diff --git a/.pylintrc b/.pylintrc index d217ff69c5..10c93f8791 100644 --- a/.pylintrc +++ b/.pylintrc @@ -73,3 +73,7 @@ reports=no # Allow unused variables if their name starts with an underscore. # [unused-argument] dummy-variables-rgx=_.* + +[SIMILARITIES] +# Ignore imports when computing similarities. +ignore-imports=yes diff --git a/.travis.yml b/.travis.yml index 2b41c28f14..cdf74c7177 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,8 +27,44 @@ jobs: - tests/scripts/all.sh -k build_arm_linux_gnueabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus - name: full configuration + os: linux + dist: focal + addons: + apt: + packages: + - clang-10 + - gnutls-bin script: - - tests/scripts/all.sh -k test_full_cmake_gcc_asan + # Do a manual build+test sequence rather than using all.sh, + # because there's no all.sh component that does what we want, + # which is a build with Clang >= 10 and ASan, running all the SSL + # testing. + # - The clang executable in the default PATH is Clang 7 on + # Travis's focal instances, but we want Clang >= 10. + # - Running all the SSL testing requires a specific set of + # OpenSSL and GnuTLS versions and we don't want to bother + # with those on Travis. + # So we explicitly select clang-10 as the compiler, and we + # have ad hoc restrictions on SSL testing based on what is + # passing at the time of writing. We will remove these limitations + # gradually. + - make CC=clang-10 CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all -O2' LDFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all' + - make test + - programs/test/selftest + - tests/scripts/test_psa_constant_names.py + # Exclude a few test cases that are failing mysteriously. + # https://github.com/Mbed-TLS/mbedtls/issues/6660 + - tests/ssl-opt.sh -e 'Fallback SCSV:\ .*list' + # Modern OpenSSL does not support fixed ECDH, null or ancient ciphers. + - tests/compat.sh -p OpenSSL -e 'NULL\|ECDH-\|DES\|RC4' + - tests/scripts/travis-log-failure.sh + # GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it. + # Modern GnuTLS does not support DES. + # One NULL cipher suite is strangely missing in pre-1.2 protocol + # versions (it works with (D)TLS1.2, but don't bother). + - tests/compat.sh -p GnuTLS -e 'CAMELLIA\|DES\|TLS-RSA-WITH-NULL-SHA256' + - tests/scripts/travis-log-failure.sh + - tests/context-info.sh - name: Windows os: windows diff --git a/ChangeLog.d/fix_dh_genprime_error_reporting.txt b/ChangeLog.d/fix_dh_genprime_error_reporting.txt new file mode 100644 index 0000000000..1c98947f3b --- /dev/null +++ b/ChangeLog.d/fix_dh_genprime_error_reporting.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix bug in error reporting in dh_genprime.c where upon failure, + the error code returned by mbedtls_mpi_write_file() is overwritten + and therefore not printed. diff --git a/ChangeLog.d/fix_x509_info_hwmodulename.txt b/ChangeLog.d/fix_x509_info_hwmodulename.txt new file mode 100644 index 0000000000..8b227cec34 --- /dev/null +++ b/ChangeLog.d/fix_x509_info_hwmodulename.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix a bug in which mbedtls_x509_crt_info() would produce non-printable + bytes when parsing certificates containing a binary RFC 4108 + HardwareModuleName as a Subject Alternative Name extension. Hardware + serial numbers are now rendered in hex format. Fixes #6262. diff --git a/ChangeLog.d/mpi-add-0-ub.txt b/ChangeLog.d/mpi-add-0-ub.txt new file mode 100644 index 0000000000..9f131a4300 --- /dev/null +++ b/ChangeLog.d/mpi-add-0-ub.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix undefined behavior (typically harmless in practice) of + mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() + when both operands are 0 and the left operand is represented with 0 limbs. diff --git a/ChangeLog.d/mpi-most-negative-sint.txt b/ChangeLog.d/mpi-most-negative-sint.txt new file mode 100644 index 0000000000..5e775c4825 --- /dev/null +++ b/ChangeLog.d/mpi-most-negative-sint.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix undefined behavior (typically harmless in practice) when some bignum + functions receive the most negative value of mbedtls_mpi_sint. Credit + to OSS-Fuzz. Fixes #6597. diff --git a/ChangeLog.d/negative-zero-from-add.txt b/ChangeLog.d/negative-zero-from-add.txt new file mode 100644 index 0000000000..107d858d36 --- /dev/null +++ b/ChangeLog.d/negative-zero-from-add.txt @@ -0,0 +1,6 @@ +Bugfix + * In the bignum module, operations of the form (-A) - (+A) or (-A) - (-A) + with A > 0 created an unintended representation of the value 0 which was + not processed correctly by some bignum operations. Fix this. This had no + consequence on cryptography code, but might affect applications that call + bignum directly and use negative numbers. diff --git a/ChangeLog.d/psa-ecb-ub.txt b/ChangeLog.d/psa-ecb-ub.txt new file mode 100644 index 0000000000..9d725ac706 --- /dev/null +++ b/ChangeLog.d/psa-ecb-ub.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix undefined behavior (typically harmless in practice) in PSA ECB + encryption and decryption. diff --git a/README.md b/README.md index 019fceb388..833e2cd494 100644 --- a/README.md +++ b/README.md @@ -187,7 +187,7 @@ For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, ad - `tests/ssl-opt.sh` runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations. - `tests/compat.sh` tests interoperability of every ciphersuite with other implementations. - `tests/scripts/test-ref-configs.pl` test builds in various reduced configurations. -- `tests/scripts/key-exchanges.pl` test builds in configurations with a single key exchange enabled +- `tests/scripts/depends.py` test builds in configurations with a single curve, key exchange, hash, cipher, or pkalg on. - `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `config.h`, etc). Porting Mbed TLS diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index f2094908d3..0f3aa00183 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -182,6 +182,20 @@ #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ +/** \typedef mbedtls_mpi_uint + * \brief The type of machine digits in a bignum, called _limbs_. + * + * This is always an unsigned integer type with no padding bits. The size + * is platform-dependent. + */ + +/** \typedef mbedtls_mpi_sint + * \brief The signed type corresponding to #mbedtls_mpi_uint. + * + * This is always an signed integer type with no padding bits. The size + * is platform-dependent. + */ + #ifdef __cplusplus extern "C" { #endif @@ -191,9 +205,27 @@ extern "C" { */ typedef struct mbedtls_mpi { - int s; /*!< Sign: -1 if the mpi is negative, 1 otherwise */ - size_t n; /*!< total # of limbs */ - mbedtls_mpi_uint *p; /*!< pointer to limbs */ + /** Sign: -1 if the mpi is negative, 1 otherwise. + * + * The number 0 must be represented with `s = +1`. Although many library + * functions treat all-limbs-zero as equivalent to a valid representation + * of 0 regardless of the sign bit, there are exceptions, so bignum + * functions and external callers must always set \c s to +1 for the + * number zero. + * + * Note that this implies that calloc() or `... = {0}` does not create + * a valid MPI representation. You must call mbedtls_mpi_init(). + */ + int s; + + /** Total number of limbs in \c p. */ + size_t n; + + /** Pointer to limbs. + * + * This may be \c NULL if \c n is 0. + */ + mbedtls_mpi_uint *p; } mbedtls_mpi; @@ -761,11 +793,11 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, * * \param Q The destination MPI for the quotient. * This may be \c NULL if the value of the - * quotient is not needed. + * quotient is not needed. This must not alias A or B. * \param R The destination MPI for the remainder value. * This may be \c NULL if the value of the - * remainder is not needed. - * \param A The dividend. This must point to an initialized MPi. + * remainder is not needed. This must not alias A or B. + * \param A The dividend. This must point to an initialized MPI. * \param B The divisor. This must point to an initialized MPI. * * \return \c 0 if successful. @@ -782,10 +814,10 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, * * \param Q The destination MPI for the quotient. * This may be \c NULL if the value of the - * quotient is not needed. + * quotient is not needed. This must not alias A. * \param R The destination MPI for the remainder value. * This may be \c NULL if the value of the - * remainder is not needed. + * remainder is not needed. This must not alias A. * \param A The dividend. This must point to an initialized MPi. * \param b The divisor. * @@ -840,6 +872,7 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, * \brief Perform a sliding-window exponentiation: X = A^E mod N * * \param X The destination MPI. This must point to an initialized MPI. + * This must not alias E or N. * \param A The base of the exponentiation. * This must point to an initialized MPI. * \param E The exponent MPI. This must point to an initialized MPI. diff --git a/library/Makefile b/library/Makefile index 54b0651dc4..3b91e2556f 100644 --- a/library/Makefile +++ b/library/Makefile @@ -187,6 +187,7 @@ all: shared static endif static: libmbedcrypto.a libmbedx509.a libmbedtls.a + cd ../tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile shared: libmbedcrypto.$(DLEXT) libmbedx509.$(DLEXT) libmbedtls.$(DLEXT) diff --git a/library/aes.c b/library/aes.c index 555d32ea11..daa8b75ec4 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1763,7 +1763,8 @@ int mbedtls_aes_self_test( int verbose ) unsigned char key[32]; unsigned char buf[64]; const unsigned char *aes_tests; -#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) +#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) || \ + defined(MBEDTLS_CIPHER_MODE_OFB) unsigned char iv[16]; #endif #if defined(MBEDTLS_CIPHER_MODE_CBC) diff --git a/library/aria.c b/library/aria.c index 924f952834..5e52eea91e 100644 --- a/library/aria.c +++ b/library/aria.c @@ -37,11 +37,6 @@ #include "mbedtls/platform_util.h" -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - /* Parameter validation macros */ #define ARIA_VALIDATE_RET( cond ) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ) diff --git a/library/bignum.c b/library/bignum.c index 9392b217e6..37193f55a8 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -262,6 +262,17 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ) memcpy( Y, &T, sizeof( mbedtls_mpi ) ); } +static inline mbedtls_mpi_uint mpi_sint_abs( mbedtls_mpi_sint z ) +{ + if( z >= 0 ) + return( z ); + /* Take care to handle the most negative value (-2^(biL-1)) correctly. + * A naive -z would have undefined behavior. + * Write this in a way that makes popular compilers happy (GCC, Clang, + * MSVC). */ + return( (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z ); +} + /* * Set value from integer */ @@ -273,7 +284,7 @@ int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z ) MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) ); memset( X->p, 0, X->n * ciL ); - X->p[0] = ( z < 0 ) ? -z : z; + X->p[0] = mpi_sint_abs( z ); X->s = ( z < 0 ) ? -1 : 1; cleanup: @@ -1093,7 +1104,7 @@ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z ) mbedtls_mpi_uint p[1]; MPI_VALIDATE_RET( X != NULL ); - *p = ( z < 0 ) ? -z : z; + *p = mpi_sint_abs( z ); Y.s = ( z < 0 ) ? -1 : 1; Y.n = 1; Y.p = p; @@ -1130,6 +1141,11 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi if( B->p[j - 1] != 0 ) break; + /* Exit early to avoid undefined behavior on NULL+0 when X->n == 0 + * and B is 0 (of any size). */ + if( j == 0 ) + return( 0 ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) ); o = B->p; p = X->p; c = 0; @@ -1249,10 +1265,12 @@ cleanup: return( ret ); } -/* - * Signed addition: X = A + B +/* Common function for signed addition and subtraction. + * Calculate A + B * flip_B where flip_B is 1 or -1. */ -int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) +static int add_sub_mpi( mbedtls_mpi *X, + const mbedtls_mpi *A, const mbedtls_mpi *B, + int flip_B ) { int ret, s; MPI_VALIDATE_RET( X != NULL ); @@ -1260,16 +1278,21 @@ int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi MPI_VALIDATE_RET( B != NULL ); s = A->s; - if( A->s * B->s < 0 ) + if( A->s * B->s * flip_B < 0 ) { - if( mbedtls_mpi_cmp_abs( A, B ) >= 0 ) + int cmp = mbedtls_mpi_cmp_abs( A, B ); + if( cmp >= 0 ) { MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) ); - X->s = s; + /* If |A| = |B|, the result is 0 and we must set the sign bit + * to +1 regardless of which of A or B was negative. Otherwise, + * since |A| > |B|, the sign is the sign of A. */ + X->s = cmp == 0 ? 1 : s; } else { MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) ); + /* Since |A| < |B|, the sign is the opposite of A. */ X->s = -s; } } @@ -1284,39 +1307,20 @@ cleanup: return( ret ); } +/* + * Signed addition: X = A + B + */ +int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) +{ + return( add_sub_mpi( X, A, B, 1 ) ); +} + /* * Signed subtraction: X = A - B */ int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) { - int ret, s; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); - - s = A->s; - if( A->s * B->s > 0 ) - { - if( mbedtls_mpi_cmp_abs( A, B ) >= 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) ); - X->s = s; - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) ); - X->s = -s; - } - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) ); - X->s = s; - } - -cleanup: - - return( ret ); + return( add_sub_mpi( X, A, B, -1 ) ); } /* @@ -1329,7 +1333,7 @@ int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( A != NULL ); - p[0] = ( b < 0 ) ? -b : b; + p[0] = mpi_sint_abs( b ); B.s = ( b < 0 ) ? -1 : 1; B.n = 1; B.p = p; @@ -1347,7 +1351,7 @@ int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( A != NULL ); - p[0] = ( b < 0 ) ? -b : b; + p[0] = mpi_sint_abs( b ); B.s = ( b < 0 ) ? -1 : 1; B.n = 1; B.p = p; @@ -1768,7 +1772,7 @@ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, mbedtls_mpi_uint p[1]; MPI_VALIDATE_RET( A != NULL ); - p[0] = ( b < 0 ) ? -b : b; + p[0] = mpi_sint_abs( b ); B.s = ( b < 0 ) ? -1 : 1; B.n = 1; B.p = p; diff --git a/library/chacha20.c b/library/chacha20.c index 44d1612bfe..bd0701482c 100644 --- a/library/chacha20.c +++ b/library/chacha20.c @@ -36,11 +36,6 @@ #if !defined(MBEDTLS_CHACHA20_ALT) -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - /* Parameter validation macros */ #define CHACHA20_VALIDATE_RET( cond ) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ) diff --git a/library/common.h b/library/common.h index c06472418d..1663d50226 100644 --- a/library/common.h +++ b/library/common.h @@ -29,8 +29,15 @@ #include "mbedtls/config.h" #endif +#include #include +/* Define `inline` on some non-C99-compliant compilers. */ +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + /** Helper to define a function as static except when building invasive tests. * * If a function is only used inside its own source file and should be @@ -52,6 +59,44 @@ #define MBEDTLS_STATIC_TESTABLE static #endif +/** Return an offset into a buffer. + * + * This is just the addition of an offset to a pointer, except that this + * function also accepts an offset of 0 into a buffer whose pointer is null. + * (`p + n` has undefined behavior when `p` is null, even when `n == 0`. + * A null pointer is a valid buffer pointer when the size is 0, for example + * as the result of `malloc(0)` on some platforms.) + * + * \param p Pointer to a buffer of at least n bytes. + * This may be \p NULL if \p n is zero. + * \param n An offset in bytes. + * \return Pointer to offset \p n in the buffer \p p. + * Note that this is only a valid pointer if the size of the + * buffer is at least \p n + 1. + */ +static inline unsigned char *mbedtls_buffer_offset( + unsigned char *p, size_t n ) +{ + return( p == NULL ? NULL : p + n ); +} + +/** Return an offset into a read-only buffer. + * + * Similar to mbedtls_buffer_offset(), but for const pointers. + * + * \param p Pointer to a buffer of at least n bytes. + * This may be \p NULL if \p n is zero. + * \param n An offset in bytes. + * \return Pointer to offset \p n in the buffer \p p. + * Note that this is only a valid pointer if the size of the + * buffer is at least \p n + 1. + */ +static inline const unsigned char *mbedtls_buffer_offset_const( + const unsigned char *p, size_t n ) +{ + return( p == NULL ? NULL : p + n ); +} + /** Byte Reading Macros * * Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 6725ac1c7b..ff2d0ff92c 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -45,7 +45,7 @@ */ unsigned mbedtls_ct_uint_mask( unsigned value ); -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) /** Turn a value into a mask: * - if \p value == 0, return the all-bits 0 mask, aka 0 @@ -60,7 +60,7 @@ unsigned mbedtls_ct_uint_mask( unsigned value ); */ size_t mbedtls_ct_size_mask( size_t value ); -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ +#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ #if defined(MBEDTLS_BIGNUM_C) diff --git a/library/debug.c b/library/debug.c index 0cc5af8d1c..353b4bf07b 100644 --- a/library/debug.c +++ b/library/debug.c @@ -30,11 +30,6 @@ #include #include -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #define DEBUG_BUF_SIZE 512 static int debug_threshold = 0; diff --git a/library/ecp.c b/library/ecp.c index 402d5dedbb..ad19e05fb2 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -104,11 +104,6 @@ #endif #endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #if defined(MBEDTLS_SELF_TEST) /* * Counts of point addition and doubling, and field multiplications. @@ -2051,7 +2046,7 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R int have_rng = 1; #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng == 0 ) + if( f_rng == NULL ) have_rng = 0; #endif if( have_rng ) @@ -2190,7 +2185,7 @@ final_norm: */ int have_rng = 1; #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng == 0 ) + if( f_rng == NULL ) have_rng = 0; #endif if( have_rng ) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 2199be6461..47761eef4e 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -38,11 +38,6 @@ #define ECP_VALIDATE( cond ) \ MBEDTLS_INTERNAL_VALIDATE( cond ) -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)} #define ECP_MPI_INIT_ARRAY(x) \ diff --git a/library/mps_reader.c b/library/mps_reader.c index 9af5073cc9..b304db3f42 100644 --- a/library/mps_reader.c +++ b/library/mps_reader.c @@ -29,11 +29,6 @@ #include -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #if defined(MBEDTLS_MPS_ENABLE_TRACE) static int mbedtls_mps_trace_id = MBEDTLS_MPS_TRACE_BIT_READER; #endif /* MBEDTLS_MPS_ENABLE_TRACE */ diff --git a/library/poly1305.c b/library/poly1305.c index f38f48a457..a1c5b19d8e 100644 --- a/library/poly1305.c +++ b/library/poly1305.c @@ -32,11 +32,6 @@ #if !defined(MBEDTLS_POLY1305_ALT) -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - /* Parameter validation macros */ #define POLY1305_VALIDATE_RET( cond ) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f76c8296de..10c7d1e668 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3638,8 +3638,8 @@ psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key, status = psa_driver_wrapper_cipher_encrypt( &attributes, slot->key.data, slot->key.bytes, alg, local_iv, default_iv_length, input, input_length, - output + default_iv_length, output_size - default_iv_length, - output_length ); + mbedtls_buffer_offset( output, default_iv_length ), + output_size - default_iv_length, output_length ); exit: unlock_status = psa_unlock_key_slot( slot ); diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 38962cd848..13006fa4ae 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -514,9 +514,10 @@ psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes, if( status != PSA_SUCCESS ) goto exit; - status = mbedtls_psa_cipher_finish( &operation, output + update_output_length, - output_size - update_output_length, - &finish_output_length ); + status = mbedtls_psa_cipher_finish( + &operation, + mbedtls_buffer_offset( output, update_output_length ), + output_size - update_output_length, &finish_output_length ); if( status != PSA_SUCCESS ) goto exit; @@ -560,17 +561,20 @@ psa_status_t mbedtls_psa_cipher_decrypt( goto exit; } - status = mbedtls_psa_cipher_update( &operation, input + operation.iv_length, - input_length - operation.iv_length, - output, output_size, &olength ); + status = mbedtls_psa_cipher_update( + &operation, + mbedtls_buffer_offset_const( input, operation.iv_length ), + input_length - operation.iv_length, + output, output_size, &olength ); if( status != PSA_SUCCESS ) goto exit; accumulated_length = olength; - status = mbedtls_psa_cipher_finish( &operation, output + accumulated_length, - output_size - accumulated_length, - &olength ); + status = mbedtls_psa_cipher_finish( + &operation, + mbedtls_buffer_offset( output, accumulated_length ), + output_size - accumulated_length, &olength ); if( status != PSA_SUCCESS ) goto exit; diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 5df2758da0..3475aa42f4 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1089,11 +1089,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) * RFC 5077 section 3.4: "When presenting a ticket, the client MAY * generate and include a Session ID in the TLS ClientHello." */ - renegotiating = 0; -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) - renegotiating = 1; -#endif if( !renegotiating ) { if( ssl->session_negotiate->ticket != NULL && @@ -1209,11 +1204,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ - renegotiating = 0; -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) - renegotiating = 1; -#endif if( !renegotiating ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); @@ -2065,6 +2055,30 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_PROTO_DTLS */ +static int is_compression_bad( mbedtls_ssl_context *ssl, unsigned char comp ) +{ + int bad_comp = 0; + + /* Suppress warnings in some configurations */ + (void) ssl; +#if defined(MBEDTLS_ZLIB_SUPPORT) + /* See comments in ssl_write_client_hello() */ +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + comp != MBEDTLS_SSL_COMPRESS_NULL ) + bad_comp = 1; +#endif + + if( comp != MBEDTLS_SSL_COMPRESS_NULL && + comp != MBEDTLS_SSL_COMPRESS_DEFLATE ) + bad_comp = 1; +#else /* MBEDTLS_ZLIB_SUPPORT */ + if( comp != MBEDTLS_SSL_COMPRESS_NULL ) + bad_comp = 1; +#endif/* MBEDTLS_ZLIB_SUPPORT */ + return bad_comp; +} + MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) { @@ -2073,9 +2087,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) size_t ext_len; unsigned char *buf, *ext; unsigned char comp; -#if defined(MBEDTLS_ZLIB_SUPPORT) - int accept_comp; -#endif #if defined(MBEDTLS_SSL_RENEGOTIATION) int renegotiation_info_seen = 0; #endif @@ -2244,23 +2255,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) */ comp = buf[37 + n]; - int bad_comp = 0; -#if defined(MBEDTLS_ZLIB_SUPPORT) - /* See comments in ssl_write_client_hello() */ - accept_comp = 1; -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - accept_comp = 0; -#endif - - if( comp != MBEDTLS_SSL_COMPRESS_NULL && - ( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) ) - bad_comp = 1; -#else /* MBEDTLS_ZLIB_SUPPORT */ - if( comp != MBEDTLS_SSL_COMPRESS_NULL ) - bad_comp = 1; -#endif/* MBEDTLS_ZLIB_SUPPORT */ - if( bad_comp ) + if( is_compression_bad( ssl, comp ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "server hello, bad compression: %d", comp ) ); @@ -2693,7 +2688,7 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) grp_id = ssl->handshake->ecdh_ctx.grp.id; #else grp_id = ssl->handshake->ecdh_ctx.grp_id; -#endif +#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */ curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id ); if( curve_info == NULL ) @@ -2704,17 +2699,14 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) ); - int bad_params = 0; #if defined(MBEDTLS_ECP_C) if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 ) - bad_params = 1; + return( -1 ); #else if( ssl->handshake->ecdh_ctx.grp.nbits < 163 || ssl->handshake->ecdh_ctx.grp.nbits > 521 ) - bad_params = 1; -#endif - if( bad_params ) return( -1 ); +#endif /* MBEDTLS_ECP_C */ MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, MBEDTLS_DEBUG_ECDH_QP ); @@ -3462,25 +3454,23 @@ start_processing: #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if( ssl->handshake->ecrs_enabled ) rs_ctx = &ssl->handshake->ecrs_ctx.pk; -#endif +#endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */ if( ( ret = mbedtls_pk_verify_restartable( peer_pk, md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 ) { - int send_alert_msg = 1; -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - send_alert_msg = ( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ); -#endif - if( send_alert_msg ) - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; -#endif + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); + return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ); + } +#endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */ + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); return( ret ); } diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 815af7b76b..2af58a4d81 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1884,8 +1884,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " - "or mbedtls_ssl_set_bio()" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -2100,8 +2099,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( ssl->f_send == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " - "or mbedtls_ssl_set_bio()" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index e6abe850da..8a57789f10 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -148,16 +148,22 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, int do_mbedtls_cipher_setup = 1; #if defined(MBEDTLS_USE_PSA_CRYPTO) - do_mbedtls_cipher_setup = 0; - ret = mbedtls_cipher_setup_psa( &ctx->keys[0].ctx, cipher_info, TICKET_AUTH_TAG_BYTES ); - if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) - return( ret ); - /* We don't yet expect to support all ciphers through PSA, - * so allow fallback to ordinary mbedtls_cipher_setup(). */ - if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) - do_mbedtls_cipher_setup = 1; + + switch( ret ) + { + case 0: + do_mbedtls_cipher_setup = 0; + break; + case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE: + /* We don't yet expect to support all ciphers through PSA, + * so allow fallback to ordinary mbedtls_cipher_setup(). */ + do_mbedtls_cipher_setup = 1; + break; + default: + return( ret ); + } #endif /* MBEDTLS_USE_PSA_CRYPTO */ if( do_mbedtls_cipher_setup ) if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b4aae3a460..dcb87b5e80 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6519,24 +6519,41 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, * Helper to get TLS 1.2 PRF from ciphersuite * (Duplicates bits of logic from ssl_set_handshake_prfs().) */ +#if defined(MBEDTLS_SHA256_C) || \ + (defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)) typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen, const char *label, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen ); static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ) { -#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id ); + if( ciphersuite_info == NULL ) + return( NULL ); + +#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) return( tls_prf_sha384 ); -#else - (void) ciphersuite_id; + else #endif - return( tls_prf_sha256 ); +#if defined(MBEDTLS_SHA256_C) + { + if( ciphersuite_info->mac == MBEDTLS_MD_SHA256 ) + return( tls_prf_sha256 ); + } +#endif +#if !defined(MBEDTLS_SHA256_C) && \ + (!defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA512_NO_SHA384)) + (void) ciphersuite_info; +#endif + return( NULL ); } +#endif /* MBEDTLS_SHA256_C || + (MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384) */ + /* * Deserialize context, see mbedtls_ssl_context_save() for format. * @@ -6552,6 +6569,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, const unsigned char * const end = buf + len; size_t session_len; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + tls_prf_fn prf_func = NULL; /* * The context should have been freshly setup or reset. @@ -6639,6 +6657,10 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, ssl->transform_out = ssl->transform; ssl->transform_negotiate = NULL; + prf_func = ssl_tls12prf_from_cs( ssl->session->ciphersuite ); + if( prf_func == NULL ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + /* Read random bytes and populate structure */ if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -6657,7 +6679,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ZLIB_SUPPORT) ssl->session->compression, #endif - ssl_tls12prf_from_cs( ssl->session->ciphersuite ), + prf_func, p, /* currently pointing to randbytes */ MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */ ssl->conf->endpoint, diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 3de6f03fb8..cc68773d3a 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -24,6 +24,7 @@ #include "mbedtls/hkdf.h" #include "mbedtls/ssl_internal.h" #include "ssl_tls13_keys.h" +#include "psa/crypto_sizes.h" #include #include @@ -31,6 +32,9 @@ #define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ .name = string, +#define TLS1_3_EVOLVE_INPUT_SIZE ( PSA_HASH_MAX_SIZE > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE ) ? \ + PSA_HASH_MAX_SIZE : PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE + struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = { /* This seems to work in C, despite the string literal being one @@ -292,8 +296,8 @@ int mbedtls_ssl_tls1_3_evolve_secret( { int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; size_t hlen, ilen; - unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 }; - unsigned char tmp_input [ MBEDTLS_MD_MAX_SIZE ] = { 0 }; + unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 }; + unsigned char tmp_input [ TLS1_3_EVOLVE_INPUT_SIZE ] = { 0 }; const mbedtls_md_info_t *md; md = mbedtls_md_info_from_type( hash_alg ); diff --git a/library/x509_crt.c b/library/x509_crt.c index c7ee5c181c..def1414eca 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1780,6 +1780,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, const char *prefix ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t i; size_t n = *size; char *p = *buf; const mbedtls_x509_sequence *cur = subject_alt_name; @@ -1832,18 +1833,11 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix ); MBEDTLS_X509_SAFE_SNPRINTF; - if( other_name->value.hardware_module_name.val.len >= n ) + for( i = 0; i < other_name->value.hardware_module_name.val.len; i++ ) { - *p = '\0'; - return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); + ret = mbedtls_snprintf( p, n, "%02X", other_name->value.hardware_module_name.val.p[i] ); + MBEDTLS_X509_SAFE_SNPRINTF; } - - memcpy( p, other_name->value.hardware_module_name.val.p, - other_name->value.hardware_module_name.val.len ); - p += other_name->value.hardware_module_name.val.len; - - n -= other_name->value.hardware_module_name.val.len; - }/* MBEDTLS_OID_ON_HW_MODULE_NAME */ } break; diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 4cde1fe6c7..48553c0c86 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -10,11 +10,12 @@ #include "mbedtls/timing.h" #include "mbedtls/ssl_cookie.h" - #if defined(MBEDTLS_SSL_SRV_C) && \ defined(MBEDTLS_ENTROPY_C) && \ defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_TIMING_C) + defined(MBEDTLS_TIMING_C) && \ + ( defined(MBEDTLS_SHA256_C) || \ + ( defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) ) ) const char *pers = "fuzz_dtlsserver"; const unsigned char client_ip[4] = {0x7F, 0, 0, 1}; static int initialized = 0; @@ -30,7 +31,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { defined(MBEDTLS_SSL_SRV_C) && \ defined(MBEDTLS_ENTROPY_C) && \ defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_TIMING_C) + defined(MBEDTLS_TIMING_C) && \ + ( defined(MBEDTLS_SHA256_C) || \ + ( defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) ) ) int ret; size_t len; mbedtls_ssl_context ssl; diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 51f6971d29..84f498e337 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -161,8 +161,8 @@ int main( int argc, char **argv ) goto exit; } - if( ( ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) != 0 ) || - ( ret = mbedtls_mpi_write_file( "G = ", &G, 16, fout ) != 0 ) ) + if( ( ( ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) ) != 0 ) || + ( ( ret = mbedtls_mpi_write_file( "G = ", &G, 16, fout ) ) != 0 ) ) { mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret ); fclose( fout ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 30ecf68d98..18a4773132 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -116,7 +116,7 @@ int main( void ) #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: " #define GET_REQUEST_END "\r\n\r\n" -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #define USAGE_CONTEXT_CRT_CB \ " context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \ " to the SSL configuration of the SSL context.