Merge pull request #3120 from gilles-peskine-arm/check-windows-files
Check Windows files for sanity as well
diff --git a/.github/issue_template.md b/.github/issue_template.md
index 7c31353..18b87fc 100644
--- a/.github/issue_template.md
+++ b/.github/issue_template.md
@@ -1,7 +1,7 @@
Note: This is just a template, so feel free to use/remove the unnecessary things
### Description
-- Type: Bug | Enhancement\Feature Request | Question
+- Type: Bug | Enhancement\Feature Request
- Priority: Blocker | Major | Minor
---------------------------------------------------------------
@@ -38,4 +38,4 @@
## Question
-**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferably file an issue in the [Mbed TLS support forum](https://forums.mbed.com/c/mbed-tls)**
+**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb). If you can't find the answer you're looking for then please use the [Mbed TLS mailing list](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls)**
diff --git a/.pylintrc b/.pylintrc
index 037717e..ad25a7c 100644
--- a/.pylintrc
+++ b/.pylintrc
@@ -40,7 +40,27 @@
max-module-lines=2000
[MESSAGES CONTROL]
-disable=
+# * locally-disabled, locally-enabled: If we disable or enable a message
+# locally, it's by design. There's no need to clutter the Pylint output
+# with this information.
+# * logging-format-interpolation: Pylint warns about things like
+# ``log.info('...'.format(...))``. It insists on ``log.info('...', ...)``.
+# This is of minor utility (mainly a performance gain when there are
+# many messages that use formatting and are below the log level).
+# Some versions of Pylint (including 1.8, which is the version on
+# Ubuntu 18.04) only recognize old-style format strings using '%',
+# and complain about something like ``log.info('{}', foo)`` with
+# logging-too-many-args (Pylint supports new-style formatting if
+# declared globally with logging_format_style under [LOGGING] but
+# this requires Pylint >=2.2).
+# * no-else-return: Allow the perfectly reasonable idiom
+# if condition1:
+# return value1
+# else:
+# return value2
+# * unnecessary-pass: If we take the trouble of adding a line with "pass",
+# it's because we think the code is clearer that way.
+disable=locally-disabled,locally-enabled,logging-format-interpolation,no-else-return,unnecessary-pass
[REPORTS]
# Don't diplay statistics. Just the facts.
diff --git a/ChangeLog b/ChangeLog
index bcceebb..062a1ad 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,18 +1,51 @@
mbed TLS ChangeLog (Sorted per branch, date)
-= mbed TLS x.x.x branch released xxxx-xx-xx
+= mbed TLS 2.22.0 branch released 2020-04-14
New deprecations
* Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the
SSL module for hardware acceleration of individual records.
+ * Deprecate mbedtls_ssl_get_max_frag_len() in favour of
+ mbedtls_ssl_get_output_max_frag_len() and
+ mbedtls_ssl_get_input_max_frag_len() to be more precise about which max
+ fragment length is desired.
+
+Security
+ * Fix issue in DTLS handling of new associations with the same parameters
+ (RFC 6347 section 4.2.8): an attacker able to send forged UDP packets to
+ the server could cause it to drop established associations with
+ legitimate clients, resulting in a Denial of Service. This could only
+ happen when MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE was enabled in config.h
+ (which it is by default).
+ * Fix side channel in ECC code that allowed an adversary with access to
+ precise enough timing and memory access information (typically an
+ untrusted operating system attacking a secure enclave) to fully recover
+ an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya,
+ Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932
+ * Fix a potentially remotely exploitable buffer overread in a
+ DTLS client when parsing the Hello Verify Request message.
+
+Features
+ * The new build option MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH automatically
+ resizes the I/O buffers before and after handshakes, reducing the memory
+ consumption during application data transfer.
Bugfix
* Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
MBEDTLS_SSL_HW_RECORD_ACCEL are enabled.
+ * Remove a spurious check in ssl_parse_client_psk_identity that triggered
+ a warning with some compilers. Fix contributed by irwir in #2856.
+ * Fix a function name in a debug message. Contributed by Ercan Ozturk in
+ #3013.
Changes
* Mbed Crypto is no longer a Git submodule. The crypto part of the library
is back directly in the present repository.
+ * Split mbedtls_ssl_get_max_frag_len() into
+ mbedtls_ssl_get_output_max_frag_len() and
+ mbedtls_ssl_get_input_max_frag_len() to ensure that a sufficient input
+ buffer is allocated by the server (if MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
+ is defined), regardless of what MFL was configured for it.
= mbed TLS 2.21.0 branch released 2020-02-20
diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md
new file mode 100644
index 0000000..b559e23
--- /dev/null
+++ b/ChangeLog.d/00README.md
@@ -0,0 +1,67 @@
+# Pending changelog entry directory
+
+This directory contains changelog entries that have not yet been merged
+to the changelog file ([`../ChangeLog`](../ChangeLog)).
+
+## Changelog entry file format
+
+A changelog entry file must have the extension `*.txt` and must have the
+following format:
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Security
+ * Change description.
+ * Another change description.
+
+Features
+ * Yet another change description. This is a long change description that
+ spans multiple lines.
+ * Yet again another change description.
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The permitted changelog entry categories are as follows:
+<!-- Keep this synchronized with STANDARD_CATEGORIES in assemble_changelog.py! -->
+
+ API changes
+ Default behavior changes
+ Requirement changes
+ New deprecations
+ Removals
+ Features
+ Security
+ Bugfix
+ Changes
+
+Use “Changes” for anything that doesn't fit in the other categories, such as
+performance, documentation and test improvements.
+
+## How to write a changelog entry
+
+Each entry starts with three spaces, an asterisk and a space. Continuation
+lines start with 5 spaces. Lines wrap at 79 characters.
+
+Write full English sentences with proper capitalization and punctuation. Use
+the present tense. Use the imperative where applicable. For example: “Fix a
+bug in mbedtls_xxx() ….”
+
+Include GitHub issue numbers where relevant. Use the format “#1234” for an
+Mbed TLS issue. Add other external references such as CVE numbers where
+applicable.
+
+Credit the author of the contribution if the contribution is not a member of
+the Mbed TLS development team. Also credit bug reporters where applicable.
+
+**Explain why, not how**. Remember that the audience is the users of the
+library, not its developers. In particular, for a bug fix, explain the
+consequences of the bug, not how the bug was fixed. For a new feature, explain
+why one might be interested in the feature. For an API change or a deprecation,
+explain how to update existing applications.
+
+See [existing entries](../ChangeLog) for examples.
+
+## How `ChangeLog` is updated
+
+Run [`../scripts/assemble_changelog.py`](../scripts/assemble_changelog.py)
+from a Git working copy
+to move the entries from files in `ChangeLog.d` to the main `ChangeLog` file.
diff --git a/Makefile b/Makefile
index 8e72bd1..e0eb7a5 100644
--- a/Makefile
+++ b/Makefile
@@ -124,8 +124,10 @@
## Editor navigation files
C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function)
+# Exuberant-ctags invocation. Other ctags implementations may require different options.
+CTAGS = ctags --langmap=c:+.h.function -o
tags: $(C_SOURCE_FILES)
- ctags -o $@ $(C_SOURCE_FILES)
+ $(CTAGS) $@ $(C_SOURCE_FILES)
TAGS: $(C_SOURCE_FILES)
etags -o $@ $(C_SOURCE_FILES)
GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES)
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 8e2539d..749d5c1 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -24,7 +24,7 @@
*/
/**
- * @mainpage mbed TLS v2.21.0 source code documentation
+ * @mainpage mbed TLS v2.22.0 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 4732271..418318d 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v2.21.0"
+PROJECT_NAME = "mbed TLS v2.22.0"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
@@ -1594,7 +1594,7 @@
# contain include files that are not input files but should be processed by
# the preprocessor.
-INCLUDE_PATH =
+INCLUDE_PATH = ../include
# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
# patterns (like *.h and *.hpp) to filter out the header-files in the
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index d904d5a..fa3caa7 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -619,6 +619,23 @@
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
#endif
+#if (defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+ defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
+ !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
+#error "One or more versions of the TLS protocol are enabled " \
+ "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
+#endif
+
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
@@ -763,6 +780,10 @@
#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_CERTS_C) && !defined(MBEDTLS_X509_USE_C)
+#error "MBEDTLS_CERTS_C defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
#endif
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index d5502a9..901e26d 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1520,8 +1520,8 @@
/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
*
- * Enable support for Extended Master Secret, aka Session Hash
- * (draft-ietf-tls-session-hash-02).
+ * Enable support for RFC 7627: Session Hash and Extended Master Secret
+ * Extension.
*
* This was introduced as "the proper fix" to the Triple Handshake familiy of
* attacks, but it is recommended to always use it (even if you disable
@@ -1539,7 +1539,8 @@
/**
* \def MBEDTLS_SSL_FALLBACK_SCSV
*
- * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
+ * Enable support for RFC 7507: Fallback Signaling Cipher Suite Value (SCSV)
+ * for Preventing Protocol Downgrade Attacks.
*
* For servers, it is recommended to always enable this, unless you support
* only one version of TLS, or know for sure that none of your clients
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 1a071fc..7fec65e 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2682,6 +2682,9 @@
* \note This is mainly useful for clients. Servers will usually
* want to use \c mbedtls_ssl_conf_psk_cb() instead.
*
+ * \note A PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
+ * takes precedence over a PSK configured by this function.
+ *
* \warning Currently, clients can only register a single pre-shared key.
* Calling this function or mbedtls_ssl_conf_psk_opaque() more
* than once will overwrite values configured in previous calls.
@@ -2715,6 +2718,10 @@
* \note This is mainly useful for clients. Servers will usually
* want to use \c mbedtls_ssl_conf_psk_cb() instead.
*
+ * \note An opaque PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in
+ * the PSK callback takes precedence over an opaque PSK
+ * configured by this function.
+ *
* \warning Currently, clients can only register a single pre-shared key.
* Calling this function or mbedtls_ssl_conf_psk() more than
* once will overwrite values configured in previous calls.
@@ -2752,6 +2759,9 @@
* \note This should only be called inside the PSK callback,
* i.e. the function passed to \c mbedtls_ssl_conf_psk_cb().
*
+ * \note A PSK set by this function takes precedence over a PSK
+ * configured by \c mbedtls_ssl_conf_psk().
+ *
* \param ssl The SSL context to configure a PSK for.
* \param psk The pointer to the pre-shared key.
* \param psk_len The length of the pre-shared key in bytes.
@@ -2769,6 +2779,9 @@
* \note This should only be called inside the PSK callback,
* i.e. the function passed to \c mbedtls_ssl_conf_psk_cb().
*
+ * \note An opaque PSK set by this function takes precedence over an
+ * opaque PSK configured by \c mbedtls_ssl_conf_psk_opaque().
+ *
* \param ssl The SSL context to configure a PSK for.
* \param psk The identifier of the key slot holding the PSK.
* For the duration of the current handshake, the key slot
@@ -2807,9 +2820,14 @@
* on the SSL context to set the correct PSK and return \c 0.
* Any other return value will result in a denied PSK identity.
*
- * \note If you set a PSK callback using this function, then you
- * don't need to set a PSK key and identity using
- * \c mbedtls_ssl_conf_psk().
+ * \note A dynamic PSK (i.e. set by the PSK callback) takes
+ * precedence over a static PSK (i.e. set by
+ * \c mbedtls_ssl_conf_psk() or
+ * \c mbedtls_ssl_conf_psk_opaque()).
+ * This means that if you set a PSK callback using this
+ * function, you don't need to set a PSK using
+ * \c mbedtls_ssl_conf_psk() or
+ * \c mbedtls_ssl_conf_psk_opaque()).
*
* \param conf The SSL configuration to register the callback with.
* \param f_psk The callback for selecting and setting the PSK based
@@ -3523,18 +3541,61 @@
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
/**
- * \brief Return the maximum fragment length (payload, in bytes).
- * This is the value negotiated with peer if any,
- * or the locally configured value.
+ * \brief Return the maximum fragment length (payload, in bytes) for
+ * the output buffer. For the client, this is the configured
+ * value. For the server, it is the minimum of two - the
+ * configured value and the negotiated one.
*
* \sa mbedtls_ssl_conf_max_frag_len()
* \sa mbedtls_ssl_get_max_record_payload()
*
* \param ssl SSL context
*
- * \return Current maximum fragment length.
+ * \return Current maximum fragment length for the output buffer.
*/
-size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
+size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl );
+
+/**
+ * \brief Return the maximum fragment length (payload, in bytes) for
+ * the input buffer. This is the negotiated maximum fragment
+ * length, or, if there is none, MBEDTLS_SSL_MAX_CONTENT_LEN.
+ * If it is not defined either, the value is 2^14. This function
+ * works as its predecessor, \c mbedtls_ssl_get_max_frag_len().
+ *
+ * \sa mbedtls_ssl_conf_max_frag_len()
+ * \sa mbedtls_ssl_get_max_record_payload()
+ *
+ * \param ssl SSL context
+ *
+ * \return Current maximum fragment length for the output buffer.
+ */
+size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+
+/**
+ * \brief This function is a deprecated approach to getting the max
+ * fragment length. Its an alias for
+ * \c mbedtls_ssl_get_output_max_frag_len(), as the behaviour
+ * is the same. See \c mbedtls_ssl_get_output_max_frag_len() for
+ * more detail.
+ *
+ * \sa mbedtls_ssl_get_input_max_frag_len()
+ * \sa mbedtls_ssl_get_output_max_frag_len()
+ *
+ * \param ssl SSL context
+ *
+ * \return Current maximum fragment length for the output buffer.
+ */
+MBEDTLS_DEPRECATED size_t mbedtls_ssl_get_max_frag_len(
+ const mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
/**
@@ -3555,7 +3616,8 @@
* when record compression is enabled.
*
* \sa mbedtls_ssl_set_mtu()
- * \sa mbedtls_ssl_get_max_frag_len()
+ * \sa mbedtls_ssl_get_output_max_frag_len()
+ * \sa mbedtls_ssl_get_input_max_frag_len()
* \sa mbedtls_ssl_get_record_expansion()
*
* \param ssl SSL context
@@ -3863,8 +3925,8 @@
* or negotiated with the peer), then:
* - with TLS, less bytes than requested are written.
* - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
- * \c mbedtls_ssl_get_max_frag_len() may be used to query the
- * active maximum fragment length.
+ * \c mbedtls_ssl_get_output_max_frag_len() may be used to
+ * query the active maximum fragment length.
*
* \note Attempting to write 0 bytes will result in an empty TLS
* application record being sent.
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 9ff61fd..e92381c 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -260,11 +260,11 @@
static inline uint32_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx )
{
#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
- return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx )
+ return (uint32_t) mbedtls_ssl_get_output_max_frag_len( ctx )
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
+ MBEDTLS_SSL_CID_OUT_LEN_MAX;
#else
- return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx )
+ return (uint32_t) mbedtls_ssl_get_output_max_frag_len( ctx )
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
#endif
}
@@ -272,11 +272,11 @@
static inline uint32_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx )
{
#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
- return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx )
+ return (uint32_t) mbedtls_ssl_get_input_max_frag_len( ctx )
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
+ MBEDTLS_SSL_CID_IN_LEN_MAX;
#else
- return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx )
+ return (uint32_t) mbedtls_ssl_get_input_max_frag_len( ctx )
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
#endif
}
@@ -921,7 +921,60 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
-#endif
+
+/**
+ * Get the first defined PSK by order of precedence:
+ * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
+ * 2. static PSK configured by \c mbedtls_ssl_conf_psk()
+ * Return a code and update the pair (PSK, PSK length) passed to this function
+ */
+static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl,
+ const unsigned char **psk, size_t *psk_len )
+{
+ if( ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0 )
+ {
+ *psk = ssl->handshake->psk;
+ *psk_len = ssl->handshake->psk_len;
+ }
+
+ else if( ssl->conf->psk != NULL && ssl->conf->psk_len > 0 )
+ {
+ *psk = ssl->conf->psk;
+ *psk_len = ssl->conf->psk_len;
+ }
+
+ else
+ {
+ *psk = NULL;
+ *psk_len = 0;
+ return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+ }
+
+ return( 0 );
+}
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/**
+ * Get the first defined opaque PSK by order of precedence:
+ * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in the PSK
+ * callback
+ * 2. static PSK configured by \c mbedtls_ssl_conf_psk_opaque()
+ * Return an opaque PSK
+ */
+static inline psa_key_handle_t mbedtls_ssl_get_opaque_psk(
+ const mbedtls_ssl_context *ssl )
+{
+ if( ssl->handshake->psk_opaque != 0 )
+ return( ssl->handshake->psk_opaque );
+
+ if( ssl->conf->psk_opaque != 0 )
+ return( ssl->conf->psk_opaque );
+
+ return( 0 );
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_PK_C)
unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 35af4cc..b89e36e 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -39,7 +39,7 @@
* Major, Minor, Patchlevel
*/
#define MBEDTLS_VERSION_MAJOR 2
-#define MBEDTLS_VERSION_MINOR 21
+#define MBEDTLS_VERSION_MINOR 22
#define MBEDTLS_VERSION_PATCH 0
/**
@@ -47,9 +47,9 @@
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02150000
-#define MBEDTLS_VERSION_STRING "2.21.0"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.21.0"
+#define MBEDTLS_VERSION_NUMBER 0x02160000
+#define MBEDTLS_VERSION_STRING "2.22.0"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.22.0"
#if defined(MBEDTLS_VERSION_C)
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 14dfa22..fd98fa5 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -187,19 +187,19 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto})
- set_target_properties(mbedcrypto PROPERTIES VERSION 2.21.0 SOVERSION 4)
+ set_target_properties(mbedcrypto PROPERTIES VERSION 2.22.0 SOVERSION 4)
target_link_libraries(mbedcrypto ${libs})
target_include_directories(mbedcrypto
PUBLIC ${MBEDTLS_DIR}/include/)
add_library(mbedx509 SHARED ${src_x509})
- set_target_properties(mbedx509 PROPERTIES VERSION 2.21.0 SOVERSION 1)
+ set_target_properties(mbedx509 PROPERTIES VERSION 2.22.0 SOVERSION 1)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
target_include_directories(mbedx509
PUBLIC ${MBEDTLS_DIR}/include/)
add_library(mbedtls SHARED ${src_tls})
- set_target_properties(mbedtls PROPERTIES VERSION 2.21.0 SOVERSION 13)
+ set_target_properties(mbedtls PROPERTIES VERSION 2.22.0 SOVERSION 13)
target_link_libraries(mbedtls ${libs} mbedx509)
target_include_directories(mbedtls
PUBLIC ${MBEDTLS_DIR}/include/)
diff --git a/library/Makefile b/library/Makefile
index 92799d9..dbdd3b6 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -63,48 +63,102 @@
endif
endif
-OBJS_CRYPTO= aes.o aesni.o arc4.o \
- aria.o asn1parse.o asn1write.o \
- base64.o bignum.o blowfish.o \
- camellia.o ccm.o chacha20.o \
- chachapoly.o cipher.o cipher_wrap.o \
- cmac.o ctr_drbg.o des.o \
- dhm.o ecdh.o ecdsa.o \
- ecjpake.o ecp.o \
- ecp_curves.o entropy.o entropy_poll.o \
- error.o gcm.o havege.o \
- hkdf.o \
- hmac_drbg.o md.o md2.o \
- md4.o md5.o \
- memory_buffer_alloc.o nist_kw.o \
- oid.o padlock.o pem.o \
- pk.o pk_wrap.o pkcs12.o \
- pkcs5.o pkparse.o pkwrite.o \
- platform.o platform_util.o poly1305.o \
- psa_crypto.o psa_crypto_se.o \
- psa_crypto_slot_management.o \
- psa_crypto_storage.o \
- psa_its_file.o \
- ripemd160.o rsa_internal.o rsa.o \
- sha1.o sha256.o sha512.o \
- threading.o timing.o \
- version.o version_features.o \
- xtea.o
+OBJS_CRYPTO= \
+ aes.o \
+ aesni.o \
+ arc4.o \
+ aria.o \
+ asn1parse.o \
+ asn1write.o \
+ base64.o \
+ bignum.o \
+ blowfish.o \
+ camellia.o \
+ ccm.o \
+ chacha20.o \
+ chachapoly.o \
+ cipher.o \
+ cipher_wrap.o \
+ cmac.o \
+ ctr_drbg.o \
+ des.o \
+ dhm.o \
+ ecdh.o \
+ ecdsa.o \
+ ecjpake.o \
+ ecp.o \
+ ecp_curves.o \
+ entropy.o \
+ entropy_poll.o \
+ error.o \
+ gcm.o \
+ havege.o \
+ hkdf.o \
+ hmac_drbg.o \
+ md.o \
+ md2.o \
+ md4.o \
+ md5.o \
+ memory_buffer_alloc.o \
+ nist_kw.o \
+ oid.o \
+ padlock.o \
+ pem.o \
+ pk.o \
+ pk_wrap.o \
+ pkcs12.o \
+ pkcs5.o \
+ pkparse.o \
+ pkwrite.o \
+ platform.o \
+ platform_util.o \
+ poly1305.o \
+ psa_crypto.o \
+ psa_crypto_se.o \
+ psa_crypto_slot_management.o \
+ psa_crypto_storage.o \
+ psa_its_file.o \
+ ripemd160.o \
+ rsa.o \
+ rsa_internal.o \
+ sha1.o \
+ sha256.o \
+ sha512.o \
+ threading.o \
+ timing.o \
+ version.o \
+ version_features.o \
+ xtea.o \
+ # This line is intentionally left blank
include ../3rdparty/Makefile.inc
LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS)
-OBJS_X509= certs.o pkcs11.o x509.o \
- x509_create.o x509_crl.o x509_crt.o \
- x509_csr.o x509write_crt.o x509write_csr.o
+OBJS_X509= \
+ certs.o \
+ pkcs11.o \
+ x509.o \
+ x509_create.o \
+ x509_crl.o \
+ x509_crt.o \
+ x509_csr.o \
+ x509write_crt.o \
+ x509write_csr.o \
+ # This line is intentionally left blank
-OBJS_TLS= debug.o net_sockets.o \
- ssl_cache.o ssl_ciphersuites.o \
- ssl_cli.o ssl_cookie.o \
- ssl_msg.o \
- ssl_srv.o ssl_ticket.o \
- ssl_tls.o
+OBJS_TLS= \
+ debug.o \
+ net_sockets.o \
+ ssl_cache.o \
+ ssl_ciphersuites.o \
+ ssl_cli.o \
+ ssl_cookie.o \
+ ssl_msg.o \
+ ssl_srv.o \
+ ssl_ticket.o \
+ ssl_tls.o \
+ # This line is intentionally left blank
.SILENT:
@@ -201,8 +255,6 @@
echo " LD $@"
$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_CRYPTO) -lws2_32 -lwinmm -lgdi32 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
-libmbedcrypto.$(DLEXT): | libmbedcrypto.a
-
.c.o:
echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
diff --git a/library/ecp.c b/library/ecp.c
index ee0a460..d3e42a9 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -2016,6 +2016,20 @@
final_norm:
#endif
+ /*
+ * Knowledge of the jacobian coordinates may leak the last few bits of the
+ * scalar [1], and since our MPI implementation isn't constant-flow,
+ * inversion (used for coordinate normalization) may leak the full value
+ * of its input via side-channels [2].
+ *
+ * [1] https://eprint.iacr.org/2003/191
+ * [2] https://eprint.iacr.org/2020/055
+ *
+ * Avoid the leak by randomizing coordinates before we normalize them.
+ */
+ if( f_rng != 0 )
+ MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) );
+
MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV );
MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) );
@@ -2388,6 +2402,20 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
}
+ /*
+ * Knowledge of the projective coordinates may leak the last few bits of the
+ * scalar [1], and since our MPI implementation isn't constant-flow,
+ * inversion (used for coordinate normalization) may leak the full value
+ * of its input via side-channels [2].
+ *
+ * [1] https://eprint.iacr.org/2003/191
+ * [2] https://eprint.iacr.org/2020/055
+ *
+ * Avoid the leak by randomizing coordinates before we normalize them.
