl->out_len[0] = (unsigned char)( len >> 8 );
- ssl->out_len[1] = (unsigned char)( len );
+ if( rec.data_offset != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ /* Update the record content type and CID. */
+ ssl->out_msgtype = rec.type;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID )
+ memcpy( ssl->out_cid, rec.cid, rec.cid_len );
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ ssl->out_msglen = len = rec.data_len;
+ ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 );
+ ssl->out_len[1] = (unsigned char)( rec.data_len );
}
- protected_record_size = len + mbedtls_ssl_hdr_len( ssl );
+ protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
/* In case of DTLS, double-check that we don't exceed
* the remaining space in the datagram. */
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
ret = ssl_get_remaining_space_in_datagram( ssl );
if( ret < 0 )
@@ -3417,6 +3929,9 @@
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
+ /* Now write the potentially updated record content type. */
+ ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
+
MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
"version = [%d:%d], msglen = %d",
ssl->out_hdr[0], ssl->out_hdr[1],
@@ -3442,7 +3957,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
flush == SSL_DONT_FORCE_FLUSH )
{
size_t remaining;
@@ -3626,7 +4141,7 @@
ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
int ret;
unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
@@ -3690,14 +4205,18 @@
return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
}
}
- else
+ MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- /* With TLS we don't handle fragmentation (for now) */
- if( ssl->in_msglen < ssl->in_hslen )
+#if defined(MBEDTLS_SSL_PROTO_TLS)
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) );
- return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ /* With TLS we don't handle fragmentation (for now) */
+ if( ssl->in_msglen < ssl->in_hslen )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) );
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
}
+#endif /* MBEDTLS_SSL_PROTO_TLS */
return( 0 );
}
@@ -3713,7 +4232,7 @@
/* Handshake message is complete, increment counter */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
ssl->handshake != NULL )
{
unsigned offset;
@@ -4021,6 +4540,19 @@
}
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
+static int ssl_check_record_type( uint8_t record_type )
+{
+ if( record_type != MBEDTLS_SSL_MSG_HANDSHAKE &&
+ record_type != MBEDTLS_SSL_MSG_ALERT &&
+ record_type != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
+ record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA )
+ {
+ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ }
+
+ return( 0 );
+}
+
/*
* ContentType type;
* ProtocolVersion version;
@@ -4043,33 +4575,52 @@
static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
{
int major_ver, minor_ver;
+ int ret;
- MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) );
+ /* Parse and validate record content type and version */
ssl->in_msgtype = ssl->in_hdr[0];
- ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, ssl->in_hdr + 1 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
- "version = [%d:%d], msglen = %d",
- ssl->in_msgtype,
- major_ver, minor_ver, ssl->in_msglen ) );
-
/* Check record type */
- if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
- ssl->in_msgtype != MBEDTLS_SSL_MSG_ALERT &&
- ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
- ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
+ ssl->in_msgtype == MBEDTLS_SSL_MSG_CID &&
+ ssl->conf->cid_len != 0 )
+ {
+ /* Shift pointers to account for record header including CID
+ * struct {
+ * ContentType special_type = tls12_cid;
+ * ProtocolVersion version;
+ * uint16 epoch;
+ * uint48 sequence_number;
+ * opaque cid[cid_length]; // Additional field compared to
+ * // default DTLS record format
+ * uint16 length;
+ * opaque enc_content[DTLSCiphertext.length];
+ * } DTLSCiphertext;
+ */
+
+ /* So far, we only support static CID lengths
+ * fixed in the configuration. */
+ ssl->in_len = ssl->in_cid + ssl->conf->cid_len;
+ ssl->in_iv = ssl->in_msg = ssl->in_len + 2;
+ }
+ else
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ if( ssl_check_record_type( ssl->in_msgtype ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
+#if defined(MBEDTLS_SSL_PROTO_TLS)
/* Silently ignore invalid DTLS records as recommended by RFC 6347
- * Section 4.1.2.7 */
- if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
+ * Section 4.1.2.7, that is, send alert only with TLS */
+ if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
+ {
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS */
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
@@ -4087,7 +4638,24 @@
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
- /* Check length against the size of our buffer */
+ /* Now that the total length of the record header is known, ensure
+ * that the current datagram is large enough to hold it.
+ * This would fail, for example, if we received a datagram of
+ * size 13 + n Bytes where n is less than the size of incoming CIDs. */
+ ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
+ return( ret );
+ }
+ MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_in_hdr_len( ssl ) );
+
+ /* Parse and validate record length
+ * This must happen after the CID parsing because
+ * its position in the record header depends on
+ * the presence of a CID. */
+
+ ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
if( ssl->in_msglen > MBEDTLS_SSL_IN_BUFFER_LEN
- (size_t)( ssl->in_msg - ssl->in_buf ) )
{
@@ -4095,6 +4663,11 @@
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
+ "version = [%d:%d], msglen = %d",
+ ssl->in_msgtype,
+ major_ver, minor_ver, ssl->in_msglen ) );
+
/*
* DTLS-related tests.
* Check epoch before checking length constraint because
@@ -4108,7 +4681,7 @@
* record leads to the entire datagram being dropped.
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
@@ -4160,20 +4733,6 @@
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
}
#endif
-
- /* Drop unexpected ApplicationData records,
- * except at the beginning of renegotiations */
- if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
- ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
- ssl->state == MBEDTLS_SSL_SERVER_HELLO )
-#endif
- )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
- return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
- }
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
@@ -4230,7 +4789,7 @@
int ret, done = 0;
MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network",
- ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen );
+ ssl->in_hdr, mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen );
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_read != NULL )
@@ -4250,20 +4809,131 @@
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
if( !done && ssl->transform_in != NULL )
{
- if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
+ mbedtls_record rec;
+
+ rec.buf = ssl->in_iv;
+ rec.buf_len = MBEDTLS_SSL_IN_BUFFER_LEN
+ - ( ssl->in_iv - ssl->in_buf );
+ rec.data_len = ssl->in_msglen;
+ rec.data_offset = 0;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID )
+ rec.cid_len = (uint8_t)( ssl->in_len - ssl->in_cid );
+ memcpy( rec.cid, ssl->in_cid, rec.cid_len );
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ memcpy( &rec.ctr[0], ssl->in_ctr, 8 );
+ mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
+ ssl->conf->transport, rec.ver );
+ rec.type = ssl->in_msgtype;
+ if( ( ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in,
+ &rec ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID &&
+ ssl->conf->ignore_unexpected_cid
+ == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ignoring unexpected CID" ) );
+ ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
return( ret );
}
+ if( ssl->in_msgtype != rec.type )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "record type after decrypt (before %d): %d",
+ ssl->in_msgtype, rec.type ) );
+ }
+
+ /* The record content type may change during decryption,
+ * so re-read it. */
+ ssl->in_msgtype = rec.type;
+ /* Also update the input buffer, because unfortunately
+ * the server-side ssl_parse_client_hello() reparses the
+ * record header when receiving a ClientHello initiating
+ * a renegotiation. */
+ ssl->in_hdr[0] = rec.type;
+ ssl->in_msg = rec.buf + rec.data_offset;
+ ssl->in_msglen = rec.data_len;
+ ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 );
+ ssl->in_len[1] = (unsigned char)( rec.data_len );
+
MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt",
ssl->in_msg, ssl->in_msglen );
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* We have already checked the record content type
+ * in ssl_parse_record_header(), failing or silently
+ * dropping the record in the case of an unknown type.
+ *
+ * Since with the use of CIDs, the record content type
+ * might change during decryption, re-check the record
+ * content type, but treat a failure as fatal this time. */
+ if( ssl_check_record_type( ssl->in_msgtype ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
+ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
+ else if( ssl->in_msglen == 0 )
+ {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3
+ && ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
+ {
+ /* TLS v1.2 explicitly disallows zero-length messages which are not application data */
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) );
+ return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+ ssl->nb_zero++;
+
+ /*
+ * Three or more empty messages may be a DoS attack
+ * (excessive CPU consumption).
+ */
+ if( ssl->nb_zero > 3 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
+ "messages, possible DoS attack" ) );
+ /* Treat the records as if they were not properly authenticated,
+ * thereby failing the connection if we see more than allowed
+ * by the configured bad MAC threshold. */
+ return( MBEDTLS_ERR_SSL_INVALID_MAC );
+ }
+ }
+ else
+ ssl->nb_zero = 0;
+
+ /* Only needed for TLS, as with DTLS in_ctr is read from the header */
+#if defined(MBEDTLS_SSL_PROTO_TLS)
+ if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
+ {
+ unsigned i;
+ for( i = 8; i > 0; i-- )
+ if( ++ssl->in_ctr[i - 1] != 0 )
+ break;
+
+ /* The loop goes to its end only if the counter is wrapping around */
+ if( i == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
+ return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+ }
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS */
+
}
#if defined(MBEDTLS_ZLIB_SUPPORT)
@@ -4279,7 +4949,7 @@
#endif /* MBEDTLS_ZLIB_SUPPORT */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
mbedtls_ssl_dtls_replay_update( ssl );
}
@@ -4325,7 +4995,7 @@
/* We only check for buffered messages if the
* current datagram is fully consumed. */
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
ssl_next_record_is_in_datagram( ssl ) == 0 )
{
if( ssl_load_buffered_message( ssl ) == 0 )
@@ -4848,7 +5518,7 @@
size_t rec_len;
unsigned rec_epoch;
- if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
return( 0 );
if( hs == NULL )
@@ -4968,7 +5638,16 @@
return( ret );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 )
+ /* Reset in pointers to default state for TLS/DTLS records,
+ * assuming no CID and no offset between record content and
+ * record plaintext. */
+ ssl_update_in_pointers( ssl );
+
+ /* Ensure that we have enough space available for the default form
+ * of TLS / DTLS record headers (5 Bytes for TLS, 13 Bytes for DTLS,
+ * with no space for CIDs counted in). */
+ ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) );
+ if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
@@ -4977,7 +5656,7 @@
if( ( ret = ssl_parse_record_header( ssl ) ) != 0 )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
ret != MBEDTLS_ERR_SSL_CLIENT_RECONNECT )
{
if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
@@ -4994,7 +5673,7 @@
{
/* Skip unexpected record (but not whole datagram) */
ssl->next_record_offset = ssl->in_msglen
- + mbedtls_ssl_hdr_len( ssl );
+ + mbedtls_ssl_in_hdr_len( ssl );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record "
"(header)" ) );
@@ -5020,7 +5699,7 @@
* Read and optionally decrypt the message contents
*/
if( ( ret = mbedtls_ssl_fetch_input( ssl,
- mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
+ mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
@@ -5028,26 +5707,29 @@
/* Done reading this record, get ready for the next one */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
- ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl );
+ ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl );
if( ssl->next_record_offset < ssl->in_left )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) );
}
}
- else
+ MBEDTLS_SSL_TRANSPORT_ELSE
#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS)
+ {
ssl->in_left = 0;
+ }
+#endif
if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
/* Silently discard invalid records */
- if( ret == MBEDTLS_ERR_SSL_INVALID_RECORD ||
- ret == MBEDTLS_ERR_SSL_INVALID_MAC )
+ if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
{
/* Except when waiting for Finished as a bad mac here
* probably means something went wrong in the handshake
@@ -5087,8 +5769,9 @@
return( ret );
}
- else
-#endif
+ MBEDTLS_SSL_TRANSPORT_ELSE
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_PROTO_TLS)
{
/* Error out (and send alert) on invalid records */
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
@@ -5101,6 +5784,7 @@
#endif
return( ret );
}
+#endif /* MBEDTLS_SSL_PROTO_TLS */
}
return( 0 );
@@ -5138,7 +5822,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
{
@@ -5213,13 +5897,29 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->handshake != NULL &&
- ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
- ssl_handshake_wrapup_free_hs_transform( ssl );
- }
+ /* Drop unexpected ApplicationData records,
+ * except at the beginning of renegotiations */
+ if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
+ ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+ ssl->state == MBEDTLS_SSL_SERVER_HELLO )
#endif
+ )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
+ return( MBEDTLS_ERR_SSL_NON_FATAL );
+ }
+
+ if( ssl->handshake != NULL &&
+ ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+ {
+ ssl_handshake_wrapup_free_hs_transform( ssl );
+ }
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
return( 0 );
}
@@ -5278,7 +5978,7 @@
/* No certificate support -> dummy functions */
int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
{
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
@@ -5298,7 +5998,7 @@
int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
{
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
@@ -5324,7 +6024,7 @@
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
size_t i, n;
const mbedtls_x509_crt *crt;
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
@@ -5435,6 +6135,23 @@
return( ret );
}
+#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
+static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
+ unsigned char *crt_buf,
+ size_t crt_buf_len )
+{
+ mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert;
+
+ if( peer_crt == NULL )
+ return( -1 );
+
+ if( peer_crt->raw.len != crt_buf_len )
+ return( -1 );
+
+ return( memcmp( peer_crt->raw.p, crt_buf, crt_buf_len ) );
+}
+#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
+
/*
* Once the certificate message is read, parse it into a cert chain and
* perform basic checks, but leave actual verification to the caller
@@ -5525,43 +6242,40 @@
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
+ /* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */
+ i += 3;
+
/* In case we tried to reuse a session but it failed */
if( ssl->session_negotiate->peer_cert != NULL )
{
mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert );
mbedtls_free( ssl->session_negotiate->peer_cert );
+ ssl->session_negotiate->peer_cert = NULL;
}
- if( ( ssl->session_negotiate->peer_cert = mbedtls_calloc( 1,
- sizeof( mbedtls_x509_crt ) ) ) == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
- sizeof( mbedtls_x509_crt ) ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
- }
-
- mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
-
- i += 3;
-
+ /* Iterate through and parse the CRTs in the provided chain. */
while( i < ssl->in_hslen )
{
+ /* Check that there's room for the next CRT's length fields. */
if ( i + 3 > ssl->in_hslen ) {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
+ /* In theory, the CRT can be up to 2**24 Bytes, but we don't support
+ * anything beyond 2**16 ~ 64K. */
if( ssl->in_msg[i] != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
+ /* Read length of the next CRT in the chain. */
n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
| (unsigned int) ssl->in_msg[i + 2];
i += 3;
@@ -5569,72 +6283,101 @@
if( n < 128 || i + n > ssl->in_hslen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
+ /* Check if we're handling the first CRT in the chain. */
+ if( ssl->session_negotiate->peer_cert == NULL )
+ {
+ /* During client-side renegotiation, check that the server's
+ * end-CRTs hasn't changed compared to the initial handshake,
+ * mitigating the triple handshake attack. On success, reuse
+ * the original end-CRT instead of parsing it again. */
+#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+ ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Check that peer CRT hasn't changed during renegotiation" ) );
+ if( ssl_check_peer_crt_unchanged( ssl,
+ &ssl->in_msg[i],
+ n ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) );
+ mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
+ return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+ }
+
+ /* Move CRT chain structure to new session instance. */
+ ssl->session_negotiate->peer_cert = ssl->session->peer_cert;
+ ssl->session->peer_cert = NULL;
+
+ /* Delete all remaining CRTs from the original CRT chain. */
+ mbedtls_x509_crt_free(
+ ssl->session_negotiate->peer_cert->next );
+ mbedtls_free( ssl->session_negotiate->peer_cert->next );
+ ssl->session_negotiate->peer_cert->next = NULL;
+
+ i += n;
+ continue;
+ }
+#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
+
+ /* Outside of client-side renegotiation, create a fresh X.509 CRT
+ * instance to parse the end-CRT into. */
+
+ ssl->session_negotiate->peer_cert =
+ mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
+ if( ssl->session_negotiate->peer_cert == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
+ sizeof( mbedtls_x509_crt ) ) );
+ mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ }
+
+ mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
+
+ /* Intentional fall through */
+ }
+
+ /* Parse the next certificate in the chain. */
ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert,
- ssl->in_msg + i, n );
+ ssl->in_msg + i, n );
switch( ret )
{
- case 0: /*ok*/
- case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
- /* Ignore certificate with an unknown algorithm: maybe a
- prior certificate was already trusted. */
- break;
+ case 0: /*ok*/
+ case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
+ /* Ignore certificate with an unknown algorithm: maybe a
+ prior certificate was already trusted. */
+ break;
- case MBEDTLS_ERR_X509_ALLOC_FAILED:
- alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR;
- goto crt_parse_der_failed;
+ case MBEDTLS_ERR_X509_ALLOC_FAILED:
+ alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR;
+ goto crt_parse_der_failed;
- case MBEDTLS_ERR_X509_UNKNOWN_VERSION:
- alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
- goto crt_parse_der_failed;
+ case MBEDTLS_ERR_X509_UNKNOWN_VERSION:
+ alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
+ goto crt_parse_der_failed;
- default:
- alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
- crt_parse_der_failed:
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert );
- MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
- return( ret );
+ default:
+ alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
+ crt_parse_der_failed:
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert );
+ MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
+ return( ret );
}
i += n;
}
MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert );
-
- /*
- * On client, make sure the server cert doesn't change during renego to
- * avoid "triple handshake" attack: https://secure-resumption.com/
- */
-#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
- ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
- {
- if( ssl->session->peer_cert == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
- }
-
- if( ssl->session->peer_cert->raw.len !=
- ssl->session_negotiate->peer_cert->raw.len ||
- memcmp( ssl->session->peer_cert->raw.p,
- ssl->session_negotiate->peer_cert->raw.p,
- ssl->session->peer_cert->raw.len ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "server cert changed during renegotiation" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
- return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
- }
- }
-#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
-
return( 0 );
}
@@ -5642,7 +6385,7 @@
{
int ret;
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
- ssl->transform_negotiate->ciphersuite_info;
+ ssl->handshake->ciphersuite_info;
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET
? ssl->handshake->sni_authmode
@@ -5927,7 +6670,7 @@
ssl->session_in = ssl->session_negotiate;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
ssl_dtls_replay_reset( ssl );
@@ -5942,11 +6685,15 @@
return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
}
}
- else
+ MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- memset( ssl->in_ctr, 0, 8 );
+#if defined(MBEDTLS_SSL_PROTO_TLS)
+ {
+ memset( ssl->in_ctr, 0, 8 );
+ }
+#endif
- ssl_update_in_pointers( ssl, ssl->transform_negotiate );
+ ssl_update_in_pointers( ssl );
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_activate != NULL )
@@ -6372,7 +7119,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
ssl->handshake->flight != NULL )
{
/* Cancel handshake timer */
@@ -6443,7 +7190,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
unsigned char i;
@@ -6466,9 +7213,13 @@
return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
}
}
- else
+ MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */
- memset( ssl->cur_out_ctr, 0, 8 );
+#if defined(MBEDTLS_SSL_PROTO_TLS)
+ {
+ memset( ssl->cur_out_ctr, 0, 8 );
+ }
+#endif
ssl->transform_out = ssl->transform_negotiate;
ssl->session_out = ssl->session_negotiate;
@@ -6485,7 +7236,7 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
mbedtls_ssl_send_flight_completed( ssl );
#endif
@@ -6496,7 +7247,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
@@ -6585,7 +7336,7 @@
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
mbedtls_ssl_recv_flight_completed( ssl );
#endif
@@ -6646,15 +7397,17 @@
#endif
}
-static void ssl_transform_init( mbedtls_ssl_transform *transform )
+void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform )
{
memset( transform, 0, sizeof(mbedtls_ssl_transform) );
mbedtls_cipher_init( &transform->cipher_ctx_enc );
mbedtls_cipher_init( &transform->cipher_ctx_dec );
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
mbedtls_md_init( &transform->md_ctx_enc );
mbedtls_md_init( &transform->md_ctx_dec );
+#endif
}
void mbedtls_ssl_session_init( mbedtls_ssl_session *session )
@@ -6711,11 +7464,11 @@
/* Initialize structures */
mbedtls_ssl_session_init( ssl->session_negotiate );
- ssl_transform_init( ssl->transform_negotiate );
+ mbedtls_ssl_transform_init( ssl->transform_negotiate );
ssl_handshake_params_init( ssl->handshake );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
ssl->handshake->alt_transform_out = ssl->transform_out;
@@ -6772,19 +7525,31 @@
mbedtls_ssl_transform *transform )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
ssl->out_ctr = ssl->out_hdr + 3;
- ssl->out_len = ssl->out_hdr + 11;
- ssl->out_iv = ssl->out_hdr + 13;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ssl->out_cid = ssl->out_ctr + 8;
+ ssl->out_len = ssl->out_cid;
+ if( transform != NULL )
+ ssl->out_len += transform->out_cid_len;
+#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ ssl->out_len = ssl->out_ctr + 8;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ ssl->out_iv = ssl->out_len + 2;
}
- else
-#endif
+ MBEDTLS_SSL_TRANSPORT_ELSE
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_PROTO_TLS)
{
ssl->out_ctr = ssl->out_hdr - 8;
ssl->out_len = ssl->out_hdr + 3;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ssl->out_cid = ssl->out_len;
+#endif
ssl->out_iv = ssl->out_hdr + 5;
}
+#endif /* MBEDTLS_SSL_PROTO_TLS */
/* Adjust out_msg to make space for explicit IV, if used. */
if( transform != NULL &&
@@ -6804,32 +7569,49 @@
* and the caller has to make sure there's space for this.
*/
-static void ssl_update_in_pointers( mbedtls_ssl_context *ssl,
- mbedtls_ssl_transform *transform )
+static void ssl_update_in_pointers( mbedtls_ssl_context *ssl )
{
+ /* This function sets the pointers to match the case
+ * of unprotected TLS/DTLS records, with both ssl->in_iv
+ * and ssl->in_msg pointing to the beginning of the record
+ * content.
+ *
+ * When decrypting a protected record, ssl->in_msg
+ * will be shifted to point to the beginning of the
+ * record plaintext.
+ */
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
+ /* This sets the header pointers to match records
+ * without CID. When we receive a record containing
+ * a CID, the fields are shifted accordingly in
+ * ssl_parse_record_header(). */
ssl->in_ctr = ssl->in_hdr + 3;
- ssl->in_len = ssl->in_hdr + 11;
- ssl->in_iv = ssl->in_hdr + 13;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ssl->in_cid = ssl->in_ctr + 8;
+ ssl->in_len = ssl->in_cid; /* Default: no CID */
+#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ ssl->in_len = ssl->in_ctr + 8;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ ssl->in_iv = ssl->in_len + 2;
}
- else
-#endif
+ MBEDTLS_SSL_TRANSPORT_ELSE
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_PROTO_TLS)
{
ssl->in_ctr = ssl->in_hdr - 8;
ssl->in_len = ssl->in_hdr + 3;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ssl->in_cid = ssl->in_len;
+#endif
ssl->in_iv = ssl->in_hdr + 5;
}
+#endif /* MBEDTLS_SSL_PROTO_TLS */
- /* Offset in_msg from in_iv to allow space for explicit IV, if used. */
- if( transform != NULL &&
- ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
- {
- ssl->in_msg = ssl->in_iv + transform->ivlen - transform->fixed_ivlen;
- }
- else
- ssl->in_msg = ssl->in_iv;
+ /* This will be adjusted at record decryption time. */
+ ssl->in_msg = ssl->in_iv;
}
/*
@@ -6848,21 +7630,23 @@
{
/* Set the incoming and outgoing record pointers. */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
ssl->out_hdr = ssl->out_buf;
ssl->in_hdr = ssl->in_buf;
}
- else
+ MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_PROTO_TLS)
{
ssl->out_hdr = ssl->out_buf + 8;
ssl->in_hdr = ssl->in_buf + 8;
}
+#endif /* MBEDTLS_SSL_PROTO_TLS */
/* Derive other internal pointers. */
ssl_update_out_pointers( ssl, NULL /* no transform enabled */ );
- ssl_update_in_pointers ( ssl, NULL /* no transform enabled */ );
+ ssl_update_in_pointers ( ssl );
}
int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
@@ -7629,6 +8413,12 @@
{
conf->extended_ms = ems;
}
+
+void mbedtls_ssl_conf_extended_master_secret_enforce( mbedtls_ssl_config *conf,
+ char ems_enf )
+{
+ conf->enforce_extended_master_secret = ems_enf;
+}
#endif
#if defined(MBEDTLS_ARC4_C)
@@ -7784,7 +8574,7 @@
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
ssl->in_left > ssl->next_record_offset )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records within current datagram" ) );
@@ -7843,7 +8633,7 @@
const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
switch( ssl->minor_ver )
{
@@ -7884,8 +8674,10 @@
const mbedtls_ssl_transform *transform = ssl->transform_out;
unsigned block_size;
+ size_t out_hdr_len = mbedtls_ssl_out_hdr_len( ssl );
+
if( transform == NULL )
- return( (int) mbedtls_ssl_hdr_len( ssl ) );
+ return( (int) out_hdr_len );
#if defined(MBEDTLS_ZLIB_SUPPORT)
if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
@@ -7928,7 +8720,12 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) );
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( transform->out_cid_len != 0 )
+ transform_expansion += MBEDTLS_SSL_MAX_CID_EXPANSION;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ return( (int)( out_hdr_len + transform_expansion ) );
}
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -8049,6 +8846,493 @@
}
#endif /* MBEDTLS_SSL_CLI_C */
+const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl )
+{
+ if( ssl == NULL )
+ return( NULL );
+
+ return( ssl->session );
+}
+
+/*
+ * Define ticket header determining Mbed TLS version
+ * and structure of the ticket.
+ */
+
+/*
+ * Define bitflag determining compile-time settings influencing
+ * structure of serialized SSL sessions.
