Merge branch 'development' into dtls

* development: (46 commits) Fix url again Fix small bug in base64_encode() Fix depend that was checked but not documented Fix dependency that was not checked Minor gitginore fixes Move some ignore patterns to subdirectories Ignore CMake/MSVC-related build files. Re-categorize changelog entry Fix misattribution Minor nits with stdout/stderr. Add cmake compatibility targets Add script for polarssl symlink creation Fix more stdio inclusion issues Add debug info for cert/suite selection Fix possible portability issue Fix bug in ssl_get_verify_result() aescrypt2.c local char array not initial Update Changelog Fix mips64 bignum implementation Fix usage string of ssl_client2 ... Conflicts: include/polarssl/ssl.h library/CMakeLists.txt library/Makefile programs/Makefile programs/ssl/ssl_client2.c programs/ssl/ssl_server2.c visualc/VS2010/PolarSSL.sln visualc/VS2010/mbedTLS.vcxproj visualc/VS6/mbedtls.dsp visualc/VS6/mbedtls.dsw
2025-08-07 06:42:56 +03:00 · 2015-01-29 11:29:12 +00:00
parent dba564bc79 860b51642d
commit 2a0718d947
267 changed files with 5475 additions and 3350 deletions
--- a/library/.gitignore
+++ b/library/.gitignore
@@ -1,2 +1,5 @@
 *.o
-libpolarssl*
+libpolarssl.*
+libmbedtls.*
+*.sln
+*.vcxproj
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -1,6 +1,6 @@
-option(USE_STATIC_POLARSSL_LIBRARY "Build PolarSSL static library." ON)
-option(USE_SHARED_POLARSSL_LIBRARY "Build PolarSSL shared library." OFF)
-option(LINK_WITH_PTHREAD "Explicitly link PolarSSL library to pthread." OFF)
+option(USE_STATIC_MBEDTLS_LIBRARY "Build mbed TLS static library." ON)
+option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
+option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)

 set(src
     aes.c
@@ -86,51 +86,72 @@ if(CMAKE_COMPILER_IS_CLANG)
  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code")
 endif(CMAKE_COMPILER_IS_CLANG)

-if (NOT USE_STATIC_POLARSSL_LIBRARY AND NOT USE_SHARED_POLARSSL_LIBRARY)
-	message(FATAL_ERROR "Need to choose static or shared polarssl build!")
-endif(NOT USE_STATIC_POLARSSL_LIBRARY AND NOT USE_SHARED_POLARSSL_LIBRARY)
+if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
+	message(FATAL_ERROR "Need to choose static or shared mbedtls build!")
+endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)

-if(USE_STATIC_POLARSSL_LIBRARY AND USE_SHARED_POLARSSL_LIBRARY)
+if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
 	# if we build both static an shared, then let
 	# tests and programs link to the shared lib target
-	set(polarssl_static_target "polarssl_static")
-elseif(USE_STATIC_POLARSSL_LIBRARY)
-	set(polarssl_static_target "polarssl")
+	set(mbedtls_static_target "mbedtls_static")
+elseif(USE_STATIC_MBEDTLS_LIBRARY)
+	set(mbedtls_static_target "mbedtls")
 endif()

-if(USE_STATIC_POLARSSL_LIBRARY)
-	add_library(${polarssl_static_target} STATIC ${src})
-	set_target_properties(${polarssl_static_target} PROPERTIES OUTPUT_NAME polarssl)
-	target_link_libraries(${polarssl_static_target} ${libs})
+if(USE_STATIC_MBEDTLS_LIBRARY)
+	add_library(${mbedtls_static_target} STATIC ${src})
+	set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls)
+	target_link_libraries(${mbedtls_static_target} ${libs})

 	if(ZLIB_FOUND)
-		target_link_libraries(${polarssl_static_target} ${ZLIB_LIBRARIES})
+		target_link_libraries(${mbedtls_static_target} ${ZLIB_LIBRARIES})
 	endif(ZLIB_FOUND)

 	if(LINK_WITH_PTHREAD)
-        target_link_libraries(${polarssl_static_target} pthread)
+        target_link_libraries(${mbedtls_static_target} pthread)
 	endif()