+ */
+ if( f_rng != NULL )
+ MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) );
+
MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) );
cleanup:
diff --git a/library/hkdf.c b/library/hkdf.c
index 379035d..82df597 100644
--- a/library/hkdf.c
+++ b/library/hkdf.c
@@ -115,7 +115,7 @@
n = okm_len / hash_len;
- if( (okm_len % hash_len) != 0 )
+ if( okm_len % hash_len != 0 )
{
n++;
}
@@ -131,11 +131,13 @@
mbedtls_md_init( &ctx );
- if( (ret = mbedtls_md_setup( &ctx, md, 1) ) != 0 )
+ if( ( ret = mbedtls_md_setup( &ctx, md, 1 ) ) != 0 )
{
goto exit;
}
+ memset( t, 0, hash_len );
+
/*
* Compute T = T(1) | T(2) | T(3) | ... | T(N)
* Where T(N) is defined in RFC 5869 Section 2.3
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index c0b440a..553e2b6 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1578,6 +1578,19 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) );
+ /* Check that there is enough room for:
+ * - 2 bytes of version
+ * - 1 byte of cookie_len
+ */
+ if( mbedtls_ssl_hs_hdr_len( ssl ) + 3 > ssl->in_msglen )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "incoming HelloVerifyRequest message is too short" ) );
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
/*
* struct {
* ProtocolVersion server_version;
@@ -1606,8 +1619,6 @@
}
cookie_len = *p++;
- MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
-
if( ( ssl->in_msg + ssl->in_msglen ) - p < cookie_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
@@ -1616,6 +1627,7 @@
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
+ MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
mbedtls_free( ssl->handshake->verify_cookie );
@@ -2344,7 +2356,7 @@
unsigned char *end )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
- size_t len;
+ uint16_t len;
((void) ssl);
/*
@@ -2361,7 +2373,7 @@
len = (*p)[0] << 8 | (*p)[1];
*p += 2;
- if( end - (*p) < (int) len )
+ if( end - (*p) < len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
"(psk_identity_hint length)" ) );
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 18fa555..976fc7b 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -214,7 +214,7 @@
size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl );
+ const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl );
if( max_len > mfl )
max_len = mfl;
@@ -3197,16 +3197,17 @@
* that looks like a ClientHello.
*
* - if the input looks like a ClientHello without cookies,
- * send back HelloVerifyRequest, then
- * return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
+ * send back HelloVerifyRequest, then return 0
* - if the input looks like a ClientHello with a valid cookie,
* reset the session of the current context, and
* return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
* - if anything goes wrong, return a specific error code
*
- * mbedtls_ssl_read_record() will ignore the record if anything else than
- * MBEDTLS_ERR_SSL_CLIENT_RECONNECT or 0 is returned, although this function
- * cannot not return 0.
+ * This function is called (through ssl_check_client_reconnect()) when an
+ * unexpected record is found in ssl_get_next_record(), which will discard the
+ * record if we return 0, and bubble up the return value otherwise (this
+ * includes the case of MBEDTLS_ERR_SSL_CLIENT_RECONNECT and of unexpected
+ * errors, and is the right thing to do in both cases).
*/
static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
{
@@ -3218,6 +3219,8 @@
{
/* If we can't use cookies to verify reachability of the peer,
* drop the record. */
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "no cookie callbacks, "
+ "can't check reconnect validity" ) );
return( 0 );
}
@@ -3233,16 +3236,23 @@
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
{
+ int send_ret;
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "sending HelloVerifyRequest" ) );
+ MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
+ ssl->out_buf, len );
/* Don't check write errors as we can't do anything here.
* If the error is permanent we'll catch it later,
* if it's not, then hopefully it'll work next time. */
- (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len );
- ret = 0;
+ send_ret = ssl->f_send( ssl->p_bio, ssl->out_buf, len );
+ MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", send_ret );
+ (void) send_ret;
+
+ return( 0 );
}
if( ret == 0 )
{
- /* Got a valid cookie, partially reset context */
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "cookie is valid, resetting context" ) );
if( ( ret = mbedtls_ssl_session_reset_int( ssl, 1 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret );
@@ -4415,6 +4425,7 @@
ssl->in_msglen = rec.data_len;
ret = ssl_check_client_reconnect( ssl );
+ MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_client_reconnect", ret );
if( ret != 0 )
return( ret );
#endif
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 469c67e..006bc69 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3812,7 +3812,7 @@
const unsigned char *end )
{
int ret = 0;
- size_t n;
+ uint16_t n;
if( ssl_conf_has_psk_or_cb( ssl->conf ) == 0 )
{
@@ -3832,7 +3832,7 @@
n = ( (*p)[0] << 8 ) | (*p)[1];
*p += 2;
- if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) )
+ if( n == 0 || n > end - *p )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 990fa5c..dbc5a3e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1514,9 +1514,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) );
- psk = ssl->conf->psk_opaque;
- if( handshake->psk_opaque != 0 )
- psk = handshake->psk_opaque;
+ psk = mbedtls_ssl_get_opaque_psk( ssl );
if( hash_alg == MBEDTLS_MD_SHA384 )
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
@@ -1850,14 +1848,18 @@
{
unsigned char *p = ssl->handshake->premaster;
unsigned char *end = p + sizeof( ssl->handshake->premaster );
- const unsigned char *psk = ssl->conf->psk;
- size_t psk_len = ssl->conf->psk_len;
+ const unsigned char *psk = NULL;
+ size_t psk_len = 0;
- /* If the psk callback was called, use its result */
- if( ssl->handshake->psk != NULL )
+ if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len )
+ == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
{
- psk = ssl->handshake->psk;
- psk_len = ssl->handshake->psk_len;
+ /*
+ * This should never happen because the existence of a PSK is always
+ * checked before calling this function
+ */
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
/*
@@ -3673,36 +3675,51 @@
/* If the buffers are too small - reallocate */
{
int modified = 0;
- if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN )
+ size_t written_in = 0;
+ size_t written_out = 0;
+ if( ssl->in_buf != NULL )
{
- if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN,
- &ssl->in_buf_len ) != 0 )
+ written_in = ssl->in_msg - ssl->in_buf;
+ if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", MBEDTLS_SSL_IN_BUFFER_LEN ) );
- modified = 1;
+ if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN,
+ &ssl->in_buf_len ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", MBEDTLS_SSL_IN_BUFFER_LEN ) );
+ modified = 1;
+ }
}
}
- if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN )
+
+ if( ssl->out_buf != NULL )
{
- if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN,
- &ssl->out_buf_len ) != 0 )
+ written_out = ssl->out_msg - ssl->out_buf;
+ if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", MBEDTLS_SSL_OUT_BUFFER_LEN ) );
- modified = 1;
+ if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN,
+ &ssl->out_buf_len ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", MBEDTLS_SSL_OUT_BUFFER_LEN ) );
+ modified = 1;
+ }
}
}
if( modified )
{
/* Update pointers here to avoid doing it twice. */
mbedtls_ssl_reset_in_out_pointers( ssl );
+ /* Fields below might not be properly updated with record
+ * splitting, so they are manually updated here. */
+ ssl->out_msg = ssl->out_buf + written_out;
+ ssl->in_msg = ssl->in_buf + written_in;
}
}
#endif
@@ -4889,7 +4906,42 @@
}
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
+size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl )
+{
+ size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN;
+ size_t read_mfl;
+
+ /* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+ ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE )
+ {
+ return ssl_mfl_code_to_length( ssl->conf->mfl_code );
+ }
+
+ /* Check if a smaller max length was negotiated */
+ if( ssl->session_out != NULL )
+ {
+ read_mfl = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
+ if( read_mfl < max_len )
+ {
+ max_len = read_mfl;
+ }
+ }
+
+ // During a handshake, use the value being negotiated
+ if( ssl->session_negotiate != NULL )
+ {
+ read_mfl = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
+ if( read_mfl < max_len )
+ {
+ max_len = read_mfl;
+ }
+ }
+
+ return( max_len );
+}
+
+size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl )
{
size_t max_len;
@@ -4914,6 +4966,13 @@
return( max_len );
}
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
+{
+ return mbedtls_ssl_get_output_max_frag_len( ssl );
+}
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -4946,7 +5005,7 @@
#endif
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl );
+ const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl );
if( max_len > mfl )
max_len = mfl;
@@ -5892,36 +5951,41 @@
uint32_t buf_len = mbedtls_ssl_get_input_buflen( ssl );
size_t written_in = 0;
size_t written_out = 0;
- if( ssl->in_buf != NULL &&
- ssl->in_buf_len > buf_len &&
- ssl->in_left < buf_len )
+ if( ssl->in_buf != NULL )
{
written_in = ssl->in_msg - ssl->in_buf;
- if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 )
+ if( ssl->in_buf_len > buf_len && ssl->in_left < buf_len )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", buf_len ) );
- modified = 1;
+ written_in = ssl->in_msg - ssl->in_buf;
+ if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", buf_len ) );
+ modified = 1;
+ }
}
}
+
buf_len = mbedtls_ssl_get_output_buflen( ssl );
- if( ssl->out_buf != NULL &&
- ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) &&
- ssl->out_left < buf_len )
+ if(ssl->out_buf != NULL )
{
written_out = ssl->out_msg - ssl->out_buf;
- if( resize_buffer( &ssl->out_buf, buf_len, &ssl->out_buf_len ) != 0 )
+ if( ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) &&
+ ssl->out_left < buf_len )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", buf_len ) );
- modified = 1;
+ if( resize_buffer( &ssl->out_buf, buf_len, &ssl->out_buf_len ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", buf_len ) );
+ modified = 1;
+ }
}
}
if( modified )
diff --git a/library/x509.c b/library/x509.c
index 7f8181b..c451332 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -1064,7 +1064,7 @@
mbedtls_x509_crt_free( &clicert );
#else
((void) verbose);
-#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA256_C */
return( ret );
}
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 1e47230..1e62ed5 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -524,6 +524,12 @@
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer
+ * overflow, which is an undefined behavior. */
+ if( *max_pathlen == INT_MAX )
+ return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+ MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+
(*max_pathlen)++;
return( 0 );
diff --git a/programs/.gitignore b/programs/.gitignore
index d19162d..53c1ed7 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -12,8 +12,8 @@
pkey/dh_client
pkey/dh_genprime
pkey/dh_server
-pkey/ecdsa
pkey/ecdh_curve25519
+pkey/ecdsa
pkey/gen_key
pkey/key_app
pkey/key_app_writer
@@ -30,36 +30,37 @@
pkey/rsa_verify
pkey/rsa_verify_pss
psa/crypto_examples
+psa/key_ladder_demo
psa/psa_constant_names
psa/psa_constant_names_generated.c
-psa/key_ladder_demo
random/gen_entropy
random/gen_random_ctr_drbg
random/gen_random_havege
ssl/dtls_client
ssl/dtls_server
+ssl/mini_client
ssl/ssl_client1
ssl/ssl_client2
+ssl/ssl_context_info
ssl/ssl_fork_server
ssl/ssl_mail_client
ssl/ssl_pthread_server
ssl/ssl_server
ssl/ssl_server2
-ssl/mini_client
test/benchmark
-test/ecp-bench
-test/selftest
test/cpp_dummy_build
+test/ecp-bench
+test/query_compile_time_config
+test/selftest
test/ssl_cert_test
test/udp_proxy
test/zeroize
-test/query_compile_time_config
util/pem2der
util/strerror
x509/cert_app
x509/cert_req
-x509/crl_app
x509/cert_write
+x509/crl_app
x509/req_app
# generated files
diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt
index 61f02e8..a8492c6 100644
--- a/programs/CMakeLists.txt
+++ b/programs/CMakeLists.txt
@@ -8,5 +8,5 @@
add_subdirectory(random)
add_subdirectory(ssl)
add_subdirectory(test)
-add_subdirectory(x509)
add_subdirectory(util)
+add_subdirectory(x509)
diff --git a/programs/Makefile b/programs/Makefile
index deb19b6..31e431b 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -53,8 +53,8 @@
APPS = \
aes/aescrypt2$(EXEXT) \
aes/crypt_and_hash$(EXEXT) \
- hash/hello$(EXEXT) \
hash/generic_sum$(EXEXT) \
+ hash/hello$(EXEXT) \
pkey/dh_client$(EXEXT) \
pkey/dh_genprime$(EXEXT) \
pkey/dh_server$(EXEXT) \
@@ -68,39 +68,40 @@
pkey/pk_encrypt$(EXEXT) \
pkey/pk_sign$(EXEXT) \
pkey/pk_verify$(EXEXT) \
- pkey/rsa_genkey$(EXEXT) \
pkey/rsa_decrypt$(EXEXT) \
pkey/rsa_encrypt$(EXEXT) \
+ pkey/rsa_genkey$(EXEXT) \
pkey/rsa_sign$(EXEXT) \
- pkey/rsa_verify$(EXEXT) \
pkey/rsa_sign_pss$(EXEXT) \
+ pkey/rsa_verify$(EXEXT) \
pkey/rsa_verify_pss$(EXEXT) \
psa/crypto_examples$(EXEXT) \
psa/key_ladder_demo$(EXEXT) \
psa/psa_constant_names$(EXEXT) \
+ random/gen_entropy$(EXEXT) \
+ random/gen_random_ctr_drbg$(EXEXT) \
+ random/gen_random_havege$(EXEXT) \
ssl/dtls_client$(EXEXT) \
ssl/dtls_server$(EXEXT) \
+ ssl/mini_client$(EXEXT) \
ssl/ssl_client1$(EXEXT) \
ssl/ssl_client2$(EXEXT) \
+ ssl/ssl_context_info$(EXEXT) \
+ ssl/ssl_fork_server$(EXEXT) \
+ ssl/ssl_mail_client$(EXEXT) \
ssl/ssl_server$(EXEXT) \
ssl/ssl_server2$(EXEXT) \
- ssl/ssl_fork_server$(EXEXT) \
- ssl/mini_client$(EXEXT) \
- ssl/ssl_mail_client$(EXEXT) \
- random/gen_entropy$(EXEXT) \
- random/gen_random_havege$(EXEXT) \
- random/gen_random_ctr_drbg$(EXEXT) \
test/benchmark$(EXEXT) \
+ test/query_compile_time_config$(EXEXT) \
test/selftest$(EXEXT) \
test/udp_proxy$(EXEXT) \
test/zeroize$(EXEXT) \
- test/query_compile_time_config$(EXEXT) \
util/pem2der$(EXEXT) \
util/strerror$(EXEXT) \
x509/cert_app$(EXEXT) \
- x509/crl_app$(EXEXT) \
x509/cert_req$(EXEXT) \
x509/cert_write$(EXEXT) \
+ x509/crl_app$(EXEXT) \
x509/req_app$(EXEXT) \
# End of APPS
@@ -282,6 +283,10 @@
echo " CC ssl/ssl_server2.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+ssl/ssl_context_info$(EXEXT): ssl/ssl_context_info.c test/query_config.c $(DEP)
+ echo " CC ssl/ssl_context_info.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_context_info.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
ssl/ssl_fork_server$(EXEXT): ssl/ssl_fork_server.c $(DEP)
echo " CC ssl/ssl_fork_server.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_fork_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index b851c31..9feb160 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -189,7 +189,7 @@
sig, &sig_len,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret );
goto exit;
}
mbedtls_printf( " ok (signature length = %u)\n", (unsigned int) sig_len );
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index f28a47d..32fb3c4 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -8,12 +8,12 @@
set(targets
dtls_client
dtls_server
+ mini_client
ssl_client1
ssl_client2
- ssl_server
ssl_fork_server
ssl_mail_client
- mini_client
+ ssl_server
)
if(USE_PKCS11_HELPER_LIBRARY)
@@ -44,6 +44,9 @@
target_sources(ssl_server2 PUBLIC ../test/query_config.c)
target_link_libraries(ssl_server2 ${libs})
+add_executable(ssl_context_info ssl_context_info.c)
+target_link_libraries(ssl_context_info ${libs})
+
add_executable(ssl_fork_server ssl_fork_server.c)
target_link_libraries(ssl_fork_server ${libs})
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d6c3d77..f6284fe 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2553,8 +2553,10 @@
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- mbedtls_printf( " [ Maximum fragment length is %u ]\n",
- (unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
+ mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
+ mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
#endif
#if defined(MBEDTLS_SSL_ALPN)
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
new file mode 100644
index 0000000..9bea31c
--- /dev/null
+++ b/programs/ssl/ssl_context_info.c
@@ -0,0 +1,1112 @@
+/*
+ * MbedTLS SSL context deserializer from base64 code
+ *
+ * Copyright (C) 2006-2020, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_ERROR_C)
+int main( void )
+{
+ printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_ERROR_C not defined.\n");
+ return( 0 );
+}
+#else
+
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <stdint.h>
+#include <stdarg.h>
+#include <string.h>
+#include <time.h>
+#include "mbedtls/ssl.h"
+#include "mbedtls/error.h"
+#include "mbedtls/base64.h"
+#include "mbedtls/md.h"
+#include "mbedtls/md_internal.h"
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/ssl_ciphersuites.h"
+
+/*
+ * This program version
+ */
+#define PROG_NAME "ssl_context_info"
+#define VER_MAJOR 0
+#define VER_MINOR 1
+
+/*
+ * Flags copied from the Mbed TLS library.
+ */
+#define SESSION_CONFIG_TIME_BIT ( 1 << 0 )
+#define SESSION_CONFIG_CRT_BIT ( 1 << 1 )
+#define SESSION_CONFIG_CLIENT_TICKET_BIT ( 1 << 2 )
+#define SESSION_CONFIG_MFL_BIT ( 1 << 3 )
+#define SESSION_CONFIG_TRUNC_HMAC_BIT ( 1 << 4 )
+#define SESSION_CONFIG_ETM_BIT ( 1 << 5 )
+#define SESSION_CONFIG_TICKET_BIT ( 1 << 6 )
+
+#define CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT ( 1 << 0 )
+#define CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT ( 1 << 1 )
+#define CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT ( 1 << 2 )
+#define CONTEXT_CONFIG_ALPN_BIT ( 1 << 3 )
+
+#define TRANSFORM_RANDBYTE_LEN 64
+
+/*
+ * Minimum and maximum number of bytes for specific data: context, sessions,
+ * certificates, tickets and buffers in the program. The context and session
+ * size values have been calculated based on the 'print_deserialized_ssl_context()'
+ * and 'print_deserialized_ssl_session()' content.
+ */
+#define MIN_CONTEXT_LEN 84
+#define MIN_SESSION_LEN 88
+
+#define MAX_CONTEXT_LEN 875 /* without session data */
+#define MAX_SESSION_LEN 109 /* without certificate and ticket data */
+#define MAX_CERTIFICATE_LEN ( ( 1 << 24 ) - 1 )
+#define MAX_TICKET_LEN ( ( 1 << 24 ) - 1 )
+
+#define MIN_SERIALIZED_DATA ( MIN_CONTEXT_LEN + MIN_SESSION_LEN )
+#define MAX_SERIALIZED_DATA ( MAX_CONTEXT_LEN + MAX_SESSION_LEN + \
+ MAX_CERTIFICATE_LEN + MAX_TICKET_LEN )
+
+#define MIN_BASE64_LEN ( MIN_SERIALIZED_DATA * 4 / 3 )
+#define MAX_BASE64_LEN ( MAX_SERIALIZED_DATA * 4 / 3 + 3 )
+
+/*
+ * A macro that prevents from reading out of the ssl buffer range.
+ */
+#define CHECK_SSL_END( LEN ) \
+do \
+{ \
+ if( end - ssl < (int)( LEN ) ) \
+ { \
+ printf_err( "%s", buf_ln_err ); \
+ return; \
+ } \
+} while( 0 )
+
+/*
+ * Global values
+ */
+FILE *b64_file = NULL; /* file with base64 codes to deserialize */
+char conf_keep_peer_certificate = 1; /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE from mbedTLS configuration */
+char conf_dtls_proto = 1; /* MBEDTLS_SSL_PROTO_DTLS from mbedTLS configuration */
+char debug = 0; /* flag for debug messages */
+const char alloc_err[] = "Cannot allocate memory\n";
+const char buf_ln_err[] = "Buffer does not have enough data to complete the parsing\n";
+
+/*
+ * Basic printing functions
+ */
+void print_version( )
+{
+ printf( "%s v%d.%d\n", PROG_NAME, VER_MAJOR, VER_MINOR );
+}
+
+void print_usage( )
+{
+ print_version();
+ printf( "\nThis program is used to deserialize an Mbed TLS SSL session from the base64 code provided\n"
+ "in the text file. The program can deserialize many codes from one file, but they must be\n"
+ "separated, e.g. by a newline.\n\n" );
+ printf(
+ "Usage:\n"
+ "\t-f path - Path to the file with base64 code\n"
+ "\t-v - Show version\n"
+ "\t-h - Show this usage\n"
+ "\t-d - Print more information\n"
+ "\t--keep-peer-cert=0 - Use this option if you know that the Mbed TLS library\n"
+ "\t has been compiled with the MBEDTLS_SSL_KEEP_PEER_CERTIFICATE\n"
+ "\t flag. You can also use it if there are some problems with reading\n"
+ "\t the information about certificate\n"
+ "\t--dtls-protocol=0 - Use this option if you know that the Mbed TLS library\n"
+ "\t has been compiled without the MBEDTLS_SSL_PROTO_DTLS flag\n"
+ "\n"
+ );
+}
+
+void printf_dbg( const char *str, ... )
+{
+ if( debug )
+ {
+ va_list args;
+ va_start( args, str );
+ printf( "debug: " );
+ vprintf( str, args );
+ fflush( stdout );
+ va_end( args );
+ }
+}
+
+void printf_err( const char *str, ... )
+{
+ va_list args;
+ va_start( args, str );
+ fflush( stdout );
+ fprintf( stderr, "ERROR: " );
+ vfprintf( stderr, str, args );
+ fflush( stderr );
+ va_end( args );
+}
+
+/*
+ * Exit from the program in case of error
+ */
+void error_exit()
+{
+ if( NULL != b64_file )
+ {
+ fclose( b64_file );
+ }
+ exit( -1 );
+}
+
+/*
+ * This function takes the input arguments of this program
+ */
+void parse_arguments( int argc, char *argv[] )
+{
+ int i = 1;
+
+ if( argc < 2 )
+ {
+ print_usage();
+ error_exit();
+ }
+
+ while( i < argc )
+ {
+ if( strcmp( argv[i], "-d" ) == 0 )
+ {
+ debug = 1;
+ }
+ else if( strcmp( argv[i], "-h" ) == 0 )
+ {
+ print_usage();
+ }
+ else if( strcmp( argv[i], "-v" ) == 0 )
+ {
+ print_version();
+ }
+ else if( strcmp( argv[i], "-f" ) == 0 )
+ {
+ if( ++i >= argc )
+ {
+ printf_err( "File path is empty\n" );
+ error_exit();
+ }
+
+ if( ( b64_file = fopen( argv[i], "r" ) ) == NULL )
+ {
+ printf_err( "Cannot find file \"%s\"\n", argv[i] );
+ error_exit();
+ }
+ }
+ else if( strcmp( argv[i], "--keep-peer-cert=0" ) == 0 )
+ {
+ conf_keep_peer_certificate = 0;
+ }
+ else if( strcmp( argv[i], "--dtls-protocol=0" ) == 0 )
+ {
+ conf_dtls_proto = 0;
+ }
+ else
+ {
+ print_usage();
+ error_exit();
+ }
+
+ i++;
+ }
+}
+
+/*
+ * This function prints base64 code to the stdout
+ */
+void print_b64( const uint8_t *b, size_t len )
+{
+ size_t i = 0;
+ const uint8_t *end = b + len;
+ printf("\t");
+ while( b < end )
+ {
+ if( ++i > 75 )
+ {
+ printf( "\n\t" );
+ i = 0;
+ }
+ printf( "%c", *b++ );
+ }
+ printf( "\n" );
+ fflush( stdout );
+}
+
+/*
+ * This function prints hex code from the buffer to the stdout.
+ *
+ * /p b buffer with data to print
+ * /p len number of bytes to print
+ * /p in_line number of bytes in one line
+ * /p prefix prefix for the new lines
+ */
+void print_hex( const uint8_t *b, size_t len,
+ const size_t in_line, const char *prefix )
+{
+ size_t i = 0;
+ const uint8_t *end = b + len;
+
+ if( prefix == NULL )
+ {
+ prefix = "";
+ }
+
+ while( b < end )
+ {
+ if( ++i > in_line )
+ {
+ printf( "\n%s", prefix );
+ i = 1;
+ }
+ printf( "%02X ", (uint8_t) *b++ );
+ }
+ printf("\n");
+ fflush(stdout);
+}
+
+/*
+ * Print the value of time_t in format e.g. 2020-01-23 13:05:59
+ */
+void print_time( const time_t *time )
+{
+ char buf[20];
+ struct tm *t = gmtime( time );
+ static const char format[] = "%Y-%m-%d %H:%M:%S";
+ if( NULL != t )
+ {
+ strftime( buf, sizeof( buf ), format, t );
+ printf( "%s\n", buf );
+ }
+ else
+ {
+ printf( "unknown\n" );
+ }
+}
+
+/*
+ * Print the input string if the bit is set in the value
+ */
+void print_if_bit( const char *str, int bit, int val )
+{
+ if( bit & val )
+ {
+ printf( "\t%s\n", str );
+ }
+}
+
+/*
+ * Return pointer to hardcoded "enabled" or "disabled" depending on the input value
+ */
+const char * get_enabled_str( int is_en )
+{
+ return ( is_en ) ? "enabled" : "disabled";
+}
+
+/*
+ * Return pointer to hardcoded MFL string value depending on the MFL code at the input
+ */
+const char * get_mfl_str( int mfl_code )
+{
+ switch( mfl_code )
+ {
+ case MBEDTLS_SSL_MAX_FRAG_LEN_NONE:
+ return "none";
+ case MBEDTLS_SSL_MAX_FRAG_LEN_512:
+ return "512";
+ case MBEDTLS_SSL_MAX_FRAG_LEN_1024:
+ return "1024";
+ case MBEDTLS_SSL_MAX_FRAG_LEN_2048:
+ return "2048";
+ case MBEDTLS_SSL_MAX_FRAG_LEN_4096:
+ return "4096";
+ default:
+ return "error";
+ }
+}
+
+/*
+ * Read next base64 code from the 'b64_file'. The 'b64_file' must be opened
+ * previously. After each call to this function, the internal file position
+ * indicator of the global b64_file is advanced.