+ */
+
+#if defined(MBEDTLS_HAVE_TIME)
+#define SSL_SERIALIZED_SESSION_CONFIG_TIME 1
+#else
+#define SSL_SERIALIZED_SESSION_CONFIG_TIME 0
+#endif /* MBEDTLS_HAVE_TIME */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#define SSL_SERIALIZED_SESSION_CONFIG_CRT 1
+#else
+#define SSL_SERIALIZED_SESSION_CONFIG_CRT 0
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET 1
+#else
+#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET 0
+#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SESSION_TICKETS */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+#define SSL_SERIALIZED_SESSION_CONFIG_MFL 1
+#else
+#define SSL_SERIALIZED_SESSION_CONFIG_MFL 0
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+#define SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC 1
+#else
+#define SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC 0
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#define SSL_SERIALIZED_SESSION_CONFIG_ETM 1
+#else
+#define SSL_SERIALIZED_SESSION_CONFIG_ETM 0
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#define SSL_SERIALIZED_SESSION_CONFIG_TICKET 1
+#else
+#define SSL_SERIALIZED_SESSION_CONFIG_TICKET 0
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+#define SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT 0
+#define SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT 1
+#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT 2
+#define SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT 3
+#define SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC_BIT 4
+#define SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT 5
+#define SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT 6
+
+#define SSL_SERIALIZED_SESSION_CONFIG_BITFLAG \
+ ( (uint16_t) ( \
+ ( SSL_SERIALIZED_SESSION_CONFIG_TIME << SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT ) | \
+ ( SSL_SERIALIZED_SESSION_CONFIG_CRT << SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT ) | \
+ ( SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET << SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT ) | \
+ ( SSL_SERIALIZED_SESSION_CONFIG_MFL << SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT ) | \
+ ( SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC << SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC_BIT ) | \
+ ( SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT ) | \
+ ( SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT ) ) )
+
+static unsigned char ssl_serialized_session_header[] = {
+ MBEDTLS_VERSION_MAJOR,
+ MBEDTLS_VERSION_MINOR,
+ MBEDTLS_VERSION_PATCH,
+ ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 8 ) & 0xFF,
+ ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 0 ) & 0xFF,
+};
+
+/*
+ * Serialize a session in the following format:
+ * (in the presentation language of TLS, RFC 8446 section 3)
+ *
+ * opaque mbedtls_version[3]; // major, minor, patch
+ * opaque session_format[2]; // version-specific 16-bit field determining
+ * // the format of the remaining
+ * // serialized data.
+ *
+ * Note: When updating the format, remember to keep
+ * these version+format bytes.
+ *
+ * // In this version, `session_format` determines
+ * // the setting of those compile-time
+ * // configuration options which influence
+ * // the structure of mbedtls_ssl_session.
+ * uint64 start_time;
+ * uint8 ciphersuite[2]; // defined by the standard
+ * uint8 compression; // 0 or 1
+ * uint8 session_id_len; // at most 32
+ * opaque session_id[32];
+ * opaque master[48]; // fixed length in the standard
+ * uint32 verify_result;
+ * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert
+ * opaque ticket<0..2^24-1>; // length 0 means no ticket
+ * uint32 ticket_lifetime;
+ * uint8 mfl_code; // up to 255 according to standard
+ * uint8 trunc_hmac; // 0 or 1
+ * uint8 encrypt_then_mac; // 0 or 1
+ *
+ * The order is the same as in the definition of the structure, except
+ * verify_result is put before peer_cert so that all mandatory fields come
+ * together in one block.
+ */
+int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
+ unsigned char *buf,
+ size_t buf_len,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+ size_t used = 0;
+#if defined(MBEDTLS_HAVE_TIME)
+ uint64_t start;
+#endif
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ size_t cert_len;
+#endif
+
+ /*
+ * Add version identifier
+ */
+
+ used += sizeof( ssl_serialized_session_header );
+
+ if( used <= buf_len )
+ {
+ memcpy( p, ssl_serialized_session_header,
+ sizeof( ssl_serialized_session_header ) );
+ p += sizeof( ssl_serialized_session_header );
+ }
+
+ /*
+ * Time
+ */
+#if defined(MBEDTLS_HAVE_TIME)
+ used += 8;
+
+ if( used <= buf_len )
+ {
+ start = (uint64_t) session->start;
+
+ *p++ = (unsigned char)( ( start >> 56 ) & 0xFF );
+ *p++ = (unsigned char)( ( start >> 48 ) & 0xFF );
+ *p++ = (unsigned char)( ( start >> 40 ) & 0xFF );
+ *p++ = (unsigned char)( ( start >> 32 ) & 0xFF );
+ *p++ = (unsigned char)( ( start >> 24 ) & 0xFF );
+ *p++ = (unsigned char)( ( start >> 16 ) & 0xFF );
+ *p++ = (unsigned char)( ( start >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( start ) & 0xFF );
+ }
+#endif /* MBEDTLS_HAVE_TIME */
+
+ /*
+ * Basic mandatory fields
+ */
+ used += 2 /* ciphersuite */
+ + 1 /* compression */
+ + 1 /* id_len */
+ + sizeof( session->id )
+ + sizeof( session->master )
+ + 4; /* verify_result */
+
+ if( used <= buf_len )
+ {
+ *p++ = (unsigned char)( ( session->ciphersuite >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( session->ciphersuite ) & 0xFF );
+
+ *p++ = (unsigned char)( session->compression & 0xFF );
+
+ *p++ = (unsigned char)( session->id_len & 0xFF );
+ memcpy( p, session->id, 32 );
+ p += 32;
+
+ memcpy( p, session->master, 48 );
+ p += 48;
+
+ *p++ = (unsigned char)( ( session->verify_result >> 24 ) & 0xFF );
+ *p++ = (unsigned char)( ( session->verify_result >> 16 ) & 0xFF );
+ *p++ = (unsigned char)( ( session->verify_result >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( session->verify_result ) & 0xFF );
+ }
+
+ /*
+ * Peer's end-entity certificate
+ */
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if( session->peer_cert == NULL )
+ cert_len = 0;
+ else
+ cert_len = session->peer_cert->raw.len;
+
+ used += 3 + cert_len;
+
+ if( used <= buf_len )
+ {
+ *p++ = (unsigned char)( ( cert_len >> 16 ) & 0xFF );
+ *p++ = (unsigned char)( ( cert_len >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( cert_len ) & 0xFF );
+
+ if( session->peer_cert != NULL )
+ {
+ memcpy( p, session->peer_cert->raw.p, cert_len );
+ p += cert_len;
+ }
+ }
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+ /*
+ * Session ticket if any, plus associated data
+ */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+ used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */
+
+ if( used <= buf_len )
+ {
+ *p++ = (unsigned char)( ( session->ticket_len >> 16 ) & 0xFF );
+ *p++ = (unsigned char)( ( session->ticket_len >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( session->ticket_len ) & 0xFF );
+
+ if( session->ticket != NULL )
+ {
+ memcpy( p, session->ticket, session->ticket_len );
+ p += session->ticket_len;
+ }
+
+ *p++ = (unsigned char)( ( session->ticket_lifetime >> 24 ) & 0xFF );
+ *p++ = (unsigned char)( ( session->ticket_lifetime >> 16 ) & 0xFF );
+ *p++ = (unsigned char)( ( session->ticket_lifetime >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( session->ticket_lifetime ) & 0xFF );
+ }
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+ /*
+ * Misc extension-related info
+ */
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ used += 1;
+
+ if( used <= buf_len )
+ *p++ = session->mfl_code;
+#endif
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+ used += 1;
+
+ if( used <= buf_len )
+ *p++ = (unsigned char)( ( session->trunc_hmac ) & 0xFF );
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ used += 1;
+
+ if( used <= buf_len )
+ *p++ = (unsigned char)( ( session->encrypt_then_mac ) & 0xFF );
+#endif
+
+ /* Done */
+ *olen = used;
+
+ if( used > buf_len )
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+ return( 0 );
+}
+
+/*
+ * Unserialize session, see mbedtls_ssl_session_save() for format.
+ *
+ * This internal version is wrapped by a public function that cleans up in
+ * case of error.
+ */
+static int ssl_session_load( mbedtls_ssl_session *session,
+ const unsigned char *buf,
+ size_t len )
+{
+ const unsigned char *p = buf;
+ const unsigned char * const end = buf + len;
+#if defined(MBEDTLS_HAVE_TIME)
+ uint64_t start;
+#endif
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ size_t cert_len;
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+ /*
+ * Check version identifier
+ */
+
+ if( (size_t)( end - p ) < sizeof( ssl_serialized_session_header ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ if( memcmp( p, ssl_serialized_session_header,
+ sizeof( ssl_serialized_session_header ) ) != 0 )
+ {
+ return( MBEDTLS_ERR_SSL_VERSION_MISMATCH );
+ }
+ p += sizeof( ssl_serialized_session_header );
+
+ /*
+ * Time
+ */
+#if defined(MBEDTLS_HAVE_TIME)
+ if( 8 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ start = ( (uint64_t) p[0] << 56 ) |
+ ( (uint64_t) p[1] << 48 ) |
+ ( (uint64_t) p[2] << 40 ) |
+ ( (uint64_t) p[3] << 32 ) |
+ ( (uint64_t) p[4] << 24 ) |
+ ( (uint64_t) p[5] << 16 ) |
+ ( (uint64_t) p[6] << 8 ) |
+ ( (uint64_t) p[7] );
+ p += 8;
+
+ session->start = (time_t) start;
+#endif /* MBEDTLS_HAVE_TIME */
+
+ /*
+ * Basic mandatory fields
+ */
+ if( 2 + 1 + 1 + 32 + 48 + 4 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session->ciphersuite = ( p[0] << 8 ) | p[1];
+ p += 2;
+
+ session->compression = *p++;
+
+ session->id_len = *p++;
+ memcpy( session->id, p, 32 );
+ p += 32;
+
+ memcpy( session->master, p, 48 );
+ p += 48;
+
+ session->verify_result = ( (uint32_t) p[0] << 24 ) |
+ ( (uint32_t) p[1] << 16 ) |
+ ( (uint32_t) p[2] << 8 ) |
+ ( (uint32_t) p[3] );
+ p += 4;
+
+ /* Immediately clear invalid pointer values that have been read, in case
+ * we exit early before we replaced them with valid ones. */
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ session->peer_cert = NULL;
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+ session->ticket = NULL;
+#endif
+
+ /*
+ * Peer certificate
+ */
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if( 3 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
+ p += 3;
+
+ if( cert_len == 0 )
+ {
+ session->peer_cert = NULL;
+ }
+ else
+ {
+ int ret;
+
+ if( cert_len > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
+
+ if( session->peer_cert == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+ mbedtls_x509_crt_init( session->peer_cert );
+
+ if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert,
+ p, cert_len ) ) != 0 )
+ {
+ mbedtls_x509_crt_free( session->peer_cert );
+ mbedtls_free( session->peer_cert );
+ session->peer_cert = NULL;
+ return( ret );
+ }
+
+ p += cert_len;
+ }
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+ /*
+ * Session ticket and associated data
+ */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+ if( 3 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session->ticket_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
+ p += 3;
+
+ if( session->ticket_len != 0 )
+ {
+ if( session->ticket_len > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session->ticket = mbedtls_calloc( 1, session->ticket_len );
+ if( session->ticket == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+ memcpy( session->ticket, p, session->ticket_len );
+ p += session->ticket_len;
+ }
+
+ if( 4 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session->ticket_lifetime = ( (uint32_t) p[0] << 24 ) |
+ ( (uint32_t) p[1] << 16 ) |
+ ( (uint32_t) p[2] << 8 ) |
+ ( (uint32_t) p[3] );
+ p += 4;
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+ /*
+ * Misc extension-related info
+ */
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ if( 1 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session->mfl_code = *p++;
+#endif
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+ if( 1 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session->trunc_hmac = *p++;
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ if( 1 > (size_t)( end - p ) )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ session->encrypt_then_mac = *p++;
+#endif
+
+ /* Done, should have consumed entire buffer */
+ if( p != end )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ return( 0 );
+}
+
+/*
+ * Unserialize session: public wrapper for error cleaning
+ */
+int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
+ const unsigned char *buf,
+ size_t len )
+{
+ int ret = ssl_session_load( session, buf, len );
+
+ if( ret != 0 )
+ mbedtls_ssl_session_free( session );
+
+ return( ret );
+}
+
/*
* Perform a single step of the SSL handshake
*/
@@ -8144,7 +9428,7 @@
/* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and
* the ServerHello will have message_seq = 1" */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
{
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
@@ -8270,7 +9554,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
return( ret );
@@ -8371,7 +9655,7 @@
/* With DTLS, drop the packet (probably from last handshake) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
continue;
}
@@ -8388,7 +9672,7 @@
/* With DTLS, drop the packet (probably from last handshake) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
continue;
}
@@ -8410,7 +9694,7 @@
/* DTLS clients need to know renego is server-initiated */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
@@ -8587,16 +9871,20 @@
if( len > max_len )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
"maximum fragment length: %d > %d",
len, max_len ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- else
+ MBEDTLS_SSL_TRANSPORT_ELSE
#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS)
+ {
len = max_len;
+ }
+#endif
}
if( ssl->out_left != 0 )
@@ -8756,8 +10044,10 @@
mbedtls_cipher_free( &transform->cipher_ctx_enc );
mbedtls_cipher_free( &transform->cipher_ctx_dec );
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
mbedtls_md_free( &transform->md_ctx_enc );
mbedtls_md_free( &transform->md_ctx_dec );
+#endif
mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
}
@@ -9008,6 +10298,10 @@
void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
{
memset( conf, 0, sizeof( mbedtls_ssl_config ) );
+
+#if !defined(MBEDTLS_SSL_PROTO_TLS)
+ conf->transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
+#endif
}
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
@@ -9087,6 +10381,8 @@
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
+ conf->enforce_extended_master_secret =
+ MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED;
#endif
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
@@ -9183,7 +10479,7 @@
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) )
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
#endif
@@ -9556,8 +10852,12 @@
void mbedtls_ssl_write_version( int major, int minor, int transport,
unsigned char ver[2] )
{
+#if !defined(MBEDTLS_SSL_TRANSPORT__BOTH)
+ ((void) transport);
+#endif
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) )
{
if( minor == MBEDTLS_SSL_MINOR_VERSION_2 )
--minor; /* DTLS 1.0 stored as TLS 1.1 internally */
@@ -9565,21 +10865,25 @@
ver[0] = (unsigned char)( 255 - ( major - 2 ) );
ver[1] = (unsigned char)( 255 - ( minor - 1 ) );
}
- else
-#else
- ((void) transport);
+ MBEDTLS_SSL_TRANSPORT_ELSE
#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS)
{
ver[0] = (unsigned char) major;
ver[1] = (unsigned char) minor;
}
+#endif
}
void mbedtls_ssl_read_version( int *major, int *minor, int transport,
const unsigned char ver[2] )
{
+#if !defined(MBEDTLS_SSL_TRANSPORT__BOTH)
+ ((void) transport);
+#endif
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) )
{
*major = 255 - ver[0] + 2;
*minor = 255 - ver[1] + 1;
@@ -9587,14 +10891,14 @@
if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 )
++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */
}
- else
-#else
- ((void) transport);
-#endif
+ MBEDTLS_SSL_TRANSPORT_ELSE
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_PROTO_TLS)
{
*major = ver[0];
*minor = ver[1];
}
+#endif /* MBEDTLS_SSL_PROTO_TLS */
}
int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
diff --git a/library/version_features.c b/library/version_features.c
index 24143d0..fc0b1f8 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -435,6 +435,9 @@
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
"MBEDTLS_SSL_ALL_ALERT_MESSAGES",
#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ "MBEDTLS_SSL_DTLS_CONNECTION_ID",
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
"MBEDTLS_SSL_ASYNC_PRIVATE",
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
@@ -483,6 +486,9 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
"MBEDTLS_SSL_PROTO_DTLS",
#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_PROTO_TLS)
+ "MBEDTLS_SSL_PROTO_TLS",
+#endif /* MBEDTLS_SSL_PROTO_TLS */
#if defined(MBEDTLS_SSL_ALPN)
"MBEDTLS_SSL_ALPN",
#endif /* MBEDTLS_SSL_ALPN */
@@ -612,6 +618,9 @@
#if defined(MBEDTLS_ECP_C)
"MBEDTLS_ECP_C",
#endif /* MBEDTLS_ECP_C */
+#if defined(MBEDTLS_USE_TINYCRYPT)
+ "MBEDTLS_USE_TINYCRYPT",
+#endif /* MBEDTLS_USE_TINYCRYPT */
#if defined(MBEDTLS_ENTROPY_C)
"MBEDTLS_ENTROPY_C",
#endif /* MBEDTLS_ENTROPY_C */
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 97e1d72..9d498ea 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -828,8 +828,10 @@
/*
* Parse and fill a single X.509 certificate in DER format
*/
-static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *buf,
- size_t buflen )
+static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
+ const unsigned char *buf,
+ size_t buflen,
+ int make_copy )
{
int ret;
size_t len;
@@ -846,7 +848,7 @@
if( crt == NULL || buf == NULL )
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
- // Use the original buffer until we figure out actual length
+ /* Use the original buffer until we figure out actual length. */
p = (unsigned char*) buf;
len = buflen;
end = p + len;
@@ -864,25 +866,26 @@
return( MBEDTLS_ERR_X509_INVALID_FORMAT );
}
- if( len > (size_t) ( end - p ) )
- {
- mbedtls_x509_crt_free( crt );
- return( MBEDTLS_ERR_X509_INVALID_FORMAT +
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
- }
- crt_end = p + len;
-
- // Create and populate a new buffer for the raw field
- crt->raw.len = crt_end - buf;
- crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
- if( p == NULL )
- return( MBEDTLS_ERR_X509_ALLOC_FAILED );
-
- memcpy( p, buf, crt->raw.len );
-
- // Direct pointers to the new buffer
- p += crt->raw.len - len;
end = crt_end = p + len;
+ crt->raw.len = crt_end - buf;
+ if( make_copy != 0 )
+ {
+ /* Create and populate a new buffer for the raw field. */
+ crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
+ if( crt->raw.p == NULL )
+ return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+
+ memcpy( crt->raw.p, buf, crt->raw.len );
+ crt->own_buffer = 1;
+
+ p += crt->raw.len - len;
+ end = crt_end = p + len;
+ }
+ else
+ {
+ crt->raw.p = (unsigned char*) buf;
+ crt->own_buffer = 0;
+ }
/*
* TBSCertificate ::= SEQUENCE {
@@ -1085,8 +1088,10 @@
* Parse one X.509 certificate in DER format from a buffer and add them to a
* chained list
*/
-int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
- size_t buflen )
+static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen,
+ int make_copy )
{
int ret;
mbedtls_x509_crt *crt = chain, *prev = NULL;
@@ -1118,7 +1123,7 @@
crt = crt->next;
}
- if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
+ if( ( ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy ) ) != 0 )
{
if( prev )
prev->next = NULL;
@@ -1132,11 +1137,27 @@
return( 0 );
}
+int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen )
+{
+ return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0 ) );
+}
+
+int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen )
+{
+ return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1 ) );
+}
+
/*
* Parse one or more PEM certificates from a buffer and add them to the chained
* list
*/
-int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
+int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain,
+ const unsigned char *buf,
+ size_t buflen )
{
#if defined(MBEDTLS_PEM_PARSE_C)
int success = 0, first_error = 0, total_failed = 0;
@@ -2674,7 +2695,7 @@
mbedtls_free( seq_prv );
}
- if( cert_cur->raw.p != NULL )
+ if( cert_cur->raw.p != NULL && cert_cur->own_buffer )
{
mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len );
mbedtls_free( cert_cur->raw.p );
diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c
index 6e28197..be35a76 100644
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -1202,6 +1202,14 @@
}
#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( strcmp( "MBEDTLS_SSL_DTLS_CONNECTION_ID", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_CONNECTION_ID );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( strcmp( "MBEDTLS_SSL_ASYNC_PRIVATE", config ) == 0 )
{
@@ -1330,6 +1338,14 @@
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_PROTO_TLS)
+ if( strcmp( "MBEDTLS_SSL_PROTO_TLS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_TLS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS */
+
#if defined(MBEDTLS_SSL_ALPN)
if( strcmp( "MBEDTLS_SSL_ALPN", config ) == 0 )
{
@@ -1674,6 +1690,14 @@
}
#endif /* MBEDTLS_ECP_C */
+#if defined(MBEDTLS_USE_TINYCRYPT)
+ if( strcmp( "MBEDTLS_USE_TINYCRYPT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_USE_TINYCRYPT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_USE_TINYCRYPT */
+
#if defined(MBEDTLS_ENTROPY_C)
if( strcmp( "MBEDTLS_ENTROPY_C", config ) == 0 )
{
@@ -2418,6 +2442,30 @@
}
#endif /* MBEDTLS_SSL_IN_CONTENT_LEN */
+#if defined(MBEDTLS_SSL_CID_IN_LEN_MAX)
+ if( strcmp( "MBEDTLS_SSL_CID_IN_LEN_MAX", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CID_IN_LEN_MAX );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CID_IN_LEN_MAX */
+
+#if defined(MBEDTLS_SSL_CID_OUT_LEN_MAX)
+ if( strcmp( "MBEDTLS_SSL_CID_OUT_LEN_MAX", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CID_OUT_LEN_MAX );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CID_OUT_LEN_MAX */
+
+#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY)
+ if( strcmp( "MBEDTLS_SSL_CID_PADDING_GRANULARITY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CID_PADDING_GRANULARITY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CID_PADDING_GRANULARITY */
+
#if defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
if( strcmp( "MBEDTLS_SSL_OUT_CONTENT_LEN", config ) == 0 )
{
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 646909f..fc601ec 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -43,14 +43,15 @@
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
- !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
+ !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+ !defined(MBEDTLS_SSL_PROTO_TLS)
int main( void )
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
- "not defined.\n");
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or"
+ "MBEDTLS_SSL_PROTO_TLS not defined.\n");
return( 0 );
}
#else
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 255d4b2..6841f7b 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -36,6 +36,8 @@
#define mbedtls_fprintf fprintf
#define mbedtls_snprintf snprintf
#define mbedtls_exit exit
+#define mbedtls_calloc calloc
+#define mbedtls_free free
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
@@ -103,6 +105,11 @@
#define DFL_DHMLEN -1
#define DFL_RECONNECT 0
#define DFL_RECO_DELAY 0
+#define DFL_RECO_MODE 1
+#define DFL_CID_ENABLED 0
+#define DFL_CID_VALUE ""
+#define DFL_CID_ENABLED_RENEGO -1
+#define DFL_CID_VALUE_RENEGO NULL
#define DFL_RECONNECT_HARD 0
#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
#define DFL_ALPN_STRING NULL
@@ -115,6 +122,7 @@
#define DFL_FALLBACK -1
#define DFL_EXTENDED_MS -1
#define DFL_ETM -1
+#define DFL_EXTENDED_MS_ENFORCE -1
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
#define GET_REQUEST_END "\r\n\r\n"
@@ -139,6 +147,20 @@
#define USAGE_IO ""
#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+#define USAGE_CID \
+ " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \
+ " default: 0 (disabled)\n" \
+ " cid_renego=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension during renegotiation.\n" \
+ " default: same as 'cid' parameter\n" \
+ " cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \
+ " default: \"\"\n" \
+ " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \
+ " default: same as 'cid_val' parameter\n"
+#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+#define USAGE_CID ""
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
#define USAGE_PSK \
" psk=%%s default: \"\" (in hex, without 0x)\n" \
@@ -204,7 +226,7 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
#define USAGE_DTLS \
- " dtls=%%d default: 0 (TLS)\n" \
+ " dtls=%%d default: 0 (TLS) (if both enabled)\n" \
" hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
" range of DTLS handshake timeouts in millisecs\n" \
" mtu=%%d default: (library default: unlimited)\n" \
@@ -224,7 +246,8 @@
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
#define USAGE_EMS \
- " extended_ms=0/1 default: (library default: on)\n"
+ " extended_ms=0/1 default: (library default: on)\n" \
+ " enforce_extended_master_secret=0/1 default: (library default: off)\n"
#else
#define USAGE_EMS ""
#endif
@@ -280,6 +303,7 @@
" max_resend=%%d default: 0 (no resend on timeout)\n" \
"\n" \
USAGE_DTLS \
+ USAGE_CID \
"\n" \
" auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \
@@ -292,8 +316,11 @@
" allow_legacy=%%d default: (library default: no)\n" \
USAGE_RENEGO \
" exchanges=%%d default: 1\n" \
- " reconnect=%%d default: 0 (disabled)\n" \
+ " reconnect=%%d number of reconnections using session resumption\n" \
+ " default: 0 (disabled)\n" \
" reco_delay=%%d default: 0 seconds\n" \
+ " reco_mode=%%d 0: copy session, 1: serialize session\n" \
+ " default: 1\n" \
" reconnect_hard=%%d default: 0 (disabled)\n" \
USAGE_TICKETS \
USAGE_MAX_FRAG_LEN \
@@ -375,6 +402,7 @@
int dhmlen; /* minimum DHM params len in bits */
int reconnect; /* attempt to resume session */
int reco_delay; /* delay in seconds before resuming session */
+ int reco_mode; /* how to keep the session around */
int reconnect_hard; /* unexpectedly reconnect from the same port */
int tickets; /* enable / disable session tickets */
const char *curves; /* list of supported elliptic curves */
@@ -386,7 +414,15 @@
int fallback; /* is this a fallback connection? */
int dgram_packing; /* allow/forbid datagram packing */
int extended_ms; /* negotiate extended master secret? */
+ int enforce_extended_master_secret; /* Enforce the usage of extended
+ * master secret */
int etm; /* negotiate encrypt then mac? */
+ int cid_enabled; /* whether to use the CID extension or not */
+ int cid_enabled_renego; /* whether to use the CID extension or not
+ * during renegotiation */
+ const char *cid_val; /* the CID to use for incoming messages */
+ const char *cid_val_renego; /* the CID to use for incoming messages
+ * after renegotiation */
} opt;
int query_config( const char *config );
@@ -538,6 +574,124 @@
return( 0 );
}
+/* Unhexify `hex` into `dst`. `dst` must have
+ * size at least `strlen( hex ) / 2`. */
+int unhexify( char const *hex, unsigned char *dst )
+{
+ unsigned char c;
+ size_t j;
+ size_t len = strlen( hex );
+
+ if( len % 2 != 0 )
+ return( -1 );
+
+ for( j = 0; j < len; j += 2 )
+ {
+ c = hex[j];
+ if( c >= '0' && c <= '9' )
+ c -= '0';
+ else if( c >= 'a' && c <= 'f' )
+ c -= 'a' - 10;
+ else if( c >= 'A' && c <= 'F' )
+ c -= 'A' - 10;
+ else
+ return( -1 );
+ dst[ j / 2 ] = c << 4;
+
+ c = hex[j + 1];
+ if( c >= '0' && c <= '9' )
+ c -= '0';
+ else if( c >= 'a' && c <= 'f' )
+ c -= 'a' - 10;
+ else if( c >= 'A' && c <= 'F' )
+ c -= 'A' - 10;
+ else
+ return( -1 );
+ dst[ j / 2 ] |= c;
+ }
+
+ return( 0 );
+}
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+int report_cid_usage( mbedtls_ssl_context *ssl,
+ const char *additional_description )
+{
+ int ret;
+ unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
+ size_t peer_cid_len;
+ int cid_negotiated;
+
+ if( opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ return( 0 );
+
+ /* Check if the use of a CID has been negotiated,
+ * but don't ask for the CID value and length.