\n" \ @@ -125,8 +125,8 @@ int main( void ) " - 1: Use CRT callback bound to SSL context\n" #else #define USAGE_CONTEXT_CRT_CB "" -#endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_FS_IO) #define USAGE_IO \ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ @@ -144,10 +144,10 @@ int main( void ) #define USAGE_IO \ " No file operations available (MBEDTLS_FS_IO not defined)\n" #endif /* MBEDTLS_FS_IO */ -#else /* MBEDTLS_X509_CRT_PARSE_C */ +#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #define USAGE_IO "" -#endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C) +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #define USAGE_KEY_OPAQUE \ " key_opaque=%%d Handle your private key as if it were opaque\n" \ " default: 0 (disabled)\n" @@ -375,6 +375,8 @@ int main( void ) " a second non-empty message before attempting\n" \ " to read a response from the server\n" \ " debug_level=%%d default: 0 (disabled)\n" \ + " build_version=%%d default: none (disabled)\n" \ + " option: 1 (print build version only and stop)\n" \ " nbio=%%d default: 0 (blocking I/O)\n" \ " options: 1 (non-blocking), 2 (added delays)\n" \ " event=%%d default: 0 (loop)\n" \ @@ -527,7 +529,7 @@ struct options #include "ssl_test_common_source.c" -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) static unsigned char peer_crt_info[1024]; /* @@ -559,7 +561,7 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, return( 0 ); } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) int report_cid_usage( mbedtls_ssl_context *ssl, @@ -689,9 +691,6 @@ int main( int argc, char *argv[] ) psa_status_t status; #endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; -#endif rng_context_t rng; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; @@ -701,15 +700,16 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_TIMING_C) mbedtls_timing_delay_context timer; #endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) uint32_t flags; mbedtls_x509_crt cacert; mbedtls_x509_crt clicert; mbedtls_pk_context pkey; + mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_id_t key_slot = 0; /* invalid key slot */ #endif -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ char *p, *q; const int *list; #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) @@ -752,7 +752,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_config_init( &conf ); memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) ); rng_init( &rng ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( &clicert ); mbedtls_pk_init( &pkey ); @@ -901,6 +901,16 @@ int main( int argc, char *argv[] ) if( opt.debug_level < 0 || opt.debug_level > 65535 ) goto usage; } + else if( strcmp( p, "build_version" ) == 0 ) + { + if( strcmp( q, "1" ) == 0 ) + { + mbedtls_printf( "build version: %s (build %d)\n", + MBEDTLS_VERSION_STRING_FULL, + MBEDTLS_VERSION_NUMBER ); + goto exit; + } + } else if( strcmp( p, "context_crt_cb" ) == 0 ) { opt.context_crt_cb = atoi( q ); @@ -946,7 +956,7 @@ int main( int argc, char *argv[] ) opt.key_file = q; else if( strcmp( p, "key_pwd" ) == 0 ) opt.key_pwd = q; -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) else if( strcmp( p, "key_opaque" ) == 0 ) opt.key_opaque = atoi( q ); #endif @@ -1531,6 +1541,9 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_SSL_ALPN */ + mbedtls_printf( "build version: %s (build %d)\n", + MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER ); + /* * 0. Initialize the RNG and the session data */ @@ -1542,7 +1555,7 @@ int main( int argc, char *argv[] ) goto exit; mbedtls_printf( " ok\n" ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* * 1.1. Load the trusted CA */ @@ -1673,7 +1686,7 @@ int main( int argc, char *argv[] ) #endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf( " ok (key type: %s)\n", mbedtls_pk_get_name( &pkey ) ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /* * 2. Start the connection @@ -1725,7 +1738,7 @@ int main( int argc, char *argv[] ) goto exit; } -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* The default algorithms profile disables SHA-1, but our tests still rely on it heavily. */ if( opt.allow_sha1 > 0 ) @@ -1739,7 +1752,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_verify( &conf, my_verify, NULL ); memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 ) @@ -1910,7 +1923,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation ); #endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) if( strcmp( opt.ca_path, "none" ) != 0 && strcmp( opt.ca_file, "none" ) != 0 ) { @@ -1931,7 +1944,7 @@ int main( int argc, char *argv[] ) goto exit; } } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_ECP_C) if( opt.curves != NULL && @@ -2001,7 +2014,7 @@ int main( int argc, char *argv[] ) goto exit; } -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", @@ -2024,10 +2037,10 @@ int main( int argc, char *argv[] ) } #endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) if( opt.context_crt_cb == 1 ) mbedtls_ssl_set_verify( &ssl, my_verify, NULL ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ io_ctx.ssl = &ssl; io_ctx.net = &server_fd; @@ -2327,7 +2340,7 @@ int main( int argc, char *argv[] ) } } -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* * 5. Verify the server certificate */ @@ -2349,7 +2362,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Peer certificate information ...\n" ); mbedtls_printf( "%s\n", peer_crt_info ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ret = report_cid_usage( &ssl, "initial handshake" ); @@ -2677,9 +2690,9 @@ send_request: mbedtls_printf( " . Restarting connection from same port..." ); fflush( stdout ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) { @@ -2913,9 +2926,9 @@ reconnect: mbedtls_printf( " . Reconnecting with saved session..." ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) { @@ -3009,14 +3022,14 @@ exit: mbedtls_free( context_buf ); #endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) mbedtls_x509_crt_free( &clicert ); mbedtls_x509_crt_free( &cacert ); mbedtls_pk_free( &pkey ); #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key( key_slot ); #endif -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 283216b8b6..4e9e499a98 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -168,7 +168,7 @@ int main( void ) */ #define DFL_IO_BUF_LEN 200 -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_FS_IO) #define USAGE_IO \ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ @@ -199,8 +199,8 @@ int main( void ) #endif /* MBEDTLS_FS_IO */ #else #define USAGE_IO "" -#endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C) +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #define USAGE_KEY_OPAQUE \ " key_opaque=%%d Handle your private keys as if they were opaque\n" \ " default: 0 (disabled)\n" @@ -466,6 +466,8 @@ int main( void ) " server_addr=%%s default: (all interfaces)\n" \ " server_port=%%d default: 4433\n" \ " debug_level=%%d default: 0 (disabled)\n" \ + " build_version=%%d default: none (disabled)\n" \ + " option: 1 (print build version only and stop)\n" \ " buffer_size=%%d default: 200 \n" \ " (minimum: 1, max: 16385)\n" \ " response_size=%%d default: about 152 (basic response)\n" \ @@ -1029,14 +1031,6 @@ typedef enum ASYNC_OP_SIGN, ASYNC_OP_DECRYPT, } ssl_async_operation_type_t; -/* Note that the enum above and the array below need to be kept in sync! - * `ssl_async_operation_names[op]` is the name of op for each value `op` - * of type `ssl_async_operation_type_t`. */ -static const char *const ssl_async_operation_names[] = -{ - "sign", - "decrypt", -}; typedef struct { @@ -1048,6 +1042,17 @@ typedef struct unsigned remaining_delay; } ssl_async_operation_context_t; +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + +/* Note that ssl_async_operation_type_t and the array below need to be kept in sync! + * `ssl_async_operation_names[op]` is the name of op for each value `op` + * of type `ssl_async_operation_type_t`. */ +static const char *const ssl_async_operation_names[] = +{ + "sign", + "decrypt", +}; + static int ssl_async_start( mbedtls_ssl_context *ssl, mbedtls_x509_crt *cert, ssl_async_operation_type_t op_type, @@ -1199,6 +1204,7 @@ static void ssl_async_cancel( mbedtls_ssl_context *ssl ) mbedtls_printf( "Async cancel callback.\n" ); mbedtls_free( ctx ); } +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -1300,10 +1306,6 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_COOKIE_C) mbedtls_ssl_cookie_ctx cookie_ctx; #endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; -#endif rng_context_t rng; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; @@ -1313,22 +1315,23 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_RENEGOTIATION) unsigned char renego_period[8] = { 0 }; #endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) uint32_t flags; mbedtls_x509_crt cacert; mbedtls_x509_crt srvcert; mbedtls_pk_context pkey; mbedtls_x509_crt srvcert2; mbedtls_pk_context pkey2; + mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_id_t key_slot = 0; /* invalid key slot */ psa_key_id_t key_slot2 = 0; /* invalid key slot */ #endif int key_cert_init = 0, key_cert_init2 = 0; +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) ssl_async_key_context_t ssl_async_keys; #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) mbedtls_dhm_context dhm; #endif @@ -1407,16 +1410,16 @@ int main( int argc, char *argv[] ) mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); rng_init( &rng ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( &srvcert ); mbedtls_pk_init( &pkey ); mbedtls_x509_crt_init( &srvcert2 ); mbedtls_pk_init( &pkey2 ); +#endif #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) memset( &ssl_async_keys, 0, sizeof( ssl_async_keys ) ); #endif -#endif #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) mbedtls_dhm_init( &dhm ); #endif @@ -1588,6 +1591,16 @@ int main( int argc, char *argv[] ) if( opt.debug_level < 0 || opt.debug_level > 65535 ) goto usage; } + else if( strcmp( p, "build_version" ) == 0 ) + { + if( strcmp( q, "1" ) == 0 ) + { + mbedtls_printf( "build version: %s (build %d)\n", + MBEDTLS_VERSION_STRING_FULL, + MBEDTLS_VERSION_NUMBER ); + goto exit; + } + } else if( strcmp( p, "nbio" ) == 0 ) { opt.nbio = atoi( q ); @@ -1626,7 +1639,7 @@ int main( int argc, char *argv[] ) opt.key_file = q; else if( strcmp( p, "key_pwd" ) == 0 ) opt.key_pwd = q; -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) else if( strcmp( p, "key_opaque" ) == 0 ) opt.key_opaque = atoi( q ); #endif @@ -2335,6 +2348,9 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_SSL_ALPN */ + mbedtls_printf( "build version: %s (build %d)\n", + MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER ); + /* * 0. Initialize the RNG and the session data */ @@ -2346,7 +2362,7 @@ int main( int argc, char *argv[] ) goto exit; mbedtls_printf( " ok\n" ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* * 1.1. Load the trusted CA */ @@ -2544,7 +2560,7 @@ int main( int argc, char *argv[] ) #endif /* MBEDTLS_CERTS_C */ mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) if( opt.dhm_file != NULL ) @@ -2613,7 +2629,7 @@ int main( int argc, char *argv[] ) goto exit; } -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* The default algorithms profile disables SHA-1, but our tests still rely on it heavily. Hence we allow it here. A real-world server should use the default profile unless there is a good reason not to. */ @@ -2623,7 +2639,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test ); mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test ); } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ if( opt.auth_mode != DFL_AUTH_MODE ) mbedtls_ssl_conf_authmode( &conf, opt.auth_mode ); @@ -2877,7 +2893,7 @@ int main( int argc, char *argv[] ) } #endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) if( strcmp( opt.ca_path, "none" ) != 0 && strcmp( opt.ca_file, "none" ) != 0 ) { @@ -2966,7 +2982,7 @@ int main( int argc, char *argv[] ) &ssl_async_keys ); } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(SNI_OPTION) if( opt.sni != NULL ) @@ -3216,8 +3232,6 @@ reset: } #endif - mbedtls_printf( " ok\n" ); - /* * 4. Handshake */ @@ -3262,7 +3276,7 @@ handshake: { mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) { char vrfy_buf[512]; @@ -3308,7 +3322,7 @@ handshake: } #endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* * 5. Verify the client certificate */ @@ -3336,7 +3350,7 @@ handshake: mbedtls_ssl_get_peer_cert( &ssl ) ); mbedtls_printf( "%s\n", crt_buf ); } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) if( opt.eap_tls != 0 ) @@ -4032,7 +4046,7 @@ exit: mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret ); #endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) mbedtls_x509_crt_free( &cacert ); mbedtls_x509_crt_free( &srvcert ); mbedtls_pk_free( &pkey ); diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index e58e2daac9..e02cf0a3c9 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -20,6 +20,8 @@ #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H #define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H +#include "mbedtls/version.h" + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 8b46c614e2..44e9a5851e 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -737,7 +737,8 @@ int main( int argc, char *argv[] ) } #endif -#if defined(MBEDTLS_HMAC_DRBG_C) +#if defined(MBEDTLS_HMAC_DRBG_C) && \ + ( defined(MBEDTLS_SHA1_C) || defined(MBEDTLS_SHA256_C) ) if( todo.hmac_drbg ) { mbedtls_hmac_drbg_context hmac_drbg; @@ -780,7 +781,7 @@ int main( int argc, char *argv[] ) #endif mbedtls_hmac_drbg_free( &hmac_drbg ); } -#endif +#endif /* MBEDTLS_HMAC_DRBG_C && ( MBEDTLS_SHA1_C || MBEDTLS_SHA256_C ) */ #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) if( todo.rsa ) diff --git a/tests/compat.sh b/tests/compat.sh index 560af59d6e..6791c5511a 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -867,12 +867,15 @@ setup_arguments() G_MODE="" case "$MODE" in "ssl3") + O_MODE="ssl3" G_PRIO_MODE="+VERS-SSL3.0" ;; "tls1") + O_MODE="tls1" G_PRIO_MODE="+VERS-TLS1.0" ;; "tls1_1") + O_MODE="tls1_1" G_PRIO_MODE="+VERS-TLS1.1" ;; "tls12") @@ -880,6 +883,7 @@ setup_arguments() G_PRIO_MODE="+VERS-TLS1.2" ;; "dtls1") + O_MODE="dtls1" G_PRIO_MODE="+VERS-DTLS1.0" G_MODE="-u" ;; @@ -930,6 +934,20 @@ setup_arguments() G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE" G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL" + # Newer versions of OpenSSL have a syntax to enable all "ciphers", even + # low-security ones. This covers not just cipher suites but also protocol + # versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on + # OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in + # OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find + # a way to discover it from -help, so check the openssl version. + case $($OPENSSL_CMD version) in + "OpenSSL 0"*|"OpenSSL 1.0"*) :;; + *) + O_CLIENT_ARGS="$O_CLIENT_ARGS -cipher ALL@SECLEVEL=0" + O_SERVER_ARGS="$O_SERVER_ARGS -cipher ALL@SECLEVEL=0" + ;; + esac + if [ "X$VERIFY" = "XYES" ]; then M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 49db4cab27..b123dc9138 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -276,8 +276,11 @@ all_final += server5-ss-forgeca.crt server5-othername.crt: server5.key $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@ +server5-nonprintable_othername.crt: server5.key + $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -out $@ + server5-unsupported_othername.crt: server5.key - $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@ + $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupported_othername_san -days 3650 -sha256 -key $< -out $@ server5-fan.crt: server5.key $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -out $@ @@ -909,6 +912,11 @@ server1.req.sha256: server1.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256 all_final += server1.req.sha256 +server1.req.sha256.ext: server1.key + # Generating this with OpenSSL as a comparison point to test we're getting the same result + openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -addext "extendedKeyUsage=serverAuth" +all_final += server1.req.sha256.ext + server1.req.sha384: server1.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384 all_final += server1.req.sha384 diff --git a/tests/data_files/server1.req.sha256.ext b/tests/data_files/server1.req.sha256.ext new file mode 100644 index 0000000000..3f26f09ef0 --- /dev/null +++ b/tests/data_files/server1.req.sha256.ext @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICpzCCAY8CAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAmMCQGCSqGSIb3DQEJDjEX +MBUwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAHi0yEGu +Fh5tuLiLuT95UrRnly55+lTY9xchFiKtlcoEdSheybYxqk3JHuSSqojOFKZBlRdk +oG6Azg56/aMHPWyvtCMSRQX4b+FgjeQsm9IfhYNMquQOxyPxm62vjuU3MfZIofXH +hKdI6Ci2CDF4Fyvw50KBWniV38eE9+kjsvDLdXD3ESZJGhjjuFl8ReUiA2wdBTcP +XEZaXUIc6B4tUnlPeqn/2zp4GBqqWzNZx6TXBpApASGG3BEJnM52FVPC7E9p+8YZ +qIGuiF5Cz/rYZkpwffBWIfS2zZakHLm5TB8FgZkWlyReJU9Ihk2Tl/sZ1kllFdYa +xLPnLCL82KFL1Co= +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server5-nonprintable_othername.crt b/tests/data_files/server5-nonprintable_othername.crt new file mode 100644 index 0000000000..9470bbe9cc --- /dev/null +++ b/tests/data_files/server5-nonprintable_othername.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBwTCCAWagAwIBAgIBTTAKBggqhkjOPQQDAjBPMQswCQYDVQQGEwJVSzERMA8G +A1UECgwITWJlZCBUTFMxLTArBgNVBAMMJE1iZWQgVExTIG5vbi1wcmludGFibGUg +b3RoZXJuYW1lIFNBTjAeFw0yMjA5MDYxNTU2NDdaFw0zMjA5MDMxNTU2NDdaME8x +CzAJBgNVBAYTAlVLMREwDwYDVQQKDAhNYmVkIFRMUzEtMCsGA1UEAwwkTWJlZCBU +TFMgbm9uLXByaW50YWJsZSBvdGhlcm5hbWUgU0FOMFkwEwYHKoZIzj0CAQYIKoZI +zj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/ +6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6MzMDEwLwYDVR0RBCgwJqAkBggrBgEF +BQcIBKAYMBYGBysGAQQBEQMECzEyM4CBAIGAMzIxMAoGCCqGSM49BAMCA0kAMEYC +IQDATir07PTj5gtf+HAyI+nd27AH9+bdaWdOI2t2bAwUWgIhAO7kvdcsa++yfJdT +3vnWdvcHRIAdXA0kh+mcBMaXk9B0 +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf index 64347de830..b2c2fa1bcc 100644 --- a/tests/data_files/test-ca.opensslconf +++ b/tests/data_files/test-ca.opensslconf @@ -15,7 +15,10 @@ basicConstraints = CA:true [othername_san] subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name -[unsupoported_othername_san] +[nonprintable_othername_san] +subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name + +[unsupported_othername_san] subjectAltName=otherName:1.2.3.4;UTF8:some other identifier [dns_alt_names] @@ -34,6 +37,10 @@ subjectAltName=@alt_names hwtype = OID:1.3.6.1.4.1.17.3 hwserial = OCT:123456 +[nonprintable_hw_module_name] +hwtype = OID:1.3.6.1.4.1.17.3 +hwserial = FORMAT:HEX, OCT:3132338081008180333231 + [v3_any_policy_ca] basicConstraints = CA:true certificatePolicies = 2.5.29.32.0 diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index fbb2a209c1..7a87c5b84d 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -360,13 +360,19 @@ void mbedtls_test_err_add_check( int high, int low, #if defined(MBEDTLS_BIGNUM_C) /** Read an MPI from a hexadecimal string. * - * Like mbedtls_mpi_read_string(), but size the resulting bignum based - * on the number of digits in the string. In particular, construct a - * bignum with 0 limbs for an empty string, and a bignum with leading 0 - * limbs if the string has sufficiently many leading 0 digits. + * Like mbedtls_mpi_read_string(), but with tighter guarantees around + * edge cases. * - * This is important so that the "0 (null)" and "0 (1 limb)" and - * "leading zeros" test cases do what they claim. + * - This function guarantees that if \p s begins with '-' then the sign + * bit of the result will be negative, even if the value is 0. + * When this function encounters such a "negative 0", it + * increments #mbedtls_test_case_uses_negative_0. + * - The size of the result is exactly the minimum number of limbs needed + * to fit the digits in the input. In particular, this function constructs + * a bignum with 0 limbs for an empty string, and a bignum with leading 0 + * limbs if the string has sufficiently many leading 0 digits. + * This is important so that the "0 (null)" and "0 (1 limb)" and + * "leading zeros" test cases do what they claim. * * \param[out] X The MPI object to populate. It must be initialized. * \param[in] s The null-terminated hexadecimal string to read from. @@ -374,6 +380,14 @@ void mbedtls_test_err_add_check( int high, int low, * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. */ int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ); + +/** Nonzero if the current test case had an input parsed with + * mbedtls_test_read_mpi() that is a negative 0 (`"-"`, `"-0"`, `"-00"`, etc., + * constructing a result with the sign bit set to -1 and the value being + * all-limbs-0, which is not a valid representation in #mbedtls_mpi but is + * tested for robustness). + */ +extern unsigned mbedtls_test_case_uses_negative_0; #endif /* MBEDTLS_BIGNUM_C */ #endif /* TEST_HELPERS_H */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 21f415b158..bb4e9b764f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1721,42 +1721,76 @@ support_build_baremetal () { ! grep -q -F time.h /usr/include/x86_64-linux-gnu/sys/types.h } -component_test_depends_curves () { - msg "test/build: curves.pl (gcc)" # ~ 4 min - tests/scripts/curves.pl +# depends.py family of tests +component_test_depends_py_cipher_id () { + msg "test/build: depends.py cipher_id (gcc)" + tests/scripts/depends.py cipher_id --unset-use-psa } -component_test_depends_curves_psa () { - msg "test/build: curves.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO - tests/scripts/curves.pl +component_test_depends_py_cipher_chaining () { + msg "test/build: depends.py cipher_chaining (gcc)" + tests/scripts/depends.py cipher_chaining --unset-use-psa } -component_test_depends_hashes () { - msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min - tests/scripts/depends-hashes.pl +component_test_depends_py_cipher_padding () { + msg "test/build: depends.py cipher_padding (gcc)" + tests/scripts/depends.py cipher_padding --unset-use-psa } -component_test_depends_hashes_psa () { - msg "test/build: depends-hashes.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO - tests/scripts/depends-hashes.pl +component_test_depends_py_curves () { + msg "test/build: depends.py curves (gcc)" + tests/scripts/depends.py curves --unset-use-psa } -component_test_depends_pkalgs () { - msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min - tests/scripts/depends-pkalgs.pl +component_test_depends_py_hashes () { + msg "test/build: depends.py hashes (gcc)" + tests/scripts/depends.py hashes --unset-use-psa } -component_test_depends_pkalgs_psa () { - msg "test/build: depends-pkalgs.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO - tests/scripts/depends-pkalgs.pl +component_test_depends_py_kex () { + msg "test/build: depends.py kex (gcc)" + tests/scripts/depends.py kex --unset-use-psa } -component_build_key_exchanges () { - msg "test/build: key-exchanges (gcc)" # ~ 1 min - tests/scripts/key-exchanges.pl +component_test_depends_py_pkalgs () { + msg "test/build: depends.py pkalgs (gcc)" + tests/scripts/depends.py pkalgs --unset-use-psa +} + +# PSA equivalents of the depends.py tests +component_test_depends_py_cipher_id_psa () { + msg "test/build: depends.py cipher_id (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" + tests/scripts/depends.py cipher_id +} + +component_test_depends_py_cipher_chaining_psa () { + msg "test/build: depends.py cipher_chaining (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" + tests/scripts/depends.py cipher_chaining +} + +component_test_depends_py_cipher_padding_psa () { + msg "test/build: depends.py cipher_padding (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" + tests/scripts/depends.py cipher_padding +} + +component_test_depends_py_curves_psa () { + msg "test/build: depends.py curves (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" + tests/scripts/depends.py curves +} + +component_test_depends_py_hashes_psa () { + msg "test/build: depends.py hashes (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" + tests/scripts/depends.py hashes +} + +component_test_depends_py_kex_psa () { + msg "test/build: depends.py kex (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" + tests/scripts/depends.py kex +} + +component_test_depends_py_pkalgs_psa () { + msg "test/build: depends.py pkalgs (gcc) with MBEDTLS_USE_PSA_CRYPTO defined" + tests/scripts/depends.py pkalgs } component_test_no_use_psa_crypto_full_cmake_asan() { diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 56fd5b981c..3a902919d7 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -1,6 +1,6 @@ #!/bin/sh -# basic-build-tests.sh +# basic-build-test.sh # # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 @@ -36,7 +36,7 @@ # # This script has been written to be generic and should work on any shell. # -# Usage: basic-build-tests.sh +# Usage: basic-build-test.sh # # Abort on errors (and uninitiliased variables) diff --git a/tests/scripts/basic-in-docker.sh b/tests/scripts/basic-in-docker.sh index 50bcb05b3a..1f65710c8a 100755 --- a/tests/scripts/basic-in-docker.sh +++ b/tests/scripts/basic-in-docker.sh @@ -40,6 +40,6 @@ for compiler in clang gcc; do run_in_docker -e OSSL_NO_DTLS=1 tests/compat.sh run_in_docker tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl' run_in_docker tests/scripts/test-ref-configs.pl - run_in_docker tests/scripts/curves.pl - run_in_docker tests/scripts/key-exchanges.pl + run_in_docker tests/scripts/depends.py curves + run_in_docker tests/scripts/depends.py kex done diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl deleted file mode 100755 index 08582dc747..0000000000 --- a/tests/scripts/curves.pl +++ /dev/null @@ -1,125 +0,0 @@ -#!/usr/bin/env perl - -# curves.pl -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Purpose -# -# The purpose of this test script is to validate that the library works -# when only a single curve is enabled. In particular, this validates that -# curve-specific code is guarded by the proper preprocessor conditionals, -# both in the library and in tests. -# -# Since this script only tests builds with a single curve, it can't detect -# bugs that are only triggered when multiple curves are present. We do -# also test in many configurations where all curves are enabled, as well -# as a few configurations in configs/*.h with a restricted subset of curves. -# -# Here are some known test gaps that could be addressed by testing all -# 2^n combinations of support for n curves, which is impractical: -# * There could be product bugs when curves A and B are enabled but not C. -# For example, a MAX_SIZE calculation that forgets B, where -# size(A) < size(B) < size(C). -# * For test cases that require three or more curves, validate that they're -# not missing dependencies. This is extremely rare. (For test cases that -# require curves A and B but are missing a dependency on B, this is -# detected in the A-only build.) -# Usage: tests/scripts/curves.pl -# -# This script should be executed from the root of the project directory. -# -# Only curves that are enabled in config.h will be tested. -# -# For best effect, run either with cmake disabled, or cmake enabled in a mode -# that includes -Werror. - -use warnings; -use strict; - --d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n"; - -my $sed_cmd = 's/^#define \(MBEDTLS_ECP_DP.