+ *
+ * Note - This function checks the size of the input buffer and if necessary,
+ * increases it to the maximum MAX_BASE64_LEN
+ *
+ * /p b64 pointer to the pointer of the buffer for input data
+ * /p max_len pointer to the current buffer capacity. It can be changed if
+ * the buffer needs to be increased
+ *
+ * \retval number of bytes written in to the b64 buffer or 0 in case no more
+ * data was found
+ */
+size_t read_next_b64_code( uint8_t **b64, size_t *max_len )
+{
+ int valid_balance = 0; /* balance between valid and invalid characters */
+ size_t len = 0;
+ char pad = 0;
+ char c = 0;
+
+ while( EOF != c )
+ {
+ char c_valid = 0;
+
+ c = (char) fgetc( b64_file );
+
+ if( pad > 0 )
+ {
+ if( c == '=' && pad == 1 )
+ {
+ c_valid = 1;
+ pad = 2;
+ }
+ }
+ else if( ( c >= 'A' && c <= 'Z' ) ||
+ ( c >= 'a' && c <= 'z' ) ||
+ ( c >= '0' && c <= '9' ) ||
+ c == '+' || c == '/' )
+ {
+ c_valid = 1;
+ }
+ else if( c == '=' )
+ {
+ c_valid = 1;
+ pad = 1;
+ }
+ else if( c == '-' )
+ {
+ c = '+';
+ c_valid = 1;
+ }
+ else if( c == '_' )
+ {
+ c = '/';
+ c_valid = 1;
+ }
+
+ if( c_valid )
+ {
+ /* A string of characters that could be a base64 code. */
+ valid_balance++;
+
+ if( len < *max_len )
+ {
+ ( *b64 )[ len++ ] = c;
+ }
+ else if( *max_len < MAX_BASE64_LEN )
+ {
+ /* Current buffer is too small, but can be resized. */
+ void *ptr;
+ size_t new_size = ( MAX_BASE64_LEN - 4096 > *max_len ) ?
+ *max_len + 4096 : MAX_BASE64_LEN;
+
+ ptr = realloc( *b64, new_size );
+ if( NULL == ptr )
+ {
+ printf_err( alloc_err );
+ return 0;
+ }
+ *b64 = ptr;
+ *max_len = new_size;
+ ( *b64 )[ len++ ] = c;
+ }
+ else
+ {
+ /* Too much data so it will be treated as invalid */
+ len++;
+ }
+ }
+ else if( len > 0 )
+ {
+ /* End of a string that could be a base64 code, but need to check
+ * that the length of the characters is correct. */
+
+ valid_balance--;
+
+ if( len < MIN_CONTEXT_LEN )
+ {
+ printf_dbg( "The code found is too small to be a SSL context.\n" );
+ len = pad = 0;
+ }
+ else if( len > *max_len )
+ {
+ printf_err( "The code found is too large by %u bytes.\n", len - *max_len );
+ len = pad = 0;
+ }
+ else if( len % 4 != 0 )
+ {
+ printf_err( "The length of the base64 code found should be a multiple of 4.\n" );
+ len = pad = 0;
+ }
+ else
+ {
+ /* Base64 code with valid character length. */
+ return len;
+ }
+ }
+ else
+ {
+ valid_balance--;
+ }
+
+ /* Detection of potentially wrong file format like: binary, zip, ISO, etc. */
+ if( valid_balance < -100 )
+ {
+ printf_err( "Too many bad symbols detected. File check aborted.\n" );
+ return 0;
+ }
+ }
+
+ printf_dbg( "End of file\n" );
+ return 0;
+}
+
+/*
+ * This function deserializes and prints to the stdout all obtained information
+ * about the certificates from provided data.
+ *
+ * /p ssl pointer to serialized certificate
+ * /p len number of bytes in the buffer
+*/
+void print_deserialized_ssl_cert( const uint8_t *ssl, uint32_t len )
+{
+ enum { STRLEN = 4096 };
+ mbedtls_x509_crt crt;
+ int ret;
+ char str[STRLEN];
+
+ printf( "\nCertificate:\n" );
+
+ mbedtls_x509_crt_init( &crt );
+ ret = mbedtls_x509_crt_parse_der( &crt, ssl, len );
+ if( 0 != ret )
+ {
+ mbedtls_strerror( ret, str, STRLEN );
+ printf_err( "Invalid format of X.509 - %s\n", str );
+ printf( "Cannot deserialize:\n\t" );
+ print_hex( ssl, len, 25, "\t" );
+ }
+ else
+ {
+ mbedtls_x509_crt *current = &crt;
+
+ while( current != NULL )
+ {
+ ret = mbedtls_x509_crt_info( str, STRLEN, "\t", current );
+ if( 0 > ret )
+ {
+ mbedtls_strerror( ret, str, STRLEN );
+ printf_err( "Cannot write to the output - %s\n", str );
+ }
+ else
+ {
+ printf( "%s", str );
+ }
+
+ current = current->next;
+
+ if( current )
+ {
+ printf( "\n" );
+ }
+
+ }
+ }
+
+ mbedtls_x509_crt_free( &crt );
+}
+
+/*
+ * This function deserializes and prints to the stdout all obtained information
+ * about the session from provided data. This function was built based on
+ * mbedtls_ssl_session_load(). mbedtls_ssl_session_load() could not be used
+ * due to dependencies on the mbedTLS configuration.
+ *
+ * The data structure in the buffer:
+ * uint64 start_time;
+ * uint8 ciphersuite[2]; // defined by the standard
+ * uint8 compression; // 0 or 1
+ * uint8 session_id_len; // at most 32
+ * opaque session_id[32];
+ * opaque master[48]; // fixed length in the standard
+ * uint32 verify_result;
+ * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert
+ * opaque ticket<0..2^24-1>; // length 0 means no ticket
+ * uint32 ticket_lifetime;
+ * uint8 mfl_code; // up to 255 according to standard
+ * uint8 trunc_hmac; // 0 or 1
+ * uint8 encrypt_then_mac; // 0 or 1
+ *
+ * /p ssl pointer to serialized session
+ * /p len number of bytes in the buffer
+ * /p session_cfg_flag session configuration flags
+ */
+void print_deserialized_ssl_session( const uint8_t *ssl, uint32_t len,
+ int session_cfg_flag )
+{
+ const struct mbedtls_ssl_ciphersuite_t * ciphersuite_info;
+ int ciphersuite_id;
+ uint32_t cert_len, ticket_len;
+ uint32_t verify_result, ticket_lifetime;
+ const uint8_t *end = ssl + len;
+
+ printf( "\nSession info:\n" );
+
+ if( session_cfg_flag & SESSION_CONFIG_TIME_BIT )
+ {
+ uint64_t start;
+ CHECK_SSL_END( 8 );
+ start = ( (uint64_t) ssl[0] << 56 ) |
+ ( (uint64_t) ssl[1] << 48 ) |
+ ( (uint64_t) ssl[2] << 40 ) |
+ ( (uint64_t) ssl[3] << 32 ) |
+ ( (uint64_t) ssl[4] << 24 ) |
+ ( (uint64_t) ssl[5] << 16 ) |
+ ( (uint64_t) ssl[6] << 8 ) |
+ ( (uint64_t) ssl[7] );
+ ssl += 8;
+ printf( "\tstart time : " );
+ print_time( (time_t*) &start );
+ }
+
+ CHECK_SSL_END( 2 );
+ ciphersuite_id = ( (int) ssl[0] << 8 ) | (int) ssl[1];
+ printf_dbg( "Ciphersuite ID: %d\n", ciphersuite_id );
+ ssl += 2;
+
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
+ if( ciphersuite_info == NULL )
+ {
+ printf_err( "Cannot find ciphersuite info\n" );
+ }
+ else
+ {
+ const mbedtls_cipher_info_t *cipher_info;
+ const mbedtls_md_info_t *md_info;
+
+ printf( "\tciphersuite : %s\n", ciphersuite_info->name );
+ printf( "\tcipher flags : 0x%02X\n", ciphersuite_info->flags );
+
+ cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
+ if( cipher_info == NULL )
+ {
+ printf_err( "Cannot find cipher info\n" );
+ }
+ else
+ {
+ printf( "\tcipher : %s\n", cipher_info->name );
+ }
+
+ md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
+ if( md_info == NULL )
+ {
+ printf_err( "Cannot find Message-Digest info\n" );
+ }
+ else
+ {
+ printf( "\tMessage-Digest : %s\n", md_info->name );
+ }
+ }
+
+ CHECK_SSL_END( 1 );
+ printf( "\tcompression : %s\n", get_enabled_str( *ssl++ ) );
+
+ /* Note - Here we can get session ID length from serialized data, but we
+ * use hardcoded 32-bytes length. This approach was taken from
+ * 'mbedtls_ssl_session_load()'. */
+ CHECK_SSL_END( 1 + 32 );
+ printf_dbg( "Session id length: %u\n", (uint32_t) *ssl++ );
+ printf( "\tsession ID : ");
+ print_hex( ssl, 32, 16, "\t " );
+ ssl += 32;
+
+ printf( "\tmaster secret : ");
+ CHECK_SSL_END( 48 );
+ print_hex( ssl, 48, 16, "\t " );
+ ssl += 48;
+
+ CHECK_SSL_END( 4 );
+ verify_result = ( (uint32_t) ssl[0] << 24 ) |
+ ( (uint32_t) ssl[1] << 16 ) |
+ ( (uint32_t) ssl[2] << 8 ) |
+ ( (uint32_t) ssl[3] );
+ ssl += 4;
+ printf( "\tverify result : 0x%08X\n", verify_result );
+
+ if( SESSION_CONFIG_CRT_BIT & session_cfg_flag )
+ {
+ if( conf_keep_peer_certificate )
+ {
+ CHECK_SSL_END( 3 );
+ cert_len = ( (uint32_t) ssl[0] << 16 ) |
+ ( (uint32_t) ssl[1] << 8 ) |
+ ( (uint32_t) ssl[2] );
+ ssl += 3;
+ printf_dbg( "Certificate length: %u\n", cert_len );
+
+ if( cert_len > 0 )
+ {
+ CHECK_SSL_END( cert_len );
+ print_deserialized_ssl_cert( ssl, cert_len );
+ ssl += cert_len;
+ }
+ }
+ else
+ {
+ printf( "\tPeer digest : " );
+
+ CHECK_SSL_END( 1 );
+ switch( (mbedtls_md_type_t) *ssl++ )
+ {
+ case MBEDTLS_MD_NONE:
+ printf( "none\n" );
+ break;
+ case MBEDTLS_MD_MD2:
+ printf( "MD2\n" );
+ break;
+ case MBEDTLS_MD_MD4:
+ printf( "MD4\n" );
+ break;
+ case MBEDTLS_MD_MD5:
+ printf( "MD5\n" );
+ break;
+ case MBEDTLS_MD_SHA1:
+ printf( "SHA1\n" );
+ break;
+ case MBEDTLS_MD_SHA224:
+ printf( "SHA224\n" );
+ break;
+ case MBEDTLS_MD_SHA256:
+ printf( "SHA256\n" );
+ break;
+ case MBEDTLS_MD_SHA384:
+ printf( "SHA384\n" );
+ break;
+ case MBEDTLS_MD_SHA512:
+ printf( "SHA512\n" );
+ break;
+ case MBEDTLS_MD_RIPEMD160:
+ printf( "RIPEMD160\n" );
+ break;
+ default:
+ printf( "undefined or erroneous\n" );
+ break;
+ }
+
+ CHECK_SSL_END( 1 );
+ cert_len = (uint32_t) *ssl++;
+ printf_dbg( "Message-Digest length: %u\n", cert_len );
+
+ if( cert_len > 0 )
+ {
+ printf( "\tPeer digest cert : " );
+ CHECK_SSL_END( cert_len );
+ print_hex( ssl, cert_len, 16, "\t " );
+ ssl += cert_len;
+ }
+ }
+ }
+
+ if( SESSION_CONFIG_CLIENT_TICKET_BIT & session_cfg_flag )
+ {
+ printf( "\nTicket:\n" );
+
+ CHECK_SSL_END( 3 );
+ ticket_len = ( (uint32_t) ssl[0] << 16 ) |
+ ( (uint32_t) ssl[1] << 8 ) |
+ ( (uint32_t) ssl[2] );
+ ssl += 3;
+ printf_dbg( "Ticket length: %u\n", ticket_len );
+
+ if( ticket_len > 0 )
+ {
+ printf( "\t" );
+ CHECK_SSL_END( ticket_len );
+ print_hex( ssl, ticket_len, 22, "\t" );
+ ssl += ticket_len;
+ printf( "\n" );
+ }
+
+ CHECK_SSL_END( 4 );
+ ticket_lifetime = ( (uint32_t) ssl[0] << 24 ) |
+ ( (uint32_t) ssl[1] << 16 ) |
+ ( (uint32_t) ssl[2] << 8 ) |
+ ( (uint32_t) ssl[3] );
+ ssl += 4;
+ printf( "\tlifetime : %u sec.\n", ticket_lifetime );
+ }
+
+ if( ssl < end )
+ {
+ printf( "\nSession others:\n" );
+ }
+
+ if( SESSION_CONFIG_MFL_BIT & session_cfg_flag )
+ {
+ CHECK_SSL_END( 1 );
+ printf( "\tMFL : %s\n", get_mfl_str( *ssl++ ) );
+ }
+
+ if( SESSION_CONFIG_TRUNC_HMAC_BIT & session_cfg_flag )
+ {
+ CHECK_SSL_END( 1 );
+ printf( "\tnegotiate truncated HMAC : %s\n", get_enabled_str( *ssl++ ) );
+ }
+
+ if( SESSION_CONFIG_ETM_BIT & session_cfg_flag )
+ {
+ CHECK_SSL_END( 1 );
+ printf( "\tEncrypt-then-MAC : %s\n", get_enabled_str( *ssl++ ) );
+ }
+
+ if( 0 != ( end - ssl ) )
+ {
+ printf_err( "%i bytes left to analyze from session\n", (int32_t)( end - ssl ) );
+ }
+}
+
+/*
+ * This function deserializes and prints to the stdout all obtained information
+ * about the context from provided data. This function was built based on
+ * mbedtls_ssl_context_load(). mbedtls_ssl_context_load() could not be used
+ * due to dependencies on the mbedTLS configuration and the configuration of
+ * the context when serialization was created.
+ *
+ * The data structure in the buffer:
+ * // header
+ * uint8 version[3];
+ * uint8 configuration[5];
+ * // session sub-structure
+ * uint32_t session_len;
+ * opaque session<1..2^32-1>; // see mbedtls_ssl_session_save()
+ * // transform sub-structure
+ * uint8 random[64]; // ServerHello.random+ClientHello.random
+ * uint8 in_cid_len;
+ * uint8 in_cid<0..2^8-1> // Connection ID: expected incoming value
+ * uint8 out_cid_len;
+ * uint8 out_cid<0..2^8-1> // Connection ID: outgoing value to use
+ * // fields from ssl_context
+ * uint32 badmac_seen; // DTLS: number of records with failing MAC
+ * uint64 in_window_top; // DTLS: last validated record seq_num
+ * uint64 in_window; // DTLS: bitmask for replay protection
+ * uint8 disable_datagram_packing; // DTLS: only one record per datagram
+ * uint64 cur_out_ctr; // Record layer: outgoing sequence number
+ * uint16 mtu; // DTLS: path mtu (max outgoing fragment size)
+ * uint8 alpn_chosen_len;
+ * uint8 alpn_chosen<0..2^8-1> // ALPN: negotiated application protocol
+ *
+ * /p ssl pointer to serialized session
+ * /p len number of bytes in the buffer
+ */
+void print_deserialized_ssl_context( const uint8_t *ssl, size_t len )
+{
+ const uint8_t *end = ssl + len;
+ uint32_t session_len;
+ int session_cfg_flag;
+ int context_cfg_flag;
+
+ printf( "\nMbed TLS version:\n" );
+
+ CHECK_SSL_END( 3 + 2 + 3 );
+
+ printf( "\tmajor %u\n", (uint32_t) *ssl++ );
+ printf( "\tminor %u\n", (uint32_t) *ssl++ );
+ printf( "\tpath %u\n", (uint32_t) *ssl++ );
+
+ printf( "\nEnabled session and context configuration:\n" );
+
+ session_cfg_flag = ( (int) ssl[0] << 8 ) | ( (int) ssl[1] );
+ ssl += 2;
+
+ context_cfg_flag = ( (int) ssl[0] << 16 ) |
+ ( (int) ssl[1] << 8 ) |
+ ( (int) ssl[2] ) ;
+ ssl += 3;
+
+ printf_dbg( "Session config flags 0x%04X\n", session_cfg_flag );
+ printf_dbg( "Context config flags 0x%06X\n", context_cfg_flag );
+
+ print_if_bit( "MBEDTLS_HAVE_TIME", SESSION_CONFIG_TIME_BIT, session_cfg_flag );
+ print_if_bit( "MBEDTLS_X509_CRT_PARSE_C", SESSION_CONFIG_CRT_BIT, session_cfg_flag );
+ print_if_bit( "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH", SESSION_CONFIG_MFL_BIT, session_cfg_flag );
+ print_if_bit( "MBEDTLS_SSL_TRUNCATED_HMAC", SESSION_CONFIG_TRUNC_HMAC_BIT, session_cfg_flag );
+ print_if_bit( "MBEDTLS_SSL_ENCRYPT_THEN_MAC", SESSION_CONFIG_ETM_BIT, session_cfg_flag );
+ print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS", SESSION_CONFIG_TICKET_BIT, session_cfg_flag );
+ print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS and client", SESSION_CONFIG_CLIENT_TICKET_BIT, session_cfg_flag );
+
+ print_if_bit( "MBEDTLS_SSL_DTLS_CONNECTION_ID", CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT, context_cfg_flag );
+ print_if_bit( "MBEDTLS_SSL_DTLS_BADMAC_LIMIT", CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT, context_cfg_flag );
+ print_if_bit( "MBEDTLS_SSL_DTLS_ANTI_REPLAY", CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT, context_cfg_flag );
+ print_if_bit( "MBEDTLS_SSL_ALPN", CONTEXT_CONFIG_ALPN_BIT, context_cfg_flag );
+
+ CHECK_SSL_END( 4 );
+ session_len = ( (uint32_t) ssl[0] << 24 ) |
+ ( (uint32_t) ssl[1] << 16 ) |
+ ( (uint32_t) ssl[2] << 8 ) |
+ ( (uint32_t) ssl[3] );
+ ssl += 4;
+ printf_dbg( "Session length %u\n", session_len );
+
+ CHECK_SSL_END( session_len );
+ print_deserialized_ssl_session( ssl, session_len, session_cfg_flag );
+ ssl += session_len;
+
+ printf( "\nRandom bytes:\n\t");
+
+ CHECK_SSL_END( TRANSFORM_RANDBYTE_LEN );
+ print_hex( ssl, TRANSFORM_RANDBYTE_LEN, 22, "\t" );
+ ssl += TRANSFORM_RANDBYTE_LEN;
+
+ printf( "\nContext others:\n" );
+
+ if( CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT & context_cfg_flag )
+ {
+ uint8_t cid_len;
+
+ CHECK_SSL_END( 1 );
+ cid_len = *ssl++;
+ printf_dbg( "In CID length %u\n", (uint32_t) cid_len );
+
+ printf( "\tin CID : " );
+ if( cid_len > 0 )
+ {
+ CHECK_SSL_END( cid_len );
+ print_hex( ssl, cid_len, 20, "\t" );
+ ssl += cid_len;
+ }
+ else
+ {
+ printf( "none\n" );
+ }
+
+ CHECK_SSL_END( 1 );
+ cid_len = *ssl++;
+ printf_dbg( "Out CID length %u\n", (uint32_t) cid_len );
+
+ printf( "\tout CID : " );
+ if( cid_len > 0 )
+ {
+ CHECK_SSL_END( cid_len );
+ print_hex( ssl, cid_len, 20, "\t" );
+ ssl += cid_len;
+ }
+ else
+ {
+ printf( "none\n" );
+ }
+ }
+
+ if( CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT & context_cfg_flag )
+ {
+ uint32_t badmac_seen;
+
+ CHECK_SSL_END( 4 );
+ badmac_seen = ( (uint32_t) ssl[0] << 24 ) |
+ ( (uint32_t) ssl[1] << 16 ) |
+ ( (uint32_t) ssl[2] << 8 ) |
+ ( (uint32_t) ssl[3] );
+ ssl += 4;
+ printf( "\tbad MAC seen number : %u\n", badmac_seen );
+
+ /* value 'in_window_top' from mbedtls_ssl_context */
+ printf( "\tlast validated record sequence no. : " );
+ CHECK_SSL_END( 8 );
+ print_hex( ssl, 8, 20, "" );
+ ssl += 8;
+
+ /* value 'in_window' from mbedtls_ssl_context */
+ printf( "\tbitmask for replay detection : " );
+ CHECK_SSL_END( 8 );
+ print_hex( ssl, 8, 20, "" );
+ ssl += 8;
+ }
+
+ if( conf_dtls_proto )
+ {
+ CHECK_SSL_END( 1 );
+ printf( "\tDTLS datagram packing : %s\n",
+ get_enabled_str( ! ( *ssl++ ) ) );
+ }
+
+ /* value 'cur_out_ctr' from mbedtls_ssl_context */
+ printf( "\toutgoing record sequence no. : ");
+ CHECK_SSL_END( 8 );
+ print_hex( ssl, 8, 20, "" );
+ ssl += 8;
+
+ if( conf_dtls_proto )
+ {
+ uint16_t mtu;
+ CHECK_SSL_END( 2 );
+ mtu = ( ssl[0] << 8 ) | ssl[1];
+ ssl += 2;
+ printf( "\tMTU : %u\n", mtu );
+ }
+
+
+ if( CONTEXT_CONFIG_ALPN_BIT & context_cfg_flag )
+ {
+ uint8_t alpn_len;
+
+ CHECK_SSL_END( 1 );
+ alpn_len = *ssl++;
+ printf_dbg( "ALPN length %u\n", (uint32_t) alpn_len );
+
+ printf( "\tALPN negotiation : " );
+ CHECK_SSL_END( alpn_len );
+ if( alpn_len > 0 )
+ {
+ if( strlen( (const char*) ssl ) == alpn_len )
+ {
+ printf( "%s\n", ssl );
+ }
+ else
+ {
+ printf( "\n" );
+ printf_err( "\tALPN negotiation is incorrect\n" );
+ }
+ ssl += alpn_len;
+ }
+ else
+ {
+ printf( "not selected\n" );
+ }
+ }
+
+ if( 0 != ( end - ssl ) )
+ {
+ printf_err( "%i bytes left to analyze from context\n", (int32_t)( end - ssl ) );
+ }
+ printf( "\n" );
+}
+
+int main( int argc, char *argv[] )
+{
+ enum { SSL_INIT_LEN = 4096 };
+
+ uint32_t b64_counter = 0;
+ uint8_t *b64_buf = NULL;
+ uint8_t *ssl_buf = NULL;
+ size_t b64_max_len = SSL_INIT_LEN;
+ size_t ssl_max_len = SSL_INIT_LEN;
+ size_t ssl_len = 0;
+
+ /* The 'b64_file' is opened when parsing arguments to check that the
+ * file name is correct */
+ parse_arguments( argc, argv );
+
+ if( NULL != b64_file )
+ {
+ b64_buf = malloc( SSL_INIT_LEN );
+ ssl_buf = malloc( SSL_INIT_LEN );
+
+ if( NULL == b64_buf || NULL == ssl_buf )
+ {
+ printf_err( alloc_err );
+ fclose( b64_file );
+ b64_file = NULL;
+ }
+ }
+
+ while( NULL != b64_file )
+ {
+ size_t b64_len = read_next_b64_code( &b64_buf, &b64_max_len );
+ if( b64_len > 0)
+ {
+ int ret;
+ size_t ssl_required_len = b64_len * 3 / 4 + 1;
+
+ /* Allocate more memory if necessary. */
+ if( ssl_required_len > ssl_max_len )
+ {
+ void *ptr = realloc( ssl_buf, ssl_required_len );
+ if( NULL == ptr )
+ {
+ printf_err( alloc_err );
+ fclose( b64_file );
+ b64_file = NULL;
+ break;
+ }
+ ssl_buf = ptr;
+ ssl_max_len = ssl_required_len;
+ }
+
+ printf( "\nDeserializing number %u:\n", ++b64_counter );
+
+ printf( "\nBase64 code:\n" );
+ print_b64( b64_buf, b64_len );
+
+ ret = mbedtls_base64_decode( ssl_buf, ssl_max_len, &ssl_len, b64_buf, b64_len );
+ if( ret != 0)
+ {
+ mbedtls_strerror( ret, (char*) b64_buf, b64_max_len );
+ printf_err( "base64 code cannot be decoded - %s\n", b64_buf );
+ continue;
+ }
+
+ if( debug )
+ {
+ printf( "\nDecoded data in hex:\n\t");
+ print_hex( ssl_buf, ssl_len, 25, "\t" );
+ }
+
+ print_deserialized_ssl_context( ssl_buf, ssl_len );
+
+ }
+ else
+ {
+ fclose( b64_file );
+ b64_file = NULL;
+ }
+ }
+
+ free( b64_buf );
+ free( ssl_buf );
+
+ if( b64_counter > 0 )
+ {
+ printf_dbg( "Finished. Found %u base64 codes\n", b64_counter );
+ }
+ else
+ {
+ printf( "Finished. No valid base64 code found\n" );
+ }
+
+ return 0;
+}
+
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index f1b5c37..845881f 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -3633,8 +3633,10 @@
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- mbedtls_printf( " [ Maximum fragment length is %u ]\n",
- (unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
+ mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
+ mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
#endif
#if defined(MBEDTLS_SSL_ALPN)
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 8f89c70..57e8e7e 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -150,6 +150,16 @@
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
+/* How much space to reserve for the title when printing heap usage results.