+ *
+ * Note: Here and below, we're demonstrating the various ways
+ * in which mbedtls_ssl_get_peer_cid() can be called,
+ * depending on whether or not the length/value of the
+ * peer's CID is needed.
+ *
+ * An actual application, however, should use
+ * just one call to mbedtls_ssl_get_peer_cid(). */
+ ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
+ NULL, NULL );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
+ -ret );
+ return( ret );
+ }
+
+ if( cid_negotiated == MBEDTLS_SSL_CID_DISABLED )
+ {
+ if( opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED )
+ {
+ mbedtls_printf( "(%s) Use of Connection ID was rejected by the server.\n",
+ additional_description );
+ }
+ }
+ else
+ {
+ size_t idx=0;
+ mbedtls_printf( "(%s) Use of Connection ID has been negotiated.\n",
+ additional_description );
+
+ /* Ask for just the length of the peer's CID. */
+ ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
+ NULL, &peer_cid_len );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
+ -ret );
+ return( ret );
+ }
+
+ /* Ask for just length + value of the peer's CID. */
+ ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
+ peer_cid, &peer_cid_len );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
+ -ret );
+ return( ret );
+ }
+ mbedtls_printf( "(%s) Peer CID (length %u Bytes): ",
+ additional_description,
+ (unsigned) peer_cid_len );
+ while( idx < peer_cid_len )
+ {
+ mbedtls_printf( "%02x ", peer_cid[ idx ] );
+ idx++;
+ }
+ mbedtls_printf( "\n" );
+ }
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
int main( int argc, char *argv[] )
{
int ret = 0, len, tail_len, i, written, frags, retry_left;
@@ -549,6 +703,14 @@
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
size_t psk_len = 0;
#endif
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ size_t cid_len = 0;
+ size_t cid_renego_len = 0;
+#endif
+
#if defined(MBEDTLS_SSL_ALPN)
const char *alpn_list[ALPN_LIST_SIZE];
#endif
@@ -567,6 +729,8 @@
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ssl_session saved_session;
+ unsigned char *session_data = NULL;
+ size_t session_data_len = 0;
#if defined(MBEDTLS_TIMING_C)
mbedtls_timing_delay_context timer;
#endif
@@ -622,6 +786,10 @@
opt.server_addr = DFL_SERVER_ADDR;
opt.server_port = DFL_SERVER_PORT;
opt.debug_level = DFL_DEBUG_LEVEL;
+ opt.cid_enabled = DFL_CID_ENABLED;
+ opt.cid_val = DFL_CID_VALUE;
+ opt.cid_enabled_renego = DFL_CID_ENABLED_RENEGO;
+ opt.cid_val_renego = DFL_CID_VALUE_RENEGO;
opt.nbio = DFL_NBIO;
opt.event = DFL_EVENT;
opt.read_timeout = DFL_READ_TIMEOUT;
@@ -652,6 +820,7 @@
opt.dhmlen = DFL_DHMLEN;
opt.reconnect = DFL_RECONNECT;
opt.reco_delay = DFL_RECO_DELAY;
+ opt.reco_mode = DFL_RECO_MODE;
opt.reconnect_hard = DFL_RECONNECT_HARD;
opt.tickets = DFL_TICKETS;
opt.alpn_string = DFL_ALPN_STRING;
@@ -662,6 +831,7 @@
opt.dtls_mtu = DFL_DTLS_MTU;
opt.fallback = DFL_FALLBACK;
opt.extended_ms = DFL_EXTENDED_MS;
+ opt.enforce_extended_master_secret = DFL_EXTENDED_MS_ENFORCE;
opt.etm = DFL_ETM;
opt.dgram_packing = DFL_DGRAM_PACKING;
@@ -731,6 +901,28 @@
opt.crt_file = q;
else if( strcmp( p, "key_file" ) == 0 )
opt.key_file = q;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ else if( strcmp( p, "cid" ) == 0 )
+ {
+ opt.cid_enabled = atoi( q );
+ if( opt.cid_enabled != 0 && opt.cid_enabled != 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "cid_renego" ) == 0 )
+ {
+ opt.cid_enabled_renego = atoi( q );
+ if( opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "cid_val" ) == 0 )
+ {
+ opt.cid_val = q;
+ }
+ else if( strcmp( p, "cid_val_renego" ) == 0 )
+ {
+ opt.cid_val_renego = q;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
else if( strcmp( p, "psk" ) == 0 )
opt.psk = q;
else if( strcmp( p, "psk_identity" ) == 0 )
@@ -796,6 +988,12 @@
if( opt.reco_delay < 0 )
goto usage;
}
+ else if( strcmp( p, "reco_mode" ) == 0 )
+ {
+ opt.reco_mode = atoi( q );
+ if( opt.reco_mode < 0 )
+ goto usage;
+ }
else if( strcmp( p, "reconnect_hard" ) == 0 )
{
opt.reconnect_hard = atoi( q );
@@ -834,6 +1032,21 @@
default: goto usage;
}
}
+ else if( strcmp( p, "enforce_extended_master_secret" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0:
+ opt.enforce_extended_master_secret =
+ MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED;
+ break;
+ case 1:
+ opt.enforce_extended_master_secret =
+ MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED;
+ break;
+ default: goto usage;
+ }
+ }
else if( strcmp( p, "curves" ) == 0 )
opt.curves = q;
else if( strcmp( p, "etm" ) == 0 )
@@ -1072,52 +1285,58 @@
}
}
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ cid_len = strlen( opt.cid_val ) / 2;
+ if( cid_len > sizeof( cid ) )
+ {
+ mbedtls_printf( "CID too long\n" );
+ goto exit;
+ }
+
+ if( unhexify( opt.cid_val, cid ) != 0 )
+ {
+ mbedtls_printf( "CID not valid hex\n" );
+ goto exit;
+ }
+
+ /* Keep CID settings for renegotiation unless
+ * specified otherwise. */
+ if( opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO )
+ opt.cid_enabled_renego = opt.cid_enabled;
+ if( opt.cid_val_renego == DFL_CID_VALUE_RENEGO )
+ opt.cid_val_renego = opt.cid_val;
+
+ cid_renego_len = strlen( opt.cid_val_renego ) / 2;
+ if( cid_renego_len > sizeof( cid_renego ) )
+ {
+ mbedtls_printf( "CID too long\n" );
+ goto exit;
+ }
+
+ if( unhexify( opt.cid_val_renego, cid_renego ) != 0 )
+ {
+ mbedtls_printf( "CID not valid hex\n" );
+ goto exit;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
/*
* Unhexify the pre-shared key if any is given
*/
if( strlen( opt.psk ) )
{
- unsigned char c;
- size_t j;
-
- if( strlen( opt.psk ) % 2 != 0 )
+ psk_len = strlen( opt.psk ) / 2;
+ if( psk_len > sizeof( psk ) )
{
- mbedtls_printf( "pre-shared key not valid hex\n" );
+ mbedtls_printf( "pre-shared key too long\n" );
goto exit;
}
- psk_len = strlen( opt.psk ) / 2;
-
- for( j = 0; j < strlen( opt.psk ); j += 2 )
+ if( unhexify( opt.psk, psk ) != 0 )
{
- c = opt.psk[j];
- if( c >= '0' && c <= '9' )
- c -= '0';
- else if( c >= 'a' && c <= 'f' )
- c -= 'a' - 10;
- else if( c >= 'A' && c <= 'F' )
- c -= 'A' - 10;
- else
- {
- mbedtls_printf( "pre-shared key not valid hex\n" );
- goto exit;
- }
- psk[ j / 2 ] = c << 4;
-
- c = opt.psk[j + 1];
- if( c >= '0' && c <= '9' )
- c -= '0';
- else if( c >= 'a' && c <= 'f' )
- c -= 'a' - 10;
- else if( c >= 'A' && c <= 'F' )
- c -= 'A' - 10;
- else
- {
- mbedtls_printf( "pre-shared key not valid hex\n" );
- goto exit;
- }
- psk[ j / 2 ] |= c;
+ mbedtls_printf( "pre-shared key not valid hex\n" );
+ goto exit;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
@@ -1398,6 +1617,33 @@
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
+ {
+ if( opt.cid_enabled == 1 &&
+ opt.cid_enabled_renego == 1 &&
+ cid_len != cid_renego_len )
+ {
+ mbedtls_printf( "CID length must not change during renegotiation\n" );
+ goto usage;
+ }
+
+ if( opt.cid_enabled == 1 )
+ ret = mbedtls_ssl_conf_cid( &conf, cid_len,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
+ else
+ ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
+
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
+ -ret );
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
if( opt.auth_mode != DFL_AUTH_MODE )
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
@@ -1427,6 +1673,9 @@
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
if( opt.extended_ms != DFL_EXTENDED_MS )
mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
+ if( opt.enforce_extended_master_secret != DFL_EXTENDED_MS_ENFORCE )
+ mbedtls_ssl_conf_extended_master_secret_enforce( &conf,
+ opt.enforce_extended_master_secret );
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
@@ -1566,6 +1815,19 @@
mbedtls_net_send, mbedtls_net_recv,
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled,
+ cid, cid_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
+ ret );
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.dtls_mtu != DFL_DTLS_MTU )
mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
@@ -1655,14 +1917,55 @@
mbedtls_printf(" . Saving session for reuse..." );
fflush( stdout );
- if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
+ if( opt.reco_mode == 1 )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
- -ret );
- goto exit;
+ /* free any previously saved data */
+ if( session_data != NULL )
+ {
+ mbedtls_platform_zeroize( session_data, session_data_len );
+ mbedtls_free( session_data );
+ session_data = NULL;
+ }
+
+ /* get size of the buffer needed */
+ mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
+ NULL, 0, &session_data_len );
+ session_data = mbedtls_calloc( 1, session_data_len );
+ if( session_data == NULL )
+ {
+ mbedtls_printf( " failed\n ! alloc %u bytes for session data\n",
+ (unsigned) session_data_len );
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto exit;
+ }
+
+ /* actually save session data */
+ if( ( ret = mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
+ session_data, session_data_len,
+ &session_data_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
+ -ret );
+ goto exit;
+ }
+ }
+ else
+ {
+ if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
+ -ret );
+ goto exit;
+ }
}
mbedtls_printf( " ok\n" );
+
+ if( opt.reco_mode == 1 )
+ {
+ mbedtls_printf( " [ Saved %u bytes of session data]\n",
+ (unsigned) session_data_len );
+ }
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -1694,6 +1997,24 @@
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ret = report_cid_usage( &ssl, "initial handshake" );
+ if( ret != 0 )
+ goto exit;
+
+ if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled_renego,
+ cid_renego,
+ cid_renego_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
+ ret );
+ return( ret );
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( opt.renegotiate )
{
@@ -1734,6 +2055,12 @@
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ret = report_cid_usage( &ssl, "after renegotiation" );
+ if( ret != 0 )
+ goto exit;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
/*
* 6. Write the GET request
*/
@@ -2074,10 +2401,22 @@
goto exit;
}
+ if( opt.reco_mode == 1 )
+ {
+ if( ( ret = mbedtls_ssl_session_load( &saved_session,
+ session_data,
+ session_data_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n",
+ -ret );
+ goto exit;
+ }
+ }
+
if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_session returned %d\n\n",
- ret );
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
+ -ret );
goto exit;
}
@@ -2144,6 +2483,9 @@
mbedtls_ssl_config_free( &conf );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
+ if( session_data != NULL )
+ mbedtls_platform_zeroize( session_data, session_data_len );
+ mbedtls_free( session_data );
#if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" );
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index b6f1cc4..62b4c40 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -43,7 +43,8 @@
!defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_TIMING_C) || \
- !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_PEM_PARSE_C)
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_PEM_PARSE_C) || \
+ !defined(MBEDTLS_SSL_PROTO_TLS)
int main( int argc, char *argv[] )
{
((void) argc);
@@ -53,7 +54,8 @@
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
- "MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ "MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C and/or "
+ "MBEDTLS_SSL_PROTO_TLS not defined.\n");
return( 0 );
}
#elif defined(_WIN32)
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index c73297c..55c90c6 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -48,14 +48,14 @@
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
- !defined(MBEDTLS_FS_IO)
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_SSL_PROTO_TLS)
int main( void )
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
- "not defined.\n");
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
+ "MBEDTLS_SSL_PROTO_TLS not defined.\n");
return( 0 );
}
#else
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index b502695..b00f476 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -45,7 +45,7 @@
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_THREADING_C) || !defined(MBEDTLS_THREADING_PTHREAD) || \
- !defined(MBEDTLS_PEM_PARSE_C)
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_SSL_PROTO_TLS)
int main( void )
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
@@ -53,7 +53,8 @@
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
"MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
- "and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ "and/or MBEDTLS_PEM_PARSE_C and/or "
+ "MBEDTLS_SSL_PROTO_TLS not defined.\n");
return( 0 );
}
#else
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 1852b2b..05d58fa 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -44,14 +44,15 @@
!defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
- !defined(MBEDTLS_PEM_PARSE_C)
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_SSL_PROTO_TLS)
int main( void )
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
- "and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ "and/or MBEDTLS_PEM_PARSE_C and/or "
+ "MBEDTLS_SSL_PROTO_TLS not defined.\n");
return( 0 );
}
#else
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index a4c5fab..3bd76ec 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -137,6 +137,10 @@
#define DFL_MAX_VERSION -1
#define DFL_ARC4 -1
#define DFL_SHA1 -1
+#define DFL_CID_ENABLED 0
+#define DFL_CID_VALUE ""
+#define DFL_CID_ENABLED_RENEGO -1
+#define DFL_CID_VALUE_RENEGO NULL
#define DFL_AUTH_MODE -1
#define DFL_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
@@ -159,6 +163,7 @@
#define DFL_DGRAM_PACKING 1
#define DFL_EXTENDED_MS -1
#define DFL_ETM -1
+#define DFL_EXTENDED_MS_ENFORCE -1
#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
"02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
@@ -224,6 +229,20 @@
#define USAGE_SSL_ASYNC ""
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+#define USAGE_CID \
+ " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \
+ " default: 0 (disabled)\n" \
+ " cid_renego=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension during renegotiation.\n" \
+ " default: same as 'cid' parameter\n" \
+ " cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \
+ " default: \"\"\n" \
+ " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \
+ " default: same as 'cid_val' parameter\n"
+#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+#define USAGE_CID ""
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
#define USAGE_PSK \
" psk=%%s default: \"\" (in hex, without 0x)\n" \
@@ -313,7 +332,7 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
#define USAGE_DTLS \
- " dtls=%%d default: 0 (TLS)\n" \
+ " dtls=%%d default: 0 (TLS) (if both enabled)\n" \
" hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
" range of DTLS handshake timeouts in millisecs\n" \
" mtu=%%d default: (library default: unlimited)\n" \
@@ -326,7 +345,8 @@
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
#define USAGE_EMS \
- " extended_ms=0/1 default: (library default: on)\n"
+ " extended_ms=0/1 default: (library default: on)\n" \
+ " enforce_extended_master_secret=0/1 default: (library default: off)\n"
#else
#define USAGE_EMS ""
#endif
@@ -509,6 +529,8 @@
const char *alpn_string; /* ALPN supported protocols */
const char *dhm_file; /* the file with the DH parameters */
int extended_ms; /* allow negotiation of extended MS? */
+ int enforce_extended_master_secret; /* Enforce the usage of extended
+ * master secret */
int etm; /* allow negotiation of encrypt-then-MAC? */
int transport; /* TLS or DTLS? */
int cookies; /* Use cookies for DTLS? -1 to break them */
@@ -518,6 +540,12 @@
int dtls_mtu; /* UDP Maximum tranport unit for DTLS */
int dgram_packing; /* allow/forbid datagram packing */
int badmac_limit; /* Limit of records with bad MAC */
+ int cid_enabled; /* whether to use the CID extension or not */
+ int cid_enabled_renego; /* whether to use the CID extension or not
+ * during renegotiation */
+ const char *cid_val; /* the CID to use for incoming messages */
+ const char *cid_val_renego; /* the CID to use for incoming messages
+ * after renegotiation */
} opt;
int query_config( const char *config );
@@ -763,7 +791,8 @@
#endif /* SNI_OPTION */
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) || \
+ defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define HEX2NUM( c ) \
do \
@@ -806,6 +835,10 @@
return( 0 );
}
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+
typedef struct _psk_entry psk_entry;
struct _psk_entry
@@ -1216,6 +1249,56 @@
return( 0 );
}
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+int report_cid_usage( mbedtls_ssl_context *ssl,
+ const char *additional_description )
+{
+ int ret;
+ unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
+ size_t peer_cid_len;
+ int cid_negotiated;
+
+ if( opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ return( 0 );
+
+ /* Check if the use of a CID has been negotiated */
+ ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
+ peer_cid, &peer_cid_len );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
+ -ret );
+ return( ret );
+ }
+
+ if( cid_negotiated == MBEDTLS_SSL_CID_DISABLED )
+ {
+ if( opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED )
+ {
+ mbedtls_printf( "(%s) Use of Connection ID was not offered by client.\n",
+ additional_description );
+ }
+ }
+ else
+ {
+ size_t idx=0;
+ mbedtls_printf( "(%s) Use of Connection ID has been negotiated.\n",
+ additional_description );
+ mbedtls_printf( "(%s) Peer CID (length %u Bytes): ",
+ additional_description,
+ (unsigned) peer_cid_len );
+ while( idx < peer_cid_len )
+ {
+ mbedtls_printf( "%02x ", peer_cid[ idx ] );
+ idx++;
+ }
+ mbedtls_printf( "\n" );
+ }
+
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
int main( int argc, char *argv[] )
{
int ret = 0, len, written, frags, exchanges_left;
@@ -1281,6 +1364,13 @@
unsigned char alloc_buf[MEMORY_HEAP_SIZE];
#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ size_t cid_len = 0;
+ size_t cid_renego_len = 0;
+#endif
+
int i;
char *p, *q;
const int *list;
@@ -1358,6 +1448,10 @@
opt.event = DFL_EVENT;
opt.response_size = DFL_RESPONSE_SIZE;
opt.nbio = DFL_NBIO;
+ opt.cid_enabled = DFL_CID_ENABLED;
+ opt.cid_enabled_renego = DFL_CID_ENABLED_RENEGO;
+ opt.cid_val = DFL_CID_VALUE;
+ opt.cid_val_renego = DFL_CID_VALUE_RENEGO;
opt.read_timeout = DFL_READ_TIMEOUT;
opt.ca_file = DFL_CA_FILE;
opt.ca_path = DFL_CA_PATH;
@@ -1406,6 +1500,7 @@
opt.dgram_packing = DFL_DGRAM_PACKING;
opt.badmac_limit = DFL_BADMAC_LIMIT;
opt.extended_ms = DFL_EXTENDED_MS;
+ opt.enforce_extended_master_secret = DFL_EXTENDED_MS_ENFORCE;
opt.etm = DFL_ETM;
for( i = 1; i < argc; i++ )
@@ -1496,6 +1591,28 @@
opt.async_private_error = n;
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ else if( strcmp( p, "cid" ) == 0 )
+ {
+ opt.cid_enabled = atoi( q );
+ if( opt.cid_enabled != 0 && opt.cid_enabled != 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "cid_renego" ) == 0 )
+ {
+ opt.cid_enabled_renego = atoi( q );
+ if( opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1 )
+ goto usage;
+ }
+ else if( strcmp( p, "cid_val" ) == 0 )
+ {
+ opt.cid_val = q;
+ }
+ else if( strcmp( p, "cid_val_renego" ) == 0 )
+ {
+ opt.cid_val_renego = q;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
else if( strcmp( p, "psk" ) == 0 )
opt.psk = q;
else if( strcmp( p, "psk_identity" ) == 0 )
@@ -1703,6 +1820,21 @@
default: goto usage;
}
}
+ else if( strcmp( p, "enforce_extended_master_secret" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0:
+ opt.enforce_extended_master_secret =
+ MBEDTLS_SSL_EXTENDED_MS_ENFORCE_DISABLED;
+ break;
+ case 1:
+ opt.enforce_extended_master_secret =
+ MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED;
+ break;
+ default: goto usage;
+ }
+ }
else if( strcmp( p, "etm" ) == 0 )
{
switch( atoi( q ) )
@@ -1903,6 +2035,27 @@
}
}
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( unhexify( cid, opt.cid_val, &cid_len ) != 0 )
+ {
+ mbedtls_printf( "CID not valid hex\n" );
+ goto exit;
+ }
+
+ /* Keep CID settings for renegotiation unless
+ * specified otherwise. */
+ if( opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO )
+ opt.cid_enabled_renego = opt.cid_enabled;
+ if( opt.cid_val_renego == DFL_CID_VALUE_RENEGO )
+ opt.cid_val_renego = opt.cid_val;
+
+ if( unhexify( cid_renego, opt.cid_val_renego, &cid_renego_len ) != 0 )
+ {
+ mbedtls_printf( "CID not valid hex\n" );
+ goto exit;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
/*
* Unhexify the pre-shared key and parse the list if any given
@@ -2287,6 +2440,33 @@
};
#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
+ {
+ if( opt.cid_enabled == 1 &&
+ opt.cid_enabled_renego == 1 &&
+ cid_len != cid_renego_len )
+ {
+ mbedtls_printf( "CID length must not change during renegotiation\n" );
+ goto usage;
+ }
+
+ if( opt.cid_enabled == 1 )
+ ret = mbedtls_ssl_conf_cid( &conf, cid_len,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
+ else
+ ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
+
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
+ -ret );
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
@@ -2295,6 +2475,9 @@
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
if( opt.extended_ms != DFL_EXTENDED_MS )
mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
+ if( opt.enforce_extended_master_secret != DFL_EXTENDED_MS_ENFORCE )
+ mbedtls_ssl_conf_extended_master_secret_enforce( &conf,
+ opt.enforce_extended_master_secret );
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
@@ -2595,6 +2778,19 @@
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv,
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled,
+ cid, cid_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
+ ret );
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.dtls_mtu != DFL_DTLS_MTU )
mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
@@ -2820,6 +3016,23 @@
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ret = report_cid_usage( &ssl, "initial handshake" );
+ if( ret != 0 )
+ goto exit;
+
+ if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled_renego,
+ cid_renego, cid_renego_len ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
+ ret );
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
if( opt.exchanges == 0 )
goto close_notify;
@@ -3030,6 +3243,12 @@
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ret = report_cid_usage( &ssl, "after renegotiation" );
+ if( ret != 0 )
+ goto exit;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
/*
* 7. Write the 200 Response
*/
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index e96e91b..979910e 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -128,6 +128,9 @@
" mtu=%%d default: 0 (unlimited)\n" \
" drop packets larger than N bytes\n" \
" bad_ad=0/1 default: 0 (don't add bad ApplicationData)\n" \
+ " bad_cid=%%d default: 0 (don't corrupt Connection IDs)\n" \
+ " duplicate 1:N packets containing a CID,\n" \
+ " modifying CID in first instance of the packet.\n" \
" protect_hvr=0/1 default: 0 (don't protect HelloVerifyRequest)\n" \
" protect_len=%%d default: (don't protect packets of this size)\n" \
"\n" \
@@ -160,6 +163,7 @@
int drop; /* drop 1 packet in N (none if 0) */
int mtu; /* drop packets larger than this */
int bad_ad; /* inject corrupted ApplicationData record */
+ unsigned bad_cid; /* inject corrupted CID record */
int protect_hvr; /* never drop or delay HelloVerifyRequest */
int protect_len; /* never drop/delay packet of the given size*/
unsigned pack; /* merge packets into single datagram for
@@ -292,6 +296,12 @@
if( opt.bad_ad < 0 || opt.bad_ad > 1 )
exit_usage( p, q );
}
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ else if( strcmp( p, "bad_cid" ) == 0 )
+ {
+ opt.bad_cid = (unsigned) atoi( q );
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
else if( strcmp( p, "protect_hvr" ) == 0 )
{
opt.protect_hvr = atoi( q );
@@ -323,6 +333,7 @@
case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: return( "ChangeCipherSpec" );
case MBEDTLS_SSL_MSG_ALERT: return( "Alert" );
case MBEDTLS_SSL_MSG_APPLICATION_DATA: return( "ApplicationData" );
+ case MBEDTLS_SSL_MSG_CID: return( "CID" );
case MBEDTLS_SSL_MSG_HANDSHAKE: break; /* See below */
default: return( "Unknown" );
}
@@ -436,7 +447,10 @@
if( sizeof( buf->data ) - buf->len < len )
{
if( ( ret = ctx_buffer_flush( buf ) ) <= 0 )
+ {
+ mbedtls_printf( "ctx_buffer_flush failed with -%#04x", -ret );
return( ret );
+ }
}
memcpy( buf->data + buf->len, data, len );
@@ -453,6 +467,7 @@
const unsigned char * data,
size_t len )
{
+ int ret;
#if defined(MBEDTLS_TIMING_C)
ctx_buffer *buf = NULL;
if( opt.pack > 0 )
@@ -469,7 +484,12 @@
}
#endif /* MBEDTLS_TIMING_C */
- return( mbedtls_net_send( ctx, data, len ) );
+ ret = mbedtls_net_send( ctx, data, len );
+ if( ret < 0 )
+ {
+ mbedtls_printf( "net_send returned -%#04x\n", -ret );
+ }
+ return( ret );
}
typedef struct
@@ -508,6 +528,25 @@
int ret;
mbedtls_net_context *dst = p->dst;
+ /* insert corrupted CID record? */
+ if( opt.bad_cid != 0 &&
+ strcmp( p->type, "CID" ) == 0 &&
+ ( rand() % opt.bad_cid ) == 0 )
+ {
+ unsigned char buf[MAX_MSG_SIZE];
+ memcpy( buf, p->buf, p->len );
+
+ /* The CID resides at offset 11 in the DTLS record header. */
+ buf[11] ^= 1;
+ print_packet( p, "modified CID" );
+
+ if( ( ret = dispatch_data( dst, buf, p->len ) ) <= 0 )
+ {
+ mbedtls_printf( " ! dispatch returned %d\n", ret );
+ return( ret );
+ }
+ }
+
/* insert corrupted ApplicationData record? */
if( opt.bad_ad &&
strcmp( p->type, "ApplicationData" ) == 0 )
@@ -673,6 +712,7 @@
if( ( opt.mtu != 0 &&
cur.len > (unsigned) opt.mtu ) ||
( opt.drop != 0 &&
+ strcmp( cur.type, "CID" ) != 0 &&
strcmp( cur.type, "ApplicationData" ) != 0 &&
! ( opt.protect_hvr &&
strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) &&
@@ -685,6 +725,7 @@
else if( ( opt.delay_ccs == 1 &&
strcmp( cur.type, "ChangeCipherSpec" ) == 0 ) ||
( opt.delay != 0 &&
+ strcmp( cur.type, "CID" ) != 0 &&
strcmp( cur.type, "ApplicationData" ) != 0 &&
! ( opt.protect_hvr &&
strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) &&
diff --git a/scripts/baremetal.sh b/scripts/baremetal.sh
new file mode 100755
index 0000000..4b798b9
--- /dev/null
+++ b/scripts/baremetal.sh
@@ -0,0 +1,381 @@
+#!/bin/sh
+
+# baremetal.sh
+#
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
+# Copyright (c) 2019, ARM Limited, All Rights Reserved
+#
+# Purpose
+#
+# * Create a baremetal library-only build (omitting the tests and
+# example programs, which have stronger configuration requirements)
+# for a Cortex-M target in a minimal configuration, and generate
+# code-size statistics.