-	install(TARGETS ${polarssl_static_target}
+	install(TARGETS ${mbedtls_static_target}
 			DESTINATION ${LIB_INSTALL_DIR}
 			PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
 endif()

-if(USE_SHARED_POLARSSL_LIBRARY)
-	add_library(polarssl SHARED ${src})
-	set_target_properties(polarssl PROPERTIES VERSION 1.4.0 SOVERSION 8)
+if(USE_SHARED_MBEDTLS_LIBRARY)
+	add_library(mbedtls SHARED ${src})
+	set_target_properties(mbedtls PROPERTIES VERSION 1.4.0 SOVERSION 8)

-	target_link_libraries(polarssl ${libs})
+	target_link_libraries(mbedtls ${libs})

 	if(ZLIB_FOUND)
-		target_link_libraries(polarssl ${ZLIB_LIBRARIES})
+		target_link_libraries(mbedtls ${ZLIB_LIBRARIES})
 	endif(ZLIB_FOUND)

 	if(LINK_WITH_PTHREAD)
-        target_link_libraries(polarssl pthread)
+        target_link_libraries(mbedtls pthread)
 	endif()

-	install(TARGETS polarssl
+	install(TARGETS mbedtls
 			DESTINATION ${LIB_INSTALL_DIR}
 			PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
-endif(USE_SHARED_POLARSSL_LIBRARY)
+endif(USE_SHARED_MBEDTLS_LIBRARY)
+
+if(UNIX)
+    add_custom_target(polarssl
+        DEPENDS mbedtls # TODO: and mbedtls_static is shared is defined
+        COMMAND ${CMAKE_SOURCE_DIR}/scripts/polarssl_symlinks.sh ${CMAKE_BINARY_DIR}/library
+        )
+
+    if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
+        add_dependencies(polarssl mbedtls_static)
+    endif()
+
+    add_custom_target(polarssl-clean
+        COMMAND make clean
+        COMMAND rm -f ${CMAKE_BINARY_DIR}/library/libpolarssl.*
+        )
+
+    add_custom_target(polarssl-install
+        COMMAND make install
+        COMMAND ${CMAKE_SOURCE_DIR}/scripts/polarssl_symlinks.sh ${DESTDIR}/${CMAKE_INSTALL_PREFIX}/${LIB_INSTALL_DIR}
+        )
+endif(UNIX)
--- a/library/Makefile
+++ b/library/Makefile
@@ -22,7 +22,7 @@ ifdef SHARED
 CFLAGS += -fPIC
 endif

-SONAME=libpolarssl.so.8
+SONAME=libmbedtls.so.8

 DLEXT=so.8
 # OSX shared library extension:
@@ -69,32 +69,48 @@ OBJS=	aes.o		aesni.o		arc4.o			\
 ifndef SHARED
 all: static
 else
-all: shared
+all: shared static
 endif

 static: libpolarssl.a

-shared: libpolarssl.$(DLEXT) libpolarssl.so
+shared: libpolarssl.so

-libpolarssl.a: $(OBJS)
+libpolarssl.a: libmbedtls.a
+	echo "  LN    $@ -> $?"
+ifndef WINDOWS
+	ln -sf $? $@
+else
+	copy /y /b $? $@
+endif
+
+libmbedtls.a: $(OBJS)
 	echo "  AR    $@"
 	$(AR) r $@ $(OBJS)
 	echo "  RL    $@"
 	$(AR) s $@

-libpolarssl.${DLEXT}: libpolarssl.a
+libpolarssl.so: libmbedtls.so
+	echo "  LN    $@ -> $?"
+ifndef WINDOWS
+	ln -sf $? $@
+else
+	copy /y /b $? $@
+endif
+
+libmbedtls.${DLEXT}: $(OBJS)
 	echo "  LD    $@"
 	$(CC) ${LDFLAGS} -shared -Wl,-soname,$(SONAME) -o $@ $(OBJS)

-libpolarssl.so: libpolarssl.${DLEXT}
-	echo "  LN    $@ -> libpolarssl.${DLEXT}"
-	ln -sf libpolarssl.${DLEXT} $@
+libmbedtls.so: libmbedtls.${DLEXT}
+	echo "  LN    $@ -> libmbedtls.${DLEXT}"
+	ln -sf libmbedtls.${DLEXT} $@