+ * Updated manually as the output of the following command:
+ *
+ * sed -n 's/.*[T]IME_PUBLIC.*"\(.*\)",/\1/p' programs/test/benchmark.c |
+ * awk '{print length+2}' | sort -rn | head -n1
+ *
+ * This computes the maximum length of a title +2 (because we appends "/s").
+ * (If the value is too small, the only consequence is poor alignement.) */
+#define TITLE_SPACE 16
+
#define MEMORY_MEASURE_INIT \
size_t max_used, max_blocks, max_bytes; \
size_t prv_used, prv_blocks; \
@@ -158,7 +168,8 @@
#define MEMORY_MEASURE_PRINT( title_len ) \
mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
- for( ii = 12 - (title_len); ii != 0; ii-- ) mbedtls_printf( " " ); \
+ ii = TITLE_SPACE > (title_len) ? TITLE_SPACE - (title_len) : 1; \
+ while( ii-- ) mbedtls_printf( " " ); \
max_used -= prv_used; \
max_blocks -= prv_blocks; \
max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 979910e..7447571 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -133,6 +133,7 @@
" modifying CID in first instance of the packet.\n" \
" protect_hvr=0/1 default: 0 (don't protect HelloVerifyRequest)\n" \
" protect_len=%%d default: (don't protect packets of this size)\n" \
+ " inject_clihlo=0/1 default: 0 (don't inject fake ClientHello)\n" \
"\n" \
" seed=%%d default: (use current time)\n" \
USAGE_PACK \
@@ -166,6 +167,7 @@
unsigned bad_cid; /* inject corrupted CID record */
int protect_hvr; /* never drop or delay HelloVerifyRequest */
int protect_len; /* never drop/delay packet of the given size*/
+ int inject_clihlo; /* inject fake ClientHello after handshake */
unsigned pack; /* merge packets into single datagram for
* at most \c merge milliseconds if > 0 */
unsigned int seed; /* seed for "random" events */
@@ -314,6 +316,12 @@
if( opt.protect_len < 0 )
exit_usage( p, q );
}
+ else if( strcmp( p, "inject_clihlo" ) == 0 )
+ {
+ opt.inject_clihlo = atoi( q );
+ if( opt.inject_clihlo < 0 || opt.inject_clihlo > 1 )
+ exit_usage( p, q );
+ }
else if( strcmp( p, "seed" ) == 0 )
{
opt.seed = atoi( q );
@@ -523,11 +531,41 @@
fflush( stdout );
}
+/*
+ * In order to test the server's behaviour when receiving a ClientHello after
+ * the connection is established (this could be a hard reset from the client,
+ * but the server must not drop the existing connection before establishing
+ * client reachability, see RFC 6347 Section 4.2.8), we memorize the first
+ * ClientHello we see (which can't have a cookie), then replay it after the
+ * first ApplicationData record - then we're done.
+ *
+ * This is controlled by the inject_clihlo option.
+ *
+ * We want an explicit state and a place to store the packet.
+ */
+typedef enum {
+ ICH_INIT, /* haven't seen the first ClientHello yet */
+ ICH_CACHED, /* cached the initial ClientHello */
+ ICH_INJECTED, /* ClientHello already injected, done */
+} inject_clihlo_state_t;
+
+static inject_clihlo_state_t inject_clihlo_state;
+static packet initial_clihlo;
+
int send_packet( const packet *p, const char *why )
{
int ret;
mbedtls_net_context *dst = p->dst;
+ /* save initial ClientHello? */
+ if( opt.inject_clihlo != 0 &&
+ inject_clihlo_state == ICH_INIT &&
+ strcmp( p->type, "ClientHello" ) == 0 )
+ {
+ memcpy( &initial_clihlo, p, sizeof( packet ) );
+ inject_clihlo_state = ICH_CACHED;
+ }
+
/* insert corrupted CID record? */
if( opt.bad_cid != 0 &&
strcmp( p->type, "CID" ) == 0 &&
@@ -592,6 +630,23 @@
}
}
+ /* Inject ClientHello after first ApplicationData */
+ if( opt.inject_clihlo != 0 &&
+ inject_clihlo_state == ICH_CACHED &&
+ strcmp( p->type, "ApplicationData" ) == 0 )
+ {
+ print_packet( &initial_clihlo, "injected" );
+
+ if( ( ret = dispatch_data( dst, initial_clihlo.buf,
+ initial_clihlo.len ) ) <= 0 )
+ {
+ mbedtls_printf( " ! dispatch returned %d\n", ret );
+ return( ret );
+ }
+
+ inject_clihlo_state = ICH_INJECTED;
+ }
+
return( 0 );
}
diff --git a/scripts/abi_check.py b/scripts/abi_check.py
index e19f2c0..c2aca50 100755
--- a/scripts/abi_check.py
+++ b/scripts/abi_check.py
@@ -29,7 +29,7 @@
import xml.etree.ElementTree as ET
-class AbiChecker(object):
+class AbiChecker:
"""API and ABI checker."""
def __init__(self, old_version, new_version, configuration):
diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py
new file mode 100755
index 0000000..ffa3f16
--- /dev/null
+++ b/scripts/assemble_changelog.py
@@ -0,0 +1,505 @@
+#!/usr/bin/env python3
+
+"""Assemble Mbed TLS change log entries into the change log file.
+
+Add changelog entries to the first level-2 section.
+Create a new level-2 section for unreleased changes if needed.
+Remove the input files unless --keep-entries is specified.
+
+In each level-3 section, entries are sorted in chronological order
+(oldest first). From oldest to newest:
+* Merged entry files are sorted according to their merge date (date of
+ the merge commit that brought the commit that created the file into
+ the target branch).
+* Committed but unmerged entry files are sorted according to the date
+ of the commit that adds them.
+* Uncommitted entry files are sorted according to their modification time.
+
+You must run this program from within a git working directory.
+"""
+
+# Copyright (C) 2019, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
+import argparse
+from collections import OrderedDict, namedtuple
+import datetime
+import functools
+import glob
+import os
+import re
+import subprocess
+import sys
+
+class InputFormatError(Exception):
+ def __init__(self, filename, line_number, message, *args, **kwargs):
+ message = '{}:{}: {}'.format(filename, line_number,
+ message.format(*args, **kwargs))
+ super().__init__(message)
+
+class CategoryParseError(Exception):
+ def __init__(self, line_offset, error_message):
+ self.line_offset = line_offset
+ self.error_message = error_message
+ super().__init__('{}: {}'.format(line_offset, error_message))
+
+class LostContent(Exception):
+ def __init__(self, filename, line):
+ message = ('Lost content from {}: "{}"'.format(filename, line))
+ super().__init__(message)
+
+# The category names we use in the changelog.
+# If you edit this, update ChangeLog.d/README.md.
+STANDARD_CATEGORIES = (
+ b'API changes',
+ b'Default behavior changes',
+ b'Requirement changes',
+ b'New deprecations',
+ b'Removals',
+ b'Features',
+ b'Security',
+ b'Bugfix',
+ b'Changes',
+)
+
+CategoryContent = namedtuple('CategoryContent', [
+ 'name', 'title_line', # Title text and line number of the title
+ 'body', 'body_line', # Body text and starting line number of the body
+])
+
+class ChangelogFormat:
+ """Virtual class documenting how to write a changelog format class."""
+
+ @classmethod
+ def extract_top_version(cls, changelog_file_content):
+ """Split out the top version section.
+
+ If the top version is already released, create a new top
+ version section for an unreleased version.
+
+ Return ``(header, top_version_title, top_version_body, trailer)``
+ where the "top version" is the existing top version section if it's
+ for unreleased changes, and a newly created section otherwise.
+ To assemble the changelog after modifying top_version_body,
+ concatenate the four pieces.
+ """
+ raise NotImplementedError
+
+ @classmethod
+ def version_title_text(cls, version_title):
+ """Return the text of a formatted version section title."""
+ raise NotImplementedError
+
+ @classmethod
+ def split_categories(cls, version_body):
+ """Split a changelog version section body into categories.
+
+ Return a list of `CategoryContent` the name is category title
+ without any formatting.
+ """
+ raise NotImplementedError
+
+ @classmethod
+ def format_category(cls, title, body):
+ """Construct the text of a category section from its title and body."""
+ raise NotImplementedError
+
+class TextChangelogFormat(ChangelogFormat):
+ """The traditional Mbed TLS changelog format."""
+
+ _unreleased_version_text = b'= mbed TLS x.x.x branch released xxxx-xx-xx'
+ @classmethod
+ def is_released_version(cls, title):
+ # Look for an incomplete release date
+ return not re.search(br'[0-9x]{4}-[0-9x]{2}-[0-9x]?x', title)
+
+ _top_version_re = re.compile(br'(?:\A|\n)(=[^\n]*\n+)(.*?\n)(?:=|$)',
+ re.DOTALL)
+ @classmethod
+ def extract_top_version(cls, changelog_file_content):
+ """A version section starts with a line starting with '='."""
+ m = re.search(cls._top_version_re, changelog_file_content)
+ top_version_start = m.start(1)
+ top_version_end = m.end(2)
+ top_version_title = m.group(1)
+ top_version_body = m.group(2)
+ if cls.is_released_version(top_version_title):
+ top_version_end = top_version_start
+ top_version_title = cls._unreleased_version_text + b'\n\n'
+ top_version_body = b''
+ return (changelog_file_content[:top_version_start],
+ top_version_title, top_version_body,
+ changelog_file_content[top_version_end:])
+
+ @classmethod
+ def version_title_text(cls, version_title):
+ return re.sub(br'\n.*', version_title, re.DOTALL)
+
+ _category_title_re = re.compile(br'(^\w.*)\n+', re.MULTILINE)
+ @classmethod
+ def split_categories(cls, version_body):
+ """A category title is a line with the title in column 0."""
+ if not version_body:
+ return []
+ title_matches = list(re.finditer(cls._category_title_re, version_body))
+ if not title_matches or title_matches[0].start() != 0:
+ # There is junk before the first category.
+ raise CategoryParseError(0, 'Junk found where category expected')
+ title_starts = [m.start(1) for m in title_matches]
+ body_starts = [m.end(0) for m in title_matches]
+ body_ends = title_starts[1:] + [len(version_body)]
+ bodies = [version_body[body_start:body_end].rstrip(b'\n') + b'\n'
+ for (body_start, body_end) in zip(body_starts, body_ends)]
+ title_lines = [version_body[:pos].count(b'\n') for pos in title_starts]
+ body_lines = [version_body[:pos].count(b'\n') for pos in body_starts]
+ return [CategoryContent(title_match.group(1), title_line,
+ body, body_line)
+ for title_match, title_line, body, body_line
+ in zip(title_matches, title_lines, bodies, body_lines)]
+
+ @classmethod
+ def format_category(cls, title, body):
+ # `split_categories` ensures that each body ends with a newline.
+ # Make sure that there is additionally a blank line between categories.
+ if not body.endswith(b'\n\n'):
+ body += b'\n'
+ return title + b'\n' + body
+
+class ChangeLog:
+ """An Mbed TLS changelog.
+
+ A changelog file consists of some header text followed by one or
+ more version sections. The version sections are in reverse
+ chronological order. Each version section consists of a title and a body.
+
+ The body of a version section consists of zero or more category
+ subsections. Each category subsection consists of a title and a body.
+
+ A changelog entry file has the same format as the body of a version section.
+
+ A `ChangelogFormat` object defines the concrete syntax of the changelog.
+ Entry files must have the same format as the changelog file.
+ """
+
+ # Only accept dotted version numbers (e.g. "3.1", not "3").
+ # Refuse ".x" in a version number where x is a letter: this indicates
+ # a version that is not yet released. Something like "3.1a" is accepted.
+ _version_number_re = re.compile(br'[0-9]+\.[0-9A-Za-z.]+')
+ _incomplete_version_number_re = re.compile(br'.*\.[A-Za-z]')
+
+ def add_categories_from_text(self, filename, line_offset,
+ text, allow_unknown_category):
+ """Parse a version section or entry file."""
+ try:
+ categories = self.format.split_categories(text)
+ except CategoryParseError as e:
+ raise InputFormatError(filename, line_offset + e.line_offset,
+ e.error_message)
+ for category in categories:
+ if not allow_unknown_category and \
+ category.name not in self.categories:
+ raise InputFormatError(filename,
+ line_offset + category.title_line,
+ 'Unknown category: "{}"',
+ category.name.decode('utf8'))
+ self.categories[category.name] += category.body
+
+ def __init__(self, input_stream, changelog_format):
+ """Create a changelog object.
+
+ Populate the changelog object from the content of the file
+ input_stream.
+ """
+ self.format = changelog_format
+ whole_file = input_stream.read()
+ (self.header,
+ self.top_version_title, top_version_body,
+ self.trailer) = self.format.extract_top_version(whole_file)
+ # Split the top version section into categories.
+ self.categories = OrderedDict()
+ for category in STANDARD_CATEGORIES:
+ self.categories[category] = b''
+ offset = (self.header + self.top_version_title).count(b'\n') + 1
+ self.add_categories_from_text(input_stream.name, offset,
+ top_version_body, True)
+
+ def add_file(self, input_stream):
+ """Add changelog entries from a file.
+ """
+ self.add_categories_from_text(input_stream.name, 1,
+ input_stream.read(), False)
+
+ def write(self, filename):
+ """Write the changelog to the specified file.
+ """
+ with open(filename, 'wb') as out:
+ out.write(self.header)
+ out.write(self.top_version_title)
+ for title, body in self.categories.items():
+ if not body:
+ continue
+ out.write(self.format.format_category(title, body))
+ out.write(self.trailer)
+
+
+@functools.total_ordering
+class EntryFileSortKey:
+ """This classes defines an ordering on changelog entry files: older < newer.
+
+ * Merged entry files are sorted according to their merge date (date of
+ the merge commit that brought the commit that created the file into
+ the target branch).
+ * Committed but unmerged entry files are sorted according to the date
+ of the commit that adds them.
+ * Uncommitted entry files are sorted according to their modification time.
+
+ This class assumes that the file is in a git working directory with
+ the target branch checked out.
+ """
+
+ # Categories of files. A lower number is considered older.
+ MERGED = 0
+ COMMITTED = 1
+ LOCAL = 2
+
+ @staticmethod
+ def creation_hash(filename):
+ """Return the git commit id at which the given file was created.
+
+ Return None if the file was never checked into git.
+ """
+ hashes = subprocess.check_output(['git', 'log', '--format=%H',
+ '--follow',
+ '--', filename])
+ m = re.search(b'(.+)$', hashes)
+ if not m:
+ # The git output is empty. This means that the file was
+ # never checked in.
+ return None
+ # The last commit in the log is the oldest one, which is when the
+ # file was created.
+ return m.group(0)
+
+ @staticmethod
+ def list_merges(some_hash, target, *options):
+ """List merge commits from some_hash to target.
+
+ Pass options to git to select which commits are included.
+ """
+ text = subprocess.check_output(['git', 'rev-list',
+ '--merges', *options,
+ b'..'.join([some_hash, target])])
+ return text.rstrip(b'\n').split(b'\n')
+
+ @classmethod
+ def merge_hash(cls, some_hash):
+ """Return the git commit id at which the given commit was merged.
+
+ Return None if the given commit was never merged.
+ """
+ target = b'HEAD'
+ # List the merges from some_hash to the target in two ways.
+ # The ancestry list is the ones that are both descendants of
+ # some_hash and ancestors of the target.
+ ancestry = frozenset(cls.list_merges(some_hash, target,
+ '--ancestry-path'))
+ # The first_parents list only contains merges that are directly
+ # on the target branch. We want it in reverse order (oldest first).
+ first_parents = cls.list_merges(some_hash, target,
+ '--first-parent', '--reverse')
+ # Look for the oldest merge commit that's both on the direct path
+ # and directly on the target branch. That's the place where some_hash
+ # was merged on the target branch. See
+ # https://stackoverflow.com/questions/8475448/find-merge-commit-which-include-a-specific-commit
+ for commit in first_parents:
+ if commit in ancestry:
+ return commit
+ return None
+
+ @staticmethod
+ def commit_timestamp(commit_id):
+ """Return the timestamp of the given commit."""
+ text = subprocess.check_output(['git', 'show', '-s',
+ '--format=%ct',
+ commit_id])
+ return datetime.datetime.utcfromtimestamp(int(text))
+
+ @staticmethod
+ def file_timestamp(filename):
+ """Return the modification timestamp of the given file."""
+ mtime = os.stat(filename).st_mtime
+ return datetime.datetime.fromtimestamp(mtime)
+
+ def __init__(self, filename):
+ """Determine position of the file in the changelog entry order.
+
+ This constructor returns an object that can be used with comparison
+ operators, with `sort` and `sorted`, etc. Older entries are sorted
+ before newer entries.
+ """
+ self.filename = filename
+ creation_hash = self.creation_hash(filename)
+ if not creation_hash:
+ self.category = self.LOCAL
+ self.datetime = self.file_timestamp(filename)
+ return
+ merge_hash = self.merge_hash(creation_hash)
+ if not merge_hash:
+ self.category = self.COMMITTED
+ self.datetime = self.commit_timestamp(creation_hash)
+ return
+ self.category = self.MERGED
+ self.datetime = self.commit_timestamp(merge_hash)
+
+ def sort_key(self):
+ """"Return a concrete sort key for this entry file sort key object.
+
+ ``ts1 < ts2`` is implemented as ``ts1.sort_key() < ts2.sort_key()``.
+ """
+ return (self.category, self.datetime, self.filename)
+
+ def __eq__(self, other):
+ return self.sort_key() == other.sort_key()
+
+ def __lt__(self, other):
+ return self.sort_key() < other.sort_key()
+
+
+def check_output(generated_output_file, main_input_file, merged_files):
+ """Make sanity checks on the generated output.
+
+ The intent of these sanity checks is to have reasonable confidence
+ that no content has been lost.
+
+ The sanity check is that every line that is present in an input file
+ is also present in an output file. This is not perfect but good enough
+ for now.
+ """
+ generated_output = set(open(generated_output_file, 'rb'))
+ for line in open(main_input_file, 'rb'):
+ if line not in generated_output:
+ raise LostContent('original file', line)
+ for merged_file in merged_files:
+ for line in open(merged_file, 'rb'):
+ if line not in generated_output:
+ raise LostContent(merged_file, line)
+
+def finish_output(changelog, output_file, input_file, merged_files):
+ """Write the changelog to the output file.
+
+ The input file and the list of merged files are used only for sanity
+ checks on the output.
+ """
+ if os.path.exists(output_file) and not os.path.isfile(output_file):
+ # The output is a non-regular file (e.g. pipe). Write to it directly.
+ output_temp = output_file
+ else:
+ # The output is a regular file. Write to a temporary file,
+ # then move it into place atomically.
+ output_temp = output_file + '.tmp'
+ changelog.write(output_temp)
+ check_output(output_temp, input_file, merged_files)
+ if output_temp != output_file:
+ os.rename(output_temp, output_file)
+
+def remove_merged_entries(files_to_remove):
+ for filename in files_to_remove:
+ os.remove(filename)
+
+def list_files_to_merge(options):
+ """List the entry files to merge, oldest first.
+
+ "Oldest" is defined by `EntryFileSortKey`.
+ """
+ files_to_merge = glob.glob(os.path.join(options.dir, '*.txt'))
+ files_to_merge.sort(key=EntryFileSortKey)
+ return files_to_merge
+
+def merge_entries(options):
+ """Merge changelog entries into the changelog file.
+
+ Read the changelog file from options.input.
+ Read entries to merge from the directory options.dir.
+ Write the new changelog to options.output.
+ Remove the merged entries if options.keep_entries is false.
+ """
+ with open(options.input, 'rb') as input_file:
+ changelog = ChangeLog(input_file, TextChangelogFormat)
+ files_to_merge = list_files_to_merge(options)
+ if not files_to_merge:
+ sys.stderr.write('There are no pending changelog entries.\n')
+ return
+ for filename in files_to_merge:
+ with open(filename, 'rb') as input_file:
+ changelog.add_file(input_file)
+ finish_output(changelog, options.output, options.input, files_to_merge)
+ if not options.keep_entries:
+ remove_merged_entries(files_to_merge)
+
+def show_file_timestamps(options):
+ """List the files to merge and their timestamp.
+
+ This is only intended for debugging purposes.
+ """
+ files = list_files_to_merge(options)
+ for filename in files:
+ ts = EntryFileSortKey(filename)
+ print(ts.category, ts.datetime, filename)
+
+def set_defaults(options):
+ """Add default values for missing options."""
+ output_file = getattr(options, 'output', None)
+ if output_file is None:
+ options.output = options.input
+ if getattr(options, 'keep_entries', None) is None:
+ options.keep_entries = (output_file is not None)
+
+def main():
+ """Command line entry point."""
+ parser = argparse.ArgumentParser(description=__doc__)
+ parser.add_argument('--dir', '-d', metavar='DIR',
+ default='ChangeLog.d',
+ help='Directory to read entries from'
+ ' (default: ChangeLog.d)')
+ parser.add_argument('--input', '-i', metavar='FILE',
+ default='ChangeLog',
+ help='Existing changelog file to read from and augment'
+ ' (default: ChangeLog)')
+ parser.add_argument('--keep-entries',
+ action='store_true', dest='keep_entries', default=None,
+ help='Keep the files containing entries'
+ ' (default: remove them if --output/-o is not specified)')
+ parser.add_argument('--no-keep-entries',
+ action='store_false', dest='keep_entries',
+ help='Remove the files containing entries after they are merged'
+ ' (default: remove them if --output/-o is not specified)')
+ parser.add_argument('--output', '-o', metavar='FILE',
+ help='Output changelog file'
+ ' (default: overwrite the input)')
+ parser.add_argument('--list-files-only',
+ action='store_true',
+ help=('Only list the files that would be processed '
+ '(with some debugging information)'))
+ options = parser.parse_args()
+ set_defaults(options)
+ if options.list_files_only:
+ show_file_timestamps(options)
+ return
+ merge_entries(options)
+
+if __name__ == '__main__':
+ main()
diff --git a/scripts/config.py b/scripts/config.py
index b7a9a08..20521a5 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -283,9 +283,13 @@
def __init__(self, filename=None):
"""Read the Mbed TLS configuration file."""
if filename is None:
- for filename in self.default_path:
- if os.path.lexists(filename):
+ for candidate in self.default_path:
+ if os.path.lexists(candidate):
+ filename = candidate
break
+ else:
+ raise Exception('Mbed TLS configuration file not found',
+ self.default_path)
super().__init__()
self.filename = filename
self.current_section = 'header'
@@ -448,7 +452,7 @@
value = config[args.symbol]
if value:
sys.stdout.write(value + '\n')
- return args.symbol not in config
+ return 0 if args.symbol in config else 1
elif args.command == 'set':
if not args.force and args.symbol not in config.settings:
sys.stderr.write("A #define for the symbol {} "
@@ -461,6 +465,7 @@
else:
config.adapt(args.adapter)
config.write(args.write)
+ return 0
# Import modules only used by main only if main is defined and called.
# pylint: disable=wrong-import-position
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index aa33dc5..14a7b7e 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -67,9 +67,9 @@
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-")
endif(MSVC)
-add_test_suite(aes aes.ecb)
add_test_suite(aes aes.cbc)
add_test_suite(aes aes.cfb)
+add_test_suite(aes aes.ecb)
add_test_suite(aes aes.ofb)
add_test_suite(aes aes.rest)
add_test_suite(aes aes.xts)
@@ -107,12 +107,12 @@
add_test_suite(ecp)
add_test_suite(entropy)
add_test_suite(error)
-add_test_suite(gcm gcm.aes128_en)
-add_test_suite(gcm gcm.aes192_en)
-add_test_suite(gcm gcm.aes256_en)
add_test_suite(gcm gcm.aes128_de)
+add_test_suite(gcm gcm.aes128_en)
add_test_suite(gcm gcm.aes192_de)
+add_test_suite(gcm gcm.aes192_en)
add_test_suite(gcm gcm.aes256_de)
+add_test_suite(gcm gcm.aes256_en)
add_test_suite(gcm gcm.camellia)
add_test_suite(gcm gcm.misc)
add_test_suite(hkdf)
@@ -127,10 +127,10 @@
add_test_suite(nist_kw)
add_test_suite(oid)
add_test_suite(pem)
+add_test_suite(pk)
add_test_suite(pkcs1_v15)
add_test_suite(pkcs1_v21)
add_test_suite(pkcs5)
-add_test_suite(pk)
add_test_suite(pkparse)
add_test_suite(pkwrite)
add_test_suite(poly1305)
@@ -144,14 +144,14 @@
add_test_suite(psa_crypto_se_driver_hal_mocks)
add_test_suite(psa_crypto_slot_management)
add_test_suite(psa_its)
+add_test_suite(rsa)
add_test_suite(shax)
add_test_suite(ssl)
add_test_suite(timing)
-add_test_suite(rsa)
add_test_suite(version)
-add_test_suite(xtea)
add_test_suite(x509parse)
add_test_suite(x509write)
+add_test_suite(xtea)
# Make scripts and data files needed for testing available in an
# out-of-source build.
diff --git a/tests/context-info.sh b/tests/context-info.sh
new file mode 100755
index 0000000..78aeb70
--- /dev/null
+++ b/tests/context-info.sh
@@ -0,0 +1,431 @@
+#!/bin/sh
+
+# context-info.sh
+#
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
+# Copyright (c) 2012-2020, ARM Limited, All Rights Reserved
+#
+# This program is intended for testing the ssl_context_info program
+#
+
+set -eu
+
+if ! cd "$(dirname "$0")"; then
+ exit 125
+fi
+
+# Variables
+
+THIS_SCRIPT_NAME=$(basename "$0")
+PROG_PATH="../programs/ssl/ssl_context_info"
+OUT_FILE="ssl_context_info.log"
+IN_DIR="data_files/base64"
+
+USE_VALGRIND=0
+
+T_COUNT=0
+T_PASSED=0
+T_FAILED=0
+
+
+# Functions
+
+print_usage() {
+ echo "Usage: $0 [options]"
+ printf " -h|--help\tPrint this help.\n"
+ printf " -m|--memcheck\tUse valgrind to check the memory.\n"
+}
+
+# Print test name <name>
+print_name() {
+ printf "%s %.*s " "$1" $(( 71 - ${#1} )) \
+ "........................................................................"