+# By default, the script uses configs/baremetal.h and targets Cortex-M0+,
+# and outputs the code-size statistics as `rom.COMMIT_HASH`.
+#
+# * Create a 32-bit host-build of library, tests and example programs
+# in a 'baremetal' base configuration minimally modified to allow
+# running tests and example programs, and obtain heap usage statistics
+# of a test run of ssl_client2 and ssl_server2. This can be used as
+# an estimate for heap usage of 32-bit baremetal applications using Mbed TLS.
+#
+# By default, the script uses configs/baremetal.h as the base configuration
+# modified by configs/baremetal_test.h, and emits the heap usage statistics
+# as `massif.COMMIT_HASH`.
+#
+
+set -eu
+
+if [ -d include/mbedtls ]; then :; else
+ echo "$0: must be run from root" >&2
+ exit 1
+fi
+
+if grep -i cmake Makefile >/dev/null; then
+ echo "$0: not compatible with cmake" >&2
+ exit 1
+fi
+
+# The 'baremetal' configuration to test
+: ${BAREMETAL_CONFIG:=./configs/baremetal.h}
+CFLAGS_CONFIG="-DMBEDTLS_CONFIG_FILE='\"../$BAREMETAL_CONFIG\"'"
+
+# The modifications to the 'baremetal' configuration which allows
+# tests and example programs to build and execute.
+: ${BAREMETAL_USER_CONFIG:=./configs/baremetal_test.h}
+CFLAGS_USER_CONFIG="-DMBEDTLS_USER_CONFIG_FILE='\"../$BAREMETAL_USER_CONFIG\"'"
+
+: ${ARMC5_BIN_DIR:=""}
+: ${ARMC6_BIN_DIR:=""}
+if [ -n "$ARMC5_BIN_DIR" ]; then
+ ARMC5_BIN_DIR="$ARMC5_BIN_DIR/"
+fi
+
+if [ -n "$ARMC6_BIN_DIR" ]; then
+ ARMC6_BIN_DIR="$ARMC6_BIN_DIR/"
+fi
+
+: ${NAME:=$(git rev-parse HEAD)}
+: ${GCC_CC:=arm-none-eabi-gcc}
+: ${GCC_AR:=arm-none-eabi-ar}
+: ${ARMC6_CC:="${ARMC6_BIN_DIR}armclang"}
+: ${ARMC6_AR:="${ARMC6_BIN_DIR}armar"}
+: ${ARMC5_CC:="${ARMC5_BIN_DIR}armcc"}
+: ${ARMC5_AR:="${ARMC5_BIN_DIR}armar"}
+
+date=$( date +%Y-%m-%d-%H-%M-%S )
+
+baremetal_build_gcc()
+{
+ echo "Cleanup..."
+ make clean
+
+ echo "Create 32-bit library-only baremetal build (GCC, config: $BAREMETAL_CONFIG)"
+ gcc_ver=$($GCC_CC --version | head -n 1 | sed -n 's/^.*\([0-9]\.[0-9]\.[0-9]\).*$/\1/p')
+
+ CFLAGS_BAREMETAL="-Os -mthumb -mcpu=cortex-m0plus"
+ CFLAGS="$CFLAGS_BAREMETAL $CFLAGS_CONFIG"
+
+ $GCC_CC --version
+
+ echo "GCC version: $gcc_ver"
+ echo "Flags: $CFLAGS_BAREMETAL"
+ make CC=$GCC_CC AR=$GCC_AR CFLAGS="$CFLAGS" lib -j > /dev/null
+
+ ROM_OUT_FILE="rom_files__${date}__${NAME}__gcc_${gcc_ver}"
+ ROM_OUT_SYMS="rom_syms__${date}__${NAME}__gcc_${gcc_ver}"
+ echo "Generate file statistics..."
+ ./scripts/extract_codesize_stats.sh --info "gcc_${gcc_ver}" --name $NAME --files > $ROM_OUT_FILE
+ echo "Generate symbol statistics..."
+ ./scripts/extract_codesize_stats.sh --info "gcc_${gcc_ver}" --name $NAME --syms > $ROM_OUT_SYMS
+
+ echo "ROM statistics written to:"
+ echo "* $ROM_OUT_FILE"
+ echo "* $ROM_OUT_SYMS"
+
+ # Print summary
+ cat $ROM_OUT_FILE | grep "libmbedtls.a" | awk '{printf( "%15s: %s Bytes\n", $4, $5)}'
+ cat $ROM_OUT_FILE | grep "libmbedcrypto.a" | awk '{printf( "%15s: %s Bytes\n", $4, $5)}'
+ cat $ROM_OUT_FILE | grep "libmbedx509.a" | awk '{printf( "%15s: %s Bytes\n", $4, $5)}'
+}
+
+baremetal_build_armc5()
+{
+ echo "Cleanup..."
+ make clean
+
+ echo "Create 32-bit library-only baremetal build (ARMC5, Config: $BAREMETAL_CONFIG)"
+ armc5_ver=$($ARMC5_CC | sed -n 's/.*ARM Compiler \([^ ]*\)$/\1/p')
+
+ CFLAGS_BAREMETAL="-Ospace --thumb --cpu Cortex-m0plus"
+ CFLAGS="$CFLAGS_BAREMETAL $CFLAGS_CONFIG"
+ WARNING_CFLAGS="--strict --c99"
+
+ echo "ARMC5 version: $armc5_ver"
+ echo "Flags: $WARNING_CFLAGS $CFLAGS_BAREMETAL"
+ make WARNING_CFLAGS="$WARNING_CFLAGS" CC=$ARMC5_CC AR=$ARMC5_AR CFLAGS="$CFLAGS" lib -j > /dev/null
+
+ ROM_OUT_FILE="rom_files__${date}__${NAME}__armc5_${armc5_ver}"
+ ROM_OUT_SYMS="rom_syms__${date}__${NAME}__armc5_${armc5_ver}"
+ echo "Generate file statistics..."
+ ./scripts/extract_codesize_stats.sh --info "armc5_${armc5_ver}" --name $NAME --files > $ROM_OUT_FILE
+ echo "Generate symbol statistics..."
+ ./scripts/extract_codesize_stats.sh --info "armc5_${armc5_ver}" --name $NAME --syms > $ROM_OUT_SYMS
+
+ echo "ROM statistics written to:"
+ echo "* $ROM_OUT_FILE"
+ echo "* $ROM_OUT_SYMS"
+
+ # Print summary
+ cat $ROM_OUT_FILE | grep "libmbedtls.a" | awk '{printf( "%15s: %s Bytes\n", $4, $5)}'
+ cat $ROM_OUT_FILE | grep "libmbedcrypto.a" | awk '{printf( "%15s: %s Bytes\n", $4, $5)}'
+ cat $ROM_OUT_FILE | grep "libmbedx509.a" | awk '{printf( "%15s: %s Bytes\n", $4, $5)}'
+}
+
+baremetal_build_armc6()
+{
+ echo "Cleanup..."
+ make clean
+
+ echo "Create 32-bit library-only baremetal build (ARMC6, Config: $BAREMETAL_CONFIG)"
+ armc6_ver=$($ARMC6_CC --version | sed -n 's/.*ARM Compiler \([^ ]*\)$/\1/p')
+
+ CFLAGS_BAREMETAL="-Os --target=arm-arm-none-eabi -mthumb -mcpu=cortex-m0plus"
+ CFLAGS="$CFLAGS_BAREMETAL $CFLAGS_CONFIG"
+ WARNING_CFLAGS="-xc -std=c99"
+
+ echo "ARMC6 version: $armc6_ver"
+ echo "Flags: $WARNING_CFLAGS $CFLAGS_BAREMETAL"
+ make WARNING_CFLAGS="$WARNING_CFLAGS" CC=$ARMC6_CC AR=$ARMC6_AR CFLAGS="$CFLAGS" lib -j > /dev/null
+
+ ROM_OUT_FILE="rom_files__${date}__${NAME}__armc6_${armc6_ver}"
+ ROM_OUT_SYMS="rom_syms__${date}__${NAME}__armc6_${armc6_ver}"
+ echo "Generate file statistics..."
+ ./scripts/extract_codesize_stats.sh --info "armc6_${armc6_ver}" --name $NAME --files > $ROM_OUT_FILE
+ echo "Generate symbol statistics..."
+ ./scripts/extract_codesize_stats.sh --info "armc6_${armc6_ver}" --name $NAME --syms > $ROM_OUT_SYMS
+
+ echo "ROM statistics written to:"
+ echo "* $ROM_OUT_FILE"
+ echo "* $ROM_OUT_SYMS"
+
+ # Print summary
+ cat $ROM_OUT_FILE | grep "libmbedtls.a" | awk '{printf( "%15s: %s Bytes\n", $4, $5)}'
+ cat $ROM_OUT_FILE | grep "libmbedcrypto.a" | awk '{printf( "%15s: %s Bytes\n", $4, $5)}'
+ cat $ROM_OUT_FILE | grep "libmbedx509.a" | awk '{printf( "%15s: %s Bytes\n", $4, $5)}'
+}
+
+# 32-bit host-build of library, tests and example programs,
+# + heap usage measurements.
+baremetal_ram_build() {
+ : ${BASE_CFLAGS:="-g -m32 -fstack-usage"}
+ echo "Create 32-bit host-build (Config: $BAREMETAL_CONFIG + $BAREMETAL_USER_CONFIG)"
+
+ echo "Cleanup..."
+ make clean
+
+ CFLAGS="$BASE_CFLAGS $CFLAGS_CONFIG $CFLAGS_USER_CONFIG"
+
+ echo "Modifications: $BAREMETAL_USER_CONFIG"
+ cat $BAREMETAL_USER_CONFIG | grep "^#define" | awk '{print "* " $0 }'
+
+ echo "Build (flags: $CFLAGS)..."
+ make CFLAGS="$CFLAGS" -j > /dev/null
+ echo ""
+}
+
+# usage:
+# - `baremetal_ram_heap 0` for heap usage only
+# - `baremetal_ram_heap 1` for heap and stack usage
+baremetal_ram_heap() {
+
+ : ${CLI:=./programs/ssl/ssl_client2}
+ : ${CLI_PARAMS:="dtls=1 cid=1 cid_val=beef"}
+ : ${SRV:=./programs/ssl/ssl_server2}
+ : ${SRV_PARAMS:="dtls=1 renegotiation=1 auth_mode=required cid=1 cid_val=dead"}
+ : ${VALGRIND:=valgrind}
+ : ${VALGRIND_MASSIF_PARAMS="--time-unit=B --threshold=0.01 --detailed-freq=1"}
+
+ if [ $1 -eq 1 ]; then
+ RAM_HEAP_OUT="ram_heap_stack__${date}__$NAME"
+ VALGRIND_MASSIF_PARAMS="--stacks=yes $VALGRIND_MASSIF_PARAMS"
+ else
+ RAM_HEAP_OUT="ram_heap__${date}__$NAME"
+ fi
+
+ SRV_CMD="$SRV server_addr=127.0.0.1 server_port=4433 debug_level=4 $SRV_PARAMS"
+ CLI_CMD="$CLI server_addr=127.0.0.1 server_port=4433 $CLI_PARAMS"
+
+ # Piece together valgrind cmd line
+ VALGRIND_BASE="$VALGRIND --tool=massif $VALGRIND_MASSIF_PARAMS"
+
+ FUNC_IGNORE=""
+ FUNC_IGNORE="__fopen_internal $FUNC_IGNORE"
+ FUNC_IGNORE="_IO_file_doallocate $FUNC_IGNORE"
+ FUNC_IGNORE="strdup $FUNC_IGNORE"
+ FUNC_IGNORE="__tzstring_len $FUNC_IGNORE"
+ FUNC_IGNORE="__tzfile_read $FUNC_IGNORE"
+
+ VALGRIND_IGNORE=""
+ for func in $FUNC_IGNORE; do
+ echo "* Valgrind ignore: $func"
+ VALGRIND_IGNORE="--ignore-fn=$func $VALGRIND_IGNORE"
+ done
+
+ VALGRIND_CMD="$VALGRIND_BASE $VALGRIND_IGNORE --massif-out-file=${RAM_HEAP_OUT} -- $CLI_CMD"
+
+ $SRV_CMD > /dev/null 2>&1 &
+ SRV_PID=$!
+ echo "Server started, PID $SRV_PID"
+
+ $VALGRIND_CMD > /dev/null 2>&1 &
+ VAL_PID=$!
+ echo "Valgrind massif started, PID $VAL_PID"
+
+ wait $VAL_PID
+ echo "Valgrind done, killing server"
+ kill $SRV_PID
+ echo "Done"
+
+ if `cat $RAM_HEAP_OUT | grep '???'` >/dev/null 2>&1; then
+ echo "Warning: Unrecognized symbols in massif output file - does your version of `valgrind` support 32-bit builds?"
+ fi
+
+ printf "Max heap usage: "
+ ./scripts/massif_max.pl $RAM_HEAP_OUT
+ echo "SUCCESS - Heap usage statistics written to: $RAM_HEAP_OUT\n"
+}
+
+baremetal_ram_stack() {
+ : ${CLI:=./programs/ssl/ssl_client2}
+ : ${CLI_PARAMS:="dtls=1"}
+ : ${SRV:=./programs/ssl/ssl_server2}
+ : ${SRV_PARAMS:="dtls=1 renegotiation=1 auth_mode=required"}
+ : ${VALGRIND:=valgrind}
+ : ${VALGRIND_CALLGRIND_PARAMS:="--separate-callers=100"}
+
+ RAM_CALLGRIND_OUT="ram_callgrind__${date}__$NAME"
+ RAM_STACK_OUT="ram_stack__${date}__$NAME"
+
+ SRV_CMD="$SRV server_addr=127.0.0.1 server_port=4433 debug_level=4 $SRV_PARAMS"
+ CLI_CMD="$CLI server_addr=127.0.0.1 server_port=4433 $CLI_PARAMS"
+
+ VALGRIND_BASE="$VALGRIND --tool=callgrind $VALGRIND_CALLGRIND_PARAMS"
+ VALGRIND_CMD="$VALGRIND_BASE --callgrind-out-file=${RAM_CALLGRIND_OUT} $CLI_CMD"
+
+ $SRV_CMD > /dev/null 2>&1 &
+ SRV_PID=$!
+ echo "Server started, PID $SRV_PID"
+
+ $VALGRIND_CMD > /dev/null 2>&1 &
+ VAL_PID=$!
+ echo "Valgrind callgrind started, PID $VAL_PID"
+
+ wait $VAL_PID
+ echo "Valgrind done, killing server"
+ kill $SRV_PID
+ echo "Done"
+
+ # Extract callgraphs from source files directly
+ RAM_CALLGRAPH_OUT=""
+ if [ -x "$(command -v cflow)" ]; then
+ RAM_CALLGRAPH_OUT="ram_cflow__${date}__$NAME"
+ cflow library/*.c > $RAM_CALLGRAPH_OUT 2> /dev/null
+ fi
+
+ # Merge stack usage files
+ cat library/*.su > ${RAM_STACK_OUT}_unsorted
+ sort -r -k2 -n ${RAM_STACK_OUT}_unsorted > $RAM_STACK_OUT
+ rm ${RAM_STACK_OUT}_unsorted
+
+ echo "SUCCESS"
+ echo "* Stack usage statistics written to $RAM_STACK_OUT"
+ echo "* Callgrind output written to $RAM_CALLGRIND_OUT"
+ if [ -n $RAM_CALLGRAPH_OUT ]; then
+ echo "* Static call graph written to $RAM_CALLGRAPH_OUT"
+ fi
+}
+
+show_usage() {
+ echo "Usage: $0 [--rom [--gcc] [--armc5] [--armc6]|--ram [--stack] [--heap]]"
+}
+
+test_build=0
+raw_build=0
+
+build_gcc=0
+build_armc5=0
+build_armc6=0
+
+measure_heap=0
+measure_stack=0
+
+while [ $# -gt 0 ]; do
+ case "$1" in
+ --gcc) build_gcc=1;;
+ --armc5) build_armc5=1;;
+ --armc6) build_armc6=1;;
+ --ram) test_build=1;;
+ --rom) raw_build=1;;
+ --heap) measure_heap=1;;
+ --stack) measure_stack=1;;
+ -*)
+ echo >&2 "Unknown option: $1"
+ show_usage
+ exit 1
+ ;;
+ esac
+ shift
+done
+
+if [ "$test_build" -eq 0 ] &&
+ [ "$raw_build" -eq 0 ]; then
+ echo "Need to set either --ram or --rom"
+ show_usage
+ exit 1
+fi
+
+if [ "$test_build" -eq 1 ]; then
+
+ if [ "$measure_heap" -eq 0 ] &&
+ [ "$measure_stack" -eq 0 ]; then
+ echo "Need to set either --heap or --stack with --ram"
+ show_usage
+ exit 1
+ fi
+
+ baremetal_ram_build
+
+ if [ "$measure_heap" -eq 1 ]; then
+ baremetal_ram_heap 0
+ baremetal_ram_heap 1
+ fi
+
+ if [ "$measure_stack" -eq 1 ]; then
+ baremetal_ram_stack
+ fi
+
+fi
+
+if [ "$raw_build" -eq 1 ]; then
+
+ if [ "$build_gcc" -eq 0 ] &&
+ [ "$build_armc5" -eq 0 ] &&
+ [ "$build_armc6" -eq 0 ]; then
+ echo "Need to set either --gcc, --armc5 or --armc6 with --rom"
+ show_usage
+ exit 1
+ fi
+
+ if [ "$build_gcc" -eq 1 ]; then
+ baremetal_build_gcc
+ fi
+ if [ "$build_armc5" -eq 1 ]; then
+ baremetal_build_armc5
+ fi
+ if [ "$build_armc6" -eq 1 ]; then
+ baremetal_build_armc6
+ fi
+fi
diff --git a/scripts/config.pl b/scripts/config.pl
index 42ec6f8..86af553 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -98,6 +98,7 @@
MBEDTLS_PKCS11_C
MBEDTLS_NO_UDBL_DIVISION
MBEDTLS_NO_64BIT_MULTIPLICATION
+MBEDTLS_USE_TINYCRYPT
_ALT\s*$
);
diff --git a/scripts/extract_codesize_stats.sh b/scripts/extract_codesize_stats.sh
new file mode 100755
index 0000000..33d1c7b
--- /dev/null
+++ b/scripts/extract_codesize_stats.sh
@@ -0,0 +1,123 @@
+#!/bin/sh
+# generate_codesize_stats.sh
+#
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
+# Copyright (c) 2019, ARM Limited, All Rights Reserved
+#
+# Purpose
+#
+# Generate static memory usage statistics for an Mbed TLS build.
+#
+
+set -eu
+
+if [ -d include/mbedtls ]; then :; else
+ echo "$0: must be run from root" >&2
+ exit 1
+fi
+
+if grep -i cmake Makefile >/dev/null; then
+ echo "$0: not compatible with cmake" >&2
+ exit 1
+fi
+
+BUILD_DIR="./library"
+
+LIBFILES=$( ls $BUILD_DIR/*.a )
+OBJFILES=$( ls $BUILD_DIR/*.o )
+
+SUMMARY_ONLY=0
+LIMIT=9999
+
+print_usage() {
+ echo "\nExtract static memory usage statistics for an Mbed TLS build.\n"
+ echo "Usage: $0 [options]"
+ echo " --files\tGenerate per-file code-size statistics."
+ echo " --syms\tGenerate per-symbol code-size statistics."
+ echo " -l|--limit num\tPrint only the largest 'num' symbols of the given type. (Default: $LIMIT) "
+ echo " -h|--help\tPrint this help."
+ echo " -d|--dir=BUILD_DIR\tThe build directory containing the 'library' folder (default: ${BUILD_DIR})"
+}
+
+get_options() {
+ while [ $# -gt 0 ]; do
+ case "$1" in
+ -d|--dir)
+ shift; BUILD_DIR=$1
+ ;;
+ -h|--help)
+ print_usage
+ exit 0
+ ;;
+ --files)
+ FILE_STATS=1
+ ;;
+ --syms)
+ SYM_STATS=1
+ ;;
+ -l|--limit)
+ shift; LIMIT=$1
+ ;;
+ -n|--name)
+ shift; name=$1
+ ;;
+ -i|--info)
+ shift; info=$1
+ ;;
+ *)
+ echo "Unknown argument: $1"
+ print_usage
+ exit 1
+ ;;
+ esac
+ shift
+ done
+}
+
+FILE_STATS=0
+SYM_STATS=0
+name="unnamed"
+info="noinfo"
+get_options "$@"
+
+date=$( date +%Y-%m-%d-%H-%M-%S )
+
+report_syms() {
+ file=$(basename $1)
+ type=$2
+ stat=$(nm --line-numbers --radix=d --size-sort --reverse $1 |
+ grep " [$3] " |
+ sort --reverse |
+ head -n $LIMIT |
+ awk -v type="$type" -v info="$info" -v name="$name" -v date="$date" -v file="$file" \
+ '{ printf( "%10s %42s %12s %20s %8s %6d %s\n", date, name, info, file, type, $1, $3 ); }')
+ if [ -n "$stat" ]; then
+ echo "$stat"
+ fi
+}
+
+# Report static memory usage (RAM and ROM)
+if [ $FILE_STATS -eq 1 ]; then
+ for file_full in $LIBFILES; do
+ file=$(basename $file_full)
+ size --radix=10 $file_full |
+ sort -s -n -k 1,1 |
+ tail -n +2 |
+ sed -n '/^[ ]*0/!p' |
+ awk -v info="$info" -v name="$name" -v date="$date" '{ printf( "%10s %42s %12s %20s %6d %6d %6d\n", date, name, info, $6, $1, $2, $3 ); }' |
+ awk -v info="$info" -v name="$name" -v date="$date" -v file="$file" '{print $0; sum_text += $5; sum_data += $6; sum_bss += $7}
+ END { printf( "%10s %42s %12s %20s %6d %6d %6d\n\n", date, name, info, file, sum_text, sum_data, sum_bss ); }'
+ done
+fi
+
+if [ $SYM_STATS -eq 1 ]; then
+ SYMTYPES="CODE-tT DATA-dD RODATA-rR BSS-bB"
+ for symtype in $SYMTYPES; do
+ type=${symtype%*-*}
+ specifier=${symtype#*-*}
+ for file_full in $OBJFILES; do
+ report_syms "$file_full" $type $specifier
+ done
+ done
+fi
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 09db60c..4449691 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -44,7 +44,9 @@
test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@
-all_final += test-ca.crt
+test-ca.der: test-ca.crt
+ $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+all_final += test-ca.crt test-ca.der
test-ca.crt.der: test-ca.crt
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
@@ -963,7 +965,9 @@
server2.crt: server2.req.sha256
$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
-all_final += server2.crt
+server2.der: server2.crt
+ $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+all_final += server2.crt server2.der
server2-sha256.crt: server2.req.sha256
$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@
diff --git a/tests/data_files/server1.der b/tests/data_files/server1.der
new file mode 100644
index 0000000..fcf45cd
--- /dev/null
+++ b/tests/data_files/server1.der
Binary files differ
diff --git a/tests/data_files/server2.der b/tests/data_files/server2.der
new file mode 100644
index 0000000..ec03190
--- /dev/null
+++ b/tests/data_files/server2.der
Binary files differ
diff --git a/tests/data_files/test-ca.der b/tests/data_files/test-ca.der
new file mode 100644
index 0000000..039fb9e
--- /dev/null
+++ b/tests/data_files/test-ca.der
Binary files differ
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 7eaefe9..de7835d 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -716,7 +716,7 @@
component_test_small_mbedtls_ssl_dtls_max_buffering () {
msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1"
- scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240
+ scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 190
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@@ -1061,6 +1061,19 @@
make test
}
+component_build_tinycrypt_cmake () {
+ msg "build: tinycrypt native, cmake"
+ scripts/config.pl set MBEDTLS_USE_TINYCRYPT
+ CC=gcc cmake .