*_ENABLED\)/\1/p'; -my $config_h = 'include/mbedtls/config.h'; -my @curves = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` ); - -# Determine which curves support ECDSA by checking the dependencies of -# ECDSA in check_config.h. -my %curve_supports_ecdsa = (); -{ - local $/ = ""; - local *CHECK_CONFIG; - open(CHECK_CONFIG, '<', 'include/mbedtls/check_config.h') - or die "open include/mbedtls/check_config.h: $!"; - while (my $stanza = ) { - if ($stanza =~ /\A#if defined\(MBEDTLS_ECDSA_C\)/) { - for my $curve ($stanza =~ /(?<=\()MBEDTLS_ECP_DP_\w+_ENABLED(?=\))/g) { - $curve_supports_ecdsa{$curve} = 1; - } - last; - } - } - close(CHECK_CONFIG); -} - -system( "cp $config_h $config_h.bak" ) and die; -sub abort { - system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; - # use an exit code between 1 and 124 for git bisect (die returns 255) - warn $_[0]; - exit 1; -} - -# Disable all the curves. We'll then re-enable them one by one. -for my $curve (@curves) { - system( "scripts/config.pl unset $curve" ) - and abort "Failed to disable $curve\n"; -} -# Depends on a specific curve. Also, ignore error if it wasn't enabled. -system( "scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED" ); - -# Test with only $curve enabled, for each $curve. -for my $curve (@curves) { - system( "make clean" ) and die; - - print "\n******************************************\n"; - print "* Testing with only curve: $curve\n"; - print "******************************************\n"; - $ENV{MBEDTLS_TEST_CONFIGURATION} = "$curve"; - - system( "scripts/config.pl set $curve" ) - and abort "Failed to enable $curve\n"; - - my $ecdsa = $curve_supports_ecdsa{$curve} ? "set" : "unset"; - for my $dep (qw(MBEDTLS_ECDSA_C - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)) { - system( "scripts/config.pl $ecdsa $dep" ) - and abort "Failed to $ecdsa $dep\n"; - } - - system( "CFLAGS='-Werror -Wall -Wextra' make" ) - and abort "Failed to build: only $curve\n"; - system( "make test" ) - and abort "Failed test suite: only $curve\n"; - - system( "scripts/config.pl unset $curve" ) - and abort "Failed to disable $curve\n"; -} - -system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n"; -system( "make clean" ) and die; -exit 0; diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl deleted file mode 100755 index 44d3543034..0000000000 --- a/tests/scripts/depends-hashes.pl +++ /dev/null @@ -1,101 +0,0 @@ -#!/usr/bin/env perl - -# depends-hashes.pl -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Purpose -# -# To test the code dependencies on individual hashes in each test suite. This -# is a verification step to ensure we don't ship test suites that do not work -# for some build options. -# -# The process is: -# for each possible hash -# build the library and test suites with the hash disabled -# execute the test suites -# -# And any test suite with the wrong dependencies will fail. -# -# Usage: tests/scripts/depends-hashes.pl -# -# This script should be executed from the root of the project directory. -# -# For best effect, run either with cmake disabled, or cmake enabled in a mode -# that includes -Werror. - -use warnings; -use strict; - --d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n"; - -my $config_h = 'include/mbedtls/config.h'; - -# as many SSL options depend on specific hashes, -# and SSL is not in the test suites anyways, -# disable it to avoid dependency issues -my $ssl_sed_cmd = 's/^#define \(MBEDTLS_SSL.*\)/\1/p'; -my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` ); - -# for md we want to catch MD5_C but not MD_C, hence the extra dot -my $mdx_sed_cmd = 's/^#define \(MBEDTLS_MD..*_C\)/\1/p'; -my $sha_sed_cmd = 's/^#define \(MBEDTLS_SHA.*_C\)/\1/p'; -my @hash_modules = split( /\s+/, - `sed -n -e '$mdx_sed_cmd' -e '$sha_sed_cmd' $config_h` ); - -# there are also negative options for truncated variants, disabled by default -my $sha_trunc_sed_cmd = 's/^\/\/#define \(MBEDTLS_SHA..._NO_.*\)/\1/p'; -my @hash_negatives = split( /\s+/, - `sed -n -e '$sha_trunc_sed_cmd' $config_h` ); - -# list hash options with corresponding actions -my @hashes = ((map { "unset $_" } @hash_modules), - (map { "set $_" } @hash_negatives)); - -system( "cp $config_h $config_h.bak" ) and die; -sub abort { - system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; - # use an exit code between 1 and 124 for git bisect (die returns 255) - warn $_[0]; - exit 1; -} - -for my $hash (@hashes) { - system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n"; - system( "make clean" ) and die; - - print "\n******************************************\n"; - print "* Testing hash option: $hash\n"; - print "******************************************\n"; - $ENV{MBEDTLS_TEST_CONFIGURATION} = "-$hash"; - - system( "scripts/config.py $hash" ) - and abort "Failed to $hash\n"; - - for my $opt (@ssl) { - system( "scripts/config.py unset $opt" ) - and abort "Failed to disable $opt\n"; - } - - system( "CFLAGS='-Werror -Wall -Wextra' make lib" ) - and abort "Failed to build lib: $hash\n"; - system( "cd tests && make" ) and abort "Failed to build tests: $hash\n"; - system( "make test" ) and abort "Failed test suite: $hash\n"; -} - -system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n"; -system( "make clean" ) and die; -exit 0; diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl deleted file mode 100755 index 2ad4a7cccb..0000000000 --- a/tests/scripts/depends-pkalgs.pl +++ /dev/null @@ -1,107 +0,0 @@ -#!/usr/bin/env perl - -# depends-pkalgs.pl -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Purpose -# -# To test the code dependencies on individual PK algs (those that can be used -# from the PK layer, so currently signature and encryption but not key -# exchange) in each test suite. This is a verification step to ensure we don't -# ship test suites that do not work for some build options. -# -# The process is: -# for each possible PK alg -# build the library and test suites with that alg disabled -# execute the test suites -# -# And any test suite with the wrong dependencies will fail. -# -# Usage: tests/scripts/depends-pkalgs.pl -# -# This script should be executed from the root of the project directory. -# -# For best effect, run either with cmake disabled, or cmake enabled in a mode -# that includes -Werror. - -use warnings; -use strict; - --d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n"; - -my $config_h = 'include/mbedtls/config.h'; - -# Some algorithms can't be disabled on their own as others depend on them, so -# we list those reverse-dependencies here to keep check_config.h happy. -my %algs = ( - 'MBEDTLS_ECDSA_C' => ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED'], - 'MBEDTLS_ECP_C' => ['MBEDTLS_ECDSA_C', - 'MBEDTLS_ECDH_C', - 'MBEDTLS_ECJPAKE_C', - 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'], - 'MBEDTLS_X509_RSASSA_PSS_SUPPORT' => [], - 'MBEDTLS_PKCS1_V21' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'], - 'MBEDTLS_PKCS1_V15' => ['MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'], - 'MBEDTLS_RSA_C' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT', - 'MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'], -); - -system( "cp $config_h $config_h.bak" ) and die; -sub abort { - system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; - # use an exit code between 1 and 124 for git bisect (die returns 255) - warn $_[0]; - exit 1; -} - -while( my ($alg, $extras) = each %algs ) { - system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n"; - system( "make clean" ) and die; - - print "\n******************************************\n"; - print "* Testing without alg: $alg\n"; - print "******************************************\n"; - $ENV{MBEDTLS_TEST_CONFIGURATION} = "-$alg"; - - system( "scripts/config.py unset $alg" ) - and abort "Failed to disable $alg\n"; - for my $opt (@$extras) { - system( "scripts/config.py unset $opt" ) - and abort "Failed to disable $opt\n"; - } - - system( "CFLAGS='-Werror -Wall -Wextra' make lib" ) - and abort "Failed to build lib: $alg\n"; - system( "cd tests && make" ) and abort "Failed to build tests: $alg\n"; - system( "make test" ) and abort "Failed test suite: $alg\n"; -} - -system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n"; -system( "make clean" ) and die; -exit 0; diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py new file mode 100755 index 0000000000..2c38f9d705 --- /dev/null +++ b/tests/scripts/depends.py @@ -0,0 +1,567 @@ +#!/usr/bin/env python3 + +# Copyright (c) 2022, Arm Limited, All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) + +""" +Test Mbed TLS with a subset of algorithms. + +This script can be divided into several steps: + +First, include/mbedtls/config.h or a different config file passed +in the arguments is parsed to extract any configuration options (collect_config_symbols). + +Then, test domains (groups of jobs, tests) are built based on predefined data +collected in the DomainData class. Here, each domain has five major traits: +- domain name, can be used to run only specific tests via command-line; +- configuration building method, described in detail below; +- list of symbols passed to the configuration building method; +- commands to be run on each job (only build, build and test, or any other custom); +- optional list of symbols to be excluded from testing. + +The configuration building method can be one of the three following: + +- ComplementaryDomain - build a job for each passed symbol by disabling a single + symbol and its reverse dependencies (defined in REVERSE_DEPENDENCIES); + +- ExclusiveDomain - build a job where, for each passed symbol, only this particular + one is defined and other symbols from the list are unset. For each job look for + any non-standard symbols to set/unset in EXCLUSIVE_GROUPS. These are usually not + direct dependencies, but rather non-trivial results of other configs missing. Then + look for any unset symbols and handle their reverse dependencies. + +- DualDomain - combination of the two above - both complementary and exclusive domain + job generation code will be run. Currently only used for hashes. + +Lastly, the collected jobs are executed and (optionally) tested, with +error reporting and coloring as configured in options. Each test starts with +a full config without a couple of slowing down or unnecessary options +(see set_reference_config), then the specific job config is derived. +""" +import argparse +import os +import re +import shutil +import subprocess +import sys +import traceback + +class Colors: # pylint: disable=too-few-public-methods + """Minimalistic support for colored output. +Each field of an object of this class is either None if colored output +is not possible or not desired, or a pair of strings (start, stop) such +that outputting start switches the text color to the desired color and +stop switches the text color back to the default.""" + red = None + green = None + bold_red = None + bold_green = None + def __init__(self, options=None): + """Initialize color profile according to passed options.""" + if not options or options.color in ['no', 'never']: + want_color = False + elif options.color in ['yes', 'always']: + want_color = True + else: + want_color = sys.stderr.isatty() + if want_color: + # Assume ANSI compatible terminal + normal = '\033[0m' + self.red = ('\033[31m', normal) + self.green = ('\033[32m', normal) + self.bold_red = ('\033[1;31m', normal) + self.bold_green = ('\033[1;32m', normal) +NO_COLORS = Colors(None) + +def log_line(text, prefix='depends.py:', suffix='', color=None): + """Print a status message.""" + if color is not None: + prefix = color[0] + prefix + suffix = suffix + color[1] + sys.stderr.write(prefix + ' ' + text + suffix + '\n') + sys.stderr.flush() + +def log_command(cmd): + """Print a trace of the specified command. +cmd is a list of strings: a command name and its arguments.""" + log_line(' '.join(cmd), prefix='+') + +def backup_config(options): + """Back up the library configuration file (config.h). +If the backup file already exists, it is presumed to be the desired backup, +so don't make another backup.""" + if os.path.exists(options.config_backup): + options.own_backup = False + else: + options.own_backup = True + shutil.copy(options.config, options.config_backup) + +def restore_config(options): + """Restore the library configuration file (config.h). +Remove the backup file if it was saved earlier.""" + if options.own_backup: + shutil.move(options.config_backup, options.config) + else: + shutil.copy(options.config_backup, options.config) + +def run_config_py(options, args): + """Run scripts/config.py with the specified arguments.""" + cmd = ['scripts/config.py'] + if options.config != 'include/mbedtls/config.h': + cmd += ['--file', options.config] + cmd += args + log_command(cmd) + subprocess.check_call(cmd) + +def set_reference_config(options): + """Change the library configuration file (config.h) to the reference state. +The reference state is the one from which the tested configurations are +derived.""" + # Turn off options that are not relevant to the tests and slow them down. + run_config_py(options, ['full']) + run_config_py(options, ['unset', 'MBEDTLS_TEST_HOOKS']) + if options.unset_use_psa: + run_config_py(options, ['unset', 'MBEDTLS_USE_PSA_CRYPTO']) + +def collect_config_symbols(options): + """Read the list of settings from config.h. +Return them in a generator.""" + with open(options.config, encoding="utf-8") as config_file: + rx = re.compile(r'\s*(?://\s*)?#define\s+(\w+)\s*(?:$|/[/*])') + for line in config_file: + m = re.match(rx, line) + if m: + yield m.group(1) + +class Job: + """A job builds the library in a specific configuration and runs some tests.""" + def __init__(self, name, config_settings, commands): + """Build a job object. +The job uses the configuration described by config_settings. This is a +dictionary where the keys are preprocessor symbols and the values are +booleans or strings. A boolean indicates whether or not to #define the +symbol. With a string, the symbol is #define'd to that value. +After setting the configuration, the job runs the programs specified by +commands. This is a list of lists of strings; each list of string is a +command name and its arguments and is passed to subprocess.call with +shell=False.""" + self.name = name + self.config_settings = config_settings + self.commands = commands + + def announce(self, colors, what): + '''Announce the start or completion of a job. +If what is None, announce the start of the job. +If what is True, announce that the job has passed. +If what is False, announce that the job has failed.''' + if what is True: + log_line(self.name + ' PASSED', color=colors.green) + elif what is False: + log_line(self.name + ' FAILED', color=colors.red) + else: + log_line('starting ' + self.name) + + def configure(self, options): + '''Set library configuration options as required for the job.''' + set_reference_config(options) + for key, value in sorted(self.config_settings.items()): + if value is True: + args = ['set', key] + elif value is False: + args = ['unset', key] + else: + args = ['set', key, value] + run_config_py(options, args) + + def test(self, options): + '''Run the job's build and test commands. +Return True if all the commands succeed and False otherwise. +If options.keep_going is false, stop as soon as one command fails. Otherwise +run all the commands, except that if the first command fails, none of the +other commands are run (typically, the first command is a build command +and subsequent commands are tests that cannot run if the build failed).''' + built = False + success = True + for command in self.commands: + log_command(command) + ret = subprocess.call(command) + if ret != 0: + if command[0] not in ['make', options.make_command]: + log_line('*** [{}] Error {}'.format(' '.join(command), ret)) + if not options.keep_going or not built: + return False + success = False + built = True + return success + +# SSL/TLS versions up to 1.1 and corresponding options. These require +# both MD5 and SHA-1. +SSL_PRE_1_2_DEPENDENCIES = ['MBEDTLS_SSL_CBC_RECORD_SPLITTING', + 'MBEDTLS_SSL_PROTO_SSL3', + 'MBEDTLS_SSL_PROTO_TLS1', + 'MBEDTLS_SSL_PROTO_TLS1_1'] + +# If the configuration option A requires B, make sure that +# B in REVERSE_DEPENDENCIES[A]. +# All the information here should be contained in check_config.h. This +# file includes a copy because it changes rarely and it would be a pain +# to extract automatically. +REVERSE_DEPENDENCIES = { + 'MBEDTLS_AES_C': ['MBEDTLS_CTR_DRBG_C', + 'MBEDTLS_NIST_KW_C'], + 'MBEDTLS_CHACHA20_C': ['MBEDTLS_CHACHAPOLY_C'], + 'MBEDTLS_ECDSA_C': ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED'], + 'MBEDTLS_ECP_C': ['MBEDTLS_ECDSA_C', + 'MBEDTLS_ECDH_C', + 'MBEDTLS_ECJPAKE_C', + 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], + 'MBEDTLS_ECP_DP_SECP256R1_ENABLED': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], + 'MBEDTLS_MD5_C': SSL_PRE_1_2_DEPENDENCIES, + 'MBEDTLS_PKCS1_V21': ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'], + 'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED'], + 'MBEDTLS_RSA_C': ['MBEDTLS_X509_RSASSA_PSS_SUPPORT', + 'MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'], + 'MBEDTLS_SHA1_C': SSL_PRE_1_2_DEPENDENCIES, + 'MBEDTLS_SHA256_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', + 'MBEDTLS_ENTROPY_FORCE_SHA256', + 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', + 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY'], + 'MBEDTLS_SHA512_C': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', + 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY'], + 'MBEDTLS_X509_RSASSA_PSS_SUPPORT': [] +} + +# If an option is tested in an exclusive test, alter the following defines. +# These are not necessarily dependencies, but just minimal required changes +# if a given define is the only one enabled from an exclusive group. +EXCLUSIVE_GROUPS = { + 'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL'], + 'MBEDTLS_SHA512_NO_SHA384': ['+MBEDTLS_SHA512_C', + '-MBEDTLS_SSL_PROTO_TLS1_2', + '-MBEDTLS_SSL_PROTO_DTLS', + '-MBEDTLS_SSL_TLS_C', + '-MBEDTLS_SSL_CLI_C', + '-MBEDTLS_SSL_SRV_C', + '-MBEDTLS_SSL_DTLS_HELLO_VERIFY', + '-MBEDTLS_SSL_DTLS_ANTI_REPLAY', + '-MBEDTLS_SSL_DTLS_CONNECTION_ID', + '-MBEDTLS_SSL_DTLS_BADMAC_LIMIT', + '-MBEDTLS_SSL_ENCRYPT_THEN_MAC', + '-MBEDTLS_SSL_EXTENDED_MASTER_SECRET', + '-MBEDTLS_SSL_DTLS_SRTP', + '-MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE'], + 'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C', + '-MBEDTLS_ECDSA_DETERMINISTIC', + '-MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', + '-MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', + '-MBEDTLS_ECJPAKE_C', + '-MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], + 'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['-MBEDTLS_ECDSA_C', + '-MBEDTLS_ECDSA_DETERMINISTIC', + '-MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', + '-MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', + '-MBEDTLS_ECJPAKE_C', + '-MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], + 'MBEDTLS_ARIA_C': ['-MBEDTLS_CMAC_C'], + 'MBEDTLS_ARC4_C': ['-MBEDTLS_CMAC_C', + '-MBEDTLS_CCM_C', + '-MBEDTLS_SSL_TICKET_C', + '-MBEDTLS_SSL_CONTEXT_SERIALIZATION', + '-MBEDTLS_GCM_C'], + 'MBEDTLS_BLOWFISH_C': ['-MBEDTLS_CMAC_C', + '-MBEDTLS_CCM_C', + '-MBEDTLS_SSL_TICKET_C', + '-MBEDTLS_SSL_CONTEXT_SERIALIZATION', + '-MBEDTLS_GCM_C'], + 'MBEDTLS_CAMELLIA_C': ['-MBEDTLS_CMAC_C'], + 'MBEDTLS_CHACHA20_C': ['-MBEDTLS_CMAC_C', '-MBEDTLS_CCM_C', '-MBEDTLS_GCM_C'], + 'MBEDTLS_DES_C': ['-MBEDTLS_CCM_C', + '-MBEDTLS_GCM_C', + '-MBEDTLS_SSL_TICKET_C', + '-MBEDTLS_SSL_CONTEXT_SERIALIZATION'], +} +def handle_exclusive_groups(config_settings, symbol): + """For every symbol tested in an exclusive group check if there are other +defines to be altered. """ + for dep in EXCLUSIVE_GROUPS.get(symbol, []): + unset = dep.startswith('-') + dep = dep[1:] + config_settings[dep] = not unset + +def turn_off_dependencies(config_settings): + """For every option turned off config_settings, also turn off what depends on it. +An option O is turned off if config_settings[O] is False.""" + for key, value in sorted(config_settings.items()): + if value is not False: + continue + for dep in REVERSE_DEPENDENCIES.get(key, []): + config_settings[dep] = False + +class BaseDomain: # pylint: disable=too-few-public-methods, unused-argument + """A base class for all domains.""" + def __init__(self, symbols, commands, exclude): + """Initialize the jobs container""" + self.jobs = [] + +class ExclusiveDomain(BaseDomain): # pylint: disable=too-few-public-methods + """A domain consisting of a set of conceptually-equivalent settings. +Establish a list of configuration symbols. For each symbol, run a test job +with this symbol set and the others unset.""" + def __init__(self, symbols, commands, exclude=None): + """Build a domain for the specified list of configuration symbols. +The domain contains a set of jobs that enable one of the elements +of symbols and disable the others. +Each job runs the specified commands. +If exclude is a regular expression, skip generated jobs whose description +would match this regular expression.""" + super().__init__(symbols, commands, exclude) + base_config_settings = {} + for symbol in symbols: + base_config_settings[symbol] = False + for symbol in symbols: + description = symbol + if exclude and re.match(exclude, description): + continue + config_settings = base_config_settings.copy() + config_settings[symbol] = True + handle_exclusive_groups(config_settings, symbol) + turn_off_dependencies(config_settings) + job = Job(description, config_settings, commands) + self.jobs.append(job) + +class ComplementaryDomain(BaseDomain): # pylint: disable=too-few-public-methods + """A domain consisting of a set of loosely-related settings. +Establish a list of configuration symbols. For each symbol, run a test job +with this symbol unset. +If exclude is a regular expression, skip generated jobs whose description +would match this regular expression.""" + def __init__(self, symbols, commands, exclude=None): + """Build a domain for the specified list of configuration symbols. +Each job in the domain disables one of the specified symbols. +Each job runs the specified commands.""" + super().__init__(symbols, commands, exclude) + for symbol in symbols: + description = '!' + symbol + if exclude and re.match(exclude, description): + continue + config_settings = {symbol: False} + turn_off_dependencies(config_settings) + job = Job(description, config_settings, commands) + self.jobs.append(job) + +class DualDomain(ExclusiveDomain, ComplementaryDomain): # pylint: disable=too-few-public-methods + """A domain that contains both the ExclusiveDomain and BaseDomain tests. +Both parent class __init__ calls are performed in any order and +each call adds respective jobs. The job array initialization is done once in +BaseDomain, before the parent __init__ calls.""" + +class CipherInfo: # pylint: disable=too-few-public-methods + """Collect data about cipher.h.""" + def __init__(self): + self.base_symbols = set() + with open('include/mbedtls/cipher.h', encoding="utf-8") as fh: + for line in fh: + m = re.match(r' *MBEDTLS_CIPHER_ID_(\w+),', line) + if m and m.group(1) not in ['NONE', 'NULL', '3DES']: + self.base_symbols.add('MBEDTLS_' + m.group(1) + '_C') + +class DomainData: + """A container for domains and jobs, used to structurize testing.""" + def config_symbols_matching(self, regexp): + """List the config.h settings matching regexp.""" + return [symbol for symbol in self.all_config_symbols + if re.match(regexp, symbol)] + + def __init__(self, options): + """Gather data about the library and establish a list of domains to test.""" + build_command = [options.make_command, 'CFLAGS=-Werror'] + build_and_test = [build_command, [options.make_command, 'test']] + self.all_config_symbols = set(collect_config_symbols(options)) + # Find hash modules by name. + hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z') + hash_symbols.append("MBEDTLS_SHA512_NO_SHA384") + # Find elliptic curve enabling macros by name. + curve_symbols = self.config_symbols_matching(r'MBEDTLS_ECP_DP_\w+_ENABLED\Z') + # Find key exchange enabling macros by name. + key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z') + # Find cipher IDs (block permutations and stream ciphers --- chaining + # and padding modes are exercised separately) information by parsing + # cipher.h, as the information is not readily available in config.h. + cipher_info = CipherInfo() + # Find block cipher chaining and padding mode enabling macros by name. + cipher_chaining_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_MODE_\w+\Z') + cipher_padding_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_PADDING_\w+\Z') + self.domains = { + # Cipher IDs, chaining modes and padding modes. Run the test suites. + 'cipher_id': ExclusiveDomain(cipher_info.base_symbols, + build_and_test), + 'cipher_chaining': ExclusiveDomain(cipher_chaining_symbols, + build_and_test), + 'cipher_padding': ExclusiveDomain(cipher_padding_symbols, + build_and_test), + # Elliptic curves. Run the test suites. + 'curves': ExclusiveDomain(curve_symbols, build_and_test), + # Hash algorithms. Exclude exclusive domain of MD, RIPEMD, SHA1 (obsolete) + 'hashes': DualDomain(hash_symbols, build_and_test, + exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)'\ + '|!MBEDTLS_*_NO_SHA'), + # Key exchange types. Only build the library and the sample + # programs. + 'kex': ExclusiveDomain(key_exchange_symbols, + [build_command + ['lib'], + build_command + ['-C', 'programs']]), + 'pkalgs': ComplementaryDomain(['MBEDTLS_ECDSA_C', + 'MBEDTLS_ECP_C', + 'MBEDTLS_PKCS1_V21', + 'MBEDTLS_PKCS1_V15', + 'MBEDTLS_RSA_C', + 'MBEDTLS_X509_RSASSA_PSS_SUPPORT'], + build_and_test), + } + self.jobs = {} + for domain in self.domains.values(): + for job in domain.jobs: + self.jobs[job.name] = job + + def get_jobs(self, name): + """Return the list of jobs identified by the given name. +A name can either be the name of a domain or the name of one specific job.""" + if name in self.domains: + return sorted(self.domains[name].jobs, key=lambda job: job.name) + else: + return [self.jobs[name]] + +def run(options, job, colors=NO_COLORS): + """Run the specified job (a Job instance).""" + subprocess.check_call([options.make_command, 'clean']) + job.announce(colors, None) + job.configure(options) + success = job.test(options) + job.announce(colors, success) + return success + +def run_tests(options, domain_data): + """Run the desired jobs. +domain_data should be a DomainData instance that describes the available +domains and jobs. +Run the jobs listed in options.tasks.""" + if not hasattr(options, 'config_backup'): + options.config_backup = options.config + '.bak' + colors = Colors(options) + jobs = [] + failures = [] + successes = [] + for name in options.tasks: + jobs += domain_data.get_jobs(name) + backup_config(options) + try: + for job in jobs: + success = run(options, job, colors=colors) + if not success: + if options.keep_going: + failures.append(job.name) + else: + return False + else: + successes.append(job.name) + restore_config(options) + except: + # Restore the configuration, except in stop-on-error mode if there + # was an error, where we leave the failing configuration up for + # developer convenience. + if options.keep_going: + restore_config(options) + raise + if successes: + log_line('{} passed'.format(' '.join(successes)), color=colors.bold_green) + if failures: + log_line('{} FAILED'.format(' '.join(failures)), color=colors.bold_red) + return False + else: + return True + +def main(): + try: + parser = argparse.ArgumentParser( + formatter_class=argparse.RawDescriptionHelpFormatter, + description= + "Test Mbed TLS with a subset of algorithms.