+}
+
+# Print header to the test output file <test name> <file path> <test command>
+print_header()
+{
+ date="$(date)"
+ echo "******************************************************************" > $2
+ echo "* File created by: $THIS_SCRIPT_NAME" >> $2
+ echo "* Test name: $1" >> $2
+ echo "* Date: $date" >> $2
+ echo "* Command: $3" >> $2
+ echo "******************************************************************" >> $2
+ echo "" >> $2
+}
+
+# Print footer at the end of file <file path>
+print_footer()
+{
+ echo "" >> $1
+ echo "******************************************************************" >> $1
+ echo "* End command" >> $1
+ echo "******************************************************************" >> $1
+ echo "" >> $1
+}
+
+# Use the arguments of this script
+get_options() {
+ while [ $# -gt 0 ]; do
+ case "$1" in
+ -h|--help)
+ print_usage
+ exit 0
+ ;;
+ -m|--memcheck)
+ USE_VALGRIND=1
+ ;;
+ *)
+ echo "Unknown argument: '$1'"
+ print_usage
+ exit 1
+ ;;
+ esac
+ shift
+ done
+}
+
+# Current test failed
+fail()
+{
+ T_FAILED=$(( $T_FAILED + 1))
+ FAIL_OUT="Fail.$T_FAILED""_$OUT_FILE"
+
+ echo "FAIL"
+ echo " Error: $1"
+
+ cp -f "$OUT_FILE" "$FAIL_OUT"
+ echo "Error: $1" >> "$FAIL_OUT"
+}
+
+# Current test passed
+pass()
+{
+ T_PASSED=$(( $T_PASSED + 1))
+ echo "PASS"
+}
+
+# Usage: run_test <name> <input file with b64 code> [ -arg <extra arguments for tested program> ] [option [...]]
+# Options: -m <pattern that MUST be present in the output of tested program>
+# -n <pattern that must NOT be present in the output of tested program>
+# -u <pattern that must be UNIQUE in the output of tested program>
+run_test()
+{
+ TEST_NAME="$1"
+ RUN_CMD="$PROG_PATH -f $IN_DIR/$2"
+
+ if [ "-arg" = "$3" ]; then
+ RUN_CMD="$RUN_CMD $4"
+ shift 4
+ else
+ shift 2
+ fi
+
+ # prepend valgrind to our commands if active
+ if [ "$USE_VALGRIND" -gt 0 ]; then
+ RUN_CMD="valgrind --leak-check=full $RUN_CMD"
+ fi
+
+ T_COUNT=$(( $T_COUNT + 1))
+ print_name "$TEST_NAME"
+
+ # run tested program
+ print_header "$TEST_NAME" "$OUT_FILE" "$RUN_CMD"
+ eval "$RUN_CMD" >> "$OUT_FILE" 2>&1
+ print_footer "$OUT_FILE"
+
+ # check valgrind's results
+ if [ "$USE_VALGRIND" -gt 0 ]; then
+ if ! ( grep -F 'All heap blocks were freed -- no leaks are possible' "$OUT_FILE" &&
+ grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$OUT_FILE" ) > /dev/null
+ then
+ fail "Memory error detected"
+ return
+ fi
+ fi
+
+ # check other assertions
+ # lines beginning with == are added by valgrind, ignore them, because we already checked them before
+ # lines with 'Serious error when reading debug info', are valgrind issues as well
+ # lines beginning with * are added by this script, ignore too
+ while [ $# -gt 0 ]
+ do
+ case $1 in
+ "-m")
+ if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then :; else
+ fail "pattern '$2' MUST be present in the output"
+ return
+ fi
+ ;;
+
+ "-n")
+ if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then
+ fail "pattern '$2' MUST NOT be present in the output"
+ return
+ fi
+ ;;
+
+ "-u")
+ if [ $(grep -v '^==' "$OUT_FILE"| grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" | wc -l) -ne 1 ]; then
+ fail "lines following pattern '$2' must be once in the output"
+ return
+ fi
+ ;;
+
+ *)
+ echo "Unknown test: $1" >&2
+ exit 1
+ esac
+ shift 2
+ done
+
+ rm -f "$OUT_FILE"
+
+ pass
+}
+
+get_options "$@"
+
+# Tests
+
+run_test "Default configuration, server" \
+ "srv_def.txt" \
+ -n "ERROR" \
+ -u "major.* 2$" \
+ -u "minor.* 21$" \
+ -u "path.* 0$" \
+ -u "MBEDTLS_HAVE_TIME$" \
+ -u "MBEDTLS_X509_CRT_PARSE_C$" \
+ -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
+ -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \
+ -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
+ -u "MBEDTLS_SSL_SESSION_TICKETS$" \
+ -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
+ -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
+ -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
+ -u "MBEDTLS_SSL_ALPN$" \
+ -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
+ -u "cipher flags.* 0x00$" \
+ -u "Message-Digest.* SHA256$" \
+ -u "compression.* disabled$" \
+ -u "DTLS datagram packing.* enabled$" \
+ -n "Certificate" \
+ -n "bytes left to analyze from context"
+
+run_test "Default configuration, client" \
+ "cli_def.txt" \
+ -n "ERROR" \
+ -u "major.* 2$" \
+ -u "minor.* 21$" \
+ -u "path.* 0$" \
+ -u "MBEDTLS_HAVE_TIME$" \
+ -u "MBEDTLS_X509_CRT_PARSE_C$" \
+ -u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
+ -u "MBEDTLS_SSL_TRUNCATED_HMAC$" \
+ -u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
+ -u "MBEDTLS_SSL_SESSION_TICKETS$" \
+ -u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
+ -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
+ -u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
+ -u "MBEDTLS_SSL_ALPN$" \
+ -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
+ -u "cipher flags.* 0x00$" \
+ -u "Message-Digest.* SHA256$" \
+ -u "compression.* disabled$" \
+ -u "DTLS datagram packing.* enabled$" \
+ -u "cert. version .* 3$" \
+ -u "serial number.* 02$" \
+ -u "issuer name.* C=NL, O=PolarSSL, CN=PolarSSL Test CA$" \
+ -u "subject name.* C=NL, O=PolarSSL, CN=localhost$" \
+ -u "issued on.* 2019-02-10 14:44:06$" \
+ -u "expires on.* 2029-02-10 14:44:06$" \
+ -u "signed using.* RSA with SHA-256$" \
+ -u "RSA key size.* 2048 bits$" \
+ -u "basic constraints.* CA=false$" \
+ -n "bytes left to analyze from context"
+
+run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \
+ "srv_ciphersuite.txt" \
+ -n "ERROR" \
+ -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
+
+run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \
+ "cli_ciphersuite.txt" \
+ -n "ERROR" \
+ -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
+
+run_test "No packing, server" \
+ "srv_no_packing.txt" \
+ -n "ERROR" \
+ -u "DTLS datagram packing.* disabled"
+
+run_test "No packing, client" \
+ "cli_no_packing.txt" \
+ -n "ERROR" \
+ -u "DTLS datagram packing.* disabled"
+
+run_test "DTLS CID, server" \
+ "srv_cid.txt" \
+ -n "ERROR" \
+ -u "in CID.* DE AD" \
+ -u "out CID.* BE EF"
+
+run_test "DTLS CID, client" \
+ "cli_cid.txt" \
+ -n "ERROR" \
+ -u "in CID.* BE EF" \
+ -u "out CID.* DE AD"
+
+run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, server" \
+ "srv_no_mfl.txt" \
+ -n "ERROR" \
+ -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
+
+run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, client" \
+ "cli_no_mfl.txt" \
+ -n "ERROR" \
+ -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
+
+run_test "No MBEDTLS_SSL_ALPN, server" \
+ "srv_no_alpn.txt" \
+ -n "ERROR" \
+ -n "MBEDTLS_SSL_ALPN"
+
+run_test "No MBEDTLS_SSL_ALPN, client" \
+ "cli_no_alpn.txt" \
+ -n "ERROR" \
+ -n "MBEDTLS_SSL_ALPN"
+
+run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, server" \
+ "srv_no_keep_cert.txt" \
+ -arg "--keep-peer-cert=0" \
+ -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
+ -u "cipher flags.* 0x00" \
+ -u "compression.* disabled" \
+ -u "DTLS datagram packing.* enabled" \
+ -n "ERROR"
+
+run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, client" \
+ "cli_no_keep_cert.txt" \
+ -arg "--keep-peer-cert=0" \
+ -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
+ -u "cipher flags.* 0x00" \
+ -u "compression.* disabled" \
+ -u "DTLS datagram packing.* enabled" \
+ -n "ERROR"
+
+run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, server" \
+ "srv_no_keep_cert.txt" \
+ -m "Deserializing" \
+ -m "ERROR"
+
+run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, client" \
+ "cli_no_keep_cert.txt" \
+ -m "Deserializing" \
+ -m "ERROR"
+
+run_test "Minimal configuration, server" \
+ "srv_min_cfg.txt" \
+ -n "ERROR" \
+ -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
+ -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \
+ -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
+ -n "MBEDTLS_SSL_SESSION_TICKETS$" \
+ -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
+ -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
+ -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
+ -n "MBEDTLS_SSL_ALPN$" \
+
+run_test "Minimal configuration, client" \
+ "cli_min_cfg.txt" \
+ -n "ERROR" \
+ -n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
+ -n "MBEDTLS_SSL_TRUNCATED_HMAC$" \
+ -n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
+ -n "MBEDTLS_SSL_SESSION_TICKETS$" \
+ -n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
+ -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
+ -n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
+ -n "MBEDTLS_SSL_ALPN$" \
+
+run_test "MTU=10000" \
+ "mtu_10000.txt" \
+ -n "ERROR" \
+ -u "MTU.* 10000$"
+
+run_test "MFL=1024" \
+ "mfl_1024.txt" \
+ -n "ERROR" \
+ -u "MFL.* 1024$"
+
+run_test "Older version (v2.19.1)" \
+ "v2.19.1.txt" \
+ -n "ERROR" \
+ -u "major.* 2$" \
+ -u "minor.* 19$" \
+ -u "path.* 1$" \
+ -u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \
+ -u "Message-Digest.* SHA256$" \
+ -u "compression.* disabled$" \
+ -u "serial number.* 01:70:AF:40:B4:E6$" \
+ -u "issuer name.* CN=ca$" \
+ -u "subject name.* L=160001, OU=acc1, CN=device01$" \
+ -u "issued on.* 2020-03-06 09:50:18$" \
+ -u "expires on.* 2056-02-26 09:50:18$" \
+ -u "signed using.* ECDSA with SHA256$" \
+ -u "lifetime.* 0 sec.$" \
+ -u "MFL.* none$" \
+ -u "negotiate truncated HMAC.* disabled$" \
+ -u "Encrypt-then-MAC.* enabled$" \
+ -u "DTLS datagram packing.* enabled$" \
+ -u "verify result.* 0x00000000$" \
+ -n "bytes left to analyze from context"
+
+run_test "Wrong base64 format" \
+ "def_bad_b64.txt" \
+ -m "ERROR" \
+ -u "The length of the base64 code found should be a multiple of 4" \
+ -n "bytes left to analyze from context"
+
+run_test "Too much data at the beginning of base64 code" \
+ "def_b64_too_big_1.txt" \
+ -m "ERROR" \
+ -n "The length of the base64 code found should be a multiple of 4" \
+
+run_test "Too much data in the middle of base64 code" \
+ "def_b64_too_big_2.txt" \
+ -m "ERROR" \
+ -n "The length of the base64 code found should be a multiple of 4" \
+
+run_test "Too much data at the end of base64 code" \
+ "def_b64_too_big_3.txt" \
+ -m "ERROR" \
+ -n "The length of the base64 code found should be a multiple of 4" \
+ -u "bytes left to analyze from context"
+
+run_test "Empty file as input" \
+ "empty.txt" \
+ -u "Finished. No valid base64 code found"
+
+run_test "Not empty file without base64 code" \
+ "../../context-info.sh" \
+ -n "Deserializing"
+
+run_test "Binary file instead of text file" \
+ "../../../programs/ssl/ssl_context_info" \
+ -m "ERROR" \
+ -u "Too many bad symbols detected. File check aborted" \
+ -n "Deserializing"
+
+
+# End of tests
+
+if [ $T_FAILED -eq 0 ]; then
+ printf "\nPASSED ( $T_COUNT tests )\n"
+else
+ printf "\nFAILED ( $T_FAILED / $T_COUNT tests )\n"
+fi
+
+exit $T_FAILED
diff --git a/tests/data_files/base64/cli_cid.txt b/tests/data_files/base64/cli_cid.txt
new file mode 100644
index 0000000..8048aec
--- /dev/null
+++ b/tests/data_files/base64/cli_cid.txt
@@ -0,0 +1,2 @@
+// Client, CID 0xBEEF
+AhUAAH8AAA8AAAQ8AAAAAF6MZUPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABh7h8/aprLN1fS0KwLkZzKcsa5LNtDW7sYu7d1z7fNetuRjLJpX/A1mTSqeBY7li8AAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJRZtK1pHRuu/Uw+Y91KCaqMAHKWeVJvuqjiTaElrahsx+HYoZ1+8i5BMY1NOL/y4TR9qZdxY+7NvNrEdEoFgcI/DqUN0aKs0zAIPmk92pFnjnbro5LxWRm3JbtIFcG6PdN+9aAbISrewt6EERIPhS45aH+Si08NLrvM+CcEBfqBBqOD+4LCZqT8nDBtALJyRqiykibsAAFRgAAAAF6MZUNak74BhbcgvZ2M8WhZKjQyCix7GJzRs4SqnD7iXoxlQ7YXjsVI0K/xyMOJPkT9ZcPEi/2jHGIte1ZduW4Cvu8C3q0AAAAAAAAAAAAAAAIAAAAAAAAABwAAAQAAAAAAAwAAAA==
diff --git a/tests/data_files/base64/cli_ciphersuite.txt b/tests/data_files/base64/cli_ciphersuite.txt
new file mode 100644
index 0000000..432978d
--- /dev/null
+++ b/tests/data_files/base64/cli_ciphersuite.txt
@@ -0,0 +1,2 @@
+// TLS-RSA-WITH-AES-256-CCM-8
+AhUAAH8AAA4AAAQ8AAAAAF6K4ynAoQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLBIQUrrPh7jxYz9e55cJvfpOkuBf2ZiVovlYa1Dkwbimp5q/CoWIn48C0x3Yj6N0AAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJQBiQTa148x1XQyGt9vU2JxAHIZ9HxLR87PewpTaslP0qJ4FK6cibG/U4ACVriGQMpNkJo6xRRn5dGyKE5L5iqcLQZ4zwcJT50NYlVQqzlXPArOaAzjVAX4k+TwL/VmNepmn3wvregAADeiGsvvbaAw2P9fhCgwX6Bm0YNzkWQsNwWENa6GoZLzvMM51G44611fFnKoAAFRgAAAAF6K4yksMvMV19qRq+eNokGn0j9Q5tjE88EK8jfM7gksXorjKR6zhXhttFGIFkNNAmmKuuDQGVmX1yCoHiJFonUAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
\ No newline at end of file
diff --git a/tests/data_files/base64/cli_def.txt b/tests/data_files/base64/cli_def.txt
new file mode 100644
index 0000000..ee47905
--- /dev/null
+++ b/tests/data_files/base64/cli_def.txt
@@ -0,0 +1,2 @@
+// Client context with default MbedTLS configuration
+AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
\ No newline at end of file
diff --git a/tests/data_files/base64/cli_min_cfg.txt b/tests/data_files/base64/cli_min_cfg.txt
new file mode 100644
index 0000000..8c1ef88
--- /dev/null
+++ b/tests/data_files/base64/cli_min_cfg.txt
@@ -0,0 +1,2 @@
+// Minimal configuration
+AhUAAAMAAAAAAAOeAAAAAF6LZlLMqAAgUGktPmpSPbzRPipeCpYJtp5SNIIjTr3R121WF9AeWN4tmKbRhhv+yPMjY0yWPrHLy7lLLhwNFBwCD6eQ0ULZZ15Fi2Rhae/4ZkAR0BN2iCMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLdei2ZSQwLppTqzs7kieOYQR6DjJItmQ0N/RS3+zTr9wF6LZlL6SQpLewmyja7jXyOWuUqJ6zJQ5b7FfA4PxthlAAABAAAAAAACAAA=
\ No newline at end of file
diff --git a/tests/data_files/base64/cli_no_alpn.txt b/tests/data_files/base64/cli_no_alpn.txt
new file mode 100644
index 0000000..25923f6
--- /dev/null
+++ b/tests/data_files/base64/cli_no_alpn.txt
@@ -0,0 +1,3 @@
+// Without MBEDTLS_SSL_ALPN
+AhUAAH8AAAYAAAQ8AAAAAF6LDSzMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1lCUO8B/805UzCOLZzWDAEA8anfLpbuWTrnFSR2puZktvEiR8nXdATN0yKS94oSAAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJQVUI/Wwt3q4XiqL74wCmkhAHKj0YgCvjZi3GKw0s7PJqjZzzLt+OuroC8Q2XeDf5nKKk8jkolZ+dXUftsPPizFgb2hGuYa4NhxXjiGlUpFEoXm7r78SwGfWxRgH5vJk6W3TdodkxTZkjMoWjlC2PANOHPeClw0szBmly7+s89LFZqnCXgyxE8xlv+l5IYSEPSj7UsmAAFRgAAAAF6LDSwWt0QWgmNg4Zv2yYhf4Pdexpi/QTIqWyD2AQVjXosNLLK1vz/upFHrJlizjH5uSBUJCpQZJczrBgxBmGoAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAA
+
diff --git a/tests/data_files/base64/cli_no_keep_cert.txt b/tests/data_files/base64/cli_no_keep_cert.txt
new file mode 100644
index 0000000..5272a7c
--- /dev/null
+++ b/tests/data_files/base64/cli_no_keep_cert.txt
@@ -0,0 +1,2 @@
+// Without MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+AhUAAAMAAAAAAACCAAAAAF6MKhTMqAAgSKCqXrcrmjqOBpxsGO3itQB09YgsSJwXmZB12QlB+wwhiof0mzAN0hupkLxu4Yyc9SgyFoEDPKJk8TiRo8bO2rkEfPItB5lUFkJwzdeuGVMAAAAABiCAy8MWqlj4vnIv0mswJvB35hyCOYWZ+fcZ6t5LzZgXPl6MKhRs69b+psiGUAo8OK3fU4HKOHNdi36tk22+ScctXowqFEyvzGcvbtI0VfWLKlOlDv+SwC08ZdCNa+RBZ/AAAAEAAAAAAAIAAA==
\ No newline at end of file
diff --git a/tests/data_files/base64/cli_no_mfl.txt b/tests/data_files/base64/cli_no_mfl.txt
new file mode 100644
index 0000000..5c1dfd9
--- /dev/null
+++ b/tests/data_files/base64/cli_no_mfl.txt
@@ -0,0 +1,2 @@
+// Without MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+AhUAAHcAAA4AAAQ6AAAAAF6LDLPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fzGzO1ysljMgZr4gduigvRXr2AK5X8j8c6vHTOpc2ncFS3UN2ojwD2tOaM3+/XIAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJMiPbE45oAjg9Rx0iVnQDg2AHHKrrmSMTfVijgZbdL/ZFWYvFMioa7uqW0NmA0bSTxcsieRarndOq5fIdEIzmAgGkdaxJaGNDT105gwwIzUnLRapgP6H6IImSMFPXVp3Zks0zFfrq7aQnQMgc8o5kPqWq1/eYfdq8lysTO8Rgliv96lA/pe1SQmPL1mdChAwCa/4XEAAVGAAABeiwyzXGz4yPwEgvq/TWq0dZXvD6mzEbAty1oZJIvRpl6LDLOyQ94MIvSKw7OH4mg+DNL+ZW0xzQbKQalloUG6AAAAAAAAAAAAAAABAAAAAAAAAAMAAAEAAAAAAAIAAAA=
\ No newline at end of file
diff --git a/tests/data_files/base64/cli_no_packing.txt b/tests/data_files/base64/cli_no_packing.txt
new file mode 100644
index 0000000..068276b
--- /dev/null
+++ b/tests/data_files/base64/cli_no_packing.txt
@@ -0,0 +1,2 @@
+// Without DTLS packing
+AhUAAH8AAA4AAAQ8AAAAAF6LCM/MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfl0tXNmshIQEqiEflQGnVUKkIFl1on/Mu0pjWes3XwQgdwmy9xMzpVyYU5gBOsOEAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJRTvlE7NmNNLDESUBoGC+K2AHIKA+/lhdRVF4YcMvvqCBYFB5tj0oyCikftfjNbvjl9YPGqcRXk664YieWv/pz8U1FOENipbjXF9lFhgedG2Xanh/2FwHX5txYiHIJxJeLEKCXp5Sjt9XBvQsrryxLyX9l+zkLKm7bCAcrfk4h/YoqxecAI63isG9vnrS7o07iD/3mOAAFRgAAAAF6LCM+1uRpyaoyfzuNGBJK9DgBWIWtrPpu7KM8qsC/FXosIz/YIPhveZ8Z4IR0g/McAMQwzQoK5tScSE0DD3BwAAAAAAAAAAAAAAAEAAAAAAAAAAwEAAQAAAAAAAgAAAA==
\ No newline at end of file
diff --git a/tests/data_files/base64/def_b64_too_big_1.txt b/tests/data_files/base64/def_b64_too_big_1.txt
new file mode 100644
index 0000000..0fe8a18
--- /dev/null
+++ b/tests/data_files/base64/def_b64_too_big_1.txt
@@ -0,0 +1,2 @@
+// Context with added '1234' at the begining to simulate too much data in the base64 code
+1234AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
diff --git a/tests/data_files/base64/def_b64_too_big_2.txt b/tests/data_files/base64/def_b64_too_big_2.txt
new file mode 100644
index 0000000..7ec1dd0
--- /dev/null
+++ b/tests/data_files/base64/def_b64_too_big_2.txt
@@ -0,0 +1,2 @@
+// Context with added '1234' in the middle of code to simulate too much data
+AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7m1234gM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
diff --git a/tests/data_files/base64/def_b64_too_big_3.txt b/tests/data_files/base64/def_b64_too_big_3.txt
new file mode 100644
index 0000000..514754c
--- /dev/null
+++ b/tests/data_files/base64/def_b64_too_big_3.txt
@@ -0,0 +1,2 @@
+// Context with added '1234' before '==' add the end to simulate too much data in the base64 code
+AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA1234==
diff --git a/tests/data_files/base64/def_bad_b64.txt b/tests/data_files/base64/def_bad_b64.txt
new file mode 100644
index 0000000..d777658
--- /dev/null
+++ b/tests/data_files/base64/def_bad_b64.txt
@@ -0,0 +1,2 @@
+// Context with added extra 'A' before '==' add the end to simulate bad length of base64 code
+AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAAA==
diff --git a/tests/data_files/base64/empty.txt b/tests/data_files/base64/empty.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/data_files/base64/empty.txt
diff --git a/tests/data_files/base64/mfl_1024.txt b/tests/data_files/base64/mfl_1024.txt
new file mode 100644
index 0000000..58dbe5f
--- /dev/null
+++ b/tests/data_files/base64/mfl_1024.txt
@@ -0,0 +1,2 @@
+// MFL=1024
+AhUAAH8AAA4AAABtAAAAAF6K+GLMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHeeQKPVt9RpB8nLTB6C2AhxRzB0r/OBbXbMPm6jb1rkR+qrXZAUFRvGfGxlqqGWwAAACAAAAAAAAAAAAAAAIAAV6K+GJIXNnpKTr9HZQW6WEH7YSYhhRRqOO6xvf8QL6/Xor4YhOxOJYk23w3AwDvVAofeWnVAfJnExe5ipdSxnAAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA===
\ No newline at end of file
diff --git a/tests/data_files/base64/mtu_10000.txt b/tests/data_files/base64/mtu_10000.txt
new file mode 100644
index 0000000..dc7c975