+ make
+}
+
+component_build_tinycrypt_make () {
+ msg "build: tinycrypt native, make"
+ scripts/config.pl set MBEDTLS_USE_TINYCRYPT
+ make CC=gcc CFLAGS='-Werror -O1'
+}
+
component_build_arm_none_eabi_gcc () {
msg "build: arm-none-eabi-gcc, make" # ~ 10s
scripts/config.pl full
@@ -1156,6 +1169,15 @@
armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
}
+component_build_armcc_tinycrypt_baremetal () {
+ msg "build: ARM Compiler 5, make with tinycrypt and baremetal"
+ scripts/config.pl baremetal
+ scripts/config.pl set MBEDTLS_USE_TINYCRYPT
+
+ make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
+ make clean
+}
+
component_test_allow_sha1 () {
msg "build: allow SHA1 in certificates by default"
scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py
index 00fd0ed..feea36c 100755
--- a/tests/scripts/check-files.py
+++ b/tests/scripts/check-files.py
@@ -198,7 +198,7 @@
".c", ".h", ".sh", ".pl", ".py", ".md", ".function", ".data",
"Makefile", "CMakeLists.txt", "ChangeLog"
)
- self.excluded_directories = ['.git', 'mbed-os']
+ self.excluded_directories = ['.git', 'mbed-os', 'tinycrypt']
self.excluded_paths = list(map(os.path.normpath, [
'cov-int',
'examples',
diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh
index 90ecfd2..ecfe277 100755
--- a/tests/scripts/check-names.sh
+++ b/tests/scripts/check-names.sh
@@ -42,14 +42,21 @@
FAIL=0
printf "\nExported symbols declared in header: "
-UNDECLARED=$( diff exported-symbols identifiers | sed -n -e 's/^< //p' )
-if [ "x$UNDECLARED" = "x" ]; then
+UNDECLARED=$(diff exported-symbols identifiers | sed -n -e 's/^< //p') > undeclared
+
+FILTERED=$( diff tests/scripts/whitelist undeclared | sed -n -e 's/^< //p')
+
+if [ "x$UNDECLARED" != "x" ]; then
+if [ "x$FILTERED" = "x" ]; then
echo "PASS"
else
echo "FAIL"
- echo "$UNDECLARED"
+ echo "$FILTERED"
FAIL=1
fi
+else
+ echo "PASS"
+fi
diff macros identifiers | sed -n -e 's/< //p' > actual-macros
@@ -106,7 +113,7 @@
printf "\nOverall: "
if [ "$FAIL" -eq 0 ]; then
- rm macros actual-macros enum-consts identifiers exported-symbols
+ rm macros actual-macros enum-consts identifiers exported-symbols undeclared
echo "PASSED"
exit 0
else
diff --git a/tests/scripts/whitelist b/tests/scripts/whitelist
new file mode 100644
index 0000000..99c4060
--- /dev/null
+++ b/tests/scripts/whitelist
@@ -0,0 +1,38 @@
+EccPoint_compute_public_key
+EccPoint_isZero
+EccPoint_mult
+regularize_k
+uECC_compute_public_key
+uECC_curve_private_key_size
+uECC_curve_public_key_size
+uECC_generate_random_int
+uECC_get_rng
+uECC_make_key
+uECC_make_key_with_d
+uECC_secp256r1
+uECC_set_rng
+uECC_shared_secret
+uECC_sign
+uECC_sign_with_k
+uECC_valid_point
+uECC_valid_public_key
+uECC_verify
+uECC_vli_bytesToNative
+uECC_vli_clear
+uECC_vli_cmp
+uECC_vli_cmp_unsafe
+uECC_vli_equal
+uECC_vli_isZero
+uECC_vli_mmod
+uECC_vli_modAdd
+uECC_vli_modInv
+uECC_vli_modMult
+uECC_vli_modMult_fast
+uECC_vli_modSub
+uECC_vli_nativeToBytes
+uECC_vli_numBits
+uECC_vli_set
+uECC_vli_sub
+uECC_vli_testBit
+vli_mmod_fast_secp256r1
+x_side_default
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d2f36e6..b8b7c61 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1126,6 +1126,567 @@
-S "dumping 'expected mac' (20 bytes)" \
-s "dumping 'expected mac' (10 bytes)"
+# Tests for DTLS Connection ID extension
+
+# So far, the CID API isn't implemented, so we can't
+# grep for output witnessing its use. This needs to be
+# changed once the CID extension is implemented.
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli enabled, Srv disabled" \
+ "$P_SRV debug_level=3 dtls=1 cid=0" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
+ 0 \
+ -s "Disable use of CID extension." \
+ -s "found CID extension" \
+ -s "Client sent CID extension, but CID disabled" \
+ -c "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -S "server hello, adding CID extension" \
+ -C "found CID extension" \
+ -S "Copy CIDs into SSL transform" \
+ -C "Copy CIDs into SSL transform" \
+ -c "Use of Connection ID was rejected by the server"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli disabled, Srv enabled" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
+ "$P_CLI debug_level=3 dtls=1 cid=0" \
+ 0 \
+ -c "Disable use of CID extension." \
+ -C "client hello, adding CID extension" \
+ -S "found CID extension" \
+ -s "Enable use of CID extension." \
+ -S "server hello, adding CID extension" \
+ -C "found CID extension" \
+ -S "Copy CIDs into SSL transform" \
+ -C "Copy CIDs into SSL transform" \
+ -s "Use of Connection ID was not offered by client"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 2 Bytes): de ad" \
+ -s "Peer CID (length 2 Bytes): be ef" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID, 3D: Cli+Srv enabled, Cli+Srv CID nonempty" \
+ -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 2 Bytes): de ad" \
+ -s "Peer CID (length 2 Bytes): be ef" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated" \
+ -c "ignoring unexpected CID" \
+ -s "ignoring unexpected CID"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID, MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \
+ -p "$P_PXY mtu=800" \
+ "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \
+ "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 2 Bytes): de ad" \
+ -s "Peer CID (length 2 Bytes): be ef" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID, 3D+MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \
+ -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \
+ "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \
+ "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 2 Bytes): de ad" \
+ -s "Peer CID (length 2 Bytes): be ef" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated" \
+ -c "ignoring unexpected CID" \
+ -s "ignoring unexpected CID"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli CID empty" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
+ "$P_CLI debug_level=3 dtls=1 cid=1" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 4 Bytes): de ad be ef" \
+ -s "Peer CID (length 0 Bytes):" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Srv CID empty" \
+ "$P_SRV debug_level=3 dtls=1 cid=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -s "Peer CID (length 4 Bytes): de ad be ef" \
+ -c "Peer CID (length 0 Bytes):" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty" \
+ "$P_SRV debug_level=3 dtls=1 cid=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -S "Use of Connection ID has been negotiated" \
+ -C "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CCM-8" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 2 Bytes): de ad" \
+ -s "Peer CID (length 2 Bytes): be ef" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CCM-8" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 4 Bytes): de ad be ef" \
+ -s "Peer CID (length 0 Bytes):" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CCM-8" \
+ "$P_SRV debug_level=3 dtls=1 cid=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -s "Peer CID (length 4 Bytes): de ad be ef" \
+ -c "Peer CID (length 0 Bytes):" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CCM-8" \
+ "$P_SRV debug_level=3 dtls=1 cid=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -S "Use of Connection ID has been negotiated" \
+ -C "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CBC" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 2 Bytes): de ad" \
+ -s "Peer CID (length 2 Bytes): be ef" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CBC" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -c "Peer CID (length 4 Bytes): de ad be ef" \
+ -s "Peer CID (length 0 Bytes):" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CBC" \
+ "$P_SRV debug_level=3 dtls=1 cid=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -s "Peer CID (length 4 Bytes): de ad be ef" \
+ -c "Peer CID (length 0 Bytes):" \
+ -s "Use of Connection ID has been negotiated" \
+ -c "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CBC" \
+ "$P_SRV debug_level=3 dtls=1 cid=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
+ 0 \
+ -c "Enable use of CID extension." \
+ -s "Enable use of CID extension." \
+ -c "client hello, adding CID extension" \
+ -s "found CID extension" \
+ -s "Use of CID extension negotiated" \
+ -s "server hello, adding CID extension" \
+ -c "found CID extension" \
+ -c "Use of CID extension negotiated" \
+ -s "Copy CIDs into SSL transform" \
+ -c "Copy CIDs into SSL transform" \
+ -S "Use of Connection ID has been negotiated" \
+ -C "Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID: Cli+Srv enabled, renegotiate without change of CID" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -s "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID: Cli+Srv enabled, renegotiate with different CID" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -s "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate with different CID" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead cid_val_renego=beef renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -s "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate with different CID" \
+ -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \
+ "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \
+ "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -s "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "ignoring unexpected CID" \
+ -s "ignoring unexpected CID"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID: Cli+Srv enabled, renegotiate without CID" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -C "(after renegotiation) Use of Connection ID has been negotiated" \
+ -S "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate without CID" \
+ "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -C "(after renegotiation) Use of Connection ID has been negotiated" \
+ -S "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate without CID" \
+ -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
+ "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
+ "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -C "(after renegotiation) Use of Connection ID has been negotiated" \
+ -S "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "ignoring unexpected CID" \
+ -s "ignoring unexpected CID"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID: Cli+Srv enabled, CID on renegotiation" \
+ "$P_SRV debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \
+ 0 \
+ -S "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -c "(after renegotiation) Use of Connection ID has been negotiated" \
+ -s "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID, no packing: Cli+Srv enabled, CID on renegotiation" \
+ "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \
+ 0 \
+ -S "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -c "(after renegotiation) Use of Connection ID has been negotiated" \
+ -s "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID, 3D+MTU: Cli+Srv enabled, CID on renegotiation" \
+ -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \
+ "$P_SRV debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \
+ "$P_CLI debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \
+ 0 \
+ -S "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -c "(after renegotiation) Use of Connection ID has been negotiated" \
+ -s "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "ignoring unexpected CID" \
+ -s "ignoring unexpected CID"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID: Cli+Srv enabled, Cli disables on renegotiation" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -C "(after renegotiation) Use of Connection ID has been negotiated" \
+ -S "(after renegotiation) Use of Connection ID has been negotiated" \
+ -s "(after renegotiation) Use of Connection ID was not offered by client"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID, 3D: Cli+Srv enabled, Cli disables on renegotiation" \
+ -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -C "(after renegotiation) Use of Connection ID has been negotiated" \
+ -S "(after renegotiation) Use of Connection ID has been negotiated" \
+ -s "(after renegotiation) Use of Connection ID was not offered by client" \
+ -c "ignoring unexpected CID" \
+ -s "ignoring unexpected CID"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID: Cli+Srv enabled, Srv disables on renegotiation" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -C "(after renegotiation) Use of Connection ID has been negotiated" \
+ -S "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Use of Connection ID was rejected by the server"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation" \
+ -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
+ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
+ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+ -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+ -C "(after renegotiation) Use of Connection ID has been negotiated" \
+ -S "(after renegotiation) Use of Connection ID has been negotiated" \
+ -c "(after renegotiation) Use of Connection ID was rejected by the server" \
+ -c "ignoring unexpected CID" \
+ -s "ignoring unexpected CID"
+
# Tests for Encrypt-then-MAC extension
run_test "Encrypt then MAC: default" \
@@ -1216,7 +1777,7 @@
# Tests for Extended Master Secret extension
-run_test "Extended Master Secret: default" \
+run_test "Extended Master Secret: default (not enforcing)" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
0 \
@@ -1224,10 +1785,63 @@
-s "found extended master secret extension" \
-s "server hello, adding extended master secret extension" \
-c "found extended_master_secret extension" \
- -c "using extended master secret" \
- -s "using extended master secret"
+ -c "session hash for extended master secret" \
+ -s "session hash for extended master secret"
-run_test "Extended Master Secret: client enabled, server disabled" \
+run_test "Extended Master Secret: both enabled, both enforcing" \
+ "$P_SRV debug_level=3 enforce_extended_master_secret=1" \
+ "$P_CLI debug_level=3 enforce_extended_master_secret=1" \
+ 0 \
+ -c "client hello, adding extended_master_secret extension" \
+ -s "found extended master secret extension" \
+ -s "server hello, adding extended master secret extension" \
+ -c "found extended_master_secret extension" \
+ -c "session hash for extended master secret" \
+ -s "session hash for extended master secret"
+
+run_test "Extended Master Secret: both enabled, client enforcing" \
+ "$P_SRV debug_level=3 enforce_extended_master_secret=0" \
+ "$P_CLI debug_level=3 enforce_extended_master_secret=1" \
+ 0 \
+ -c "client hello, adding extended_master_secret extension" \
+ -s "found extended master secret extension" \
+ -s "server hello, adding extended master secret extension" \
+ -c "found extended_master_secret extension" \
+ -c "session hash for extended master secret" \
+ -s "session hash for extended master secret"
+
+run_test "Extended Master Secret: both enabled, server enforcing" \
+ "$P_SRV debug_level=3 enforce_extended_master_secret=1" \
+ "$P_CLI debug_level=3 enforce_extended_master_secret=0" \
+ 0 \
+ -c "client hello, adding extended_master_secret extension" \
+ -s "found extended master secret extension" \
+ -s "server hello, adding extended master secret extension" \
+ -c "found extended_master_secret extension" \
+ -c "session hash for extended master secret" \
+ -s "session hash for extended master secret"
+
+run_test "Extended Master Secret: client enabled, server disabled, client enforcing" \
+ "$P_SRV debug_level=3 extended_ms=0" \
+ "$P_CLI debug_level=3 extended_ms=1 enforce_extended_master_secret=1" \
+ 1 \
+ -c "client hello, adding extended_master_secret extension" \
+ -s "found extended master secret extension" \
+ -S "server hello, adding extended master secret extension" \
+ -C "found extended_master_secret extension" \
+ -c "Peer not offering extended master secret, while it is enforced"
+
+run_test "Extended Master Secret enforced: client disabled, server enabled, server enforcing" \
+ "$P_SRV debug_level=3 extended_ms=1 enforce_extended_master_secret=1" \
+ "$P_CLI debug_level=3 extended_ms=0" \
+ 1 \
+ -C "client hello, adding extended_master_secret extension" \
+ -S "found extended master secret extension" \
+ -S "server hello, adding extended master secret extension" \
+ -C "found extended_master_secret extension" \
+ -s "Peer not offering extended master secret, while it is enforced"
+
+run_test "Extended Master Secret: client enabled, server disabled, not enforcing" \
"$P_SRV debug_level=3 extended_ms=0" \
"$P_CLI debug_level=3 extended_ms=1" \
0 \
@@ -1235,10 +1849,10 @@
-s "found extended master secret extension" \
-S "server hello, adding extended master secret extension" \
-C "found extended_master_secret extension" \
- -C "using extended master secret" \
- -S "using extended master secret"
+ -C "session hash for extended master secret" \
+ -S "session hash for extended master secret"
-run_test "Extended Master Secret: client disabled, server enabled" \
+run_test "Extended Master Secret: client disabled, server enabled, not enforcing" \
"$P_SRV debug_level=3 extended_ms=1" \
"$P_CLI debug_level=3 extended_ms=0" \
0 \
@@ -1246,8 +1860,19 @@
-S "found extended master secret extension" \
-S "server hello, adding extended master secret extension" \
-C "found extended_master_secret extension" \
- -C "using extended master secret" \
- -S "using extended master secret"
+ -C "session hash for extended master secret" \
+ -S "session hash for extended master secret"
+
+run_test "Extended Master Secret: client disabled, server disabled" \
+ "$P_SRV debug_level=3 extended_ms=0" \
+ "$P_CLI debug_level=3 extended_ms=0" \
+ 0 \
+ -C "client hello, adding extended_master_secret extension" \
+ -S "found extended master secret extension" \
+ -S "server hello, adding extended master secret extension" \
+ -C "found extended_master_secret extension" \
+ -C "session hash for extended master secret" \
+ -S "session hash for extended master secret"
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Extended Master Secret: client SSLv3, server enabled" \
@@ -1258,8 +1883,8 @@
-S "found extended master secret extension" \
-S "server hello, adding extended master secret extension" \
-C "found extended_master_secret extension" \
- -C "using extended master secret" \
- -S "using extended master secret"
+ -C "session hash for extended master secret" \
+ -S "session hash for extended master secret"
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Extended Master Secret: client enabled, server SSLv3" \
@@ -1270,8 +1895,8 @@
-S "found extended master secret extension" \
-S "server hello, adding extended master secret extension" \
-C "found extended_master_secret extension" \
- -C "using extended master secret" \
- -S "using extended master secret"
+ -C "session hash for extended master secret" \
+ -S "session hash for extended master secret"
# Tests for FALLBACK_SCSV
@@ -1524,6 +2149,20 @@
-S "a session has been resumed" \
-C "a session has been resumed"
+run_test "Session resume using tickets: session copy" \
+ "$P_SRV debug_level=3 tickets=1 cache_max=0" \
+ "$P_CLI debug_level=3 tickets=1 reconnect=1 reco_mode=0" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
run_test "Session resume using tickets: openssl server" \
"$O_SRV" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -1589,6 +2228,20 @@
-S "a session has been resumed" \
-C "a session has been resumed"
+run_test "Session resume using tickets, DTLS: session copy" \
+ "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
+ "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 reco_mode=0" \
+ 0 \
+ -c "client hello, adding session ticket extension" \
+ -s "found session ticket extension" \
+ -s "server hello, adding session ticket extension" \
+ -c "found session_ticket extension" \
+ -c "parse new session ticket" \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
run_test "Session resume using tickets, DTLS: openssl server" \
"$O_SRV -dtls1" \
"$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
@@ -1685,6 +2338,15 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+run_test "Session resume using cache: session copy" \
+ "$P_SRV debug_level=3 tickets=0" \
+ "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_mode=0" \
+ 0 \
+ -s "session successfully restored from cache" \
+ -S "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
run_test "Session resume using cache: openssl client" \
"$P_SRV debug_level=3 tickets=0" \
"( $O_CLI -sess_out $SESSION; \
@@ -1780,6 +2442,15 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+run_test "Session resume using cache, DTLS: session copy" \
+ "$P_SRV dtls=1 debug_level=3 tickets=0" \
+ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_mode=0" \
+ 0 \
+ -s "session successfully restored from cache" \
+ -S "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
run_test "Session resume using cache, DTLS: openssl client" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"( $O_CLI -dtls1 -sess_out $SESSION; \
@@ -7118,11 +7789,11 @@
# without fragmentation or be reassembled within the bounds of
# MBEDTLS_SSL_DTLS_MAX_BUFFERING. Achieve this by testing with a PSK-based
# handshake, omitting CRTs.
-requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 240
-requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 280
+requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 190
+requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 230
run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \
-p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \
- "$P_SRV mtu=190 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
+ "$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \
0 \
-s "Buffer record from epoch 1" \
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 1473507..edb87d8 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -57,3 +57,8763 @@
SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice
ssl_set_hostname_twice:"server0":"server1"
+
+SSL session serialization: Wrong major version
+ssl_session_serialize_version_check:1:0:0:0
+
+SSL session serialization: Wrong minor version
+ssl_session_serialize_version_check:0:1:0:0
+
+SSL session serialization: Wrong patch version
+ssl_session_serialize_version_check:0:0:1:0
+
+SSL session serialization: Wrong config
+ssl_session_serialize_version_check:0:0:0:1
+
+Record crypt, AES-128-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-128-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-128-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-128-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-128-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-128-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-128-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-128-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-128-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-192-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-192-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-192-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-192-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-192-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-192-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-192-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-192-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, AES-256-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-256-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-256-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-256-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-256-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-256-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-256-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-256-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-128-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-128-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-128-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-128-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-128-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-128-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-128-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-128-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-192-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-192-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-192-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-192-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-192-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-192-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-192-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-192-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARIA-256-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-256-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-256-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-256-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-256-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-256-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-256-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARIA-256-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-128-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-128-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-128-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-128-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-128-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-128-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-128-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-128-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-192-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-192-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-192-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-192-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-192-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-192-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-192-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-192-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, CAMELLIA-256-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-256-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-256-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-256-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-256-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-256-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-256-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, CAMELLIA-256-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, BLOWFISH-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, BLOWFISH-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, BLOWFISH-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, BLOWFISH-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, BLOWFISH-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, BLOWFISH-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, BLOWFISH-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, BLOWFISH-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, AES-128-GCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-GCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-GCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-GCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-GCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-GCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-GCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-GCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-GCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-GCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-GCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-GCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-128-CCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-128-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-128-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-192-CCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-192-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-192-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, AES-256-CCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, AES-256-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, AES-256-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-128-CCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-128-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-128-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-192-CCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-192-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-192-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, CAMELLIA-256-CCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, CAMELLIA-256-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, CAMELLIA-256-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-384
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-256
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-1
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, MD5
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, MD5, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, MD5, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, ARC4-128, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, ARC4-128, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, ARC4-128, 1.1, SHA-384
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-256
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-1
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, MD5
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, MD5, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, MD5, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-384
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-256
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-1
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, MD5
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, MD5, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, MD5, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, ARC4-128, SSL3, SHA-1
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARC4-128, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARC4-128, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARC4-128, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARC4-128, SSL3, MD5
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARC4-128, SSL3, MD5, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARC4-128, SSL3, MD5, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ARC4-128, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, NULL cipher, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, NULL cipher, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, NULL cipher, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, NULL cipher, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, NULL cipher, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, NULL cipher, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, NULL cipher, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, NULL cipher, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, ChachaPoly
+depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
+ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ChachaPoly
+depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
+ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ChachaPoly, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
+ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ChachaPoly, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
+ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-128-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-128-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-128-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-128-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-128-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-128-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-128-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-128-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-192-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-192-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-192-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-192-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-192-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-192-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-192-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-192-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, AES-256-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-256-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-256-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-256-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-256-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-256-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-256-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-256-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-128-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-128-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-128-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-128-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-128-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-128-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-128-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-128-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-192-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-192-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-192-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-192-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-192-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-192-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-192-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-192-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARIA-256-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-256-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-256-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-256-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-256-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-256-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-256-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARIA-256-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-128-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-192-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, BLOWFISH-CBC, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, AES-128-GCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-GCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-GCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-GCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-GCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-GCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-GCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-GCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-GCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-GCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-GCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-GCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-GCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-GCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-GCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-GCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-128-CCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-128-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-128-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-192-CCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-192-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-192-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CCM, 1.2
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, AES-256-CCM, 1.2, short tag
+depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, AES-256-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, AES-256-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CCM, 1.2
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CCM, 1.2, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CCM, 1.2, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag, CID 4+4
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
+
+Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag, CID 4+0
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-384
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-256
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-1
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, MD5
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, MD5, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, MD5, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-384
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-256
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-1
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, MD5
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, MD5, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, MD5, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-384
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-256
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-1
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, MD5
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, MD5, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, MD5, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, ARC4-128, SSL3, SHA-1
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARC4-128, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARC4-128, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARC4-128, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARC4-128, SSL3, MD5
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARC4-128, SSL3, MD5, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARC4-128, SSL3, MD5, short tag
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, ARC4-128, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-384
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-256
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-1
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, MD5
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, MD5, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, MD5, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.2, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-384
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-256
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-1
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, MD5
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, MD5, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, MD5, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.1, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-384
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-384, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-384, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-384, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-256
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-256, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-256, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-256, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-1
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, MD5
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, MD5, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, MD5, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, 1.0, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0
+
+Record crypt, little space, NULL cipher, SSL3, SHA-1
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, NULL cipher, SSL3, SHA-1, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, NULL cipher, SSL3, SHA-1, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, NULL cipher, SSL3, SHA-1, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, NULL cipher, SSL3, MD5
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, NULL cipher, SSL3, MD5, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, NULL cipher, SSL3, MD5, short tag
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Record crypt, little space, NULL cipher, SSL3, MD5, short tag, EtM
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0
+
+Session serialization, save-load: no ticket, no cert
+ssl_serialize_session_save_load:0:""
+
+Session serialization, save-load: small ticket, no cert
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+ssl_serialize_session_save_load:42:""
+
+Session serialization, save-load: large ticket, no cert
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+ssl_serialize_session_save_load:1023:""
+
+Session serialization, save-load: no ticket, cert
+depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+ssl_serialize_session_save_load:0:"data_files/server5.crt"
+
+Session serialization, save-load: small ticket, cert
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+ssl_serialize_session_save_load:42:"data_files/server5.crt"
+
+Session serialization, save-load: large ticket, cert
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+ssl_serialize_session_save_load:1023:"data_files/server5.crt"
+
+Session serialization, load-save: no ticket, no cert
+ssl_serialize_session_load_save:0:""
+
+Session serialization, load-save: small ticket, no cert
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+ssl_serialize_session_load_save:42:""
+
+Session serialization, load-save: large ticket, no cert
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+ssl_serialize_session_load_save:1023:""
+
+Session serialization, load-save: no ticket, cert
+depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+ssl_serialize_session_load_save:0:"data_files/server5.crt"
+
+Session serialization, load-save: small ticket, cert
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+ssl_serialize_session_load_save:42:"data_files/server5.crt"
+
+Session serialization, load-save: large ticket, cert
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+ssl_serialize_session_load_save:1023:"data_files/server5.crt"
+
+Session serialization, save buffer size: no ticket, no cert
+ssl_serialize_session_save_buf_size:0:""
+
+Session serialization, save buffer size: small ticket, no cert
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+ssl_serialize_session_save_buf_size:42:""
+
+Session serialization, save buffer size: large ticket, no cert
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+ssl_serialize_session_save_buf_size:1023:""
+
+Session serialization, save buffer size: no ticket, cert
+depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+ssl_serialize_session_save_buf_size:0:"data_files/server5.crt"
+
+Session serialization, save buffer size: small ticket, cert
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+ssl_serialize_session_save_buf_size:42:"data_files/server5.crt"
+
+Session serialization, save buffer size: large ticket, cert
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+ssl_serialize_session_save_buf_size:1023:"data_files/server5.crt"
+
+Session serialization, load buffer size: no ticket, no cert
+ssl_serialize_session_load_buf_size:0:""
+
+Session serialization, load buffer size: small ticket, no cert
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+ssl_serialize_session_load_buf_size:42:""
+
+Session serialization, load buffer size: large ticket, no cert
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
+ssl_serialize_session_load_buf_size:1023:""
+
+Session serialization, load buffer size: no ticket, cert
+depends_on:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+ssl_serialize_session_load_buf_size:0:"data_files/server5.crt"
+
+Session serialization, load buffer size: small ticket, cert
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+ssl_serialize_session_load_buf_size:42:"data_files/server5.crt"
+
+Session serialization, load buffer size: large ticket, cert
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
+ssl_serialize_session_load_buf_size:1023:"data_files/server5.crt"
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 326f22d..65f5852 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -1,6 +1,333 @@
/* BEGIN_HEADER */
#include <mbedtls/ssl.h>
#include <mbedtls/ssl_internal.h>
+
+/*
+ * Helper function setting up inverse record transformations
+ * using given cipher, hash, EtM mode, authentication tag length,
+ * and version.