-libpolarssl.dylib: libpolarssl.a
+libmbedtls.dylib: $(OBJS)
 	echo "  LD    $@"
 	$(CC) ${LDFLAGS} -dynamiclib -o $@ $(OBJS)

-libpolarssl.dll: libpolarssl.a
+libmbedtls.dll: $(OBJS)
 	echo "  LD    $@"
 	$(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS) -lws2_32 -lwinmm -lgdi32

@@ -104,8 +120,8 @@ libpolarssl.dll: libpolarssl.a

 clean:
 ifndef WINDOWS
-	rm -f *.o libpolarssl.*
+	rm -f *.o libpolarssl.* libmbedtls.*
 endif
 ifdef WINDOWS
-	del /Q /F *.o libpolarssl.*
+	del /Q /F *.o libpolarssl.* libmbedtls.*
 endif
--- a/library/aes.c
+++ b/library/aes.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@@ -69,12 +69,12 @@ static void polarssl_zeroize( void *v, size_t n ) {
 #endif

 #ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i)                            \
-{                                                       \
-    (b)[(i)    ] = (unsigned char) ( (n)       );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n) >> 24 );       \
+#define PUT_UINT32_LE(n,b,i)                                    \
+{                                                               \
+    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
+    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
+    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
+    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
 }
 #endif

--- a/library/aesni.c
+++ b/library/aesni.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/arc4.c
+++ b/library/arc4.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/base64.c
+++ b/library/base64.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@@ -82,7 +82,10 @@ int base64_encode( unsigned char *dst, size_t *dlen,
    unsigned char *p;

    if( slen == 0 )
+    {
+        *dlen = 0;
        return( 0 );
+    }

    n = ( slen << 3 ) / 6;

--- a/library/bignum.c
+++ b/library/bignum.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/blowfish.c
+++ b/library/blowfish.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2012-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/certs.c
+++ b/library/certs.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -7,7 +7,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -7,7 +7,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/debug.c
+++ b/library/debug.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@@ -32,10 +32,7 @@

 #include <stdarg.h>
 #include <stdlib.h>
-
-#if defined(EFIX64) || defined(EFI32)
 #include <stdio.h>
-#endif

 #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
 #if !defined  snprintf
--- a/library/des.c
+++ b/library/des.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/error.c
+++ b/library/error.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@@ -172,7 +172,7 @@
 #include "polarssl/xtea.h"
 #endif

-
+#include <stdio.h>
 #include <string.h>

 #if defined(_MSC_VER) && !defined  snprintf && !defined(EFIX64) && \
@@ -454,7 +454,7 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
        if( use_ret == -(POLARSSL_ERR_SSL_BUFFER_TOO_SMALL) )
            snprintf( buf, buflen, "SSL - A buffer is too small to receive or write a message" );
        if( use_ret == -(POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE) )
-            snprintf( buf, buflen, "SSL - None of the common ciphersuites is usable (eg, no suitable certificate)" );
+            snprintf( buf, buflen, "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" );
 #endif /* POLARSSL_SSL_TLS_C */

 #if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/havege.c
+++ b/library/havege.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/md.c
+++ b/library/md.c
@@ -7,7 +7,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/md2.c
+++ b/library/md2.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/md4.c
+++ b/library/md4.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@@ -67,12 +67,12 @@ static void polarssl_zeroize( void *v, size_t n ) {
 #endif

 #ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i)                            \
-{                                                       \
-    (b)[(i)    ] = (unsigned char) ( (n)       );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n) >> 24 );       \
+#define PUT_UINT32_LE(n,b,i)                                    \
+{                                                               \
+    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
+    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
+    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
+    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
 }
 #endif

--- a/library/md5.c
+++ b/library/md5.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@@ -66,12 +66,12 @@ static void polarssl_zeroize( void *v, size_t n ) {
 #endif

 #ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i)                            \
-{                                                       \
-    (b)[(i)    ] = (unsigned char) ( (n)       );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n) >> 24 );       \
+#define PUT_UINT32_LE(n,b,i)                                    \
+{                                                               \
+    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
+    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
+    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
+    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
 }
 #endif