--- /dev/null
+++ b/tests/data_files/base64/mtu_10000.txt
@@ -0,0 +1,2 @@
+// MTU=10000
+AhUAAH8AAA4AAABtAAAAAF6LDkzMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABx06kxYooMLGPyUMoB46EF2zTJzmZEM4le5aKihcHpFEfgrX/eWQZFWa7cak79ihwAAACAAAAAAAAAAAAAAAAAAV6LDkz9bigMk9q0WiDmgYhX8ppbfgbtMCfruvVQNiFWXosOTJ3R2+J+TaSChmjtS8sD+y1Zruhe/SJE7y9D+5YAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAicQAA==
\ No newline at end of file
diff --git a/tests/data_files/base64/srv_cid.txt b/tests/data_files/base64/srv_cid.txt
new file mode 100644
index 0000000..69aad5f
--- /dev/null
+++ b/tests/data_files/base64/srv_cid.txt
@@ -0,0 +1,2 @@
+// Server, CID 0xDEAD
+AhUAAH8AAA8AAABtAAAAAF6MZUPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABh7h8/aprLN1fS0KwLkZzKcsa5LNtDW7sYu7d1z7fNetuRjLJpX/A1mTSqeBY7li8AAACAAAAAAAAAAAAAAAAAAV6MZUNak74BhbcgvZ2M8WhZKjQyCix7GJzRs4SqnD7iXoxlQ7YXjsVI0K/xyMOJPkT9ZcPEi/2jHGIte1ZduW4C3q0Cvu8AAAAAAAAAAAAAAAIAAAAAAAAABwAAAQAAAAAAAwAAAA==
diff --git a/tests/data_files/base64/srv_ciphersuite.txt b/tests/data_files/base64/srv_ciphersuite.txt
new file mode 100644
index 0000000..5ddca63
--- /dev/null
+++ b/tests/data_files/base64/srv_ciphersuite.txt
@@ -0,0 +1,2 @@
+// TLS-RSA-WITH-AES-256-CCM-8
+AhUAAH8AAA4AAABtAAAAAF6K4ynAoQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLBIQUrrPh7jxYz9e55cJvfpOkuBf2ZiVovlYa1Dkwbimp5q/CoWIn48C0x3Yj6N0AAACAAAAAAAAAAAAAAAAAAV6K4yksMvMV19qRq+eNokGn0j9Q5tjE88EK8jfM7gksXorjKR6zhXhttFGIFkNNAmmKuuDQGVmX1yCoHiJFonUAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
\ No newline at end of file
diff --git a/tests/data_files/base64/srv_def.txt b/tests/data_files/base64/srv_def.txt
new file mode 100644
index 0000000..ca81461
--- /dev/null
+++ b/tests/data_files/base64/srv_def.txt
@@ -0,0 +1,2 @@
+// Server context with default MbedTLS configuration
+AhUAAH8AAA4AAABtAAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAACAAAAAAAAAAAAAAAAAAV6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
diff --git a/tests/data_files/base64/srv_min_cfg.txt b/tests/data_files/base64/srv_min_cfg.txt
new file mode 100644
index 0000000..8be0288
--- /dev/null
+++ b/tests/data_files/base64/srv_min_cfg.txt
@@ -0,0 +1,2 @@
+// Minimal configuration
+AhUAAAMAAAAAAABjAAAAAF6LZlLMqAAgUGktPmpSPbzRPipeCpYJtp5SNIIjTr3R121WF9AeWN4tmKbRhhv+yPMjY0yWPrHLy7lLLhwNFBwCD6eQ0ULZZ15Fi2Rhae/4ZkAR0BN2iCMAAACAAAAAXotmUkMC6aU6s7O5InjmEEeg4ySLZkNDf0Ut/s06/cBei2ZS+kkKS3sJso2u418jlrlKiesyUOW+xXwOD8bYZQAAAQAAAAAAAgAA
\ No newline at end of file
diff --git a/tests/data_files/base64/srv_no_alpn.txt b/tests/data_files/base64/srv_no_alpn.txt
new file mode 100644
index 0000000..afc51f9
--- /dev/null
+++ b/tests/data_files/base64/srv_no_alpn.txt
@@ -0,0 +1,2 @@
+// Without MBEDTLS_SSL_ALPN
+AhUAAH8AAAYAAABtAAAAAF6LDSzMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1lCUO8B/805UzCOLZzWDAEA8anfLpbuWTrnFSR2puZktvEiR8nXdATN0yKS94oSAAAACAAAAAAAAAAAAAAAAAAV6LDSwWt0QWgmNg4Zv2yYhf4Pdexpi/QTIqWyD2AQVjXosNLLK1vz/upFHrJlizjH5uSBUJCpQZJczrBgxBmGoAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAA
\ No newline at end of file
diff --git a/tests/data_files/base64/srv_no_keep_cert.txt b/tests/data_files/base64/srv_no_keep_cert.txt
new file mode 100644
index 0000000..be834b9
--- /dev/null
+++ b/tests/data_files/base64/srv_no_keep_cert.txt
@@ -0,0 +1,2 @@
+// Without MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+AhUAAAMAAAAAAABiAAAAAF6MKhTMqAAgSKCqXrcrmjqOBpxsGO3itQB09YgsSJwXmZB12QlB+wwhiof0mzAN0hupkLxu4Yyc9SgyFoEDPKJk8TiRo8bO2rkEfPItB5lUFkJwzdeuGVMAAACAAABejCoUbOvW/qbIhlAKPDit31OByjhzXYt+rZNtvknHLV6MKhRMr8xnL27SNFX1iypTpQ7/ksAtPGXQjWvkQWfwAAABAAAAAAACAAA=
diff --git a/tests/data_files/base64/srv_no_mfl.txt b/tests/data_files/base64/srv_no_mfl.txt
new file mode 100644
index 0000000..c684ec7
--- /dev/null
+++ b/tests/data_files/base64/srv_no_mfl.txt
@@ -0,0 +1,2 @@
+// Without MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+AhUAAHcAAA4AAABsAAAAAF6LDLPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fzGzO1ysljMgZr4gduigvRXr2AK5X8j8c6vHTOpc2ncFS3UN2ojwD2tOaM3+/XIAAACAAAAAAAAAAAAAAAABXosMs1xs+Mj8BIL6v01qtHWV7w+psxGwLctaGSSL0aZeiwyzskPeDCL0isOzh+JoPgzS/mVtMc0GykGpZaFBugAAAAAAAAAAAAAAAQAAAAAAAAADAAABAAAAAAACAAAA
\ No newline at end of file
diff --git a/tests/data_files/base64/srv_no_packing.txt b/tests/data_files/base64/srv_no_packing.txt
new file mode 100644
index 0000000..bcc4228
--- /dev/null
+++ b/tests/data_files/base64/srv_no_packing.txt
@@ -0,0 +1,2 @@
+// Without DTLS packing
+AhUAAH8AAA4AAABtAAAAAF6LCM/MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfl0tXNmshIQEqiEflQGnVUKkIFl1on/Mu0pjWes3XwQgdwmy9xMzpVyYU5gBOsOEAAACAAAAAAAAAAAAAAAAAAV6LCM+1uRpyaoyfzuNGBJK9DgBWIWtrPpu7KM8qsC/FXosIz/YIPhveZ8Z4IR0g/McAMQwzQoK5tScSE0DD3BwAAAAAAAAAAAAAAAEAAAAAAAAAAwEAAQAAAAAAAgAAAA==
diff --git a/tests/data_files/base64/v2.19.1.txt b/tests/data_files/base64/v2.19.1.txt
new file mode 100644
index 0000000..b910e33
--- /dev/null
+++ b/tests/data_files/base64/v2.19.1.txt
@@ -0,0 +1,2 @@
+// Context creaded by MbedTLS v.2.19.1
+AhMBAH8AAA8AAAGjAAAAAF5iHYLArgAgkQE4V2NJsjbOuO52ws/u75f6Cg126zWeI7a+kaxTqKLbdWWZmW3PP+SflLxBA7Trpb0qZ5MP8+m0leylnLcDt2TtIWR49MOuiJuvVuMJmtwAAAAAAAE2MIIBMjCB2qADAgECAgYBcK9AtOYwCgYIKoZIzj0EAwIwDTELMAkGA1UEAwwCY2EwIBcNMjAwMzA2MDk1MDE4WhgPMjA1NjAyMjYwOTUwMThaMDMxDzANBgNVBAcTBjE2MDAwMTENMAsGA1UECxMEYWNjMTERMA8GA1UEAxMIZGV2aWNlMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARn0TtinN6/runzIuF2f2uTH1f0mQOFXu3uRPtQji2ObccSsw6Cn9z7XWK9fRgeoOKA0WZC+O9L9IEWieS13ajFMAoGCCqGSM49BAMCA0cAMEQCIFoavpekQjIqubJ09jkMR+iiUpkGdFRla1R7onnc5iEOAiBAvYr8j9QqjpM2jColTS1cI0z29PBbuasq4HI6YCj0wgAAAAAAAAAAAAFeYh2Ct3LnESwmdWzU+xs7vV2Q0T5HJ8y4ckhpO7wOoF5iHYJ38gKFI3Qdc3BR48GV7nuBUKZeI1YJExQchj1WCAY6dEyghLpHAAAAAAAAAAAAAAAAAQAAAAAAAAADAAABAAAAAAACAAAA
\ No newline at end of file
diff --git a/tests/data_files/server1_pathlen_int_max-1.crt b/tests/data_files/server1_pathlen_int_max-1.crt
new file mode 100644
index 0000000..4944844
--- /dev/null
+++ b/tests/data_files/server1_pathlen_int_max-1.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSDCCAjCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+o1YwVDASBgNVHRMECzAJAQH/AgR////+MB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIs
+Pai9Q1kCpjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG
+9w0BAQUFAAOCAQEAfuvq7FomQTSJmGInVwQjQddgoXpnmCZ97TpVq7jHLCFADowQ
+jeiAsxmD8mwAQqw/By0U2PSmQcS7Vrn7Le0nFKNRYYrtpx5rsTFJzS/tQsgCe0Pf
+zhiBgD1Dhw6PWAPmy+JlvhJF7REmFsM8KHQd0xSvJzB1gLN9FVlnd87C73bdDJZQ
+Zdn977+Sn5anAFGHDWeKo8GYaYGnPBQqkX0Q2EKWR7yrwcKMogOevxELogB0jRj3
+L+nBpz7mO2J6XQ85ip+tLWAGCEHo0omAIQorAoCSqtLiaz47HxOdNK0hnM7V5k8P
+05AVhxDa3WqZ9FmMaDc8j8XqmOgKYVMC4/WS0g==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server1_pathlen_int_max.crt b/tests/data_files/server1_pathlen_int_max.crt
new file mode 100644
index 0000000..517e0d6
--- /dev/null
+++ b/tests/data_files/server1_pathlen_int_max.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSDCCAjCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+o1YwVDASBgNVHRMECzAJAQH/AgR/////MB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIs
+Pai9Q1kCpjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG
+9w0BAQUFAAOCAQEAe5jPPMyWrKYGljJH2uh1gEh7KoYhmGIUfYu5A8Z2ou04yFZh
+LDyWJnkE/qpNaIw3kPuoyGBTtADYzttPvxretUmaMyteOQe8DK/mmr8vl+gb54ZP
+2jUE+R27Jp5GSGfl20LNVTBkKJloSyDaVzPI3ozje2lAsXsil8NTKbVJtfjZ9un+
+mGrpywSV7RpZC2PznGFdqQehwwnOscz0cVeMQqGcMRH3D5Bk2SjVexCaPu47QSyE
+fNm6cATiNHjw/2dg5Aue7e4K+R6le+xY3Qy85Fq/lKDeMmbrJRrNyJ9lblCeihUd
+qhkAEPelpaq5ZRM6cYJQoo0Ak64j4svjOZeF0g==
+-----END CERTIFICATE-----
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 9b69aa2..5b70caa 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -664,6 +664,9 @@
msg "test: compat.sh (ASan build)" # ~ 6 min
if_build_succeeded tests/compat.sh
+
+ msg "test: context-info.sh (ASan build)" # ~ 15 sec
+ if_build_succeeded tests/context-info.sh
}
component_test_full_cmake_gcc_asan () {
@@ -680,6 +683,9 @@
msg "test: compat.sh (full config, ASan build)"
if_build_succeeded tests/compat.sh
+
+ msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
+ if_build_succeeded tests/context-info.sh
}
component_test_zlib_make() {
@@ -742,6 +748,9 @@
msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
if_build_succeeded tests/ssl-opt.sh
+
+ msg "build: SSLv3 - context-info.sh (ASan build)" # ~ 15 sec
+ if_build_succeeded tests/context-info.sh
}
component_test_no_renegotiation () {
@@ -787,6 +796,9 @@
msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
if_build_succeeded tests/compat.sh -t RSA
+
+ msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec
+ if_build_succeeded tests/context-info.sh
}
component_test_new_ecdh_context () {
@@ -1149,6 +1161,9 @@
msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
if_build_succeeded tests/compat.sh
+
+ msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
+ if_build_succeeded tests/context-info.sh
}
component_test_no_max_fragment_length_small_ssl_out_content_len () {
@@ -1161,6 +1176,9 @@
msg "test: MFL tests (disabled MFL extension case) & large packet tests"
if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
+
+ msg "test: context-info.sh (disabled MFL extension case)"
+ if_build_succeeded tests/context-info.sh
}
component_test_variable_ssl_in_out_buffer_len () {
@@ -1679,6 +1697,11 @@
msg "test: compat.sh --memcheck (Release)"
if_build_succeeded tests/compat.sh --memcheck
fi
+
+ if [ "$MEMORY" -gt 0 ]; then
+ msg "test: context-info.sh --memcheck (Release)"
+ if_build_succeeded tests/context-info.sh --memcheck
+ fi
}
component_test_cmake_out_of_source () {
@@ -1750,15 +1773,6 @@
unset gdb_disable_aslr
}
-support_check_python_files () {
- # Find the installed version of Pylint. Installed as a distro package this can
- # be pylint3 and as a PEP egg, pylint.
- if type pylint >/dev/null 2>/dev/null || type pylint3 >/dev/null 2>/dev/null; then
- true;
- else
- false;
- fi
-}
component_check_python_files () {
msg "Lint: Python scripts"
record_status tests/scripts/check-python-files.sh
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index 6419f05..aca2f11 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -68,7 +68,10 @@
make clean
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.py full
-scripts/config.py unset MBEDTLS_MEMORY_BACKTRACE
+# Enable some deprecated or experimental features that are not in the
+# full config, but are compatible with it and have tests.
+scripts/config.py set MBEDTLS_SSL_PROTO_SSL3
+scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C
make -j
@@ -76,35 +79,58 @@
TEST_OUTPUT=out_${PPID}
cd tests
if [ ! -f "seedfile" ]; then
- dd if=/dev/urandom of="seedfile" bs=32 count=1
+ dd if=/dev/urandom of="seedfile" bs=64 count=1
fi
+echo
-# Step 2a - Unit Tests
+# Step 2a - Unit Tests (keep going even if some tests fail)
+echo '################ Unit tests ################'
perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT
+echo '^^^^^^^^^^^^^^^^ Unit tests ^^^^^^^^^^^^^^^^'
echo
-# Step 2b - System Tests
+# Step 2b - System Tests (keep going even if some tests fail)
+echo
+echo '################ ssl-opt.sh ################'
sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT
+echo '^^^^^^^^^^^^^^^^ ssl-opt.sh ^^^^^^^^^^^^^^^^'
echo
-# Step 2c - Compatibility tests
-sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' | \
- tee compat-test-$TEST_OUTPUT
-OPENSSL_CMD="$OPENSSL_LEGACY" \
- sh compat.sh -m 'ssl3' |tee -a compat-test-$TEST_OUTPUT
-OPENSSL_CMD="$OPENSSL_LEGACY" \
- GNUTLS_CLI="$GNUTLS_LEGACY_CLI" \
- GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
- sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' | \
- tee -a compat-test-$TEST_OUTPUT
-OPENSSL_CMD="$OPENSSL_NEXT" \
- sh compat.sh -e '^$' -f 'ARIA\|CHACHA' | \
- tee -a compat-test-$TEST_OUTPUT
+# Step 2c - Compatibility tests (keep going even if some tests fail)
+echo '################ compat.sh ################'
+{
+ echo '#### compat.sh: Default versions'
+ sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
+ echo
+
+ echo '#### compat.sh: legacy (SSLv3)'
+ OPENSSL_CMD="$OPENSSL_LEGACY" sh compat.sh -m 'ssl3'
+ echo
+
+ echo '#### compat.sh: legacy (null, DES, RC4)'
+ OPENSSL_CMD="$OPENSSL_LEGACY" \
+ GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
+ sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR'
+ echo
+
+ echo '#### compat.sh: next (ARIA, ChaCha)'
+ OPENSSL_CMD="$OPENSSL_NEXT" sh compat.sh -e '^$' -f 'ARIA\|CHACHA'
+ echo
+} | tee compat-test-$TEST_OUTPUT
+echo '^^^^^^^^^^^^^^^^ compat.sh ^^^^^^^^^^^^^^^^'
echo
# Step 3 - Process the coverage report
cd ..
-make lcov |tee tests/cov-$TEST_OUTPUT
+{
+ make lcov
+ echo SUCCESS
+} | tee tests/cov-$TEST_OUTPUT
+
+if [ "$(tail -n1 tests/cov-$TEST_OUTPUT)" != "SUCCESS" ]; then
+ echo >&2 "Fatal: 'make lcov' failed"
+ exit 2
+fi
# Step 4 - Summarise the test report
@@ -224,3 +250,7 @@
if [ -f "$CONFIG_BAK" ]; then
mv "$CONFIG_BAK" "$CONFIG_H"
fi
+
+if [ $TOTAL_FAIL -ne 0 ]; then
+ exit 1
+fi
diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py
index 1a9ba30..7474ac7 100755
--- a/tests/scripts/check-files.py
+++ b/tests/scripts/check-files.py
@@ -17,7 +17,7 @@
import sys
-class FileIssueTracker(object):
+class FileIssueTracker:
"""Base class for file-wide issue tracking.
To implement a checker that processes a file as a whole, inherit from
@@ -37,20 +37,31 @@
self.files_with_issues = {}
def should_check_file(self, filepath):
+ """Whether the given file name should be checked.
+
+ Files whose name ends with a string listed in ``self.files_exemptions``
+ will not be checked.
+ """
for files_exemption in self.files_exemptions:
if filepath.endswith(files_exemption):
return False
return True
def check_file_for_issue(self, filepath):
+ """Check the specified file for the issue that this class is for.
+
+ Subclasses must implement this method.
+ """
raise NotImplementedError
def record_issue(self, filepath, line_number):
+ """Record that an issue was found at the specified location."""
if filepath not in self.files_with_issues.keys():
self.files_with_issues[filepath] = []
self.files_with_issues[filepath].append(line_number)
def output_file_issues(self, logger):
+ """Log all the locations where the issue was found."""
if self.files_with_issues.values():
logger.info(self.heading)
for filename, lines in sorted(self.files_with_issues.items()):
@@ -70,6 +81,10 @@
"""
def issue_with_line(self, line, filepath):
+ """Check the specified line for the issue that this class is for.
+
+ Subclasses must implement this method.
+ """
raise NotImplementedError
def check_file_line(self, filepath, line, line_number):
@@ -77,6 +92,10 @@
self.record_issue(filepath, line_number)
def check_file_for_issue(self, filepath):
+ """Check the lines of the specified file.
+
+ Subclasses must implement the ``issue_with_line`` method.
+ """
with open(filepath, "rb") as f:
for i, line in enumerate(iter(f.readline, b"")):
self.check_file_line(filepath, line, i + 1)
@@ -194,7 +213,7 @@
return False
-class IntegrityChecker(object):
+class IntegrityChecker:
"""Sanity-check files under the current directory."""
def __init__(self, log_file):
diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh
index 6b864d2..cd18518 100755
--- a/tests/scripts/check-python-files.sh
+++ b/tests/scripts/check-python-files.sh
@@ -9,15 +9,10 @@
# Run 'pylint' on Python files for programming errors and helps enforcing
# PEP8 coding standards.
-# Find the installed version of Pylint. Installed as a distro package this can
-# be pylint3 and as a PEP egg, pylint. We prefer pylint over pylint3
-if type pylint >/dev/null 2>/dev/null; then
- PYLINT=pylint
-elif type pylint3 >/dev/null 2>/dev/null; then
- PYLINT=pylint3
+if type python3 >/dev/null 2>/dev/null; then
+ PYTHON=python3
else
- echo 'Pylint was not found.'
- exit 1
+ PYTHON=python
fi
-$PYLINT -j 2 scripts/*.py tests/scripts/*.py
+$PYTHON -m pylint -j 2 scripts/*.py tests/scripts/*.py
diff --git a/tests/scripts/check-test-cases.py b/tests/scripts/check-test-cases.py
index 4abaa68..35a9987 100755
--- a/tests/scripts/check-test-cases.py
+++ b/tests/scripts/check-test-cases.py
@@ -77,6 +77,7 @@
seen[description] = line_number
def check_test_suite(results, data_file_name):
+ """Check the test cases in the given unit test data file."""
in_paragraph = False
descriptions = {}
with open(data_file_name, 'rb') as data_file:
@@ -94,6 +95,7 @@
in_paragraph = True
def check_ssl_opt_sh(results, file_name):
+ """Check the test cases in ssl-opt.sh or a file with a similar format."""
descriptions = {}
with open(file_name, 'rb') as file_contents:
for line_number, line in enumerate(file_contents, 1):
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 1fff099..21f816e 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -208,7 +208,7 @@
pass
-class FileWrapper(io.FileIO, object):
+class FileWrapper(io.FileIO):
"""
This class extends built-in io.FileIO class with attribute line_no,
that indicates line number for the line that is read.
@@ -402,8 +402,7 @@
:param inp_str: Input string with macros delimited by ':'.
:return: list of dependencies
"""
- dependencies = [dep for dep in map(validate_dependency,
- inp_str.split(':'))]
+ dependencies = list(map(validate_dependency, inp_str.split(':')))
return dependencies
diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
index 8f24435..709bb1a 100755
--- a/tests/scripts/mbedtls_test.py
+++ b/tests/scripts/mbedtls_test.py
@@ -1,3 +1,5 @@
+#!/usr/bin/env python3
+
# Greentea host test script for Mbed TLS on-target test suite testing.
#
# Copyright (C) 2018, Arm Limited, All Rights Reserved
@@ -46,7 +48,7 @@
pass
-class TestDataParser(object):
+class TestDataParser:
"""
Parses test name, dependencies, test function name and test parameters
from the data file.
@@ -260,7 +262,7 @@
data_bytes += bytearray(dependencies)
data_bytes += bytearray([function_id, len(parameters)])
for typ, param in parameters:
- if typ == 'int' or typ == 'exp':
+ if typ in ('int', 'exp'):
i = int(param, 0)
data_bytes += b'I' if typ == 'int' else b'E'
self.align_32bit(data_bytes)
diff --git a/tests/scripts/test_config_script.py b/tests/scripts/test_config_script.py
index 40ed9fd..c8fdea5 100755
--- a/tests/scripts/test_config_script.py
+++ b/tests/scripts/test_config_script.py
@@ -92,6 +92,7 @@
return re.split(r'[ ,]+', options.presets)
else:
help_text = subprocess.run([options.script, '--help'],
+ check=False, # config.pl --help returns 255
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT).stdout
return guess_presets_from_help(help_text.decode('ascii'))
diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
index 6d7113e..c8e8c5c 100755
--- a/tests/scripts/test_generate_test_code.py
+++ b/tests/scripts/test_generate_test_code.py
@@ -294,7 +294,7 @@
self.assertEqual(code, expected)
-class StringIOWrapper(StringIO, object):
+class StringIOWrapper(StringIO):
"""
file like class to mock file object in tests.