+ */
+
+#define CHK( x ) \
+ do \
+ { \
+ if( !( x ) ) \
+ { \
+ ret = -1; \
+ goto cleanup; \
+ } \
+ } while( 0 )
+
+#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
+#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
+#else
+#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
+#endif
+
+static int build_transforms( mbedtls_ssl_transform *t_in,
+ mbedtls_ssl_transform *t_out,
+ int cipher_type, int hash_id,
+ int etm, int tag_mode, int ver,
+ size_t cid0_len,
+ size_t cid1_len )
+{
+ mbedtls_cipher_info_t const *cipher_info;
+ int ret = 0;
+
+ size_t keylen, maclen, ivlen;
+ unsigned char *key0 = NULL, *key1 = NULL;
+ unsigned char iv_enc[16], iv_dec[16];
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ unsigned char cid0[ SSL_CID_LEN_MIN ];
+ unsigned char cid1[ SSL_CID_LEN_MIN ];
+
+ rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
+ rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
+#else
+ ((void) cid0_len);
+ ((void) cid1_len);
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ maclen = 0;
+
+ /* Pick cipher */
+ cipher_info = mbedtls_cipher_info_from_type( cipher_type );
+ CHK( cipher_info != NULL );
+ CHK( cipher_info->iv_size <= 16 );
+ CHK( cipher_info->key_bitlen % 8 == 0 );
+
+ /* Pick keys */
+ keylen = cipher_info->key_bitlen / 8;
+ /* Allocate `keylen + 1` bytes to ensure that we get
+ * a non-NULL pointers from `mbedtls_calloc` even if
+ * `keylen == 0` in the case of the NULL cipher. */
+ CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
+ CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL );
+ memset( key0, 0x1, keylen );
+ memset( key1, 0x2, keylen );
+
+ /* Setup cipher contexts */
+ CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 );
+ CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 );
+ CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 );
+ CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+ if( cipher_info->mode == MBEDTLS_MODE_CBC )
+ {
+ CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc,
+ MBEDTLS_PADDING_NONE ) == 0 );
+ CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec,
+ MBEDTLS_PADDING_NONE ) == 0 );
+ CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc,
+ MBEDTLS_PADDING_NONE ) == 0 );
+ CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec,
+ MBEDTLS_PADDING_NONE ) == 0 );
+ }
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+ CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0,
+ keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
+ CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1,
+ keylen << 3, MBEDTLS_DECRYPT ) == 0 );
+ CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1,
+ keylen << 3, MBEDTLS_ENCRYPT ) == 0 );
+ CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0,
+ keylen << 3, MBEDTLS_DECRYPT ) == 0 );
+
+ /* Setup MAC contexts */
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
+ if( cipher_info->mode == MBEDTLS_MODE_CBC ||
+ cipher_info->mode == MBEDTLS_MODE_STREAM )
+ {
+ mbedtls_md_info_t const *md_info;
+ unsigned char *md0, *md1;
+
+ /* Pick hash */
+ md_info = mbedtls_md_info_from_type( hash_id );
+ CHK( md_info != NULL );
+
+ /* Pick hash keys */
+ maclen = mbedtls_md_get_size( md_info );
+ CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL );
+ CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL );
+ memset( md0, 0x5, maclen );
+ memset( md1, 0x6, maclen );
+
+ CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
+ CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
+ CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
+ CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 );
+
+ if( ver > MBEDTLS_SSL_MINOR_VERSION_0 )
+ {
+ CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc,
+ md0, maclen ) == 0 );
+ CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec,
+ md1, maclen ) == 0 );
+ CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc,
+ md1, maclen ) == 0 );
+ CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
+ md0, maclen ) == 0 );
+ }
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+ else
+ {
+ memcpy( &t_in->mac_enc, md0, maclen );
+ memcpy( &t_in->mac_dec, md1, maclen );
+ memcpy( &t_out->mac_enc, md1, maclen );
+ memcpy( &t_out->mac_dec, md0, maclen );
+ }
+#endif
+
+ mbedtls_free( md0 );
+ mbedtls_free( md1 );
+ }
+#else
+ ((void) hash_id);
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
+
+
+ /* Pick IV's (regardless of whether they
+ * are being used by the transform). */
+ ivlen = cipher_info->iv_size;
+ memset( iv_enc, 0x3, sizeof( iv_enc ) );
+ memset( iv_dec, 0x4, sizeof( iv_dec ) );
+
+ /*
+ * Setup transforms
+ */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ t_out->encrypt_then_mac = etm;
+ t_in->encrypt_then_mac = etm;
+#else
+ ((void) etm);
+#endif
+
+ t_out->minor_ver = ver;
+ t_in->minor_ver = ver;
+ t_out->ivlen = ivlen;
+ t_in->ivlen = ivlen;
+
+ switch( cipher_info->mode )
+ {
+ case MBEDTLS_MODE_GCM:
+ case MBEDTLS_MODE_CCM:
+ t_out->fixed_ivlen = 4;
+ t_in->fixed_ivlen = 4;
+ t_out->maclen = 0;
+ t_in->maclen = 0;
+ switch( tag_mode )
+ {
+ case 0: /* Full tag */
+ t_out->taglen = 16;
+ t_in->taglen = 16;
+ break;
+ case 1: /* Partial tag */
+ t_out->taglen = 8;
+ t_in->taglen = 8;
+ break;
+ default:
+ return( 1 );
+ }
+ break;
+
+ case MBEDTLS_MODE_CHACHAPOLY:
+ t_out->fixed_ivlen = 12;
+ t_in->fixed_ivlen = 12;
+ t_out->maclen = 0;
+ t_in->maclen = 0;
+ switch( tag_mode )
+ {
+ case 0: /* Full tag */
+ t_out->taglen = 16;
+ t_in->taglen = 16;
+ break;
+ case 1: /* Partial tag */
+ t_out->taglen = 8;
+ t_in->taglen = 8;
+ break;
+ default:
+ return( 1 );
+ }
+ break;
+
+ case MBEDTLS_MODE_STREAM:
+ case MBEDTLS_MODE_CBC:
+ t_out->fixed_ivlen = 0; /* redundant, must be 0 */
+ t_in->fixed_ivlen = 0; /* redundant, must be 0 */
+ t_out->taglen = 0;
+ t_in->taglen = 0;
+ switch( tag_mode )
+ {
+ case 0: /* Full tag */
+ t_out->maclen = maclen;
+ t_in->maclen = maclen;
+ break;
+ case 1: /* Partial tag */
+ t_out->maclen = 10;
+ t_in->maclen = 10;
+ break;
+ default:
+ return( 1 );
+ }
+ break;
+ default:
+ return( 1 );
+ break;
+ }
+
+ /* Setup IV's */
+
+ memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) );
+ memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) );
+ memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) );
+ memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) );
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* Add CID */
+ memcpy( &t_in->in_cid, cid0, cid0_len );
+ memcpy( &t_in->out_cid, cid1, cid1_len );
+ t_in->in_cid_len = cid0_len;
+ t_in->out_cid_len = cid1_len;
+ memcpy( &t_out->in_cid, cid1, cid1_len );
+ memcpy( &t_out->out_cid, cid0, cid0_len );
+ t_out->in_cid_len = cid1_len;
+ t_out->out_cid_len = cid0_len;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+cleanup:
+
+ mbedtls_free( key0 );
+ mbedtls_free( key1 );
+
+ return( ret );
+}
+
+/*
+ * Populate a session structure for serialization tests.
+ * Choose dummy values, mostly non-0 to distinguish from the init default.
+ */
+static int ssl_populate_session( mbedtls_ssl_session *session,
+ int ticket_len,
+ const char *crt_file )
+{
+#if defined(MBEDTLS_HAVE_TIME)
+ session->start = mbedtls_time( NULL ) - 42;
+#endif
+ session->ciphersuite = 0xabcd;
+ session->compression = 1;
+ session->id_len = sizeof( session->id );
+ memset( session->id, 66, session->id_len );
+ memset( session->master, 17, sizeof( session->master ) );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_FS_IO)
+ if( strlen( crt_file ) != 0 )
+ {
+ int ret;
+
+ session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) );
+ if( session->peer_cert == NULL )
+ return( -1 );
+
+ ret = mbedtls_x509_crt_parse_file( session->peer_cert, crt_file );
+ if( ret != 0 )
+ return( ret );
+ }
+#else
+ (void) crt_file;
+#endif
+ session->verify_result = 0xdeadbeef;
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+ if( ticket_len != 0 )
+ {
+ session->ticket = mbedtls_calloc( 1, ticket_len );
+ if( session->ticket == NULL )
+ return( -1 );
+ memset( session->ticket, 33, ticket_len );
+ }
+ session->ticket_len = ticket_len;
+ session->ticket_lifetime = 86401;
+#else
+ (void) ticket_len;
+#endif
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ session->mfl_code = 1;
+#endif
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+ session->trunc_hmac = 1;
+#endif
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ session->encrypt_then_mac = 1;
+#endif
+
+ return( 0 );
+}
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -52,3 +379,538 @@
mbedtls_ssl_free( &ssl );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void ssl_crypt_record( int cipher_type, int hash_id,
+ int etm, int tag_mode, int ver,
+ int cid0_len, int cid1_len )
+{
+ /*
+ * Test several record encryptions and decryptions
+ * with plenty of space before and after the data
+ * within the record buffer.
+ */
+
+ int ret;
+ int num_records = 16;
+ mbedtls_ssl_context ssl; /* ONLY for debugging */
+
+ mbedtls_ssl_transform t0, t1;
+ unsigned char *buf = NULL;
+ size_t const buflen = 512;
+ mbedtls_record rec, rec_backup;
+
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_transform_init( &t0 );
+ mbedtls_ssl_transform_init( &t1 );
+ TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
+ etm, tag_mode, ver,
+ (size_t) cid0_len,
+ (size_t) cid1_len ) == 0 );
+
+ TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
+
+ while( num_records-- > 0 )
+ {
+ mbedtls_ssl_transform *t_dec, *t_enc;
+ /* Take turns in who's sending and who's receiving. */
+ if( num_records % 3 == 0 )
+ {
+ t_dec = &t0;
+ t_enc = &t1;
+ }
+ else
+ {
+ t_dec = &t1;
+ t_enc = &t0;
+ }
+
+ /*
+ * The record header affects the transformation in two ways:
+ * 1) It determines the AEAD additional data
+ * 2) The record counter sometimes determines the IV.
+ *
+ * Apart from that, the fields don't have influence.
+ * In particular, it is currently not the responsibility
+ * of ssl_encrypt/decrypt_buf to check if the transform
+ * version matches the record version, or that the
+ * type is sensible.
+ */
+
+ memset( rec.ctr, num_records, sizeof( rec.ctr ) );
+ rec.type = 42;
+ rec.ver[0] = num_records;
+ rec.ver[1] = num_records;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ rec.cid_len = 0;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ rec.buf = buf;
+ rec.buf_len = buflen;
+ rec.data_offset = 16;
+ /* Make sure to vary the length to exercise different
+ * paddings. */
+ rec.data_len = 1 + num_records;
+
+ memset( rec.buf + rec.data_offset, 42, rec.data_len );
+
+ /* Make a copy for later comparison */
+ rec_backup = rec;
+
+ /* Encrypt record */
+ ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
+ rnd_std_rand, NULL );
+ TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ if( ret != 0 )
+ {
+ continue;
+ }
+
+ /* Decrypt record with t_dec */
+ ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
+ TEST_ASSERT( ret == 0 );
+
+ /* Compare results */
+ TEST_ASSERT( rec.type == rec_backup.type );
+ TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
+ TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
+ TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
+ TEST_ASSERT( rec.data_len == rec_backup.data_len );
+ TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
+ TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
+ rec_backup.buf + rec_backup.data_offset,
+ rec.data_len ) == 0 );
+ }
+
+exit:
+
+ /* Cleanup */
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_transform_free( &t0 );
+ mbedtls_ssl_transform_free( &t1 );
+
+ mbedtls_free( buf );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ssl_crypt_record_small( int cipher_type, int hash_id,
+ int etm, int tag_mode, int ver,
+ int cid0_len, int cid1_len )
+{
+ /*
+ * Test pairs of encryption and decryption with an increasing
+ * amount of space in the record buffer - in more detail:
+ * 1) Try to encrypt with 0, 1, 2, ... bytes available
+ * in front of the plaintext, and expect the encryption
+ * to succeed starting from some offset. Always keep
+ * enough space in the end of the buffer.
+ * 2) Try to encrypt with 0, 1, 2, ... bytes available
+ * at the end of the plaintext, and expect the encryption
+ * to succeed starting from some offset. Always keep
+ * enough space at the beginning of the buffer.
+ * 3) Try to encrypt with 0, 1, 2, ... bytes available
+ * both at the front and end of the plaintext,
+ * and expect the encryption to succeed starting from
+ * some offset.
+ *
+ * If encryption succeeds, check that decryption succeeds
+ * and yields the original record.
+ */
+
+ mbedtls_ssl_context ssl; /* ONLY for debugging */
+
+ mbedtls_ssl_transform t0, t1;
+ unsigned char *buf = NULL;
+ size_t const buflen = 256;
+ mbedtls_record rec, rec_backup;
+
+ int ret;
+ int mode; /* Mode 1, 2 or 3 as explained above */
+ size_t offset; /* Available space at beginning/end/both */
+ size_t threshold = 96; /* Maximum offset to test against */
+
+ size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */
+ size_t default_post_padding = 128; /* Post-padding to use in mode 1 */
+
+ int seen_success; /* Indicates if in the current mode we've
+ * already seen a successful test. */
+
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_transform_init( &t0 );
+ mbedtls_ssl_transform_init( &t1 );
+ TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id,
+ etm, tag_mode, ver,
+ (size_t) cid0_len,
+ (size_t) cid1_len ) == 0 );
+
+ TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL );
+
+ for( mode=1; mode <= 3; mode++ )
+ {
+ seen_success = 0;
+ for( offset=0; offset <= threshold; offset++ )
+ {
+ mbedtls_ssl_transform *t_dec, *t_enc;
+ t_dec = &t0;
+ t_enc = &t1;
+
+ memset( rec.ctr, offset, sizeof( rec.ctr ) );
+ rec.type = 42;
+ rec.ver[0] = offset;
+ rec.ver[1] = offset;
+ rec.buf = buf;
+ rec.buf_len = buflen;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ rec.cid_len = 0;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ switch( mode )
+ {
+ case 1: /* Space in the beginning */
+ rec.data_offset = offset;
+ rec.data_len = buflen - offset - default_post_padding;
+ break;
+
+ case 2: /* Space in the end */
+ rec.data_offset = default_pre_padding;
+ rec.data_len = buflen - default_pre_padding - offset;
+ break;
+
+ case 3: /* Space in the beginning and end */
+ rec.data_offset = offset;
+ rec.data_len = buflen - 2 * offset;
+ break;
+
+ default:
+ TEST_ASSERT( 0 );
+ break;
+ }
+
+ memset( rec.buf + rec.data_offset, 42, rec.data_len );
+
+ /* Make a copy for later comparison */
+ rec_backup = rec;
+
+ /* Encrypt record */
+ ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, rnd_std_rand, NULL );
+
+ if( ( mode == 1 || mode == 2 ) && seen_success )
+ {
+ TEST_ASSERT( ret == 0 );
+ }
+ else
+ {
+ TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ if( ret == 0 )
+ seen_success = 1;
+ }
+
+ if( ret != 0 )
+ continue;
+
+ /* Decrypt record with t_dec */
+ TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
+
+ /* Compare results */
+ TEST_ASSERT( rec.type == rec_backup.type );
+ TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 );
+ TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] );
+ TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] );
+ TEST_ASSERT( rec.data_len == rec_backup.data_len );
+ TEST_ASSERT( rec.data_offset == rec_backup.data_offset );
+ TEST_ASSERT( memcmp( rec.buf + rec.data_offset,
+ rec_backup.buf + rec_backup.data_offset,
+ rec.data_len ) == 0 );
+ }
+
+ TEST_ASSERT( seen_success == 1 );
+ }
+
+exit:
+
+ /* Cleanup */
+ mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_transform_free( &t0 );
+ mbedtls_ssl_transform_free( &t1 );
+
+ mbedtls_free( buf );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
+{
+ mbedtls_ssl_session original, restored;
+ unsigned char *buf = NULL;
+ size_t len;
+
+ /*
+ * Test that a save-load pair is the identity
+ */
+
+ mbedtls_ssl_session_init( &original );
+ mbedtls_ssl_session_init( &restored );
+
+ /* Prepare a dummy session to work on */
+ TEST_ASSERT( ssl_populate_session( &original, ticket_len, crt_file ) == 0 );
+
+ /* Serialize it */
+ TEST_ASSERT( mbedtls_ssl_session_save( &original, NULL, 0, &len )
+ == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ TEST_ASSERT( ( buf = mbedtls_calloc( 1, len ) ) != NULL );
+ TEST_ASSERT( mbedtls_ssl_session_save( &original, buf, len, &len )
+ == 0 );
+
+ /* Restore session from serialized data */
+ TEST_ASSERT( mbedtls_ssl_session_load( &restored, buf, len) == 0 );
+
+ /*
+ * Make sure both session structures are identical
+ */
+#if defined(MBEDTLS_HAVE_TIME)
+ TEST_ASSERT( original.start == restored.start );
+#endif
+ TEST_ASSERT( original.ciphersuite == restored.ciphersuite );
+ TEST_ASSERT( original.compression == restored.compression );
+ TEST_ASSERT( original.id_len == restored.id_len );
+ TEST_ASSERT( memcmp( original.id,
+ restored.id, sizeof( original.id ) ) == 0 );
+ TEST_ASSERT( memcmp( original.master,
+ restored.master, sizeof( original.master ) ) == 0 );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ TEST_ASSERT( ( original.peer_cert == NULL ) ==
+ ( restored.peer_cert == NULL ) );
+ if( original.peer_cert != NULL )
+ {
+ TEST_ASSERT( original.peer_cert->raw.len ==
+ restored.peer_cert->raw.len );
+ TEST_ASSERT( memcmp( original.peer_cert->raw.p,
+ restored.peer_cert->raw.p,
+ original.peer_cert->raw.len ) == 0 );
+ }
+#endif
+ TEST_ASSERT( original.verify_result == restored.verify_result );
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+ TEST_ASSERT( original.ticket_len == restored.ticket_len );
+ if( original.ticket_len != 0 )
+ {
+ TEST_ASSERT( original.ticket != NULL );
+ TEST_ASSERT( restored.ticket != NULL );
+ TEST_ASSERT( memcmp( original.ticket,
+ restored.ticket, original.ticket_len ) == 0 );
+ }
+ TEST_ASSERT( original.ticket_lifetime == restored.ticket_lifetime );
+#endif
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ TEST_ASSERT( original.mfl_code == restored.mfl_code );
+#endif
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+ TEST_ASSERT( original.trunc_hmac == restored.trunc_hmac );
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ TEST_ASSERT( original.encrypt_then_mac == restored.encrypt_then_mac );
+#endif
+
+exit:
+ mbedtls_ssl_session_free( &original );
+ mbedtls_ssl_session_free( &restored );
+ mbedtls_free( buf );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ssl_serialize_session_load_save( int ticket_len, char *crt_file )
+{
+ mbedtls_ssl_session session;
+ unsigned char *buf1 = NULL, *buf2 = NULL;
+ size_t len0, len1, len2;
+
+ /*
+ * Test that a load-save pair is the identity
+ */
+
+ mbedtls_ssl_session_init( &session );
+
+ /* Prepare a dummy session to work on */
+ TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
+
+ /* Get desired buffer size for serializing */
+ TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &len0 )
+ == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+ /* Allocate first buffer */
+ buf1 = mbedtls_calloc( 1, len0 );
+ TEST_ASSERT( buf1 != NULL );
+
+ /* Serialize to buffer and free live session */
+ TEST_ASSERT( mbedtls_ssl_session_save( &session, buf1, len0, &len1 )
+ == 0 );
+ TEST_ASSERT( len0 == len1 );
+ mbedtls_ssl_session_free( &session );
+
+ /* Restore session from serialized data */
+ TEST_ASSERT( mbedtls_ssl_session_load( &session, buf1, len1 ) == 0 );
+
+ /* Allocate second buffer and serialize to it */
+ buf2 = mbedtls_calloc( 1, len0 );
+ TEST_ASSERT( buf2 != NULL );
+ TEST_ASSERT( mbedtls_ssl_session_save( &session, buf2, len0, &len2 )
+ == 0 );
+
+ /* Make sure both serialized versions are identical */
+ TEST_ASSERT( len1 == len2 );
+ TEST_ASSERT( memcmp( buf1, buf2, len1 ) == 0 );
+
+exit:
+ mbedtls_ssl_session_free( &session );
+ mbedtls_free( buf1 );
+ mbedtls_free( buf2 );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ssl_serialize_session_save_buf_size( int ticket_len, char *crt_file )
+{
+ mbedtls_ssl_session session;
+ unsigned char *buf = NULL;
+ size_t good_len, bad_len, test_len;
+
+ /*
+ * Test that session_save() fails cleanly on small buffers
+ */
+
+ mbedtls_ssl_session_init( &session );
+
+ /* Prepare dummy session and get serialized size */
+ TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
+ TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
+ == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+ /* Try all possible bad lengths */
+ for( bad_len = 1; bad_len < good_len; bad_len++ )
+ {
+ /* Allocate exact size so that asan/valgrind can detect any overwrite */
+ mbedtls_free( buf );
+ TEST_ASSERT( ( buf = mbedtls_calloc( 1, bad_len ) ) != NULL );
+ TEST_ASSERT( mbedtls_ssl_session_save( &session, buf, bad_len,
+ &test_len )
+ == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ TEST_ASSERT( test_len == good_len );
+ }
+
+exit:
+ mbedtls_ssl_session_free( &session );
+ mbedtls_free( buf );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ssl_serialize_session_load_buf_size( int ticket_len, char *crt_file )
+{
+ mbedtls_ssl_session session;
+ unsigned char *good_buf = NULL, *bad_buf = NULL;
+ size_t good_len, bad_len;
+
+ /*
+ * Test that session_load() fails cleanly on small buffers
+ */
+
+ mbedtls_ssl_session_init( &session );
+
+ /* Prepare serialized session data */
+ TEST_ASSERT( ssl_populate_session( &session, ticket_len, crt_file ) == 0 );
+ TEST_ASSERT( mbedtls_ssl_session_save( &session, NULL, 0, &good_len )
+ == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ TEST_ASSERT( ( good_buf = mbedtls_calloc( 1, good_len ) ) != NULL );
+ TEST_ASSERT( mbedtls_ssl_session_save( &session, good_buf, good_len,
+ &good_len ) == 0 );
+ mbedtls_ssl_session_free( &session );
+
+ /* Try all possible bad lengths */
+ for( bad_len = 0; bad_len < good_len; bad_len++ )
+ {
+ /* Allocate exact size so that asan/valgrind can detect any overread */
+ mbedtls_free( bad_buf );
+ bad_buf = mbedtls_calloc( 1, bad_len ? bad_len : 1 );
+ TEST_ASSERT( bad_buf != NULL );
+ memcpy( bad_buf, good_buf, bad_len );
+
+ TEST_ASSERT( mbedtls_ssl_session_load( &session, bad_buf, bad_len )
+ == MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
+exit:
+ mbedtls_ssl_session_free( &session );
+ mbedtls_free( good_buf );
+ mbedtls_free( bad_buf );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void ssl_session_serialize_version_check( int corrupt_major,
+ int corrupt_minor,
+ int corrupt_patch,
+ int corrupt_config )
+{
+ unsigned char serialized_session[ 2048 ];
+ size_t serialized_session_len;
+ unsigned cur_byte;
+ mbedtls_ssl_session session;
+ uint8_t should_corrupt_byte[] = { corrupt_major == 1,
+ corrupt_minor == 1,
+ corrupt_patch == 1,
+ corrupt_config == 1,
+ corrupt_config == 1 };
+
+ mbedtls_ssl_session_init( &session );
+
+ /* Infer length of serialized session. */
+ TEST_ASSERT( mbedtls_ssl_session_save( &session,
+ serialized_session,
+ sizeof( serialized_session ),
+ &serialized_session_len ) == 0 );
+
+ mbedtls_ssl_session_free( &session );
+
+ /* Without any modification, we should be able to successfully
+ * de-serialize the session - double-check that. */
+ TEST_ASSERT( mbedtls_ssl_session_load( &session,
+ serialized_session,
+ serialized_session_len ) == 0 );
+ mbedtls_ssl_session_free( &session );
+
+ /* Go through the bytes in the serialized session header and
+ * corrupt them bit-by-bit. */
+ for( cur_byte = 0; cur_byte < sizeof( should_corrupt_byte ); cur_byte++ )
+ {
+ int cur_bit;
+ unsigned char * const byte = &serialized_session[ cur_byte ];
+
+ if( should_corrupt_byte[ cur_byte ] == 0 )
+ continue;
+
+ for( cur_bit = 0; cur_bit < CHAR_BIT; cur_bit++ )
+ {
+ unsigned char const corrupted_bit = 0x1u << cur_bit;
+ /* Modify a single bit in the serialized session. */
+ *byte ^= corrupted_bit;
+
+ /* Attempt to deserialize */
+ TEST_ASSERT( mbedtls_ssl_session_load( &session,
+ serialized_session,
+ serialized_session_len ) ==
+ MBEDTLS_ERR_SSL_VERSION_MISMATCH );
+
+ /* Undo the change */
+ *byte ^= corrupted_bit;
+ }
+ }
+
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index e6b1b47..01b18f6 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -516,8 +516,22 @@
mbedtls_x509_crt_init( &crt );
memset( output, 0, 2000 );
+ TEST_ASSERT( mbedtls_x509_crt_parse_der( &crt, buf->x, buf->len ) == ( result ) );
+ if( ( result ) == 0 )
+ {
+ res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
- TEST_ASSERT( mbedtls_x509_crt_parse( &crt, buf->x, buf->len ) == ( result ) );
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+
+ TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
+ }
+
+ mbedtls_x509_crt_free( &crt );
+ mbedtls_x509_crt_init( &crt );
+ memset( output, 0, 2000 );
+
+ TEST_ASSERT( mbedtls_x509_crt_parse_der_nocopy( &crt, buf->x, buf->len ) == ( result ) );
if( ( result ) == 0 )
{
res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
diff --git a/tinycrypt/CMakeLists.txt b/tinycrypt/CMakeLists.txt
new file mode 100644
index 0000000..7674d83
--- /dev/null
+++ b/tinycrypt/CMakeLists.txt
@@ -0,0 +1,7 @@
+set(src_tinycrypt
+ ecc_dh.c
+ ecc_dsa.c
+ ecc.c
+)
+
+add_library(tinycrypt STATIC ${src_tinycrypt})
diff --git a/tinycrypt/ecc.c b/tinycrypt/ecc.c
new file mode 100644
index 0000000..2e694cc
--- /dev/null
+++ b/tinycrypt/ecc.c
@@ -0,0 +1,943 @@
+/* ecc.c - TinyCrypt implementation of common ECC functions */
+
+/*
+ * Copyright (c) 2014, Kenneth MacKay
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if defined(MBEDTLS_USE_TINYCRYPT)
+#include <tinycrypt/ecc.h>
+#include <string.h>
+
+/* IMPORTANT: Make sure a cryptographically-secure PRNG is set and the platform
+ * has access to enough entropy in order to feed the PRNG regularly. */
+#if default_RNG_defined
+static uECC_RNG_Function g_rng_function = &default_CSPRNG;
+#else
+static uECC_RNG_Function g_rng_function = 0;
+#endif
+
+void uECC_set_rng(uECC_RNG_Function rng_function)
+{
+ g_rng_function = rng_function;
+}
+
+uECC_RNG_Function uECC_get_rng(void)
+{
+ return g_rng_function;
+}
+
+int uECC_curve_private_key_size(uECC_Curve curve)
+{
+ return BITS_TO_BYTES(curve->num_n_bits);
+}
+
+int uECC_curve_public_key_size(uECC_Curve curve)
+{
+ return 2 * curve->num_bytes;
+}
+
+void uECC_vli_clear(uECC_word_t *vli, wordcount_t num_words)
+{
+ wordcount_t i;
+ for (i = 0; i < num_words; ++i) {
+ vli[i] = 0;
+ }
+}
+
+uECC_word_t uECC_vli_isZero(const uECC_word_t *vli, wordcount_t num_words)
+{
+ uECC_word_t bits = 0;
+ wordcount_t i;
+ for (i = 0; i < num_words; ++i) {
+ bits |= vli[i];
+ }
+ return (bits == 0);
+}
+
+uECC_word_t uECC_vli_testBit(const uECC_word_t *vli, bitcount_t bit)
+{
+ return (vli[bit >> uECC_WORD_BITS_SHIFT] &
+ ((uECC_word_t)1 << (bit & uECC_WORD_BITS_MASK)));
+}
+
+/* Counts the number of words in vli. */
+static wordcount_t vli_numDigits(const uECC_word_t *vli,
+ const wordcount_t max_words)
+{
+
+ wordcount_t i;
+ /* Search from the end until we find a non-zero digit. We do it in reverse
+ * because we expect that most digits will be nonzero. */
+ for (i = max_words - 1; i >= 0 && vli[i] == 0; --i) {
+ }
+
+ return (i + 1);
+}
+
+bitcount_t uECC_vli_numBits(const uECC_word_t *vli,
+ const wordcount_t max_words)
+{
+
+ uECC_word_t i;
+ uECC_word_t digit;
+
+ wordcount_t num_digits = vli_numDigits(vli, max_words);
+ if (num_digits == 0) {
+ return 0;
+ }
+
+ digit = vli[num_digits - 1];
+ for (i = 0; digit; ++i) {
+ digit >>= 1;
+ }
+
+ return (((bitcount_t)(num_digits - 1) << uECC_WORD_BITS_SHIFT) + i);
+}
+
+void uECC_vli_set(uECC_word_t *dest, const uECC_word_t *src,
+ wordcount_t num_words)
+{
+ wordcount_t i;
+
+ for (i = 0; i < num_words; ++i) {
+ dest[i] = src[i];
+ }
+}
+
+cmpresult_t uECC_vli_cmp_unsafe(const uECC_word_t *left,
+ const uECC_word_t *right,
+ wordcount_t num_words)
+{
+ wordcount_t i;
+
+ for (i = num_words - 1; i >= 0; --i) {
+ if (left[i] > right[i]) {
+ return 1;
+ } else if (left[i] < right[i]) {
+ return -1;
+ }
+ }
+ return 0;
+}
+
+uECC_word_t uECC_vli_equal(const uECC_word_t *left, const uECC_word_t *right,
+ wordcount_t num_words)
+{
+
+ uECC_word_t diff = 0;
+ wordcount_t i;
+
+ for (i = num_words - 1; i >= 0; --i) {
+ diff |= (left[i] ^ right[i]);
+ }
+ return !(diff == 0);
+}
+
+uECC_word_t cond_set(uECC_word_t p_true, uECC_word_t p_false, unsigned int cond)
+{
+ return (p_true*(cond)) | (p_false*(!cond));
+}
+
+/* Computes result = left - right, returning borrow, in constant time.