--- a/library/md_wrap.c
+++ b/library/md_wrap.c
@@ -7,7 +7,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/memory_buffer_alloc.c
+++ b/library/memory_buffer_alloc.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/net.c
+++ b/library/net.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/oid.c
+++ b/library/oid.c
@@ -5,7 +5,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/padlock.c
+++ b/library/padlock.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/pbkdf2.c
+++ b/library/pbkdf2.c
@@ -8,7 +8,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/pem.c
+++ b/library/pem.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/pk.c
+++ b/library/pk.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/pkcs11.c
+++ b/library/pkcs11.c
@@ -7,7 +7,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -7,7 +7,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/platform.c
+++ b/library/platform.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2014-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@@ -64,12 +64,12 @@
 #endif

 #ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i)                            \
-{                                                       \
-    (b)[(i)    ] = (unsigned char) ( (n)       );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n) >> 24 );       \
+#define PUT_UINT32_LE(n,b,i)                                    \
+{                                                               \
+    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
+    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
+    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
+    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
 }
 #endif

--- a/library/rsa.c
+++ b/library/rsa.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -5,7 +5,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@@ -869,10 +869,18 @@ static int ssl_pick_cert( ssl_context *ssl,
    if( pk_alg == POLARSSL_PK_NONE )
        return( 0 );

+    SSL_DEBUG_MSG( 3, ( "ciphersuite requires certificate" ) );
+
    for( cur = list; cur != NULL; cur = cur->next )
    {
+        SSL_DEBUG_CRT( 3, "candidate certificate chain, certificate",
+                          cur->cert );
+
        if( ! pk_can_do( cur->key, pk_alg ) )
+        {
+            SSL_DEBUG_MSG( 3, ( "certificate mismatch: key type" ) );
            continue;
+        }

        /*
         * This avoids sending the client a cert it'll reject based on
@@ -885,13 +893,18 @@ static int ssl_pick_cert( ssl_context *ssl,
        if( ssl_check_cert_usage( cur->cert, ciphersuite_info,
                                  SSL_IS_SERVER ) != 0 )
        {
+            SSL_DEBUG_MSG( 3, ( "certificate mismatch: "
+                                "(extended) key usage extension" ) );
            continue;
        }

 #if defined(POLARSSL_ECDSA_C)
        if( pk_alg == POLARSSL_PK_ECDSA &&
            ssl_check_key_curve( cur->key, ssl->handshake->curves ) != 0 )
+        {
+            SSL_DEBUG_MSG( 3, ( "certificate mismatch: elliptic curve" ) );
            continue;
+        }
 #endif

        /*
@@ -904,22 +917,27 @@ static int ssl_pick_cert( ssl_context *ssl,
        {
            if( fallback == NULL )
                fallback = cur;
+            {
+                SSL_DEBUG_MSG( 3, ( "certificate not preferred: "
+                                    "sha-2 with pre-TLS 1.2 client" ) );
            continue;
+            }
        }

        /* If we get there, we got a winner */
        break;
    }

+    if( cur == NULL )
+        cur = fallback;
+
+
+    /* Do not update ssl->handshake->key_cert unless the is a match */
    if( cur != NULL )
    {
        ssl->handshake->key_cert = cur;
-        return( 0 );
-    }
-
-    if( fallback != NULL )
-    {
-        ssl->handshake->key_cert = fallback;
+        SSL_DEBUG_CRT( 3, "selected certificate chain, certificate",
+                          ssl->handshake->key_cert->cert );
        return( 0 );
    }

@@ -943,9 +961,14 @@ static int ssl_ciphersuite_match( ssl_context *ssl, int suite_id,
        return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
    }

+    SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %s", suite_info->name ) );
+
    if( suite_info->min_minor_ver > ssl->minor_ver ||
        suite_info->max_minor_ver < ssl->minor_ver )
+    {
+        SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: version" ) );
        return( 0 );
+    }

 #if defined(POLARSSL_SSL_PROTO_DTLS)
    if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
@@ -955,13 +978,20 @@ static int ssl_ciphersuite_match( ssl_context *ssl, int suite_id,

    if( ssl->arc4_disabled == SSL_ARC4_DISABLED &&
            suite_info->cipher == POLARSSL_CIPHER_ARC4_128 )
+    {
+        SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: rc4" ) );
        return( 0 );
+    }