\n\n" + "Example usage:\n" + r"./tests/scripts/depends.py \!MBEDTLS_SHA1_C MBEDTLS_SHA256_C""\n" + "./tests/scripts/depends.py MBEDTLS_AES_C hashes\n" + "./tests/scripts/depends.py cipher_id cipher_chaining\n") + parser.add_argument('--color', metavar='WHEN', + help='Colorize the output (always/auto/never)', + choices=['always', 'auto', 'never'], default='auto') + parser.add_argument('-c', '--config', metavar='FILE', + help='Configuration file to modify', + default='include/mbedtls/config.h') + parser.add_argument('-C', '--directory', metavar='DIR', + help='Change to this directory before anything else', + default='.') + parser.add_argument('-k', '--keep-going', + help='Try all configurations even if some fail (default)', + action='store_true', dest='keep_going', default=True) + parser.add_argument('-e', '--no-keep-going', + help='Stop as soon as a configuration fails', + action='store_false', dest='keep_going') + parser.add_argument('--list-jobs', + help='List supported jobs and exit', + action='append_const', dest='list', const='jobs') + parser.add_argument('--list-domains', + help='List supported domains and exit', + action='append_const', dest='list', const='domains') + parser.add_argument('--make-command', metavar='CMD', + help='Command to run instead of make (e.g. gmake)', + action='store', default='make') + parser.add_argument('--unset-use-psa', + help='Unset MBEDTLS_USE_PSA_CRYPTO before any test', + action='store_true', dest='unset_use_psa') + parser.add_argument('tasks', metavar='TASKS', nargs='*', + help='The domain(s) or job(s) to test (default: all).', + default=True) + options = parser.parse_args() + os.chdir(options.directory) + domain_data = DomainData(options) + if options.tasks is True: + options.tasks = sorted(domain_data.domains.keys()) + if options.list: + for arg in options.list: + for domain_name in sorted(getattr(domain_data, arg).keys()): + print(domain_name) + sys.exit(0) + else: + sys.exit(0 if run_tests(options, domain_data) else 1) + except Exception: # pylint: disable=broad-except + traceback.print_exc() + sys.exit(3) + +if __name__ == '__main__': + main() diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh index 7c9f432ae4..a640b566dd 100755 --- a/tests/scripts/generate-afl-tests.sh +++ b/tests/scripts/generate-afl-tests.sh @@ -6,7 +6,7 @@ # # Usage: generate-afl-tests.sh # - should be the path to one of the test suite files -# such as 'test_suite_mpi.data' +# such as 'test_suite_rsa.data' # # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py index 091630decc..c76294ca53 100755 --- a/tests/scripts/generate_bignum_tests.py +++ b/tests/scripts/generate_bignum_tests.py @@ -54,9 +54,7 @@ of BaseTarget in test_data_generation.py. # See the License for the specific language governing permissions and # limitations under the License. -import itertools import sys -import typing from abc import ABCMeta, abstractmethod from typing import Iterator, List, Tuple, TypeVar @@ -68,25 +66,25 @@ from mbedtls_dev import test_data_generation T = TypeVar('T') #pylint: disable=invalid-name def hex_to_int(val: str) -> int: - return int(val, 16) if val else 0 + """Implement the syntax accepted by mbedtls_test_read_mpi(). + + This is a superset of what is accepted by mbedtls_test_read_mpi_core(). + """ + if val in ['', '-']: + return 0 + return int(val, 16) def quote_str(val) -> str: return "\"{}\"".format(val) def combination_pairs(values: List[T]) -> List[Tuple[T, T]]: """Return all pair combinations from input values.""" - # The return value is cast, as older versions of mypy are unable to derive - # the specific type returned by itertools.combinations_with_replacement. - return typing.cast( - List[Tuple[T, T]], - list(itertools.combinations_with_replacement(values, 2)) - ) - + return [(x, y) for x in values for y in values] class BignumTarget(test_data_generation.BaseTarget, metaclass=ABCMeta): #pylint: disable=abstract-method - """Target for bignum (mpi) test case generation.""" - target_basename = 'test_suite_mpi.generated' + """Target for bignum (legacy) test case generation.""" + target_basename = 'test_suite_bignum.generated' class BignumOperation(BignumTarget, metaclass=ABCMeta): @@ -105,7 +103,8 @@ class BignumOperation(BignumTarget, metaclass=ABCMeta): """ symbol = "" input_values = [ - "", "0", "7b", "-7b", + "", "0", "-", "-0", + "7b", "-7b", "0000000000000000123", "-0000000000000000123", "1230000000000000000", "-1230000000000000000" ] # type: List[str] @@ -120,6 +119,11 @@ class BignumOperation(BignumTarget, metaclass=ABCMeta): def arguments(self) -> List[str]: return [quote_str(self.arg_a), quote_str(self.arg_b), self.result()] + def description_suffix(self) -> str: + #pylint: disable=no-self-use # derived classes need self + """Text to add at the end of the test case description.""" + return "" + def description(self) -> str: """Generate a description for the test case. @@ -133,6 +137,9 @@ class BignumOperation(BignumTarget, metaclass=ABCMeta): self.symbol, self.value_description(self.arg_b) ) + description_suffix = self.description_suffix() + if description_suffix: + self.case_description += " " + description_suffix return super().description() @abstractmethod @@ -153,6 +160,8 @@ class BignumOperation(BignumTarget, metaclass=ABCMeta): """ if val == "": return "0 (null)" + if val == "-": + return "negative 0 (null)" if val == "0": return "0 (1 limb)" @@ -228,8 +237,21 @@ class BignumAdd(BignumOperation): ] ) + def __init__(self, val_a: str, val_b: str) -> None: + super().__init__(val_a, val_b) + self._result = self.int_a + self.int_b + + def description_suffix(self) -> str: + if (self.int_a >= 0 and self.int_b >= 0): + return "" # obviously positive result or 0 + if (self.int_a <= 0 and self.int_b <= 0): + return "" # obviously negative result or 0 + # The sign of the result is not obvious, so indicate it + return ", result{}0".format('>' if self._result > 0 else + '<' if self._result < 0 else '=') + def result(self) -> str: - return quote_str("{:x}".format(self.int_a + self.int_b)) + return quote_str("{:x}".format(self._result)) if __name__ == '__main__': # Use the section of the docstring relevant to the CLI as description diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py index f5750aacfa..938f24cf4f 100755 --- a/tests/scripts/generate_test_code.py +++ b/tests/scripts/generate_test_code.py @@ -126,33 +126,39 @@ code that is generated or read from helpers and platform files. This script replaces following fields in the template and generates the test source file: -$test_common_helpers <-- All common code from helpers.function - is substituted here. -$functions_code <-- Test functions are substituted here - from the input test_suit_xyz.function - file. C preprocessor checks are generated - for the build dependencies specified - in the input file. This script also - generates wrappers for the test - functions with code to expand the - string parameters read from the data - file. -$expression_code <-- This script enumerates the - expressions in the .data file and - generates code to handle enumerated - expression Ids and return the values. -$dep_check_code <-- This script enumerates all - build dependencies and generate - code to handle enumerated build - dependency Id and return status: if - the dependency is defined or not. -$dispatch_code <-- This script enumerates the functions - specified in the input test data file - and generates the initializer for the - function table in the template - file. -$platform_code <-- Platform specific setup and test - dispatch code. +__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS + All common code from helpers.function + is substituted here. +__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE + Test functions are substituted here + from the input test_suit_xyz.function + file. C preprocessor checks are generated + for the build dependencies specified + in the input file. This script also + generates wrappers for the test + functions with code to expand the + string parameters read from the data + file. +__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE + This script enumerates the + expressions in the .data file and + generates code to handle enumerated + expression Ids and return the values. +__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE + This script enumerates all + build dependencies and generate + code to handle enumerated build + dependency Id and return status: if + the dependency is defined or not. +__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE + This script enumerates the functions + specified in the input test data file + and generates the initializer for the + function table in the template + file. +__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE + Platform specific setup and test + dispatch code. """ @@ -974,11 +980,27 @@ def write_test_source_file(template_file, c_file, snippets): :param snippets: Generated and code snippets :return: """ + + # Create a placeholder pattern with the correct named capture groups + # to override the default provided with Template. + # Match nothing (no way of escaping placeholders). + escaped = "(?P(?!))" + # Match the "__MBEDTLS_TEST_TEMPLATE__PLACEHOLDER_NAME" pattern. + named = "__MBEDTLS_TEST_TEMPLATE__(?P[A-Z][_A-Z0-9]*)" + # Match nothing (no braced placeholder syntax). + braced = "(?P(?!))" + # If not already matched, a "__MBEDTLS_TEST_TEMPLATE__" prefix is invalid. + invalid = "(?P__MBEDTLS_TEST_TEMPLATE__)" + placeholder_pattern = re.compile("|".join([escaped, named, braced, invalid])) + with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f: for line_no, line in enumerate(template_f.readlines(), 1): # Update line number. +1 as #line directive sets next line number snippets['line_no'] = line_no + 1 - code = string.Template(line).substitute(**snippets) + template = string.Template(line) + template.pattern = placeholder_pattern + snippets = {k.upper():v for (k, v) in snippets.items()} + code = template.substitute(**snippets) c_f.write(code) diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl deleted file mode 100755 index 20f3aa6358..0000000000 --- a/tests/scripts/key-exchanges.pl +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/bin/env perl - -# key-exchanges.pl -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Purpose -# -# To test the code dependencies on individual key exchanges in the SSL module. -# is a verification step to ensure we don't ship SSL code that do not work -# for some build options. -# -# The process is: -# for each possible key exchange -# build the library with all but that key exchange disabled -# -# Usage: tests/scripts/key-exchanges.pl -# -# This script should be executed from the root of the project directory. -# -# For best effect, run either with cmake disabled, or cmake enabled in a mode -# that includes -Werror. - -use warnings; -use strict; - --d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n"; - -my $sed_cmd = 's/^#define \(MBEDTLS_KEY_EXCHANGE_.*_ENABLED\)/\1/p'; -my $config_h = 'include/mbedtls/config.h'; -my @kexes = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` ); - -system( "cp $config_h $config_h.bak" ) and die; -sub abort { - system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; - # use an exit code between 1 and 124 for git bisect (die returns 255) - warn $_[0]; - exit 1; -} - -for my $kex (@kexes) { - system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n"; - system( "make clean" ) and die; - - print "\n******************************************\n"; - print "* Testing with key exchange: $kex\n"; - print "******************************************\n"; - $ENV{MBEDTLS_TEST_CONFIGURATION} = $kex; - - # full config with all key exchanges disabled except one - system( "scripts/config.py full" ) and abort "Failed config full\n"; - for my $k (@kexes) { - next if $k eq $kex; - system( "scripts/config.py unset $k" ) - and abort "Failed to disable $k\n"; - } - - system( "make lib CFLAGS='-Os -Werror'" ) and abort "Failed to build lib: $kex\n"; -} - -system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n"; -system( "make clean" ) and die; -exit 0; diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index 22eadd1805..cedc0bfa5a 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -50,11 +50,13 @@ GetOptions( 'verbose|v:1' => \$verbose, ) or die; -# All test suites = executable files, excluding source files, debug -# and profiling information, etc. We can't just grep {! /\./} because -# some of our test cases' base names contain a dot. -my @suites = grep { -x $_ || /\.exe$/ } glob 'test_suite_*'; -@suites = grep { !/\.c$/ && !/\.data$/ && -f } @suites; +# All test suites = executable files with a .datax file. +my @suites = (); +for my $data_file (glob 'test_suite_*.datax') { + (my $base = $data_file) =~ s/\.datax$//; + push @suites, $base if -x $base; + push @suites, "$base.exe" if -e "$base.exe"; +} die "$0: no test suite found\n" unless @suites; # "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar" diff --git a/tests/src/helpers.c b/tests/src/helpers.c index bfd21893d1..77b4d942db 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -107,6 +107,10 @@ void mbedtls_test_set_step( unsigned long step ) mbedtls_test_info.step = step; } +#if defined(MBEDTLS_BIGNUM_C) +unsigned mbedtls_test_case_uses_negative_0 = 0; +#endif + void mbedtls_test_info_reset( void ) { mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SUCCESS; @@ -116,6 +120,9 @@ void mbedtls_test_info_reset( void ) mbedtls_test_info.filename = 0; memset( mbedtls_test_info.line1, 0, sizeof( mbedtls_test_info.line1 ) ); memset( mbedtls_test_info.line2, 0, sizeof( mbedtls_test_info.line2 ) ); +#if defined(MBEDTLS_BIGNUM_C) + mbedtls_test_case_uses_negative_0 = 0; +#endif } int mbedtls_test_equal( const char *test, int line_no, const char* filename, @@ -426,6 +433,15 @@ void mbedtls_test_err_add_check( int high, int low, #if defined(MBEDTLS_BIGNUM_C) int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ) { + int negative = 0; + /* Always set the sign bit to -1 if the input has a minus sign, even for 0. + * This creates an invalid representation, which mbedtls_mpi_read_string() + * avoids but we want to be able to create that in test data. */ + if( s[0] == '-' ) + { + ++s; + negative = 1; + } /* mbedtls_mpi_read_string() currently retains leading zeros. * It always allocates at least one limb for the value 0. */ if( s[0] == 0 ) @@ -433,7 +449,15 @@ int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ) mbedtls_mpi_free( X ); return( 0 ); } - else - return( mbedtls_mpi_read_string( X, 16, s ) ); + int ret = mbedtls_mpi_read_string( X, 16, s ); + if( ret != 0 ) + return( ret ); + if( negative ) + { + if( mbedtls_mpi_cmp_int( X, 0 ) == 0 ) + ++mbedtls_test_case_uses_negative_0; + X->s = -1; + } + return( 0 ); } #endif diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index fbf3bf7b8e..c1fffa9ede 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1493,6 +1493,20 @@ if [ -n "${OPENSSL_LEGACY:-}" ]; then O_LEGACY_CLI="$O_LEGACY_CLI -connect 127.0.0.1:+SRV_PORT" fi +# Newer versions of OpenSSL have a syntax to enable all "ciphers", even +# low-security ones. This covers not just cipher suites but also protocol +# versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on +# OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in +# OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find +# a way to discover it from -help, so check the openssl version. +case $($OPENSSL_CMD version) in + "OpenSSL 0"*|"OpenSSL 1.0"*) :;; + *) + O_CLI="$O_CLI -cipher ALL@SECLEVEL=0" + O_SRV="$O_SRV -cipher ALL@SECLEVEL=0" + ;; +esac + if [ -n "${OPENSSL_NEXT:-}" ]; then O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT" O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT" diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index ac00f45e57..65c7083ed3 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -3,17 +3,17 @@ * *** THIS FILE HAS BEEN MACHINE GENERATED *** * * This file has been machine generated using the script: - * $generator_script + * __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT * - * Test file : $test_file + * Test file : __MBEDTLS_TEST_TEMPLATE__TEST_FILE * * The following files were used to create this file. * - * Main code file : $test_main_file - * Platform code file : $test_platform_file - * Helper file : $test_common_helper_file - * Test suite file : $test_case_file - * Test suite data : $test_case_data_file + * Main code file : __MBEDTLS_TEST_TEMPLATE__TEST_MAIN_FILE + * Platform code file : __MBEDTLS_TEST_TEMPLATE__TEST_PLATFORM_FILE + * Helper file : __MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPER_FILE + * Test suite file : __MBEDTLS_TEST_TEMPLATE__TEST_CASE_FILE + * Test suite data : __MBEDTLS_TEST_TEMPLATE__TEST_CASE_DATA_FILE * */ @@ -49,9 +49,9 @@ /*----------------------------------------------------------------------------*/ /* Common helper code */ -$test_common_helpers +__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS -#line $line_no "suites/main_test.function" +#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function" /*----------------------------------------------------------------------------*/ @@ -60,9 +60,9 @@ $test_common_helpers #define TEST_SUITE_ACTIVE -$functions_code +__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE -#line $line_no "suites/main_test.function" +#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function" /*----------------------------------------------------------------------------*/ @@ -74,7 +74,7 @@ $functions_code * For optimizing space for embedded targets each expression/macro * is identified by a unique identifier instead of string literals. * Identifiers and evaluation code is generated by script: - * $generator_script + * __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT * * \param exp_id Expression identifier. * \param out_value Pointer to int to hold the integer. @@ -90,8 +90,8 @@ int get_expression( int32_t exp_id, int32_t * out_value ) switch( exp_id ) { -$expression_code -#line $line_no "suites/main_test.function" +__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE +#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function" default: { ret = KEY_VALUE_MAPPING_NOT_FOUND; @@ -107,7 +107,7 @@ $expression_code * For optimizing space for embedded targets each dependency * is identified by a unique identifier instead of string literals. * Identifiers and check code is generated by script: - * $generator_script + * __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT * * \param dep_id Dependency identifier. * @@ -121,8 +121,8 @@ int dep_check( int dep_id ) switch( dep_id ) { -$dep_check_code -#line $line_no "suites/main_test.function" +__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE +#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function" default: break; } @@ -149,13 +149,13 @@ typedef void (*TestWrapper_t)( void **param_array ); /** * \brief Table of test function wrappers. Used by dispatch_test(). * This table is populated by script: - * $generator_script + * __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT * */ TestWrapper_t test_funcs[] = { -$dispatch_code -#line $line_no "suites/main_test.function" +__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE +#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function" }; /** @@ -265,9 +265,9 @@ int check_test( size_t func_idx ) } -$platform_code +__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE -#line $line_no "suites/main_test.function" +#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function" /*----------------------------------------------------------------------------*/ /* Main Test code */ diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 5a64099fb4..57b8b92de5 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -559,10 +559,14 @@ void aes_misc_params( ) defined(MBEDTLS_CIPHER_MODE_XTS) || \ defined(MBEDTLS_CIPHER_MODE_CFB) || \ defined(MBEDTLS_CIPHER_MODE_OFB) - mbedtls_aes_context aes_ctx; const unsigned char in[16] = { 0 }; unsigned char out[16]; #endif +#if defined(MBEDTLS_CIPHER_MODE_CBC) || \ + defined(MBEDTLS_CIPHER_MODE_CFB) || \ + defined(MBEDTLS_CIPHER_MODE_OFB) +mbedtls_aes_context aes_ctx; +#endif #if defined(MBEDTLS_CIPHER_MODE_XTS) mbedtls_aes_xts_context xts_ctx; #endif diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_bignum.function similarity index 87% rename from tests/suites/test_suite_mpi.function rename to tests/suites/test_suite_bignum.function index a53d0cb9a5..35952f02a7 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_bignum.function @@ -11,10 +11,21 @@ * constructing the value. */ static int sign_is_valid( const mbedtls_mpi *X ) { + /* Only +1 and -1 are valid sign bits, not e.g. 0 */ if( X->s != 1 && X->s != -1 ) - return( 0 ); // invalid sign bit, e.g. 0 - if( mbedtls_mpi_bitlen( X ) == 0 && X->s != 1 ) - return( 0 ); // negative zero + return( 0 ); + + /* The value 0 must be represented with the sign +1. A "negative zero" + * with s=-1 is an invalid representation. Forbid that. As an exception, + * we sometimes test the robustness of library functions when given + * a negative zero input. If a test case has a negative zero as input, + * we don't mind if the function has a negative zero output. */ + if( ! mbedtls_test_case_uses_negative_0 && + mbedtls_mpi_bitlen( X ) == 0 && X->s != 1 ) + { + return( 0 ); + } + return( 1 ); } @@ -1172,24 +1183,57 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_mpi_mod_int( char * input_X, int input_Y, - int input_A, int div_result ) +void mbedtls_mpi_mod_int( char * input_X, char * input_Y, + char * input_A, int mod_result ) { mbedtls_mpi X; + mbedtls_mpi Y; + mbedtls_mpi A; int res; mbedtls_mpi_uint r; - mbedtls_mpi_init( &X ); - TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); - res = mbedtls_mpi_mod_int( &r, &X, input_Y ); - TEST_ASSERT( res == div_result ); + mbedtls_mpi_init( &X ); + mbedtls_mpi_init( &Y ); + mbedtls_mpi_init( &A ); + + /* We use MPIs to read Y and A since the test framework limits us to + * ints, so we can't have 64-bit values */ + TEST_EQUAL( mbedtls_test_read_mpi( &X, input_X ), 0 ); + TEST_EQUAL( mbedtls_test_read_mpi( &Y, input_Y ), 0 ); + TEST_EQUAL( mbedtls_test_read_mpi( &A, input_A ), 0 ); + + TEST_EQUAL( Y.n, 1 ); + TEST_EQUAL( A.n, 1 ); + + /* Convert the MPIs for Y and A to (signed) mbedtls_mpi_sints */ + + /* Since we're converting sign+magnitude to two's complement, we lose one + * bit of value in the output. This means there are some values we can't + * represent, e.g. (hex) -A0000000 on 32-bit systems. These are technically + * invalid test cases, so could be considered "won't happen", but they are + * easy to test for, and this helps guard against human error. */ + + mbedtls_mpi_sint y = (mbedtls_mpi_sint) Y.p[0]; + TEST_ASSERT( y >= 0 ); /* If y < 0 here, we can't make negative y */ + if( Y.s == -1 ) + y = -y; + + mbedtls_mpi_sint a = (mbedtls_mpi_sint) A.p[0]; + TEST_ASSERT( a >= 0 ); /* Same goes for a */ + if( A.s == -1 ) + a = -a; + + res = mbedtls_mpi_mod_int( &r, &X, y ); + TEST_EQUAL( res, mod_result ); if( res == 0 ) { - TEST_ASSERT( r == (mbedtls_mpi_uint) input_A ); + TEST_EQUAL( r, a ); } exit: mbedtls_mpi_free( &X ); + mbedtls_mpi_free( &Y ); + mbedtls_mpi_free( &A ); } /* END_CASE */ @@ -1627,6 +1671,150 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void most_negative_mpi_sint( ) +{ + /* Ad hoc tests for n = -p = -2^(biL-1) as a mbedtls_mpi_sint. We + * guarantee that mbedtls_mpi_sint is a two's complement type, so this + * is a valid value. However, negating it (`-n`) has undefined behavior + * (although in practice `-n` evaluates to the value n). + * + * This function has ad hoc tests for this value. It's separated from other + * functions because the test framework makes it hard to pass this value + * into test cases. + * + * In the comments here: + * - biL = number of bits in limbs + * - p = 2^(biL-1) (smallest positive value not in mbedtls_mpi_sint range) + * - n = -2^(biL-1) (largest negative value in mbedtls_mpi_sint range) + */ + + mbedtls_mpi A, R, X; + mbedtls_mpi_init( &A ); + mbedtls_mpi_init( &R ); + mbedtls_mpi_init( &X ); + + const size_t biL = 8 * sizeof( mbedtls_mpi_sint ); + mbedtls_mpi_uint most_positive_plus_1 = (mbedtls_mpi_uint) 1 << ( biL - 1 ); + const mbedtls_mpi_sint most_positive = most_positive_plus_1 - 1; + const mbedtls_mpi_sint most_negative = - most_positive - 1; + TEST_EQUAL( (mbedtls_mpi_uint) most_negative, + (mbedtls_mpi_uint) 1 << ( biL - 1 ) ); + TEST_EQUAL( (mbedtls_mpi_uint) most_negative << 1, 0 ); + + /* Test mbedtls_mpi_lset() */ + TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 ); + TEST_EQUAL( A.s, -1 ); + TEST_EQUAL( A.n, 1 ); + TEST_EQUAL( A.p[0], most_positive_plus_1 ); + + /* Test mbedtls_mpi_cmp_int(): -p == -p */ + TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), 0 ); + + /* Test mbedtls_mpi_cmp_int(): -(p+1) < -p */ + A.p[0] = most_positive_plus_1 + 1; + TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), -1 ); + + /* Test mbedtls_mpi_cmp_int(): -(p-1) > -p */ + A.p[0] = most_positive_plus_1 - 1; + TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), 1 ); + + /* Test mbedtls_mpi_add_int(): (p-1) + (-p) */ + TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 ); + TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 ); + TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -1 ), 0 ); + + /* Test mbedtls_mpi_add_int(): (0) + (-p) */ + TEST_EQUAL( mbedtls_mpi_lset( &A, 0 ), 0 ); + TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 ); + TEST_EQUAL( mbedtls_mpi_cmp_int( &X, most_negative ), 0 ); + + /* Test mbedtls_mpi_add_int(): (-p) + (-p) */ + TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 ); + TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 ); + TEST_EQUAL( X.s, -1 ); + TEST_EQUAL( X.n, 2 ); + TEST_EQUAL( X.p[0], 0 ); + TEST_EQUAL( X.p[1], 1 ); + + /* Test mbedtls_mpi_sub_int(): (p) - (-p) */ + mbedtls_mpi_free( &X ); + TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 ); + TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 ); + TEST_EQUAL( X.s, 1 ); + TEST_EQUAL( X.n, 1 ); + TEST_EQUAL( X.p[0], ~(mbedtls_mpi_uint)0 ); + + /* Test mbedtls_mpi_sub_int(): (0) - (-p) */ + TEST_EQUAL( mbedtls_mpi_lset( &A, 0 ), 0 ); + TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 ); + TEST_EQUAL( X.s, 1 ); + TEST_EQUAL( X.n, 1 ); + TEST_EQUAL( X.p[0], most_positive_plus_1 ); + + /* Test mbedtls_mpi_sub_int(): (-p) - (-p) */ + TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 ); + TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 ); + TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 ); + + /* Test mbedtls_mpi_div_int(): (-p+1) / (-p) */ + TEST_EQUAL( mbedtls_mpi_lset( &A, -most_positive ), 0 ); + TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 ); + TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 ); + TEST_EQUAL( mbedtls_mpi_cmp_int( &R, -most_positive ), 0 ); + + /* Test mbedtls_mpi_div_int(): (-p) / (-p) */ + TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 ); + TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 ); + TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 1 ), 0 ); + TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 ); + + /* Test mbedtls_mpi_div_int(): (-2*p) / (-p) */ + TEST_EQUAL( mbedtls_mpi_shift_l( &A, 1 ), 0 ); + TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 ); + TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 2 ), 0 ); + TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 ); + + /* Test mbedtls_mpi_div_int(): (-2*p+1) / (-p) */ + TEST_EQUAL( mbedtls_mpi_add_int( &A, &A, 1 ), 0 ); + TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 ); + TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 1 ), 0 ); + TEST_EQUAL( mbedtls_mpi_cmp_int( &R, -most_positive ), 0 ); + + /* Test mbedtls_mpi_div_int(): (p-1) / (-p) */ + TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 ); + TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 ); + TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 ); + TEST_EQUAL( mbedtls_mpi_cmp_int( &R, most_positive ), 0 ); + + /* Test mbedtls_mpi_div_int(): (p) / (-p) */ + TEST_EQUAL( mbedtls_mpi_add_int( &A, &A, 1 ), 0 ); + TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 ); + TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -1 ), 0 ); + TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 ); + + /* Test mbedtls_mpi_div_int(): (2*p) / (-p) */ + TEST_EQUAL( mbedtls_mpi_shift_l( &A, 1 ), 0 ); + TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 ); + TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -2 ), 0 ); + TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 ); + + /* Test mbedtls_mpi_mod_int(): never valid */ + TEST_EQUAL( mbedtls_mpi_mod_int( X.p, &A, most_negative ), + MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); + + /* Test mbedtls_mpi_random(): never valid */ + TEST_EQUAL( mbedtls_mpi_random( &X, most_negative, &A, + mbedtls_test_rnd_std_rand, NULL ), + MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + +exit: + mbedtls_mpi_free( &A ); + mbedtls_mpi_free( &R ); + mbedtls_mpi_free( &X ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void mpi_selftest( ) { diff --git a/tests/suites/test_suite_bignum.generated.data b/tests/suites/test_suite_bignum.generated.data new file mode 100644 index 0000000000..00379effbf --- /dev/null +++ b/tests/suites/test_suite_bignum.generated.data @@ -0,0 +1,975 @@ +# Automatically generated by generate_bignum_tests.py. Do not edit! + +MPI add #1 0 (null) + 0 (null) +mbedtls_mpi_add_mpi:"":"":"0" + +MPI add #2 0 (null) + 0 (1 limb) +mbedtls_mpi_add_mpi:"":"0":"0" + +MPI add #3 0 (null) + negative 0 (null) +mbedtls_mpi_add_mpi:"":"-":"0" + +MPI add #4 0 (null) + negative with leading zero limb +mbedtls_mpi_add_mpi:"":"-0":"0" + +MPI add #5 0 (null) + positive +mbedtls_mpi_add_mpi:"":"7b":"7b" + +MPI add #6 0 (null) + negative +mbedtls_mpi_add_mpi:"":"-7b":"-7b" + +MPI add #7 0 (null) + positive with leading zero limb +mbedtls_mpi_add_mpi:"":"0000000000000000123":"123" + +MPI add #8 0 (null) + negative with leading zero limb +mbedtls_mpi_add_mpi:"":"-0000000000000000123":"-123" + +MPI add #9 0 (null) + large positive +mbedtls_mpi_add_mpi:"":"1230000000000000000":"1230000000000000000" + +MPI add #10 0 (null) + large negative +mbedtls_mpi_add_mpi:"":"-1230000000000000000":"-1230000000000000000" + +MPI add #11 0 (1 limb) + 0 (null) +mbedtls_mpi_add_mpi:"0":"":"0" + +MPI add #12 0 (1 limb) + 0 (1 limb) +mbedtls_mpi_add_mpi:"0":"0":"0" + +MPI add #13 0 (1 limb) + negative 0 (null) +mbedtls_mpi_add_mpi:"0":"-":"0" + +MPI add #14 0 (1 limb) + negative with leading zero limb +mbedtls_mpi_add_mpi:"0":"-0":"0" + +MPI add #15 0 (1 limb) + positive +mbedtls_mpi_add_mpi:"0":"7b":"7b" + +MPI add #16 0 (1 limb) + negative +mbedtls_mpi_add_mpi:"0":"-7b":"-7b" + +MPI add #17 0 (1 limb) + positive with leading zero limb +mbedtls_mpi_add_mpi:"0":"0000000000000000123":"123" + +MPI add #18 0 (1 limb) + negative with leading zero limb +mbedtls_mpi_add_mpi:"0":"-0000000000000000123":"-123" + +MPI add #19 0 (1 limb) + large positive +mbedtls_mpi_add_mpi:"0":"1230000000000000000":"1230000000000000000" + +MPI add #20 0 (1 limb) + large negative +mbedtls_mpi_add_mpi:"0":"-1230000000000000000":"-1230000000000000000" + +MPI add #21 negative 0 (null) + 0 (null) +mbedtls_mpi_add_mpi:"-":"":"0" + +MPI add #22 negative 0 (null) + 0 (1 limb) +mbedtls_mpi_add_mpi:"-":"0":"0" + +MPI add #23 negative 0 (null) + negative 0 (null) +mbedtls_mpi_add_mpi:"-":"-":"0" + +MPI add #24 negative 0 (null) + negative with leading zero limb +mbedtls_mpi_add_mpi:"-":"-0":"0" + +MPI add #25 negative 0 (null) + positive +mbedtls_mpi_add_mpi:"-":"7b":"7b" + +MPI add #26 negative 0 (null) + negative +mbedtls_mpi_add_mpi:"-":"-7b":"-7b" + +MPI add #27 negative 0 (null) + positive with leading zero limb +mbedtls_mpi_add_mpi:"-":"0000000000000000123":"123" + +MPI add #28 negative 0 (null) + negative with leading zero limb +mbedtls_mpi_add_mpi:"-":"-0000000000000000123":"-123" + +MPI add #29 negative 0 (null) + large positive +mbedtls_mpi_add_mpi:"-":"1230000000000000000":"1230000000000000000" + +MPI add #30 negative 0 (null) + large negative +mbedtls_mpi_add_mpi:"-":"-1230000000000000000":"-1230000000000000000" + +MPI add #31 negative with leading zero limb + 0 (null) +mbedtls_mpi_add_mpi:"-0":"":"0" + +MPI add #32 negative with leading zero limb + 0 (1 limb) +mbedtls_mpi_add_mpi:"-0":"0":"0" + +MPI add #33 negative with leading zero limb + negative 0 (null) +mbedtls_mpi_add_mpi:"-0":"-":"0" + +MPI add #34 negative with leading zero limb + negative with leading zero limb +mbedtls_mpi_add_mpi:"-0":"-0":"0" + +MPI add #35 negative with leading zero limb + positive +mbedtls_mpi_add_mpi:"-0":"7b":"7b" + +MPI add #36 negative with leading zero limb + negative +mbedtls_mpi_add_mpi:"-0":"-7b":"-7b" + +MPI add #37 negative with leading zero limb + positive with leading zero limb +mbedtls_mpi_add_mpi:"-0":"0000000000000000123":"123" + +MPI add #38 negative with leading zero limb + negative with leading zero limb +mbedtls_mpi_add_mpi:"-0":"-0000000000000000123":"-123" + +MPI add #39 negative with leading zero limb + large positive +mbedtls_mpi_add_mpi:"-0":"1230000000000000000":"1230000000000000000" + +MPI add #40 negative with leading zero limb + large negative +mbedtls_mpi_add_mpi:"-0":"-1230000000000000000":"-1230000000000000000" + +MPI add #41 positive + 0 (null) +mbedtls_mpi_add_mpi:"7b":"":"7b" + +MPI add #42 positive + 0 (1 limb) +mbedtls_mpi_add_mpi:"7b":"0":"7b" + +MPI add #43 positive + negative 0 (null) +mbedtls_mpi_add_mpi:"7b":"-":"7b" + +MPI add #44 positive + negative with leading zero limb +mbedtls_mpi_add_mpi:"7b":"-0":"7b" + +MPI add #45 positive + positive +mbedtls_mpi_add_mpi:"7b":"7b":"f6" + +MPI add #46 positive + negative , result=0 +mbedtls_mpi_add_mpi:"7b":"-7b":"0" + +MPI add #47 positive + positive with leading zero limb +mbedtls_mpi_add_mpi:"7b":"0000000000000000123":"19e" + +MPI add #48 positive + negative with leading zero limb , result<0 +mbedtls_mpi_add_mpi:"7b":"-0000000000000000123":"-a8" + +MPI add #49 positive + large positive +mbedtls_mpi_add_mpi:"7b":"1230000000000000000":"123000000000000007b" + +MPI add #50 positive + large negative , result<0 +mbedtls_mpi_add_mpi:"7b":"-1230000000000000000":"-122ffffffffffffff85" + +MPI add #51 negative + 0 (null) +mbedtls_mpi_add_mpi:"-7b":"":"-7b" + +MPI add #52 negative + 0 (1 limb) +mbedtls_mpi_add_mpi:"-7b":"0":"-7b" + +MPI add #53 negative + negative 0 (null) +mbedtls_mpi_add_mpi:"-7b":"-":"-7b" + +MPI add #54 negative + negative with leading zero limb +mbedtls_mpi_add_mpi:"-7b":"-0":"-7b" + +MPI add #55 negative + positive , result=0 +mbedtls_mpi_add_mpi:"-7b":"7b":"0" + +MPI add #56 negative + negative +mbedtls_mpi_add_mpi:"-7b":"-7b":"-f6" + +MPI add #57 negative + positive with leading zero limb , result>0 +mbedtls_mpi_add_mpi:"-7b":"0000000000000000123":"a8" + +MPI add #58 negative + negative with leading zero limb +mbedtls_mpi_add_mpi:"-7b":"-0000000000000000123":"-19e" + +MPI add #59 negative + large positive , result>0 +mbedtls_mpi_add_mpi:"-7b":"1230000000000000000":"122ffffffffffffff85" + +MPI add #60 negative + large negative +mbedtls_mpi_add_mpi:"-7b":"-1230000000000000000":"-123000000000000007b" + +MPI add #61 positive with leading zero limb + 0 (null) +mbedtls_mpi_add_mpi:"0000000000000000123":"":"123" + +MPI add #62 positive with leading zero limb + 0 (1 limb) +mbedtls_mpi_add_mpi:"0000000000000000123":"0":"123" + +MPI add #63 positive with leading zero limb + negative 0 (null) +mbedtls_mpi_add_mpi:"0000000000000000123":"-":"123" + +MPI add #64 positive with leading zero limb + negative with leading zero limb +mbedtls_mpi_add_mpi:"0000000000000000123":"-0":"123" + +MPI add #65 positive with leading zero limb + positive +mbedtls_mpi_add_mpi:"0000000000000000123":"7b":"19e" + +MPI add #66 positive with leading zero limb + negative , result>0 +mbedtls_mpi_add_mpi:"0000000000000000123":"-7b":"a8" + +MPI add #67 positive with leading zero limb + positive with leading zero limb +mbedtls_mpi_add_mpi:"0000000000000000123":"0000000000000000123":"246" + +MPI add #68 positive with leading zero limb + negative with leading zero limb , result=0 +mbedtls_mpi_add_mpi:"0000000000000000123":"-0000000000000000123":"0" + +MPI add #69 positive with leading zero limb + large positive +mbedtls_mpi_add_mpi:"0000000000000000123":"1230000000000000000":"1230000000000000123" + +MPI add #70 positive with leading zero limb + large negative , result<0 +mbedtls_mpi_add_mpi:"0000000000000000123":"-1230000000000000000":"-122fffffffffffffedd" + +MPI add #71 negative with leading zero limb + 0 (null) +mbedtls_mpi_add_mpi:"-0000000000000000123":"":"-123" + +MPI add #72 negative with leading zero limb + 0 (1 limb) +mbedtls_mpi_add_mpi:"-0000000000000000123":"0":"-123" + +MPI add #73 negative with leading zero limb + negative 0 (null) +mbedtls_mpi_add_mpi:"-0000000000000000123":"-":"-123" + +MPI add #74 negative with leading zero limb + negative with leading zero limb +mbedtls_mpi_add_mpi:"-0000000000000000123":"-0":"-123" + +MPI add #75 negative with leading zero limb + positive , result<0 +mbedtls_mpi_add_mpi:"-0000000000000000123":"7b":"-a8" + +MPI add #76 negative with leading zero limb + negative +mbedtls_mpi_add_mpi:"-0000000000000000123":"-7b":"-19e" + +MPI add #77 negative with leading zero limb + positive with leading zero limb , result=0 +mbedtls_mpi_add_mpi:"-0000000000000000123":"0000000000000000123":"0" + +MPI add #78 negative with leading zero limb + negative with leading zero limb +mbedtls_mpi_add_mpi:"-0000000000000000123":"-0000000000000000123":"-246" + +MPI add #79 negative with leading zero limb + large positive , result>0 +mbedtls_mpi_add_mpi:"-0000000000000000123":"1230000000000000000":"122fffffffffffffedd" + +MPI add #80 negative with leading zero limb + large negative +mbedtls_mpi_add_mpi:"-0000000000000000123":"-1230000000000000000":"-1230000000000000123" + +MPI add #81 large positive + 0 (null) +mbedtls_mpi_add_mpi:"1230000000000000000":"":"1230000000000000000" + +MPI add #82 large positive + 0 (1 limb) +mbedtls_mpi_add_mpi:"1230000000000000000":"0":"1230000000000000000" + +MPI add #83 large positive + negative 0 (null) +mbedtls_mpi_add_mpi:"1230000000000000000":"-":"1230000000000000000" + +MPI add #84 large positive + negative with leading zero limb +mbedtls_mpi_add_mpi:"1230000000000000000":"-0":"1230000000000000000" + +MPI add #85 large positive + positive +mbedtls_mpi_add_mpi:"1230000000000000000":"7b":"123000000000000007b" + +MPI add #86 large positive + negative , result>0 +mbedtls_mpi_add_mpi:"1230000000000000000":"-7b":"122ffffffffffffff85" + +MPI add #87 large positive + positive with leading zero limb +mbedtls_mpi_add_mpi:"1230000000000000000":"0000000000000000123":"1230000000000000123" + +MPI add #88 large positive + negative with leading zero limb , result>0 +mbedtls_mpi_add_mpi:"1230000000000000000":"-0000000000000000123":"122fffffffffffffedd" + +MPI add #89 large positive + large positive +mbedtls_mpi_add_mpi:"1230000000000000000":"1230000000000000000":"2460000000000000000" + +MPI add #90 large positive + large negative , result=0 +mbedtls_mpi_add_mpi:"1230000000000000000":"-1230000000000000000":"0" + +MPI add #91 large negative + 0 (null) +mbedtls_mpi_add_mpi:"-1230000000000000000":"":"-1230000000000000000" + +MPI add #92 large negative + 0 (1 limb) +mbedtls_mpi_add_mpi:"-1230000000000000000":"0":"-1230000000000000000" + +MPI add #93 large negative + negative 0 (null) +mbedtls_mpi_add_mpi:"-1230000000000000000":"-":"-1230000000000000000" + +MPI add #94 large negative + negative with leading zero limb +mbedtls_mpi_add_mpi:"-1230000000000000000":"-0":"-1230000000000000000" + +MPI add #95 large negative + positive , result<0 +mbedtls_mpi_add_mpi:"-1230000000000000000":"7b":"-122ffffffffffffff85" + +MPI add #96 large negative + negative +mbedtls_mpi_add_mpi:"-1230000000000000000":"-7b":"-123000000000000007b" + +MPI add #97 large negative + positive with leading zero limb , result<0 +mbedtls_mpi_add_mpi:"-1230000000000000000":"0000000000000000123":"-122fffffffffffffedd" + +MPI add #98 large negative + negative with leading zero limb +mbedtls_mpi_add_mpi:"-1230000000000000000":"-0000000000000000123":"-1230000000000000123" + +MPI add #99 large negative + large positive , result=0 +mbedtls_mpi_add_mpi:"-1230000000000000000":"1230000000000000000":"0" + +MPI add #100 large negative + large negative +mbedtls_mpi_add_mpi:"-1230000000000000000":"-1230000000000000000":"-2460000000000000000" + +MPI add #101 large positive + large positive +mbedtls_mpi_add_mpi:"1c67967269c6":"1c67967269c6":"38cf2ce4d38c" + +MPI add #102 large positive + positive +mbedtls_mpi_add_mpi:"1c67967269c6":"9cde3":"1c67967c37a9" + +MPI add #103 large positive + large negative , result=0 +mbedtls_mpi_add_mpi:"1c67967269c6":"-1c67967269c6":"0" + +MPI add #104 large positive + negative , result>0 +mbedtls_mpi_add_mpi:"1c67967269c6":"-9cde3":"1c6796689be3" + +MPI add #105 positive + large positive +mbedtls_mpi_add_mpi:"9cde3":"1c67967269c6":"1c67967c37a9" + +MPI add #106 positive + positive +mbedtls_mpi_add_mpi:"9cde3":"9cde3":"139bc6" + +MPI add #107 positive + large negative , result<0 +mbedtls_mpi_add_mpi:"9cde3":"-1c67967269c6":"-1c6796689be3" + +MPI add #108 positive + negative , result=0 +mbedtls_mpi_add_mpi:"9cde3":"-9cde3":"0" + +MPI add #109 large negative + large positive , result=0 +mbedtls_mpi_add_mpi:"-1c67967269c6":"1c67967269c6":"0" + +MPI add #110 large negative + positive , result<0 +mbedtls_mpi_add_mpi:"-1c67967269c6":"9cde3":"-1c6796689be3" + +MPI add #111 large negative + large negative +mbedtls_mpi_add_mpi:"-1c67967269c6":"-1c67967269c6":"-38cf2ce4d38c" + +MPI add #112 large negative + negative +mbedtls_mpi_add_mpi:"-1c67967269c6":"-9cde3":"-1c67967c37a9" + +MPI add #113 negative + large positive , result>0 +mbedtls_mpi_add_mpi:"-9cde3":"1c67967269c6":"1c6796689be3" + +MPI add #114 negative + positive , result=0 +mbedtls_mpi_add_mpi:"-9cde3":"9cde3":"0" + +MPI add #115 negative + large negative +mbedtls_mpi_add_mpi:"-9cde3":"-1c67967269c6":"-1c67967c37a9" + +MPI add #116 negative + negative +mbedtls_mpi_add_mpi:"-9cde3":"-9cde3":"-139bc6" + +MPI compare #1 0 (null) == 0 (null) +mbedtls_mpi_cmp_mpi:"":"":0 + +MPI compare #2 0 (null) == 0 (1 limb) +mbedtls_mpi_cmp_mpi:"":"0":0 + +MPI compare #3 0 (null) == negative 0 (null) +mbedtls_mpi_cmp_mpi:"":"-":0 + +MPI compare #4 0 (null) == negative with leading zero limb +mbedtls_mpi_cmp_mpi:"":"-0":0 + +MPI compare #5 0 (null) < positive +mbedtls_mpi_cmp_mpi:"":"7b":-1 + +MPI compare #6 0 (null) > negative +mbedtls_mpi_cmp_mpi:"":"-7b":1 + +MPI compare #7 0 (null) < positive with leading zero limb +mbedtls_mpi_cmp_mpi:"":"0000000000000000123":-1 + +MPI compare #8 0 (null) > negative with leading zero limb +mbedtls_mpi_cmp_mpi:"":"-0000000000000000123":1 + +MPI compare #9 0 (null) < large positive +mbedtls_mpi_cmp_mpi:"":"1230000000000000000":-1 + +MPI compare #10 0 (null) > large negative +mbedtls_mpi_cmp_mpi:"":"-1230000000000000000":1 + +MPI compare #11 0 (1 limb) == 0 (null) +mbedtls_mpi_cmp_mpi:"0":"":0 + +MPI compare #12 0 (1 limb) == 0 (1 limb) +mbedtls_mpi_cmp_mpi:"0":"0":0 + +MPI compare #13 0 (1 limb) == negative 0 (null) +mbedtls_mpi_cmp_mpi:"0":"-":0 + +MPI compare #14 0 (1 limb) == negative with leading zero limb +mbedtls_mpi_cmp_mpi:"0":"-0":0 + +MPI compare #15 0 (1 limb) < positive +mbedtls_mpi_cmp_mpi:"0":"7b":-1 + +MPI compare #16 0 (1 limb) > negative +mbedtls_mpi_cmp_mpi:"0":"-7b":1 + +MPI compare #17 0 (1 limb) < positive with leading zero limb +mbedtls_mpi_cmp_mpi:"0":"0000000000000000123":-1 + +MPI compare #18 0 (1 limb) > negative with leading zero limb +mbedtls_mpi_cmp_mpi:"0":"-0000000000000000123":1 + +MPI compare #19 0 (1 limb) < large positive +mbedtls_mpi_cmp_mpi:"0":"1230000000000000000":-1 + +MPI compare #20 0 (1 limb) > large negative +mbedtls_mpi_cmp_mpi:"0":"-1230000000000000000":1 + +MPI compare #21 negative 0 (null) == 0 (null) +mbedtls_mpi_cmp_mpi:"-":"":0 + +MPI compare #22 negative 0 (null) == 0 (1 limb) +mbedtls_mpi_cmp_mpi:"-":"0":0 + +MPI compare #23 negative 0 (null) == negative 0 (null) +mbedtls_mpi_cmp_mpi:"-":"-":0 + +MPI compare #24 negative 0 (null) == negative with leading zero limb +mbedtls_mpi_cmp_mpi:"-":"-0":0 + +MPI compare #25 negative 0 (null) < positive +mbedtls_mpi_cmp_mpi:"-":"7b":-1 + +MPI compare #26 negative 0 (null) > negative +mbedtls_mpi_cmp_mpi:"-":"-7b":1 + +MPI compare #27 negative 0 (null) < positive with leading zero limb +mbedtls_mpi_cmp_mpi:"-":"0000000000000000123":-1 + +MPI compare #28 negative 0 (null) > negative with leading zero limb +mbedtls_mpi_cmp_mpi:"-":"-0000000000000000123":1 + +MPI compare #29 negative 0 (null) < large positive +mbedtls_mpi_cmp_mpi:"-":"1230000000000000000":-1 + +MPI compare #30 negative 0 (null) > large negative +mbedtls_mpi_cmp_mpi:"-":"-1230000000000000000":1 + +MPI compare #31 negative with leading zero limb == 0 (null) +mbedtls_mpi_cmp_mpi:"-0":"":0 + +MPI compare #32 negative with leading zero limb == 0 (1 limb) +mbedtls_mpi_cmp_mpi:"-0":"0":0 + +MPI compare #33 negative with leading zero limb == negative 0 (null) +mbedtls_mpi_cmp_mpi:"-0":"-":0 + +MPI compare #34 negative with leading zero limb == negative with leading zero limb +mbedtls_mpi_cmp_mpi:"-0":"-0":0 + +MPI compare #35 negative with leading zero limb < positive +mbedtls_mpi_cmp_mpi:"-0":"7b":-1 + +MPI compare #36 negative with leading zero limb > negative +mbedtls_mpi_cmp_mpi:"-0":"-7b":1 + +MPI compare #37 negative with leading zero limb < positive with leading zero limb +mbedtls_mpi_cmp_mpi:"-0":"0000000000000000123":-1 + +MPI compare #38 negative with leading zero limb > negative with leading zero limb +mbedtls_mpi_cmp_mpi:"-0":"-0000000000000000123":1 + +MPI compare #39 negative with leading zero limb < large positive +mbedtls_mpi_cmp_mpi:"-0":"1230000000000000000":-1 + +MPI compare #40 negative with leading zero limb > large negative +mbedtls_mpi_cmp_mpi:"-0":"-1230000000000000000":1 + +MPI compare #41 positive > 0 (null) +mbedtls_mpi_cmp_mpi:"7b":"":1 + +MPI compare #42 positive > 0 (1 limb) +mbedtls_mpi_cmp_mpi:"7b":"0":1 + +MPI compare #43 positive > negative 0 (null) +mbedtls_mpi_cmp_mpi:"7b":"-":1 + +MPI compare #44 positive > negative with leading zero limb +mbedtls_mpi_cmp_mpi:"7b":"-0":1 + +MPI compare #45 positive == positive +mbedtls_mpi_cmp_mpi:"7b":"7b":0 + +MPI compare #46 positive > negative +mbedtls_mpi_cmp_mpi:"7b":"-7b":1 + +MPI compare #47 positive < positive with leading zero limb +mbedtls_mpi_cmp_mpi:"7b":"0000000000000000123":-1 + +MPI compare #48 positive > negative with leading zero limb +mbedtls_mpi_cmp_mpi:"7b":"-0000000000000000123":1 + +MPI compare #49 positive < large positive +mbedtls_mpi_cmp_mpi:"7b":"1230000000000000000":-1 + +MPI compare #50 positive > large negative +mbedtls_mpi_cmp_mpi:"7b":"-1230000000000000000":1 + +MPI compare #51 negative < 0 (null) +mbedtls_mpi_cmp_mpi:"-7b":"":-1 + +MPI compare #52 negative < 0 (1 limb) +mbedtls_mpi_cmp_mpi:"-7b":"0":-1 + +MPI compare #53 negative < negative 0 (null) +mbedtls_mpi_cmp_mpi:"-7b":"-":-1 + +MPI compare #54 negative < negative with leading zero limb +mbedtls_mpi_cmp_mpi:"-7b":"-0":-1 + +MPI compare #55 negative < positive +mbedtls_mpi_cmp_mpi:"-7b":"7b":-1 + +MPI compare #56 negative == negative +mbedtls_mpi_cmp_mpi:"-7b":"-7b":0 + +MPI compare #57 negative < positive with leading zero limb +mbedtls_mpi_cmp_mpi:"-7b":"0000000000000000123":-1 + +MPI compare #58 negative > negative with leading zero limb +mbedtls_mpi_cmp_mpi:"-7b":"-0000000000000000123":1 + +MPI compare #59 negative < large positive +mbedtls_mpi_cmp_mpi:"-7b":"1230000000000000000":-1 + +MPI compare #60 negative > large negative +mbedtls_mpi_cmp_mpi:"-7b":"-1230000000000000000":1 + +MPI compare #61 positive with leading zero limb > 0 (null) +mbedtls_mpi_cmp_mpi:"0000000000000000123":"":1 + +MPI compare #62 positive with leading zero limb > 0 (1 limb) +mbedtls_mpi_cmp_mpi:"0000000000000000123":"0":1 + +MPI compare #63 positive with leading zero limb > negative 0 (null) +mbedtls_mpi_cmp_mpi:"0000000000000000123":"-":1 + +MPI compare #64 positive with leading zero limb > negative with leading zero limb +mbedtls_mpi_cmp_mpi:"0000000000000000123":"-0":1 + +MPI compare #65 positive with leading zero limb > positive +mbedtls_mpi_cmp_mpi:"0000000000000000123":"7b":1 + +MPI compare #66 positive with leading zero limb > negative +mbedtls_mpi_cmp_mpi:"0000000000000000123":"-7b":1 + +MPI compare #67 positive with leading zero limb == positive with leading zero limb +mbedtls_mpi_cmp_mpi:"0000000000000000123":"0000000000000000123":0 + +MPI compare #68 positive with leading zero limb > negative with leading zero limb +mbedtls_mpi_cmp_mpi:"0000000000000000123":"-0000000000000000123":1 + +MPI compare #69 positive with leading zero limb < large positive +mbedtls_mpi_cmp_mpi:"0000000000000000123":"1230000000000000000":-1 + +MPI compare #70 positive with leading zero limb > large negative +mbedtls_mpi_cmp_mpi:"0000000000000000123":"-1230000000000000000":1 + +MPI compare #71 negative with leading zero limb < 0 (null) +mbedtls_mpi_cmp_mpi:"-0000000000000000123":"":-1 + +MPI compare #72 negative with leading zero limb < 0 (1 limb) +mbedtls_mpi_cmp_mpi:"-0000000000000000123":"0":-1 + +MPI compare #73 negative with leading zero limb < negative 0 (null) +mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-":-1 + +MPI compare #74 negative with leading zero limb < negative with leading zero limb +mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-0":-1 + +MPI compare #75 negative with leading zero limb < positive +mbedtls_mpi_cmp_mpi:"-0000000000000000123":"7b":-1 + +MPI compare #76 negative with leading zero limb < negative +mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-7b":-1 + +MPI compare #77 negative with leading zero limb < positive with leading zero limb +mbedtls_mpi_cmp_mpi:"-0000000000000000123":"0000000000000000123":-1 + +MPI compare #78 negative with leading zero limb == negative with leading zero limb +mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-0000000000000000123":0 + +MPI compare #79 negative with leading zero limb < large positive +mbedtls_mpi_cmp_mpi:"-0000000000000000123":"1230000000000000000":-1 + +MPI compare #80 negative with leading zero limb > large negative +mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-1230000000000000000":1 + +MPI compare #81 large positive > 0 (null) +mbedtls_mpi_cmp_mpi:"1230000000000000000":"":1 + +MPI compare #82 large positive > 0 (1 limb) +mbedtls_mpi_cmp_mpi:"1230000000000000000":"0":1 + +MPI compare #83 large positive > negative 0 (null) +mbedtls_mpi_cmp_mpi:"1230000000000000000":"-":1 + +MPI compare #84 large positive > negative with leading zero limb +mbedtls_mpi_cmp_mpi:"1230000000000000000":"-0":1 + +MPI compare #85 large positive > positive +mbedtls_mpi_cmp_mpi:"1230000000000000000":"7b":1 + +MPI compare #86 large positive > negative +mbedtls_mpi_cmp_mpi:"1230000000000000000":"-7b":1 + +MPI compare #87 large positive > positive with leading zero limb +mbedtls_mpi_cmp_mpi:"1230000000000000000":"0000000000000000123":1 + +MPI compare #88 large positive > negative with leading zero limb +mbedtls_mpi_cmp_mpi:"1230000000000000000":"-0000000000000000123":1 + +MPI compare #89 large positive == large positive +mbedtls_mpi_cmp_mpi:"1230000000000000000":"1230000000000000000":0 + +MPI compare #90 large positive > large negative +mbedtls_mpi_cmp_mpi:"1230000000000000000":"-1230000000000000000":1 + +MPI compare #91 large negative < 0 (null) +mbedtls_mpi_cmp_mpi:"-1230000000000000000":"":-1 + +MPI compare #92 large negative < 0 (1 limb) +mbedtls_mpi_cmp_mpi:"-1230000000000000000":"0":-1 + +MPI compare #93 large negative < negative 0 (null) +mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-":-1 + +MPI compare #94 large negative < negative with leading zero limb +mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-0":-1 + +MPI compare #95 large negative < positive +mbedtls_mpi_cmp_mpi:"-1230000000000000000":"7b":-1 + +MPI compare #96 large negative < negative +mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-7b":-1 + +MPI compare #97 large negative < positive with leading zero limb +mbedtls_mpi_cmp_mpi:"-1230000000000000000":"0000000000000000123":-1 + +MPI compare #98 large negative < negative with leading zero limb +mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-0000000000000000123":-1 + +MPI compare #99 large negative < large positive +mbedtls_mpi_cmp_mpi:"-1230000000000000000":"1230000000000000000":-1 + +MPI compare #100 large negative == large negative +mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-1230000000000000000":0 + +MPI compare #101 negative > negative +mbedtls_mpi_cmp_mpi:"-2":"-3":1 + +MPI compare #102 negative == negative +mbedtls_mpi_cmp_mpi:"-2":"-2":0 + +MPI compare #103 positive < positive +mbedtls_mpi_cmp_mpi:"2b4":"2b5":-1 + +MPI compare #104 positive < positive +mbedtls_mpi_cmp_mpi:"2b5":"2b6":-1 + +MPI compare (abs) #1 0 (null) == 0 (null) +mbedtls_mpi_cmp_abs:"":"":0 + +MPI compare (abs) #2 0 (null) == 0 (1 limb) +mbedtls_mpi_cmp_abs:"":"0":0 + +MPI compare (abs) #3 0 (null) == 0 (null) +mbedtls_mpi_cmp_abs:"":"":0 + +MPI compare (abs) #4 0 (null) == 0 (1 limb) +mbedtls_mpi_cmp_abs:"":"0":0 + +MPI compare (abs) #5 0 (null) < positive +mbedtls_mpi_cmp_abs:"":"7b":-1 + +MPI compare (abs) #6 0 (null) < positive +mbedtls_mpi_cmp_abs:"":"7b":-1 + +MPI compare (abs) #7 0 (null) < positive with leading zero limb +mbedtls_mpi_cmp_abs:"":"0000000000000000123":-1 + +MPI compare (abs) #8 0 (null) < positive with leading zero limb +mbedtls_mpi_cmp_abs:"":"0000000000000000123":-1 + +MPI compare (abs) #9 0 (null) < large positive +mbedtls_mpi_cmp_abs:"":"1230000000000000000":-1 + +MPI compare (abs) #10 0 (null) < large positive +mbedtls_mpi_cmp_abs:"":"1230000000000000000":-1 + +MPI compare (abs) #11 0 (1 limb) == 0 (null) +mbedtls_mpi_cmp_abs:"0":"":0 + +MPI compare (abs) #12 0 (1 limb) == 0 (1 limb) +mbedtls_mpi_cmp_abs:"0":"0":0 + +MPI compare (abs) #13 0 (1 limb) == 0 (null) +mbedtls_mpi_cmp_abs:"0":"":0 + +MPI compare (abs) #14 0 (1 limb) == 0 (1 limb) +mbedtls_mpi_cmp_abs:"0":"0":0 + +MPI compare (abs) #15 0 (1 limb) < positive +mbedtls_mpi_cmp_abs:"0":"7b":-1 + +MPI compare (abs) #16 0 (1 limb) < positive +mbedtls_mpi_cmp_abs:"0":"7b":-1 + +MPI compare (abs) #17 0 (1 limb) < positive with leading zero limb +mbedtls_mpi_cmp_abs:"0":"0000000000000000123":-1 + +MPI compare (abs) #18 0 (1 limb) < positive with leading zero limb +mbedtls_mpi_cmp_abs:"0":"0000000000000000123":-1 + +MPI compare (abs) #19 0 (1 limb) < large positive +mbedtls_mpi_cmp_abs:"0":"1230000000000000000":-1 + +MPI compare (abs) #20 0 (1 limb) < large positive +mbedtls_mpi_cmp_abs:"0":"1230000000000000000":-1 + +MPI compare (abs) #21 0 (null) == 0 (null) +mbedtls_mpi_cmp_abs:"":"":0 + +MPI compare (abs) #22 0 (null) == 0 (1 limb) +mbedtls_mpi_cmp_abs:"":"0":0 + +MPI compare (abs) #23 0 (null) == 0 (null) +mbedtls_mpi_cmp_abs:"":"":0 + +MPI compare (abs) #24 0 (null) == 0 (1 limb) +mbedtls_mpi_cmp_abs:"":"0":0 + +MPI compare (abs) #25 0 (null) < positive +mbedtls_mpi_cmp_abs:"":"7b":-1 + +MPI compare (abs) #26 0 (null) < positive +mbedtls_mpi_cmp_abs:"":"7b":-1 + +MPI compare (abs) #27 0 (null) < positive with leading zero limb +mbedtls_mpi_cmp_abs:"":"0000000000000000123":-1 + +MPI compare (abs) #28 0 (null) < positive with leading zero limb +mbedtls_mpi_cmp_abs:"":"0000000000000000123":-1 + +MPI compare (abs) #29 0 (null) < large positive +mbedtls_mpi_cmp_abs:"":"1230000000000000000":-1 + +MPI compare (abs) #30 0 (null) < large positive +mbedtls_mpi_cmp_abs:"":"1230000000000000000":-1 + +MPI compare (abs) #31 0 (1 limb) == 0 (null) +mbedtls_mpi_cmp_abs:"0":"":0 + +MPI compare (abs) #32 0 (1 limb) == 0 (1 limb) +mbedtls_mpi_cmp_abs:"0":"0":0 + +MPI compare (abs) #33 0 (1 limb) == 0 (null) +mbedtls_mpi_cmp_abs:"0":"":0 + +MPI compare (abs) #34 0 (1 limb) == 0 (1 limb) +mbedtls_mpi_cmp_abs:"0":"0":0 + +MPI compare (abs) #35 0 (1 limb) < positive +mbedtls_mpi_cmp_abs:"0":"7b":-1 + +MPI compare (abs) #36 0 (1 limb) < positive +mbedtls_mpi_cmp_abs:"0":"7b":-1 + +MPI compare (abs) #37 0 (1 limb) < positive with leading zero limb +mbedtls_mpi_cmp_abs:"0":"0000000000000000123":-1 + +MPI compare (abs) #38 0 (1 limb) < positive with leading zero limb +mbedtls_mpi_cmp_abs:"0":"0000000000000000123":-1 + +MPI compare (abs) #39 0 (1 limb) < large positive +mbedtls_mpi_cmp_abs:"0":"1230000000000000000":-1 + +MPI compare (abs) #40 0 (1 limb) < large positive +mbedtls_mpi_cmp_abs:"0":"1230000000000000000":-1 + +MPI compare (abs) #41 positive > 0 (null) +mbedtls_mpi_cmp_abs:"7b":"":1 + +MPI compare (abs) #42 positive > 0 (1 limb) +mbedtls_mpi_cmp_abs:"7b":"0":1 + +MPI compare (abs) #43 positive > 0 (null) +mbedtls_mpi_cmp_abs:"7b":"":1 + +MPI compare (abs) #44 positive > 0 (1 limb) +mbedtls_mpi_cmp_abs:"7b":"0":1 + +MPI compare (abs) #45 positive == positive +mbedtls_mpi_cmp_abs:"7b":"7b":0 + +MPI compare (abs) #46 positive == positive +mbedtls_mpi_cmp_abs:"7b":"7b":0 + +MPI compare (abs) #47 positive < positive with leading zero limb +mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1 + +MPI compare (abs) #48 positive < positive with leading zero limb +mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1 + +MPI compare (abs) #49 positive < large positive +mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1 + +MPI compare (abs) #50 positive < large positive +mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1 + +MPI compare (abs) #51 positive > 0 (null) +mbedtls_mpi_cmp_abs:"7b":"":1 + +MPI compare (abs) #52 positive > 0 (1 limb) +mbedtls_mpi_cmp_abs:"7b":"0":1 + +MPI compare (abs) #53 positive > 0 (null) +mbedtls_mpi_cmp_abs:"7b":"":1 + +MPI compare (abs) #54 positive > 0 (1 limb) +mbedtls_mpi_cmp_abs:"7b":"0":1 + +MPI compare (abs) #55 positive == positive +mbedtls_mpi_cmp_abs:"7b":"7b":0 + +MPI compare (abs) #56 positive == positive +mbedtls_mpi_cmp_abs:"7b":"7b":0 + +MPI compare (abs) #57 positive < positive with leading zero limb +mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1 + +MPI compare (abs) #58 positive < positive with leading zero limb +mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1 + +MPI compare (abs) #59 positive < large positive +mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1 + +MPI compare (abs) #60 positive < large positive +mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1 + +MPI compare (abs) #61 positive with leading zero limb > 0 (null) +mbedtls_mpi_cmp_abs:"0000000000000000123":"":1 + +MPI compare (abs) #62 positive with leading zero limb > 0 (1 limb) +mbedtls_mpi_cmp_abs:"0000000000000000123":"0":1 + +MPI compare (abs) #63 positive with leading zero limb > 0 (null) +mbedtls_mpi_cmp_abs:"0000000000000000123":"":1 + +MPI compare (abs) #64 positive with leading zero limb > 0 (1 limb) +mbedtls_mpi_cmp_abs:"0000000000000000123":"0":1 + +MPI compare (abs) #65 positive with leading zero limb > positive +mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1 + +MPI compare (abs) #66 positive with leading zero limb > positive +mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1 + +MPI compare (abs) #67 positive with leading zero limb == positive with leading zero limb +mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0 + +MPI compare (abs) #68 positive with leading zero limb == positive with leading zero limb +mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0 + +MPI compare (abs) #69 positive with leading zero limb < large positive +mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1 + +MPI compare (abs) #70 positive with leading zero limb < large positive +mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1 + +MPI compare (abs) #71 positive with leading zero limb > 0 (null) +mbedtls_mpi_cmp_abs:"0000000000000000123":"":1 + +MPI compare (abs) #72 positive with leading zero limb > 0 (1 limb) +mbedtls_mpi_cmp_abs:"0000000000000000123":"0":1 + +MPI compare (abs) #73 positive with leading zero limb > 0 (null) +mbedtls_mpi_cmp_abs:"0000000000000000123":"":1 + +MPI compare (abs) #74 positive with leading zero limb > 0 (1 limb) +mbedtls_mpi_cmp_abs:"0000000000000000123":"0":1 + +MPI compare (abs) #75 positive with leading zero limb > positive +mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1 + +MPI compare (abs) #76 positive with leading zero limb > positive +mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1 + +MPI compare (abs) #77 positive with leading zero limb == positive with leading zero limb +mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0 + +MPI compare (abs) #78 positive with leading zero limb == positive with leading zero limb +mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0 + +MPI compare (abs) #79 positive with leading zero limb < large positive +mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1 + +MPI compare (abs) #80 positive with leading zero limb < large positive +mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1 + +MPI compare (abs) #81 large positive > 0 (null) +mbedtls_mpi_cmp_abs:"1230000000000000000":"":1 + +MPI compare (abs) #82 large positive > 0 (1 limb) +mbedtls_mpi_cmp_abs:"1230000000000000000":"0":1 + +MPI compare (abs) #83 large positive > 0 (null) +mbedtls_mpi_cmp_abs:"1230000000000000000":"":1 + +MPI compare (abs) #84 large positive > 0 (1 limb) +mbedtls_mpi_cmp_abs:"1230000000000000000":"0":1 + +MPI compare (abs) #85 large positive > positive +mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1 + +MPI compare (abs) #86 large positive > positive +mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1 + +MPI compare (abs) #87 large positive > positive with leading zero limb +mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1 + +MPI compare (abs) #88 large positive > positive with leading zero limb +mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1 + +MPI compare (abs) #89 large positive == large positive +mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0 + +MPI compare (abs) #90 large positive == large positive +mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0 + +MPI compare (abs) #91 large positive > 0 (null) +mbedtls_mpi_cmp_abs:"1230000000000000000":"":1 + +MPI compare (abs) #92 large positive > 0 (1 limb) +mbedtls_mpi_cmp_abs:"1230000000000000000":"0":1 + +MPI compare (abs) #93 large positive > 0 (null) +mbedtls_mpi_cmp_abs:"1230000000000000000":"":1 + +MPI compare (abs) #94 large positive > 0 (1 limb) +mbedtls_mpi_cmp_abs:"1230000000000000000":"0":1 + +MPI compare (abs) #95 large positive > positive +mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1 + +MPI compare (abs) #96 large positive > positive +mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1 + +MPI compare (abs) #97 large positive > positive with leading zero limb +mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1 + +MPI compare (abs) #98 large positive > positive with leading zero limb +mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1 + +MPI compare (abs) #99 large positive == large positive +mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0 + +MPI compare (abs) #100 large positive == large positive +mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0 + +MPI compare (abs) #101 positive < positive +mbedtls_mpi_cmp_abs:"2":"3":-1 + +MPI compare (abs) #102 positive == positive +mbedtls_mpi_cmp_abs:"2":"2":0 + +MPI compare (abs) #103 positive < positive +mbedtls_mpi_cmp_abs:"2b4":"2b5":-1 + +MPI compare (abs) #104 positive < positive +mbedtls_mpi_cmp_abs:"2b5":"2b6":-1 + +# End of automatically generated file. diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_bignum.misc.data similarity index 97% rename from tests/suites/test_suite_mpi.data rename to tests/suites/test_suite_bignum.misc.data index 8bb5e772c6..9da54ffd7a 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_bignum.misc.data @@ -1141,6 +1141,18 @@ mbedtls_mpi_div_mpi:"":"1":"":"":0 Test mbedtls_mpi_div_mpi: 0 (null) / -1 mbedtls_mpi_div_mpi:"":"-1":"":"":0 +Test mbedtls_mpi_div_mpi: -0 (null) / 1 +mbedtls_mpi_div_mpi:"-":"1":"":"":0 + +Test mbedtls_mpi_div_mpi: -0 (null) / -1 +mbedtls_mpi_div_mpi:"-":"-1":"":"":0 + +Test mbedtls_mpi_div_mpi: -0 (null) / 42 +mbedtls_mpi_div_mpi:"-":"2a":"":"":0 + +Test mbedtls_mpi_div_mpi: -0 (null) / -42 +mbedtls_mpi_div_mpi:"-":"-2a":"":"":0 + Test mbedtls_mpi_div_mpi #1 mbedtls_mpi_div_mpi:"9e22d6da18a33d1ef28d2a82242b3f6e9c9742f63e5d440f58a190bfaf23a7866e67589adb80":"22":"4a6abf75b13dc268ea9cc8b5b6aaf0ac85ecd437a4e0987fb13cf8d2acc57c0306c738c1583":"1a":0 @@ -1201,41 +1213,85 @@ mbedtls_mpi_mod_mpi:"":"1":"":0 Test mbedtls_mpi_mod_mpi: 0 (null) % -1 mbedtls_mpi_mod_mpi:"":"-1":"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE +Test mbedtls_mpi_mod_mpi: -0 (null) % 1 +mbedtls_mpi_mod_mpi:"-":"1":"":0 + +Test mbedtls_mpi_mod_mpi: -0 (null) % -1 +mbedtls_mpi_mod_mpi:"-":"-1":"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE + +Test mbedtls_mpi_mod_mpi: -0 (null) % 42 +mbedtls_mpi_mod_mpi:"-":"2a":"":0 + +Test mbedtls_mpi_mod_mpi: -0 (null) % -42 +mbedtls_mpi_mod_mpi:"-":"-2a":"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE + Base test mbedtls_mpi_mod_int #1 -mbedtls_mpi_mod_int:"3e8":13:12:0 +mbedtls_mpi_mod_int:"3e8":"d":"c":0 Base test mbedtls_mpi_mod_int #2 (Divide by zero) -mbedtls_mpi_mod_int:"3e8":0:0:MBEDTLS_ERR_MPI_DIVISION_BY_ZERO +mbedtls_mpi_mod_int:"3e8":"0":"0":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO Base test mbedtls_mpi_mod_int #3 -mbedtls_mpi_mod_int:"-3e8":13:1:0 +mbedtls_mpi_mod_int:"-3e8":"d":"1":0 Base test mbedtls_mpi_mod_int #4 (Negative modulo) -mbedtls_mpi_mod_int:"3e8":-13:0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE +mbedtls_mpi_mod_int:"3e8":"-d":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE Base test mbedtls_mpi_mod_int #5 (Negative modulo) -mbedtls_mpi_mod_int:"-3e8":-13:0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE +mbedtls_mpi_mod_int:"-3e8":"-d":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE Base test mbedtls_mpi_mod_int #6 (By 1) -mbedtls_mpi_mod_int:"3e8":1:0:0 +mbedtls_mpi_mod_int:"3e8":"1":"0":0 Base test mbedtls_mpi_mod_int #7 (By 2) -mbedtls_mpi_mod_int:"3e9":2:1:0 +mbedtls_mpi_mod_int:"3e9":"2":"1":0 Base test mbedtls_mpi_mod_int #8 (By 2) -mbedtls_mpi_mod_int:"3e8":2:0:0 +mbedtls_mpi_mod_int:"3e8":"2":"0":0 Test mbedtls_mpi_mod_int: 0 (null) % 1 -mbedtls_mpi_mod_int:"":1:0:0 +mbedtls_mpi_mod_int:"":"1":"0":0 Test mbedtls_mpi_mod_int: 0 (null) % 2 -mbedtls_mpi_mod_int:"":2:0:0 +mbedtls_mpi_mod_int:"":"2":"0":0 Test mbedtls_mpi_mod_int: 0 (null) % -1 -mbedtls_mpi_mod_int:"":-1:0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE +mbedtls_mpi_mod_int:"":"-1":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE Test mbedtls_mpi_mod_int: 0 (null) % -2 -mbedtls_mpi_mod_int:"":-2:0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE +mbedtls_mpi_mod_int:"":"-2":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE + +# CURRENTLY FAILS - SEE GITHUB ISSUE #6540 +#Test mbedtls_mpi_mod_int: 230772460340063000000100500000300000010 % 5178236083361335880 -> 3386266129388798810 +#depends_on:MBEDTLS_HAVE_INT64 +#mbedtls_mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA4847DCCA48":"2EFE6F1A7D28035A":0 + +Test mbedtls_mpi_mod_mpi: 230772460340063000000100500000300000010 % 5178236083361335880 -> 3386266129388798810 +mbedtls_mpi_mod_mpi:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA4847DCCA48":"2EFE6F1A7D28035A":0 + +# CURRENTLY FAILS - SEE GITHUB ISSUE #6540 +#Test mbedtls_mpi_mod_int: 230772460340062999996714233870911201200 % 5178236083361335880 -> 0 +#depends_on:MBEDTLS_HAVE_INT64 +#mbedtls_mpi_mod_int:"AD9D28BF6C4E98FDC2584FEF03A6DFB0":"47DCCA4847DCCA48":"0":0 + +Test mbedtls_mpi_mod_mpi: 230772460340062999996714233870911201200 % 5178236083361335880 -> 0 +mbedtls_mpi_mod_mpi:"AD9D28BF6C4E98FDC2584FEF03A6DFB0":"47DCCA4847DCCA48":"0":0 + +# CURRENTLY FAILS WHEN MPIS ARE 32-BIT (ISSUE #6450): WHEN FIXED, REMOVE "depends_on" LINE +Test mbedtls_mpi_mod_int: 230772460340063000000100500000300000010 % 1205652040 -> 3644370 +depends_on:MBEDTLS_HAVE_INT64 +mbedtls_mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA48":"379BD2":0 + +Test mbedtls_mpi_mod_mpi: 230772460340063000000100500000300000010 % 1205652040 -> 3644370 +mbedtls_mpi_mod_mpi:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA48":"379BD2":0 + +# CURRENTLY FAILS WHEN MPIS ARE 32-BIT (ISSUE #6450): WHEN FIXED, REMOVE "depends_on" LINE +Test mbedtls_mpi_mod_int: 230772460340063000000100500000296355640 % 1205652040 -> 0 +depends_on:MBEDTLS_HAVE_INT64 +mbedtls_mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980974738":"47DCCA48":"0":0 + +Test mbedtls_mpi_mod_mpi: 230772460340063000000100500000296355640 % 1205652040 -> 0 +mbedtls_mpi_mod_mpi:"AD9D28BF6C4E98FDF156BF0980974738":"47DCCA48":"0":0 Base test mbedtls_mpi_exp_mod #1 mbedtls_mpi_exp_mod:"17":"d":"1d":"18":0 @@ -1899,6 +1955,9 @@ mpi_random_fail:2:"01":MBEDTLS_ERR_MPI_BAD_INPUT_DATA MPI random bad arguments: min > N = 1, 0 limb in upper bound mpi_random_fail:2:"000000000000000001":MBEDTLS_ERR_MPI_BAD_INPUT_DATA +Most negative mbedtls_mpi_sint +most_negative_mpi_sint: + MPI Selftest depends_on:MBEDTLS_SELF_TEST mpi_selftest: diff --git a/tests/suites/test_suite_cipher.aria.data b/tests/suites/test_suite_cipher.aria.data index 2c50a21fc7..79c0bf6bd3 100644 --- a/tests/suites/test_suite_cipher.aria.data +++ b/tests/suites/test_suite_cipher.aria.data @@ -1,3 +1,3 @@ Aria CBC Decrypt empty buffer -depends_on:MBEDTLS_ARIA_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 dec_empty_buf:MBEDTLS_CIPHER_ARIA_128_CBC:0:0 diff --git a/tests/suites/test_suite_cipher.blowfish.data b/tests/suites/test_suite_cipher.blowfish.data index a05a4e7b3e..eb3a0c4bbe 100644 --- a/tests/suites/test_suite_cipher.blowfish.data +++ b/tests/suites/test_suite_cipher.blowfish.data @@ -3,7 +3,7 @@ depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKC dec_empty_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:0:0 BLOWFISH Encrypt and decrypt 0 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:-1 BLOWFISH Encrypt and decrypt 1 byte [#1] @@ -19,7 +19,7 @@ depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKC enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:7:-1 BLOWFISH Encrypt and decrypt 8 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:-1 BLOWFISH Encrypt and decrypt 9 bytes [#1] @@ -31,7 +31,7 @@ depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKC enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:15:-1 BLOWFISH Encrypt and decrypt 16 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:-1 BLOWFISH Encrypt and decrypt 17 bytes [#1] @@ -43,7 +43,7 @@ depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKC enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:31:-1 BLOWFISH Encrypt and decrypt 32 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:-1 BLOWFISH Encrypt and decrypt 32 bytes [#2] @@ -55,7 +55,7 @@ depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKC enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:47:-1 BLOWFISH Encrypt and decrypt 48 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:-1 BLOWFISH Encrypt and decrypt 49 bytes [#1] @@ -63,247 +63,247 @@ depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKC enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:49:-1 BLOWFISH Encrypt and decrypt 0 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:MBEDTLS_PADDING_ONE_AND_ZEROS BLOWFISH Encrypt and decrypt 1 byte with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:1:MBEDTLS_PADDING_ONE_AND_ZEROS BLOWFISH Encrypt and decrypt 2 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:2:MBEDTLS_PADDING_ONE_AND_ZEROS BLOWFISH Encrypt and decrypt 7 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:7:MBEDTLS_PADDING_ONE_AND_ZEROS BLOWFISH Encrypt and decrypt 8 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:MBEDTLS_PADDING_ONE_AND_ZEROS BLOWFISH Encrypt and decrypt 9 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:9:MBEDTLS_PADDING_ONE_AND_ZEROS BLOWFISH Encrypt and decrypt 15 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:15:MBEDTLS_PADDING_ONE_AND_ZEROS BLOWFISH Encrypt and decrypt 16 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:MBEDTLS_PADDING_ONE_AND_ZEROS BLOWFISH Encrypt and decrypt 17 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:17:MBEDTLS_PADDING_ONE_AND_ZEROS BLOWFISH Encrypt and decrypt 31 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:31:MBEDTLS_PADDING_ONE_AND_ZEROS BLOWFISH Encrypt and decrypt 32 bytes with one and zeros padding [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:MBEDTLS_PADDING_ONE_AND_ZEROS BLOWFISH Encrypt and decrypt 32 bytes with one and zeros padding [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:33:MBEDTLS_PADDING_ONE_AND_ZEROS BLOWFISH Encrypt and decrypt 47 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:47:MBEDTLS_PADDING_ONE_AND_ZEROS BLOWFISH Encrypt and decrypt 48 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:MBEDTLS_PADDING_ONE_AND_ZEROS BLOWFISH Encrypt and decrypt 49 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:49:MBEDTLS_PADDING_ONE_AND_ZEROS BLOWFISH Encrypt and decrypt 0 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:MBEDTLS_PADDING_ZEROS_AND_LEN BLOWFISH Encrypt and decrypt 1 byte with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:1:MBEDTLS_PADDING_ZEROS_AND_LEN BLOWFISH Encrypt and decrypt 2 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:2:MBEDTLS_PADDING_ZEROS_AND_LEN BLOWFISH Encrypt and decrypt 7 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:7:MBEDTLS_PADDING_ZEROS_AND_LEN BLOWFISH Encrypt and decrypt 8 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:MBEDTLS_PADDING_ZEROS_AND_LEN BLOWFISH Encrypt and decrypt 9 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:9:MBEDTLS_PADDING_ZEROS_AND_LEN BLOWFISH Encrypt and decrypt 15 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:15:MBEDTLS_PADDING_ZEROS_AND_LEN BLOWFISH Encrypt and decrypt 16 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:MBEDTLS_PADDING_ZEROS_AND_LEN BLOWFISH Encrypt and decrypt 17 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:17:MBEDTLS_PADDING_ZEROS_AND_LEN BLOWFISH Encrypt and decrypt 31 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:31:MBEDTLS_PADDING_ZEROS_AND_LEN BLOWFISH Encrypt and decrypt 32 bytes with zeros and len padding [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:MBEDTLS_PADDING_ZEROS_AND_LEN BLOWFISH Encrypt and decrypt 32 bytes with zeros and len padding [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:33:MBEDTLS_PADDING_ZEROS_AND_LEN BLOWFISH Encrypt and decrypt 47 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:47:MBEDTLS_PADDING_ZEROS_AND_LEN BLOWFISH Encrypt and decrypt 48 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:MBEDTLS_PADDING_ZEROS_AND_LEN BLOWFISH Encrypt and decrypt 49 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:49:MBEDTLS_PADDING_ZEROS_AND_LEN BLOWFISH Encrypt and decrypt 0 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:MBEDTLS_PADDING_ZEROS BLOWFISH Encrypt and decrypt 1 byte with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:1:MBEDTLS_PADDING_ZEROS BLOWFISH Encrypt and decrypt 2 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:2:MBEDTLS_PADDING_ZEROS BLOWFISH Encrypt and decrypt 7 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:7:MBEDTLS_PADDING_ZEROS BLOWFISH Encrypt and decrypt 8 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:MBEDTLS_PADDING_ZEROS BLOWFISH Encrypt and decrypt 9 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:9:MBEDTLS_PADDING_ZEROS BLOWFISH Encrypt and decrypt 15 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:15:MBEDTLS_PADDING_ZEROS BLOWFISH Encrypt and decrypt 16 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:MBEDTLS_PADDING_ZEROS BLOWFISH Encrypt and decrypt 17 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:17:MBEDTLS_PADDING_ZEROS BLOWFISH Encrypt and decrypt 31 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:31:MBEDTLS_PADDING_ZEROS BLOWFISH Encrypt and decrypt 32 bytes with zeros padding [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:MBEDTLS_PADDING_ZEROS BLOWFISH Encrypt and decrypt 32 bytes with zeros padding [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:33:MBEDTLS_PADDING_ZEROS BLOWFISH Encrypt and decrypt 47 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:47:MBEDTLS_PADDING_ZEROS BLOWFISH Encrypt and decrypt 48 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:MBEDTLS_PADDING_ZEROS BLOWFISH Encrypt and decrypt 49 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:49:MBEDTLS_PADDING_ZEROS BLOWFISH Encrypt and decrypt 0 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:MBEDTLS_PADDING_NONE BLOWFISH Encrypt and decrypt 8 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:MBEDTLS_PADDING_NONE BLOWFISH Encrypt and decrypt 16 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:MBEDTLS_PADDING_NONE BLOWFISH Encrypt and decrypt 32 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:MBEDTLS_PADDING_NONE BLOWFISH Encrypt and decrypt 48 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:MBEDTLS_PADDING_NONE BLOWFISH Try encrypting 1 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:1:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED BLOWFISH Try encrypting 2 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:2:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED BLOWFISH Try encrypting 7 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:7:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED BLOWFISH Try encrypting 9 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:9:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED BLOWFISH Try encrypting 15 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:15:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED BLOWFISH Try encrypting 17 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:17:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED BLOWFISH Try encrypting 31 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:31:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED BLOWFISH Try encrypting 33 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:33:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED BLOWFISH Try encrypting 47 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:47:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED BLOWFISH Try encrypting 49 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:49:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED BLOWFISH Encrypt and decrypt 0 bytes in multiple parts [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:0:-1:0:0:0:0 BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 1 [#1] @@ -319,15 +319,15 @@ depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKC enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:0:-1:16:0:8:8 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 2 [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:16:-1:0:16:0:16 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 3 [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:15:-1:0:16:0:16 BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 4 [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:1:-1:8:8:8:8 BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#1] diff --git a/tests/suites/test_suite_cipher.camellia.data b/tests/suites/test_suite_cipher.camellia.data index 3e7bffa45b..d7401a1d52 100644 --- a/tests/suites/test_suite_cipher.camellia.data +++ b/tests/suites/test_suite_cipher.camellia.data @@ -67,183 +67,183 @@ depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKC enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:49:-1 CAMELLIA Encrypt and decrypt 0 bytes with one and zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:0:MBEDTLS_PADDING_ONE_AND_ZEROS CAMELLIA Encrypt and decrypt 1 byte with one and zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:1:MBEDTLS_PADDING_ONE_AND_ZEROS CAMELLIA Encrypt and decrypt 2 bytes with one and zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:2:MBEDTLS_PADDING_ONE_AND_ZEROS CAMELLIA Encrypt and decrypt 7 bytes with one and zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:7:MBEDTLS_PADDING_ONE_AND_ZEROS CAMELLIA Encrypt and decrypt 8 bytes with one and zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:8:MBEDTLS_PADDING_ONE_AND_ZEROS CAMELLIA Encrypt and decrypt 9 bytes with one and zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:9:MBEDTLS_PADDING_ONE_AND_ZEROS CAMELLIA Encrypt and decrypt 15 bytes with one and zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:15:MBEDTLS_PADDING_ONE_AND_ZEROS CAMELLIA Encrypt and decrypt 16 bytes with one and zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:16:MBEDTLS_PADDING_ONE_AND_ZEROS CAMELLIA Encrypt and decrypt 17 bytes with one and zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:17:MBEDTLS_PADDING_ONE_AND_ZEROS CAMELLIA Encrypt and decrypt 31 bytes with one and zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:31:MBEDTLS_PADDING_ONE_AND_ZEROS CAMELLIA Encrypt and decrypt 32 bytes with one and zeros padding [#1] -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:32:MBEDTLS_PADDING_ONE_AND_ZEROS CAMELLIA Encrypt and decrypt 32 bytes with one and zeros padding [#2] -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:33:MBEDTLS_PADDING_ONE_AND_ZEROS CAMELLIA Encrypt and decrypt 47 bytes with one and zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:47:MBEDTLS_PADDING_ONE_AND_ZEROS CAMELLIA Encrypt and decrypt 48 bytes with one and zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:48:MBEDTLS_PADDING_ONE_AND_ZEROS CAMELLIA Encrypt and decrypt 49 bytes with one and zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:49:MBEDTLS_PADDING_ONE_AND_ZEROS CAMELLIA Encrypt and decrypt 0 bytes with zeros and len padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:0:MBEDTLS_PADDING_ZEROS_AND_LEN CAMELLIA Encrypt and decrypt 1 byte with zeros and len padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:1:MBEDTLS_PADDING_ZEROS_AND_LEN CAMELLIA Encrypt and decrypt 2 bytes with zeros and len padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:2:MBEDTLS_PADDING_ZEROS_AND_LEN CAMELLIA Encrypt and decrypt 7 bytes with zeros and len padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:7:MBEDTLS_PADDING_ZEROS_AND_LEN CAMELLIA Encrypt and decrypt 8 bytes with zeros and len padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:8:MBEDTLS_PADDING_ZEROS_AND_LEN CAMELLIA Encrypt and decrypt 9 bytes with zeros and len padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:9:MBEDTLS_PADDING_ZEROS_AND_LEN CAMELLIA Encrypt and decrypt 15 bytes with zeros and len padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:15:MBEDTLS_PADDING_ZEROS_AND_LEN CAMELLIA Encrypt and decrypt 16 bytes with zeros and len padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:16:MBEDTLS_PADDING_ZEROS_AND_LEN CAMELLIA Encrypt and decrypt 17 bytes with zeros and len padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:17:MBEDTLS_PADDING_ZEROS_AND_LEN CAMELLIA Encrypt and decrypt 31 bytes with zeros and len padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:31:MBEDTLS_PADDING_ZEROS_AND_LEN CAMELLIA Encrypt and decrypt 32 bytes with zeros and len padding [#1] -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:32:MBEDTLS_PADDING_ZEROS_AND_LEN CAMELLIA Encrypt and decrypt 32 bytes with zeros and len padding [#2] -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:33:MBEDTLS_PADDING_ZEROS_AND_LEN CAMELLIA Encrypt and decrypt 47 bytes with zeros and len padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:47:MBEDTLS_PADDING_ZEROS_AND_LEN CAMELLIA Encrypt and decrypt 48 bytes with zeros and len padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:48:MBEDTLS_PADDING_ZEROS_AND_LEN CAMELLIA Encrypt and decrypt 49 bytes with zeros and len padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:49:MBEDTLS_PADDING_ZEROS_AND_LEN CAMELLIA Encrypt and decrypt 0 bytes with zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:0:MBEDTLS_PADDING_ZEROS CAMELLIA Encrypt and decrypt 1 byte with zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:1:MBEDTLS_PADDING_ZEROS CAMELLIA Encrypt and decrypt 2 bytes with zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:2:MBEDTLS_PADDING_ZEROS CAMELLIA Encrypt and decrypt 7 bytes with zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:7:MBEDTLS_PADDING_ZEROS CAMELLIA Encrypt and decrypt 8 bytes with zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:8:MBEDTLS_PADDING_ZEROS CAMELLIA Encrypt and decrypt 9 bytes with zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:9:MBEDTLS_PADDING_ZEROS CAMELLIA Encrypt and decrypt 15 bytes with zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:15:MBEDTLS_PADDING_ZEROS CAMELLIA Encrypt and decrypt 16 bytes with zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:16:MBEDTLS_PADDING_ZEROS CAMELLIA Encrypt and decrypt 17 bytes with zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:17:MBEDTLS_PADDING_ZEROS CAMELLIA Encrypt and decrypt 31 bytes with zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:31:MBEDTLS_PADDING_ZEROS CAMELLIA Encrypt and decrypt 32 bytes with zeros padding [#1] -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:32:MBEDTLS_PADDING_ZEROS CAMELLIA Encrypt and decrypt 32 bytes with zeros padding [#2] -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:33:MBEDTLS_PADDING_ZEROS CAMELLIA Encrypt and decrypt 47 bytes with zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:47:MBEDTLS_PADDING_ZEROS CAMELLIA Encrypt and decrypt 48 bytes with zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:48:MBEDTLS_PADDING_ZEROS CAMELLIA Encrypt and decrypt 49 bytes with zeros padding -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:49:MBEDTLS_PADDING_ZEROS CAMELLIA Encrypt and decrypt 0 bytes with no padding diff --git a/tests/suites/test_suite_cipher.des.data b/tests/suites/test_suite_cipher.des.data index 9410262e68..77f7515b94 100644 --- a/tests/suites/test_suite_cipher.des.data +++ b/tests/suites/test_suite_cipher.des.data @@ -71,243 +71,243 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:49:-1 DES Encrypt and decrypt 0 bytes with one and zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:0:MBEDTLS_PADDING_ONE_AND_ZEROS DES Encrypt and decrypt 1 byte with one and zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:1:MBEDTLS_PADDING_ONE_AND_ZEROS DES Encrypt and decrypt 2 bytes with one and zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:2:MBEDTLS_PADDING_ONE_AND_ZEROS DES Encrypt and decrypt 7 bytes with one and zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:7:MBEDTLS_PADDING_ONE_AND_ZEROS DES Encrypt and decrypt 8 bytes with one and zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:8:MBEDTLS_PADDING_ONE_AND_ZEROS DES Encrypt and decrypt 9 bytes with one and zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:9:MBEDTLS_PADDING_ONE_AND_ZEROS DES Encrypt and decrypt 15 bytes with one and zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:15:MBEDTLS_PADDING_ONE_AND_ZEROS DES Encrypt and decrypt 16 bytes with one and zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:16:MBEDTLS_PADDING_ONE_AND_ZEROS DES Encrypt and decrypt 17 bytes with one and zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:17:MBEDTLS_PADDING_ONE_AND_ZEROS DES Encrypt and decrypt 31 bytes with one and zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:31:MBEDTLS_PADDING_ONE_AND_ZEROS DES Encrypt and decrypt 32 bytes with one and zeros padding [#1] -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:32:MBEDTLS_PADDING_ONE_AND_ZEROS DES Encrypt and decrypt 32 bytes with one and zeros padding [#2] -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:33:MBEDTLS_PADDING_ONE_AND_ZEROS DES Encrypt and decrypt 47 bytes with one and zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:47:MBEDTLS_PADDING_ONE_AND_ZEROS DES Encrypt and decrypt 48 bytes with one and zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:48:MBEDTLS_PADDING_ONE_AND_ZEROS DES Encrypt and decrypt 49 bytes with one and zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:49:MBEDTLS_PADDING_ONE_AND_ZEROS DES Encrypt and decrypt 0 bytes with zeros and len padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:0:MBEDTLS_PADDING_ZEROS_AND_LEN DES Encrypt and decrypt 1 byte with zeros and len padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:1:MBEDTLS_PADDING_ZEROS_AND_LEN DES Encrypt and decrypt 2 bytes with zeros and len padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:2:MBEDTLS_PADDING_ZEROS_AND_LEN DES Encrypt and decrypt 7 bytes with zeros and len padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:7:MBEDTLS_PADDING_ZEROS_AND_LEN DES Encrypt and decrypt 8 bytes with zeros and len padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:8:MBEDTLS_PADDING_ZEROS_AND_LEN DES Encrypt and decrypt 9 bytes with zeros and len padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:9:MBEDTLS_PADDING_ZEROS_AND_LEN DES Encrypt and decrypt 15 bytes with zeros and len padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:15:MBEDTLS_PADDING_ZEROS_AND_LEN DES Encrypt and decrypt 16 bytes with zeros and len padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:16:MBEDTLS_PADDING_ZEROS_AND_LEN DES Encrypt and decrypt 17 bytes with zeros and len padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:17:MBEDTLS_PADDING_ZEROS_AND_LEN DES Encrypt and decrypt 31 bytes with zeros and len padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:31:MBEDTLS_PADDING_ZEROS_AND_LEN DES Encrypt and decrypt 32 bytes with zeros and len padding [#1] -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:32:MBEDTLS_PADDING_ZEROS_AND_LEN DES Encrypt and decrypt 32 bytes with zeros and len padding [#2] -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:33:MBEDTLS_PADDING_ZEROS_AND_LEN DES Encrypt and decrypt 47 bytes with zeros and len padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:47:MBEDTLS_PADDING_ZEROS_AND_LEN DES Encrypt and decrypt 48 bytes with zeros and len padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:48:MBEDTLS_PADDING_ZEROS_AND_LEN DES Encrypt and decrypt 49 bytes with zeros and len padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:49:MBEDTLS_PADDING_ZEROS_AND_LEN DES Encrypt and decrypt 0 bytes with zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:0:MBEDTLS_PADDING_ZEROS DES Encrypt and decrypt 1 byte with zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:1:MBEDTLS_PADDING_ZEROS DES Encrypt and decrypt 2 bytes with zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:2:MBEDTLS_PADDING_ZEROS DES Encrypt and decrypt 7 bytes with zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:7:MBEDTLS_PADDING_ZEROS DES Encrypt and decrypt 8 bytes with zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:8:MBEDTLS_PADDING_ZEROS DES Encrypt and decrypt 9 bytes with zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:9:MBEDTLS_PADDING_ZEROS DES Encrypt and decrypt 15 bytes with zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:15:MBEDTLS_PADDING_ZEROS DES Encrypt and decrypt 16 bytes with zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:16:MBEDTLS_PADDING_ZEROS DES Encrypt and decrypt 17 bytes with zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:17:MBEDTLS_PADDING_ZEROS DES Encrypt and decrypt 31 bytes with zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:31:MBEDTLS_PADDING_ZEROS DES Encrypt and decrypt 32 bytes with zeros padding [#1] -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:32:MBEDTLS_PADDING_ZEROS DES Encrypt and decrypt 32 bytes with zeros padding [#2] -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:33:MBEDTLS_PADDING_ZEROS DES Encrypt and decrypt 47 bytes with zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:47:MBEDTLS_PADDING_ZEROS DES Encrypt and decrypt 48 bytes with zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:48:MBEDTLS_PADDING_ZEROS DES Encrypt and decrypt 49 bytes with zeros padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_ZEROS enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:49:MBEDTLS_PADDING_ZEROS DES Encrypt and decrypt 0 bytes with no padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:0:MBEDTLS_PADDING_NONE DES Encrypt and decrypt 8 bytes with no padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:8:MBEDTLS_PADDING_NONE DES Encrypt and decrypt 16 bytes with no padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:16:MBEDTLS_PADDING_NONE DES Encrypt and decrypt 32 bytes with no padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:32:MBEDTLS_PADDING_NONE DES Encrypt and decrypt 48 bytes with no padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:48:MBEDTLS_PADDING_NONE DES Try encrypting 1 bytes with no padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:1:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED DES Try encrypting 2 bytes with no padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:2:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED DES Try encrypting 7 bytes with no padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:7:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED DES Try encrypting 9 bytes with no padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:9:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED DES Try encrypting 15 bytes with no padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:15:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED DES Try encrypting 17 bytes with no padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:17:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED DES Try encrypting 31 bytes with no padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:31:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED DES Try encrypting 33 bytes with no padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:33:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED DES Try encrypting 47 bytes with no padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:47:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED DES Try encrypting 49 bytes with no padding -depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC enc_fail:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_NONE:64:49:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED DES Encrypt and decrypt 0 bytes in multiple parts diff --git a/tests/suites/test_suite_cmac.data b/tests/suites/test_suite_cmac.data index 5956a69811..3ca5e542d0 100644 --- a/tests/suites/test_suite_cmac.data +++ b/tests/suites/test_suite_cmac.data @@ -2,6 +2,7 @@ CMAC self test mbedtls_cmac_self_test: CMAC null arguments +depends_on:MBEDTLS_AES_C mbedtls_cmac_null_args: CMAC init #1 AES-128: OK @@ -16,7 +17,7 @@ CMAC init #3 AES-256: OK depends_on:MBEDTLS_AES_C mbedtls_cmac_setkey:MBEDTLS_CIPHER_AES_256_ECB:256:0 -CMAC init #4 3DES : OK +CMAC init #4 3DES: OK depends_on:MBEDTLS_DES_C mbedtls_cmac_setkey:MBEDTLS_CIPHER_DES_EDE3_ECB:192:0 @@ -33,32 +34,42 @@ depends_on:MBEDTLS_CAMELLIA_C mbedtls_cmac_setkey:MBEDTLS_CIPHER_CAMELLIA_192_ECB:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA CMAC Single Blocks #1 - Empty block, no updates +depends_on:MBEDTLS_AES_C mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"":-1:"":-1:"":-1:"":-1:"bb1d6929e95937287fa37d129b756746" CMAC Single Blocks #2 - Single 16 byte block +depends_on:MBEDTLS_AES_C mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96e93d7e117393172a":16:"":-1:"":-1:"":-1:"070a16b46b4d4144f79bdd9dd04a287c" CMAC Single Blocks #3 - Single 64 byte block +depends_on:MBEDTLS_AES_C mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":64:"":-1:"":-1:"":-1:"51f0bebf7e3b9d92fc49741779363cfe" CMAC Multiple Blocks #1 - Multiple 8 byte blocks +depends_on:MBEDTLS_AES_C mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96":8:"e93d7e117393172a":8:"":-1:"":-1:"070a16b46b4d4144f79bdd9dd04a287c" CMAC Multiple Blocks #2 - Multiple 16 byte blocks +depends_on:MBEDTLS_AES_C mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96e93d7e117393172a":16:"ae2d8a571e03ac9c9eb76fac45af8e51":16:"30c81c46a35ce411e5fbc1191a0a52ef":16:"f69f2445df4f9b17ad2b417be66c3710":16:"51f0bebf7e3b9d92fc49741779363cfe" CMAC Multiple Blocks #3 - Multiple variable sized blocks +depends_on:MBEDTLS_AES_C mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"6bc1bee22e409f96":8:"e93d7e117393172aae2d8a571e03ac9c":16:"9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52ef":24:"f69f2445df4f9b17ad2b417be66c3710":16:"51f0bebf7e3b9d92fc49741779363cfe" CMAC Multiple Blocks #4 - Multiple 8 byte blocks with gaps +depends_on:MBEDTLS_AES_C mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"":0:"6bc1bee22e409f96":8:"":0:"e93d7e117393172a":8:"070a16b46b4d4144f79bdd9dd04a287c" CMAC Multiple Operations, same key #1 - Empty, empty +depends_on:MBEDTLS_AES_C mbedtls_cmac_multiple_operations_same_key:MBEDTLS_CIPHER_AES_192_ECB:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":192:16:"":-1:"":-1:"":-1:"d17ddf46adaacde531cac483de7a9367":"":-1:"":-1:"":-1:"d17ddf46adaacde531cac483de7a9367" CMAC Multiple Operations, same key #2 - Empty, 64 byte block +depends_on:MBEDTLS_AES_C mbedtls_cmac_multiple_operations_same_key:MBEDTLS_CIPHER_AES_192_ECB:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":192:16:"":-1:"":-1:"":-1:"d17ddf46adaacde531cac483de7a9367":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":64:"":-1:"":-1:"a1d5df0eed790f794d77589659f39a11" CMAC Multiple Operations, same key #3 - variable byte blocks +depends_on:MBEDTLS_AES_C mbedtls_cmac_multiple_operations_same_key:MBEDTLS_CIPHER_AES_192_ECB:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":192:16:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51":32:"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":32:"":-1:"a1d5df0eed790f794d77589659f39a11":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51":32:"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":32:"":-1:"a1d5df0eed790f794d77589659f39a11" diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index cabf1070c1..c3d7da43d8 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -77,7 +77,7 @@ void mbedtls_cmac_null_args( ) test_data, 16, NULL ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - +#if defined(MBEDTLS_AES_C) TEST_ASSERT( mbedtls_aes_cmac_prf_128( NULL, 16, test_data, 16, test_output ) == @@ -92,7 +92,7 @@ void mbedtls_cmac_null_args( ) test_data, 16, NULL ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - +#endif exit: mbedtls_cipher_free( &ctx ); } diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 9b7b0ee14c..afe862d6e3 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -276,7 +276,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ +/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */ void gcm_selftest( ) { TEST_ASSERT( mbedtls_gcm_self_test( 1 ) == 0 ); diff --git a/tests/suites/test_suite_mpi.generated.data b/tests/suites/test_suite_mpi.generated.data deleted file mode 100644 index 947d06f7fb..0000000000 --- a/tests/suites/test_suite_mpi.generated.data +++ /dev/null @@ -1,381 +0,0 @@ -# Automatically generated by generate_bignum_tests.py. Do not edit! - -MPI add #1 0 (null) + 0 (null) -mbedtls_mpi_add_mpi:"":"":"0" - -MPI add #2 0 (null) + 0 (1 limb) -mbedtls_mpi_add_mpi:"":"0":"0" - -MPI add #3 0 (null) + positive -mbedtls_mpi_add_mpi:"":"7b":"7b" - -MPI add #4 0 (null) + negative -mbedtls_mpi_add_mpi:"":"-7b":"-7b" - -MPI add #5 0 (null) + positive with leading zero limb -mbedtls_mpi_add_mpi:"":"0000000000000000123":"123" - -MPI add #6 0 (null) + negative with leading zero limb -mbedtls_mpi_add_mpi:"":"-0000000000000000123":"-123" - -MPI add #7 0 (null) + large positive -mbedtls_mpi_add_mpi:"":"1230000000000000000":"1230000000000000000" - -MPI add #8 0 (null) + large negative -mbedtls_mpi_add_mpi:"":"-1230000000000000000":"-1230000000000000000" - -MPI add #9 0 (1 limb) + 0 (1 limb) -mbedtls_mpi_add_mpi:"0":"0":"0" - -MPI add #10 0 (1 limb) + positive -mbedtls_mpi_add_mpi:"0":"7b":"7b" - -MPI add #11 0 (1 limb) + negative -mbedtls_mpi_add_mpi:"0":"-7b":"-7b" - -MPI add #12 0 (1 limb) + positive with leading zero limb -mbedtls_mpi_add_mpi:"0":"0000000000000000123":"123" - -MPI add #13 0 (1 limb) + negative with leading zero limb -mbedtls_mpi_add_mpi:"0":"-0000000000000000123":"-123" - -MPI add #14 0 (1 limb) + large positive -mbedtls_mpi_add_mpi:"0":"1230000000000000000":"1230000000000000000" - -MPI add #15 0 (1 limb) + large negative -mbedtls_mpi_add_mpi:"0":"-1230000000000000000":"-1230000000000000000" - -MPI add #16 positive + positive -mbedtls_mpi_add_mpi:"7b":"7b":"f6" - -MPI add #17 positive + negative -mbedtls_mpi_add_mpi:"7b":"-7b":"0" - -MPI add #18 positive + positive with leading zero limb -mbedtls_mpi_add_mpi:"7b":"0000000000000000123":"19e" - -MPI add #19 positive + negative with leading zero limb -mbedtls_mpi_add_mpi:"7b":"-0000000000000000123":"-a8" - -MPI add #20 positive + large positive -mbedtls_mpi_add_mpi:"7b":"1230000000000000000":"123000000000000007b" - -MPI add #21 positive + large negative -mbedtls_mpi_add_mpi:"7b":"-1230000000000000000":"-122ffffffffffffff85" - -MPI add #22 negative + negative -mbedtls_mpi_add_mpi:"-7b":"-7b":"-f6" - -MPI add #23 negative + positive with leading zero limb -mbedtls_mpi_add_mpi:"-7b":"0000000000000000123":"a8" - -MPI add #24 negative + negative with leading zero limb -mbedtls_mpi_add_mpi:"-7b":"-0000000000000000123":"-19e" - -MPI add #25 negative + large positive -mbedtls_mpi_add_mpi:"-7b":"1230000000000000000":"122ffffffffffffff85" - -MPI add #26 negative + large negative -mbedtls_mpi_add_mpi:"-7b":"-1230000000000000000":"-123000000000000007b" - -MPI add #27 positive with leading zero limb + positive with leading zero limb -mbedtls_mpi_add_mpi:"0000000000000000123":"0000000000000000123":"246" - -MPI add #28 positive with leading zero limb + negative with leading zero limb -mbedtls_mpi_add_mpi:"0000000000000000123":"-0000000000000000123":"0" - -MPI add #29 positive with leading zero limb + large positive -mbedtls_mpi_add_mpi:"0000000000000000123":"1230000000000000000":"1230000000000000123" - -MPI add #30 positive with leading zero limb + large negative -mbedtls_mpi_add_mpi:"0000000000000000123":"-1230000000000000000":"-122fffffffffffffedd" - -MPI add #31 negative with leading zero limb + negative with leading zero limb -mbedtls_mpi_add_mpi:"-0000000000000000123":"-0000000000000000123":"-246" - -MPI add #32 negative with leading zero limb + large positive -mbedtls_mpi_add_mpi:"-0000000000000000123":"1230000000000000000":"122fffffffffffffedd" - -MPI add #33 negative with leading zero limb + large negative -mbedtls_mpi_add_mpi:"-0000000000000000123":"-1230000000000000000":"-1230000000000000123" - -MPI add #34 large positive + large positive -mbedtls_mpi_add_mpi:"1230000000000000000":"1230000000000000000":"2460000000000000000" - -MPI add #35 large positive + large negative -mbedtls_mpi_add_mpi:"1230000000000000000":"-1230000000000000000":"0" - -MPI add #36 large negative + large negative -mbedtls_mpi_add_mpi:"-1230000000000000000":"-1230000000000000000":"-2460000000000000000" - -MPI add #37 large positive + large positive -mbedtls_mpi_add_mpi:"1c67967269c6":"1c67967269c6":"38cf2ce4d38c" - -MPI add #38 large positive + positive -mbedtls_mpi_add_mpi:"1c67967269c6":"9cde3":"1c67967c37a9" - -MPI add #39 large positive + large negative -mbedtls_mpi_add_mpi:"1c67967269c6":"-1c67967269c6":"0" - -MPI add #40 large positive + negative -mbedtls_mpi_add_mpi:"1c67967269c6":"-9cde3":"1c6796689be3" - -MPI add #41 positive + positive -mbedtls_mpi_add_mpi:"9cde3":"9cde3":"139bc6" - -MPI add #42 positive + large negative -mbedtls_mpi_add_mpi:"9cde3":"-1c67967269c6":"-1c6796689be3" - -MPI add #43 positive + negative -mbedtls_mpi_add_mpi:"9cde3":"-9cde3":"0" - -MPI add #44 large negative + large negative -mbedtls_mpi_add_mpi:"-1c67967269c6":"-1c67967269c6":"-38cf2ce4d38c" - -MPI add #45 large negative + negative -mbedtls_mpi_add_mpi:"-1c67967269c6":"-9cde3":"-1c67967c37a9" - -MPI add #46 negative + negative -mbedtls_mpi_add_mpi:"-9cde3":"-9cde3":"-139bc6" - -MPI compare #1 0 (null) == 0 (null) -mbedtls_mpi_cmp_mpi:"":"":0 - -MPI compare #2 0 (null) == 0 (1 limb) -mbedtls_mpi_cmp_mpi:"":"0":0 - -MPI compare #3 0 (null) < positive -mbedtls_mpi_cmp_mpi:"":"7b":-1 - -MPI compare #4 0 (null) > negative -mbedtls_mpi_cmp_mpi:"":"-7b":1 - -MPI compare #5 0 (null) < positive with leading zero limb -mbedtls_mpi_cmp_mpi:"":"0000000000000000123":-1 - -MPI compare #6 0 (null) > negative with leading zero limb -mbedtls_mpi_cmp_mpi:"":"-0000000000000000123":1 - -MPI compare #7 0 (null) < large positive -mbedtls_mpi_cmp_mpi:"":"1230000000000000000":-1 - -MPI compare #8 0 (null) > large negative -mbedtls_mpi_cmp_mpi:"":"-1230000000000000000":1 - -MPI compare #9 0 (1 limb) == 0 (1 limb) -mbedtls_mpi_cmp_mpi:"0":"0":0 - -MPI compare #10 0 (1 limb) < positive -mbedtls_mpi_cmp_mpi:"0":"7b":-1 - -MPI compare #11 0 (1 limb) > negative -mbedtls_mpi_cmp_mpi:"0":"-7b":1 - -MPI compare #12 0 (1 limb) < positive with leading zero limb -mbedtls_mpi_cmp_mpi:"0":"0000000000000000123":-1 - -MPI compare #13 0 (1 limb) > negative with leading zero limb -mbedtls_mpi_cmp_mpi:"0":"-0000000000000000123":1 - -MPI compare #14 0 (1 limb) < large positive -mbedtls_mpi_cmp_mpi:"0":"1230000000000000000":-1 - -MPI compare #15 0 (1 limb) > large negative -mbedtls_mpi_cmp_mpi:"0":"-1230000000000000000":1 - -MPI compare #16 positive == positive -mbedtls_mpi_cmp_mpi:"7b":"7b":0 - -MPI compare #17 positive > negative -mbedtls_mpi_cmp_mpi:"7b":"-7b":1 - -MPI compare #18 positive < positive with leading zero limb -mbedtls_mpi_cmp_mpi:"7b":"0000000000000000123":-1 - -MPI compare #19 positive > negative with leading zero limb -mbedtls_mpi_cmp_mpi:"7b":"-0000000000000000123":1 - -MPI compare #20 positive < large positive -mbedtls_mpi_cmp_mpi:"7b":"1230000000000000000":-1 - -MPI compare #21 positive > large negative -mbedtls_mpi_cmp_mpi:"7b":"-1230000000000000000":1 - -MPI compare #22 negative == negative -mbedtls_mpi_cmp_mpi:"-7b":"-7b":0 - -MPI compare #23 negative < positive with leading zero limb -mbedtls_mpi_cmp_mpi:"-7b":"0000000000000000123":-1 - -MPI compare #24 negative > negative with leading zero limb -mbedtls_mpi_cmp_mpi:"-7b":"-0000000000000000123":1 - -MPI compare #25 negative < large positive -mbedtls_mpi_cmp_mpi:"-7b":"1230000000000000000":-1 - -MPI compare #26 negative > large negative -mbedtls_mpi_cmp_mpi:"-7b":"-1230000000000000000":1 - -MPI compare #27 positive with leading zero limb == positive with leading zero limb -mbedtls_mpi_cmp_mpi:"0000000000000000123":"0000000000000000123":0 - -MPI compare #28 positive with leading zero limb > negative with leading zero limb -mbedtls_mpi_cmp_mpi:"0000000000000000123":"-0000000000000000123":1 - -MPI compare #29 positive with leading zero limb < large positive -mbedtls_mpi_cmp_mpi:"0000000000000000123":"1230000000000000000":-1 - -MPI compare #30 positive with leading zero limb > large negative -mbedtls_mpi_cmp_mpi:"0000000000000000123":"-1230000000000000000":1 - -MPI compare #31 negative with leading zero limb == negative with leading zero limb -mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-0000000000000000123":0 - -MPI compare #32 negative with leading zero limb < large positive -mbedtls_mpi_cmp_mpi:"-0000000000000000123":"1230000000000000000":-1 - -MPI compare #33 negative with leading zero limb > large negative -mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-1230000000000000000":1 - -MPI compare #34 large positive == large positive -mbedtls_mpi_cmp_mpi:"1230000000000000000":"1230000000000000000":0 - -MPI compare #35 large positive > large negative -mbedtls_mpi_cmp_mpi:"1230000000000000000":"-1230000000000000000":1 - -MPI compare #36 large negative == large negative -mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-1230000000000000000":0 - -MPI compare #37 negative > negative -mbedtls_mpi_cmp_mpi:"-2":"-3":1 - -MPI compare #38 negative == negative -mbedtls_mpi_cmp_mpi:"-2":"-2":0 - -MPI compare #39 positive < positive -mbedtls_mpi_cmp_mpi:"2b4":"2b5":-1 - -MPI compare #40 positive < positive -mbedtls_mpi_cmp_mpi:"2b5":"2b6":-1 - -MPI compare (abs) #1 0 (null) == 0 (null) -mbedtls_mpi_cmp_abs:"":"":0 - -MPI compare (abs) #2 0 (null) == 0 (1 limb) -mbedtls_mpi_cmp_abs:"":"0":0 - -MPI compare (abs) #3 0 (null) < positive -mbedtls_mpi_cmp_abs:"":"7b":-1 - -MPI compare (abs) #4 0 (null) < positive -mbedtls_mpi_cmp_abs:"":"7b":-1 - -MPI compare (abs) #5 0 (null) < positive with leading zero limb -mbedtls_mpi_cmp_abs:"":"0000000000000000123":-1 - -MPI compare (abs) #6 0 (null) < positive with leading zero limb -mbedtls_mpi_cmp_abs:"":"0000000000000000123":-1 - -MPI compare (abs) #7 0 (null) < large positive -mbedtls_mpi_cmp_abs:"":"1230000000000000000":-1 - -MPI compare (abs) #8 0 (null) < large positive -mbedtls_mpi_cmp_abs:"":"1230000000000000000":-1 - -MPI compare (abs) #9 0 (1 limb) == 0 (1 limb) -mbedtls_mpi_cmp_abs:"0":"0":0 - -MPI compare (abs) #10 0 (1 limb) < positive -mbedtls_mpi_cmp_abs:"0":"7b":-1 - -MPI compare (abs) #11 0 (1 limb) < positive -mbedtls_mpi_cmp_abs:"0":"7b":-1 - -MPI compare (abs) #12 0 (1 limb) < positive with leading zero limb -mbedtls_mpi_cmp_abs:"0":"0000000000000000123":-1 - -MPI compare (abs) #13 0 (1 limb) < positive with leading zero limb -mbedtls_mpi_cmp_abs:"0":"0000000000000000123":-1 - -MPI compare (abs) #14 0 (1 limb) < large positive -mbedtls_mpi_cmp_abs:"0":"1230000000000000000":-1 - -MPI compare (abs) #15 0 (1 limb) < large positive -mbedtls_mpi_cmp_abs:"0":"1230000000000000000":-1 - -MPI compare (abs) #16 positive == positive -mbedtls_mpi_cmp_abs:"7b":"7b":0 - -MPI compare (abs) #17 positive == positive -mbedtls_mpi_cmp_abs:"7b":"7b":0 - -MPI compare (abs) #18 positive < positive with leading zero limb -mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1 - -MPI compare (abs) #19 positive < positive with leading zero limb -mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1 - -MPI compare (abs) #20 positive < large positive -mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1 - -MPI compare (abs) #21 positive < large positive -mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1 - -MPI compare (abs) #22 positive == positive -mbedtls_mpi_cmp_abs:"7b":"7b":0 - -MPI compare (abs) #23 positive < positive with leading zero limb -mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1 - -MPI compare (abs) #24 positive < positive with leading zero limb -mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1 - -MPI compare (abs) #25 positive < large positive -mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1 - -MPI compare (abs) #26 positive < large positive -mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1 - -MPI compare (abs) #27 positive with leading zero limb == positive with leading zero limb -mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0 - -MPI compare (abs) #28 positive with leading zero limb == positive with leading zero limb -mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0 - -MPI compare (abs) #29 positive with leading zero limb < large positive -mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1 - -MPI compare (abs) #30 positive with leading zero limb < large positive -mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1 - -MPI compare (abs) #31 positive with leading zero limb == positive with leading zero limb -mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0 - -MPI compare (abs) #32 positive with leading zero limb < large positive -mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1 - -MPI compare (abs) #33 positive with leading zero limb < large positive -mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1 - -MPI compare (abs) #34 large positive == large positive -mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0 - -MPI compare (abs) #35 large positive == large positive -mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0 - -MPI compare (abs) #36 large positive == large positive -mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0 - -MPI compare (abs) #37 positive < positive -mbedtls_mpi_cmp_abs:"2":"3":-1 - -MPI compare (abs) #38 positive == positive -mbedtls_mpi_cmp_abs:"2":"2":0 - -MPI compare (abs) #39 positive < positive -mbedtls_mpi_cmp_abs:"2b4":"2b5":-1 - -MPI compare (abs) #40 positive < positive -mbedtls_mpi_cmp_abs:"2b5":"2b6":-1 - -# End of automatically generated file. diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 77546c586b..37484d8ee3 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -23,6 +23,7 @@ PEM read (DES-CBC + invalid iv) mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV PEM read (unknown encryption algorithm) +depends_on:MBEDTLS_AES_C mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":"pwd":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG PEM read (malformed PEM DES-CBC) diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index e51a7d2681..bd251f79f4 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -203,11 +203,11 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301306082A864886F70D030704078A4FCC9DCC3949":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:"" PBES2 Decrypt (bad password) -depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"F0617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" PBES2 Decrypt (bad iter value) -depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020801301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606" PKCS#5 Selftest diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f9e909372a..0f4e313335 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4,6 +4,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/asn1write.h" #include "mbedtls/oid.h" +#include "common.h" /* For MBEDTLS_CTR_DRBG_MAX_REQUEST, knowing that psa_generate_random() * uses mbedtls_ctr_drbg internally. */ @@ -2658,7 +2659,7 @@ void cipher_alg_without_iv( int alg_arg, int key_type_arg, data_t *key_data, TEST_LE_U( length, output_buffer_size ); output_length += length; PSA_ASSERT( psa_cipher_finish( &operation, - output + output_length, + mbedtls_buffer_offset( output, output_length ), output_buffer_size - output_length, &length ) ); output_length += length; @@ -2676,7 +2677,7 @@ void cipher_alg_without_iv( int alg_arg, int key_type_arg, data_t *key_data, TEST_LE_U( length, output_buffer_size ); output_length += length; PSA_ASSERT( psa_cipher_finish( &operation, - output + output_length, + mbedtls_buffer_offset( output, output_length ), output_buffer_size - output_length, &length ) ); output_length += length; diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 79d658fd0a..c96b988456 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -664,8 +664,10 @@ static int smoke_test_key( mbedtls_svc_key_id_t key ) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_mac_operation_t mac_operation = PSA_MAC_OPERATION_INIT; psa_cipher_operation_t cipher_operation = PSA_CIPHER_OPERATION_INIT; +#if defined(MBEDTLS_SHA256_C) psa_key_derivation_operation_t derivation_operation = PSA_KEY_DERIVATION_OPERATION_INIT; +#endif uint8_t buffer[80]; /* large enough for a public key for ECDH */ size_t length; mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT; diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 0e97e6fed9..9b1c712a3c 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -104,42 +104,55 @@ Test moving clients handshake to state: SERVER_CERTIFICATE move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1 Test moving clients handshake to state: SERVER_KEY_EXCHANGE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 Test moving clients handshake to state: CERTIFICATE_REQUEST +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 Test moving clients handshake to state: SERVER_HELLO_DONE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_DONE:1 Test moving clients handshake to state: CLIENT_CERTIFICATE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 Test moving clients handshake to state: CLIENT_KEY_EXCHANGE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 Test moving clients handshake to state: CERTIFICATE_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 Test moving clients handshake to state: CLIENT_CHANGE_CIPHER_SPEC +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 Test moving clients handshake to state: CLIENT_FINISHED +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1 Test moving clients handshake to state: SERVER_CHANGE_CIPHER_SPEC +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 Test moving clients handshake to state: SERVER_FINISHED +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1 Test moving clients handshake to state: FLUSH_BUFFERS +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1 Test moving clients handshake to state: HANDSHAKE_WRAPUP +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 Test moving clients handshake to state: HANDSHAKE_OVER +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_OVER:1 Test moving servers handshake to state: HELLO_REQUEST @@ -155,42 +168,55 @@ Test moving servers handshake to state: SERVER_CERTIFICATE move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1 Test moving servers handshake to state: SERVER_KEY_EXCHANGE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1 Test moving servers handshake to state: CERTIFICATE_REQUEST +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 Test moving servers handshake to state: SERVER_HELLO_DONE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO_DONE:1 Test moving servers handshake to state: CLIENT_CERTIFICATE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 Test moving servers handshake to state: CLIENT_KEY_EXCHANGE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1 Test moving servers handshake to state: CERTIFICATE_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 Test moving servers handshake to state: CLIENT_CHANGE_CIPHER_SPEC +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1 Test moving servers handshake to state: CLIENT_FINISHED +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1 Test moving servers handshake to state: SERVER_CHANGE_CIPHER_SPEC +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1 Test moving servers handshake to state: SERVER_FINISHED +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1 Test moving servers handshake to state: FLUSH_BUFFERS +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:1 Test moving servers handshake to state: HANDSHAKE_WRAPUP +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 Test moving servers handshake to state: HANDSHAKE_OVER +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_OVER:1 Negative test moving clients ssl to state: VERIFY_REQUEST_SENT @@ -200,7 +226,7 @@ Negative test moving servers ssl to state: NEW_SESSION_TICKET move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0 Handshake, SSL3 -depends_on:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0 Handshake, tls1 @@ -220,23 +246,23 @@ depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_ handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0 Handshake, RSA-WITH-AES-128-CCM -depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:0 Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0 Handshake, ECDHE-ECDSA-WITH-AES-256-CCM -depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0 Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0 Handshake, PSK-WITH-AES-128-CBC-SHA -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0 DTLS Handshake, tls1_1 @@ -252,23 +278,23 @@ depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_ handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1 DTLS Handshake, RSA-WITH-AES-128-CCM -depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS +depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:1 DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1 DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM -depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1 DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS +depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1 DTLS Handshake, PSK-WITH-AES-128-CBC-SHA -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SHA1_C +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SHA1_C:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1 DTLS Handshake with serialization, tls1_2 @@ -282,7 +308,7 @@ DTLS Handshake fragmentation, MFL=1024 handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1 Handshake min/max version check, all -> 1.2 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CIPHER_MODE_CBC handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_3 Handshake min/max version check, cli max 1.1 -> 1.1 @@ -3830,358 +3856,6 @@ Record crypt, CAMELLIA-256-CBC, SSL3, MD5, short tag, EtM depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0 -Record crypt, BLOWFISH-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, SSL3, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0 - -Record crypt, BLOWFISH-CBC, SSL3, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0 - -Record crypt, BLOWFISH-CBC, SSL3, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0 - -Record crypt, BLOWFISH-CBC, SSL3, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0 - -Record crypt, BLOWFISH-CBC, SSL3, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0 - -Record crypt, BLOWFISH-CBC, SSL3, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0 - -Record crypt, BLOWFISH-CBC, SSL3, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0 - -Record crypt, BLOWFISH-CBC, SSL3, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0 - Record crypt, AES-128-GCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -8262,358 +7936,6 @@ Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5, short tag, EtM depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0 -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0 - -Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0 - -Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0 - -Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0 - -Record crypt, little space, BLOWFISH-CBC, SSL3, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0 - -Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0:0:0 - -Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0 - -Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0:0:0 - Record crypt, little