+ * Can modify in place. */
+uECC_word_t uECC_vli_sub(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, wordcount_t num_words)
+{
+ uECC_word_t borrow = 0;
+ wordcount_t i;
+ for (i = 0; i < num_words; ++i) {
+ uECC_word_t diff = left[i] - right[i] - borrow;
+ uECC_word_t val = (diff > left[i]);
+ borrow = cond_set(val, borrow, (diff != left[i]));
+
+ result[i] = diff;
+ }
+ return borrow;
+}
+
+/* Computes result = left + right, returning carry, in constant time.
+ * Can modify in place. */
+static uECC_word_t uECC_vli_add(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, wordcount_t num_words)
+{
+ uECC_word_t carry = 0;
+ wordcount_t i;
+ for (i = 0; i < num_words; ++i) {
+ uECC_word_t sum = left[i] + right[i] + carry;
+ uECC_word_t val = (sum < left[i]);
+ carry = cond_set(val, carry, (sum != left[i]));
+ result[i] = sum;
+ }
+ return carry;
+}
+
+cmpresult_t uECC_vli_cmp(const uECC_word_t *left, const uECC_word_t *right,
+ wordcount_t num_words)
+{
+ uECC_word_t tmp[NUM_ECC_WORDS];
+ uECC_word_t neg = !!uECC_vli_sub(tmp, left, right, num_words);
+ uECC_word_t equal = uECC_vli_isZero(tmp, num_words);
+ return (!equal - 2 * neg);
+}
+
+/* Computes vli = vli >> 1. */
+static void uECC_vli_rshift1(uECC_word_t *vli, wordcount_t num_words)
+{
+ uECC_word_t *end = vli;
+ uECC_word_t carry = 0;
+
+ vli += num_words;
+ while (vli-- > end) {
+ uECC_word_t temp = *vli;
+ *vli = (temp >> 1) | carry;
+ carry = temp << (uECC_WORD_BITS - 1);
+ }
+}
+
+static void muladd(uECC_word_t a, uECC_word_t b, uECC_word_t *r0,
+ uECC_word_t *r1, uECC_word_t *r2)
+{
+
+ uECC_dword_t p = (uECC_dword_t)a * b;
+ uECC_dword_t r01 = ((uECC_dword_t)(*r1) << uECC_WORD_BITS) | *r0;
+ r01 += p;
+ *r2 += (r01 < p);
+ *r1 = r01 >> uECC_WORD_BITS;
+ *r0 = (uECC_word_t)r01;
+
+}
+
+/* Computes result = left * right. Result must be 2 * num_words long. */
+static void uECC_vli_mult(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, wordcount_t num_words)
+{
+
+ uECC_word_t r0 = 0;
+ uECC_word_t r1 = 0;
+ uECC_word_t r2 = 0;
+ wordcount_t i, k;
+
+ /* Compute each digit of result in sequence, maintaining the carries. */
+ for (k = 0; k < num_words; ++k) {
+
+ for (i = 0; i <= k; ++i) {
+ muladd(left[i], right[k - i], &r0, &r1, &r2);
+ }
+
+ result[k] = r0;
+ r0 = r1;
+ r1 = r2;
+ r2 = 0;
+ }
+
+ for (k = num_words; k < num_words * 2 - 1; ++k) {
+
+ for (i = (k + 1) - num_words; i < num_words; ++i) {
+ muladd(left[i], right[k - i], &r0, &r1, &r2);
+ }
+ result[k] = r0;
+ r0 = r1;
+ r1 = r2;
+ r2 = 0;
+ }
+ result[num_words * 2 - 1] = r0;
+}
+
+void uECC_vli_modAdd(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, const uECC_word_t *mod,
+ wordcount_t num_words)
+{
+ uECC_word_t carry = uECC_vli_add(result, left, right, num_words);
+ if (carry || uECC_vli_cmp_unsafe(mod, result, num_words) != 1) {
+ /* result > mod (result = mod + remainder), so subtract mod to get
+ * remainder. */
+ uECC_vli_sub(result, result, mod, num_words);
+ }
+}
+
+void uECC_vli_modSub(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, const uECC_word_t *mod,
+ wordcount_t num_words)
+{
+ uECC_word_t l_borrow = uECC_vli_sub(result, left, right, num_words);
+ if (l_borrow) {
+ /* In this case, result == -diff == (max int) - diff. Since -x % d == d - x,
+ * we can get the correct result from result + mod (with overflow). */
+ uECC_vli_add(result, result, mod, num_words);
+ }
+}
+
+/* Computes result = product % mod, where product is 2N words long. */
+/* Currently only designed to work for curve_p or curve_n. */
+void uECC_vli_mmod(uECC_word_t *result, uECC_word_t *product,
+ const uECC_word_t *mod, wordcount_t num_words)
+{
+ uECC_word_t mod_multiple[2 * NUM_ECC_WORDS];
+ uECC_word_t tmp[2 * NUM_ECC_WORDS];
+ uECC_word_t *v[2] = {tmp, product};
+ uECC_word_t index;
+
+ /* Shift mod so its highest set bit is at the maximum position. */
+ bitcount_t shift = (num_words * 2 * uECC_WORD_BITS) -
+ uECC_vli_numBits(mod, num_words);
+ wordcount_t word_shift = shift / uECC_WORD_BITS;
+ wordcount_t bit_shift = shift % uECC_WORD_BITS;
+ uECC_word_t carry = 0;
+ uECC_vli_clear(mod_multiple, word_shift);
+ if (bit_shift > 0) {
+ for(index = 0; index < (uECC_word_t)num_words; ++index) {
+ mod_multiple[word_shift + index] = (mod[index] << bit_shift) | carry;
+ carry = mod[index] >> (uECC_WORD_BITS - bit_shift);
+ }
+ } else {
+ uECC_vli_set(mod_multiple + word_shift, mod, num_words);
+ }
+
+ for (index = 1; shift >= 0; --shift) {
+ uECC_word_t borrow = 0;
+ wordcount_t i;
+ for (i = 0; i < num_words * 2; ++i) {
+ uECC_word_t diff = v[index][i] - mod_multiple[i] - borrow;
+ if (diff != v[index][i]) {
+ borrow = (diff > v[index][i]);
+ }
+ v[1 - index][i] = diff;
+ }
+ /* Swap the index if there was no borrow */
+ index = !(index ^ borrow);
+ uECC_vli_rshift1(mod_multiple, num_words);
+ mod_multiple[num_words - 1] |= mod_multiple[num_words] <<
+ (uECC_WORD_BITS - 1);
+ uECC_vli_rshift1(mod_multiple + num_words, num_words);
+ }
+ uECC_vli_set(result, v[index], num_words);
+}
+
+void uECC_vli_modMult(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, const uECC_word_t *mod,
+ wordcount_t num_words)
+{
+ uECC_word_t product[2 * NUM_ECC_WORDS];
+ uECC_vli_mult(product, left, right, num_words);
+ uECC_vli_mmod(result, product, mod, num_words);
+}
+
+void uECC_vli_modMult_fast(uECC_word_t *result, const uECC_word_t *left,
+ const uECC_word_t *right, uECC_Curve curve)
+{
+ uECC_word_t product[2 * NUM_ECC_WORDS];
+ uECC_vli_mult(product, left, right, curve->num_words);
+
+ curve->mmod_fast(result, product);
+}
+
+static void uECC_vli_modSquare_fast(uECC_word_t *result,
+ const uECC_word_t *left,
+ uECC_Curve curve)
+{
+ uECC_vli_modMult_fast(result, left, left, curve);
+}
+
+
+#define EVEN(vli) (!(vli[0] & 1))
+
+static void vli_modInv_update(uECC_word_t *uv,
+ const uECC_word_t *mod,
+ wordcount_t num_words)
+{
+
+ uECC_word_t carry = 0;
+
+ if (!EVEN(uv)) {
+ carry = uECC_vli_add(uv, uv, mod, num_words);
+ }
+ uECC_vli_rshift1(uv, num_words);
+ if (carry) {
+ uv[num_words - 1] |= HIGH_BIT_SET;
+ }
+}
+
+void uECC_vli_modInv(uECC_word_t *result, const uECC_word_t *input,
+ const uECC_word_t *mod, wordcount_t num_words)
+{
+ uECC_word_t a[NUM_ECC_WORDS], b[NUM_ECC_WORDS];
+ uECC_word_t u[NUM_ECC_WORDS], v[NUM_ECC_WORDS];
+ cmpresult_t cmpResult;
+
+ if (uECC_vli_isZero(input, num_words)) {
+ uECC_vli_clear(result, num_words);
+ return;
+ }
+
+ uECC_vli_set(a, input, num_words);
+ uECC_vli_set(b, mod, num_words);
+ uECC_vli_clear(u, num_words);
+ u[0] = 1;
+ uECC_vli_clear(v, num_words);
+ while ((cmpResult = uECC_vli_cmp_unsafe(a, b, num_words)) != 0) {
+ if (EVEN(a)) {
+ uECC_vli_rshift1(a, num_words);
+ vli_modInv_update(u, mod, num_words);
+ } else if (EVEN(b)) {
+ uECC_vli_rshift1(b, num_words);
+ vli_modInv_update(v, mod, num_words);
+ } else if (cmpResult > 0) {
+ uECC_vli_sub(a, a, b, num_words);
+ uECC_vli_rshift1(a, num_words);
+ if (uECC_vli_cmp_unsafe(u, v, num_words) < 0) {
+ uECC_vli_add(u, u, mod, num_words);
+ }
+ uECC_vli_sub(u, u, v, num_words);
+ vli_modInv_update(u, mod, num_words);
+ } else {
+ uECC_vli_sub(b, b, a, num_words);
+ uECC_vli_rshift1(b, num_words);
+ if (uECC_vli_cmp_unsafe(v, u, num_words) < 0) {
+ uECC_vli_add(v, v, mod, num_words);
+ }
+ uECC_vli_sub(v, v, u, num_words);
+ vli_modInv_update(v, mod, num_words);
+ }
+ }
+ uECC_vli_set(result, u, num_words);
+}
+
+/* ------ Point operations ------ */
+
+void double_jacobian_default(uECC_word_t * X1, uECC_word_t * Y1,
+ uECC_word_t * Z1, uECC_Curve curve)
+{
+ /* t1 = X, t2 = Y, t3 = Z */
+ uECC_word_t t4[NUM_ECC_WORDS];
+ uECC_word_t t5[NUM_ECC_WORDS];
+ wordcount_t num_words = curve->num_words;
+
+ if (uECC_vli_isZero(Z1, num_words)) {
+ return;
+ }
+
+ uECC_vli_modSquare_fast(t4, Y1, curve); /* t4 = y1^2 */
+ uECC_vli_modMult_fast(t5, X1, t4, curve); /* t5 = x1*y1^2 = A */
+ uECC_vli_modSquare_fast(t4, t4, curve); /* t4 = y1^4 */
+ uECC_vli_modMult_fast(Y1, Y1, Z1, curve); /* t2 = y1*z1 = z3 */
+ uECC_vli_modSquare_fast(Z1, Z1, curve); /* t3 = z1^2 */
+
+ uECC_vli_modAdd(X1, X1, Z1, curve->p, num_words); /* t1 = x1 + z1^2 */
+ uECC_vli_modAdd(Z1, Z1, Z1, curve->p, num_words); /* t3 = 2*z1^2 */
+ uECC_vli_modSub(Z1, X1, Z1, curve->p, num_words); /* t3 = x1 - z1^2 */
+ uECC_vli_modMult_fast(X1, X1, Z1, curve); /* t1 = x1^2 - z1^4 */
+
+ uECC_vli_modAdd(Z1, X1, X1, curve->p, num_words); /* t3 = 2*(x1^2 - z1^4) */
+ uECC_vli_modAdd(X1, X1, Z1, curve->p, num_words); /* t1 = 3*(x1^2 - z1^4) */
+ if (uECC_vli_testBit(X1, 0)) {
+ uECC_word_t l_carry = uECC_vli_add(X1, X1, curve->p, num_words);
+ uECC_vli_rshift1(X1, num_words);
+ X1[num_words - 1] |= l_carry << (uECC_WORD_BITS - 1);
+ } else {
+ uECC_vli_rshift1(X1, num_words);
+ }
+
+ /* t1 = 3/2*(x1^2 - z1^4) = B */
+ uECC_vli_modSquare_fast(Z1, X1, curve); /* t3 = B^2 */
+ uECC_vli_modSub(Z1, Z1, t5, curve->p, num_words); /* t3 = B^2 - A */
+ uECC_vli_modSub(Z1, Z1, t5, curve->p, num_words); /* t3 = B^2 - 2A = x3 */
+ uECC_vli_modSub(t5, t5, Z1, curve->p, num_words); /* t5 = A - x3 */
+ uECC_vli_modMult_fast(X1, X1, t5, curve); /* t1 = B * (A - x3) */
+ /* t4 = B * (A - x3) - y1^4 = y3: */
+ uECC_vli_modSub(t4, X1, t4, curve->p, num_words);
+
+ uECC_vli_set(X1, Z1, num_words);
+ uECC_vli_set(Z1, Y1, num_words);
+ uECC_vli_set(Y1, t4, num_words);
+}
+
+void x_side_default(uECC_word_t *result,
+ const uECC_word_t *x,
+ uECC_Curve curve)
+{
+ uECC_word_t _3[NUM_ECC_WORDS] = {3}; /* -a = 3 */
+ wordcount_t num_words = curve->num_words;
+
+ uECC_vli_modSquare_fast(result, x, curve); /* r = x^2 */
+ uECC_vli_modSub(result, result, _3, curve->p, num_words); /* r = x^2 - 3 */
+ uECC_vli_modMult_fast(result, result, x, curve); /* r = x^3 - 3x */
+ /* r = x^3 - 3x + b: */
+ uECC_vli_modAdd(result, result, curve->b, curve->p, num_words);
+}
+
+uECC_Curve uECC_secp256r1(void)
+{
+ return &curve_secp256r1;
+}
+
+void vli_mmod_fast_secp256r1(unsigned int *result, unsigned int*product)
+{
+ unsigned int tmp[NUM_ECC_WORDS];
+ int carry;
+
+ /* t */
+ uECC_vli_set(result, product, NUM_ECC_WORDS);
+
+ /* s1 */
+ tmp[0] = tmp[1] = tmp[2] = 0;
+ tmp[3] = product[11];
+ tmp[4] = product[12];
+ tmp[5] = product[13];
+ tmp[6] = product[14];
+ tmp[7] = product[15];
+ carry = uECC_vli_add(tmp, tmp, tmp, NUM_ECC_WORDS);
+ carry += uECC_vli_add(result, result, tmp, NUM_ECC_WORDS);
+
+ /* s2 */
+ tmp[3] = product[12];
+ tmp[4] = product[13];
+ tmp[5] = product[14];
+ tmp[6] = product[15];
+ tmp[7] = 0;
+ carry += uECC_vli_add(tmp, tmp, tmp, NUM_ECC_WORDS);
+ carry += uECC_vli_add(result, result, tmp, NUM_ECC_WORDS);
+
+ /* s3 */
+ tmp[0] = product[8];
+ tmp[1] = product[9];
+ tmp[2] = product[10];
+ tmp[3] = tmp[4] = tmp[5] = 0;
+ tmp[6] = product[14];
+ tmp[7] = product[15];
+ carry += uECC_vli_add(result, result, tmp, NUM_ECC_WORDS);
+
+ /* s4 */
+ tmp[0] = product[9];
+ tmp[1] = product[10];
+ tmp[2] = product[11];
+ tmp[3] = product[13];
+ tmp[4] = product[14];
+ tmp[5] = product[15];
+ tmp[6] = product[13];
+ tmp[7] = product[8];
+ carry += uECC_vli_add(result, result, tmp, NUM_ECC_WORDS);
+
+ /* d1 */
+ tmp[0] = product[11];
+ tmp[1] = product[12];
+ tmp[2] = product[13];
+ tmp[3] = tmp[4] = tmp[5] = 0;
+ tmp[6] = product[8];
+ tmp[7] = product[10];
+ carry -= uECC_vli_sub(result, result, tmp, NUM_ECC_WORDS);
+
+ /* d2 */
+ tmp[0] = product[12];
+ tmp[1] = product[13];
+ tmp[2] = product[14];
+ tmp[3] = product[15];
+ tmp[4] = tmp[5] = 0;
+ tmp[6] = product[9];
+ tmp[7] = product[11];
+ carry -= uECC_vli_sub(result, result, tmp, NUM_ECC_WORDS);
+
+ /* d3 */
+ tmp[0] = product[13];
+ tmp[1] = product[14];
+ tmp[2] = product[15];
+ tmp[3] = product[8];
+ tmp[4] = product[9];
+ tmp[5] = product[10];
+ tmp[6] = 0;
+ tmp[7] = product[12];
+ carry -= uECC_vli_sub(result, result, tmp, NUM_ECC_WORDS);
+
+ /* d4 */
+ tmp[0] = product[14];
+ tmp[1] = product[15];
+ tmp[2] = 0;
+ tmp[3] = product[9];
+ tmp[4] = product[10];
+ tmp[5] = product[11];
+ tmp[6] = 0;
+ tmp[7] = product[13];
+ carry -= uECC_vli_sub(result, result, tmp, NUM_ECC_WORDS);
+
+ if (carry < 0) {
+ do {
+ carry += uECC_vli_add(result, result, curve_secp256r1.p, NUM_ECC_WORDS);
+ }
+ while (carry < 0);
+ } else {
+ while (carry ||
+ uECC_vli_cmp_unsafe(curve_secp256r1.p, result, NUM_ECC_WORDS) != 1) {
+ carry -= uECC_vli_sub(result, result, curve_secp256r1.p, NUM_ECC_WORDS);
+ }
+ }
+}
+
+uECC_word_t EccPoint_isZero(const uECC_word_t *point, uECC_Curve curve)
+{
+ return uECC_vli_isZero(point, curve->num_words * 2);
+}
+
+void apply_z(uECC_word_t * X1, uECC_word_t * Y1, const uECC_word_t * const Z,
+ uECC_Curve curve)
+{
+ uECC_word_t t1[NUM_ECC_WORDS];
+
+ uECC_vli_modSquare_fast(t1, Z, curve); /* z^2 */
+ uECC_vli_modMult_fast(X1, X1, t1, curve); /* x1 * z^2 */
+ uECC_vli_modMult_fast(t1, t1, Z, curve); /* z^3 */
+ uECC_vli_modMult_fast(Y1, Y1, t1, curve); /* y1 * z^3 */
+}
+
+/* P = (x1, y1) => 2P, (x2, y2) => P' */
+static void XYcZ_initial_double(uECC_word_t * X1, uECC_word_t * Y1,
+ uECC_word_t * X2, uECC_word_t * Y2,
+ const uECC_word_t * const initial_Z,
+ uECC_Curve curve)
+{
+ uECC_word_t z[NUM_ECC_WORDS];
+ wordcount_t num_words = curve->num_words;
+ if (initial_Z) {
+ uECC_vli_set(z, initial_Z, num_words);
+ } else {
+ uECC_vli_clear(z, num_words);
+ z[0] = 1;
+ }
+
+ uECC_vli_set(X2, X1, num_words);
+ uECC_vli_set(Y2, Y1, num_words);
+
+ apply_z(X1, Y1, z, curve);
+ curve->double_jacobian(X1, Y1, z, curve);
+ apply_z(X2, Y2, z, curve);
+}
+
+void XYcZ_add(uECC_word_t * X1, uECC_word_t * Y1,
+ uECC_word_t * X2, uECC_word_t * Y2,
+ uECC_Curve curve)
+{
+ /* t1 = X1, t2 = Y1, t3 = X2, t4 = Y2 */
+ uECC_word_t t5[NUM_ECC_WORDS];
+ wordcount_t num_words = curve->num_words;
+
+ uECC_vli_modSub(t5, X2, X1, curve->p, num_words); /* t5 = x2 - x1 */
+ uECC_vli_modSquare_fast(t5, t5, curve); /* t5 = (x2 - x1)^2 = A */
+ uECC_vli_modMult_fast(X1, X1, t5, curve); /* t1 = x1*A = B */
+ uECC_vli_modMult_fast(X2, X2, t5, curve); /* t3 = x2*A = C */
+ uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words); /* t4 = y2 - y1 */
+ uECC_vli_modSquare_fast(t5, Y2, curve); /* t5 = (y2 - y1)^2 = D */
+
+ uECC_vli_modSub(t5, t5, X1, curve->p, num_words); /* t5 = D - B */
+ uECC_vli_modSub(t5, t5, X2, curve->p, num_words); /* t5 = D - B - C = x3 */
+ uECC_vli_modSub(X2, X2, X1, curve->p, num_words); /* t3 = C - B */
+ uECC_vli_modMult_fast(Y1, Y1, X2, curve); /* t2 = y1*(C - B) */
+ uECC_vli_modSub(X2, X1, t5, curve->p, num_words); /* t3 = B - x3 */
+ uECC_vli_modMult_fast(Y2, Y2, X2, curve); /* t4 = (y2 - y1)*(B - x3) */
+ uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words); /* t4 = y3 */
+
+ uECC_vli_set(X2, t5, num_words);
+}
+
+/* Input P = (x1, y1, Z), Q = (x2, y2, Z)
+ Output P + Q = (x3, y3, Z3), P - Q = (x3', y3', Z3)
+ or P => P - Q, Q => P + Q
+ */
+static void XYcZ_addC(uECC_word_t * X1, uECC_word_t * Y1,
+ uECC_word_t * X2, uECC_word_t * Y2,
+ uECC_Curve curve)
+{
+ /* t1 = X1, t2 = Y1, t3 = X2, t4 = Y2 */
+ uECC_word_t t5[NUM_ECC_WORDS];
+ uECC_word_t t6[NUM_ECC_WORDS];
+ uECC_word_t t7[NUM_ECC_WORDS];
+ wordcount_t num_words = curve->num_words;
+
+ uECC_vli_modSub(t5, X2, X1, curve->p, num_words); /* t5 = x2 - x1 */
+ uECC_vli_modSquare_fast(t5, t5, curve); /* t5 = (x2 - x1)^2 = A */
+ uECC_vli_modMult_fast(X1, X1, t5, curve); /* t1 = x1*A = B */
+ uECC_vli_modMult_fast(X2, X2, t5, curve); /* t3 = x2*A = C */
+ uECC_vli_modAdd(t5, Y2, Y1, curve->p, num_words); /* t5 = y2 + y1 */
+ uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words); /* t4 = y2 - y1 */
+
+ uECC_vli_modSub(t6, X2, X1, curve->p, num_words); /* t6 = C - B */
+ uECC_vli_modMult_fast(Y1, Y1, t6, curve); /* t2 = y1 * (C - B) = E */
+ uECC_vli_modAdd(t6, X1, X2, curve->p, num_words); /* t6 = B + C */
+ uECC_vli_modSquare_fast(X2, Y2, curve); /* t3 = (y2 - y1)^2 = D */
+ uECC_vli_modSub(X2, X2, t6, curve->p, num_words); /* t3 = D - (B + C) = x3 */
+
+ uECC_vli_modSub(t7, X1, X2, curve->p, num_words); /* t7 = B - x3 */
+ uECC_vli_modMult_fast(Y2, Y2, t7, curve); /* t4 = (y2 - y1)*(B - x3) */
+ /* t4 = (y2 - y1)*(B - x3) - E = y3: */
+ uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words);
+
+ uECC_vli_modSquare_fast(t7, t5, curve); /* t7 = (y2 + y1)^2 = F */
+ uECC_vli_modSub(t7, t7, t6, curve->p, num_words); /* t7 = F - (B + C) = x3' */
+ uECC_vli_modSub(t6, t7, X1, curve->p, num_words); /* t6 = x3' - B */
+ uECC_vli_modMult_fast(t6, t6, t5, curve); /* t6 = (y2+y1)*(x3' - B) */
+ /* t2 = (y2+y1)*(x3' - B) - E = y3': */
+ uECC_vli_modSub(Y1, t6, Y1, curve->p, num_words);
+
+ uECC_vli_set(X1, t7, num_words);
+}
+
+void EccPoint_mult(uECC_word_t * result, const uECC_word_t * point,
+ const uECC_word_t * scalar,
+ const uECC_word_t * initial_Z,
+ bitcount_t num_bits, uECC_Curve curve)
+{
+ /* R0 and R1 */
+ uECC_word_t Rx[2][NUM_ECC_WORDS];
+ uECC_word_t Ry[2][NUM_ECC_WORDS];
+ uECC_word_t z[NUM_ECC_WORDS];
+ bitcount_t i;
+ uECC_word_t nb;
+ wordcount_t num_words = curve->num_words;
+
+ uECC_vli_set(Rx[1], point, num_words);
+ uECC_vli_set(Ry[1], point + num_words, num_words);
+
+ XYcZ_initial_double(Rx[1], Ry[1], Rx[0], Ry[0], initial_Z, curve);
+
+ for (i = num_bits - 2; i > 0; --i) {
+ nb = !uECC_vli_testBit(scalar, i);
+ XYcZ_addC(Rx[1 - nb], Ry[1 - nb], Rx[nb], Ry[nb], curve);
+ XYcZ_add(Rx[nb], Ry[nb], Rx[1 - nb], Ry[1 - nb], curve);
+ }
+
+ nb = !uECC_vli_testBit(scalar, 0);
+ XYcZ_addC(Rx[1 - nb], Ry[1 - nb], Rx[nb], Ry[nb], curve);
+
+ /* Find final 1/Z value. */
+ uECC_vli_modSub(z, Rx[1], Rx[0], curve->p, num_words); /* X1 - X0 */
+ uECC_vli_modMult_fast(z, z, Ry[1 - nb], curve); /* Yb * (X1 - X0) */