"""
@@ -1127,9 +1127,8 @@
dhm_selftest:
"""
stream = StringIOWrapper('test_suite_ut.function', data)
- tests = [(name, test_function, dependencies, args)
- for name, test_function, dependencies, args in
- parse_test_data(stream)]
+ # List of (name, function_name, dependencies, args)
+ tests = list(parse_test_data(stream))
test1, test2, test3, test4 = tests
self.assertEqual(test1[0], 'Diffie-Hellman full exchange #1')
self.assertEqual(test1[1], 'dhm_do_dhm')
@@ -1170,9 +1169,8 @@
"""
stream = StringIOWrapper('test_suite_ut.function', data)
- tests = [(name, function_name, dependencies, args)
- for name, function_name, dependencies, args in
- parse_test_data(stream)]
+ # List of (name, function_name, dependencies, args)
+ tests = list(parse_test_data(stream))
test1, test2 = tests
self.assertEqual(test1[0], 'Diffie-Hellman full exchange #1')
self.assertEqual(test1[1], 'dhm_do_dhm')
diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py
index c02555e..2c9f058 100755
--- a/tests/scripts/test_psa_constant_names.py
+++ b/tests/scripts/test_psa_constant_names.py
@@ -453,7 +453,7 @@
tests.run_all(inputs)
tests.report(sys.stdout)
if tests.errors:
- exit(1)
+ sys.exit(1)
if __name__ == '__main__':
main()
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 32f218d..924384f 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2424,7 +2424,7 @@
-s "dumping 'input payload after decrypt' (0 bytes)" \
-c "0 bytes written in 1 fragments"
-run_test "Default, no Encrypt then MAC: empty application data record" \
+run_test "Encrypt then MAC: disabled, empty application data record" \
"$P_SRV auth_mode=none debug_level=4 etm=0" \
"$P_CLI auth_mode=none etm=0 request_size=0" \
0 \
@@ -2439,7 +2439,7 @@
-s "dumping 'input payload after decrypt' (0 bytes)" \
-c "0 bytes written in 1 fragments"
-run_test "Default, no Encrypt then MAC, DTLS: empty application data record" \
+run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \
"$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \
"$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \
0 \
@@ -2925,8 +2925,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
0 \
- -c "Maximum fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum input fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum output fragment length is $MAX_CONTENT_LEN" \
+ -s "Maximum input fragment length is $MAX_CONTENT_LEN" \
+ -s "Maximum output fragment length is $MAX_CONTENT_LEN" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@@ -2937,8 +2939,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
0 \
- -c "Maximum fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum input fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum output fragment length is $MAX_CONTENT_LEN" \
+ -s "Maximum input fragment length is $MAX_CONTENT_LEN" \
+ -s "Maximum output fragment length is $MAX_CONTENT_LEN" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@@ -2952,8 +2956,10 @@
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
1 \
- -c "Maximum fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum input fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum output fragment length is $MAX_CONTENT_LEN" \
+ -s "Maximum input fragment length is $MAX_CONTENT_LEN" \
+ -s "Maximum output fragment length is $MAX_CONTENT_LEN" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@@ -2969,8 +2975,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
0 \
- -C "Maximum fragment length is 16384" \
- -S "Maximum fragment length is 16384" \
+ -C "Maximum input fragment length is 16384" \
+ -C "Maximum output fragment length is 16384" \
+ -S "Maximum input fragment length is 16384" \
+ -S "Maximum output fragment length is 16384" \
-c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
-s "$MAX_CONTENT_LEN bytes read" \
-s "1 bytes read"
@@ -2980,8 +2988,10 @@
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
1 \
- -C "Maximum fragment length is 16384" \
- -S "Maximum fragment length is 16384" \
+ -C "Maximum input fragment length is 16384" \
+ -C "Maximum output fragment length is 16384" \
+ -S "Maximum input fragment length is 16384" \
+ -S "Maximum output fragment length is 16384" \
-c "fragment larger than.*maximum "
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
@@ -2989,8 +2999,178 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
- -c "Maximum fragment length is 4096" \
- -s "Maximum fragment length is 4096" \
+ -c "Maximum input fragment length is 4096" \
+ -c "Maximum output fragment length is 4096" \
+ -s "Maximum input fragment length is 4096" \
+ -s "Maximum output fragment length is 4096" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 512, server 1024" \
+ "$P_SRV debug_level=3 max_frag_len=1024" \
+ "$P_CLI debug_level=3 max_frag_len=512" \
+ 0 \
+ -c "Maximum input fragment length is 512" \
+ -c "Maximum output fragment length is 512" \
+ -s "Maximum input fragment length is 512" \
+ -s "Maximum output fragment length is 512" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 512, server 2048" \
+ "$P_SRV debug_level=3 max_frag_len=2048" \
+ "$P_CLI debug_level=3 max_frag_len=512" \
+ 0 \
+ -c "Maximum input fragment length is 512" \
+ -c "Maximum output fragment length is 512" \
+ -s "Maximum input fragment length is 512" \
+ -s "Maximum output fragment length is 512" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 512, server 4096" \
+ "$P_SRV debug_level=3 max_frag_len=4096" \
+ "$P_CLI debug_level=3 max_frag_len=512" \
+ 0 \
+ -c "Maximum input fragment length is 512" \
+ -c "Maximum output fragment length is 512" \
+ -s "Maximum input fragment length is 512" \
+ -s "Maximum output fragment length is 512" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 1024, server 512" \
+ "$P_SRV debug_level=3 max_frag_len=512" \
+ "$P_CLI debug_level=3 max_frag_len=1024" \
+ 0 \
+ -c "Maximum input fragment length is 1024" \
+ -c "Maximum output fragment length is 1024" \
+ -s "Maximum input fragment length is 1024" \
+ -s "Maximum output fragment length is 512" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 1024, server 2048" \
+ "$P_SRV debug_level=3 max_frag_len=2048" \
+ "$P_CLI debug_level=3 max_frag_len=1024" \
+ 0 \
+ -c "Maximum input fragment length is 1024" \
+ -c "Maximum output fragment length is 1024" \
+ -s "Maximum input fragment length is 1024" \
+ -s "Maximum output fragment length is 1024" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 1024, server 4096" \
+ "$P_SRV debug_level=3 max_frag_len=4096" \
+ "$P_CLI debug_level=3 max_frag_len=1024" \
+ 0 \
+ -c "Maximum input fragment length is 1024" \
+ -c "Maximum output fragment length is 1024" \
+ -s "Maximum input fragment length is 1024" \
+ -s "Maximum output fragment length is 1024" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 2048, server 512" \
+ "$P_SRV debug_level=3 max_frag_len=512" \
+ "$P_CLI debug_level=3 max_frag_len=2048" \
+ 0 \
+ -c "Maximum input fragment length is 2048" \
+ -c "Maximum output fragment length is 2048" \
+ -s "Maximum input fragment length is 2048" \
+ -s "Maximum output fragment length is 512" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 2048, server 1024" \
+ "$P_SRV debug_level=3 max_frag_len=1024" \
+ "$P_CLI debug_level=3 max_frag_len=2048" \
+ 0 \
+ -c "Maximum input fragment length is 2048" \
+ -c "Maximum output fragment length is 2048" \
+ -s "Maximum input fragment length is 2048" \
+ -s "Maximum output fragment length is 1024" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 2048, server 4096" \
+ "$P_SRV debug_level=3 max_frag_len=4096" \
+ "$P_CLI debug_level=3 max_frag_len=2048" \
+ 0 \
+ -c "Maximum input fragment length is 2048" \
+ -c "Maximum output fragment length is 2048" \
+ -s "Maximum input fragment length is 2048" \
+ -s "Maximum output fragment length is 2048" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 4096, server 512" \
+ "$P_SRV debug_level=3 max_frag_len=512" \
+ "$P_CLI debug_level=3 max_frag_len=4096" \
+ 0 \
+ -c "Maximum input fragment length is 4096" \
+ -c "Maximum output fragment length is 4096" \
+ -s "Maximum input fragment length is 4096" \
+ -s "Maximum output fragment length is 512" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 4096, server 1024" \
+ "$P_SRV debug_level=3 max_frag_len=1024" \
+ "$P_CLI debug_level=3 max_frag_len=4096" \
+ 0 \
+ -c "Maximum input fragment length is 4096" \
+ -c "Maximum output fragment length is 4096" \
+ -s "Maximum input fragment length is 4096" \
+ -s "Maximum output fragment length is 1024" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 4096, server 2048" \
+ "$P_SRV debug_level=3 max_frag_len=2048" \
+ "$P_CLI debug_level=3 max_frag_len=4096" \
+ 0 \
+ -c "Maximum input fragment length is 4096" \
+ -c "Maximum output fragment length is 4096" \
+ -s "Maximum input fragment length is 4096" \
+ -s "Maximum output fragment length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3001,8 +3181,10 @@
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3" \
0 \
- -c "Maximum fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum fragment length is 4096" \
+ -c "Maximum input fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum output fragment length is $MAX_CONTENT_LEN" \
+ -s "Maximum input fragment length is $MAX_CONTENT_LEN" \
+ -s "Maximum output fragment length is 4096" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@@ -3014,7 +3196,8 @@
"$G_SRV" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
- -c "Maximum fragment length is 4096" \
+ -c "Maximum input fragment length is 4096" \
+ -c "Maximum output fragment length is 4096" \
-c "client hello, adding max_fragment_length extension" \
-c "found max_fragment_length extension"
@@ -3023,8 +3206,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
0 \
- -c "Maximum fragment length is 2048" \
- -s "Maximum fragment length is 2048" \
+ -c "Maximum input fragment length is 2048" \
+ -c "Maximum output fragment length is 2048" \
+ -s "Maximum input fragment length is 2048" \
+ -s "Maximum output fragment length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3037,8 +3222,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
0 \
- -c "Maximum fragment length is 2048" \
- -s "Maximum fragment length is 2048" \
+ -c "Maximum input fragment length is 2048" \
+ -c "Maximum output fragment length is 2048" \
+ -s "Maximum input fragment length is 2048" \
+ -s "Maximum output fragment length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3052,8 +3239,10 @@
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
1 \
- -c "Maximum fragment length is 2048" \
- -s "Maximum fragment length is 2048" \
+ -c "Maximum input fragment length is 2048" \
+ -c "Maximum output fragment length is 2048" \
+ -s "Maximum input fragment length is 2048" \
+ -s "Maximum output fragment length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3155,6 +3344,29 @@
-s "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Renegotiation with max fragment length: client 2048, server 512" \
+ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
+ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ 0 \
+ -c "Maximum input fragment length is 2048" \
+ -c "Maximum output fragment length is 2048" \
+ -s "Maximum input fragment length is 2048" \
+ -s "Maximum output fragment length is 512" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension" \
+ -c "client hello, adding renegotiation extension" \
+ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+ -s "found renegotiation extension" \
+ -s "server hello, secure renegotiation extension" \
+ -c "found renegotiation extension" \
+ -c "=> renegotiate" \
+ -s "=> renegotiate" \
+ -s "write hello request"
+
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: client-initiated, server-rejected" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
@@ -7279,8 +7491,8 @@
not_with_valgrind # spurious resend
run_test "DTLS client reconnect from same port: reference" \
- "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
- "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000" \
+ "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \
+ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000" \
0 \
-C "resend" \
-S "The operation timed out" \
@@ -7288,8 +7500,8 @@
not_with_valgrind # spurious resend
run_test "DTLS client reconnect from same port: reconnect" \
- "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
- "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
+ "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \
+ "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000 reconnect_hard=1" \
0 \
-C "resend" \
-S "The operation timed out" \
@@ -7318,6 +7530,14 @@
-s "The operation timed out" \
-S "Client initiated reconnection from same port"
+run_test "DTLS client reconnect from same port: attacker-injected" \
+ -p "$P_PXY inject_clihlo=1" \
+ "$P_SRV dtls=1 exchanges=2 debug_level=1" \
+ "$P_CLI dtls=1 exchanges=2" \
+ 0 \
+ -s "possible client reconnect from the same port" \
+ -S "Client initiated reconnection from same port"
+
# Tests for various cases of client authentication with DTLS
# (focused on handshake flows and message parsing)
@@ -8387,8 +8607,8 @@
not_with_valgrind # spurious resend due to timeout
run_test "DTLS proxy: reference" \
-p "$P_PXY" \
- "$P_SRV dtls=1 debug_level=2" \
- "$P_CLI dtls=1 debug_level=2" \
+ "$P_SRV dtls=1 debug_level=2 hs_timeout=10000-20000" \
+ "$P_CLI dtls=1 debug_level=2 hs_timeout=10000-20000" \
0 \
-C "replayed record" \
-S "replayed record" \
@@ -8405,8 +8625,8 @@
not_with_valgrind # spurious resend due to timeout
run_test "DTLS proxy: duplicate every packet" \
-p "$P_PXY duplicate=1" \
- "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
- "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
+ "$P_SRV dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \
+ "$P_CLI dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \
0 \
-c "replayed record" \
-s "replayed record" \
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index 6467340..b6490fb 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -418,14 +418,17 @@
*
* \param outcome_file The file to write to.
* If this is \c NULL, this function does nothing.
- * \param unmet_dep_count The number of unmet dependencies.
- * \param unmet_dependencies The array of unmet dependencies.
+ * \param unmet_dep_count The number of unmet dependencies.
+ * \param unmet_dependencies The array of unmet dependencies.
+ * \param missing_unmet_dependencies Non-zero if there was a problem tracking
+ * all unmet dependencies, 0 otherwise.
* \param ret The test dispatch status (DISPATCH_xxx).
* \param test_info A pointer to the test info structure.
*/
static void write_outcome_result( FILE *outcome_file,
size_t unmet_dep_count,
- char *unmet_dependencies[],
+ int unmet_dependencies[],
+ int missing_unmet_dependencies,
int ret,
const test_info_t *info )
{
@@ -443,10 +446,12 @@
mbedtls_fprintf( outcome_file, "SKIP" );
for( i = 0; i < unmet_dep_count; i++ )
{
- mbedtls_fprintf( outcome_file, "%c%s",
+ mbedtls_fprintf( outcome_file, "%c%d",
i == 0 ? ';' : ':',
unmet_dependencies[i] );
}
+ if( missing_unmet_dependencies )
+ mbedtls_fprintf( outcome_file, ":..." );
break;
}
switch( info->result )
@@ -598,7 +603,8 @@
testfile_index++ )
{
size_t unmet_dep_count = 0;
- char *unmet_dependencies[20];
+ int unmet_dependencies[20];
+ int missing_unmet_dependencies = 0;
test_filename = test_files[ testfile_index ];
@@ -621,6 +627,7 @@
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
}
unmet_dep_count = 0;
+ missing_unmet_dependencies = 0;
if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
break;
@@ -647,20 +654,16 @@
int dep_id = strtol( params[i], NULL, 10 );
if( dep_check( dep_id ) != DEPENDENCY_SUPPORTED )
{
- if( 0 == option_verbose )
+ if( unmet_dep_count <
+ ARRAY_LENGTH( unmet_dependencies ) )
{
- /* Only one count is needed if not verbose */
+ unmet_dependencies[unmet_dep_count] = dep_id;
unmet_dep_count++;
- break;
}
-
- unmet_dependencies[ unmet_dep_count ] = strdup( params[i] );
- if( unmet_dependencies[ unmet_dep_count ] == NULL )
+ else
{
- mbedtls_fprintf( stderr, "FATAL: Out of memory\n" );
- mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+ missing_unmet_dependencies = 1;
}
- unmet_dep_count++;
}
}
@@ -714,6 +717,7 @@
write_outcome_result( outcome_file,
unmet_dep_count, unmet_dependencies,
+ missing_unmet_dependencies,
ret, &test_info );
if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE )
{
@@ -730,15 +734,17 @@
mbedtls_fprintf( stdout, "\n Unmet dependencies: " );
for( i = 0; i < unmet_dep_count; i++ )
{
- mbedtls_fprintf( stdout, "%s ",
+ mbedtls_fprintf( stdout, "%d ",
unmet_dependencies[i] );
- free( unmet_dependencies[i] );
}
+ if( missing_unmet_dependencies )
+ mbedtls_fprintf( stdout, "..." );
}
mbedtls_fprintf( stdout, "\n" );
fflush( stdout );
unmet_dep_count = 0;
+ missing_unmet_dependencies = 0;
}
else if( ret == DISPATCH_TEST_SUCCESS )
{
@@ -783,10 +789,6 @@
total_errors++;
}
fclose( file );
-
- /* In case we encounter early end of file */
- for( i = 0; i < unmet_dep_count; i++ )
- free( unmet_dependencies[i] );
}
if( outcome_file != NULL )
diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data
index 6293408..4dbdd52 100644
--- a/tests/suites/test_suite_cipher.aes.data
+++ b/tests/suites/test_suite_cipher.aes.data
@@ -1062,6 +1062,10 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf_multipart:MBEDTLS_CIPHER_AES_192_CBC:192:16:16:-1:16:16:0:32
+AES-256 CBC - Decrypt empty buffer
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+dec_empty_buf:MBEDTLS_CIPHER_AES_256_CBC:0:0
+
AES-256 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_AES_256_CBC:"AES-256-CBC":256:0:-1
diff --git a/tests/suites/test_suite_cipher.camellia.data b/tests/suites/test_suite_cipher.camellia.data
index 667f424..3e7bffa 100644
--- a/tests/suites/test_suite_cipher.camellia.data
+++ b/tests/suites/test_suite_cipher.camellia.data
@@ -1,7 +1,11 @@
-CAMELLIA CBC Decrypt empty buffer
+CAMELLIA-128 CBC - Decrypt empty buffer
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:0:0
+CAMELLIA-256 CBC - Decrypt empty buffer
+depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_256_CBC:0:0
+
CAMELLIA Encrypt and decrypt 0 bytes [#1]
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:0:-1
diff --git a/tests/suites/test_suite_cipher.gcm.data b/tests/suites/test_suite_cipher.gcm.data
index c526b2e..8d728bd 100644
--- a/tests/suites/test_suite_cipher.gcm.data
+++ b/tests/suites/test_suite_cipher.gcm.data
@@ -2,6 +2,10 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_128_GCM:0:0
+AES GCM Decrypt empty buffer
+depends_on:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_GCM_C
+dec_empty_buf:MBEDTLS_CIPHER_AES_128_GCM:0:0
+
Aria GCM Decrypt empty buffer
depends_on:MBEDTLS_ARIA_C:MBEDTLS_GCM_C
dec_empty_buf:MBEDTLS_CIPHER_ARIA_128_GCM:0:0
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index b6e6e5a..bc95f6f 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -5297,6 +5297,8 @@
size_t i;
unsigned run;
+ TEST_ASSERT( bytes_arg >= 0 );
+
ASSERT_ALLOC( output, bytes + sizeof( trail ) );
ASSERT_ALLOC( changed, bytes );
memcpy( output + bytes, trail, sizeof( trail ) );
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 47ebd92..9af6a5c 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -379,40 +379,184 @@
resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096
DTLS no legacy renegotiation with MFL=512
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:""
DTLS no legacy renegotiation with MFL=1024
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:""
DTLS no legacy renegotiation with MFL=2048
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:""
DTLS no legacy renegotiation with MFL=4096
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:""
DTLS legacy allow renegotiation with MFL=512
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:""
DTLS legacy allow renegotiation with MFL=1024
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:""
DTLS legacy allow renegotiation with MFL=2048
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:""
DTLS legacy allow renegotiation with MFL=4096
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:""
DTLS legacy break handshake renegotiation with MFL=512
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:""
DTLS legacy break handshake renegotiation with MFL=1024
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:""
DTLS legacy break handshake renegotiation with MFL=2048
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:""
DTLS legacy break handshake renegotiation with MFL=4096
-resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:""
+
+DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384
+depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
+
+DTLS no legacy renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384
+depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
+
+DTLS no legacy renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384
+depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
+
+DTLS no legacy renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384
+depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
+
+DTLS legacy allow renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384
+depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
+
+DTLS legacy allow renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384
+depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
+
+DTLS legacy allow renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384
+depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
+
+DTLS legacy allow renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384
+depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
+
+DTLS legacy break handshake renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384
+depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
+
+DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384
+depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
+
+DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384
+depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
+
+DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384
+depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
+
+DTLS no legacy renegotiation with MFL=512, RSA-WITH-AES-128-CCM
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
+
+DTLS no legacy renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
+
+DTLS no legacy renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
+
+DTLS no legacy renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
+
+DTLS legacy allow renegotiation with MFL=512, RSA-WITH-AES-128-CCM
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
+
+DTLS legacy allow renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
+
+DTLS legacy allow renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
+
+DTLS legacy allow renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
+
+DTLS legacy break handshake renegotiation with MFL=512, RSA-WITH-AES-128-CCM
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
+
+DTLS legacy break handshake renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
+
+DTLS legacy break handshake renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
+
+DTLS legacy break handshake renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
+
+DTLS no legacy renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+
+DTLS no legacy renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+
+DTLS no legacy renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+
+DTLS no legacy renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+
+DTLS legacy allow renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+
+DTLS legacy allow renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+
+DTLS legacy allow renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+
+DTLS legacy allow renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+
+DTLS legacy break handshake renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+
+DTLS legacy break handshake renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+
+DTLS legacy break handshake renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+
+DTLS legacy break handshake renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
+resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
SSL DTLS replay: initial state, seqnum 0
ssl_dtls_replay:"":"000000000000":0
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 2a6e99b..e59a167 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3900,12 +3900,13 @@
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
- int serialize, int dtls )
+ int serialize, int dtls, char *cipher )
{
handshake_test_options options;
init_handshake_options( &options );
options.mfl = mfl;
+ options.cipher = cipher;
options.renegotiate = renegotiation;
options.legacy_renegotiation = legacy_renegotiation;
options.serialize = serialize;
@@ -3921,7 +3922,8 @@
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS */
void resize_buffers_serialize_mfl( int mfl )
{
- test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1 );
+ test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
+ (char *) "" );
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
@@ -3929,9 +3931,10 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation )
+void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
+ char *cipher )
{
- test_resize_buffers( mfl, 1, legacy_renegotiation, 0, 1 );
+ test_resize_buffers( mfl, 1, legacy_renegotiation, 0, 1, cipher );
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 868fe06..5dc81d3 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"2.21.0"
+check_compiletime_version:"2.22.0"
Check runtime library version
-check_runtime_version:"2.21.0"
+check_runtime_version:"2.22.0"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 3099e63..7012e8e 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1798,6 +1798,14 @@
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d130101010406300402010102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+X509 CRT ASN1 (inv extBasicConstraint, pathlen is INT_MAX)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
+x509parse_crt_file:"data_files/server1_pathlen_int_max.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT ASN1 (pathlen is INT_MAX-1)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
+x509parse_crt_file:"data_files/server1_pathlen_int_max-1.crt":0
+
X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen inv length encoding)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln
index 4e21fce..26219dd 100644
--- a/visualc/VS2010/mbedTLS.sln
+++ b/visualc/VS2010/mbedTLS.sln
@@ -13,12 +13,12 @@
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hello", "hello.vcxproj", "{B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}"
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "generic_sum", "generic_sum.vcxproj", "{D071CCF7-ACA0-21F8-D382-52A759AEA261}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "generic_sum", "generic_sum.vcxproj", "{D071CCF7-ACA0-21F8-D382-52A759AEA261}"
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hello", "hello.vcxproj", "{B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
@@ -88,11 +88,6 @@
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_genkey", "rsa_genkey.vcxproj", "{F472475C-F677-0E7F-F127-45BF5B64F622}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_decrypt", "rsa_decrypt.vcxproj", "{E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@@ -103,17 +98,22 @@
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_genkey", "rsa_genkey.vcxproj", "{F472475C-F677-0E7F-F127-45BF5B64F622}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_sign", "rsa_sign.vcxproj", "{10790F49-6887-AAB6-2D86-BCBD516F8D26}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_verify", "rsa_verify.vcxproj", "{689E28CF-89ED-BA38-3A14-78A75D891D46}"
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_sign_pss", "rsa_sign_pss.vcxproj", "{DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_sign_pss", "rsa_sign_pss.vcxproj", "{DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}"
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_verify", "rsa_verify.vcxproj", "{689E28CF-89ED-BA38-3A14-78A75D891D46}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
@@ -138,6 +138,21 @@
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_entropy", "gen_entropy.vcxproj", "{DE695064-13C3-18B0-378D-8B22672BF3F4}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_random_ctr_drbg", "gen_random_ctr_drbg.vcxproj", "{5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_random_havege", "gen_random_havege.vcxproj", "{71257802-BBCA-99F5-E9D2-905738F30893}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dtls_client", "dtls_client.vcxproj", "{FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@@ -148,6 +163,11 @@
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mini_client", "mini_client.vcxproj", "{C4FE29EA-266D-5295-4840-976B9B5B3843}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_client1", "ssl_client1.vcxproj", "{487A2F80-3CA3-678D-88D5-82194872CF08}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@@ -158,6 +178,21 @@
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_context_info", "ssl_context_info.vcxproj", "{017ECC7D-FB6D-46D8-076B-F64172E8E3BC}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_fork_server", "ssl_fork_server.vcxproj", "{918CD402-047D-8467-E11C-E1132053F916}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_mail_client", "ssl_mail_client.vcxproj", "{7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_server", "ssl_server.vcxproj", "{E08E0065-896A-7487-DEA5-D3B80B71F975}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@@ -168,41 +203,16 @@