 #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
    if( ssl_ciphersuite_uses_ec( suite_info ) &&
        ( ssl->handshake->curves == NULL ||
          ssl->handshake->curves[0] == NULL ) )
+    {
+        SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: "
+                            "no common elliptic curve" ) );
        return( 0 );
+    }
 #endif

 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
@@ -971,7 +1001,10 @@ static int ssl_ciphersuite_match( ssl_context *ssl, int suite_id,
        ssl->f_psk == NULL &&
        ( ssl->psk == NULL || ssl->psk_identity == NULL ||
          ssl->psk_identity_len == 0 || ssl->psk_len == 0 ) )
+    {
+        SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no pre-shared key" ) );
        return( 0 );
+    }
 #endif

 #if defined(POLARSSL_X509_CRT_PARSE_C)
@@ -983,7 +1016,11 @@ static int ssl_ciphersuite_match( ssl_context *ssl, int suite_id,
     * This must be done last since we modify the key_cert list.
     */
    if( ssl_pick_cert( ssl, suite_info ) != 0 )
+    {
+        SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: "
+                            "no suitable certificate" ) );
        return( 0 );
+    }
 #endif

    *ciphersuite_info = suite_info;
@@ -1233,6 +1270,8 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
    }

 have_ciphersuite_v2:
+    SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) );
+
    ssl->session_negotiate->ciphersuite = ciphersuites[i];
    ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
    ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
@@ -2004,6 +2043,8 @@ read_record_header:
    }

 have_ciphersuite:
+    SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) );
+
    ssl->session_negotiate->ciphersuite = ciphersuites[i];
    ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
    ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@@ -5770,7 +5770,13 @@ size_t ssl_get_bytes_avail( const ssl_context *ssl )

 int ssl_get_verify_result( const ssl_context *ssl )
 {
-    return( ssl->session->verify_result );
+    if( ssl->session != NULL )
+        return( ssl->session->verify_result );
+
+    if( ssl->session_negotiate != NULL )
+        return( ssl->session_negotiate->verify_result );
+
+    return( -1 );
 }

 const char *ssl_get_ciphersuite( const ssl_context *ssl )
--- a/library/threading.c
+++ b/library/threading.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/timing.c
+++ b/library/timing.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/version.c
+++ b/library/version.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/x509.c
+++ b/library/x509.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@@ -61,12 +61,9 @@
 #include <time.h>
 #endif

-#if defined(EFIX64) || defined(EFI32)
 #include <stdio.h>
-#endif

 #if defined(POLARSSL_FS_IO)
-#include <stdio.h>
 #if !defined(_WIN32)
 #include <sys/types.h>
 #include <sys/stat.h>
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@@ -63,12 +63,9 @@
 #include <time.h>
 #endif

-#if defined(EFIX64) || defined(EFI32)
 #include <stdio.h>
-#endif

 #if defined(POLARSSL_FS_IO)
-#include <stdio.h>
 #if !defined(_WIN32) || defined(EFIX64) || defined(EFI32)
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -990,6 +987,8 @@ int x509_crt_parse_path( x509_crt *chain, const char *path )

    w_ret = MultiByteToWideChar( CP_ACP, 0, filename, len, szDir,
                                 MAX_PATH - 3 );
+    if( w_ret == 0 )
+        return( POLARSSL_ERR_X509_BAD_INPUT_DATA );

    hFind = FindFirstFileW( szDir, &file_data );
    if( hFind == INVALID_HANDLE_VALUE )
@@ -1007,6 +1006,8 @@ int x509_crt_parse_path( x509_crt *chain, const char *path )
                                     lstrlenW( file_data.cFileName ),
                                     p, len - 1,
                                     NULL, NULL );
+        if( w_ret == 0 )
+            return( POLARSSL_ERR_X509_FILE_IO_ERROR );

        w_ret = x509_crt_parse_file( chain, filename );
        if( w_ret < 0 )
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/library/xtea.c
+++ b/library/xtea.c
@@ -3,7 +3,7 @@
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
- *  This file is part of mbed TLS (https://www.polarssl.org)
+ *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by