+ uECC_vli_modMult_fast(z, z, point, curve); /* xP * Yb * (X1 - X0) */
+ uECC_vli_modInv(z, z, curve->p, num_words); /* 1 / (xP * Yb * (X1 - X0))*/
+ /* yP / (xP * Yb * (X1 - X0)) */
+ uECC_vli_modMult_fast(z, z, point + num_words, curve);
+ /* Xb * yP / (xP * Yb * (X1 - X0)) */
+ uECC_vli_modMult_fast(z, z, Rx[1 - nb], curve);
+ /* End 1/Z calculation */
+
+ XYcZ_add(Rx[nb], Ry[nb], Rx[1 - nb], Ry[1 - nb], curve);
+ apply_z(Rx[0], Ry[0], z, curve);
+
+ uECC_vli_set(result, Rx[0], num_words);
+ uECC_vli_set(result + num_words, Ry[0], num_words);
+}
+
+uECC_word_t regularize_k(const uECC_word_t * const k, uECC_word_t *k0,
+ uECC_word_t *k1, uECC_Curve curve)
+{
+
+ wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits);
+
+ bitcount_t num_n_bits = curve->num_n_bits;
+
+ uECC_word_t carry = uECC_vli_add(k0, k, curve->n, num_n_words) ||
+ (num_n_bits < ((bitcount_t)num_n_words * uECC_WORD_SIZE * 8) &&
+ uECC_vli_testBit(k0, num_n_bits));
+
+ uECC_vli_add(k1, k0, curve->n, num_n_words);
+
+ return carry;
+}
+
+uECC_word_t EccPoint_compute_public_key(uECC_word_t *result,
+ uECC_word_t *private_key,
+ uECC_Curve curve)
+{
+
+ uECC_word_t tmp1[NUM_ECC_WORDS];
+ uECC_word_t tmp2[NUM_ECC_WORDS];
+ uECC_word_t *p2[2] = {tmp1, tmp2};
+ uECC_word_t carry;
+
+ /* Regularize the bitcount for the private key so that attackers cannot
+ * use a side channel attack to learn the number of leading zeros. */
+ carry = regularize_k(private_key, tmp1, tmp2, curve);
+
+ EccPoint_mult(result, curve->G, p2[!carry], 0, curve->num_n_bits + 1, curve);
+
+ if (EccPoint_isZero(result, curve)) {
+ return 0;
+ }
+ return 1;
+}
+
+/* Converts an integer in uECC native format to big-endian bytes. */
+void uECC_vli_nativeToBytes(uint8_t *bytes, int num_bytes,
+ const unsigned int *native)
+{
+ wordcount_t i;
+ for (i = 0; i < num_bytes; ++i) {
+ unsigned b = num_bytes - 1 - i;
+ bytes[i] = native[b / uECC_WORD_SIZE] >> (8 * (b % uECC_WORD_SIZE));
+ }
+}
+
+/* Converts big-endian bytes to an integer in uECC native format. */
+void uECC_vli_bytesToNative(unsigned int *native, const uint8_t *bytes,
+ int num_bytes)
+{
+ wordcount_t i;
+ uECC_vli_clear(native, (num_bytes + (uECC_WORD_SIZE - 1)) / uECC_WORD_SIZE);
+ for (i = 0; i < num_bytes; ++i) {
+ unsigned b = num_bytes - 1 - i;
+ native[b / uECC_WORD_SIZE] |=
+ (uECC_word_t)bytes[i] << (8 * (b % uECC_WORD_SIZE));
+ }
+}
+
+int uECC_generate_random_int(uECC_word_t *random, const uECC_word_t *top,
+ wordcount_t num_words)
+{
+ uECC_word_t mask = (uECC_word_t)-1;
+ uECC_word_t tries;
+ bitcount_t num_bits = uECC_vli_numBits(top, num_words);
+
+ if (!g_rng_function) {
+ return 0;
+ }
+
+ for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
+ if (!g_rng_function((uint8_t *)random, num_words * uECC_WORD_SIZE)) {
+ return 0;
+ }
+ random[num_words - 1] &=
+ mask >> ((bitcount_t)(num_words * uECC_WORD_SIZE * 8 - num_bits));
+ if (!uECC_vli_isZero(random, num_words) &&
+ uECC_vli_cmp(top, random, num_words) == 1) {
+ return 1;
+ }
+ }
+ return 0;
+}
+
+
+int uECC_valid_point(const uECC_word_t *point, uECC_Curve curve)
+{
+ uECC_word_t tmp1[NUM_ECC_WORDS];
+ uECC_word_t tmp2[NUM_ECC_WORDS];
+ wordcount_t num_words = curve->num_words;
+
+ /* The point at infinity is invalid. */
+ if (EccPoint_isZero(point, curve)) {
+ return -1;
+ }
+
+ /* x and y must be smaller than p. */
+ if (uECC_vli_cmp_unsafe(curve->p, point, num_words) != 1 ||
+ uECC_vli_cmp_unsafe(curve->p, point + num_words, num_words) != 1) {
+ return -2;
+ }
+
+ uECC_vli_modSquare_fast(tmp1, point + num_words, curve);
+ curve->x_side(tmp2, point, curve); /* tmp2 = x^3 + ax + b */
+
+ /* Make sure that y^2 == x^3 + ax + b */
+ if (uECC_vli_equal(tmp1, tmp2, num_words) != 0)
+ return -3;
+
+ return 0;
+}
+
+int uECC_valid_public_key(const uint8_t *public_key, uECC_Curve curve)
+{
+
+ uECC_word_t _public[NUM_ECC_WORDS * 2];
+
+ uECC_vli_bytesToNative(_public, public_key, curve->num_bytes);
+ uECC_vli_bytesToNative(
+ _public + curve->num_words,
+ public_key + curve->num_bytes,
+ curve->num_bytes);
+
+ if (uECC_vli_cmp_unsafe(_public, curve->G, NUM_ECC_WORDS * 2) == 0) {
+ return -4;
+ }
+
+ return uECC_valid_point(_public, curve);
+}
+
+int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key,
+ uECC_Curve curve)
+{
+
+ uECC_word_t _private[NUM_ECC_WORDS];
+ uECC_word_t _public[NUM_ECC_WORDS * 2];
+
+ uECC_vli_bytesToNative(
+ _private,
+ private_key,
+ BITS_TO_BYTES(curve->num_n_bits));
+
+ /* Make sure the private key is in the range [1, n-1]. */
+ if (uECC_vli_isZero(_private, BITS_TO_WORDS(curve->num_n_bits))) {
+ return 0;
+ }
+
+ if (uECC_vli_cmp(curve->n, _private, BITS_TO_WORDS(curve->num_n_bits)) != 1) {
+ return 0;
+ }
+
+ /* Compute public key. */
+ if (!EccPoint_compute_public_key(_public, _private, curve)) {
+ return 0;
+ }
+
+ uECC_vli_nativeToBytes(public_key, curve->num_bytes, _public);
+ uECC_vli_nativeToBytes(
+ public_key +
+ curve->num_bytes, curve->num_bytes, _public + curve->num_words);
+ return 1;
+}
+#else
+typedef int mbedtls_dummy_tinycrypt_def;
+#endif /* MBEDTLS_USE_TINYCRYPT */
+
diff --git a/tinycrypt/ecc_dh.c b/tinycrypt/ecc_dh.c
new file mode 100644
index 0000000..28dfdf9
--- /dev/null
+++ b/tinycrypt/ecc_dh.c
@@ -0,0 +1,201 @@
+/* ec_dh.c - TinyCrypt implementation of EC-DH */
+
+/*
+ * Copyright (c) 2014, Kenneth MacKay
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#if defined(MBEDTLS_USE_TINYCRYPT)
+#include <tinycrypt/ecc.h>
+#include <tinycrypt/ecc_dh.h>
+#include <string.h>
+#include "mbedtls/platform_util.h"
+
+#if default_RNG_defined
+static uECC_RNG_Function g_rng_function = &default_CSPRNG;
+#else
+static uECC_RNG_Function g_rng_function = 0;
+#endif
+
+int uECC_make_key_with_d(uint8_t *public_key, uint8_t *private_key,
+ unsigned int *d, uECC_Curve curve)
+{
+
+ uECC_word_t _private[NUM_ECC_WORDS];
+ uECC_word_t _public[NUM_ECC_WORDS * 2];
+
+ /* This function is designed for test purposes-only (such as validating NIST
+ * test vectors) as it uses a provided value for d instead of generating
+ * it uniformly at random. */
+ memcpy (_private, d, NUM_ECC_BYTES);
+
+ /* Computing public-key from private: */
+ if (EccPoint_compute_public_key(_public, _private, curve)) {
+
+ /* Converting buffers to correct bit order: */
+ uECC_vli_nativeToBytes(private_key,
+ BITS_TO_BYTES(curve->num_n_bits),
+ _private);
+ uECC_vli_nativeToBytes(public_key,
+ curve->num_bytes,
+ _public);
+ uECC_vli_nativeToBytes(public_key + curve->num_bytes,
+ curve->num_bytes,
+ _public + curve->num_words);
+
+ /* erasing temporary buffer used to store secret: */
+ memset(_private, 0, NUM_ECC_BYTES);
+
+ return 1;
+ }
+ return 0;
+}
+
+int uECC_make_key(uint8_t *public_key, uint8_t *private_key, uECC_Curve curve)
+{
+
+ uECC_word_t _random[NUM_ECC_WORDS * 2];
+ uECC_word_t _private[NUM_ECC_WORDS];
+ uECC_word_t _public[NUM_ECC_WORDS * 2];
+ uECC_word_t tries;
+
+ for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
+ /* Generating _private uniformly at random: */
+ uECC_RNG_Function rng_function = uECC_get_rng();
+ if (!rng_function ||
+ !rng_function((uint8_t *)_random, 2 * NUM_ECC_WORDS*uECC_WORD_SIZE)) {
+ return 0;
+ }
+
+ /* computing modular reduction of _random (see FIPS 186.4 B.4.1): */
+ uECC_vli_mmod(_private, _random, curve->n, BITS_TO_WORDS(curve->num_n_bits));
+
+ /* Computing public-key from private: */
+ if (EccPoint_compute_public_key(_public, _private, curve)) {
+
+ /* Converting buffers to correct bit order: */
+ uECC_vli_nativeToBytes(private_key,
+ BITS_TO_BYTES(curve->num_n_bits),
+ _private);
+ uECC_vli_nativeToBytes(public_key,
+ curve->num_bytes,
+ _public);
+ uECC_vli_nativeToBytes(public_key + curve->num_bytes,
+ curve->num_bytes,
+ _public + curve->num_words);
+
+ /* erasing temporary buffer that stored secret: */
+ memset(_private, 0, NUM_ECC_BYTES);
+
+ return 1;
+ }
+ }
+ return 0;
+}
+
+int uECC_shared_secret(const uint8_t *public_key, const uint8_t *private_key,
+ uint8_t *secret, uECC_Curve curve)
+{
+
+ uECC_word_t _public[NUM_ECC_WORDS * 2];
+ uECC_word_t _private[NUM_ECC_WORDS];
+
+ uECC_word_t tmp[NUM_ECC_WORDS];
+ uECC_word_t *p2[2] = {_private, tmp};
+ uECC_word_t *initial_Z = 0;
+ uECC_word_t carry;
+ wordcount_t num_words = curve->num_words;
+ wordcount_t num_bytes = curve->num_bytes;
+ int r;
+
+ /* Converting buffers to correct bit order: */
+ uECC_vli_bytesToNative(_private,
+ private_key,
+ BITS_TO_BYTES(curve->num_n_bits));
+ uECC_vli_bytesToNative(_public,
+ public_key,
+ num_bytes);
+ uECC_vli_bytesToNative(_public + num_words,
+ public_key + num_bytes,
+ num_bytes);
+
+ /* Regularize the bitcount for the private key so that attackers cannot use a
+ * side channel attack to learn the number of leading zeros. */
+ carry = regularize_k(_private, _private, tmp, curve);
+
+ /* If an RNG function was specified, try to get a random initial Z value to
+ * improve protection against side-channel attacks. */
+ if (g_rng_function) {
+ if (!uECC_generate_random_int(p2[carry], curve->p, num_words)) {
+ r = 0;
+ goto clear_and_out;
+ }
+ initial_Z = p2[carry];
+ }
+
+ EccPoint_mult(_public, _public, p2[!carry], initial_Z, curve->num_n_bits + 1,
+ curve);
+
+ uECC_vli_nativeToBytes(secret, num_bytes, _public);
+ r = !EccPoint_isZero(_public, curve);
+
+clear_and_out:
+ /* erasing temporary buffer used to store secret: */
+ mbedtls_platform_zeroize(p2, sizeof(p2));
+ mbedtls_platform_zeroize(tmp, sizeof(tmp));
+ mbedtls_platform_zeroize(_private, sizeof(_private));
+
+ return r;
+}
+#else
+typedef int mbedtls_dummy_tinycrypt_def;
+#endif /* MBEDTLS_USE_TINYCRYPT */
diff --git a/tinycrypt/ecc_dsa.c b/tinycrypt/ecc_dsa.c
new file mode 100644
index 0000000..048fa61
--- /dev/null
+++ b/tinycrypt/ecc_dsa.c
@@ -0,0 +1,297 @@
+/* ec_dsa.c - TinyCrypt implementation of EC-DSA */
+
+/* Copyright (c) 2014, Kenneth MacKay
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.*/
+
+/*
+ * Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if defined(MBEDTLS_USE_TINYCRYPT)
+#include <tinycrypt/ecc.h>
+#include <tinycrypt/ecc_dsa.h>
+
+#if default_RNG_defined
+static uECC_RNG_Function g_rng_function = &default_CSPRNG;
+#else
+static uECC_RNG_Function g_rng_function = 0;
+#endif
+
+static void bits2int(uECC_word_t *native, const uint8_t *bits,
+ unsigned bits_size, uECC_Curve curve)
+{
+ unsigned num_n_bytes = BITS_TO_BYTES(curve->num_n_bits);
+ unsigned num_n_words = BITS_TO_WORDS(curve->num_n_bits);
+ int shift;
+ uECC_word_t carry;
+ uECC_word_t *ptr;
+
+ if (bits_size > num_n_bytes) {
+ bits_size = num_n_bytes;
+ }
+
+ uECC_vli_clear(native, num_n_words);
+ uECC_vli_bytesToNative(native, bits, bits_size);
+ if (bits_size * 8 <= (unsigned)curve->num_n_bits) {
+ return;
+ }
+ shift = bits_size * 8 - curve->num_n_bits;
+ carry = 0;
+ ptr = native + num_n_words;
+ while (ptr-- > native) {
+ uECC_word_t temp = *ptr;
+ *ptr = (temp >> shift) | carry;
+ carry = temp << (uECC_WORD_BITS - shift);
+ }
+
+ /* Reduce mod curve_n */
+ if (uECC_vli_cmp_unsafe(curve->n, native, num_n_words) != 1) {
+ uECC_vli_sub(native, native, curve->n, num_n_words);
+ }
+}
+
+int uECC_sign_with_k(const uint8_t *private_key, const uint8_t *message_hash,
+ unsigned hash_size, uECC_word_t *k, uint8_t *signature,
+ uECC_Curve curve)
+{
+
+ uECC_word_t tmp[NUM_ECC_WORDS];
+ uECC_word_t s[NUM_ECC_WORDS];
+ uECC_word_t *k2[2] = {tmp, s};
+ uECC_word_t p[NUM_ECC_WORDS * 2];
+ uECC_word_t carry;
+ wordcount_t num_words = curve->num_words;
+ wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits);
+ bitcount_t num_n_bits = curve->num_n_bits;
+
+ /* Make sure 0 < k < curve_n */
+ if (uECC_vli_isZero(k, num_words) ||
+ uECC_vli_cmp(curve->n, k, num_n_words) != 1) {
+ return 0;
+ }
+
+ carry = regularize_k(k, tmp, s, curve);
+ EccPoint_mult(p, curve->G, k2[!carry], 0, num_n_bits + 1, curve);
+ if (uECC_vli_isZero(p, num_words)) {
+ return 0;
+ }
+
+ /* If an RNG function was specified, get a random number
+ to prevent side channel analysis of k. */
+ if (!g_rng_function) {
+ uECC_vli_clear(tmp, num_n_words);
+ tmp[0] = 1;
+ }
+ else if (!uECC_generate_random_int(tmp, curve->n, num_n_words)) {
+ return 0;
+ }
+
+ /* Prevent side channel analysis of uECC_vli_modInv() to determine
+ bits of k / the private key by premultiplying by a random number */
+ uECC_vli_modMult(k, k, tmp, curve->n, num_n_words); /* k' = rand * k */
+ uECC_vli_modInv(k, k, curve->n, num_n_words); /* k = 1 / k' */
+ uECC_vli_modMult(k, k, tmp, curve->n, num_n_words); /* k = 1 / k */
+
+ uECC_vli_nativeToBytes(signature, curve->num_bytes, p); /* store r */
+
+ /* tmp = d: */
+ uECC_vli_bytesToNative(tmp, private_key, BITS_TO_BYTES(curve->num_n_bits));
+
+ s[num_n_words - 1] = 0;
+ uECC_vli_set(s, p, num_words);
+ uECC_vli_modMult(s, tmp, s, curve->n, num_n_words); /* s = r*d */
+
+ bits2int(tmp, message_hash, hash_size, curve);
+ uECC_vli_modAdd(s, tmp, s, curve->n, num_n_words); /* s = e + r*d */
+ uECC_vli_modMult(s, s, k, curve->n, num_n_words); /* s = (e + r*d) / k */
+ if (uECC_vli_numBits(s, num_n_words) > (bitcount_t)curve->num_bytes * 8) {
+ return 0;
+ }
+
+ uECC_vli_nativeToBytes(signature + curve->num_bytes, curve->num_bytes, s);
+ return 1;
+}
+
+int uECC_sign(const uint8_t *private_key, const uint8_t *message_hash,
+ unsigned hash_size, uint8_t *signature, uECC_Curve curve)
+{
+ uECC_word_t _random[2*NUM_ECC_WORDS];
+ uECC_word_t k[NUM_ECC_WORDS];
+ uECC_word_t tries;
+
+ for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
+ /* Generating _random uniformly at random: */
+ uECC_RNG_Function rng_function = uECC_get_rng();
+ if (!rng_function ||
+ !rng_function((uint8_t *)_random, 2*NUM_ECC_WORDS*uECC_WORD_SIZE)) {
+ return 0;
+ }
+
+ // computing k as modular reduction of _random (see FIPS 186.4 B.5.1):
+ uECC_vli_mmod(k, _random, curve->n, BITS_TO_WORDS(curve->num_n_bits));
+
+ if (uECC_sign_with_k(private_key, message_hash, hash_size, k, signature,
+ curve)) {
+ return 1;
+ }
+ }
+ return 0;
+}
+
+static bitcount_t smax(bitcount_t a, bitcount_t b)
+{
+ return (a > b ? a : b);
+}
+
+int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
+ unsigned hash_size, const uint8_t *signature,
+ uECC_Curve curve)
+{
+
+ uECC_word_t u1[NUM_ECC_WORDS], u2[NUM_ECC_WORDS];
+ uECC_word_t z[NUM_ECC_WORDS];
+ uECC_word_t sum[NUM_ECC_WORDS * 2];
+ uECC_word_t rx[NUM_ECC_WORDS];
+ uECC_word_t ry[NUM_ECC_WORDS];
+ uECC_word_t tx[NUM_ECC_WORDS];
+ uECC_word_t ty[NUM_ECC_WORDS];
+ uECC_word_t tz[NUM_ECC_WORDS];
+ const uECC_word_t *points[4];
+ const uECC_word_t *point;
+ bitcount_t num_bits;
+ bitcount_t i;
+
+ uECC_word_t _public[NUM_ECC_WORDS * 2];
+ uECC_word_t r[NUM_ECC_WORDS], s[NUM_ECC_WORDS];
+ wordcount_t num_words = curve->num_words;
+ wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits);
+
+ rx[num_n_words - 1] = 0;
+ r[num_n_words - 1] = 0;
+ s[num_n_words - 1] = 0;
+
+ uECC_vli_bytesToNative(_public, public_key, curve->num_bytes);
+ uECC_vli_bytesToNative(_public + num_words, public_key + curve->num_bytes,
+ curve->num_bytes);
+ uECC_vli_bytesToNative(r, signature, curve->num_bytes);
+ uECC_vli_bytesToNative(s, signature + curve->num_bytes, curve->num_bytes);
+
+ /* r, s must not be 0. */
+ if (uECC_vli_isZero(r, num_words) || uECC_vli_isZero(s, num_words)) {
+ return 0;
+ }
+
+ /* r, s must be < n. */
+ if (uECC_vli_cmp_unsafe(curve->n, r, num_n_words) != 1 ||
+ uECC_vli_cmp_unsafe(curve->n, s, num_n_words) != 1) {
+ return 0;
+ }
+
+ /* Calculate u1 and u2. */
+ uECC_vli_modInv(z, s, curve->n, num_n_words); /* z = 1/s */
+ u1[num_n_words - 1] = 0;
+ bits2int(u1, message_hash, hash_size, curve);
+ uECC_vli_modMult(u1, u1, z, curve->n, num_n_words); /* u1 = e/s */
+ uECC_vli_modMult(u2, r, z, curve->n, num_n_words); /* u2 = r/s */
+
+ /* Calculate sum = G + Q. */
+ uECC_vli_set(sum, _public, num_words);
+ uECC_vli_set(sum + num_words, _public + num_words, num_words);
+ uECC_vli_set(tx, curve->G, num_words);
+ uECC_vli_set(ty, curve->G + num_words, num_words);
+ uECC_vli_modSub(z, sum, tx, curve->p, num_words); /* z = x2 - x1 */
+ XYcZ_add(tx, ty, sum, sum + num_words, curve);
+ uECC_vli_modInv(z, z, curve->p, num_words); /* z = 1/z */
+ apply_z(sum, sum + num_words, z, curve);
+
+ /* Use Shamir's trick to calculate u1*G + u2*Q */
+ points[0] = 0;
+ points[1] = curve->G;
+ points[2] = _public;
+ points[3] = sum;
+ num_bits = smax(uECC_vli_numBits(u1, num_n_words),
+ uECC_vli_numBits(u2, num_n_words));
+
+ point = points[(!!uECC_vli_testBit(u1, num_bits - 1)) |
+ ((!!uECC_vli_testBit(u2, num_bits - 1)) << 1)];
+ uECC_vli_set(rx, point, num_words);
+ uECC_vli_set(ry, point + num_words, num_words);
+ uECC_vli_clear(z, num_words);
+ z[0] = 1;
+
+ for (i = num_bits - 2; i >= 0; --i) {
+ uECC_word_t index;
+ curve->double_jacobian(rx, ry, z, curve);
+
+ index = (!!uECC_vli_testBit(u1, i)) | ((!!uECC_vli_testBit(u2, i)) << 1);
+ point = points[index];
+ if (point) {
+ uECC_vli_set(tx, point, num_words);
+ uECC_vli_set(ty, point + num_words, num_words);
+ apply_z(tx, ty, z, curve);
+ uECC_vli_modSub(tz, rx, tx, curve->p, num_words); /* Z = x2 - x1 */
+ XYcZ_add(tx, ty, rx, ry, curve);
+ uECC_vli_modMult_fast(z, z, tz, curve);
+ }
+ }
+
+ uECC_vli_modInv(z, z, curve->p, num_words); /* Z = 1/Z */
+ apply_z(rx, ry, z, curve);
+
+ /* v = x1 (mod n) */
+ if (uECC_vli_cmp_unsafe(curve->n, rx, num_n_words) != 1) {
+ uECC_vli_sub(rx, rx, curve->n, num_n_words);
+ }
+
+ /* Accept only if v == r. */
+ return (int)(uECC_vli_equal(rx, r, num_words) == 0);
+}
+#else
+typedef int mbedtls_dummy_tinycrypt_def;
+#endif /* MBEDTLS_USE_TINYCRYPT */