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_fork_server", "ssl_fork_server.vcxproj", "{918CD402-047D-8467-E11C-E1132053F916}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mini_client", "mini_client.vcxproj", "{C4FE29EA-266D-5295-4840-976B9B5B3843}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_mail_client", "ssl_mail_client.vcxproj", "{7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_entropy", "gen_entropy.vcxproj", "{DE695064-13C3-18B0-378D-8B22672BF3F4}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_random_havege", "gen_random_havege.vcxproj", "{71257802-BBCA-99F5-E9D2-905738F30893}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_random_ctr_drbg", "gen_random_ctr_drbg.vcxproj", "{5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "benchmark", "benchmark.vcxproj", "{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "query_compile_time_config", "query_compile_time_config.vcxproj", "{D6F58AF2-9D80-562A-E2B0-F743281522B9}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "selftest", "selftest.vcxproj", "{7DBC5F77-3DA1-5F73-8421-E693D95FC66A}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@@ -218,11 +228,6 @@
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "query_compile_time_config", "query_compile_time_config.vcxproj", "{D6F58AF2-9D80-562A-E2B0-F743281522B9}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pem2der", "pem2der.vcxproj", "{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@@ -238,11 +243,6 @@
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crl_app", "crl_app.vcxproj", "{DB904B85-AD31-B7FB-114F-88760CC485F2}"
- ProjectSection(ProjectDependencies) = postProject
- {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
- EndProjectSection
-EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cert_req", "cert_req.vcxproj", "{C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@@ -253,6 +253,11 @@
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crl_app", "crl_app.vcxproj", "{DB904B85-AD31-B7FB-114F-88760CC485F2}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "req_app", "req_app.vcxproj", "{486B1375-5CFA-C2D2-DD89-C9F497BADCB3}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@@ -290,14 +295,6 @@
{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Release|Win32.Build.0 = Release|Win32
{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Release|x64.ActiveCfg = Release|x64
{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Release|x64.Build.0 = Release|x64
- {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|Win32.ActiveCfg = Debug|Win32
- {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|Win32.Build.0 = Debug|Win32
- {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|x64.ActiveCfg = Debug|x64
- {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|x64.Build.0 = Debug|x64
- {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|Win32.ActiveCfg = Release|Win32
- {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|Win32.Build.0 = Release|Win32
- {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|x64.ActiveCfg = Release|x64
- {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|x64.Build.0 = Release|x64
{D071CCF7-ACA0-21F8-D382-52A759AEA261}.Debug|Win32.ActiveCfg = Debug|Win32
{D071CCF7-ACA0-21F8-D382-52A759AEA261}.Debug|Win32.Build.0 = Debug|Win32
{D071CCF7-ACA0-21F8-D382-52A759AEA261}.Debug|x64.ActiveCfg = Debug|x64
@@ -306,6 +303,14 @@
{D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|Win32.Build.0 = Release|Win32
{D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|x64.ActiveCfg = Release|x64
{D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|x64.Build.0 = Release|x64
+ {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|Win32.ActiveCfg = Debug|Win32
+ {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|Win32.Build.0 = Debug|Win32
+ {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|x64.ActiveCfg = Debug|x64
+ {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|x64.Build.0 = Debug|x64
+ {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|Win32.ActiveCfg = Release|Win32
+ {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|Win32.Build.0 = Release|Win32
+ {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|x64.ActiveCfg = Release|x64
+ {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|x64.Build.0 = Release|x64
{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|Win32.ActiveCfg = Debug|Win32
{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|Win32.Build.0 = Debug|Win32
{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|x64.ActiveCfg = Debug|x64
@@ -410,14 +415,6 @@
{C429B336-1B30-119C-3B34-21A186D6744F}.Release|Win32.Build.0 = Release|Win32
{C429B336-1B30-119C-3B34-21A186D6744F}.Release|x64.ActiveCfg = Release|x64
{C429B336-1B30-119C-3B34-21A186D6744F}.Release|x64.Build.0 = Release|x64
- {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|Win32.ActiveCfg = Debug|Win32
- {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|Win32.Build.0 = Debug|Win32
- {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|x64.ActiveCfg = Debug|x64
- {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|x64.Build.0 = Debug|x64
- {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|Win32.ActiveCfg = Release|Win32
- {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|Win32.Build.0 = Release|Win32
- {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|x64.ActiveCfg = Release|x64
- {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|x64.Build.0 = Release|x64
{E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Debug|Win32.ActiveCfg = Debug|Win32
{E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Debug|Win32.Build.0 = Debug|Win32
{E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Debug|x64.ActiveCfg = Debug|x64
@@ -434,6 +431,14 @@
{D06CF12E-F222-9273-41BF-B8A052FA5527}.Release|Win32.Build.0 = Release|Win32
{D06CF12E-F222-9273-41BF-B8A052FA5527}.Release|x64.ActiveCfg = Release|x64
{D06CF12E-F222-9273-41BF-B8A052FA5527}.Release|x64.Build.0 = Release|x64
+ {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|Win32.ActiveCfg = Debug|Win32
+ {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|Win32.Build.0 = Debug|Win32
+ {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|x64.ActiveCfg = Debug|x64
+ {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|x64.Build.0 = Debug|x64
+ {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|Win32.ActiveCfg = Release|Win32
+ {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|Win32.Build.0 = Release|Win32
+ {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|x64.ActiveCfg = Release|x64
+ {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|x64.Build.0 = Release|x64
{10790F49-6887-AAB6-2D86-BCBD516F8D26}.Debug|Win32.ActiveCfg = Debug|Win32
{10790F49-6887-AAB6-2D86-BCBD516F8D26}.Debug|Win32.Build.0 = Debug|Win32
{10790F49-6887-AAB6-2D86-BCBD516F8D26}.Debug|x64.ActiveCfg = Debug|x64
@@ -442,14 +447,6 @@
{10790F49-6887-AAB6-2D86-BCBD516F8D26}.Release|Win32.Build.0 = Release|Win32
{10790F49-6887-AAB6-2D86-BCBD516F8D26}.Release|x64.ActiveCfg = Release|x64
{10790F49-6887-AAB6-2D86-BCBD516F8D26}.Release|x64.Build.0 = Release|x64
- {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|Win32.ActiveCfg = Debug|Win32
- {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|Win32.Build.0 = Debug|Win32
- {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|x64.ActiveCfg = Debug|x64
- {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|x64.Build.0 = Debug|x64
- {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|Win32.ActiveCfg = Release|Win32
- {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|Win32.Build.0 = Release|Win32
- {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|x64.ActiveCfg = Release|x64
- {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|x64.Build.0 = Release|x64
{DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Debug|Win32.ActiveCfg = Debug|Win32
{DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Debug|Win32.Build.0 = Debug|Win32
{DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Debug|x64.ActiveCfg = Debug|x64
@@ -458,6 +455,14 @@
{DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Release|Win32.Build.0 = Release|Win32
{DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Release|x64.ActiveCfg = Release|x64
{DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Release|x64.Build.0 = Release|x64
+ {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|Win32.ActiveCfg = Debug|Win32
+ {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|Win32.Build.0 = Debug|Win32
+ {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|x64.ActiveCfg = Debug|x64
+ {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|x64.Build.0 = Debug|x64
+ {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|Win32.ActiveCfg = Release|Win32
+ {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|Win32.Build.0 = Release|Win32
+ {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|x64.ActiveCfg = Release|x64
+ {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|x64.Build.0 = Release|x64
{95C50864-854C-2A11-4C91-BCE654E344FB}.Debug|Win32.ActiveCfg = Debug|Win32
{95C50864-854C-2A11-4C91-BCE654E344FB}.Debug|Win32.Build.0 = Debug|Win32
{95C50864-854C-2A11-4C91-BCE654E344FB}.Debug|x64.ActiveCfg = Debug|x64
@@ -490,6 +495,30 @@
{A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Release|Win32.Build.0 = Release|Win32
{A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Release|x64.ActiveCfg = Release|x64
{A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Release|x64.Build.0 = Release|x64
+ {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|Win32.ActiveCfg = Debug|Win32
+ {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|Win32.Build.0 = Debug|Win32
+ {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|x64.ActiveCfg = Debug|x64
+ {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|x64.Build.0 = Debug|x64
+ {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|Win32.ActiveCfg = Release|Win32
+ {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|Win32.Build.0 = Release|Win32
+ {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|x64.ActiveCfg = Release|x64
+ {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|x64.Build.0 = Release|x64
+ {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|Win32.ActiveCfg = Debug|Win32
+ {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|Win32.Build.0 = Debug|Win32
+ {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|x64.ActiveCfg = Debug|x64
+ {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|x64.Build.0 = Debug|x64
+ {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|Win32.ActiveCfg = Release|Win32
+ {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|Win32.Build.0 = Release|Win32
+ {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.ActiveCfg = Release|x64
+ {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.Build.0 = Release|x64
+ {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|Win32.ActiveCfg = Debug|Win32
+ {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|Win32.Build.0 = Debug|Win32
+ {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|x64.ActiveCfg = Debug|x64
+ {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|x64.Build.0 = Debug|x64
+ {71257802-BBCA-99F5-E9D2-905738F30893}.Release|Win32.ActiveCfg = Release|Win32
+ {71257802-BBCA-99F5-E9D2-905738F30893}.Release|Win32.Build.0 = Release|Win32
+ {71257802-BBCA-99F5-E9D2-905738F30893}.Release|x64.ActiveCfg = Release|x64
+ {71257802-BBCA-99F5-E9D2-905738F30893}.Release|x64.Build.0 = Release|x64
{FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}.Debug|Win32.ActiveCfg = Debug|Win32
{FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}.Debug|Win32.Build.0 = Debug|Win32
{FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}.Debug|x64.ActiveCfg = Debug|x64
@@ -506,6 +535,14 @@
{BFE89EAA-D98B-34E1-C5A4-4080F6FFE317}.Release|Win32.Build.0 = Release|Win32
{BFE89EAA-D98B-34E1-C5A4-4080F6FFE317}.Release|x64.ActiveCfg = Release|x64
{BFE89EAA-D98B-34E1-C5A4-4080F6FFE317}.Release|x64.Build.0 = Release|x64
+ {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|Win32.ActiveCfg = Debug|Win32
+ {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|Win32.Build.0 = Debug|Win32
+ {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|x64.ActiveCfg = Debug|x64
+ {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|x64.Build.0 = Debug|x64
+ {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|Win32.ActiveCfg = Release|Win32
+ {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|Win32.Build.0 = Release|Win32
+ {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|x64.ActiveCfg = Release|x64
+ {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|x64.Build.0 = Release|x64
{487A2F80-3CA3-678D-88D5-82194872CF08}.Debug|Win32.ActiveCfg = Debug|Win32
{487A2F80-3CA3-678D-88D5-82194872CF08}.Debug|Win32.Build.0 = Debug|Win32
{487A2F80-3CA3-678D-88D5-82194872CF08}.Debug|x64.ActiveCfg = Debug|x64
@@ -522,6 +559,30 @@
{4E590E9D-E28F-87FF-385B-D58736388231}.Release|Win32.Build.0 = Release|Win32
{4E590E9D-E28F-87FF-385B-D58736388231}.Release|x64.ActiveCfg = Release|x64
{4E590E9D-E28F-87FF-385B-D58736388231}.Release|x64.Build.0 = Release|x64
+ {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Debug|Win32.ActiveCfg = Debug|Win32
+ {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Debug|Win32.Build.0 = Debug|Win32
+ {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Debug|x64.ActiveCfg = Debug|x64
+ {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Debug|x64.Build.0 = Debug|x64
+ {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Release|Win32.ActiveCfg = Release|Win32
+ {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Release|Win32.Build.0 = Release|Win32
+ {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Release|x64.ActiveCfg = Release|x64
+ {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Release|x64.Build.0 = Release|x64
+ {918CD402-047D-8467-E11C-E1132053F916}.Debug|Win32.ActiveCfg = Debug|Win32
+ {918CD402-047D-8467-E11C-E1132053F916}.Debug|Win32.Build.0 = Debug|Win32
+ {918CD402-047D-8467-E11C-E1132053F916}.Debug|x64.ActiveCfg = Debug|x64
+ {918CD402-047D-8467-E11C-E1132053F916}.Debug|x64.Build.0 = Debug|x64
+ {918CD402-047D-8467-E11C-E1132053F916}.Release|Win32.ActiveCfg = Release|Win32
+ {918CD402-047D-8467-E11C-E1132053F916}.Release|Win32.Build.0 = Release|Win32
+ {918CD402-047D-8467-E11C-E1132053F916}.Release|x64.ActiveCfg = Release|x64
+ {918CD402-047D-8467-E11C-E1132053F916}.Release|x64.Build.0 = Release|x64
+ {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|Win32.ActiveCfg = Debug|Win32
+ {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|Win32.Build.0 = Debug|Win32
+ {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|x64.ActiveCfg = Debug|x64
+ {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|x64.Build.0 = Debug|x64
+ {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|Win32.ActiveCfg = Release|Win32
+ {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|Win32.Build.0 = Release|Win32
+ {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|x64.ActiveCfg = Release|x64
+ {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|x64.Build.0 = Release|x64
{E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|Win32.ActiveCfg = Debug|Win32
{E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|Win32.Build.0 = Debug|Win32
{E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|x64.ActiveCfg = Debug|x64
@@ -538,54 +599,6 @@
{A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|Win32.Build.0 = Release|Win32
{A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|x64.ActiveCfg = Release|x64
{A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|x64.Build.0 = Release|x64
- {918CD402-047D-8467-E11C-E1132053F916}.Debug|Win32.ActiveCfg = Debug|Win32
- {918CD402-047D-8467-E11C-E1132053F916}.Debug|Win32.Build.0 = Debug|Win32
- {918CD402-047D-8467-E11C-E1132053F916}.Debug|x64.ActiveCfg = Debug|x64
- {918CD402-047D-8467-E11C-E1132053F916}.Debug|x64.Build.0 = Debug|x64
- {918CD402-047D-8467-E11C-E1132053F916}.Release|Win32.ActiveCfg = Release|Win32
- {918CD402-047D-8467-E11C-E1132053F916}.Release|Win32.Build.0 = Release|Win32
- {918CD402-047D-8467-E11C-E1132053F916}.Release|x64.ActiveCfg = Release|x64
- {918CD402-047D-8467-E11C-E1132053F916}.Release|x64.Build.0 = Release|x64
- {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|Win32.ActiveCfg = Debug|Win32
- {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|Win32.Build.0 = Debug|Win32
- {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|x64.ActiveCfg = Debug|x64
- {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|x64.Build.0 = Debug|x64
- {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|Win32.ActiveCfg = Release|Win32
- {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|Win32.Build.0 = Release|Win32
- {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|x64.ActiveCfg = Release|x64
- {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|x64.Build.0 = Release|x64
- {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|Win32.ActiveCfg = Debug|Win32
- {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|Win32.Build.0 = Debug|Win32
- {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|x64.ActiveCfg = Debug|x64
- {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|x64.Build.0 = Debug|x64
- {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|Win32.ActiveCfg = Release|Win32
- {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|Win32.Build.0 = Release|Win32
- {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|x64.ActiveCfg = Release|x64
- {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|x64.Build.0 = Release|x64
- {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|Win32.ActiveCfg = Debug|Win32
- {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|Win32.Build.0 = Debug|Win32
- {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|x64.ActiveCfg = Debug|x64
- {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|x64.Build.0 = Debug|x64
- {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|Win32.ActiveCfg = Release|Win32
- {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|Win32.Build.0 = Release|Win32
- {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|x64.ActiveCfg = Release|x64
- {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|x64.Build.0 = Release|x64
- {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|Win32.ActiveCfg = Debug|Win32
- {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|Win32.Build.0 = Debug|Win32
- {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|x64.ActiveCfg = Debug|x64
- {71257802-BBCA-99F5-E9D2-905738F30893}.Debug|x64.Build.0 = Debug|x64
- {71257802-BBCA-99F5-E9D2-905738F30893}.Release|Win32.ActiveCfg = Release|Win32
- {71257802-BBCA-99F5-E9D2-905738F30893}.Release|Win32.Build.0 = Release|Win32
- {71257802-BBCA-99F5-E9D2-905738F30893}.Release|x64.ActiveCfg = Release|x64
- {71257802-BBCA-99F5-E9D2-905738F30893}.Release|x64.Build.0 = Release|x64
- {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|Win32.ActiveCfg = Debug|Win32
- {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|Win32.Build.0 = Debug|Win32
- {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|x64.ActiveCfg = Debug|x64
- {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|x64.Build.0 = Debug|x64
- {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|Win32.ActiveCfg = Release|Win32
- {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|Win32.Build.0 = Release|Win32
- {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.ActiveCfg = Release|x64
- {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.Build.0 = Release|x64
{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.ActiveCfg = Debug|Win32
{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.Build.0 = Debug|Win32
{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|x64.ActiveCfg = Debug|x64
@@ -594,6 +607,14 @@
{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Release|Win32.Build.0 = Release|Win32
{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Release|x64.ActiveCfg = Release|x64
{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Release|x64.Build.0 = Release|x64
+ {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|Win32.ActiveCfg = Debug|Win32
+ {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|Win32.Build.0 = Debug|Win32
+ {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|x64.ActiveCfg = Debug|x64
+ {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|x64.Build.0 = Debug|x64
+ {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|Win32.ActiveCfg = Release|Win32
+ {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|Win32.Build.0 = Release|Win32
+ {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|x64.ActiveCfg = Release|x64
+ {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|x64.Build.0 = Release|x64
{7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Debug|Win32.ActiveCfg = Debug|Win32
{7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Debug|Win32.Build.0 = Debug|Win32
{7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Debug|x64.ActiveCfg = Debug|x64
@@ -618,14 +639,6 @@
{10C01E94-4926-063E-9F56-C84ED190D349}.Release|Win32.Build.0 = Release|Win32
{10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.ActiveCfg = Release|x64
{10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.Build.0 = Release|x64
- {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|Win32.ActiveCfg = Debug|Win32
- {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|Win32.Build.0 = Debug|Win32
- {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|x64.ActiveCfg = Debug|x64
- {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|x64.Build.0 = Debug|x64
- {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|Win32.ActiveCfg = Release|Win32
- {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|Win32.Build.0 = Release|Win32
- {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|x64.ActiveCfg = Release|x64
- {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|x64.Build.0 = Release|x64
{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.ActiveCfg = Debug|Win32
{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.Build.0 = Debug|Win32
{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|x64.ActiveCfg = Debug|x64
@@ -650,14 +663,6 @@
{D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Release|Win32.Build.0 = Release|Win32
{D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Release|x64.ActiveCfg = Release|x64
{D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Release|x64.Build.0 = Release|x64
- {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|Win32.ActiveCfg = Debug|Win32
- {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|Win32.Build.0 = Debug|Win32
- {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|x64.ActiveCfg = Debug|x64
- {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|x64.Build.0 = Debug|x64
- {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|Win32.ActiveCfg = Release|Win32
- {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|Win32.Build.0 = Release|Win32
- {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|x64.ActiveCfg = Release|x64
- {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|x64.Build.0 = Release|x64
{C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Debug|Win32.ActiveCfg = Debug|Win32
{C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Debug|Win32.Build.0 = Debug|Win32
{C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Debug|x64.ActiveCfg = Debug|x64
@@ -674,6 +679,14 @@
{35E52E46-3BA9-4361-41D3-53663C2E9B8A}.Release|Win32.Build.0 = Release|Win32
{35E52E46-3BA9-4361-41D3-53663C2E9B8A}.Release|x64.ActiveCfg = Release|x64
{35E52E46-3BA9-4361-41D3-53663C2E9B8A}.Release|x64.Build.0 = Release|x64
+ {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|Win32.ActiveCfg = Debug|Win32
+ {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|Win32.Build.0 = Debug|Win32
+ {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|x64.ActiveCfg = Debug|x64
+ {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|x64.Build.0 = Debug|x64
+ {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|Win32.ActiveCfg = Release|Win32
+ {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|Win32.Build.0 = Release|Win32
+ {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|x64.ActiveCfg = Release|x64
+ {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|x64.Build.0 = Release|x64
{486B1375-5CFA-C2D2-DD89-C9F497BADCB3}.Debug|Win32.ActiveCfg = Debug|Win32
{486B1375-5CFA-C2D2-DD89-C9F497BADCB3}.Debug|Win32.Build.0 = Debug|Win32
{486B1375-5CFA-C2D2-DD89-C9F497BADCB3}.Debug|x64.ActiveCfg = Debug|x64
diff --git a/visualc/VS2010/ssl_context_info.vcxproj b/visualc/VS2010/ssl_context_info.vcxproj
new file mode 100644
index 0000000..f252298
--- /dev/null
+++ b/visualc/VS2010/ssl_context_info.vcxproj
@@ -0,0 +1,177 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+ <ProjectConfiguration Include="Debug|Win32">
+ <Configuration>Debug</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Debug|x64">
+ <Configuration>Debug</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|Win32">
+ <Configuration>Release</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|x64">
+ <Configuration>Release</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+ <ClCompile Include="..\..\programs\ssl\ssl_context_info.c" />
+ </ItemGroup>
+ <ItemGroup>
+ <ProjectReference Include="mbedTLS.vcxproj">
+ <Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
+ <LinkLibraryDependencies>true</LinkLibraryDependencies>
+ </ProjectReference>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+ <ProjectGuid>{017ECC7D-FB6D-46D8-076B-F64172E8E3BC}</ProjectGuid>
+ <Keyword>Win32Proj</Keyword>
+ <RootNamespace>ssl_context_info</RootNamespace>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>true</UseDebugLibraries>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>true</UseDebugLibraries>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>false</UseDebugLibraries>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>false</UseDebugLibraries>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ImportGroup Label="ExtensionSettings">
+ </ImportGroup>
+ <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <LinkIncremental>true</LinkIncremental>
+ <IntDir>$(Configuration)\$(TargetName)\</IntDir>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <LinkIncremental>true</LinkIncremental>
+ <IntDir>$(Configuration)\$(TargetName)\</IntDir>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <LinkIncremental>false</LinkIncremental>
+ <IntDir>$(Configuration)\$(TargetName)\</IntDir>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <LinkIncremental>false</LinkIncremental>
+ <IntDir>$(Configuration)\$(TargetName)\</IntDir>
+ </PropertyGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <ClCompile>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <WarningLevel>Level3</WarningLevel>
+ <Optimization>Disabled</Optimization>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>
+../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib </AdditionalIncludeDirectories>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <ShowProgress>NotSet</ShowProgress>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
+ </Link>
+ <ProjectReference>
+ <LinkLibraryDependencies>false</LinkLibraryDependencies>
+ </ProjectReference>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <ClCompile>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <WarningLevel>Level3</WarningLevel>
+ <Optimization>Disabled</Optimization>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>
+../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib </AdditionalIncludeDirectories>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <ShowProgress>NotSet</ShowProgress>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
+ </Link>
+ <ProjectReference>
+ <LinkLibraryDependencies>false</LinkLibraryDependencies>
+ </ProjectReference>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <ClCompile>
+ <WarningLevel>Level3</WarningLevel>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <Optimization>MaxSpeed</Optimization>
+ <FunctionLevelLinking>true</FunctionLevelLinking>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>
+../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib </AdditionalIncludeDirectories>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <EnableCOMDATFolding>true</EnableCOMDATFolding>
+ <OptimizeReferences>true</OptimizeReferences>
+ <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <ClCompile>
+ <WarningLevel>Level3</WarningLevel>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <Optimization>MaxSpeed</Optimization>
+ <FunctionLevelLinking>true</FunctionLevelLinking>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>
+../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib </AdditionalIncludeDirectories>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <EnableCOMDATFolding>true</EnableCOMDATFolding>
+ <OptimizeReferences>true</OptimizeReferences>
+ <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
+ <AdditionalDependencies>%(AdditionalDependencies);</AdditionalDependencies>
+ </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+ <ImportGroup Label="ExtensionTargets">
+ </ImportGroup>
+</Project>