space, AES-128-GCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -10401,83 +9723,97 @@ ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:255 SSL TLS 1.3 Key schedule: Secret evolution #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Initial secret to Early Secret -depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_SHA256_C ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"":"":"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a" SSL TLS 1.3 Key schedule: Secret evolution #2 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Early secret to Handshake Secret +depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECP_C ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"df4a291baa1eb7cfa6934b29b474baad2697e29f1f920dcc77c8a0a088447624":"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a" SSL TLS 1.3 Key schedule: Secret evolution #3 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Handshake secret to Master Secret +depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECP_C ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a":"":"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d" SSL TLS 1.3 Key schedule: HKDF Expand Label #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Server handshake traffic secret -> Server traffic key # HKDF-Expand-Label(server_handshake_secret, "key", "", 16) +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_key:"":16:"844780a7acad9f980fa25c114e43402a" SSL TLS 1.3 Key schedule: HKDF Expand Label #2 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Server handshake traffic secret -> Server traffic IV # HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_iv:"":12:"4c042ddc120a38d1417fc815" SSL TLS 1.3 Key schedule: HKDF Expand Label #3 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Client handshake traffic secret -> Client traffic key # HKDF-Expand-Label(client_handshake_secret, "key", "", 16) +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39" SSL TLS 1.3 Key schedule: HKDF Expand Label #4 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Client handshake traffic secret -> Client traffic IV # HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_iv:"":12:"71abc2cae4c699d47c600268" SSL TLS 1.3 Key schedule: HKDF Expand Label #5 (RFC 8448) # Vector from RFC 8448 # Server handshake traffic secret -> Server traffic IV # HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_iv:"":12:"5d313eb2671276ee13000b30" SSL TLS 1.3 Key schedule: HKDF Expand Label #6 (RFC 8448) # Vector from RFC 8448 # Server handshake traffic secret -> Server traffic Key # HKDF-Expand-Label(server_handshake_secret, "key", "", 16) +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc" SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448) # Vector from RFC 8448 # Client handshake traffic secret -> Client traffic IV # HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_iv:"":12:"5bd3c71b836e0b76bb73265f" SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448) # Vector from RFC 8448 # Client handshake traffic secret -> Client traffic Key # HKDF-Expand-Label(client_handshake_secret, "key", "", 16) +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01" SSL TLS 1.3 Key schedule: HKDF Expand Label #9 (RFC 8448) # Calculation of finished_key +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":tls1_3_label_finished:"":32:"5ace394c26980d581243f627d1150ae27e37fa52364e0a7f20ac686d09cd0e8e" SSL TLS 1.3 Key schedule: HKDF Expand Label #10 (RFC 8448) # Calculation of resumption key +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"7df235f2031d2a051287d02b0241b0bfdaf86cc856231f2d5aba46c434ec196c":tls1_3_label_resumption:"0000":32:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3" SSL TLS 1.3 Key schedule: Traffic key generation #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV} +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268" SSL TLS 1.3 Key schedule: Traffic key generation #2 (RFC 8448) # Vector RFC 8448 # Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV} +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268" SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "") @@ -10485,44 +9821,54 @@ SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "") # Derive-Secret( Early-Secret, "derived", "") # Tests the case where context isn't yet hashed (empty string here, # but still needs to be hashed) +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls1_3_label_derived:"":32:MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba" SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Derive-Secret( MasterSecret, "s ap traffic", hash) # Tests the case where context is already hashed +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls1_3_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5" SSL TLS 1.3 Key schedule: Derive-Secret( ., "c e traffic", hash) # Vector from RFC 8448 +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62" SSL TLS 1.3 Key schedule: Derive-Secret( ., "e exp master", hash) # Vector from RFC 8448 +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df" SSL TLS 1.3 Key schedule: Derive-Secret( ., "c hs traffic", hash) # Vector from RFC 8448 +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f" SSL TLS 1.3 Key schedule: Derive-Secret( ., "s hs traffic", hash) # Vector from RFC 8448 +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803" SSL TLS 1.3 Key schedule: Derive-Secret( ., "c ap traffic", hash) # Vector from RFC 8448 +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1" SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #2 # Vector from RFC 8448 +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691" SSL TLS 1.3 Key schedule: Derive-Secret( ., "exp master", hash) # Vector from RFC 8448 +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4" SSL TLS 1.3 Key schedule: Derive-Secret( ., "res master", hash) # Vector from RFC 8448 +depends_on:MBEDTLS_SHA256_C ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406" SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE @@ -10685,9 +10031,11 @@ Constant-flow memcpy from offset: large ssl_cf_memcpy_offset:100:339:48 Raw key agreement: nominal +depends_on:MBEDTLS_SHA256_C raw_key_agreement_fail:0 Raw key agreement: bad server key +depends_on:MBEDTLS_SHA256_C raw_key_agreement_fail:1 Cookie parsing: nominal run diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a1e660f28b..0da0b15a1e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -133,7 +133,7 @@ void mbedtls_test_buffer_init( mbedtls_test_buffer *buf ) int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity ) { buf->buffer = (unsigned char*) mbedtls_calloc( capacity, - sizeof(unsigned char) ); + sizeof( unsigned char ) ); if( NULL == buf->buffer ) return MBEDTLS_ERR_SSL_ALLOC_FAILED; buf->capacity = capacity; @@ -283,7 +283,7 @@ typedef struct mbedtls_test_message_queue int mbedtls_test_message_queue_setup( mbedtls_test_message_queue *queue, size_t capacity ) { - queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof(size_t) ); + queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof( size_t ) ); if( NULL == queue->messages ) return MBEDTLS_ERR_SSL_ALLOC_FAILED; @@ -457,7 +457,7 @@ int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1, int ret = -1; peer1->output = - (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) ); + (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof( mbedtls_test_buffer ) ); if( peer1->output == NULL ) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; @@ -470,7 +470,7 @@ int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1, } peer2->output = - (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) ); + (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof( mbedtls_test_buffer) ); if( peer2->output == NULL ) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; @@ -725,7 +725,7 @@ int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len ) return msg_len; } -#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ defined(MBEDTLS_ENTROPY_C) && \ defined(MBEDTLS_CTR_DRBG_C) @@ -734,9 +734,9 @@ int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len ) */ typedef struct mbedtls_endpoint_certificate { - mbedtls_x509_crt ca_cert; - mbedtls_x509_crt cert; - mbedtls_pk_context pkey; + mbedtls_x509_crt* ca_cert; + mbedtls_x509_crt* cert; + mbedtls_pk_context* pkey; } mbedtls_endpoint_certificate; /* @@ -753,6 +753,42 @@ typedef struct mbedtls_endpoint mbedtls_endpoint_certificate cert; } mbedtls_endpoint; +/* + * Deinitializes certificates from endpoint represented by \p ep. + */ +void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep ) +{ + mbedtls_endpoint_certificate *cert = &( ep->cert ); + if( cert != NULL ) + { + if( cert->ca_cert != NULL ) + { + mbedtls_x509_crt_free( cert->ca_cert ); + mbedtls_free( cert->ca_cert ); + cert->ca_cert = NULL; + } + if( cert->cert != NULL ) + { + mbedtls_x509_crt_free( cert->cert ); + mbedtls_free( cert->cert ); + cert->cert = NULL; + } + if( cert->pkey != NULL ) + { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( mbedtls_pk_get_type( cert->pkey ) == MBEDTLS_PK_OPAQUE ) + { + mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx; + psa_destroy_key( *key_slot ); + } +#endif + mbedtls_pk_free( cert->pkey ); + mbedtls_free( cert->pkey ); + cert->pkey = NULL; + } + } +} + /* * Initializes \p ep_cert structure and assigns it to endpoint * represented by \p ep. @@ -763,7 +799,7 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg ) { int i = 0; int ret = -1; - mbedtls_endpoint_certificate *cert; + mbedtls_endpoint_certificate *cert = NULL; if( ep == NULL ) { @@ -771,15 +807,19 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg ) } cert = &( ep->cert ); - mbedtls_x509_crt_init( &( cert->ca_cert ) ); - mbedtls_x509_crt_init( &( cert->cert ) ); - mbedtls_pk_init( &( cert->pkey ) ); + ASSERT_ALLOC( cert->ca_cert, 1 ); + ASSERT_ALLOC( cert->cert, 1 ); + ASSERT_ALLOC( cert->pkey, 1 ); + + mbedtls_x509_crt_init( cert->ca_cert ); + mbedtls_x509_crt_init( cert->cert ); + mbedtls_pk_init( cert->pkey ); /* Load the trusted CA */ for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ ) { - ret = mbedtls_x509_crt_parse_der( &( cert->ca_cert ), + ret = mbedtls_x509_crt_parse_der( cert->ca_cert, (const unsigned char *) mbedtls_test_cas_der[i], mbedtls_test_cas_der_len[i] ); TEST_ASSERT( ret == 0 ); @@ -791,24 +831,24 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg ) { if( pk_alg == MBEDTLS_PK_RSA ) { - ret = mbedtls_x509_crt_parse( &( cert->cert ), + ret = mbedtls_x509_crt_parse( cert->cert, (const unsigned char*) mbedtls_test_srv_crt_rsa_sha256_der, mbedtls_test_srv_crt_rsa_sha256_der_len ); TEST_ASSERT( ret == 0 ); - ret = mbedtls_pk_parse_key( &( cert->pkey ), + ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char*) mbedtls_test_srv_key_rsa_der, mbedtls_test_srv_key_rsa_der_len, NULL, 0 ); TEST_ASSERT( ret == 0 ); } else { - ret = mbedtls_x509_crt_parse( &( cert->cert ), + ret = mbedtls_x509_crt_parse( cert->cert, (const unsigned char*) mbedtls_test_srv_crt_ec_der, mbedtls_test_srv_crt_ec_der_len ); TEST_ASSERT( ret == 0 ); - ret = mbedtls_pk_parse_key( &( cert->pkey ), + ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char*) mbedtls_test_srv_key_ec_der, mbedtls_test_srv_key_ec_der_len, NULL, 0 ); TEST_ASSERT( ret == 0 ); @@ -818,42 +858,40 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg ) { if( pk_alg == MBEDTLS_PK_RSA ) { - ret = mbedtls_x509_crt_parse( &( cert->cert ), + ret = mbedtls_x509_crt_parse( cert->cert, (const unsigned char *) mbedtls_test_cli_crt_rsa_der, mbedtls_test_cli_crt_rsa_der_len ); TEST_ASSERT( ret == 0 ); - ret = mbedtls_pk_parse_key( &( cert->pkey ), + ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_cli_key_rsa_der, mbedtls_test_cli_key_rsa_der_len, NULL, 0 ); TEST_ASSERT( ret == 0 ); } else { - ret = mbedtls_x509_crt_parse( &( cert->cert ), + ret = mbedtls_x509_crt_parse( cert->cert, (const unsigned char *) mbedtls_test_cli_crt_ec_der, mbedtls_test_cli_crt_ec_len ); TEST_ASSERT( ret == 0 ); - ret = mbedtls_pk_parse_key( &( cert->pkey ), + ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_cli_key_ec_der, mbedtls_test_cli_key_ec_der_len, NULL, 0 ); TEST_ASSERT( ret == 0 ); } } - mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL ); + mbedtls_ssl_conf_ca_chain( &( ep->conf ), cert->ca_cert, NULL ); - ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ), - &( cert->pkey ) ); + ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), cert->cert, + cert->pkey ); TEST_ASSERT( ret == 0 ); exit: if( ret != 0 ) { - mbedtls_x509_crt_free( &( cert->ca_cert ) ); - mbedtls_x509_crt_free( &( cert->cert ) ); - mbedtls_pk_free( &( cert->pkey ) ); + mbedtls_endpoint_certificate_free( ep ); } return ret; @@ -959,17 +997,6 @@ exit: return ret; } -/* - * Deinitializes certificates from endpoint represented by \p ep. - */ -void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep ) -{ - mbedtls_endpoint_certificate *cert = &( ep->cert ); - mbedtls_x509_crt_free( &( cert->ca_cert ) ); - mbedtls_x509_crt_free( &( cert->cert ) ); - mbedtls_pk_free( &( cert->pkey ) ); -} - /* * Deinitializes endpoint represented by \p ep. */ @@ -1041,7 +1068,7 @@ int mbedtls_move_handshake_to_state( mbedtls_ssl_context *ssl, return ( max_steps >= 0 ) ? ret : -1; } -#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ /* * Write application data. Increase write counter if necessary. @@ -1462,7 +1489,7 @@ static int ssl_populate_session( mbedtls_ssl_session *session, memset( session->id, 66, session->id_len ); memset( session->master, 17, sizeof( session->master ) ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_FS_IO) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO) if( strlen( crt_file ) != 0 ) { mbedtls_x509_crt tmp_crt; @@ -1500,9 +1527,9 @@ static int ssl_populate_session( mbedtls_ssl_session *session, mbedtls_x509_crt_free( &tmp_crt ); } -#else /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */ +#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ (void) crt_file; -#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ session->verify_result = 0xdeadbeef; #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) @@ -1685,7 +1712,7 @@ int exchange_data( mbedtls_ssl_context *ssl_1, ssl_2, 256, 1 ); } -#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ defined(MBEDTLS_ENTROPY_C) && \ defined(MBEDTLS_CTR_DRBG_C) void perform_handshake( handshake_test_options* options ) @@ -1709,6 +1736,10 @@ void perform_handshake( handshake_test_options* options ) #endif int expected_handshake_result = 0; + USE_PSA_INIT( ); + mbedtls_platform_zeroize( &client, sizeof( client ) ); + mbedtls_platform_zeroize( &server, sizeof( server ) ); + mbedtls_test_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; mbedtls_message_socket_init( &server_context ); @@ -2061,7 +2092,7 @@ exit: mbedtls_free( context_buf ); #endif } -#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ /* END_HEADER */ @@ -2078,7 +2109,7 @@ void test_callback_buffer_sanity() unsigned char input[MSGLEN]; unsigned char output[MSGLEN]; - memset( input, 0, sizeof(input) ); + memset( input, 0, sizeof( input ) ); /* Make sure calling put and get on NULL buffer results in error. */ TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) ) @@ -3166,7 +3197,7 @@ void ssl_dtls_replay( data_t * prevs, data_t * new, int ret ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ void ssl_set_hostname_twice( char *hostname0, char *hostname1 ) { mbedtls_ssl_context ssl; @@ -3714,7 +3745,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST TEST_ASSERT( lbl != NULL ); /* Check sanity of test parameters. */ - TEST_ASSERT( (size_t) desired_length <= sizeof(dst) ); + TEST_ASSERT( (size_t) desired_length <= sizeof( dst ) ); TEST_ASSERT( (size_t) desired_length == expected->len ); TEST_ASSERT( mbedtls_ssl_tls1_3_hkdf_expand_label( @@ -3800,7 +3831,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST TEST_ASSERT( lbl != NULL ); /* Check sanity of test parameters. */ - TEST_ASSERT( (size_t) desired_length <= sizeof(dst) ); + TEST_ASSERT( (size_t) desired_length <= sizeof( dst ) ); TEST_ASSERT( (size_t) desired_length == expected->len ); TEST_ASSERT( mbedtls_ssl_tls1_3_derive_secret( @@ -3904,7 +3935,7 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file ) TEST_ASSERT( memcmp( original.master, restored.master, sizeof( original.master ) ) == 0 ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) TEST_ASSERT( ( original.peer_cert == NULL ) == ( restored.peer_cert == NULL ) ); @@ -3930,7 +3961,7 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file ) original.peer_cert_digest_len ) == 0 ); } #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ TEST_ASSERT( original.verify_result == restored.verify_result ); #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) @@ -4155,7 +4186,7 @@ void ssl_session_serialize_version_check( int corrupt_major, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ void mbedtls_endpoint_sanity( int endpoint_type ) { enum { BUFFSIZE = 1024 }; @@ -4178,13 +4209,16 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */ void move_handshake_to_state(int endpoint_type, int state, int need_pass) { enum { BUFFSIZE = 1024 }; mbedtls_endpoint base_ep, second_ep; int ret = -1; + mbedtls_platform_zeroize( &base_ep, sizeof( base_ep ) ); + mbedtls_platform_zeroize( &second_ep, sizeof( second_ep ) ); + ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL ); TEST_ASSERT( ret == 0 ); @@ -4220,7 +4254,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */ void handshake_version( int dtls, int client_min_version, int client_max_version, int server_min_version, int server_max_version, int expected_negotiated_version ) @@ -4251,7 +4285,7 @@ void handshake_version( int dtls, int client_min_version, int client_max_version } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls ) { handshake_test_options options; @@ -4269,7 +4303,7 @@ void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ void handshake_cipher( char* cipher, int pk_alg, int dtls ) { test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls ); @@ -4279,7 +4313,7 @@ void handshake_cipher( char* cipher, int pk_alg, int dtls ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ void app_data( int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments, int dtls ) @@ -4300,7 +4334,7 @@ void app_data( int mfl, int cli_msg_len, int srv_msg_len, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */ void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments ) @@ -4312,7 +4346,7 @@ void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments ) @@ -4324,7 +4358,7 @@ void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ void handshake_serialization( ) { handshake_test_options options; @@ -4338,7 +4372,7 @@ void handshake_serialization( ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation) { handshake_test_options options; @@ -4374,7 +4408,7 @@ void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int ex } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ void renegotiation( int legacy_renegotiation ) { handshake_test_options options; @@ -4390,7 +4424,7 @@ void renegotiation( int legacy_renegotiation ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation, int serialize, int dtls, char *cipher ) { @@ -4411,7 +4445,7 @@ void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ void resize_buffers_serialize_mfl( int mfl ) { test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, @@ -4422,7 +4456,7 @@ void resize_buffers_serialize_mfl( int mfl ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */ void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation, char *cipher ) { @@ -4560,7 +4594,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */ void raw_key_agreement_fail( int bad_server_ecdhe_key ) { enum { BUFFSIZE = 17000 }; @@ -4571,6 +4605,8 @@ void raw_key_agreement_fail( int bad_server_ecdhe_key ) mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP256R1, MBEDTLS_ECP_DP_NONE }; USE_PSA_INIT( ); + mbedtls_platform_zeroize( &client, sizeof( client ) ); + mbedtls_platform_zeroize( &server, sizeof( server ) ); /* Client side, force SECP256R1 to make one key bitflip fail * the raw key agreement. Flipping the first byte makes the diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 6ae39ff6bc..2f08e5b5ba 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -96,7 +96,11 @@ x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial n X509 CRT information EC, SHA256 Digest, hardware module name SAN depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C -x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n" +x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n" + +X509 CRT information EC, SHA256 Digest, binary hardware module name SAN +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +x509_cert_info:"data_files/server5-nonprintable_othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nissued on \: 2022-09-06 15\:56\:47\nexpires on \: 2032-09-03 15\:56\:47\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\n" X509 CRT information EC, SHA256 Digest, Wisun Fan device depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C @@ -120,7 +124,7 @@ x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nseri X509 CRT information, Multiple different Subject Alt Name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C -x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n dNSName \: example.net\n dNSName \: *.example.org\n" +x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n dNSName \: example.net\n dNSName \: *.example.org\n" X509 CRT information, Subject Alt Name + Key Usage depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C @@ -184,7 +188,11 @@ x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial X509 SAN parsing otherName depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C -x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\n" +x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n" + +X509 SAN parsing binary otherName +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +x509_parse_san:"data_files/server5-nonprintable_othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n" X509 SAN parsing dNSName depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C @@ -192,7 +200,7 @@ x509_parse_san:"data_files/cert_example_multi.crt":"type \: 2\ndNSName \: exampl X509 SAN parsing Multiple different types depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C -x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n" +x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n" X509 SAN parsing, no subject alt name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 5828c3bc73..ba5c860dd4 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -243,36 +243,30 @@ int verify_parse_san( mbedtls_x509_subject_alternative_name *san, switch( san->type ) { - case( MBEDTLS_X509_SAN_OTHER_NAME ): - ret = mbedtls_snprintf( p, n, "\notherName :"); - MBEDTLS_X509_SAFE_SNPRINTF; + case( MBEDTLS_X509_SAN_OTHER_NAME ): + ret = mbedtls_snprintf( p, n, "\notherName :"); + MBEDTLS_X509_SAFE_SNPRINTF; - if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, - &san->san.other_name.value.hardware_module_name.oid ) != 0 ) - { - ret = mbedtls_snprintf( p, n, " hardware module name :" ); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, " hardware type : " ); - MBEDTLS_X509_SAFE_SNPRINTF; + if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, + &san->san.other_name.value.hardware_module_name.oid ) != 0 ) + { + ret = mbedtls_snprintf( p, n, " hardware module name :" ); + MBEDTLS_X509_SAFE_SNPRINTF; + ret = mbedtls_snprintf( p, n, " hardware type : " ); + MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_oid_get_numeric_string( p, n, - &san->san.other_name.value.hardware_module_name.oid ); - MBEDTLS_X509_SAFE_SNPRINTF; + ret = mbedtls_oid_get_numeric_string( p, n, + &san->san.other_name.value.hardware_module_name.oid ); + MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, ", hardware serial number : " ); - MBEDTLS_X509_SAFE_SNPRINTF; + ret = mbedtls_snprintf( p, n, ", hardware serial number : " ); + MBEDTLS_X509_SAFE_SNPRINTF; - if( san->san.other_name.value.hardware_module_name.val.len >= n ) - { - *p = '\0'; - return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); - } - - for( i=0; i < san->san.other_name.value.hardware_module_name.val.len; i++ ) - { - *p++ = san->san.other_name.value.hardware_module_name.val.p[i]; - } - n -= san->san.other_name.value.hardware_module_name.val.len; + for( i = 0; i < san->san.other_name.value.hardware_module_name.val.len; i++ ) + { + ret = mbedtls_snprintf( p, n, "%02X", san->san.other_name.value.hardware_module_name.val.p[i] ); + MBEDTLS_X509_SAFE_SNPRINTF; + } } break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */ case( MBEDTLS_X509_SAN_DNS_NAME ): diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 1c1cf30334..aa8b3cd263 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -1,54 +1,58 @@ Certificate Request check Server1 SHA1 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0:0 Certificate Request check Server1 SHA224 depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0:0 Certificate Request check Server1 SHA256 depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0:0:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0:0:0:0 Certificate Request check Server1 SHA384 depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0:0:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0:0:0:0 Certificate Request check Server1 SHA512 depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0:0:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0:0:0:0 Certificate Request check Server1 MD4 depends_on:MBEDTLS_MD4_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0:0:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0:0:0:0 Certificate Request check Server1 MD5 depends_on:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0:0:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0:0:0:0 Certificate Request check Server1 key_usage depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0 Certificate Request check Server1 key_usage empty depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage_empty":MBEDTLS_MD_SHA1:0:1:0:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage_empty":MBEDTLS_MD_SHA1:0:1:0:0:0 Certificate Request check Server1 ns_cert_type depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0 Certificate Request check Server1 ns_cert_type empty depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type_empty":MBEDTLS_MD_SHA1:0:0:0:1 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type_empty":MBEDTLS_MD_SHA1:0:0:0:1:0 Certificate Request check Server1 key_usage + ns_cert_type depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0 Certificate Request check Server5 ECDSA, key_usage depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED -x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0 +x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0:0 + +Certificate Request check Server1, set_extension +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256.ext":MBEDTLS_MD_SHA256:0:0:0:0:1 Certificate Request check opaque Server5 ECDSA, key_usage depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 12c8f399ad..b27a252183 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -5,6 +5,7 @@ #include "mbedtls/pem.h" #include "mbedtls/oid.h" #include "mbedtls/rsa.h" +#include "mbedtls/asn1write.h" #if defined(MBEDTLS_RSA_C) int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen, @@ -68,6 +69,56 @@ cleanup: } #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */ +#if defined(MBEDTLS_X509_CSR_WRITE_C) + +/* + * The size of this temporary buffer is given by the sequence of functions + * called hereinafter: + * - mbedtls_asn1_write_oid() + * - 8 bytes for MBEDTLS_OID_EXTENDED_KEY_USAGE raw value + * - 1 byte for MBEDTLS_OID_EXTENDED_KEY_USAGE length + * - 1 byte for MBEDTLS_ASN1_OID tag + * - mbedtls_asn1_write_len() + * - 1 byte since we're dealing with sizes which are less than 0x80 + * - mbedtls_asn1_write_tag() + * - 1 byte + * + * This length is fine as long as this function is called using the + * MBEDTLS_OID_SERVER_AUTH OID. If this is changed in the future, then this + * buffer's length should be adjusted accordingly. + * Unfortunately there's no predefined max size for OIDs which can be used + * to set an overall upper boundary which is always guaranteed. + */ +#define EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH 12 + +static int csr_set_extended_key_usage( mbedtls_x509write_csr *ctx, + const char *oid, size_t oid_len ) +{ + unsigned char buf[EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH] = { 0 }; + unsigned char *p = buf + sizeof( buf ); + int ret; + size_t len = 0; + + /* + * Following functions fail anyway if the temporary buffer is not large, + * but we set an extra check here to emphasize a possible source of errors + */ + if ( oid_len > EXT_KEY_USAGE_TMP_BUF_MAX_LENGTH ) + { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } + + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( &p, buf, oid, oid_len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, buf, ret ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + + ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_EXTENDED_KEY_USAGE, + MBEDTLS_OID_SIZE( MBEDTLS_OID_EXTENDED_KEY_USAGE ), p, len ); + + return ret; +} +#endif /* MBEDTLS_X509_CSR_WRITE_C */ /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -78,7 +129,7 @@ cleanup: /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, int key_usage, int set_key_usage, int cert_type, - int set_cert_type ) + int set_cert_type, int set_extension ) { mbedtls_pk_context key; mbedtls_x509write_csr req; @@ -105,6 +156,9 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 ); if( set_cert_type != 0 ) TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); + if ( set_extension != 0 ) + TEST_ASSERT( csr_set_extended_key_usage( &req, MBEDTLS_OID_SERVER_AUTH, + MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH ) ) == 0 ); ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ), mbedtls_test_rnd_pseudo_rand, &rnd_info );